[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] branch master updated (422f18ebe -> 97f0e8cf8)
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] branch master updated (422f18ebe -> 97f0e8cf8) |
|
Date: |
Wed, 23 May 2018 12:23:55 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a change to branch master
in repository gnurl.
from 422f18ebe also disable ares (even though the option does not actually
work)
new 920f73a69 FTP: fix typo in recursive callback detection for seeking
new a85705753 SECURITY-PROCESS: mention how we write/add advisories
new 634f72fed test1208: marked flaky
new a9a7b606c transfer: make HTTP without headers count correct body size
new 2b083dcc4 user-agent.d:: mention --proxy-header as well
new 7750b14be http2: fixes typo
new 39dc0bca5 RELEASE-NOTES: toward 7.60.0
new 236402fc2 cleanup: misc typos in strings and comments
new f5700ea88 rate-limit: use three second window to better handle high
speeds
new 9434194be examples/hiperfifo.c: improved
new 2404aa080 pause: when changing pause state, update socket state
new 7f9ce0851 multi: improved pending transfers handling => improved
performance
new 9572831b0 curl_version_info.3: fix ssl_version description
new 6baeb6df3 CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
new fb4f568b1 add_handle/easy_perform: clear errorbuffer on start if set
new d95f3dc0b resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES
new f982e49f0 ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix
CURLOPT_DNS_SHUFFLE_ADDRESSES
new b7b2809a2 darwinssl: fix iOS build
new d22e5e02a cmake: add support for brotli
new bb790ca3a RELEASE-NOTES: synced
new ea233e5b4 parsedate: support UT timezone
new 712c916d9 examples/hiperfifo: checksrc compliance
new d7f0d2b82 vauth/ntlm.h: fix the #ifdef header guard
new f623ad65e lib/curl_path.h: add #ifdef header guard
new c1366571b vauth/cleartext: fix integer overflow check
new 27d7e511d CURLINFO_COOKIELIST.3: made the example not leak memory
new d92a9bd4e cookie.d: mention that "-" as filename means stdin
new cf7b009f5 TODO: expand ~/ in config files
new 3ff09ce77 CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text
new db122fddf CI: add lgtm.yml for tweaking lgtm.com analysis
new db1b2c7fe http2: read pending frames (including GOAWAY) in
connection-check
new 6231a89aa timeval: remove compilation warning by casting (#2417)
new 66e93802e cmake: avoid warn-as-error during config checks (#2411)
new 22e56194e travis-ci: enable -Werror for CMake builds (#2418)
new b6e484dc3 openldap: fix for NULL return from ldap_get_attribute_ber()
new 67636222f threaded resolver: track resolver time and set suitable
timeout values
new a26d11b8e gitignore: ignore more generated files
new 9645f18f2 runtests.pl: fix warning 'use of uninitialized value'
new d267dd2c1 travis: enable apt retry on fail
new 2bd8e684a TODO: connection cache sharing is now supporte
new bea18c7f3 cmake: Add advapi32 as explicit link library for win32
new cbc0f131c docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
new 28faaacee test1148: set a fixed locale for the test
new 4073cd83b cookies: when reading from a file, only remove_expired once
new c990eadd1 cookie: store cookies per top-level-domain-specific hash
table
new 7c90c93c0 openssl: fix build with LibreSSL 2.7
new 256b80fe8 openssl: provide defines for argument typecasts to build
warning-free
new 82dfdac5f cookie: fix and optimize 2nd top level domain name extraction
new 746479adc cookie: case-insensitive hashing for the domains
new 336b6a32c tls: fix mbedTLS 2.7.0 build + handle sha256 failures
new 2536e2450 Revert "openssl: Don't add verify locations when
verifypeer==0"
new 695e96b3d file: restore old behavior for file:////foo/bar URLs
new 5f3938bc4 FTP: allow PASV on IPv6 connections when a proxy is being
used
new a65a75e9b build-openssl.bat: allow custom paths for VS and perl
new 858502652 winbuild: make the clean target work without build-type
new 222de37f9 build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
new 67bd4ab19 RELEASE-NOTES: synced
new dd03e8c28 hash: calculate sizes with size_t instead of longs
new 464a019cb tool_operate: Fix retry on FTP 4xx to ignore other protocols
new 4e884615d configure: detect sa_family_t
new a19fefb07 build: add picky compiler warning flags for gcc 6 and 7
new 8020a0c62 curl_setup: provide a CURL_SA_FAMILY_T type if none exists
new 817d1c010 examples/sftpuploadresmue: Fix Windows large file seek
new dc1b6c5a0 build: cleanup to fix clang warnings/errors
new 778235ce2 test1136: fix cookie order after commit c990eadd1277
new 73070e824 winbuild: updated the documentation
new 75f517f96 winbuild: fix URL
new 0f31647cf lib: silence null-dereference warnings
new 0b87c9632 travis: use trusty for coverage build
new ac6c86732 travis: bump to clang 6 and gcc 7
new 249a7c9da travis: build libpsl and make builds use it
new 85eea2fb3 proxy: show getenv proxy use in verbose output
new 462d8378e mailmap: add a monnerat fixup [ci skip]
new 2b126cd70 duphandle: make sure CURLOPT_RESOLVE is duplicated fine too
new 94400f32e all: Refactor malloc+memset to use calloc
new 9b96e0bb4 checksrc: Fix typo
new 631f64cf4 system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
new 36f0f4788 vauth: Fix typo
new 78611c745 ssh: show libSSH2 error code when closing fails
new 6cbe96975 test1148: tolerate progress updates better
new 627bd7da7 urldata: make service names unconditional
new 2d4c2152c configure: keep LD_LIBRARY_PATH changes local
new bc4b8c971 ntlm_sspi: fix authentication using Credential Manager
new e35b0256e schannel: add client certificate authentication
new 3872d8310 README.md: add backers and sponsors
new 792165945 winbuild: Support custom devel paths for each dependency
new ba48863e5 RELEASE-NOTES: synced
new 24e835587 docs: fix typos
new 4d660fdcb schannel: fix warning
new 899630021 schannel: add support for CURLOPT_CAINFO
new 6d3c9c8ab http2: handle on_begin_headers() called more than once
new 5c8521851 detect_proxy: only show proxy use if it had contents
new 8fb78f9dd ftplistparser: keep state between invokes
new a3f385393 openssl: Add support for OpenSSL 1.1.1 verbose-mode trace
messages
new b0a50227c openssl: fix subjectAltName check on non-ASCII platforms
new 1514c4465 http2: avoid strstr() on data not zero terminated
new 7645c6bd5 http2: clear the "drain counter" when a stream is closed
new d122df597 http2: handle GOAWAY properly
new 0f7271667 tool_help: clarify --max-time unit of time is seconds
new 10b195d3b Revert "ftplistparser: keep state between invokes"
new ab988caef schannel: fix build error on targets <= XP
new f0819f99a CURLOPT_SSLCERT.3: improve WinSSL-specific usage info
new a39593d28 curl.1: clarify that options and URLs can be mixed
new 0a3589ccd http2: convert an assert to run-time check
new d0394de15 curl_global_sslset: always provide available backends
new 5e5725a47 RELEASE-NOTES: synced
new 98a768f0a ftplistparser: renamed some members and variables
new abbc8457d ftplistparser: keep state between invokes
new a7df35ce2 Curl_memchr: zero length input can't match
new 5c39ccd83 Revert "ftplistparser: keep state between invokes"
new 300f40eb9 examples/sftpuploadresume: typecast fseek argument to long
new 1778135a9 examples/http2-upload: expand buffer to avoid silly warning
new e6c22368c ftplistparser: keep state between invokes
new dd7521bcc ctype: restore character classification for non-ASCII
platforms
new ba67f7d65 mime: avoid NULL pointer dereference risk
new 3c630f9b0 strcpy_url: only %-encode values >= 0x80
new 732d09383 cookies: ensure that we have cookies before writing jar
new d25f0a42e os400.c: fix ASSIGNWITHINCONDITION checksrc warnings
new 84358e4c6 RELEASE-NOTES: synced
new 521dbfc6e configure: provide --with-wolfssl as an alias for
--with-cyassl
new 3b41839e2 cyassl: adapt to libraries without TLS 1.0 support built-in
new 2ef1662e4 http2: get rid of another strstr()
new 1d71ce845 http2: fix null pointer dereference in http2_connisdead
new 2f13e3d23 checksrc: force indentation of lines after an else
new 85437697d cookies: remove unused macro
new f84139fd0 CURLINFO_PROTOCOL.3: mention the existing defined names
new c39ed8052 tests: provide 'manual' as a feature to optionally require
new 0cbfff989 TODO: CLOEXEC
new e085ea95e TODO: Support the clienthello extension
new 223506fd5 travis: enable libssh2 on both macos and Linux
new 822ef4c45 KNOWN_BUGS: Connection information when using TCP Fast Open
new 44936865d KNOWN_BUGS: --upload-file . hang if delay in STDIN
new 72be6abb5 KNOWN_BUGS: Passive transfer tries only one IP address
new f022c91df KNOWN_BUGS: Client cert with Issuer DN differs between
backends
new 97f63f512 CURLOPT_URL.3: add ENCODING section [ci skip]
new b2e59a886 wolfssl: Fix non-blocking connect
new d5d683a97 TODO: remove configure --disable-pthreads
new 1621aed9b vtls: don't define MD5_DIGEST_LENGTH for wolfssl
new d29c455d8 Revert "TODO: remove configure --disable-pthreads"
new 03319b990 RELEASE-NOTES: synced
new 0be4679ba docs: remove extraneous commas in man pages
new 7f41432c1 URL: fix ASCII dependency in strcpy_url and strlen_url
new 1156fdd01 ssh-libssh.c: fix left shift compiler warning
new 082bb4131 configure: only check for CA bundle for file-using SSL
backends
new 277d3cdc0 travis: add an mbedtls build
new e9d9d1af8 http: don't set the "rewind" flag when not uploading anything
new 7663a7c28 configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
new f8d608f38 transfer: don't unset writesockfd on setup of multiplexed
conns
new e66cca046 vtls: use unified "supports" bitfield member in backends
new babd55e25 vtls: fix missing commas
new 3ed3db5c0 github/lock: auto-lock closed issues after 90 days of
inactivity
new e953475de URLs: fix one more http url
new b692d6650 RELEASE-NOTES: synced
new d63bada57 RELEASE-NOTES: typo
new 3c42fb8d4 travis: add a build using WolfSSL
new 18cbbb702 openssl: change FILE ops to BIO ops
new c3d7db4ec travis: add build using NSS
new fe6b78b42 setup_transfer: deal with both sockets being -1
new 9cacc2463 smb: reject negative file sizes
new 1b55d270a cookies: do not take cookie name as a parameter
new 8c7b3737d http: restore buffer pointer when bad response-line is parsed
new 583b42cb3 pingpong: fix response cache memcpy overflow
new 7d6e01441 http2: getsock fix for uploads
new 4062bc4d3 contributors.sh: use "on github", not at
new eb49683e5 lib: Fix format specifiers
new df3647c9c tests: Fix format specifiers
new b9446d18e ntlm: Fix format specifiers
new 4c735b57f tool: Fix format specifiers
new 13505dcb5 examples: Fix format specifiers
new 07b982654 CODE_STYLE: mention return w/o parens, but sizeof with
new a5aa2bdf3 http2: use the correct function pointer typedef
new c0f704dba gcc: disable picky gcc-8 function pointer warnings in two
places
new d6dd322d7 http2: use easy handle of stream for logging
new 005554570 http2: remove unused variable
new f38220259 docs/libcurl/index.html: removed
new a1269b596 THANKS: added people from the curl 7.60.0 release
new cb0138303 RELEASE-NOTES: 7.60.0 release
new 97f0e8cf8 Merge tag 'curl-7_60_0' (with fixes)
The 178 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.github/lock.yml | 8 +
.lgtm.yml | 10 +
.mailmap | 2 +
.travis.yml | 154 ++++--
CMake/FindBrotli.cmake | 20 +
CMakeLists.txt | 34 +-
README.md | 27 +
RELEASE-NOTES | 388 +++++++++------
acinclude.m4 | 0
configure.ac | 499 ++-----------------
docs/CHECKSRC.md | 2 +-
docs/CODE_STYLE.md | 84 ++--
docs/INSTALL.cmake | 2 +-
docs/KNOWN_BUGS | 37 ++
docs/SECURITY-PROCESS.md | 29 +-
docs/THANKS | 38 +-
docs/THANKS-filter | 1 +
docs/TODO | 45 +-
docs/cmdline-opts/cacert.d | 5 +
docs/cmdline-opts/cert.d | 11 +
docs/cmdline-opts/cookie.d | 3 +-
docs/cmdline-opts/ftp-port.d | 6 +-
docs/cmdline-opts/haproxy-protocol.d | 11 +
docs/cmdline-opts/interface.d | 2 +-
docs/cmdline-opts/max-time.d | 2 +-
docs/cmdline-opts/page-footer | 6 +-
docs/cmdline-opts/page-header | 8 +-
docs/cmdline-opts/proxy-cert-type.d | 2 +-
docs/cmdline-opts/proxytunnel.d | 2 +-
docs/cmdline-opts/range.d | 2 +-
docs/cmdline-opts/user-agent.d | 4 +-
docs/examples/.gitignore | 16 +-
docs/examples/curlx.c | 2 +-
docs/examples/debug.c | 6 +-
docs/examples/evhiperfifo.c | 1 -
docs/examples/fopen.c | 4 +-
docs/examples/getinmemory.c | 2 +-
docs/examples/hiperfifo.c | 145 +++---
docs/examples/http2-download.c | 6 +-
docs/examples/http2-serverpush.c | 12 +-
docs/examples/http2-upload.c | 10 +-
docs/examples/multi-debugcallback.c | 6 +-
docs/examples/sessioninfo.c | 2 +-
docs/examples/sftpuploadresume.c | 8 +-
docs/examples/shared-connection-cache.c | 2 +-
docs/libcurl/Makefile.am | 4 +-
docs/libcurl/gnurl_easy_cleanup.3 | 2 +-
docs/libcurl/gnurl_easy_perform.3 | 2 +-
docs/libcurl/gnurl_easy_setopt.3 | 12 +-
docs/libcurl/gnurl_formadd.3 | 2 +-
docs/libcurl/gnurl_global_init.3 | 2 +-
docs/libcurl/gnurl_global_sslset.3 | 9 +-
docs/libcurl/gnurl_mime_addpart.3 | 2 +-
docs/libcurl/gnurl_mime_data.3 | 2 +-
docs/libcurl/gnurl_mime_data_cb.3 | 4 +-
docs/libcurl/gnurl_mime_encoder.3 | 2 +-
docs/libcurl/gnurl_mime_filedata.3 | 4 +-
docs/libcurl/gnurl_mime_filename.3 | 2 +-
docs/libcurl/gnurl_mime_free.3 | 2 +-
docs/libcurl/gnurl_mime_headers.3 | 2 +-
docs/libcurl/gnurl_mime_init.3 | 2 +-
docs/libcurl/gnurl_mime_name.3 | 2 +-
docs/libcurl/gnurl_mime_subparts.3 | 2 +-
docs/libcurl/gnurl_mime_type.3 | 4 +-
docs/libcurl/gnurl_share_cleanup.3 | 2 +-
docs/libcurl/gnurl_share_setopt.3 | 2 +-
docs/libcurl/gnurl_version_info.3 | 7 +-
docs/libcurl/index.html | 71 ---
docs/libcurl/libgnurl-env.3 | 2 +-
docs/libcurl/libgnurl-security.3 | 2 +-
docs/libcurl/libgnurl-tutorial.3 | 20 +-
.../opts/GNURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3 | 4 +-
.../opts/GNURLINFO_CONTENT_LENGTH_UPLOAD_T.3 | 4 +-
docs/libcurl/opts/GNURLINFO_COOKIELIST.3 | 9 +-
docs/libcurl/opts/GNURLINFO_FILETIME_T.3 | 2 +-
docs/libcurl/opts/GNURLINFO_PROTOCOL.3 | 17 +-
.../opts/GNURLINFO_PROXY_SSL_VERIFYRESULT.3 | 2 +-
docs/libcurl/opts/GNURLINFO_SCHEME.3 | 2 +-
docs/libcurl/opts/GNURLINFO_SIZE_DOWNLOAD_T.3 | 4 +-
docs/libcurl/opts/GNURLINFO_SIZE_UPLOAD_T.3 | 4 +-
docs/libcurl/opts/GNURLINFO_SPEED_DOWNLOAD_T.3 | 4 +-
docs/libcurl/opts/GNURLINFO_SPEED_UPLOAD_T.3 | 4 +-
docs/libcurl/opts/GNURLINFO_SSL_VERIFYRESULT.3 | 8 +-
docs/libcurl/opts/GNURLOPT_ABSTRACT_UNIX_SOCKET.3 | 2 +-
docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3 | 2 +-
docs/libcurl/opts/GNURLOPT_CAINFO.3 | 5 +
docs/libcurl/opts/GNURLOPT_CONNECT_TO.3 | 4 +-
docs/libcurl/opts/GNURLOPT_CUSTOMREQUEST.3 | 2 +-
docs/libcurl/opts/GNURLOPT_DNS_SHUFFLE_ADDRESSES.3 | 69 +++
docs/libcurl/opts/GNURLOPT_ERRORBUFFER.3 | 12 +-
docs/libcurl/opts/GNURLOPT_EXPECT_100_TIMEOUT_MS.3 | 2 +-
docs/libcurl/opts/GNURLOPT_FAILONERROR.3 | 2 +-
docs/libcurl/opts/GNURLOPT_FOLLOWLOCATION.3 | 4 +-
.../opts/GNURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 | 2 +-
...SSL_ENABLE_NPN.3 => GNURLOPT_HAPROXYPROTOCOL.3} | 30 +-
docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_HEADEROPT.3 | 2 +-
docs/libcurl/opts/GNURLOPT_HTTPAUTH.3 | 2 +-
docs/libcurl/opts/GNURLOPT_HTTPGET.3 | 2 +-
docs/libcurl/opts/GNURLOPT_HTTPPROXYTUNNEL.3 | 4 +-
docs/libcurl/opts/GNURLOPT_HTTP_VERSION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_IOCTLFUNCTION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_KEEP_SENDING_ON_ERROR.3 | 2 +-
docs/libcurl/opts/GNURLOPT_MIMEPOST.3 | 2 +-
docs/libcurl/opts/GNURLOPT_NETRC.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PATH_AS_IS.3 | 2 +-
docs/libcurl/opts/GNURLOPT_POST.3 | 4 +-
docs/libcurl/opts/GNURLOPT_POSTFIELDS.3 | 2 +-
docs/libcurl/opts/GNURLOPT_POSTREDIR.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PRE_PROXY.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_CAINFO.3 | 6 +-
docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3 | 4 +-
docs/libcurl/opts/GNURLOPT_PROXY_CRLFILE.3 | 4 +-
docs/libcurl/opts/GNURLOPT_PROXY_KEYPASSWD.3 | 4 +-
docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSLCERT.3 | 4 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSLCERTTYPE.3 | 4 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSLKEY.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSLKEYTYPE.3 | 4 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSLVERSION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSL_CIPHER_LIST.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSL_OPTIONS.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYHOST.3 | 8 +-
docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYPEER.3 | 2 +-
.../libcurl/opts/GNURLOPT_PROXY_TLSAUTH_PASSWORD.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_TYPE.3 | 2 +-
.../libcurl/opts/GNURLOPT_PROXY_TLSAUTH_USERNAME.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PROXY_TRANSFER_MODE.3 | 2 +-
docs/libcurl/opts/GNURLOPT_PUT.3 | 2 +-
docs/libcurl/opts/GNURLOPT_QUOTE.3 | 2 +-
docs/libcurl/opts/GNURLOPT_REQUEST_TARGET.3 | 2 +-
docs/libcurl/opts/GNURLOPT_RESOLVER_START_DATA.3 | 2 +-
.../opts/GNURLOPT_RESOLVER_START_FUNCTION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_RTSP_CLIENT_CSEQ.3 | 2 +-
docs/libcurl/opts/GNURLOPT_RTSP_REQUEST.3 | 8 +-
docs/libcurl/opts/GNURLOPT_SEEKFUNCTION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_SOCKS5_AUTH.3 | 2 +-
docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_SSLCERT.3 | 11 +
docs/libcurl/opts/GNURLOPT_SSL_CTX_DATA.3 | 4 +-
docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3 | 2 +-
docs/libcurl/opts/GNURLOPT_STREAM_DEPENDS_E.3 | 2 +-
docs/libcurl/opts/GNURLOPT_STREAM_WEIGHT.3 | 2 +-
.../opts/GNURLOPT_SUPPRESS_CONNECT_HEADERS.3 | 2 +-
docs/libcurl/opts/GNURLOPT_TIMEVALUE_LARGE.3 | 2 +-
docs/libcurl/opts/GNURLOPT_UNIX_SOCKET_PATH.3 | 2 +-
docs/libcurl/opts/GNURLOPT_UPLOAD.3 | 2 +-
docs/libcurl/opts/GNURLOPT_URL.3 | 14 +-
docs/libcurl/opts/Makefile.inc | 2 +
docs/libcurl/symbols-in-versions | 2 +
include/gnurl/curl.h | 6 +
include/gnurl/curlver.h | 6 +-
include/gnurl/system.h | 4 +-
lib/Makefile.inc | 4 +-
lib/asyn-thread.c | 67 +--
lib/checksrc.pl | 16 +-
lib/content_encoding.c | 3 +-
lib/cookie.c | 271 ++++++----
lib/cookie.h | 8 +-
lib/curl_addrinfo.c | 4 +-
lib/curl_config.h.cmake | 3 +
lib/curl_ctype.c | 11 +
lib/curl_ctype.h | 33 ++
lib/curl_memrchr.c | 19 +-
lib/curl_ntlm_core.c | 15 +-
lib/curl_path.h | 5 +-
lib/curl_sasl.c | 14 +-
lib/curl_setup.h | 14 +
lib/easy.c | 11 +
lib/fileinfo.c | 7 +-
lib/fileinfo.h | 5 +-
lib/ftp.c | 88 ++--
lib/ftp.h | 4 +-
lib/ftplistparser.c | 28 +-
lib/hash.c | 6 +-
lib/hostcheck.c | 2 +-
lib/hostip.c | 74 ++-
lib/hostip.h | 13 +-
lib/http.c | 64 ++-
lib/http.h | 10 +-
lib/http2.c | 125 +++--
lib/http_chunks.c | 15 +-
lib/http_negotiate.c | 2 +-
lib/http_ntlm.c | 14 +-
lib/http_proxy.c | 4 +-
lib/md5.c | 7 +-
lib/mime.c | 9 +-
lib/multi.c | 92 ++--
lib/multiif.h | 5 +-
lib/nwlib.c | 4 +-
lib/openldap.c | 23 +-
lib/parsedate.c | 1 +
lib/pingpong.c | 5 +-
lib/progress.c | 74 +--
lib/progress.h | 1 +
lib/rtsp.c | 3 +-
lib/setopt.c | 36 +-
lib/smb.c | 14 +-
lib/ssh-libssh.c | 3 +-
lib/ssh.c | 79 ++-
lib/strtoofft.c | 2 -
lib/telnet.c | 3 +-
lib/tftp.c | 4 +-
lib/timeval.c | 4 +-
lib/transfer.c | 53 +-
lib/url.c | 93 ++--
lib/urldata.h | 42 +-
lib/vauth/cleartext.c | 14 +-
lib/vauth/krb5_sspi.c | 10 +-
lib/vauth/ntlm.c | 12 +-
lib/vauth/ntlm.h | 8 +-
lib/vauth/ntlm_sspi.c | 20 +-
lib/vauth/spnego_sspi.c | 10 +-
lib/vauth/vauth.c | 6 +-
lib/vauth/vauth.h | 2 +
lib/version.c | 4 +-
lib/vtls/axtls.c | 10 +-
lib/vtls/cyassl.c | 19 +-
lib/vtls/darwinssl.c | 17 +-
lib/vtls/gskit.c | 10 +-
lib/vtls/gtls.c | 22 +-
lib/vtls/mbedtls.c | 21 +-
lib/vtls/nss.c | 15 +-
lib/vtls/openssl.c | 228 +++++++--
lib/vtls/polarssl.c | 16 +-
lib/vtls/schannel.c | 374 ++++++--------
lib/vtls/schannel.h | 40 ++
lib/vtls/schannel_verify.c | 551 +++++++++++++++++++++
lib/vtls/vtls.c | 25 +-
lib/vtls/vtls.h | 21 +-
lib/warnless.h | 7 +-
lib/wildcard.c | 20 +-
lib/wildcard.h | 8 +-
m4/curl-compilers.m4 | 28 +-
m4/curl-confopts.m4 | 3 +
m4/curl-functions.m4 | 18 +-
packages/DOS/README | 2 +-
packages/OS400/curl.inc.in | 4 +
packages/OS400/os400sys.c | 150 +++---
projects/build-openssl.bat | 110 ++--
projects/build-wolfssl.bat | 22 +-
scripts/contributors.sh | 3 +-
src/tool_cb_dbg.c | 4 +-
src/tool_cfgable.h | 1 +
src/tool_doswin.c | 11 +-
src/tool_doswin.h | 1 +
src/tool_formparse.c | 3 +-
src/tool_getparam.c | 4 +
src/tool_help.c | 4 +-
src/tool_metalink.c | 9 +-
src/tool_operate.c | 94 ++--
src/tool_urlglob.c | 2 +-
tests/FILEFORMAT | 8 +-
tests/certs/Makefile.am | 29 +-
tests/certs/Server-localhost-firstSAN-sv.crl | 13 +
tests/certs/Server-localhost-firstSAN-sv.crt | 80 +++
tests/certs/Server-localhost-firstSAN-sv.csr | 11 +
tests/certs/Server-localhost-firstSAN-sv.der | Bin 0 -> 862 bytes
...ost-sv.dhp => Server-localhost-firstSAN-sv.dhp} | 0
tests/certs/Server-localhost-firstSAN-sv.key | 15 +
tests/certs/Server-localhost-firstSAN-sv.pem | 120 +++++
...ost-sv.prm => Server-localhost-firstSAN-sv.prm} | 4 +-
tests/certs/Server-localhost-firstSAN-sv.pub.der | Bin 0 -> 162 bytes
tests/certs/Server-localhost-firstSAN-sv.pub.pem | 6 +
tests/certs/Server-localhost-lastSAN-sv.crl | 14 +
tests/certs/Server-localhost-lastSAN-sv.crt | 80 +++
tests/certs/Server-localhost-lastSAN-sv.csr | 11 +
tests/certs/Server-localhost-lastSAN-sv.der | Bin 0 -> 862 bytes
...host-sv.dhp => Server-localhost-lastSAN-sv.dhp} | 0
tests/certs/Server-localhost-lastSAN-sv.key | 15 +
tests/certs/Server-localhost-lastSAN-sv.pem | 120 +++++
...host-sv.prm => Server-localhost-lastSAN-sv.prm} | 4 +-
tests/certs/Server-localhost-lastSAN-sv.pub.der | Bin 0 -> 162 bytes
tests/certs/Server-localhost-lastSAN-sv.pub.pem | 6 +
tests/data/Makefile.inc | 11 +-
tests/data/test1026 | 3 +
tests/data/test1108 | 2 +-
tests/data/test1136 | 2 +-
tests/data/test1148 | 11 +-
tests/data/{test1161 => test1155} | 12 +-
tests/data/test1164 | 52 ++
tests/data/test1208 | 1 +
tests/data/test1209 | 2 +-
tests/data/{test1322 => test1455} | 17 +-
tests/data/{test240 => test1456} | 9 +-
tests/data/test155 | 4 +-
tests/data/{test1303 => test1608} | 6 +-
tests/data/test2072 | 20 +-
tests/data/{test310 => test3000} | 14 +-
tests/data/{test310 => test3001} | 14 +-
tests/data/test46 | 28 +-
tests/libtest/.gitignore | 2 +-
tests/libtest/lib1502.c | 12 +-
tests/libtest/lib1509.c | 2 +-
tests/libtest/lib1535.c | 2 +-
tests/libtest/lib1536.c | 2 +-
tests/libtest/lib517.c | 1 +
tests/libtest/lib552.c | 4 +-
tests/libtest/stub_gssapi.c | 2 +-
tests/libtest/testtrace.c | 6 +-
tests/runtests.pl | 20 +-
tests/server/fake_ntlm.c | 2 +-
tests/server/sockfilt.c | 8 +-
tests/testcurl.pl | 2 +-
tests/unit/Makefile.inc | 6 +-
tests/unit/unit1309.c | 29 +-
tests/unit/unit1395.c | 4 +-
tests/unit/{unit1605.c => unit1608.c} | 49 +-
winbuild/BUILD.WINDOWS.txt | 72 +--
winbuild/Makefile.vc | 48 +-
winbuild/MakefileBuild.vc | 175 ++++---
312 files changed, 4486 insertions(+), 2403 deletions(-)
create mode 100644 .github/lock.yml
create mode 100644 .lgtm.yml
create mode 100644 CMake/FindBrotli.cmake
mode change 100755 => 100644 acinclude.m4
create mode 100644 docs/cmdline-opts/haproxy-protocol.d
delete mode 100644 docs/libcurl/index.html
create mode 100644 docs/libcurl/opts/GNURLOPT_DNS_SHUFFLE_ADDRESSES.3
copy docs/libcurl/opts/{GNURLOPT_SSL_ENABLE_NPN.3 =>
GNURLOPT_HAPROXYPROTOCOL.3} (64%)
create mode 100644 lib/vtls/schannel_verify.c
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.crl
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.crt
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.csr
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.der
copy tests/certs/{Server-localhost-sv.dhp => Server-localhost-firstSAN-sv.dhp}
(100%)
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.key
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.pem
copy tests/certs/{Server-localhost-sv.prm => Server-localhost-firstSAN-sv.prm}
(86%)
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.pub.der
create mode 100644 tests/certs/Server-localhost-firstSAN-sv.pub.pem
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.crl
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.crt
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.csr
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.der
copy tests/certs/{Server-localhost-sv.dhp => Server-localhost-lastSAN-sv.dhp}
(100%)
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.key
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.pem
copy tests/certs/{Server-localhost-sv.prm => Server-localhost-lastSAN-sv.prm}
(86%)
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.pub.der
create mode 100644 tests/certs/Server-localhost-lastSAN-sv.pub.pem
copy tests/data/{test1161 => test1155} (71%)
create mode 100644 tests/data/test1164
copy tests/data/{test1322 => test1455} (69%)
copy tests/data/{test240 => test1456} (78%)
copy tests/data/{test1303 => test1608} (76%)
copy tests/data/{test310 => test3000} (81%)
copy tests/data/{test310 => test3001} (81%)
copy tests/unit/{unit1605.c => unit1608.c} (57%)
diff --git a/.github/lock.yml b/.github/lock.yml
new file mode 100644
index 000000000..66e79128e
--- /dev/null
+++ b/.github/lock.yml
@@ -0,0 +1,8 @@
+# Configuration for lock-threads - https://github.com/dessant/lock-threads
+
+# Number of days of inactivity before a closed issue or pull request is locked
+daysUntilLock: 90
+# Comment to post before locking. Set to `false` to disable
+lockComment: false
+# Limit to only `issues` or `pulls`
+# only: issues
diff --git a/.lgtm.yml b/.lgtm.yml
new file mode 100644
index 000000000..bb6945f0f
--- /dev/null
+++ b/.lgtm.yml
@@ -0,0 +1,10 @@
+extraction:
+ cpp:
+ prepare:
+ packages: # to avoid confusion with libopenafs-dev which also provides a
des.h
+ - libssl-dev
+ after_prepare: # make sure lgtm.com doesn't use CMake (which generates and
runs tests)
+ - rm -f CMakeLists.txt
+ - ./buildconf
+ configure: # enable as many optional features as possible
+ command: ./configure --enable-ares --with-libssh2 --with-gssapi
--with-librtmp --with-libmetalink --with-libmetalink
diff --git a/.mailmap b/.mailmap
index 0e173c059..47859fb38 100644
--- a/.mailmap
+++ b/.mailmap
@@ -18,6 +18,7 @@ Sergei Nikulov <address@hidden> <address@hidden>
Patrick Monnerat <address@hidden> <address@hidden>
Patrick Monnerat <address@hidden> <address@hidden>
Patrick Monnerat <address@hidden> <address@hidden>
+Patrick Monnerat <address@hidden> <address@hidden>
Nick Zitzmann <address@hidden><address@hidden>
Peter Wu <address@hidden> <peter_at_lekensteyn.nl>
David Woodhouse <address@hidden> <address@hidden>
@@ -40,3 +41,4 @@ Dan Fandrich <address@hidden>
Henrik S. Gaßmann <address@hidden>
Jiří Malák <address@hidden>
Nick Zitzmann <address@hidden>
+Kees Dekker <address@hidden>
diff --git a/.travis.yml b/.travis.yml
index 373db6925..6952f704f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,32 +1,48 @@
language: c
sudo: required
+cache:
+ directories:
+ - $HOME/libpsl-0.20.1
+ - $HOME/mbedtls-mbedtls-2.8.0
+ - $HOME/libidn2-2.0.4
+ - $HOME/wolfssl-3.14.0-stable
+
+env:
+ global:
+ - LD_LIBRARY_PATH=/usr/local/lib
+
addons:
apt:
+ config:
+ retries: true
sources:
- ubuntu-toolchain-r-test
- - llvm-toolchain-precise-3.9
+ - llvm-toolchain-trusty-6.0
packages:
- cmake
- - gcc-6
+ - gcc-7
- lcov
- - clang-3.9
+ - clang-6.0
- valgrind
- libev-dev
- libc-ares-dev
- - g++-6
- - libstdc++-6-dev
+ - g++-7
+ - libstdc++-7-dev
- stunnel4
- libidn2-0-dev
- libssh2-1-dev
- libssh-dev
- krb5-user
+ - autopoint # for libpsl that needs autoreconf that uses gettext
that needs it
+ - libunistring-dev # for libidn2 neeed by libpsl
+ - libnss3-dev
matrix:
include:
- os: linux
compiler: gcc
dist: trusty
- env: T=normal C="--with-gssapi"
+ env: T=normal C="--with-gssapi --with-libssh2"
- os: linux
compiler: gcc
dist: trusty
@@ -46,18 +62,30 @@ matrix:
- os: linux
compiler: gcc
dist: trusty
- env: T=novalgrind BORINGSSL=yes -C="--with-ssl=$HOME/boringssl"
LD_LIBRARY_PATH=/home/travis/boringssl/lib
+ env: T=novalgrind BORINGSSL=yes C="--with-ssl=$HOME/boringssl"
LD_LIBRARY_PATH=/home/travis/boringssl/lib:/usr/local/lib
+ - os: linux
+ compiler: gcc
+ dist: trusty
+ env: T=debug-wolfssl C="--with-wolfssl --without-ssl"
- os: linux
compiler: clang
dist: trusty
env: T=debug
- os: linux
+ compiler: clang
+ dist: trusty
+ env: T=debug C="--with-mbedtls --without-ssl"
+ - os: linux
+ compiler: clang
+ dist: trusty
+ env: T=debug C="--with-nss --without-ssl" NOTESTS=1
CPPFLAGS="-isystem /usr/include/nss"
+ - os: linux
compiler: gcc
dist: trusty
env: T=iconv
- os: osx
compiler: gcc
- env: T=debug
+ env: T=debug C=--with-libssh2
- os: osx
compiler: gcc
env: T=debug C=--enable-ares
@@ -83,7 +111,7 @@ matrix:
env: T=cmake
- os: linux
compiler: gcc
- dist: precise
+ dist: trusty
env: T=coverage
- os: linux
compiler: gcc
@@ -102,7 +130,7 @@ install:
- if [ $TRAVIS_OS_NAME = linux ]; then
curl -L
https://github.com/nghttp2/nghttp2/releases/download/v1.24.0/nghttp2-1.24.0.tar.gz
|
tar xzf - &&
- (cd nghttp2-1.24.0 && CXX="g++-6" ./configure --prefix=/usr
--disable-threads --enable-app && make && sudo make install);
+ (cd nghttp2-1.24.0 && CXX="g++-7" ./configure --prefix=/usr
--disable-threads --enable-app && make && sudo make install);
fi
before_script:
@@ -121,44 +149,108 @@ before_script:
sudo make install
)
fi
- if [ "$TRAVIS_OS_NAME" = linux -a "$BORINGSSL" ]; then
- (cd $HOME &&
- git clone --depth=1 https://boringssl.googlesource.com/boringssl &&
- cd boringssl &&
- mkdir build &&
- cd build &&
- cmake -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 .. &&
- make &&
- cd .. &&
- mkdir lib &&
- cd lib &&
- ln -s ../build/crypto/libcrypto.so . &&
- ln -s ../build/ssl/libssl.so . &&
- echo "BoringSSL lib dir: "`pwd` &&
- export LIBS=-lpthread )
- fi
+ - |
+ if [ "$TRAVIS_OS_NAME" = linux -a "$BORINGSSL" ]; then
+ (cd $HOME &&
+ git clone --depth=1 https://boringssl.googlesource.com/boringssl &&
+ cd boringssl &&
+ mkdir build &&
+ cd build &&
+ cmake -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 .. &&
+ make &&
+ cd .. &&
+ mkdir lib &&
+ cd lib &&
+ ln -s ../build/crypto/libcrypto.so . &&
+ ln -s ../build/ssl/libssl.so . &&
+ echo "BoringSSL lib dir: "`pwd` &&
+ export LIBS=-lpthread )
+ fi
+ - |
+ if [ $TRAVIS_OS_NAME = linux ]; then
+ if [ ! -e $HOME/libidn2-2.0.4/Makefile ]; then
+ (cd $HOME && \
+ curl -LO https://ftp.gnu.org/gnu/libidn/libidn2-2.0.4.tar.gz && \
+ tar -xzf libidn2-2.0.4.tar.gz && \
+ cd libidn2-2.0.4 && \
+ ./configure && \
+ make)
+ fi
+ fi
+ - |
+ if [ $TRAVIS_OS_NAME = linux ]; then
+ if [ ! -e $HOME/libpsl-0.20.1/Makefile ]; then
+ (cd $HOME && \
+ curl -LO
https://github.com/rockdaboot/libpsl/releases/download/libpsl-0.20.1/libpsl-0.20.1.tar.gz
&& \
+ tar -xzf libpsl-0.20.1.tar.gz && \
+ cd libpsl-0.20.1 && \
+ autoreconf -i && \
+ ./configure && \
+ make)
+ fi
+ fi
+ - |
+ if [ $TRAVIS_OS_NAME = linux ]; then
+ if [ ! -e $HOME/mbedtls-mbedtls-2.8.0/library/libmbedtls.a ]; then
+ (cd $HOME && \
+ curl -LO
https://github.com/ARMmbed/mbedtls/archive/mbedtls-2.8.0.tar.gz && \
+ tar -xzf mbedtls-2.8.0.tar.gz && \
+ cd mbedtls-mbedtls-2.8.0 && \
+ cmake . -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_C_FLAGS=-fPIC && \
+ make)
+ fi
+ fi
+ - |
+ if [ $TRAVIS_OS_NAME = linux ]; then
+ if [ ! -e $HOME/wolfssl-3.14.0-stable/Makefile ]; then
+ (cd $HOME && \
+ curl -LO
https://github.com/wolfSSL/wolfssl/archive/v3.14.0-stable.tar.gz && \
+ tar -xzf v3.14.0-stable.tar.gz && \
+ cd wolfssl-3.14.0-stable && \
+ ./autogen.sh && \
+ ./configure --enable-tls13 --enable-all && \
+ touch wolfssl/wolfcrypt/fips.h && \
+ make)
+ fi
+ fi
+ - |
+ if [ $TRAVIS_OS_NAME = linux ]; then
+ (cd $HOME/libidn2-2.0.4 && sudo make install)
+ (cd $HOME/libpsl-0.20.1 && sudo make install)
+ (cd $HOME/mbedtls-mbedtls-2.8.0 && sudo make install)
+ (cd $HOME/wolfssl-3.14.0-stable && sudo make install)
+ fi
script:
- |
# Uncomment this when `coverage` runs on Trusty.
# set -eo pipefail
if [ "$T" = "coverage" ]; then
- export CC="gcc-6"
+ export CC="gcc-7"
./configure --enable-debug --disable-shared --enable-code-coverage
make
make TFLAGS=-n test-nonflaky
tests="1 2 3 4 5 6 7 8 9 10 200 201 202 300 301 302 500 501 502
503 504 506 507 508 509 510 511 512 513 514 515 516 517 518 519 600 601 800 801
802 803 900 901 902 903 1000 1001 1002 1004 1302 1303 1304 1305 1306 1308 1400
1401 1402 1404 1450 1451 1452 1502 1507 1508 1600 1602 1603 1605"
make "TFLAGS=-n -e $tests" test-nonflaky
make "TFLAGS=-n -t $tests" test-nonflaky
- coveralls --gcov /usr/bin/gcov-6 --gcov-options '\-lp' -i src -e
lib -e tests -e docs -b $PWD/src
- coveralls --gcov /usr/bin/gcov-6 --gcov-options '\-lp' -e src -i
lib -e tests -e docs -b $PWD/lib
+ coveralls --gcov /usr/bin/gcov-7 --gcov-options '\-lp' -i src -e
lib -e tests -e docs -b $PWD/src
+ coveralls --gcov /usr/bin/gcov-7 --gcov-options '\-lp' -e src -i
lib -e tests -e docs -b $PWD/lib
fi
- |
set -eo pipefail
if [ "$T" = "debug" ]; then
./configure --enable-debug --enable-werror $C
make && make examples
- make TFLAGS=-n test-nonflaky
+ if [ -z $NOTESTS ]; then
+ make TFLAGS=-n test-nonflaky
+ fi
+ fi
+ - |
+ set -eo pipefail
+ if [ "$T" = "debug-wolfssl" ]; then
+ ./configure --enable-debug --enable-werror $C
+ make
+ make "TFLAGS=-n !311 !313" test-nonflaky
fi
- |
set -eo pipefail
@@ -187,7 +279,7 @@ script:
if [ "$T" = "cmake" ]; then
mkdir build
cd build
- cmake ..
+ cmake .. -DCURL_WERROR=ON
make
fi
- |
diff --git a/CMake/FindBrotli.cmake b/CMake/FindBrotli.cmake
new file mode 100644
index 000000000..351b8f757
--- /dev/null
+++ b/CMake/FindBrotli.cmake
@@ -0,0 +1,20 @@
+include(FindPackageHandleStandardArgs)
+
+find_path(BROTLI_INCLUDE_DIR "brotli/decode.h")
+
+find_library(BROTLICOMMON_LIBRARY NAMES brotlicommon)
+find_library(BROTLIDEC_LIBRARY NAMES brotlidec)
+
+find_package_handle_standard_args(BROTLI
+ FOUND_VAR
+ BROTLI_FOUND
+ REQUIRED_VARS
+ BROTLIDEC_LIBRARY
+ BROTLICOMMON_LIBRARY
+ BROTLI_INCLUDE_DIR
+ FAIL_MESSAGE
+ "Could NOT find BROTLI"
+)
+
+set(BROTLI_INCLUDE_DIRS ${BROTLI_INCLUDE_DIR})
+set(BROTLI_LIBRARIES ${BROTLICOMMON_LIBRARY} ${BROTLIDEC_LIBRARY})
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ddb429720..00ae46a7f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+# Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -232,16 +232,6 @@ if(BORLAND)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w-")
endif(BORLAND)
-if(CURL_WERROR)
- if(MSVC_VERSION)
- set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /WX")
- set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /WX")
- else()
- # this assumes clang or gcc style options
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
- endif()
-endif(CURL_WERROR)
-
# If we are on AIX, do the _ALL_SOURCE magic
if(${CMAKE_SYSTEM_NAME} MATCHES AIX)
set(_ALL_SOURCE 1)
@@ -295,6 +285,7 @@ check_function_exists(gethostname HAVE_GETHOSTNAME)
if(WIN32)
check_library_exists_concat("ws2_32" getch HAVE_LIBWS2_32)
check_library_exists_concat("winmm" getch HAVE_LIBWINMM)
+ list(APPEND CURL_LIBS "advapi32")
endif()
# check SSL libraries
@@ -521,6 +512,18 @@ if(CURL_ZLIB)
endif()
endif()
+option(CURL_BROTLI "Set to ON to enable building curl with brotli support."
OFF)
+set(HAVE_BROTLI OFF)
+if(CURL_BROTLI)
+ find_package(BROTLI QUIET)
+ if(BROTLI_FOUND)
+ set(HAVE_BROTLI ON)
+ list(APPEND CURL_LIBS ${BROTLI_LIBRARIES})
+ include_directories(${BROTLI_INCLUDE_DIRS})
+ list(APPEND CMAKE_REQUIRED_INCLUDES ${BROTLI_INCLUDE_DIRS})
+ endif()
+endif()
+
#libSSH2
option(CMAKE_USE_LIBSSH2 "Use libSSH2" ON)
mark_as_advanced(CMAKE_USE_LIBSSH2)
@@ -1115,6 +1118,15 @@ if(MSVC)
endif(CMAKE_C_FLAGS MATCHES "/W[0-4]")
endif(MSVC)
+if(CURL_WERROR)
+ if(MSVC_VERSION)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
+ else()
+ # this assumes clang or gcc style options
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")
+ endif()
+endif(CURL_WERROR)
+
# Ugly (but functional) way to include "Makefile.inc" by transforming it (=
regenerate it).
function(TRANSFORM_MAKEFILE_INC INPUT_FILE OUTPUT_FILE)
file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT)
diff --git a/README.md b/README.md
index 552cb5ffd..e4dab23a6 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@
[](https://scan.coverity.com/projects/curl)
[](https://travis-ci.org/curl/curl)
[](https://coveralls.io/github/curl/curl)
+[](#backers)
[](#sponsors)
Curl is a command-line tool for transferring data specified with URL
syntax. Find out how to use curl by reading [the curl.1 man
@@ -49,3 +50,29 @@ To download the very latest source from the Git server do
this:
Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga
Tekniska Högskolan. This notice is included here to comply with the
distribution terms.
+
+## Backers
+
+Thank you to all our backers! 🙏 [[Become a
backer](https://opencollective.com/curl#backer)]
+
+<a href="https://opencollective.com/curl#backers"; target="_blank"><img
src="https://opencollective.com/curl/backers.svg?width=890";></a>
+
+
+## Sponsors
+
+Support this project by becoming a sponsor. Your logo will show up here with a
+link to your website. [[Become a
+sponsor](https://opencollective.com/curl#sponsor)]
+
+<a href="https://opencollective.com/curl/sponsor/0/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/0/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/1/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/1/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/2/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/2/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/3/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/3/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/4/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/4/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/5/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/5/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/6/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/6/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/7/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/7/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/8/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/8/avatar.svg";></a>
+<a href="https://opencollective.com/curl/sponsor/9/website";
target="_blank"><img
src="https://opencollective.com/curl/sponsor/9/avatar.svg";></a>
+
+
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 6cbfe48e6..482d4f1ca 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,100 +1,130 @@
-Curl and libcurl 7.59.0
+Curl and libcurl 7.60.0
- Public curl releases: 173
- Command line options: 213
- curl_easy_setopt() options: 253
+ Public curl releases: 174
+ Command line options: 214
+ curl_easy_setopt() options: 255
Public functions in libcurl: 74
- Contributors: 1705
+ Contributors: 1741
This release includes the following changes:
- o curl: add --proxy-pinnedpubkey [10]
- o added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T [13]
- o CURLOPT_RESOLVE: Add support for multiple IP addresses per entry [37]
- o Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS [37]
- o Add new tool option --happy-eyeballs-timeout-ms [37]
- o Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA [39]
+ o Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol [10]
+ o Add --haproxy-protocol for the command line tool [10]
+ o Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses [12]
This release includes the following bugfixes:
- o openldap: check ldap_get_attribute_ber() results for NULL before using [50]
- o FTP: reject path components with control codes [51]
- o readwrite: make sure excess reads don't go beyond buffer end [52]
- o lib555: drop text conversion and encode data as ascii codes [1]
- o lib517: make variable static to avoid compiler warning
- o lib544: sync ascii code data with textual data [1]
- o GSKit: restore pinnedpubkey functionality [2]
- o darwinssl: Don't import client certificates into Keychain on macOS [3]
- o parsedate: fix date parsing for systems with 32 bit long [4]
- o openssl: fix pinned public key build error in FIPS mode [5]
- o SChannel/WinSSL: Implement public key pinning [6]
- o cookies: remove verbose "cookie size:" output
- o progress-bar: don't use stderr explicitly, use bar->out [7]
- o Fixes for MSDOS
- o build: open VC15 projects with VS 2017
- o curl_ctype: private is*() type macros and functions [8]
- o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9]
- o winbuild: make linker generate proper PDB [11]
- o curl_easy_reset: clear digest auth state [12]
- o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14]
- o range: commonize FTP and FILE range handling [15]
- o progress-bar docs: update to match implementation [16]
- o fnmatch: do not match the empty string with a character set
- o fnmatch: accept an alphanum to be followed by a non-alphanum in char set
[17]
- o build: fix termios issue on android cross-compile [18]
- o getdate: return -1 for out of range [19]
- o formdata: use the mime-content type function [20]
- o time-cond: fix reading the file modification time on Windows [21]
- o build-openssl.bat: Extend VC15 support to include Enterprise and
Professional
- o build-wolfssl.bat: Extend VC15 support to include Enterprise and
Professional
- o openssl: Don't add verify locations when verifypeer==0
- o fnmatch: optimize processing of consecutive *s and ?s pattern characters
[22]
- o schannel: fix compiler warnings [23]
- o content_encoding: Add "none" alias to "identity" [24]
- o get_posix_time: only check for overflows if they can happen
- o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
[25]
- o README: language fix [26]
- o sha256: build with OpenSSL < 0.9.8 [27]
- o smtp: fix processing of initial dot in data [28]
- o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29]
- o tests: new tests for http raw mode [30]
- o libcurl-security.3: man page discussion security concerns when using libcurl
- o curl_gssapi: make sure this file too uses our *printf()
- o BINDINGS: fix curb link (and remove ruby-curl-multi)
- o nss: use PK11_CreateManagedGenericObject() if available [31]
- o travis: add build with iconv enabled [32]
- o ssh: add two missing state names [33]
- o CURLOPT_HEADERFUNCTION.3: mention folded headers
- o http: fix the max header length detection logic [34]
- o header callback: don't chop headers into smaller pieces [35]
- o CURLOPT_HEADER.3: clarify problems with different data sizes
- o curl --version: show PSL if the run-time lib has it enabled
- o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36]
- o Return error if called recursively from within callbacks [38]
- o sasl: prefer PLAIN mechanism over LOGIN
- o winbuild: Use CALL to run batch scripts [40]
- o curl_share_setopt.3: connection cache is shared within multi handles
- o winbuild: Use macros for the names of some build utilities [41]
- o projects/README: remove reference to dead IDN link/package [42]
- o lib655: silence compiler warning [43]
- o configure: Fix version check for OpenSSL 1.1.1
- o docs/MANUAL: formfind.pl is not accessible on the site anymore [44]
- o unit1309: fix warning on Windows x64 [45]
- o unit1307: proper cleanup on OOM to fix torture tests
- o curl_ctype: fix macro redefinition warnings
- o build: get CFLAGS (including -werror) used for examples and tests [46]
- o NO_PROXY: fix for IPv6 numericals in the URL [47]
- o krb5: use nondeprecated functions [48]
- o winbuild: prefer documented zlib library names [49]
- o http2: mark the connection for close on GOAWAY [53]
- o limit-rate: kick in even before "limit" data has been received [54]
- o HTTP: allow "header;" to replace an internal header with a blank one [55]
- o http2: verbose output new MAX_CONCURRENT_STREAMS values
- o SECURITY: distros' max embargo time is 14 days
- o curl tool: accept --compressed also if Brotli is enabled and zlib is not
- o WolfSSL: adding TLSv1.3 [56]
- o checksrc.pl: add -i and -m options
- o CURLOPT_COOKIEFILE.3: "-" as file name means stdin
+ o FTP: shutdown response buffer overflow CVE-2018-1000300 [88]
+ o RTSP: bad headers buffer over-read CVE-2018-1000301 [89]
+ o FTP: fix typo in recursive callback detection for seeking [1]
+ o test1208: marked flaky
+ o HTTP: make header-less responses still count correct body size [2]
+ o user-agent.d:: mention --proxy-header as well [3]
+ o http2: fixes typo [4]
+ o cleanup: misc typos in strings and comments [5]
+ o rate-limit: use three second window to better handle high speeds [6]
+ o examples/hiperfifo.c: improved
+ o pause: when changing pause state, update socket state [7]
+ o multi: improved pending transfers handling => improved performance [8]
+ o curl_version_info.3: fix ssl_version description [9]
+ o add_handle/easy_perform: clear errorbuffer on start if set [11]
+ o darwinssl: fix iOS build [13]
+ o cmake: add support for brotli [14]
+ o parsedate: support UT timezone [15]
+ o vauth/ntlm.h: fix the #ifdef header guard
+ o lib/curl_path.h: added #ifdef header guard
+ o vauth/cleartext: fix integer overflow check [16]
+ o CURLINFO_COOKIELIST.3: made the example not leak memory
+ o cookie.d: mention that "-" as filename means stdin [17]
+ o CURLINFO_SSL_VERIFYRESULT.3: fixed the example [18]
+ o http2: read pending frames (including GOAWAY) in connection-check [19]
+ o timeval: remove compilation warning by casting [20]
+ o cmake: avoid warn-as-error during config checks [21]
+ o travis-ci: enable -Werror for CMake builds [22]
+ o openldap: fix for NULL return from ldap_get_attribute_ber() [23]
+ o threaded resolver: track resolver time and set suitable timeout values [24]
+ o cmake: Add advapi32 as explicit link library for win32 [25]
+ o docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T [26]
+ o test1148: set a fixed locale for the test [27]
+ o cookies: when reading from a file, only remove_expired once [28]
+ o cookie: store cookies per top-level-domain-specific hash table [29]
+ o openssl: fix build with LibreSSL 2.7 [30]
+ o tls: fix mbedTLS 2.7.0 build + handle sha256 failures [31]
+ o openssl: RESTORED verify locations when verifypeer==0 [32]
+ o file: restore old behavior for file:////foo/bar URLs [33]
+ o FTP: allow PASV on IPv6 connections when a proxy is being used [34]
+ o build-openssl.bat: allow custom paths for VS and perl [35]
+ o winbuild: make the clean target work without build-type [36]
+ o build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 [37]
+ o curl: retry on FTP 4xx, ignore other protocols [38]
+ o configure: detect (and use) sa_family_t [39]
+ o examples/sftpuploadresume: Fix Windows large file seek
+ o build: cleanup to fix clang warnings/errors [40]
+ o winbuild: updated the documentation [41]
+ o lib: silence null-dereference warnings [42]
+ o travis: bump to clang 6 and gcc 7 [43]
+ o travis: build libpsl and make builds use it [44]
+ o proxy: show getenv proxy use in verbose output [45]
+ o duphandle: make sure CURLOPT_RESOLVE is duplicated [46]
+ o all: Refactor malloc+memset to use calloc [47]
+ o checksrc: Fix typo [48]
+ o system.h: Add sparcv8plus to oracle/sunpro 32-bit detection [49]
+ o vauth: Fix typo [50]
+ o ssh: show libSSH2 error code when closing fails [51]
+ o test1148: tolerate progress updates better [52]
+ o urldata: make service names unconditional [53]
+ o configure: keep LD_LIBRARY_PATH changes local [54]
+ o ntlm_sspi: fix authentication using Credential Manager [55]
+ o schannel: add client certificate authentication [56]
+ o winbuild: Support custom devel paths for each dependency [57]
+ o schannel: add support for CURLOPT_CAINFO [58]
+ o http2: handle on_begin_headers() called more than once [59]
+ o openssl: support OpenSSL 1.1.1 verbose-mode trace messages [60]
+ o openssl: fix subjectAltName check on non-ASCII platforms [61]
+ o http2: avoid strstr() on data not zero terminated [62]
+ o http2: clear the "drain counter" when a stream is closed [63]
+ o http2: handle GOAWAY properly [64]
+ o tool_help: clarify --max-time unit of time is seconds
+ o curl.1: clarify that options and URLs can be mixed [65]
+ o http2: convert an assert to run-time check [66]
+ o curl_global_sslset: always provide available backends [67]
+ o ftplistparser: keep state between invokes [68]
+ o Curl_memchr: zero length input can't match
+ o examples/sftpuploadresume: typecast fseek argument to long
+ o examples/http2-upload: expand buffer to avoid silly warning
+ o ctype: restore character classification for non-ASCII platforms [69]
+ o mime: avoid NULL pointer dereference risk [70]
+ o cookies: ensure that we have cookies before writing jar [71]
+ o os400.c: fix checksrc warnings [72]
+ o configure: provide --with-wolfssl as an alias for --with-cyassl
+ o cyassl: adapt to libraries without TLS 1.0 support built-in
+ o http2: get rid of another strstr [73]
+ o checksrc: force indentation of lines after an else [74]
+ o cookies: remove unused macro [75]
+ o CURLINFO_PROTOCOL.3: mention the existing defined names
+ o tests: provide 'manual' as a feature to optionally require [76]
+ o travis: enable libssh2 on both macos and Linux [77]
+ o CURLOPT_URL.3: added ENCODING section
+ o wolfssl: Fix non-blocking connect [78]
+ o vtls: don't define MD5_DIGEST_LENGTH for wolfssl
+ o docs: remove extraneous commas in man pages [79]
+ o URL: fix ASCII dependency in strcpy_url and strlen_url [80]
+ o ssh-libssh.c: fix left shift compiler warning
+ o configure: only check for CA bundle for file-using SSL backends [81]
+ o travis: add an mbedtls build [82]
+ o http: don't set the "rewind" flag when not uploading anything [83]
+ o configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h [84]
+ o transfer: don't unset writesockfd on setup of multiplexed conns [85]
+ o vtls: use unified "supports" bitfield member in backends [86]
+ o URLs: fix one more http url [87]
+ o travis: add a build using WolfSSL [90]
+ o openssl: change FILE ops to BIO ops [91]
+ o travis: add build using NSS [92]
+ o smb: reject negative file sizes [93]
+ o cookies: accept parameter names as cookie name [94]
+ o http2: getsock fix for uploads [95]
+ o all over: fixed format specifiers [96]
+ o http2: use the correct function pointer typedef [97]
This release includes the following known bugs:
@@ -103,76 +133,120 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Adam Marcionek, Alessandro Ghedini, Anders Bakken, Aron Bergman, Ben Greear,
- Björn Stenberg, Bruno Grasselli, Dair Grant, Dan Fandrich, Daniel Stenberg,
- Dario Weisser, Douglas Mencken, Duy Phan Thanh, Earnestly on github,
- Erik Johansson, Francisco Sedano, Gisle Vanem, Guido Berhoerster,
- Henry Roeland, Kamil Dudka, Klaus Stein, Łukasz Domeradzki, Marcel Raad,
- Martin Dreher, Max Dymond, Michael Kaufmann, Michał Janiszewski,
- Mohammad AlSaleh, Patrick Monnerat, Patrick Schlangen, Ray Satiro,
- Richard Alcock, Richard Moore, Rod Widdowson, Ruurd Beerstra,
- Sergii Kavunenko, Sergio Borghese, Somnath Kundu, steelman on github,
- Stefan Kanthak, Steve Holme, Tim Mcdonough, Travis Burtrum, Viktor Szakats,
- 刘佩东,
- (45 contributors)
+ Adam Brown, Alex Baines, Anders Bakken, Anders Roxell, anshnd on github,
+ Bas van Schaik, Bernard Spil, Chris Araman, Christian Schmitz, Cyril B,
+ Dagobert Michelsen, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg,
+ Dan McNulty, Dario Weisser, dasimx on github, David Garske, David L.,
+ Denis Ollier, Dmitry Mikhirev, Dongliang Mu, Don J Olmstead, Eric Gallager,
+ Ernst Sjöstrand, Frank Gevaerts, Gaurav Malhotra, Geeknik Labs, Howard Chu,
+ iz8mbw on github, Jakub Wilk, Jon DeVree, Kees Dekker, Kobi Gurkan,
+ Laurie Clark-Michalek, Lauri Kasanen, Lawrence Matthews, Luz Paz,
+ Marcel Raad, Max Dymond, Michael Kaufmann, Michael Kilburn,
+ Michał Janiszewski, Michal Trybus, Muz Dima, Nikos Tsipinakis, Ori Avtalion,
+ Oumph on github, patelvivekv1993 on github, Patrick Monnerat,
+ Philip Prindeville, Ray Satiro, Rick Deist, Rikard Falkeborn, Sergei Nikulov,
+ Stefan Agner, steini2000 on github, Stephan Mühlstrasser, Sunny Purushe,
+ Terry Wu, Vincas Razma, wncboy on github, Wyatt O'Day, 刘佩东,
+ (64 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
- [1] = https://curl.haxx.se/bug/?i=1872
- [2] = https://curl.haxx.se/bug/?i=2263
- [3] = https://curl.haxx.se/bug/?i=2085
- [4] = https://curl.haxx.se/bug/?i=2250
- [5] = https://curl.haxx.se/bug/?i=2258
- [6] = https://curl.haxx.se/bug/?i=1429
- [7] =
https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080
- [8] = https://curl.haxx.se/bug/?i=2269
- [9] = https://curl.haxx.se/bug/?i=2202
- [10] = https://curl.haxx.se/bug/?i=2268
- [11] = https://curl.haxx.se/bug/?i=2274
- [12] = https://curl.haxx.se/mail/lib-2018-01/0074.html
- [13] = https://curl.haxx.se/bug/?i=2238
- [14] = https://curl.haxx.se/bug/?i=2275
- [15] = https://curl.haxx.se/bug/?i=2205
- [16] = https://curl.haxx.se/bug/?i=2271
- [17] = https://curl.haxx.se/mail/lib-2018-01/0114.html
- [18] = https://curl.haxx.se/mail/lib-2018-01/0122.html
- [19] = https://curl.haxx.se/bug/?i=2278
- [20] = https://curl.haxx.se/bug/?i=2282
- [21] = https://curl.haxx.se/bug/?i=2164
- [22] = https://curl.haxx.se/bug/?i=2291
- [23] = https://curl.haxx.se/bug/?i=2296
- [24] = https://curl.haxx.se/bug/?i=2298
- [25] = https://curl.haxx.se/bug/?i=2303
- [26] = https://curl.haxx.se/bug/?i=2300
- [27] = https://curl.haxx.se/bug/?i=2305
- [28] = https://curl.haxx.se/bug/?i=2304
- [29] = https://bugzilla.redhat.com/1542256
- [30] = https://curl.haxx.se/bug/?i=2303
- [31] = https://bugzilla.redhat.com/1510247
- [32] = https://curl.haxx.se/bug/?i=1872
- [33] = https://curl.haxx.se/bug/?i=2312
- [34] = https://curl.haxx.se/mail/lib-2018-02/0056.html
- [35] = https://curl.haxx.se/bug/?i=2314
- [36] = https://curl.haxx.se/mail/lib-2018-02/0072.html
- [37] = https://curl.haxx.se/bug/?i=2260
- [38] = https://curl.haxx.se/bug/?i=2302
- [39] = https://curl.haxx.se/bug/?i=2311
- [40] = https://curl.haxx.se/bug/?i=2330
- [41] = https://curl.haxx.se/bug/?i=2329
- [42] = https://curl.haxx.se/bug/?i=2325
- [43] = https://curl.haxx.se/bug/?i=2335
- [44] = https://curl.haxx.se/bug/?i=2342
- [45] = https://curl.haxx.se/bug/?i=2341
- [46] = https://curl.haxx.se/bug/?i=2337
- [47] = https://curl.haxx.se/bug/?i=2353
- [48] = https://curl.haxx.se/bug/?i=2356
- [49] = https://curl.haxx.se/bug/?i=2354
- [50] = https://curl.haxx.se/docs/adv_2018-97a2.html
- [51] = https://curl.haxx.se/docs/adv_2018-9cd6.html
- [52] = https://curl.haxx.se/docs/adv_2018-b047.html
- [53] = https://curl.haxx.se/bug/?i=2365
- [54] = https://curl.haxx.se/bug/?i=2371
- [55] = https://curl.haxx.se/bug/?i=2357
- [56] = https://curl.haxx.se/bug/?i=2349
+ [1] = https://curl.haxx.se/bug/?i=2380
+ [2] = https://curl.haxx.se/bug/?i=2382
+ [3] = https://curl.haxx.se/bug/?i=2381
+ [4] = https://curl.haxx.se/bug/?i=2387
+ [5] = https://curl.haxx.se/bug/?i=2389
+ [6] = https://curl.haxx.se/bug/?i=2386
+ [7] = https://curl.haxx.se/mail/lib-2018-03/0048.html
+ [8] = https://curl.haxx.se/bug/?i=2369
+ [9] = https://curl.haxx.se/bug/?i=2364
+ [10] = https://curl.haxx.se/bug/?i=2162
+ [11] = https://curl.haxx.se/bug/?i=2190
+ [12] = https://curl.haxx.se/bug/?i=1694
+ [13] = https://curl.haxx.se/bug/?i=2397
+ [14] = https://curl.haxx.se/bug/?i=2392
+ [15] = https://curl.haxx.se/bug/?i=2401
+ [16] = https://curl.haxx.se/bug/?i=2408
+ [17] = https://curl.haxx.se/bug/?i=2410
+ [18] = https://curl.haxx.se/bug/?i=2400
+ [19] = https://curl.haxx.se/bug/?i=1967
+ [20] = https://curl.haxx.se/bug/?i=2358
+ [21] = https://curl.haxx.se/bug/?i=2358
+ [22] = https://curl.haxx.se/bug/?i=2418
+ [23] = https://curl.haxx.se/bug/?i=2399
+ [24] = https://curl.haxx.se/bug/?i=2419
+ [25] = https://curl.haxx.se/bug/?i=2363
+ [26] = https://curl.haxx.se/mail/lib-2018-03/0140.html
+ [27] = https://curl.haxx.se/bug/?i=2436
+ [28] = https://curl.haxx.se/bug/?i=2441
+ [29] = https://curl.haxx.se/bug/?i=2440
+ [30] = https://curl.haxx.se/bug/?i=2319
+ [31] = https://curl.haxx.se/bug/?i=2453
+ [32] = https://curl.haxx.se/bug/?i=2451
+ [33] = https://curl.haxx.se/bug/?i=2438
+ [34] = https://curl.haxx.se/bug/?i=2432
+ [35] = https://curl.haxx.se/bug/?i=2430
+ [36] = https://curl.haxx.se/bug/?i=2455
+ [37] = https://curl.haxx.se/bug/?i=2189
+ [38] = https://curl.haxx.se/bug/?i=2462
+ [39] = https://curl.haxx.se/bug/?i=2463
+ [40] = https://curl.haxx.se/bug/?i=2466
+ [41] = https://curl.haxx.se/bug/?i=2472
+ [42] = https://curl.haxx.se/bug/?i=2463
+ [43] = https://curl.haxx.se/bug/?i=2478
+ [44] = https://curl.haxx.se/bug/?i=2471
+ [45] = https://curl.haxx.se/bug/?i=2480
+ [46] = https://curl.haxx.se/bug/?i=2485
+ [47] = https://curl.haxx.se/bug/?i=2497
+ [48] = https://curl.haxx.se/bug/?i=2498
+ [49] = https://curl.haxx.se/bug/?i=2491
+ [50] = https://curl.haxx.se/bug/?i=2496
+ [51] = https://curl.haxx.se/bug/?i=2500
+ [52] = https://curl.haxx.se/bug/?i=2446
+ [53] = https://curl.haxx.se/bug/?i=2479
+ [54] = https://curl.haxx.se/bug/?i=2490
+ [55] = https://curl.haxx.se/bug/?i=1622
+ [56] = https://curl.haxx.se/bug/?i=2376
+ [57] = https://curl.haxx.se/bug/?i=2474
+ [58] = https://curl.haxx.se/bug/?i=1325
+ [59] = https://curl.haxx.se/bug/?i=2507
+ [60] = https://curl.haxx.se/bug/?i=2403
+ [61] = https://curl.haxx.se/bug/?i=2493
+ [62] = https://curl.haxx.se/bug/?i=2513
+ [63] = https://curl.haxx.se/bug/?i=1680
+ [64] = https://curl.haxx.se/bug/?i=2416
+ [65] = https://curl.haxx.se/bug/?i=2515
+ [66] = https://curl.haxx.se/bug/?i=2514
+ [67] = https://curl.haxx.se/bug/?i=2499
+ [68] = https://curl.haxx.se/bug/?i=2445
+ [69] = https://curl.haxx.se/bug/?i=2494
+ [70] = https://curl.haxx.se/bug/?i=2527
+ [71] = https://curl.haxx.se/bug/?i=2529
+ [72] = https://curl.haxx.se/bug/?i=2525
+ [73] = https://curl.haxx.se/bug/?i=2534
+ [74] = https://curl.haxx.se/bug/?i=2532
+ [75] = https://curl.haxx.se/bug/?i=2537
+ [76] = https://curl.haxx.se/bug/?i=2533
+ [77] = https://curl.haxx.se/bug/?i=2541
+ [78] = https://curl.haxx.se/bug/?i=2542
+ [79] = https://curl.haxx.se/bug/?i=2544
+ [80] = https://curl.haxx.se/bug/?i=2535
+ [81] = https://curl.haxx.se/bug/?i=2180
+ [82] = https://curl.haxx.se/bug/?i=2531
+ [83] = https://curl.haxx.se/bug/?i=2546
+ [84] = https://curl.haxx.se/bug/?i=2548
+ [85] = https://curl.haxx.se/bug/?i=2520
+ [86] = https://curl.haxx.se/bug/?i=2547
+ [87] = https://curl.haxx.se/bug/?i=2550
+ [88] = https://curl.haxx.se/docs/adv_2018-82c2.html
+ [89] = https://curl.haxx.se/docs/adv_2018-b138.html
+ [90] = https://curl.haxx.se/bug/?i=2528
+ [91] = https://curl.haxx.se/bug/?i=2512
+ [92] = https://curl.haxx.se/bug/?i=2558
+ [93] = https://curl.haxx.se/bug/?i=2558
+ [94] = https://curl.haxx.se/bug/?i=2564
+ [95] = https://curl.haxx.se/bug/?i=2520
+ [96] = https://curl.haxx.se/bug/?i=2561
+ [97] = https://curl.haxx.se/bug/?i=2560
diff --git a/acinclude.m4 b/acinclude.m4
old mode 100755
new mode 100644
diff --git a/configure.ac b/configure.ac
index f946bb5b6..dd9cb1590 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1046,13 +1046,13 @@ if test X"$OPT_BROTLI" != Xno; then
if test "$HAVE_BROTLI" = "1"; then
if test -n "$DIR_BROTLI"; then
dnl when the brotli shared libs were found in a path that the run-time
- dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
+ dnl linker doesn't search through, we need to add it to
CURL_LIBRARY_PATH
dnl to prevent further configure tests to fail due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_BROTLI"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $DIR_BROTLI to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_BROTLI"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $DIR_BROTLI to CURL_LIBRARY_PATH])
fi
fi
else
@@ -1223,13 +1223,11 @@ dnl Check if the operating system allows programs to
write to their own argv[]
dnl **********************************************************************
AC_MSG_CHECKING([if argv can be written to])
-AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
+CURL_RUN_IFELSE([
int main(int argc, char ** argv) {
argv[0][0] = ' ';
return (argv[0][0] == ' ')?0:1;
}
- ]])
],[
curl_cv_writable_argv=yes
],[
@@ -1474,298 +1472,6 @@ dnl Default to compiler & linker defaults for SSL files
& libraries.
OPT_SSL=off
dnl Default to no CA bundle
ca="no"
-dnl Set Default to 0:
-dnl OPENSSL_ENABLED="0"
-dnl AC_ARG_WITH(ssl,dnl
-dnl AC_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points
to the SSL installation (default: /usr/local/ssl); when possible, set the
PKG_CONFIG_PATH environment variable instead of using this option])
-dnl AC_HELP_STRING([--without-ssl], [disable OpenSSL]),
-dnl OPT_SSL=$withval)
-
-dnl if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
-dnl test X"$OPT_SSL" != Xno; then
-dnl ssl_msg=
-
-dnl dnl backup the pre-ssl variables
-dnl CLEANLDFLAGS="$LDFLAGS"
-dnl CLEANCPPFLAGS="$CPPFLAGS"
-dnl CLEANLIBS="$LIBS"
-
-dnl dnl This is for Msys/Mingw
-dnl case $host in
-dnl *-*-msys* | *-*-mingw*)
-dnl AC_MSG_CHECKING([for gdi32])
-dnl my_ac_save_LIBS=$LIBS
-dnl LIBS="-lgdi32 $LIBS"
-dnl AC_TRY_LINK([#include <windef.h>
-dnl #include <wingdi.h>],
-dnl [GdiFlush();],
-dnl [ dnl worked!
-dnl AC_MSG_RESULT([yes])],
-dnl [ dnl failed, restore LIBS
-dnl LIBS=$my_ac_save_LIBS
-dnl AC_MSG_RESULT(no)]
-dnl )
-dnl ;;
-dnl esac
-
-dnl case "$OPT_SSL" in
-dnl yes)
-dnl dnl --with-ssl (without path) used
-dnl if test x$cross_compiling != xyes; then
-dnl dnl only do pkg-config magic when not cross-compiling
-dnl PKGTEST="yes"
-dnl fi
-dnl PREFIX_OPENSSL=/usr/local/ssl
-dnl LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
-dnl ;;
-dnl off)
-dnl dnl no --with-ssl option given, just check default places
-dnl if test x$cross_compiling != xyes; then
-dnl dnl only do pkg-config magic when not cross-compiling
-dnl PKGTEST="yes"
-dnl fi
-dnl PREFIX_OPENSSL=
-dnl ;;
-dnl *)
-dnl dnl check the given --with-ssl spot
-dnl PKGTEST="no"
-dnl PREFIX_OPENSSL=$OPT_SSL
-
-dnl dnl Try pkg-config even when cross-compiling. Since we
-dnl dnl specify PKG_CONFIG_LIBDIR we're only looking where
-dnl dnl the user told us to look
-dnl OPENSSL_PCDIR="$OPT_SSL/lib/pkgconfig"
-dnl AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
-dnl if test -f "$OPENSSL_PCDIR/openssl.pc"; then
-dnl PKGTEST="yes"
-dnl fi
-
-dnl dnl in case pkg-config comes up empty, use what we got
-dnl dnl via --with-ssl
-dnl LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
-dnl if test "$PREFIX_OPENSSL" != "/usr" ; then
-dnl SSL_LDFLAGS="-L$LIB_OPENSSL"
-dnl SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
-dnl fi
-dnl SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl"
-dnl ;;
-dnl esac
-
-dnl if test "$PKGTEST" = "yes"; then
-
-dnl CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR])
-
-dnl if test "$PKGCONFIG" != "no" ; then
-dnl SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
-dnl $PKGCONFIG --libs-only-l openssl 2>/dev/null`
-
-dnl SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
-dnl $PKGCONFIG --libs-only-L openssl 2>/dev/null`
-
-dnl SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
-dnl $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
-
-dnl AC_SUBST(SSL_LIBS)
-dnl AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
-dnl AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
-dnl AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
-
-dnl LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/-L//g'`
-
-dnl dnl use the values pkg-config reported. This is here
-dnl dnl instead of below with CPPFLAGS and LDFLAGS because we only
-dnl dnl learn about this via pkg-config. If we only have
-dnl dnl the argument to --with-ssl we don't know what
-dnl dnl additional libs may be necessary. Hope that we
-dnl dnl don't need any.
-dnl LIBS="$SSL_LIBS $LIBS"
-dnl fi
-dnl fi
-
-dnl dnl finally, set flags to use SSL
-dnl CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
-dnl LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
-
-dnl AC_CHECK_LIB(crypto, HMAC_Update,[
-dnl HAVECRYPTO="yes"
-dnl LIBS="-lcrypto $LIBS"
-dnl ],[
-dnl LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
-dnl CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl
-I$PREFIX_OPENSSL/include"
-dnl AC_CHECK_LIB(crypto, HMAC_Init_ex,[
-dnl HAVECRYPTO="yes"
-dnl LIBS="-lcrypto $LIBS"], [
-
-dnl dnl still no, but what about with -ldl?
-dnl AC_MSG_CHECKING([OpenSSL linking with -ldl])
-dnl LIBS="$LIBS -ldl"
-dnl AC_TRY_LINK(
-dnl [
-dnl #include <openssl/err.h>
-dnl ],
-dnl [
-dnl ERR_clear_error();
-dnl ],
-dnl [
-dnl AC_MSG_RESULT(yes)
-dnl HAVECRYPTO="yes"
-dnl ],
-dnl [
-dnl AC_MSG_RESULT(no)
-dnl dnl ok, so what about bouth -ldl and -lpthread?
-
-dnl AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
-dnl LIBS="$LIBS -lpthread"
-dnl AC_TRY_LINK(
-dnl [
-dnl #include <openssl/err.h>
-dnl ],
-dnl [
-dnl ERR_clear_error();
-dnl ],
-dnl [
-dnl AC_MSG_RESULT(yes)
-dnl HAVECRYPTO="yes"
-dnl ],
-dnl [
-dnl AC_MSG_RESULT(no)
-dnl LDFLAGS="$CLEANLDFLAGS"
-dnl CPPFLAGS="$CLEANCPPFLAGS"
-dnl LIBS="$CLEANLIBS"
-
-dnl ])
-
-dnl ])
-
-dnl ])
-dnl ])
-
-dnl if test X"$HAVECRYPTO" = X"yes"; then
-dnl dnl This is only reasonable to do if crypto actually is there: check
for
-dnl dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
-
-dnl AC_CHECK_LIB(ssl, SSL_connect)
-
-dnl if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
-dnl dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff
-dnl AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use);
-dnl OLIBS=$LIBS
-dnl LIBS="-lRSAglue -lrsaref $LIBS"
-dnl AC_CHECK_LIB(ssl, SSL_connect)
-dnl if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
-dnl dnl still no SSL_connect
-dnl AC_MSG_RESULT(no)
-dnl LIBS=$OLIBS
-dnl else
-dnl AC_MSG_RESULT(yes)
-dnl fi
-
-dnl else
-
-dnl dnl Have the libraries--check for OpenSSL headers
-dnl AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
-dnl openssl/pem.h openssl/ssl.h openssl/err.h,
-dnl ssl_msg="OpenSSL"
-dnl test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
-dnl OPENSSL_ENABLED=1
-dnl AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
-
-dnl if test $ac_cv_header_openssl_x509_h = no; then
-dnl dnl we don't use the "action" part of the AC_CHECK_HEADERS macro
-dnl dnl since 'err.h' might in fact find a krb4 header with the same
-dnl dnl name
-dnl AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h)
-
-dnl if test $ac_cv_header_x509_h = yes &&
-dnl test $ac_cv_header_crypto_h = yes &&
-dnl test $ac_cv_header_ssl_h = yes; then
-dnl dnl three matches
-dnl ssl_msg="OpenSSL"
-dnl OPENSSL_ENABLED=1
-dnl fi
-dnl fi
-dnl fi
-
-dnl if test X"$OPENSSL_ENABLED" != X"1"; then
-dnl LIBS="$CLEANLIBS"
-dnl fi
-
-dnl if test X"$OPT_SSL" != Xoff &&
-dnl test "$OPENSSL_ENABLED" != "1"; then
-dnl AC_MSG_ERROR([OpenSSL libs and/or directories were not found where
specified!])
-dnl fi
-dnl fi
-
-dnl if test X"$OPENSSL_ENABLED" = X"1"; then
-dnl dnl If the ENGINE library seems to be around, check for the OpenSSL
engine
-dnl dnl stuff, it is kind of "separated" from the main SSL check
-dnl AC_CHECK_FUNC(ENGINE_init,
-dnl [
-dnl AC_CHECK_HEADERS(openssl/engine.h)
-dnl AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
-dnl ])
-
-dnl dnl These can only exist if OpenSSL exists
-dnl dnl Older versions of Cyassl (some time before 2.9.4) don't have
-dnl dnl SSL_get_shutdown (but this check won't actually detect it there
-dnl dnl as it's a macro that needs the header files be included)
-
-dnl AC_CHECK_FUNCS( RAND_egd \
-dnl ENGINE_cleanup \
-dnl SSL_get_shutdown \
-dnl SSLv2_client_method )
-
-dnl AC_MSG_CHECKING([for BoringSSL])
-dnl AC_COMPILE_IFELSE([
-dnl AC_LANG_PROGRAM([[
-dnl #include <openssl/base.h>
-dnl ]],[[
-dnl #ifndef OPENSSL_IS_BORINGSSL
-dnl #error not boringssl
-dnl #endif
-dnl ]])
-dnl ],[
-dnl AC_MSG_RESULT([yes])
-dnl AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
-dnl [Define to 1 if using BoringSSL.])
-dnl ssl_msg="BoringSSL"
-dnl ],[
-dnl AC_MSG_RESULT([no])
-dnl ])
-
-dnl AC_MSG_CHECKING([for libressl])
-dnl AC_COMPILE_IFELSE([
-dnl AC_LANG_PROGRAM([[
-dnl #include <openssl/opensslv.h>
-dnl ]],[[
-dnl int dummy = LIBRESSL_VERSION_NUMBER;
-dnl ]])
-dnl ],[
-dnl AC_MSG_RESULT([yes])
-dnl AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
-dnl [Define to 1 if using libressl.])
-dnl ssl_msg="libressl"
-dnl ],[
-dnl AC_MSG_RESULT([no])
-dnl ])
-dnl fi
-
-dnl if test "$OPENSSL_ENABLED" = "1"; then
-dnl if test -n "$LIB_OPENSSL"; then
-dnl dnl when the ssl shared libs were found in a path that the run-time
-dnl dnl linker doesn't search through, we need to add it to
LD_LIBRARY_PATH
-dnl dnl to prevent further configure tests to fail due to this
-dnl if test "x$cross_compiling" != "xyes"; then
-dnl LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_OPENSSL"
-dnl export LD_LIBRARY_PATH
-dnl AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
-dnl fi
-dnl fi
-dnl CURL_CHECK_OPENSSL_API
-dnl fi
-
-dnl test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends,
}$ssl_msg"
-dnl fi
dnl **********************************************************************
dnl Check for the random seed preferences
@@ -1806,7 +1512,7 @@ fi
dnl ---
dnl We require OpenSSL with SRP support.
dnl ---
-if test "$OPENSSL_ENABLED" = "1"; then
+12if test "$OPENSSL_ENABLED" = "1"; then
AC_CHECK_LIB(crypto, SRP_Calc_client_key,
[
AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function
SRP_Calc_client_key])
@@ -1911,16 +1617,16 @@ if test -z "$ssl_backends" -o "x$OPT_GNUTLS" != xno;
then
if test "x$USE_GNUTLS" = "xyes"; then
AC_MSG_NOTICE([detected GnuTLS version $version])
-
+ check_for_ca_bundle=1
if test -n "$gtlslib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlslib"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$gtlslib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $gtlslib to CURL_LIBRARY_PATH])
fi
fi
AC_CHECK_FUNCS([gnutls_certificate_set_x509_key_file2
gnutls_alpn_set_protocols gnutls_ocsp_req_init])
@@ -2046,7 +1752,9 @@ dnl
**********************************************************************
dnl Check for the CA bundle
dnl **********************************************************************
-CURL_CHECK_CA_BUNDLE
+if test "$check_for_ca_bundle" -gt 0; then
+ CURL_CHECK_CA_BUNDLE
+fi
dnl **********************************************************************
dnl Check for libpsl
@@ -2176,153 +1884,6 @@ AC_HELP_STRING([--with-libssh], [enable LIBSSH]),
OPT_LIBSSH=$withval, OPT_LIBSSH=no)
LIBSSH2_ENABLED="0"
-dnl if test X"$OPT_LIBSSH2" != Xno; then
-dnl dnl backup the pre-libssh2 variables
-dnl CLEANLDFLAGS="$LDFLAGS"
-dnl CLEANCPPFLAGS="$CPPFLAGS"
-dnl CLEANLIBS="$LIBS"
-
-dnl case "$OPT_LIBSSH2" in
-dnl yes)
-dnl dnl --with-libssh2 (without path) used
-dnl CURL_CHECK_PKGCONFIG(libssh2)
-
-dnl if test "$PKGCONFIG" != "no" ; then
-dnl LIB_SSH2=`$PKGCONFIG --libs-only-l libssh2`
-dnl LD_SSH2=`$PKGCONFIG --libs-only-L libssh2`
-dnl CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2`
-dnl version=`$PKGCONFIG --modversion libssh2`
-dnl DIR_SSH2=`echo $LD_SSH2 | $SED -e 's/-L//'`
-dnl fi
-
-dnl ;;
-dnl off)
-dnl dnl no --with-libssh2 option given, just check default places
-dnl ;;
-dnl *)
-dnl dnl use the given --with-libssh2 spot
-dnl PREFIX_SSH2=$OPT_LIBSSH2
-dnl ;;
-dnl esac
-
-dnl dnl if given with a prefix, we set -L and -I based on that
-dnl if test -n "$PREFIX_SSH2"; then
-dnl LIB_SSH2="-lssh2"
-dnl LD_SSH2=-L${PREFIX_SSH2}/lib$libsuff
-dnl CPP_SSH2=-I${PREFIX_SSH2}/include
-dnl DIR_SSH2=${PREFIX_SSH2}/lib$libsuff
-dnl fi
-
-dnl LDFLAGS="$LDFLAGS $LD_SSH2"
-dnl CPPFLAGS="$CPPFLAGS $CPP_SSH2"
-dnl LIBS="$LIB_SSH2 $LIBS"
-
-dnl AC_CHECK_LIB(ssh2, libssh2_channel_open_ex)
-
-dnl AC_CHECK_HEADERS(libssh2.h,
-dnl curl_ssh_msg="enabled (libSSH2)"
-dnl LIBSSH2_ENABLED=1
-dnl AC_DEFINE(USE_LIBSSH2, 1, [if libSSH2 is in use])
-dnl AC_SUBST(USE_LIBSSH2, [1])
-dnl )
-
-dnl if test X"$OPT_LIBSSH2" != Xoff &&
-dnl test "$LIBSSH2_ENABLED" != "1"; then
-dnl AC_MSG_ERROR([libSSH2 libs and/or directories were not found where
specified!])
-dnl fi
-
-dnl if test "$LIBSSH2_ENABLED" = "1"; then
-dnl if test -n "$DIR_SSH2"; then
-dnl dnl when the libssh2 shared libs were found in a path that the
run-time
-dnl dnl linker doesn't search through, we need to add it to
LD_LIBRARY_PATH
-dnl dnl to prevent further configure tests to fail due to this
-
-dnl if test "x$cross_compiling" != "xyes"; then
-dnl LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
-dnl export LD_LIBRARY_PATH
-dnl AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
-dnl fi
-dnl fi
-dnl else
-dnl dnl no libssh2, revert back to clean variables
-dnl LDFLAGS=$CLEANLDFLAGS
-dnl CPPFLAGS=$CLEANCPPFLAGS
-dnl LIBS=$CLEANLIBS
-dnl fi
-dnl elif test X"$OPT_LIBSSH" != Xno; then
-dnl dnl backup the pre-libssh variables
-dnl CLEANLDFLAGS="$LDFLAGS"
-dnl CLEANCPPFLAGS="$CPPFLAGS"
-dnl CLEANLIBS="$LIBS"
-
-dnl case "$OPT_LIBSSH" in
-dnl yes)
-dnl dnl --with-libssh (without path) used
-dnl CURL_CHECK_PKGCONFIG(libssh)
-
-dnl if test "$PKGCONFIG" != "no" ; then
-dnl LIB_SSH=`$PKGCONFIG --libs-only-l libssh`
-dnl LD_SSH=`$PKGCONFIG --libs-only-L libssh`
-dnl CPP_SSH=`$PKGCONFIG --cflags-only-I libssh`
-dnl version=`$PKGCONFIG --modversion libssh`
-dnl DIR_SSH=`echo $LD_SSH | $SED -e 's/-L//'`
-dnl fi
-
-dnl ;;
-dnl off)
-dnl dnl no --with-libssh option given, just check default places
-dnl ;;
-dnl *)
-dnl dnl use the given --with-libssh spot
-dnl PREFIX_SSH=$OPT_LIBSSH
-dnl ;;
-dnl esac
-
-dnl dnl if given with a prefix, we set -L and -I based on that
-dnl if test -n "$PREFIX_SSH"; then
-dnl LIB_SSH="-lssh"
-dnl LD_SSH=-L${PREFIX_SSH}/lib$libsuff
-dnl CPP_SSH=-I${PREFIX_SSH}/include
-dnl DIR_SSH=${PREFIX_SSH}/lib$libsuff
-dnl fi
-
-dnl LDFLAGS="$LDFLAGS $LD_SSH"
-dnl CPPFLAGS="$CPPFLAGS $CPP_SSH"
-dnl LIBS="$LIB_SSH $LIBS"
-
-dnl AC_CHECK_LIB(ssh, ssh_new)
-
-dnl AC_CHECK_HEADERS(libssh/libssh.h,
-dnl curl_ssh_msg="enabled (libSSH)"
-dnl LIBSSH_ENABLED=1
-dnl AC_DEFINE(USE_LIBSSH, 1, [if libSSH is in use])
-dnl AC_SUBST(USE_LIBSSH, [1])
-dnl )
-
-dnl if test X"$OPT_LIBSSH" != Xoff &&
-dnl test "$LIBSSH_ENABLED" != "1"; then
-dnl AC_MSG_ERROR([libSSH libs and/or directories were not found where
specified!])
-dnl fi
-
-dnl if test "$LIBSSH_ENABLED" = "1"; then
-dnl if test -n "$DIR_SSH"; then
-dnl dnl when the libssh shared libs were found in a path that the
run-time
-dnl dnl linker doesn't search through, we need to add it to
LD_LIBRARY_PATH
-dnl dnl to prevent further configure tests to fail due to this
-
-dnl if test "x$cross_compiling" != "xyes"; then
-dnl LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH"
-dnl export LD_LIBRARY_PATH
-dnl AC_MSG_NOTICE([Added $DIR_SSH to LD_LIBRARY_PATH])
-dnl fi
-dnl fi
-dnl else
-dnl dnl no libssh, revert back to clean variables
-dnl LDFLAGS=$CLEANLDFLAGS
-dnl CPPFLAGS=$CLEANCPPFLAGS
-dnl LIBS=$CLEANLIBS
-dnl fi
-dnl fi
dnl **********************************************************************
dnl Check for the presence of LIBRTMP libraries and headers
@@ -2528,9 +2089,9 @@ if test "$want_idn" = "yes"; then
AC_SUBST([IDN_ENABLED], [1])
curl_idn_msg="enabled (libidn2)"
if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$IDN_DIR"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $IDN_DIR to CURL_LIBRARY_PATH])
fi
else
AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
@@ -2803,14 +2364,34 @@ AC_CHECK_TYPE([bool],[
#endif
])
+# check for sa_family_t
+AC_CHECK_TYPE(sa_family_t,
+ AC_DEFINE(CURL_SA_FAMILY_T, sa_family_t, [IP address type in sockaddr]),
+ [
+ # The windows name?
+ AC_CHECK_TYPE(ADDRESS_FAMILY,
+ AC_DEFINE(CURL_SA_FAMILY_T, ADDRESS_FAMILY, [IP address type in
sockaddr]),
+ AC_DEFINE(CURL_SA_FAMILY_T, unsigned short, [IP address type in
sockaddr]),
+ [
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+ ])
+ ],
+[
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+])
+
AC_MSG_CHECKING([if time_t is unsigned])
-AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
+CURL_RUN_IFELSE(
+ [
#include <time.h>
#include <limits.h>
time_t t = -1;
return (t > 0);
- ]])] ,[
+ ],[
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_TIME_T_UNSIGNED, 1, [Define this if time_t is unsigned])
],[
diff --git a/docs/CHECKSRC.md b/docs/CHECKSRC.md
index b42de8470..f246b57e1 100644
--- a/docs/CHECKSRC.md
+++ b/docs/CHECKSRC.md
@@ -69,7 +69,7 @@ warnings are:
- `SPACEBEFOREPAREN`: there was a space before an open parenthesis, `if (`,
where one was not expected
-- `SPACESEMILCOLON`: there was a space before semicolon, ` ;`.
+- `SPACESEMICOLON`: there was a space before semicolon, ` ;`.
- `TABS`: TAB characters are not allowed!
diff --git a/docs/CODE_STYLE.md b/docs/CODE_STYLE.md
index ba5f71026..2d275cd7d 100644
--- a/docs/CODE_STYLE.md
+++ b/docs/CODE_STYLE.md
@@ -9,8 +9,8 @@ style is more important than individual contributors having
their own personal
tastes satisfied.
Our C code has a few style rules. Most of them are verified and upheld by the
-`lib/checksrc.pl` script. Invoked with `make checksrc` or even by default by
-the build system when built after `./configure --enable-debug` has been used.
+"lib/checksrc.pl" script. Invoked with "make checksrc" or even by default by
+the build system when built after "./configure --enable-debug" has been used.
It is normally not a problem for anyone to follow the guidelines, as you just
need to copy the style already used in the source code and there are no
@@ -44,8 +44,8 @@ open brace.
## Comments
-Since we write C89 code, `//` comments are not allowed. They weren't
-introduced in the C standard until C99. We use only `/*` and `*/` comments:
+Since we write C89 code, **//** comments are not allowed. They weren't
+introduced in the C standard until C99. We use only **/* comments */**.
/* this is a comment */
@@ -87,8 +87,8 @@ For functions the opening brace should be on a separate line:
## 'else' on the following line
-When adding an `else` clause to a conditional expression using braces, we add
-it on a new line after the closing brace. Like this:
+When adding an **else** clause to a conditional expression using braces, we
+add it on a new line after the closing brace. Like this:
if(age < 40) {
/* clearly a youngster */
@@ -149,8 +149,8 @@ and NEVER:
## Space around operators
-Please use spaces on both sides of operators in C expressions. Postfix `(),
-[], ->, ., ++, --` and Unary `+, - !, ~, &` operators excluded they should
+Please use spaces on both sides of operators in C expressions. Postfix **(),
+[], ->, ., ++, --** and Unary **+, - !, ~, &** operators excluded they should
have no space.
Examples:
@@ -167,63 +167,71 @@ Examples:
complement = ~bits;
empty = (!*string) ? TRUE : FALSE;
+## No parentheses for return values
+
+We use the 'return' statement without extra parentheses around the value:
+
+ int works(void)
+ {
+ return TRUE;
+ }
+
+## Parentheses for sizeof arguments
+
+When using the sizeof operator in code, we prefer it to be written with
+parentheses around its argument:
+
+ int size = sizeof(int);
+
## Column alignment
-Some statements cannot be completed on a single line because the line would
-be too long, the statement too hard to read, or due to other style guidelines
+Some statements cannot be completed on a single line because the line would be
+too long, the statement too hard to read, or due to other style guidelines
above. In such a case the statement will span multiple lines.
If a continuation line is part of an expression or sub-expression then you
should align on the appropriate column so that it's easy to tell what part of
the statement it is. Operators should not start continuation lines. In other
-cases follow the 2-space indent guideline. Here are some examples from libcurl:
+cases follow the 2-space indent guideline. Here are some examples from
+libcurl:
-~~~c
if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) &&
(handle->set.httpversion != CURL_HTTP_VERSION_1_0) &&
(handle->set.httpreq == HTTPREQ_GET ||
handle->set.httpreq == HTTPREQ_HEAD))
/* didn't ask for HTTP/1.0 and a GET or HEAD */
return TRUE;
-~~~
-~~~c
- case CURLOPT_KEEP_SENDING_ON_ERROR:
- data->set.http_keep_sending_on_error = (0 != va_arg(param, long)) ?
- TRUE : FALSE;
- break;
-~~~
+If no parenthesis, use the default indent:
-~~~c
data->set.http_disable_hostname_check_before_authentication =
(0 != va_arg(param, long)) ? TRUE : FALSE;
-~~~
-
-~~~c
- if(option) {
- result = parse_login_details(option, strlen(option),
- (userp ? &user : NULL),
- (passwdp ? &passwd : NULL),
- NULL);
- }
-~~~
-
-~~~c
- DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing "
- "server response left\n",
- (int)clipamount));
-~~~
+
+Function invoke with an open parenthesis:
+
+ if(option) {
+ result = parse_login_details(option, strlen(option),
+ (userp ? &user : NULL),
+ (passwdp ? &passwd : NULL),
+ NULL);
+ }
+
+Align with the "current open" parenthesis:
+
+ DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing "
+ "server response left\n",
+ (int)clipamount));
## Platform dependent code
-Use `#ifdef HAVE_FEATURE` to do conditional code. We avoid checking for
+Use **#ifdef HAVE_FEATURE** to do conditional code. We avoid checking for
particular operating systems or hardware in the #ifdef lines. The HAVE_FEATURE
shall be generated by the configure script for unix-like systems and they are
hard-coded in the config-[system].h files for the others.
We also encourage use of macros/functions that possibly are empty or defined
to constants when libcurl is built without that feature, to make the code
-seamless. Like this style where the `magic()` function works differently
+seamless. Like this example where the **magic()** function works differently
depending on a build-time conditional:
#ifdef HAVE_MAGIC
diff --git a/docs/INSTALL.cmake b/docs/INSTALL.cmake
index abdfb46b2..0a8e43971 100644
--- a/docs/INSTALL.cmake
+++ b/docs/INSTALL.cmake
@@ -34,7 +34,7 @@ Current flaws in the curl CMake build
- Doesn't allow you to disable specific protocols from the build
- Doesn't find or use krb4 or GSS
- Rebuilds test files too eagerly, but still can't run the tests
- - Does't detect the correct strerror_r flavor when cross-compiling (issue
#1123)
+ - Doesn't detect the correct strerror_r flavor when cross-compiling (issue
#1123)
Command Line CMake
diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index 280edd0ed..7389da6dc 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -27,6 +27,7 @@ problems may have been fixed or changed somewhat since this
was written!
2.2 DER in keychain
2.3 GnuTLS backend skips really long certificate fields
2.4 DarwinSSL won't import PKCS#12 client certificates without a password
+ 2.5 Client cert handling with Issuer DN differs between backends
3. Email protocols
3.1 IMAP SEARCH ALL truncated response
@@ -38,6 +39,7 @@ problems may have been fixed or changed somewhat since this
was written!
4.1 -J with %-encoded file nameas
4.2 -J with -C - fails
4.3 --retry and transfer timeouts
+ 4.4 --upload-file . hang if delay in STDIN
5. Build and portability issues
5.1 Windows Borland compiler
@@ -64,6 +66,7 @@ problems may have been fixed or changed somewhat since this
was written!
7.6 FTP with NULs in URL parts
7.7 FTP and empty path parts in the URL
7.8 Premature transfer end but healthy control channel
+ 7.9 Passive transfer tries only one IP address
8. TELNET
8.1 TELNET and time limtiations don't work
@@ -83,6 +86,7 @@ problems may have been fixed or changed somewhat since this
was written!
11.2 error buffer not set if connection to multiple addresses fails
11.3 c-ares deviates from stock resolver on http://1346569778
11.4 HTTP test server 'connection-monitor' problems
+ 11.5 Connection information when using TCP Fast Open
12. LDAP and OpenLDAP
12.1 OpenLDAP hangs after returning results
@@ -223,6 +227,13 @@ problems may have been fixed or changed somewhat since
this was written!
function rejects certificates that do not have a password.
https://github.com/curl/curl/issues/1308
+2.5 Client cert handling with Issuer DN differs between backends
+
+ When the specified client certificate doesn't match any of the
+ server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
+ The github discussion may contain a solution.
+
+ See https://github.com/curl/curl/issues/1411
3. Email protocols
@@ -282,6 +293,13 @@ problems may have been fixed or changed somewhat since
this was written!
https://curl.haxx.se/mail/lib-2008-01/0080.html and Mandriva bug report
https://qa.mandriva.com/show_bug.cgi?id=22565
+4.4 --upload-file . hangs if delay in STDIN
+
+ "(echo start; sleep 1; echo end) | curl --upload-file . http://mywebsite -vv"
+
+ ... causes a hang when it shouldn't.
+
+ See https://github.com/curl/curl/issues/2051
5. Build and portability issues
@@ -474,6 +492,18 @@ problems may have been fixed or changed somewhat since
this was written!
alive even in this situation - but the current code doesn't. Fixing this would
allow libcurl to reuse FTP connections better.
+7.9 Passive transfer tries only one IP address
+
+ When doing FTP operations through a proxy at localhost, the reported spotted
+ that curl only tried to connect once to the proxy, while it had mulitiple
+ addresses and a failed connect on one address should make it try the next.
+
+ After switching to passive mode (EPSV), curl should try all IP addresses for
+ "localhost". Currently it tries ::1, but it should also try 127.0.0.1.
+
+ See https://github.com/curl/curl/issues/1508
+
+
8. TELNET
8.1 TELNET and time limtiations don't work
@@ -561,6 +591,13 @@ problems may have been fixed or changed somewhat since
this was written!
See https://github.com/curl/curl/issues/868
+11.5 Connection information when using TCP Fast Open
+
+ CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
+ enabled.
+
+ See https://github.com/curl/curl/issues/1332
+
12. LDAP and OpenLDAP
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index d39c5a1fb..4991d5fb7 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -56,9 +56,9 @@ announcement.
then a separate earlier release for security reasons should be considered.
- Write a security advisory draft about the problem that explains what the
- problem is, its impact, which versions it affects, solutions or
- workarounds, when the release is out and make sure to credit all
- contributors properly.
+ problem is, its impact, which versions it affects, solutions or workarounds,
+ when the release is out and make sure to credit all contributors properly.
+ Figure out the CWE (Common Weakness Enumeration) number for the flaw.
- Request a CVE number from
address@hidden(http://oss-security.openwall.org/wiki/mailing-lists/distros)
@@ -114,3 +114,26 @@ plans in vanishing in the near future.
We do not make the list of participants public mostly because it tends to vary
somewhat over time and a list somewhere will only risk getting outdated.
+
+Publishing Security Advisories
+------------------------------
+
+1. Write up the security advisory, using markdown syntax. Use the same
+ subtitles as last time to maintain consistency.
+
+2. Name the advisory file (and ultimately the URL to be used when the flaw
+ gets published), using a randomized component so that third parties that
+ are involved in the process for each individual flaw will not be given
+ insights about possible *other* flaws worked on in parallel.
+ `adv_YEAR_RANDOM.md` has been used before.
+
+3. Add a line on the top of the array in `curl-www/docs/vuln.pm'.
+
+4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it
+ to the git repo. Update the Makefile in the same directory to build the
+ HTML representation.
+
+5. Run `make` in your local web checkout and verify that things look fine.
+
+6. On security advisory release day, push the changes on the curl-www
+ repository's remote master branch.
diff --git a/docs/THANKS b/docs/THANKS
index f51c9f78f..540a59fc4 100644
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -10,6 +10,7 @@ Aaro Koskinen
Aaron Oneal
Aaron Orenstein
Abram Pousada
+Adam Brown
Adam D. Moss
Adam Langley
Adam Light
@@ -37,6 +38,7 @@ Ales Mlakar
Ales Novak
Alessandro Ghedini
Alessandro Vesely
+Alex Baines
Alex Bligh
Alex Chan
Alex Fishman
@@ -156,6 +158,7 @@ Balint Szilakszi
Barry Abrahamson
Bart Whiteley
Bas Mevissen
+Bas van Schaik
Basuke Suzuki
Ben Boeckel
Ben Darnell
@@ -295,6 +298,7 @@ Craig de Stigter
Cris Bailiff
Cristian Rodríguez
Curt Bogmine
+Cyril B
Cyrill Osterwalder
Cédric Connes
Cédric Deltheil
@@ -361,6 +365,7 @@ David Byron
David Cohen
David E. Narváez
David Eriksson
+David Garske
David Houlder
David Hull
David J Meyer
@@ -368,6 +373,7 @@ David James
David Kalnischkies
David Kierznowski
David Kimdon
+David L.
David Lang
David LeBlanc
David Lord
@@ -388,6 +394,7 @@ David Wright
David Yan
Dengminwen
Denis Feklushkin
+Denis Ollier
Dennis Clarke
Derek Higgins
Desmond O. Chang
@@ -415,6 +422,7 @@ Dmitry Eremin-Solenikov
Dmitry Falko
Dmitry Kostjuchenko
Dmitry Kurochkin
+Dmitry Mikhirev
Dmitry Popov
Dmitry Rechkin
Dmitry S. Baikov
@@ -423,6 +431,8 @@ Domenico Andreoli
Dominick Meglio
Dominik Hölzl
Dominique Leuenberger
+Don J Olmstead
+Dongliang Mu
Doug Kaufman
Doug Porter
Douglas Creager
@@ -468,6 +478,7 @@ Enrico Scholz
Enrik Berkhan
Eramoto Masaya
Eric Cooper
+Eric Gallager
Eric Hu
Eric Landes
Eric Lavigne
@@ -486,6 +497,7 @@ Erick Nuwendam
Erik Janssen
Erik Johansson
Ernest Beinrohr
+Ernst Sjöstrand
Erwan Legrand
Erwin Authried
Ethan Glasser Camp
@@ -544,6 +556,7 @@ Gautam Mani
Gavrie Philipson
Gaz Iqbal
Gaël Portay
+Geeknik Labs
Geoff Beier
Georg Horn
Georg Huettenegger
@@ -849,6 +862,7 @@ Kaspar Brand
Katie Wang
Kazuho Oku
Kees Cook
+Kees Dekker
Keith MacDonald
Keith McGuigan
Keith Mok
@@ -872,6 +886,7 @@ Kjell Ericson
Kjetil Jacobsen
Klaus Stein
Klevtsov Vadim
+Kobi Gurkan
Konstantin Isakov
Kris Kennaway
Krishnendu Majumdar
@@ -899,6 +914,8 @@ Lars Torben Wilson
Lau Hang Kin
Laurent Rabret
Lauri Kasanen
+Laurie Clark-Michalek
+Lawrence Matthews
Lawrence Wagerfield
Legoff Vincent
Lehel Bernadt
@@ -939,6 +956,7 @@ Luke Call
Luke Dashjr
Luo Jinghua
Luong Dinh Dung
+Luz Paz
Luật Nguyễn
Lyndon Hill
Maciej Karpiuk
@@ -1055,6 +1073,7 @@ Michael Jahn
Michael Jerris
Michael Kalinin
Michael Kaufmann
+Michael Kilburn
Michael König
Michael Maltese
Michael Mealling
@@ -1066,6 +1085,7 @@ Michael Stillwell
Michael Wallner
Michal Bonino
Michal Marek
+Michal Trybus
Michał Fita
Michał Górny
Michał Janiszewski
@@ -1101,6 +1121,7 @@ Mohammad AlSaleh
Mohun Biswas
Mostyn Bramley-Moore
Moti Avrahami
+Muz Dima
Myk Taylor
Nach M. S.
Nagai H
@@ -1134,6 +1155,7 @@ Nikitinskit Dmitriy
Niklas Angebrand
Nikolai Kondrashov
Nikos Mavrogiannopoulos
+Nikos Tsipinakis
Ning Dong
Nir Soffer
Nis Jorgensen
@@ -1163,6 +1185,7 @@ Orgad Shaneh
Ori Avtalion
Oscar Koeroo
Oscar Norlander
+Oumph on github
P R Schaffner
Palo Markovic
Paolo Piacentini
@@ -1245,6 +1268,7 @@ Phil Pellouchoud
Philip Craig
Philip Gladstone
Philip Langdale
+Philip Prindeville
Philippe Hameau
Philippe Raoult
Philippe Vaucher
@@ -1321,10 +1345,12 @@ Richard Prescott
Richard Silverman
Richard van den Berg
Richy Kim
+Rick Deist
Rick Jones
Rick Richardson
Ricki Hirner
Rider Linden
+Rikard Falkeborn
Rob Cotrone
Rob Crittenden
Rob Davies
@@ -1448,6 +1474,7 @@ Stadler Stephan
Stan van de Burgt
Stanislav Ivochkin
Stanislav Zidek
+Stefan Agner
Stefan Bühler
Stefan Eissing
Stefan Esser
@@ -1460,6 +1487,7 @@ Stefan Ulrich
Steinar H. Gunderson
Stepan Broz
Stephan Bergmann
+Stephan Mühlstrasser
Stephen Brokenshire
Stephen Collyer
Stephen Kick
@@ -1484,6 +1512,7 @@ Steven Parkes
Stoned Elipot
Stuart Henderson
Sune Ahlgren
+Sunny Purushe
Sven Anders
Sven Neuhaus
Sven Wegener
@@ -1500,7 +1529,8 @@ Tanguy Fautre
Tatsuhiro Tsujikawa
Temprimus
Terri Oda
-TheAssassin at github
+Terry Wu
+TheAssassin on github
Theodore Dubois
Thomas Braun
Thomas Glanzmann
@@ -1659,12 +1689,14 @@ Zmey Petroff
Zvi Har'El
afrind on github
ahodesuka on github
+anshnd on github
arainchik on github
asavah on github
baumanj on github
bsammon on github
cbartl on github
cmfrolick on github
+dasimx on github
destman on github
dkjjr89 on github
dpull on github
@@ -1673,6 +1705,7 @@ elelel on github
guitared on github
hsiao yi
imilli on github
+iz8mbw on github
jonrumsey on github
joshhe on github
jungle-boogie on github
@@ -1693,15 +1726,18 @@ nopjmp on github
olesteban on github
omau on github
ovidiu-benea on github
+patelvivekv1993 on github
paulharris on github
silveja1 on github
steelman on github
+steini2000 on github
stootill on github
swalkaus at yahoo.com
tarek112 on github
tommink[at]post.pl
vanillajonathan on github
wmsch on github
+wncboy on github
wyattoday on github
youngchopin on github
zelinchen on github
diff --git a/docs/THANKS-filter b/docs/THANKS-filter
index 09340f785..76b5f50d5 100644
--- a/docs/THANKS-filter
+++ b/docs/THANKS-filter
@@ -78,3 +78,4 @@ s/CarloCannas on github$/Carlo Cannas/
s/Henrik S. Gaßmann$/Henrik Gaßmann/
s/moteus on github/Alexey Melnichuk/
s/Rich Moore/Richard Moore/
+s/kdekker/Kees Dekker/
diff --git a/docs/TODO b/docs/TODO
index ea78d9f18..cd0d6f2b6 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -43,6 +43,7 @@
1.25 Expose tried IP addresses that failed
1.26 CURL_REFUSE_CLEARTEXT
1.27 hardcode the "localhost" addresses
+ 1.28 FD_CLOEXEC
2. libcurl - multi interface
2.1 More non-blocking
@@ -114,6 +115,7 @@
13.11 Support intermediate & root pinning for PINNEDPUBLICKEY
13.12 Support HSTS
13.13 Support HPKP
+ 13.14 Support the clienthello extension
14. GnuTLS
14.1 SSL engine stuff
@@ -121,7 +123,6 @@
15. WinSSL/SChannel
15.1 Add support for client certificate authentication
- 15.2 Add support for custom server certificate validation
15.3 Add support for the --ciphers option
16. SASL
@@ -154,6 +155,7 @@
18.16 send only part of --data
18.17 consider file name from the redirected URL with -O ?
18.18 retry on network is unreachable
+ 18.19 expand ~/ in config files
19. Build
19.1 roffit
@@ -199,8 +201,7 @@
1.2 More data sharing
curl_share_* functions already exist and work, and they can be extended to
- share more. For example, enable sharing of the ares channel and the
- connection cache.
+ share more. For example, enable sharing of the ares channel.
1.3 struct lifreq
@@ -431,6 +432,14 @@
https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02
+1.28 FD_CLOEXEC
+
+ It sets the close-on-exec flag for the file descriptor, which causes the file
+ descriptor to be automatically (and atomically) closed when any of the
+ exec-family functions succeed. Should probably be set by default?
+
+ https://github.com/curl/curl/issues/2252
+
2. libcurl - multi interface
2.1 More non-blocking
@@ -710,7 +719,7 @@ that doesn't exist on the server, just like
--ftp-create-dirs.
You can specify the private and public keys for SSH/SSL as file paths. Some
programs want to avoid using files and instead just pass them as in-memory
data blobs. There's probably a challenge to make this work across the
- plethory of different TLS and SSH backends that curl suppports.
+ plethory of different TLS and SSH backends that curl supports.
https://github.com/curl/curl/issues/2310
13.4 Cache/share OpenSSL contexts
@@ -799,6 +808,16 @@ that doesn't exist on the server, just like
--ftp-create-dirs.
Doc: https://developer.mozilla.org/de/docs/Web/Security/Public_Key_Pinning
RFC: https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21
+13.14 Support the clienthello extension
+
+ Certain stupid networks and middle boxes have a problem with SSL handshake
+ pakets that are within a certain size range because how that sets some bits
+ that previously (in older TLS version) were not set. The clienthello
+ extension adds padding to avoid that size range.
+
+ https://tools.ietf.org/html/rfc7685
+ https://github.com/curl/curl/issues/2299
+
14. GnuTLS
14.1 SSL engine stuff
@@ -823,17 +842,6 @@ that doesn't exist on the server, just like
--ftp-create-dirs.
- Getting a Certificate for Schannel
https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
-15.2 Add support for custom server certificate validation
-
- WinSSL/SChannel currently makes use of the OS-level system and user
- certificate trust store. This does not allow the application or user to
- customize the server certificate validation process using curl or libcurl.
-
- Therefore support for the existing --cacert or --capath options should be
- implemented by supplying a custom certificate to the SChannel APIs, see:
- - Getting a Certificate for Schannel
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
-
15.3 Add support for the --ciphers option
The cipher suites used by WinSSL/SChannel are configured on an OS-level
@@ -1063,6 +1071,13 @@ that doesn't exist on the server, just like
--ftp-create-dirs.
https://github.com/curl/curl/issues/1603
+18.19 expand ~/ in config files
+
+ For example .curlrc could benefit from being able to do this.
+
+ See https://github.com/curl/curl/issues/2317
+
+
19. Build
19.1 roffit
diff --git a/docs/cmdline-opts/cacert.d b/docs/cmdline-opts/cacert.d
index b2ecf9088..073ad3a9a 100644
--- a/docs/cmdline-opts/cacert.d
+++ b/docs/cmdline-opts/cacert.d
@@ -25,4 +25,9 @@ should not be set. If the option is not set, then curl will
use the
certificates in the system and user Keychain to verify the peer, which is the
preferred method of verifying the peer's certificate chain.
+(Schannel/WinSSL only) This option is supported for WinSSL in Windows 7 or
+later with libcurl 7.60 or later. This option is supported for backward
+compatibility with other SSL engines; instead it is recommended to use Windows'
+store of root certificates (the default for WinSSL).
+
If this option is used several times, the last one will be used.
diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d
index 0cd5d535f..adf62fc7a 100644
--- a/docs/cmdline-opts/cert.d
+++ b/docs/cmdline-opts/cert.d
@@ -29,4 +29,15 @@ system or user keychain, or the path to a PKCS#12-encoded
certificate and
private key. If you want to use a file from the current directory, please
precede it with "./" prefix, in order to avoid confusion with a nickname.
+(Schannel/WinSSL only) Client certificates must be specified by a path
+expression to a certificate store. (Loading PFX is not supported; you can
+import it to a store first). You can use
+"<store location>\\<store name>\\<thumbprint>" to refer to a certificate
+in the system certificates store, for example,
+"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is
+usually a SHA-1 hex string which you can see in certificate details. Following
+store locations are supported: CurrentUser, LocalMachine, CurrentService,
+Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy,
+LocalMachineEnterprise.
+
If this option is used several times, the last one will be used.
diff --git a/docs/cmdline-opts/cookie.d b/docs/cmdline-opts/cookie.d
index 383adda6e..3ae697548 100644
--- a/docs/cmdline-opts/cookie.d
+++ b/docs/cmdline-opts/cookie.d
@@ -12,7 +12,8 @@ If no '=' symbol is used in the argument, it is instead
treated as a filename
to read previously stored cookie from. This option also activates the cookie
engine which will make curl record incoming cookies, which may be handy if
you're using this in combination with the --location option or do multiple URL
-transfers on the same invoke.
+transfers on the same invoke. If the file name is exactly a minus ("-"), curl
+will instead the contents from stdin.
The file format of the file to read cookies from should be plain HTTP headers
(Set-Cookie style) or the Netscape/Mozilla cookie file format.
diff --git a/docs/cmdline-opts/ftp-port.d b/docs/cmdline-opts/ftp-port.d
index a852e9054..e4b145608 100644
--- a/docs/cmdline-opts/ftp-port.d
+++ b/docs/cmdline-opts/ftp-port.d
@@ -12,11 +12,11 @@ to setup an IP address and port for it to connect to.
<address> should be one
of:
.RS
.IP interface
-i.e "eth0" to specify which interface's IP address you want to use (Unix only)
+e.g. "eth0" to specify which interface's IP address you want to use (Unix only)
.IP "IP address"
-i.e "192.168.10.1" to specify the exact IP address
+e.g. "192.168.10.1" to specify the exact IP address
.IP "host name"
-i.e "my.host.domain" to specify the machine
+e.g. "my.host.domain" to specify the machine
.IP "-"
make curl pick the same IP address that is already used for the control
connection
diff --git a/docs/cmdline-opts/haproxy-protocol.d
b/docs/cmdline-opts/haproxy-protocol.d
new file mode 100644
index 000000000..52e156058
--- /dev/null
+++ b/docs/cmdline-opts/haproxy-protocol.d
@@ -0,0 +1,11 @@
+Long: haproxy-protocol
+Help: Send HAProxy PROXY protocol header
+Protocols: HTTP
+Added: 7.60.0
+---
+Send a HAProxy PROXY protocol header at the beginning of the connection. This
+is used by some load balancers and reverse proxies to indicate the client's
+true IP address and port.
+
+This option is primarily useful when sending test requests to a service that
+expects this header.
diff --git a/docs/cmdline-opts/interface.d b/docs/cmdline-opts/interface.d
index bd0817618..65827fb8b 100644
--- a/docs/cmdline-opts/interface.d
+++ b/docs/cmdline-opts/interface.d
@@ -12,5 +12,5 @@ name, IP address or host name. An example could look like:
If this option is used several times, the last one will be used.
On Linux it can be used to specify a VRF, but the binary needs to either
-have CAP_NET_RAW or to be ran as root. More information about Linux VRF:
+have CAP_NET_RAW or to be run as root. More information about Linux VRF:
https://www.kernel.org/doc/Documentation/networking/vrf.txt
diff --git a/docs/cmdline-opts/max-time.d b/docs/cmdline-opts/max-time.d
index c22343d32..0057f9d04 100644
--- a/docs/cmdline-opts/max-time.d
+++ b/docs/cmdline-opts/max-time.d
@@ -1,6 +1,6 @@
Long: max-time
Short: m
-Arg: <time>
+Arg: <seconds>
Help: Maximum time allowed for the transfer
See-also: connect-timeout
---
diff --git a/docs/cmdline-opts/page-footer b/docs/cmdline-opts/page-footer
index 1ca47ae02..89bface65 100644
--- a/docs/cmdline-opts/page-footer
+++ b/docs/cmdline-opts/page-footer
@@ -21,7 +21,7 @@ SMTP, LDAP etc.
.IP "ALL_PROXY [protocol://]<host>[:port]"
Sets the proxy server to use if no protocol-specific proxy is set.
.IP "NO_PROXY <comma-separated list of hosts>"
-list of host names that shouldn't go through any proxy. If set to a asterisk
+list of host names that shouldn't go through any proxy. If set to an asterisk
\&'*' only, it matches all hosts.
This environment variable disables use of the proxy even when specified with
@@ -45,9 +45,9 @@ a supported one, the proxy will be treated as an HTTP proxy.
The supported proxy protocol prefixes are as follows:
.IP "http://";
-Makes it use it as a HTTP proxy. The default if no scheme prefix is used.
+Makes it use it as an HTTP proxy. The default if no scheme prefix is used.
.IP "https://";
-Makes it treated as a \fBHTTPS\fP proxy.
+Makes it treated as an \fBHTTPS\fP proxy.
.IP "socks4://"
Makes it the equivalent of --socks4
.IP "socks4a://"
diff --git a/docs/cmdline-opts/page-header b/docs/cmdline-opts/page-header
index ee5af1477..51f45edad 100644
--- a/docs/cmdline-opts/page-header
+++ b/docs/cmdline-opts/page-header
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -26,8 +26,7 @@
.SH NAME
curl \- transfer a URL
.SH SYNOPSIS
-.B curl [options]
-.I [URL...]
+.B curl [options / URLs]
.SH DESCRIPTION
.B curl
is a tool to transfer data from or to a server, using one of the supported
@@ -65,7 +64,8 @@ other:
http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html
You can specify any amount of URLs on the command line. They will be fetched
-in a sequential manner in the specified order.
+in a sequential manner in the specified order. You can specify command line
+options and URLs mixed and in any order on the command line.
You can specify a step counter for the ranges to get every Nth number or
letter:
diff --git a/docs/cmdline-opts/proxy-cert-type.d
b/docs/cmdline-opts/proxy-cert-type.d
index 8c9e7889b..906d2a115 100644
--- a/docs/cmdline-opts/proxy-cert-type.d
+++ b/docs/cmdline-opts/proxy-cert-type.d
@@ -1,6 +1,6 @@
Long: proxy-cert-type
Arg: <type>
Added: 7.52.0
-Help: Client certificate type for HTTS proxy
+Help: Client certificate type for HTTPS proxy
---
Same as --cert-type but used in HTTPS proxy context.
diff --git a/docs/cmdline-opts/proxytunnel.d b/docs/cmdline-opts/proxytunnel.d
index f2e8b802d..42aee2bb2 100644
--- a/docs/cmdline-opts/proxytunnel.d
+++ b/docs/cmdline-opts/proxytunnel.d
@@ -1,6 +1,6 @@
Long: proxytunnel
Short: p
-Help: Operate through a HTTP proxy tunnel (using CONNECT)
+Help: Operate through an HTTP proxy tunnel (using CONNECT)
See-also: proxy
---
When an HTTP proxy is used --proxy, this option will cause non-HTTP protocols
diff --git a/docs/cmdline-opts/range.d b/docs/cmdline-opts/range.d
index 760d15e22..b888dd181 100644
--- a/docs/cmdline-opts/range.d
+++ b/docs/cmdline-opts/range.d
@@ -4,7 +4,7 @@ Help: Retrieve only the bytes within RANGE
Arg: <range>
Protocols: HTTP FTP SFTP FILE
---
-Retrieve a byte range (i.e a partial document) from a HTTP/1.1, FTP or SFTP
+Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP
server or a local FILE. Ranges can be specified in a number of ways.
.RS
.TP 10
diff --git a/docs/cmdline-opts/user-agent.d b/docs/cmdline-opts/user-agent.d
index c98619d7d..de73f723f 100644
--- a/docs/cmdline-opts/user-agent.d
+++ b/docs/cmdline-opts/user-agent.d
@@ -6,7 +6,7 @@ Protocols: HTTP
---
Specify the User-Agent string to send to the HTTP server. To encode blanks in
-the string, surround the string with single quote marks. This can also be set
-with the --header option of course.
+the string, surround the string with single quote marks. This header can also
+be set with the --header or the --proxy-header options.
If this option is used several times, the last one will be used.
diff --git a/docs/examples/.gitignore b/docs/examples/.gitignore
index f22c7b02f..36cececc4 100644
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@@ -13,9 +13,15 @@ ftpgetinfo
ftpgetresp
ftpsget
ftpupload
+ftpuploadfrommem
+ftpuploadresume
getinfo
getinmemory
+getredirect
http-post
+http2-download
+http2-serverpush
+http2-upload
httpcustomheader
httpput
https
@@ -27,6 +33,7 @@ imap-delete
imap-examine
imap-fetch
imap-list
+imap-lsub
imap-multi
imap-noop
imap-search
@@ -36,6 +43,7 @@ imap-tls
multi-app
multi-debugcallback
multi-double
+multi-formadd
multi-post
multi-single
persistant
@@ -54,18 +62,22 @@ pop3slist
post-callback
postinmemory
postit2
+postit2-formadd
progressfunc
resolve
rtsp
sendrecv
sepheaders
sftpget
+sftpuploadresume
+shared-connection-cache
simple
simplepost
simplesmtp
simplessl
smtp-expn
smtp-mail
+smtp-mime
smtp-multi
smtp-ssl
smtp-tls
@@ -74,7 +86,3 @@ sslbackend
url2file
usercertinmem
xmlstream
-http2-download
-http2-serverpush
-http2-upload
-imap-lsub
diff --git a/docs/examples/curlx.c b/docs/examples/curlx.c
index 714669b50..ccf91efae 100644
--- a/docs/examples/curlx.c
+++ b/docs/examples/curlx.c
@@ -183,7 +183,7 @@ static unsigned char *my_get_ext(X509 *cert, const int type,
/* This is an application verification call back, it does not
perform any addition verification but tries to find a URL
- in the presented certificat. If found, this will become
+ in the presented certificate. If found, this will become
the URL to be used in the POST.
*/
diff --git a/docs/examples/debug.c b/docs/examples/debug.c
index 8f77e1243..5f5a67bb5 100644
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@@ -44,12 +44,12 @@ void dump(const char *text,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stream, "%s, %10.10ld bytes (0x%8.8lx)\n",
- text, (long)size, (long)size);
+ fprintf(stream, "%s, %10.10lu bytes (0x%8.8lx)\n",
+ text, size, size);
for(i = 0; i<size; i += width) {
- fprintf(stream, "%4.4lx: ", (long)i);
+ fprintf(stream, "%4.4lx: ", i);
if(!nohex) {
/* hex not disabled, show it */
diff --git a/docs/examples/evhiperfifo.c b/docs/examples/evhiperfifo.c
index c41c21f90..8673724b8 100644
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@@ -336,7 +336,6 @@ static void new_conn(char *url, GlobalInfo *g)
CURLMcode rc;
conn = calloc(1, sizeof(ConnInfo));
- memset(conn, 0, sizeof(ConnInfo));
conn->error[0]='\0';
conn->easy = curl_easy_init();
diff --git a/docs/examples/fopen.c b/docs/examples/fopen.c
index 590f41a85..44be4618d 100644
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@@ -237,12 +237,10 @@ URL_FILE *url_fopen(const char *url, const char
*operation)
URL_FILE *file;
(void)operation;
- file = malloc(sizeof(URL_FILE));
+ file = calloc(1, sizeof(URL_FILE));
if(!file)
return NULL;
- memset(file, 0, sizeof(URL_FILE));
-
file->handle.file = fopen(url, operation);
if(file->handle.file)
file->type = CFTYPE_FILE; /* marked as URL */
diff --git a/docs/examples/getinmemory.c b/docs/examples/getinmemory.c
index 2ca2c0e20..bda3c538d 100644
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -100,7 +100,7 @@ int main(void)
* Do something nice with it!
*/
- printf("%lu bytes retrieved\n", (long)chunk.size);
+ printf("%lu bytes retrieved\n", chunk.size);
}
/* cleanup curl stuff */
diff --git a/docs/examples/hiperfifo.c b/docs/examples/hiperfifo.c
index a502d48f0..eddeccd58 100644
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -66,10 +66,17 @@ callback.
#include <sys/poll.h>
#include <gnurl/curl.h>
#include <event2/event.h>
+#include <event2/event_struct.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <errno.h>
+#include <sys/cdefs.h>
+#ifdef __GNUC__
+#define _Unused __attribute__((unused))
+#else
+#define _Unused
+#endif
#define MSG_OUT stdout /* Send info to stdout, change to stderr if you want */
@@ -78,11 +85,12 @@ callback.
typedef struct _GlobalInfo
{
struct event_base *evbase;
- struct event *fifo_event;
- struct event *timer_event;
+ struct event fifo_event;
+ struct event timer_event;
CURLM *multi;
int still_running;
FILE *input;
+ int stopped;
} GlobalInfo;
@@ -103,16 +111,42 @@ typedef struct _SockInfo
CURL *easy;
int action;
long timeout;
- struct event *ev;
- int evset;
+ struct event ev;
GlobalInfo *global;
} SockInfo;
+#define __case(code) \
+ case code: s = __STRING(code)
+
+/* Die if we get a bad CURLMcode somewhere */
+static void mcode_or_die(const char *where, CURLMcode code)
+{
+ if(CURLM_OK != code) {
+ const char *s;
+ switch(code) {
+ __case(CURLM_BAD_HANDLE); break;
+ __case(CURLM_BAD_EASY_HANDLE); break;
+ __case(CURLM_OUT_OF_MEMORY); break;
+ __case(CURLM_INTERNAL_ERROR); break;
+ __case(CURLM_UNKNOWN_OPTION); break;
+ __case(CURLM_LAST); break;
+ default: s = "CURLM_unknown"; break;
+ __case(CURLM_BAD_SOCKET);
+ fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s);
+ /* ignore this error */
+ return;
+ }
+ fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s);
+ exit(code);
+ }
+}
+
+
/* Update the event timer after curl_multi library calls */
-static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
+static int multi_timer_cb(CURLM *multi _Unused, long timeout_ms, GlobalInfo *g)
{
struct timeval timeout;
- (void)multi; /* unused */
+ CURLMcode rc;
timeout.tv_sec = timeout_ms/1000;
timeout.tv_usec = (timeout_ms%1000)*1000;
@@ -127,36 +161,19 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms,
GlobalInfo *g)
* for all other values of timeout_ms, this should set or *update*
* the timer to the new value
*/
- evtimer_add(g->timer_event, &timeout);
- return 0;
-}
-
-/* Die if we get a bad CURLMcode somewhere */
-static void mcode_or_die(const char *where, CURLMcode code)
-{
- if(CURLM_OK != code) {
- const char *s;
- switch(code) {
- case CURLM_BAD_HANDLE: s = "CURLM_BAD_HANDLE"; break;
- case CURLM_BAD_EASY_HANDLE: s = "CURLM_BAD_EASY_HANDLE"; break;
- case CURLM_OUT_OF_MEMORY: s = "CURLM_OUT_OF_MEMORY"; break;
- case CURLM_INTERNAL_ERROR: s = "CURLM_INTERNAL_ERROR"; break;
- case CURLM_UNKNOWN_OPTION: s = "CURLM_UNKNOWN_OPTION"; break;
- case CURLM_LAST: s = "CURLM_LAST"; break;
- default: s = "CURLM_unknown";
- break;
- case CURLM_BAD_SOCKET: s = "CURLM_BAD_SOCKET";
- fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s);
- /* ignore this error */
- return;
- }
- fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s);
- exit(code);
+ if(timeout_ms == 0) {
+ rc = curl_multi_socket_action(g->multi,
+ CURL_SOCKET_TIMEOUT, 0, &g->still_running);
+ mcode_or_die("multi_timer_cb: curl_multi_socket_action", rc);
}
+ else if(timeout_ms == -1)
+ evtimer_del(&g->timer_event);
+ else
+ evtimer_add(&g->timer_event, &timeout);
+ return 0;
}
-
/* Check for completed transfers, and remove their easy handles */
static void check_multi_info(GlobalInfo *g)
{
@@ -181,6 +198,8 @@ static void check_multi_info(GlobalInfo *g)
free(conn);
}
}
+ if(g->still_running == 0 && g->stopped)
+ event_base_loopbreak(g->evbase);
}
@@ -201,8 +220,8 @@ static void event_cb(int fd, short kind, void *userp)
check_multi_info(g);
if(g->still_running <= 0) {
fprintf(MSG_OUT, "last transfer done, kill timeout\n");
- if(evtimer_pending(g->timer_event, NULL)) {
- evtimer_del(g->timer_event);
+ if(evtimer_pending(&g->timer_event, NULL)) {
+ evtimer_del(&g->timer_event);
}
}
}
@@ -210,12 +229,10 @@ static void event_cb(int fd, short kind, void *userp)
/* Called by libevent when our timeout expires */
-static void timer_cb(int fd, short kind, void *userp)
+static void timer_cb(int fd _Unused, short kind _Unused, void *userp)
{
GlobalInfo *g = (GlobalInfo *)userp;
CURLMcode rc;
- (void)fd;
- (void)kind;
rc = curl_multi_socket_action(g->multi,
CURL_SOCKET_TIMEOUT, 0, &g->still_running);
@@ -229,8 +246,7 @@ static void timer_cb(int fd, short kind, void *userp)
static void remsock(SockInfo *f)
{
if(f) {
- if(f->evset)
- event_free(f->ev);
+ event_del(&f->ev);
free(f);
}
}
@@ -247,11 +263,9 @@ static void setsock(SockInfo *f, curl_socket_t s, CURL *e,
int act,
f->sockfd = s;
f->action = act;
f->easy = e;
- if(f->evset)
- event_free(f->ev);
- f->ev = event_new(g->evbase, f->sockfd, kind, event_cb, g);
- f->evset = 1;
- event_add(f->ev, NULL);
+ event_del(&f->ev);
+ event_assign(&f->ev, g->evbase, f->sockfd, kind, event_cb, g);
+ event_add(&f->ev, NULL);
}
@@ -297,23 +311,21 @@ static int sock_cb(CURL *e, curl_socket_t s, int what,
void *cbp, void *sockp)
/* CURLOPT_WRITEFUNCTION */
-static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *data)
+static size_t write_cb(void *ptr _Unused, size_t size, size_t nmemb,
+ void *data)
{
size_t realsize = size * nmemb;
- ConnInfo *conn = (ConnInfo*) data;
- (void)ptr;
- (void)conn;
+ ConnInfo *conn _Unused = (ConnInfo*) data;
+
return realsize;
}
/* CURLOPT_PROGRESSFUNCTION */
-static int prog_cb(void *p, double dltotal, double dlnow, double ult,
- double uln)
+static int prog_cb(void *p, double dltotal, double dlnow, double ult _Unused,
+ double uln _Unused)
{
ConnInfo *conn = (ConnInfo *)p;
- (void)ult;
- (void)uln;
fprintf(MSG_OUT, "Progress: %s (%g/%g)\n", conn->url, dlnow, dltotal);
return 0;
@@ -327,7 +339,6 @@ static void new_conn(char *url, GlobalInfo *g)
CURLMcode rc;
conn = calloc(1, sizeof(ConnInfo));
- memset(conn, 0, sizeof(ConnInfo));
conn->error[0]='\0';
conn->easy = curl_easy_init();
@@ -346,6 +357,7 @@ static void new_conn(char *url, GlobalInfo *g)
curl_easy_setopt(conn->easy, CURLOPT_NOPROGRESS, 0L);
curl_easy_setopt(conn->easy, CURLOPT_PROGRESSFUNCTION, prog_cb);
curl_easy_setopt(conn->easy, CURLOPT_PROGRESSDATA, conn);
+ curl_easy_setopt(conn->easy, CURLOPT_FOLLOWLOCATION, 1L);
fprintf(MSG_OUT,
"Adding easy %p to multi %p (%s)\n", conn->easy, g->multi, url);
rc = curl_multi_add_handle(g->multi, conn->easy);
@@ -356,21 +368,25 @@ static void new_conn(char *url, GlobalInfo *g)
}
/* This gets called whenever data is received from the fifo */
-static void fifo_cb(int fd, short event, void *arg)
+static void fifo_cb(int fd _Unused, short event _Unused, void *arg)
{
char s[1024];
long int rv = 0;
int n = 0;
GlobalInfo *g = (GlobalInfo *)arg;
- (void)fd; /* unused */
- (void)event; /* unused */
do {
s[0]='\0';
rv = fscanf(g->input, "%1023s%n", s, &n);
s[n]='\0';
if(n && s[0]) {
- new_conn(s, arg); /* if we read a URL, go get it! */
+ if(!strcmp(s, "stop")) {
+ g->stopped = 1;
+ if(g->still_running == 0)
+ event_base_loopbreak(g->evbase);
+ }
+ else
+ new_conn(s, arg); /* if we read a URL, go get it! */
}
else
break;
@@ -405,29 +421,28 @@ static int init_fifo(GlobalInfo *g)
g->input = fdopen(sockfd, "r");
fprintf(MSG_OUT, "Now, pipe some URL's into > %s\n", fifo);
- g->fifo_event = event_new(g->evbase, sockfd, EV_READ|EV_PERSIST, fifo_cb, g);
- event_add(g->fifo_event, NULL);
+ event_assign(&g->fifo_event, g->evbase, sockfd, EV_READ|EV_PERSIST,
+ fifo_cb, g);
+ event_add(&g->fifo_event, NULL);
return (0);
}
static void clean_fifo(GlobalInfo *g)
{
- event_free(g->fifo_event);
+ event_del(&g->fifo_event);
fclose(g->input);
unlink(fifo);
}
-int main(int argc, char **argv)
+int main(int argc _Unused, char **argv _Unused)
{
GlobalInfo g;
- (void)argc;
- (void)argv;
memset(&g, 0, sizeof(GlobalInfo));
g.evbase = event_base_new();
init_fifo(&g);
g.multi = curl_multi_init();
- g.timer_event = evtimer_new(g.evbase, timer_cb, &g);
+ evtimer_assign(&g.timer_event, g.evbase, timer_cb, &g);
/* setup the generic multi interface options we want */
curl_multi_setopt(g.multi, CURLMOPT_SOCKETFUNCTION, sock_cb);
@@ -443,7 +458,7 @@ int main(int argc, char **argv)
/* this, of course, won't get called since only way to stop this program is
via ctrl-C, but it is here to show how cleanup /would/ be done. */
clean_fifo(&g);
- event_free(g.timer_event);
+ event_del(&g.timer_event);
event_base_free(g.evbase);
curl_multi_cleanup(g.multi);
return 0;
diff --git a/docs/examples/http2-download.c b/docs/examples/http2-download.c
index 0a8847b3e..38e873d4f 100644
--- a/docs/examples/http2-download.c
+++ b/docs/examples/http2-download.c
@@ -71,12 +71,12 @@ void dump(const char *text, int num, unsigned char *ptr,
size_t size,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n",
- num, text, (long)size, (long)size);
+ fprintf(stderr, "%d %s, %lu bytes (0x%lx)\n",
+ num, text, size, size);
for(i = 0; i<size; i += width) {
- fprintf(stderr, "%4.4lx: ", (long)i);
+ fprintf(stderr, "%4.4lx: ", i);
if(!nohex) {
/* hex not disabled, show it */
diff --git a/docs/examples/http2-serverpush.c b/docs/examples/http2-serverpush.c
index 9ad621b97..411f169ab 100644
--- a/docs/examples/http2-serverpush.c
+++ b/docs/examples/http2-serverpush.c
@@ -51,12 +51,12 @@ void dump(const char *text, unsigned char *ptr, size_t size,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stderr, "%s, %ld bytes (0x%lx)\n",
- text, (long)size, (long)size);
+ fprintf(stderr, "%s, %lu bytes (0x%lx)\n",
+ text, size, size);
for(i = 0; i<size; i += width) {
- fprintf(stderr, "%4.4lx: ", (long)i);
+ fprintf(stderr, "%4.4lx: ", i);
if(!nohex) {
/* hex not disabled, show it */
@@ -180,12 +180,12 @@ static int server_push_callback(CURL *parent,
/* write to this file */
curl_easy_setopt(easy, CURLOPT_WRITEDATA, out);
- fprintf(stderr, "**** push callback approves stream %u, got %d headers!\n",
- count, (int)num_headers);
+ fprintf(stderr, "**** push callback approves stream %u, got %lu headers!\n",
+ count, num_headers);
for(i = 0; i<num_headers; i++) {
headp = curl_pushheader_bynum(headers, i);
- fprintf(stderr, "**** header %u: %s\n", (int)i, headp);
+ fprintf(stderr, "**** header %lu: %s\n", i, headp);
}
headp = curl_pushheader_byname(headers, ":path");
diff --git a/docs/examples/http2-upload.c b/docs/examples/http2-upload.c
index a2561fe7e..95bf861f4 100644
--- a/docs/examples/http2-upload.c
+++ b/docs/examples/http2-upload.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -72,12 +72,12 @@ void dump(const char *text, int num, unsigned char *ptr,
size_t size,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n",
- num, text, (long)size, (long)size);
+ fprintf(stderr, "%d %s, %lu bytes (0x%lx)\n",
+ num, text, size, size);
for(i = 0; i<size; i += width) {
- fprintf(stderr, "%4.4lx: ", (long)i);
+ fprintf(stderr, "%4.4lx: ", i);
if(!nohex) {
/* hex not disabled, show it */
@@ -113,7 +113,7 @@ int my_trace(CURL *handle, curl_infotype type,
char *data, size_t size,
void *userp)
{
- char timebuf[20];
+ char timebuf[60];
const char *text;
int num = hnd2num(handle);
static time_t epoch_offset;
diff --git a/docs/examples/multi-debugcallback.c
b/docs/examples/multi-debugcallback.c
index 82ca5cb0f..c4f340d11 100644
--- a/docs/examples/multi-debugcallback.c
+++ b/docs/examples/multi-debugcallback.c
@@ -51,12 +51,12 @@ void dump(const char *text,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stream, "%s, %10.10ld bytes (0x%8.8lx)\n",
- text, (long)size, (long)size);
+ fprintf(stream, "%s, %10.10lu bytes (0x%8.8lx)\n",
+ text, size, size);
for(i = 0; i<size; i += width) {
- fprintf(stream, "%4.4lx: ", (long)i);
+ fprintf(stream, "%4.4lx: ", i);
if(!nohex) {
/* hex not disabled, show it */
diff --git a/docs/examples/sessioninfo.c b/docs/examples/sessioninfo.c
index bdc0c0b50..b1dd94ed7 100644
--- a/docs/examples/sessioninfo.c
+++ b/docs/examples/sessioninfo.c
@@ -63,7 +63,7 @@ static size_t wrfu(void *ptr, size_t size, size_t nmemb, void
*stream)
gnutls_x509_crt_import(cert, &chainp[i], GNUTLS_X509_FMT_DER)) {
if(GNUTLS_E_SUCCESS ==
gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &dn)) {
- fprintf(stderr, "Certificate #%d: %.*s", i, dn.size, dn.data);
+ fprintf(stderr, "Certificate #%u: %.*s", i, dn.size, dn.data);
gnutls_free(dn.data);
}
diff --git a/docs/examples/sftpuploadresume.c b/docs/examples/sftpuploadresume.c
index 032bcaffb..6e60c1e57 100644
--- a/docs/examples/sftpuploadresume.c
+++ b/docs/examples/sftpuploadresume.c
@@ -65,7 +65,7 @@ static curl_off_t sftpGetRemoteFileSize(const char
*i_remoteFile)
result = curl_easy_getinfo(curlHandlePtr,
CURLINFO_CONTENT_LENGTH_DOWNLOAD_T,
&remoteFileSizeByte);
- printf("filesize: %ld \n", remoteFileSizeByte);
+ printf("filesize: %" CURL_FORMAT_CURL_OFF_T "\n", remoteFileSizeByte);
}
curl_easy_cleanup(curlHandlePtr);
@@ -96,7 +96,11 @@ static int sftpResumeUpload(CURL *curlhandle, const char
*remotepath,
curl_easy_setopt(curlhandle, CURLOPT_READFUNCTION, readfunc);
curl_easy_setopt(curlhandle, CURLOPT_READDATA, f);
- fseek(f, remoteFileSizeByte, SEEK_SET);
+#ifdef _WIN32
+ _fseeki64(f, remoteFileSizeByte, SEEK_SET);
+#else
+ fseek(f, (long)remoteFileSizeByte, SEEK_SET);
+#endif
curl_easy_setopt(curlhandle, CURLOPT_APPEND, 1L);
result = curl_easy_perform(curlhandle);
diff --git a/docs/examples/shared-connection-cache.c
b/docs/examples/shared-connection-cache.c
index 1a75c5152..da1270377 100644
--- a/docs/examples/shared-connection-cache.c
+++ b/docs/examples/shared-connection-cache.c
@@ -20,7 +20,7 @@
*
***************************************************************************/
/* <DESC>
- * Connection cache shared between easy handles with the share inteface
+ * Connection cache shared between easy handles with the share interface
* </DESC>
*/
#include <stdio.h>
diff --git a/docs/libcurl/Makefile.am b/docs/libcurl/Makefile.am
index 39ec71ae7..cdc6e10bc 100644
--- a/docs/libcurl/Makefile.am
+++ b/docs/libcurl/Makefile.am
@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+# Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -38,7 +38,7 @@ dist_m4macro_DATA = libgnurl.m4
CLEANFILES = $(HTMLPAGES) $(PDFPAGES) $(TESTS) $(man_DISTMANS) \
libgnurl-symbols.3
-EXTRA_DIST = $(man_MANS) index.html ABI symbols-in-versions symbols.pl \
+EXTRA_DIST = $(man_MANS) ABI symbols-in-versions symbols.pl \
mksymbolsmanpage.pl CMakeLists.txt
MAN2HTML= roffit --mandir=. $< >$@
diff --git a/docs/libcurl/gnurl_easy_cleanup.3
b/docs/libcurl/gnurl_easy_cleanup.3
index 200323368..b399310a1 100644
--- a/docs/libcurl/gnurl_easy_cleanup.3
+++ b/docs/libcurl/gnurl_easy_cleanup.3
@@ -20,7 +20,7 @@
.\" *
.\" **************************************************************************
.\"
-.TH curl_easy_cleanup 3 "22 aug 2007" "libcurl 7.17.0" "libcurl Manual"
+.TH curl_easy_cleanup 3 "22 Aug 2007" "libcurl 7.17.0" "libcurl Manual"
.SH NAME
curl_easy_cleanup - End a libcurl easy handle
.SH SYNOPSIS
diff --git a/docs/libcurl/gnurl_easy_perform.3
b/docs/libcurl/gnurl_easy_perform.3
index b8c1252b3..7d0e60c8c 100644
--- a/docs/libcurl/gnurl_easy_perform.3
+++ b/docs/libcurl/gnurl_easy_perform.3
@@ -54,7 +54,7 @@ While the \fBeasy_handle\fP is added to a multi handle, it
cannot be used by
\fIcurl_easy_perform(3)\fP.
.SH RETURN VALUE
CURLE_OK (0) means everything was ok, non-zero means an error occurred as
-.I <curl/curl.h>
+.I <gnurl/curl.h>
defines - see \fIlibcurl-errors(3)\fP. If the \fICURLOPT_ERRORBUFFER(3)\fP was
set with \fIcurl_easy_setopt(3)\fP there will be a readable error message in
the error buffer when non-zero is returned.
diff --git a/docs/libcurl/gnurl_easy_setopt.3 b/docs/libcurl/gnurl_easy_setopt.3
index cd05dd422..50983a647 100644
--- a/docs/libcurl/gnurl_easy_setopt.3
+++ b/docs/libcurl/gnurl_easy_setopt.3
@@ -185,6 +185,8 @@ Socks5 GSSAPI service name.
\fICURLOPT_SOCKS5_GSSAPI_SERVICE(3)\fP
Socks5 GSSAPI NEC mode. See \fICURLOPT_SOCKS5_GSSAPI_NEC(3)\fP
.IP CURLOPT_PROXY_SERVICE_NAME
Proxy authentication service name. \fICURLOPT_PROXY_SERVICE_NAME(3)\fP
+.IP CURLOPT_HAPROXYPROTOCOL
+Send an HAProxy PROXY protocol header. See \fICURLOPT_HAPROXYPROTOCOL(3)\fP
.IP CURLOPT_SERVICE_NAME
Authentication service name. \fICURLOPT_SERVICE_NAME(3)\fP
.IP CURLOPT_INTERFACE
@@ -272,9 +274,9 @@ Maximum number of redirects to follow. See
\fICURLOPT_MAXREDIRS(3)\fP
.IP CURLOPT_POSTREDIR
How to act on redirects after POST. See \fICURLOPT_POSTREDIR(3)\fP
.IP CURLOPT_PUT
-Issue a HTTP PUT request. See \fICURLOPT_PUT(3)\fP
+Issue an HTTP PUT request. See \fICURLOPT_PUT(3)\fP
.IP CURLOPT_POST
-Issue a HTTP POST request. See \fICURLOPT_POST(3)\fP
+Issue an HTTP POST request. See \fICURLOPT_POST(3)\fP
.IP CURLOPT_POSTFIELDS
Send a POST with this data. See \fICURLOPT_POSTFIELDS(3)\fP
.IP CURLOPT_POSTFIELDSIZE
@@ -308,7 +310,7 @@ Start a new cookie session. See
\fICURLOPT_COOKIESESSION(3)\fP
.IP CURLOPT_COOKIELIST
Add or control cookies. See \fICURLOPT_COOKIELIST(3)\fP
.IP CURLOPT_HTTPGET
-Do a HTTP GET request. See \fICURLOPT_HTTPGET(3)\fP
+Do an HTTP GET request. See \fICURLOPT_HTTPGET(3)\fP
.IP CURLOPT_REQUEST_TARGET
Set the request target. \fICURLOPT_REQUEST_TARGET(3)\fP
.IP CURLOPT_HTTP_VERSION
@@ -466,6 +468,8 @@ Bind name resolves to this IP4 address. See
\fICURLOPT_DNS_LOCAL_IP4(3)\fP
Bind name resolves to this IP6 address. See \fICURLOPT_DNS_LOCAL_IP6(3)\fP
.IP CURLOPT_DNS_SERVERS
Preferred DNS servers. See \fICURLOPT_DNS_SERVERS(3)\fP
+.IP CURLOPT_DNS_SHUFFLE_ADDRESSES
+Shuffle addresses before use. See \fICURLOPT_DNS_SHUFFLE_ADDRESSES(3)\fP
.IP CURLOPT_ACCEPTTIMEOUT_MS
Timeout for waiting for the server's connect back to be accepted. See
\fICURLOPT_ACCEPTTIMEOUT_MS(3)\fP
.IP CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
@@ -585,7 +589,7 @@ Mode for creating new remote directories. See
\fICURLOPT_NEW_DIRECTORY_PERMS(3)\
TELNET options. See \fICURLOPT_TELNETOPTIONS(3)\fP
.SH RETURN VALUE
\fICURLE_OK\fP (zero) means that the option was set properly, non-zero means an
-error occurred as \fI<curl/curl.h>\fP defines. See the \fIlibcurl-errors(3)\fP
+error occurred as \fI<gnurl/curl.h>\fP defines. See the \fIlibcurl-errors(3)\fP
man page for the full list with descriptions.
If you try to set an option that libcurl doesn't know about, perhaps because
diff --git a/docs/libcurl/gnurl_formadd.3 b/docs/libcurl/gnurl_formadd.3
index b1215eae1..b2108c520 100644
--- a/docs/libcurl/gnurl_formadd.3
+++ b/docs/libcurl/gnurl_formadd.3
@@ -179,7 +179,7 @@ determined, resulting in a chunked encoding transfer.
.SH RETURN VALUE
0 means everything was ok, non-zero means an error occurred corresponding
to a CURL_FORMADD_* constant defined in
-.I <curl/curl.h>
+.I <gnurl/curl.h>
.SH EXAMPLE
.nf
diff --git a/docs/libcurl/gnurl_global_init.3 b/docs/libcurl/gnurl_global_init.3
index f4cd5d6df..585c79af8 100644
--- a/docs/libcurl/gnurl_global_init.3
+++ b/docs/libcurl/gnurl_global_init.3
@@ -69,7 +69,7 @@ Initialize SSL.
The implication here is that if this bit is not set, the initialization of the
SSL layer needs to be done by the application or at least outside of
-libcurl. The exact procedure how to do SSL initializtion depends on the TLS
+libcurl. The exact procedure how to do SSL initialization depends on the TLS
backend libcurl uses.
Doing TLS based transfers without having the TLS layer initialized may lead to
diff --git a/docs/libcurl/gnurl_global_sslset.3
b/docs/libcurl/gnurl_global_sslset.3
index cee84458f..cdd80d64b 100644
--- a/docs/libcurl/gnurl_global_sslset.3
+++ b/docs/libcurl/gnurl_global_sslset.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -23,7 +23,7 @@
.SH NAME
curl_global_sslset - Select SSL backend to use with libcurl
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.nf
typedef struct {
@@ -64,6 +64,9 @@ CURLSSLSET_UNKNOWN_BACKEND and set the \fIavail\fP pointer to
the
NULL-terminated list of available backends. The available backends are those
that this particular build of libcurl supports.
+Since libcurl 7.60.0, the \fIavail\fP pointer will always be set to the list
+of alternatives if non-NULL.
+
Upon success, the function returns CURLSSLSET_OK.
If the specified SSL backend is not available, the function returns
@@ -84,7 +87,7 @@ support for choosing SSL backends at runtime.
.SH RETURN VALUE
If this function returns CURLSSLSET_OK, the backend was successfully selected.
-If the chosen backend is unknown (or support for the chosed backend has not
+If the chosen backend is unknown (or support for the chosen backend has not
been compiled into libcurl), the function returns
\fICURLSSLSET_UNKNOWN_BACKEND\fP.
If the backend had been configured previously, or if \fIcurl_global_init(3)\fP
diff --git a/docs/libcurl/gnurl_mime_addpart.3
b/docs/libcurl/gnurl_mime_addpart.3
index 22350668a..9b3eb272e 100644
--- a/docs/libcurl/gnurl_mime_addpart.3
+++ b/docs/libcurl/gnurl_mime_addpart.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_addpart - append a new empty part to a mime structure
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "curl_mimepart * curl_mime_addpart(curl_mime * " mime ");"
.ad
diff --git a/docs/libcurl/gnurl_mime_data.3 b/docs/libcurl/gnurl_mime_data.3
index d2112f2d4..93830ee54 100644
--- a/docs/libcurl/gnurl_mime_data.3
+++ b/docs/libcurl/gnurl_mime_data.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_data - set a mime part's body data from memory
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_data(curl_mimepart * " part ", const char * " data
.BI ", size_t " datasize ");"
diff --git a/docs/libcurl/gnurl_mime_data_cb.3
b/docs/libcurl/gnurl_mime_data_cb.3
index 105968a0e..d6d06153a 100644
--- a/docs/libcurl/gnurl_mime_data_cb.3
+++ b/docs/libcurl/gnurl_mime_data_cb.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_data_cb - set a callback-based data source for a mime part's body
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
size_t readfunc(char *buffer, size_t size, size_t nitems, void *arg);
.br
@@ -68,7 +68,7 @@ Your read function must then return the actual number of
bytes that it stored
in that memory area. Returning 0 will signal end-of-file to the library and
cause it to stop the current transfer.
-If you stop the current transfer by returning 0 "pre-maturely" (i.e before the
+If you stop the current transfer by returning 0 "pre-maturely" (i.e. before the
server expected it, like when you've said you will upload N bytes and you
upload less than N bytes), you may experience that the server "hangs" waiting
for the rest of the data that won't come.
diff --git a/docs/libcurl/gnurl_mime_encoder.3
b/docs/libcurl/gnurl_mime_encoder.3
index c17cf25b3..5e3fdad2d 100644
--- a/docs/libcurl/gnurl_mime_encoder.3
+++ b/docs/libcurl/gnurl_mime_encoder.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_encoder - set a mime part's encoder and content transfer encoding
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_encoder(curl_mimepart * " part ,
.BI "const char * " encoding ");"
diff --git a/docs/libcurl/gnurl_mime_filedata.3
b/docs/libcurl/gnurl_mime_filedata.3
index c7b76371a..5743d27bf 100644
--- a/docs/libcurl/gnurl_mime_filedata.3
+++ b/docs/libcurl/gnurl_mime_filedata.3
@@ -23,14 +23,14 @@
.SH NAME
curl_mime_filedata - set a mime part's body data from a file contents
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_filedata(curl_mimepart * " part ,
.BI " const char * " filename ");"
.ad
.SH DESCRIPTION
\fIcurl_mime_filedata(3)\fP sets a mime part's body content from the named
-file's contents. This is an alernative to \fIcurl_mime_data(3)\fP for setting
+file's contents. This is an alternative to \fIcurl_mime_data(3)\fP for setting
data to a mime part.
\fIpart\fP is the part's to assign contents to.
diff --git a/docs/libcurl/gnurl_mime_filename.3
b/docs/libcurl/gnurl_mime_filename.3
index 42916e598..6e7a698a1 100644
--- a/docs/libcurl/gnurl_mime_filename.3
+++ b/docs/libcurl/gnurl_mime_filename.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_filename - set a mime part's remote file name
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_filename(curl_mimepart * " part ,
.BI "const char * " filename ");"
diff --git a/docs/libcurl/gnurl_mime_free.3 b/docs/libcurl/gnurl_mime_free.3
index 9394b5748..48de206f6 100644
--- a/docs/libcurl/gnurl_mime_free.3
+++ b/docs/libcurl/gnurl_mime_free.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_free - free a previously built mime structure
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "void curl_mime_free(curl_mime *" mime);
.ad
diff --git a/docs/libcurl/gnurl_mime_headers.3
b/docs/libcurl/gnurl_mime_headers.3
index 1d02e1ee5..ca56f3da2 100644
--- a/docs/libcurl/gnurl_mime_headers.3
+++ b/docs/libcurl/gnurl_mime_headers.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_headers - set a mime part's custom headers
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_headers(curl_mimepart * " part ,
.BI "struct curl_slist * " headers ", int " take_ownership ");"
diff --git a/docs/libcurl/gnurl_mime_init.3 b/docs/libcurl/gnurl_mime_init.3
index 469f02b7c..c5f0fec5e 100644
--- a/docs/libcurl/gnurl_mime_init.3
+++ b/docs/libcurl/gnurl_mime_init.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_init - create a mime handle
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "curl_mime * curl_mime_init(CURL * " easy_handle ");"
.ad
diff --git a/docs/libcurl/gnurl_mime_name.3 b/docs/libcurl/gnurl_mime_name.3
index f821d9082..45512a9bb 100644
--- a/docs/libcurl/gnurl_mime_name.3
+++ b/docs/libcurl/gnurl_mime_name.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_name - set a mime part's name
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_name(curl_mimepart * " part ", const char * " name ");"
.ad
diff --git a/docs/libcurl/gnurl_mime_subparts.3
b/docs/libcurl/gnurl_mime_subparts.3
index d5d46febb..3ad24a8f8 100644
--- a/docs/libcurl/gnurl_mime_subparts.3
+++ b/docs/libcurl/gnurl_mime_subparts.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_subparts - set subparts of a multipart mime part
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_subparts(curl_mimepart * " part ,
.BI "curl_mime * " subparts ");"
diff --git a/docs/libcurl/gnurl_mime_type.3 b/docs/libcurl/gnurl_mime_type.3
index 59841d5bd..b01e2921f 100644
--- a/docs/libcurl/gnurl_mime_type.3
+++ b/docs/libcurl/gnurl_mime_type.3
@@ -23,7 +23,7 @@
.SH NAME
curl_mime_type - set a mime part's content type
.SH SYNOPSIS
-.B #include <curl/curl.h>
+.B #include <gnurl/curl.h>
.sp
.BI "CURLcode curl_mime_type(curl_mimepart * " part ,
.BI "const char * " mimetype ");"
@@ -45,7 +45,7 @@ a default mime type is determined by the context:
.br
- If set as a custom header, use this value.
.br
-- application/form-data for a HTTP form post.
+- application/form-data for an HTTP form post.
.br
- If a remote file name is set, the mime type is taken from the file name
extension, or application/octet-stream by default.
diff --git a/docs/libcurl/gnurl_share_cleanup.3
b/docs/libcurl/gnurl_share_cleanup.3
index 684d3f635..32e1f38d4 100644
--- a/docs/libcurl/gnurl_share_cleanup.3
+++ b/docs/libcurl/gnurl_share_cleanup.3
@@ -33,7 +33,7 @@ when this function has been called.
.SH RETURN VALUE
CURLSHE_OK (zero) means that the option was set properly, non-zero means an
-error occurred as \fI<curl/curl.h>\fP defines. See the \fIlibcurl-errors.3\fP
+error occurred as \fI<gnurl/curl.h>\fP defines. See the \fIlibcurl-errors.3\fP
man page for the full list with descriptions. If an error occurs, then the
share object will not be deleted.
.SH "SEE ALSO"
diff --git a/docs/libcurl/gnurl_share_setopt.3
b/docs/libcurl/gnurl_share_setopt.3
index d903f49a4..31ce44a19 100644
--- a/docs/libcurl/gnurl_share_setopt.3
+++ b/docs/libcurl/gnurl_share_setopt.3
@@ -97,7 +97,7 @@ The \fIparameter\fP allows you to specify a pointer to data
that will be passed
to the lock_function and unlock_function each time it is called.
.SH RETURN VALUE
CURLSHE_OK (zero) means that the option was set properly, non-zero means an
-error occurred as \fI<curl/curl.h>\fP defines. See the \fIlibcurl-errors.3\fP
+error occurred as \fI<gnurl/curl.h>\fP defines. See the \fIlibcurl-errors.3\fP
man page for the full list with descriptions.
.SH "SEE ALSO"
.BR curl_share_cleanup "(3), " curl_share_init "(3)"
diff --git a/docs/libcurl/gnurl_version_info.3
b/docs/libcurl/gnurl_version_info.3
index 3d1d0d88a..b7a82e037 100644
--- a/docs/libcurl/gnurl_version_info.3
+++ b/docs/libcurl/gnurl_version_info.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -169,8 +169,9 @@ libcurl was built with multiple SSL backends. For details,
see
.IP CURL_VERSION_BROTLI
supports HTTP Brotli content encoding using libbrotlidec (Added in 7.57.0)
.RE
-\fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl
-has no SSL support, this is NULL.
+\fIssl_version\fP is an ASCII string for the TLS library name + version
+used. If libcurl has no SSL support, this is NULL. For example "WinSSL",
+\&"SecureTransport" or "OpenSSL/1.1.0g".
\fIssl_version_num\fP is always 0.
diff --git a/docs/libcurl/index.html b/docs/libcurl/index.html
deleted file mode 100644
index f46cc85f7..000000000
--- a/docs/libcurl/index.html
+++ /dev/null
@@ -1,71 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd";>
-<html><head>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-<title>Index to libcurl documentation</title>
-</head>
-
-<body>
-<h1 align="center">Index to libcurl documentation</h1>
-
-<h2>Programs</h2>
-<p><a href="../index.html">curl and tools</a>
-
-<h2>Overviews</h2>
-<A HREF="libcurl.html">libcurl</A>
-<br><a href="libcurl-easy.html">libcurl-easy</a>
-<br><a href="libcurl-multi.html">libcurl-multi</a>
-<br><a href="libcurl-share.html">libcurl-share</a>
-<br><a href="libcurl-errors.html">libcurl-errors</a>
-<br><a href="libcurl-tutorial.html">libcurl-tutorial</a>
-<br><a href="libcurl-thread.html">libcurl-thread</a>
-
-<H2>Library Functions (A-Z)</H2>
-<a href="curl_easy_cleanup.html">curl_easy_cleanup</A>
-<br><a href="curl_easy_duphandle.html">curl_easy_duphandle</A>
-<br><a href="curl_easy_escape.html">curl_easy_escape</A>
-<br><a href="curl_easy_getinfo.html">curl_easy_getinfo</A>
-<br><a href="curl_easy_init.html">curl_easy_init</A>
-<br><a href="curl_easy_pause.html">curl_easy_pause</A>
-<br><a href="curl_easy_perform.html">curl_easy_perform</A>
-<br><a href="curl_easy_recv.html">curl_easy_recv</A>
-<br><a href="curl_easy_reset.html">curl_easy_reset</A>
-<br><a href="curl_easy_send.html">curl_easy_send</A>
-<br><a href="curl_easy_setopt.html">curl_easy_setopt</A>
-<br><a href="curl_easy_strerror.html">curl_easy_strerror</A>
-<br><a href="curl_easy_unescape.html">curl_easy_unescape</A>
-<br><a href="curl_escape.html">curl_escape</A> (deprecated)
-<br><a href="curl_formadd.html">curl_formadd</A>
-<br><a href="curl_formfree.html">curl_formfree</A>
-<br><a href="curl_formget.html">curl_formget</A>
-<br><a href="curl_free.html">curl_free</A>
-<br><a href="curl_getdate.html">curl_getdate</A>
-<br><a href="curl_getenv.html">curl_getenv</A> (deprecated)
-<br><a href="curl_global_cleanup.html">curl_global_cleanup</A>
-<br><a href="curl_global_init.html">curl_global_init</A>
-<br><a href="curl_global_init_mem.html">curl_global_init_mem</A>
-<br><a href="curl_mprintf.html">curl_mprintf</A> (deprecated)
-<br><a href="curl_multi_add_handle.html">curl_multi_add_handle</a>
-<br><a href="curl_multi_assign.html">curl_multi_assign</a>
-<br><a href="curl_multi_cleanup.html">curl_multi_cleanup</a>
-<br><a href="curl_multi_fdset.html">curl_multi_fdset</a>
-<br><a href="curl_multi_info_read.html">curl_multi_info_read</a>
-<br><a href="curl_multi_init.html">curl_multi_init</a>
-<br><a href="curl_multi_perform.html">curl_multi_perform</a>
-<br><a href="curl_multi_remove_handle.html">curl_multi_remove_handle</a>
-<br><a href="curl_multi_setopt.html">curl_multi_setopt</a>
-<br><a href="curl_multi_socket.html">curl_multi_socket</a> (deprecated)
-<br><a href="curl_multi_socket_action.html">curl_multi_socket_action</a>
-<br><a href="curl_multi_strerror.html">curl_multi_strerror</a>
-<br><a href="curl_multi_timeout.html">curl_multi_timeout</a> (deprecated)
-<br><a href="curl_share_cleanup.html">curl_share_cleanup</A>
-<br><a href="curl_share_init.html">curl_share_init</A>
-<br><a href="curl_share_setopt.html">curl_share_setopt</A>
-<br><a href="curl_share_strerror.html">curl_share_strerror</a>
-<br><a href="curl_slist_append.html">curl_slist_append</A>
-<br><a href="curl_slist_free_all.html">curl_slist_free_all</A>
-<br><a href="curl_strequal.html">curl_strequal and curl_strnequal</A>
-<br><a href="curl_unescape.html">curl_unescape</A> (deprecated)
-<br><a href="curl_version.html">curl_version</A>
-<br><a href="curl_version_info.html">curl_version_info</A>
-
-</body></html>
diff --git a/docs/libcurl/libgnurl-env.3 b/docs/libcurl/libgnurl-env.3
index 7bab37f5f..3807e662e 100644
--- a/docs/libcurl/libgnurl-env.3
+++ b/docs/libcurl/libgnurl-env.3
@@ -71,7 +71,7 @@ used to find the directory for NSS PKI database instead of
the built-in.
User name to use when invoking the ntlm-wb tool, if NTLMUSER and LOGNAME
weren't set.
.SH "Debug Variables"
-There's a set of variables only recognized and used if libcurl was buillt
+There's a set of variables only recognized and used if libcurl was built
"debug enabled", which should never be true for a library used in production.
.IP "CURL_GETHOSTNAME"
Debug-only variable.
diff --git a/docs/libcurl/libgnurl-security.3 b/docs/libcurl/libgnurl-security.3
index 377301ee0..25ae400fe 100644
--- a/docs/libcurl/libgnurl-security.3
+++ b/docs/libcurl/libgnurl-security.3
@@ -75,7 +75,7 @@ doesn't let snoopers see your password: Digest, CRAM-MD5,
Kerberos, SPNEGO or
NTLM authentication. Or even better: use authenticated protocols that protect
the entire connection and everything sent over it.
.SH "Un-authenticated Connections"
-Protocols that don't have any form of cryptographic authentication can not
+Protocols that don't have any form of cryptographic authentication cannot
with any certainty know that they communicate with the right remote server.
If your application is using a fixed scheme or fixed host name, it is not safe
diff --git a/docs/libcurl/libgnurl-tutorial.3 b/docs/libcurl/libgnurl-tutorial.3
index 741e08e4b..dd5d27555 100644
--- a/docs/libcurl/libgnurl-tutorial.3
+++ b/docs/libcurl/libgnurl-tutorial.3
@@ -290,7 +290,7 @@ at least briefly.
.SH "Upload Data to a Remote Site"
libcurl tries to keep a protocol independent approach to most transfers, thus
-uploading to a remote FTP site is very similar to uploading data to a HTTP
+uploading to a remote FTP site is very similar to uploading data to an HTTP
server with a PUT request.
Of course, first you either create an easy handle or you re-use one existing
@@ -517,7 +517,7 @@ and then a file with binary contents and uploads the whole
thing.
To post multiple files for a single form field, you must supply each file in
a separate part, all with the same field name. Although function
-\fIcurl_mime_subparts(3)\fP implements nested muti-parts, this way of
+\fIcurl_mime_subparts(3)\fP implements nested multi-parts, this way of
multiple files posting is deprecated by RFC 7578, chapter 4.3.
To set the data source from an already opened FILE pointer, use:
@@ -791,12 +791,12 @@ identified in the URL.
If you're using a SOCKS proxy, you may find that libcurl doesn't quite support
all operations through it.
-For HTTP proxies: the fact that the proxy is a HTTP proxy puts certain
+For HTTP proxies: the fact that the proxy is an HTTP proxy puts certain
restrictions on what can actually happen. A requested URL that might not be a
HTTP URL will be still be passed to the HTTP proxy to deliver back to
libcurl. This happens transparently, and an application may not need to
know. I say "may", because at times it is very important to understand that
-all operations over a HTTP proxy use the HTTP protocol. For example, you
+all operations over an HTTP proxy use the HTTP protocol. For example, you
can't invoke your own custom FTP commands or even proper FTP directory
listings.
@@ -816,7 +816,7 @@ If you want to, you can specify the host name only in the
\fICURLOPT_PROXYPORT(3)\fP.
Tell libcurl what kind of proxy it is with \fICURLOPT_PROXYTYPE(3)\fP (if not,
-it will default to assume a HTTP proxy):
+it will default to assume an HTTP proxy):
curl_easy_setopt(easyhandle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
@@ -852,11 +852,11 @@ variables, set the proxy name to "" - an empty string -
with
SSL is for secure point-to-point connections. This involves strong encryption
and similar things, which effectively makes it impossible for a proxy to
operate as a "man in between" which the proxy's task is, as previously
-discussed. Instead, the only way to have SSL work over a HTTP proxy is to ask
+discussed. Instead, the only way to have SSL work over an HTTP proxy is to ask
the proxy to tunnel trough everything without being able to check or fiddle
with the traffic.
-Opening an SSL connection over a HTTP proxy is therefore a matter of asking the
+Opening an SSL connection over an HTTP proxy is therefore a matter of asking
the
proxy for a straight connection to the target host on a specified port. This
is made with the HTTP request CONNECT. ("please mr proxy, connect me to that
remote host").
@@ -876,7 +876,7 @@ you or your application.
As tunneling opens a direct connection from your application to the remote
machine, it suddenly also re-introduces the ability to do non-HTTP
-operations over a HTTP proxy. You can in fact use things such as FTP
+operations over an HTTP proxy. You can in fact use things such as FTP
upload or FTP custom commands this way.
Again, this is often prevented by the administrators of proxies and is
@@ -1056,7 +1056,7 @@ you can tell libcurl to use 1.0 instead by doing
something like this:
Not all protocols are HTTP-like, and thus the above may not help you when
you want to make, for example, your FTP transfers to behave differently.
-Sending custom commands to a FTP server means that you need to send the
+Sending custom commands to an FTP server means that you need to send the
commands exactly as the FTP server expects them (RFC959 is a good guide
here), and you can only use commands that work on the control-connection
alone. All kinds of commands that require data interchange and thus need
@@ -1100,7 +1100,7 @@ combine with \fICURLOPT_NOBODY(3)\fP. If this option is
set, no actual file
content transfer will be performed.
.IP "FTP Custom CUSTOMREQUEST"
-If you do want to list the contents of a FTP directory using your own defined
+If you do want to list the contents of an FTP directory using your own defined
FTP command, \fICURLOPT_CUSTOMREQUEST(3)\fP will do just that. "NLST" is the
default one for listing directories but you're free to pass in your idea of a
good alternative.
diff --git a/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
b/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
index f418d13d7..0399e3b0d 100644
--- a/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
+++ b/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_DOWNLOAD_T.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_CONTENT_LENGTH_DOWNLOAD_T \- get content-length of download
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T,
curl_off_t *content_length);
@@ -48,7 +48,7 @@ if(curl) {
curl_off_t cl;
res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &cl);
if(!res) {
- printf("Size: " CURL_FORMAT_CURL_OFF_T "\\n", cl);
+ printf("Download size: %" CURL_FORMAT_CURL_OFF_T "\\n", cl);
}
}
}
diff --git a/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_UPLOAD_T.3
b/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_UPLOAD_T.3
index 04b7811f4..e6b715ef4 100644
--- a/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_UPLOAD_T.3
+++ b/docs/libcurl/opts/GNURLINFO_CONTENT_LENGTH_UPLOAD_T.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_CONTENT_LENGTH_UPLOAD_T \- get the specified size of the upload
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONTENT_LENGTH_UPLOAD_T,
curl_off_t *content_length);
@@ -47,7 +47,7 @@ if(curl) {
curl_off_t cl;
res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_UPLOAD_T, &cl);
if(!res) {
- printf("Size: " CURL_FORMAT_CURL_OFF_T "\\n", cl);
+ printf("Upload size: %" CURL_FORMAT_CURL_OFF_T "\\n", cl);
}
}
}
diff --git a/docs/libcurl/opts/GNURLINFO_COOKIELIST.3
b/docs/libcurl/opts/GNURLINFO_COOKIELIST.3
index f695f0cf2..48b20d532 100644
--- a/docs/libcurl/opts/GNURLINFO_COOKIELIST.3
+++ b/docs/libcurl/opts/GNURLINFO_COOKIELIST.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -56,9 +56,10 @@ if(curl) {
res = curl_easy_getinfo(curl, CURLINFO_COOKIELIST, &cookies);
if(!res && cookies) {
/* a linked list of cookies in cookie file format */
- while(cookies) {
- printf("%s", cookies->data);
- cookies = cookies->next;
+ struct curl_slist *each = cookies;
+ while(each) {
+ printf("%s", each->data);
+ each = each->next;
}
/* we must free these cookies when we're done */
curl_slist_free_all(cookies);
diff --git a/docs/libcurl/opts/GNURLINFO_FILETIME_T.3
b/docs/libcurl/opts/GNURLINFO_FILETIME_T.3
index d8853ccd2..abb2a6bde 100644
--- a/docs/libcurl/opts/GNURLINFO_FILETIME_T.3
+++ b/docs/libcurl/opts/GNURLINFO_FILETIME_T.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_FILETIME_T \- get the remote time of the retrieved document
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_FILETIME_T, curl_off_t
*timep);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLINFO_PROTOCOL.3
b/docs/libcurl/opts/GNURLINFO_PROTOCOL.3
index b82111876..638aefde5 100644
--- a/docs/libcurl/opts/GNURLINFO_PROTOCOL.3
+++ b/docs/libcurl/opts/GNURLINFO_PROTOCOL.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -24,12 +24,21 @@
.SH NAME
CURLINFO_PROTOCOL \- get the protocol used in the connection
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PROTOCOL, long *p);
.SH DESCRIPTION
-Pass a pointer to a long to receive the version used in the last http
connection.
-The returned value will be one of the CURLPROTO_* values.
+Pass a pointer to a long to receive the version used in the last http
+connection. The returned value will be exactly one of the CURLPROTO_* values:
+
+.nf
+CURLPROTO_DICT, CURLPROTO_FILE, CURLPROTO_FTP, CURLPROTO_FTPS,
+CURLPROTO_GOPHER, CURLPROTO_HTTP, CURLPROTO_HTTPS, CURLPROTO_IMAP,
+CURLPROTO_IMAPS, CURLPROTO_LDAP, CURLPROTO_LDAPS, CURLPROTO_POP3,
+CURLPROTO_POP3S, CURLPROTO_RTMP, CURLPROTO_RTMPE, CURLPROTO_RTMPS,
+CURLPROTO_RTMPT, CURLPROTO_RTMPTE, CURLPROTO_RTMPTS, CURLPROTO_RTSP,
+CURLPROTO_SCP, CURLPROTO_SFTP, CURLPROTO_SMB, CURLPROTO_SMBS, CURLPROTO_SMTP,
+CURLPROTO_SMTPS, CURLPROTO_TELNET, CURLPROTO_TFTP
.SH PROTOCOLS
All
.SH EXAMPLE
diff --git a/docs/libcurl/opts/GNURLINFO_PROXY_SSL_VERIFYRESULT.3
b/docs/libcurl/opts/GNURLINFO_PROXY_SSL_VERIFYRESULT.3
index b6ef7d13e..c148bf329 100644
--- a/docs/libcurl/opts/GNURLINFO_PROXY_SSL_VERIFYRESULT.3
+++ b/docs/libcurl/opts/GNURLINFO_PROXY_SSL_VERIFYRESULT.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_PROXY_SSL_VERIFYRESULT \- get the result of the proxy certificate
verification
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PROXY_SSL_VERIFYRESULT, long
*result);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLINFO_SCHEME.3
b/docs/libcurl/opts/GNURLINFO_SCHEME.3
index 38a3d15ba..acc501f6d 100644
--- a/docs/libcurl/opts/GNURLINFO_SCHEME.3
+++ b/docs/libcurl/opts/GNURLINFO_SCHEME.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_SCHEME \- get the URL scheme (sometimes called protocol) used in the
connection
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SCHEME, char **scheme);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLINFO_SIZE_DOWNLOAD_T.3
b/docs/libcurl/opts/GNURLINFO_SIZE_DOWNLOAD_T.3
index 834c6d6f0..ec92c979b 100644
--- a/docs/libcurl/opts/GNURLINFO_SIZE_DOWNLOAD_T.3
+++ b/docs/libcurl/opts/GNURLINFO_SIZE_DOWNLOAD_T.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_SIZE_DOWNLOAD_T \- get the number of downloaded bytes
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SIZE_DOWNLOAD_T, curl_off_t
*dlp);
.SH DESCRIPTION
@@ -49,7 +49,7 @@ if(curl) {
curl_off_t dl;
res = curl_easy_getinfo(curl, CURLINFO_SIZE_DOWNLOAD_T, &dl);
if(!res) {
- printf("Downloaded " CURL_FORMAT_CURL_OFF_T " bytes\\n", cl);
+ printf("Downloaded %" CURL_FORMAT_CURL_OFF_T " bytes\\n", dl);
}
}
}
diff --git a/docs/libcurl/opts/GNURLINFO_SIZE_UPLOAD_T.3
b/docs/libcurl/opts/GNURLINFO_SIZE_UPLOAD_T.3
index 2999be460..1c8e3f066 100644
--- a/docs/libcurl/opts/GNURLINFO_SIZE_UPLOAD_T.3
+++ b/docs/libcurl/opts/GNURLINFO_SIZE_UPLOAD_T.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_SIZE_UPLOAD_T \- get the number of uploaded bytes
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SIZE_UPLOAD_T, curl_off_t
*uploadp);
.SH DESCRIPTION
@@ -45,7 +45,7 @@ if(curl) {
curl_off_t ul;
res = curl_easy_getinfo(curl, CURLINFO_SIZE_UPLOAD_T, &ul);
if(!res) {
- printf("Uploaded " CURL_FORMAT_CURL_OFF_T " bytes\\n", ul);
+ printf("Uploaded %" CURL_FORMAT_CURL_OFF_T " bytes\\n", ul);
}
}
}
diff --git a/docs/libcurl/opts/GNURLINFO_SPEED_DOWNLOAD_T.3
b/docs/libcurl/opts/GNURLINFO_SPEED_DOWNLOAD_T.3
index 413389c80..6875f3a39 100644
--- a/docs/libcurl/opts/GNURLINFO_SPEED_DOWNLOAD_T.3
+++ b/docs/libcurl/opts/GNURLINFO_SPEED_DOWNLOAD_T.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_SPEED_DOWNLOAD_T \- get download speed
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SPEED_DOWNLOAD_T, curl_off_t
*speed);
.SH DESCRIPTION
@@ -44,7 +44,7 @@ if(curl) {
curl_off_t speed;
res = curl_easy_getinfo(curl, CURLINFO_SPEED_DOWNLOAD_T, &speed);
if(!res) {
- printf("Download speed " CURL_FORMAT_CURL_OFF_T " bytes/sec\\n", ul);
+ printf("Download speed %" CURL_FORMAT_CURL_OFF_T " bytes/sec\\n", speed);
}
}
}
diff --git a/docs/libcurl/opts/GNURLINFO_SPEED_UPLOAD_T.3
b/docs/libcurl/opts/GNURLINFO_SPEED_UPLOAD_T.3
index 36389b34b..3263b6344 100644
--- a/docs/libcurl/opts/GNURLINFO_SPEED_UPLOAD_T.3
+++ b/docs/libcurl/opts/GNURLINFO_SPEED_UPLOAD_T.3
@@ -24,7 +24,7 @@
.SH NAME
CURLINFO_SPEED_UPLOAD_T \- get upload speed
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SPEED_UPLOAD_T, curl_off_t
*speed);
.SH DESCRIPTION
@@ -44,7 +44,7 @@ if(curl) {
curl_off_t speed;
res = curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD_T, &speed);
if(!res) {
- printf("Upload speed " CURL_FORMAT_CURL_OFF_T " bytes/sec\\n", ul);
+ printf("Upload speed %" CURL_FORMAT_CURL_OFF_T " bytes/sec\\n", speed);
}
}
}
diff --git a/docs/libcurl/opts/GNURLINFO_SSL_VERIFYRESULT.3
b/docs/libcurl/opts/GNURLINFO_SSL_VERIFYRESULT.3
index 92e129437..6a138007c 100644
--- a/docs/libcurl/opts/GNURLINFO_SSL_VERIFYRESULT.3
+++ b/docs/libcurl/opts/GNURLINFO_SSL_VERIFYRESULT.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -31,6 +31,8 @@ CURLcode curl_easy_getinfo(CURL *handle,
CURLINFO_SSL_VERIFYRESULT, long *result
Pass a pointer to a long to receive the result of the server SSL certificate
verification that was requested (using the \fICURLOPT_SSL_VERIFYPEER(3)\fP
option.
+
+0 is a positive result. Non-zero is an error.
.SH PROTOCOLS
All using TLS
.SH EXAMPLE
@@ -43,12 +45,12 @@ if(curl) {
res = curl_easy_perform(curl);
curl_easy_getinfo(curl, CURLINFO_SSL_VERIFYRESULT, &verifyresult);
printf("The peer verification said %s\\n", verifyresult?
- "fine":"BAAAD");
+ "BAAAD":"fine");
curl_easy_cleanup(curl);
}
.fi
.SH AVAILABILITY
-Added in 7.5
+Added in 7.5. Only set by the OpenSSL/libressl/boringssl and NSS backends.
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
diff --git a/docs/libcurl/opts/GNURLOPT_ABSTRACT_UNIX_SOCKET.3
b/docs/libcurl/opts/GNURLOPT_ABSTRACT_UNIX_SOCKET.3
index 8b61854c0..b9ee4fff3 100644
--- a/docs/libcurl/opts/GNURLOPT_ABSTRACT_UNIX_SOCKET.3
+++ b/docs/libcurl/opts/GNURLOPT_ABSTRACT_UNIX_SOCKET.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_ABSTRACT_UNIX_SOCKET \- set an abstract Unix domain socket
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ABSTRACT_UNIX_SOCKET, char
*path);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3
b/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3
index b450833b1..b3af2c581 100644
--- a/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3
+++ b/docs/libcurl/opts/GNURLOPT_ACCEPT_ENCODING.3
@@ -30,7 +30,7 @@ CURLcode curl_easy_setopt(CURL *handle,
CURLOPT_ACCEPT_ENCODING, char *enc);
.SH DESCRIPTION
Pass a char * argument specifying what encoding you'd like.
-Sets the contents of the Accept-Encoding: header sent in a HTTP request, and
+Sets the contents of the Accept-Encoding: header sent in an HTTP request, and
enables decoding of a response when a Content-Encoding: header is received.
Three encodings are supported: \fIidentity\fP, meaning non-compressed,
\fIdeflate\fP which requests the server to compress its response using the
diff --git a/docs/libcurl/opts/GNURLOPT_CAINFO.3
b/docs/libcurl/opts/GNURLOPT_CAINFO.3
index c5d495b4e..054ec08d5 100644
--- a/docs/libcurl/opts/GNURLOPT_CAINFO.3
+++ b/docs/libcurl/opts/GNURLOPT_CAINFO.3
@@ -52,6 +52,11 @@ should not be set. If the option is not set, then curl will
use the
certificates in the system and user Keychain to verify the peer, which is the
preferred method of verifying the peer's certificate chain.
+(Schannel/WinSSL only) This option is supported for WinSSL in Windows 7 or
+later with libcurl 7.60 or later. This option is supported for backward
+compatibility with other SSL engines; instead it is recommended to use Windows'
+store of root certificates (the default for WinSSL).
+
The application does not have to keep the string around after setting this
option.
.SH DEFAULT
diff --git a/docs/libcurl/opts/GNURLOPT_CONNECT_TO.3
b/docs/libcurl/opts/GNURLOPT_CONNECT_TO.3
index 0effd5dc7..586d96278 100644
--- a/docs/libcurl/opts/GNURLOPT_CONNECT_TO.3
+++ b/docs/libcurl/opts/GNURLOPT_CONNECT_TO.3
@@ -9,7 +9,7 @@
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
-.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
@@ -70,7 +70,7 @@ the port in the request URL, because connecting to the host
and the port in
the request URL is the default behavior.
If an HTTP proxy is used for a request having a special "connect to" host or
-port, and the "connect to" host or port differs from the requests's host and
+port, and the "connect to" host or port differs from the request's host and
port, the HTTP proxy is automatically switched to tunnel mode for this
specific request. This is necessary because it is not possible to connect to a
specific host or port in normal (non-tunnel) mode.
diff --git a/docs/libcurl/opts/GNURLOPT_CUSTOMREQUEST.3
b/docs/libcurl/opts/GNURLOPT_CUSTOMREQUEST.3
index d0f03e185..31773f9f9 100644
--- a/docs/libcurl/opts/GNURLOPT_CUSTOMREQUEST.3
+++ b/docs/libcurl/opts/GNURLOPT_CUSTOMREQUEST.3
@@ -40,7 +40,7 @@ Restore to the internal default by setting this to NULL.
This option can be used to specify the request:
.IP HTTP
Instead of GET or HEAD when performing HTTP based requests. This is
-particularly useful, for example, for performing a HTTP DELETE request.
+particularly useful, for example, for performing an HTTP DELETE request.
For example:
diff --git a/docs/libcurl/opts/GNURLOPT_DNS_SHUFFLE_ADDRESSES.3
b/docs/libcurl/opts/GNURLOPT_DNS_SHUFFLE_ADDRESSES.3
new file mode 100644
index 000000000..94233626c
--- /dev/null
+++ b/docs/libcurl/opts/GNURLOPT_DNS_SHUFFLE_ADDRESSES.3
@@ -0,0 +1,69 @@
+.\" **************************************************************************
+.\" * _ _ ____ _
+.\" * Project ___| | | | _ \| |
+.\" * / __| | | | |_) | |
+.\" * | (__| |_| | _ <| |___
+.\" * \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_DNS_SHUFFLE_ADDRESSES 3 "3 March 2018" "libcurl 7.60.0"
"curl_easy_setopt options"
+.SH NAME
+CURLOPT_DNS_SHUFFLE_ADDRESSES \- Shuffle addresses when a hostname returns
more than one
+.SH SYNOPSIS
+.nf
+#include <gnurl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_SHUFFLE_ADDRESSES, long
onoff);
+.fi
+.SH DESCRIPTION
+When a name is resolved and more than one IP address is returned, shuffle the
+order of all returned addresses so that they will be used in a random order.
+This is similar to the ordering behavior of gethostbyname which is no longer
+used on most platforms.
+
+Addresses will not be reshuffled if a name resolution is completed using the
+DNS cache. \fICURLOPT_DNS_CACHE_TIMEOUT(3)\fP can be used together with this
+option to reduce DNS cache timeout or disable caching entirely if frequent
+reshuffling is needed.
+
+Since the addresses returned will be reordered randomly, their order will not
+be in accordance with RFC 3484 or any other deterministic order that may be
+generated by the system's name resolution implementation. This may have
+performance impacts and may cause IPv4 to be used before IPv6 or vice versa.
+.SH DEFAULT
+0 (disabled)
+.SH PROTOCOLS
+All
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com";);
+ curl_easy_setopt(curl, CURLOPT_DNS_SHUFFLE_ADDRESSES, 1L);
+
+ curl_easy_perform(curl);
+
+ /* always cleanup */
+ curl_easy_cleanup(curl);
+}
+.fi
+.SH AVAILABILITY
+Added in 7.60.0
+.SH RETURN VALUE
+CURLE_OK or an error such as CURLE_UNKNOWN_OPTION.
+.SH "SEE ALSO"
+.BR CURLOPT_DNS_CACHE_TIMEOUT "(3), " CURLOPT_IPRESOLVE "(3), "
diff --git a/docs/libcurl/opts/GNURLOPT_ERRORBUFFER.3
b/docs/libcurl/opts/GNURLOPT_ERRORBUFFER.3
index 361d37ba2..6d5bec81f 100644
--- a/docs/libcurl/opts/GNURLOPT_ERRORBUFFER.3
+++ b/docs/libcurl/opts/GNURLOPT_ERRORBUFFER.3
@@ -28,8 +28,8 @@ CURLOPT_ERRORBUFFER \- set error buffer for error messages
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ERRORBUFFER, char *buf);
.SH DESCRIPTION
-Pass a char * to a buffer that the libcurl may store human readable error
-messages in on failures or problems. This may be more helpful than just the
+Pass a char * to a buffer that libcurl \fBmay\fP store human readable error
+messages on failures or problems. This may be more helpful than just the
return code from \fIcurl_easy_perform(3)\fP and related functions. The buffer
\fBmust be at least CURL_ERROR_SIZE bytes big\fP.
@@ -38,11 +38,13 @@ it. Failing to do so will cause very odd behavior or even
crashes. libcurl
will need it until you call \fIcurl_easy_cleanup(3)\fP or you set the same
option again to use a different pointer.
+Do not rely on the contents of the buffer unless an error code was returned.
+Since 7.60.0 libcurl will initialize the contents of the error buffer to an
+empty string before performing the transfer. For earlier versions if an error
+code was returned but there was no error detail then the buffer is untouched.
+
Consider \fICURLOPT_VERBOSE(3)\fP and \fICURLOPT_DEBUGFUNCTION(3)\fP to better
debug and trace why errors happen.
-
-If the library does not return an error, the buffer may not have been
-touched. Do not rely on the contents in those cases.
.SH DEFAULT
NULL
.SH PROTOCOLS
diff --git a/docs/libcurl/opts/GNURLOPT_EXPECT_100_TIMEOUT_MS.3
b/docs/libcurl/opts/GNURLOPT_EXPECT_100_TIMEOUT_MS.3
index 00a4efd79..5f1fb1fdd 100644
--- a/docs/libcurl/opts/GNURLOPT_EXPECT_100_TIMEOUT_MS.3
+++ b/docs/libcurl/opts/GNURLOPT_EXPECT_100_TIMEOUT_MS.3
@@ -32,7 +32,7 @@ CURLcode curl_easy_setopt(CURL *handle,
CURLOPT_EXPECT_100_TIMEOUT_MS,
.SH DESCRIPTION
Pass a long to tell libcurl the number of \fImilliseconds\fP to wait for a
server response with the HTTP status 100 (Continue), 417 (Expectation Failed)
-or similar after sending a HTTP request containing an Expect: 100-continue
+or similar after sending an HTTP request containing an Expect: 100-continue
header. If this times out before a response is received, the request body is
sent anyway.
.SH DEFAULT
diff --git a/docs/libcurl/opts/GNURLOPT_FAILONERROR.3
b/docs/libcurl/opts/GNURLOPT_FAILONERROR.3
index 4fdce1521..936fbba76 100644
--- a/docs/libcurl/opts/GNURLOPT_FAILONERROR.3
+++ b/docs/libcurl/opts/GNURLOPT_FAILONERROR.3
@@ -55,7 +55,7 @@ if(curl) {
curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1L);
ret = curl_easy_perform(curl);
if(ret == CURLE_HTTP_RETURNED_ERROR) {
- /* a HTTP response error problem */
+ /* an HTTP response error problem */
}
}
.fi
diff --git a/docs/libcurl/opts/GNURLOPT_FOLLOWLOCATION.3
b/docs/libcurl/opts/GNURLOPT_FOLLOWLOCATION.3
index 8a04e894c..06982b901 100644
--- a/docs/libcurl/opts/GNURLOPT_FOLLOWLOCATION.3
+++ b/docs/libcurl/opts/GNURLOPT_FOLLOWLOCATION.3
@@ -29,7 +29,7 @@ CURLOPT_FOLLOWLOCATION \- follow HTTP 3xx redirects
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FOLLOWLOCATION, long enable);
.SH DESCRIPTION
A long parameter set to 1 tells the library to follow any Location: header
-that the server sends as part of a HTTP header in a 3xx response. The
+that the server sends as part of an HTTP header in a 3xx response. The
Location: header can specify a relative or an absolute URL to follow.
libcurl will issue another request for the new URL and follow new Location:
@@ -77,4 +77,4 @@ Returns CURLE_OK if HTTP is supported, and
CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
.BR CURLOPT_REDIR_PROTOCOLS "(3), " CURLOPT_PROTOCOLS "(3), "
.BR CURLOPT_POSTREDIR "(3), "
-.BR CURLINFO_REDIRECT_URL "(3), ", CURLINFO_REDIRECT_COUNT "(3), "
+.BR CURLINFO_REDIRECT_URL "(3), " CURLINFO_REDIRECT_COUNT "(3), "
diff --git a/docs/libcurl/opts/GNURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
b/docs/libcurl/opts/GNURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
index df6694877..8bb8bc633 100644
--- a/docs/libcurl/opts/GNURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
+++ b/docs/libcurl/opts/GNURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS \- head start for ipv6 for happy eyeballs
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS,
long timeout);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_SSL_ENABLE_NPN.3
b/docs/libcurl/opts/GNURLOPT_HAPROXYPROTOCOL.3
similarity index 64%
copy from docs/libcurl/opts/GNURLOPT_SSL_ENABLE_NPN.3
copy to docs/libcurl/opts/GNURLOPT_HAPROXYPROTOCOL.3
index 3a7746095..c5c8f10a4 100644
--- a/docs/libcurl/opts/GNURLOPT_SSL_ENABLE_NPN.3
+++ b/docs/libcurl/opts/GNURLOPT_HAPROXYPROTOCOL.3
@@ -20,34 +20,38 @@
.\" *
.\" **************************************************************************
.\"
-.TH CURLOPT_SSL_ENABLE_NPN 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt
options"
+.TH CURLOPT_HAPROXYPROTOCOL 3 "5 Feb 2018" "libcurl 7.60.0" "curl_easy_setopt
options"
.SH NAME
-CURLOPT_SSL_ENABLE_NPN \- enable NPN
+CURLOPT_HAPROXYPROTOCOL \- send HAProxy PROXY protocol header
.SH SYNOPSIS
#include <gnurl/curl.h>
-CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_ENABLE_NPN, long npn);
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HAPROXYPROTOCOL,
+ long haproxy_protocol);
.SH DESCRIPTION
-Pass a long as parameter, 0 or 1 where 1 is for enable and 0 for disable. This
-option enables/disables NPN in the SSL handshake (if the SSL backend libcurl
-is built to use supports it), which can be used to negotiate http2.
+A long parameter set to 1 tells the library to send an HAProxy PROXY
+protocol header at beginning of the connection. The default action is not to
+send this header.
+
+This option is primarily useful when sending test requests to a service that
+expects this header.
+
+Most applications do not need this option.
.SH DEFAULT
-1, enabled
+0, do not send HAProxy PROXY protocol header
.SH PROTOCOLS
HTTP
.SH EXAMPLE
.nf
CURL *curl = curl_easy_init();
if(curl) {
+ CURLcode ret;
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/";);
- curl_easy_setopt(curl, CURLOPT_SSL_ENABLE_NPN, 1L);
+ curl_easy_setopt(curl, CURLOPT_HAPROXYPROTOCOL, 1L);
ret = curl_easy_perform(curl);
- curl_easy_cleanup(curl);
}
.fi
.SH AVAILABILITY
-Added in 7.36.0
+Along with HTTP. Added in 7.60.0.
.SH RETURN VALUE
-Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
-.SH "SEE ALSO"
-.BR CURLOPT_SSL_ENABLE_ALPN "(3), " CURLOPT_SSL_OPTIONS "(3), "
+Returns CURLE_OK if HTTP is enabled, and CURLE_UNKNOWN_OPTION if not.
diff --git a/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3
b/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3
index e103d578d..6410fc736 100644
--- a/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_HEADERFUNCTION.3
@@ -65,7 +65,7 @@ response, you will need to collect headers in the callback
yourself and use
HTTP status lines, for example, to delimit response boundaries.
When a server sends a chunked encoded transfer, it may contain a trailer. That
-trailer is identical to a HTTP header and if such a trailer is received it is
+trailer is identical to an HTTP header and if such a trailer is received it is
passed to the application using this callback as well. There are several ways
to detect it being a trailer and not an ordinary header: 1) it comes after the
response-body. 2) it comes after the final header line (CR LF) 3) a Trailer:
diff --git a/docs/libcurl/opts/GNURLOPT_HEADEROPT.3
b/docs/libcurl/opts/GNURLOPT_HEADEROPT.3
index fb8279158..e78461994 100644
--- a/docs/libcurl/opts/GNURLOPT_HEADEROPT.3
+++ b/docs/libcurl/opts/GNURLOPT_HEADEROPT.3
@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl will send
\fICURLOPT_PROXYHEADER(3)\fP
headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to
the server.
.SH DEFAULT
-CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then)
+CURLHEADER_SEPARATE (changed in 7.42.1, used CURLHEADER_UNIFIED before then)
.SH PROTOCOLS
HTTP
.SH EXAMPLE
diff --git a/docs/libcurl/opts/GNURLOPT_HTTPAUTH.3
b/docs/libcurl/opts/GNURLOPT_HTTPAUTH.3
index e1b1a8ebc..e9ee9de2e 100644
--- a/docs/libcurl/opts/GNURLOPT_HTTPAUTH.3
+++ b/docs/libcurl/opts/GNURLOPT_HTTPAUTH.3
@@ -113,7 +113,7 @@ if(curl) {
.SH AVAILABILITY
Option Added in 7.10.6.
-CURLAUTH_DIGEST_IE was added added in 7.19.3
+CURLAUTH_DIGEST_IE was added in 7.19.3
CURLAUTH_ONLY was added in 7.21.3
diff --git a/docs/libcurl/opts/GNURLOPT_HTTPGET.3
b/docs/libcurl/opts/GNURLOPT_HTTPGET.3
index b3aa469cf..071705683 100644
--- a/docs/libcurl/opts/GNURLOPT_HTTPGET.3
+++ b/docs/libcurl/opts/GNURLOPT_HTTPGET.3
@@ -22,7 +22,7 @@
.\"
.TH CURLOPT_HTTPGET 3 "17 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
.SH NAME
-CURLOPT_HTTPGET \- ask for a HTTP GET request
+CURLOPT_HTTPGET \- ask for an HTTP GET request
.SH SYNOPSIS
#include <gnurl/curl.h>
diff --git a/docs/libcurl/opts/GNURLOPT_HTTPPROXYTUNNEL.3
b/docs/libcurl/opts/GNURLOPT_HTTPPROXYTUNNEL.3
index 64a1574f4..5a58f7e9f 100644
--- a/docs/libcurl/opts/GNURLOPT_HTTPPROXYTUNNEL.3
+++ b/docs/libcurl/opts/GNURLOPT_HTTPPROXYTUNNEL.3
@@ -32,7 +32,7 @@ Set the \fBtunnel\fP parameter to 1L to make libcurl tunnel
all operations
through the HTTP proxy (set with \fICURLOPT_PROXY(3)\fP). There is a big
difference between using a proxy and to tunnel through it.
-Tunneling means that a HTTP CONNECT request is sent to the proxy, asking it
+Tunneling means that an HTTP CONNECT request is sent to the proxy, asking it
to connect to a remote host on a specific port number and then the traffic is
just passed through the proxy. Proxies tend to white-list specific port numbers
it allows CONNECT requests to and often only port 80 and 443 are allowed.
@@ -43,7 +43,7 @@ To suppress proxy CONNECT response headers from user
callbacks use
HTTP proxies can generally only speak HTTP (for obvious reasons), which makes
libcurl convert non-HTTP requests to HTTP when using an HTTP proxy without
this tunnel option set. For example, asking for an FTP URL and specifying an
-HTTP proxy will make libcurl send an FTP URL in a HTTP GET request to the
+HTTP proxy will make libcurl send an FTP URL in an HTTP GET request to the
proxy. By instead tunneling through the proxy, you avoid that conversion (that
rarely works through the proxy anyway).
.SH DEFAULT
diff --git a/docs/libcurl/opts/GNURLOPT_HTTP_VERSION.3
b/docs/libcurl/opts/GNURLOPT_HTTP_VERSION.3
index 1015e466b..ba33182a3 100644
--- a/docs/libcurl/opts/GNURLOPT_HTTP_VERSION.3
+++ b/docs/libcurl/opts/GNURLOPT_HTTP_VERSION.3
@@ -72,7 +72,7 @@ if(curl) {
curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
ret = curl_easy_perform(curl);
if(ret == CURLE_HTTP_RETURNED_ERROR) {
- /* a HTTP response error problem */
+ /* an HTTP response error problem */
}
}
.fi
diff --git a/docs/libcurl/opts/GNURLOPT_IOCTLFUNCTION.3
b/docs/libcurl/opts/GNURLOPT_IOCTLFUNCTION.3
index 440f0961b..fb5bb2502 100644
--- a/docs/libcurl/opts/GNURLOPT_IOCTLFUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_IOCTLFUNCTION.3
@@ -50,7 +50,7 @@ shown above.
This callback function gets called by libcurl when something special
I/O-related needs to be done that the library can't do by itself. For now,
rewinding the read data stream is the only action it can request. The
-rewinding of the read data stream may be necessary when doing a HTTP PUT or
+rewinding of the read data stream may be necessary when doing an HTTP PUT or
POST with a multi-pass authentication method.
The callback MUST return \fICURLIOE_UNKNOWNCMD\fP if the input \fIcmd\fP is
diff --git a/docs/libcurl/opts/GNURLOPT_KEEP_SENDING_ON_ERROR.3
b/docs/libcurl/opts/GNURLOPT_KEEP_SENDING_ON_ERROR.3
index 384ca756c..fbef74c07 100644
--- a/docs/libcurl/opts/GNURLOPT_KEEP_SENDING_ON_ERROR.3
+++ b/docs/libcurl/opts/GNURLOPT_KEEP_SENDING_ON_ERROR.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_KEEP_SENDING_ON_ERROR \- keep sending on early HTTP response >= 300
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_KEEP_SENDING_ON_ERROR,
long keep_sending);
diff --git a/docs/libcurl/opts/GNURLOPT_MIMEPOST.3
b/docs/libcurl/opts/GNURLOPT_MIMEPOST.3
index dd64c4b17..be396c7d9 100644
--- a/docs/libcurl/opts/GNURLOPT_MIMEPOST.3
+++ b/docs/libcurl/opts/GNURLOPT_MIMEPOST.3
@@ -25,7 +25,7 @@
CURLOPT_MIMEPOST \- set post/send data from mime structure
.SH SYNOPSIS
.nf
-#include <curl/curl.h>
+#include <gnurl/curl.h>
curl_mime *mime;
diff --git a/docs/libcurl/opts/GNURLOPT_NETRC.3
b/docs/libcurl/opts/GNURLOPT_NETRC.3
index 35e7bb37b..eb5800630 100644
--- a/docs/libcurl/opts/GNURLOPT_NETRC.3
+++ b/docs/libcurl/opts/GNURLOPT_NETRC.3
@@ -80,4 +80,4 @@ Always
.SH RETURN VALUE
Returns CURLE_OK
.SH "SEE ALSO"
-.BR CURLOPT_USERPWD "(3), " CURLOPT_USERNAME "(3), ", CURLOPT_NETRC_FILE "(3),
"
+.BR CURLOPT_USERPWD "(3), " CURLOPT_USERNAME "(3), " CURLOPT_NETRC_FILE "(3), "
diff --git a/docs/libcurl/opts/GNURLOPT_PATH_AS_IS.3
b/docs/libcurl/opts/GNURLOPT_PATH_AS_IS.3
index 1760f2f65..17aafeed9 100644
--- a/docs/libcurl/opts/GNURLOPT_PATH_AS_IS.3
+++ b/docs/libcurl/opts/GNURLOPT_PATH_AS_IS.3
@@ -56,7 +56,7 @@ if(curl) {
}
.fi
.SH AVAILABILITY
-Aded in 7.42.0
+Added in 7.42.0
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
diff --git a/docs/libcurl/opts/GNURLOPT_POST.3
b/docs/libcurl/opts/GNURLOPT_POST.3
index e05f82471..727f36f5b 100644
--- a/docs/libcurl/opts/GNURLOPT_POST.3
+++ b/docs/libcurl/opts/GNURLOPT_POST.3
@@ -22,7 +22,7 @@
.\"
.TH CURLOPT_POST 3 "17 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
.SH NAME
-CURLOPT_POST \- request a HTTP POST
+CURLOPT_POST \- request an HTTP POST
.SH SYNOPSIS
#include <gnurl/curl.h>
@@ -51,7 +51,7 @@ with \fICURLOPT_HTTPHEADER(3)\fP.
Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header.
You can disable this header with \fICURLOPT_HTTPHEADER(3)\fP as usual.
-If you use POST to a HTTP 1.1 server, you can send data without knowing the
+If you use POST to an HTTP 1.1 server, you can send data without knowing the
size before starting the POST if you use chunked encoding. You enable this by
adding a header like "Transfer-Encoding: chunked" with
\fICURLOPT_HTTPHEADER(3)\fP. With HTTP 1.0 or without chunked transfer, you
diff --git a/docs/libcurl/opts/GNURLOPT_POSTFIELDS.3
b/docs/libcurl/opts/GNURLOPT_POSTFIELDS.3
index df268e193..a567ee1de 100644
--- a/docs/libcurl/opts/GNURLOPT_POSTFIELDS.3
+++ b/docs/libcurl/opts/GNURLOPT_POSTFIELDS.3
@@ -28,7 +28,7 @@ CURLOPT_POSTFIELDS \- specify data to POST to server
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTFIELDS, char *postdata);
.SH DESCRIPTION
-Pass a char * as parameter, pointing to the full data to send in a HTTP POST
+Pass a char * as parameter, pointing to the full data to send in an HTTP POST
operation. You must make sure that the data is formatted the way you want the
server to receive it. libcurl will not convert or encode it for you in any
way. For example, the web server may assume that this data is url-encoded.
diff --git a/docs/libcurl/opts/GNURLOPT_POSTREDIR.3
b/docs/libcurl/opts/GNURLOPT_POSTREDIR.3
index 6812dd7aa..fadc2288a 100644
--- a/docs/libcurl/opts/GNURLOPT_POSTREDIR.3
+++ b/docs/libcurl/opts/GNURLOPT_POSTREDIR.3
@@ -22,7 +22,7 @@
.\"
.TH CURLOPT_POSTREDIR 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt
options"
.SH NAME
-CURLOPT_POSTREDIR \- how to act on a HTTP POST redirect
+CURLOPT_POSTREDIR \- how to act on an HTTP POST redirect
.SH SYNOPSIS
.nf
#include <gnurl/curl.h>
diff --git a/docs/libcurl/opts/GNURLOPT_PRE_PROXY.3
b/docs/libcurl/opts/GNURLOPT_PRE_PROXY.3
index 8894c16da..57dfcf6fe 100644
--- a/docs/libcurl/opts/GNURLOPT_PRE_PROXY.3
+++ b/docs/libcurl/opts/GNURLOPT_PRE_PROXY.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PRE_PROXY \- set pre-proxy to use
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PRE_PROXY, char *preproxy);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY.3
b/docs/libcurl/opts/GNURLOPT_PROXY.3
index 615af887d..f6504d0f2 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY.3
@@ -58,7 +58,7 @@ SOCKS5 Proxy. Proxy resolves URL hostname.
Without a scheme prefix, \fICURLOPT_PROXYTYPE(3)\fP can be used to specify
which kind of proxy the string identifies.
-When you tell the library to use a HTTP proxy, libcurl will transparently
+When you tell the library to use an HTTP proxy, libcurl will transparently
convert operations to HTTP even if you specify an FTP URL etc. This may have
an impact on what other features of the library you can use, such as
\fICURLOPT_QUOTE(3)\fP and similar FTP specifics that don't work unless you
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_CAINFO.3
b/docs/libcurl/opts/GNURLOPT_PROXY_CAINFO.3
index a5f61a5bd..b8f6c28c0 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_CAINFO.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_CAINFO.3
@@ -24,11 +24,11 @@
.SH NAME
CURLOPT_PROXY_CAINFO \- path to proxy Certificate Authority (CA) bundle
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAINFO, char *path);
.SH DESCRIPTION
-This option is for connecting to a HTTPS proxy, not a HTTPS server.
+This option is for connecting to an HTTPS proxy, not an HTTPS server.
Pass a char * to a zero terminated string naming a file holding one or more
certificates to verify the HTTPS proxy with.
@@ -60,7 +60,7 @@ Used with HTTPS proxy
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/";);
- /* using a HTTPS proxy */
+ /* using an HTTPS proxy */
curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443";);
curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO, "/etc/certs/cabundle.pem");
ret = curl_easy_perform(curl);
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3
b/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3
index 1e7345ed3..4391d02e3 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_CAPATH \- specify directory holding proxy CA certificates
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAPATH, char *capath);
.SH DESCRIPTION
@@ -45,7 +45,7 @@ Everything used over an HTTPS proxy
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/";);
- /* using a HTTPS proxy */
+ /* using an HTTPS proxy */
curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443";);
curl_easy_setopt(curl, CURLOPT_PROXY_CAPATH, "/etc/cert-dir");
ret = curl_easy_perform(curl);
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_CRLFILE.3
b/docs/libcurl/opts/GNURLOPT_PROXY_CRLFILE.3
index 310ad7a4e..0f2847e43 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_CRLFILE.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_CRLFILE.3
@@ -24,11 +24,11 @@
.SH NAME
CURLOPT_PROXY_CRLFILE \- specify a proxy Certificate Revocation List file
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CRLFILE, char *file);
.SH DESCRIPTION
-This option is for connecting to a HTTPS proxy, not a HTTPS server.
+This option is for connecting to an HTTPS proxy, not an HTTPS server.
Pass a char * to a zero terminated string naming a \fIfile\fP with the
concatenation of CRL (in PEM format) to use in the certificate validation that
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_KEYPASSWD.3
b/docs/libcurl/opts/GNURLOPT_PROXY_KEYPASSWD.3
index 594290274..89316a28b 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_KEYPASSWD.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_KEYPASSWD.3
@@ -24,11 +24,11 @@
.SH NAME
CURLOPT_PROXY_KEYPASSWD \- set passphrase to proxy private key
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_KEYPASSWD, char *pwd);
.SH DESCRIPTION
-This option is for connecting to a HTTPS proxy, not a HTTPS server.
+This option is for connecting to an HTTPS proxy, not an HTTPS server.
Pass a pointer to a zero terminated string as parameter. It will be used as
the password required to use the \fICURLOPT_PROXY_SSLKEY(3)\fP private key.
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3
b/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3
index f6d56ebe9..14a011e87 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_PINNEDPUBLICKEY \- set pinned public key for https proxy
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_PINNEDPUBLICKEY, char
*pinnedpubkey);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERT.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERT.3
index 41e73190e..5fe61e347 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERT.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERT.3
@@ -24,11 +24,11 @@
.SH NAME
CURLOPT_PROXY_SSLCERT \- set SSL proxy client certificate
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERT, char *cert);
.SH DESCRIPTION
-This option is for connecting to a HTTPS proxy, not a HTTPS server.
+This option is for connecting to an HTTPS proxy, not an HTTPS server.
Pass a pointer to a zero terminated string as parameter. The string should be
the file name of your client certificate used to connect to the HTTPS proxy.
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERTTYPE.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERTTYPE.3
index b8a6be0bb..96a81b810 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERTTYPE.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSLCERTTYPE.3
@@ -24,12 +24,12 @@
.SH NAME
CURLOPT_PROXY_SSLCERTTYPE \- specify type of the proxy client SSL certificate
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERTTYPE, char *type);
.SH DESCRIPTION
Pass a pointer to a zero terminated string as parameter. The string should be
-the format of your client certificate used when connecting to a HTTPS proxy.
+the format of your client certificate used when connecting to an HTTPS proxy.
Supported formats are "PEM" and "DER", except with Secure Transport. OpenSSL
(versions 0.9.3 and later) and Secure Transport (on iOS 5 or later, or OS X
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEY.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEY.3
index 8df1c1ee6..585ff00fc 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEY.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEY.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_SSLKEY \- specify private keyfile for TLS and SSL proxy client
cert
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLKEY, char *keyfile);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEYTYPE.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEYTYPE.3
index 687c229a0..d8106cba0 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEYTYPE.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSLKEYTYPE.3
@@ -24,11 +24,11 @@
.SH NAME
CURLOPT_PROXY_SSLKEYTYPE \- set type of the proxy private key file
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLKEYTYPE, char *type);
.SH DESCRIPTION
-This option is for connecting to a HTTPS proxy, not a HTTPS server.
+This option is for connecting to an HTTPS proxy, not an HTTPS server.
Pass a pointer to a zero terminated string as parameter. The string should be
the format of your private key. Supported formats are "PEM", "DER" and "ENG".
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSLVERSION.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSLVERSION.3
index 73c2c9766..92106a237 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSLVERSION.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSLVERSION.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_SSLVERSION \- set preferred proxy TLS/SSL version
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLVERSION, long
version);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_CIPHER_LIST.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_CIPHER_LIST.3
index caaef81a3..c959607fa 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_CIPHER_LIST.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_CIPHER_LIST.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_SSL_CIPHER_LIST \- specify ciphers to use for proxy TLS
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_CIPHER_LIST, char
*list);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_OPTIONS.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_OPTIONS.3
index 428efc38e..f0a70fda6 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_OPTIONS.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_OPTIONS.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_SSL_OPTIONS \- set proxy SSL behavior options
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_OPTIONS, long
bitmask);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYHOST.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYHOST.3
index de4b15b34..00efb8e0d 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYHOST.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYHOST.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_SSL_VERIFYHOST \- verify the proxy certificate's name against
host
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_VERIFYHOST, long
verify);
.SH DESCRIPTION
@@ -56,7 +56,7 @@ overridden.
.SH DEFAULT
2
.SH PROTOCOLS
-All protocols when used over a HTTPS proxy.
+All protocols when used over an HTTPS proxy.
.SH EXAMPLE
.nf
CURL *curl = curl_easy_init();
@@ -78,5 +78,5 @@ Returns CURLE_OK if TLS is supported, and
CURLE_UNKNOWN_OPTION if not.
If 1 is set as argument, \fICURLE_BAD_FUNCTION_ARGUMENT\fP is returned.
.SH "SEE ALSO"
-.BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), " CURLOPT_PROXY_CAINFO "(3), ",
-.BR CURLOPT_SSL_VERIFYPEER "(3), " CURLOPT_CAINFO "(3), ",
+.BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), " CURLOPT_PROXY_CAINFO "(3), "
+.BR CURLOPT_SSL_VERIFYPEER "(3), " CURLOPT_CAINFO "(3), "
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYPEER.3
b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYPEER.3
index 9473495cf..9f156d1f2 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_SSL_VERIFYPEER.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_SSL_VERIFYPEER \- verify the proxy's SSL certificate
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_VERIFYPEER, long
verify);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_PASSWORD.3
b/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_PASSWORD.3
index db3a3d1bb..3bde5392b 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_PASSWORD.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_PASSWORD.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_TLSAUTH_PASSWORD \- password to use for proxy TLS authentication
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLSAUTH_PASSWORD, char
*pwd);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_TYPE.3
b/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_TYPE.3
index 47f4dae4a..6130577d3 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_TYPE.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_TYPE.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_TLSAUTH_TYPE \- set proxy TLS authentication methods
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLSAUTH_TYPE, char
*type);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_USERNAME.3
b/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_USERNAME.3
index 6a2c4388d..7623ba37a 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_USERNAME.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_TLSAUTH_USERNAME.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_PROXY_TLSAUTH_USERNAME \- user name to use for proxy TLS authentication
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLSAUTH_USERNAME, char
*user);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_TRANSFER_MODE.3
b/docs/libcurl/opts/GNURLOPT_PROXY_TRANSFER_MODE.3
index 3a89fd677..587e7a3d6 100644
--- a/docs/libcurl/opts/GNURLOPT_PROXY_TRANSFER_MODE.3
+++ b/docs/libcurl/opts/GNURLOPT_PROXY_TRANSFER_MODE.3
@@ -29,7 +29,7 @@ CURLOPT_PROXY_TRANSFER_MODE \- append FTP transfer mode to
URL for proxy
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TRANSFER_MODE, long
enabled);
.SH DESCRIPTION
Pass a long. If the value is set to 1 (one), it tells libcurl to set the
-transfer mode (binary or ASCII) for FTP transfers done via a HTTP proxy, by
+transfer mode (binary or ASCII) for FTP transfers done via an HTTP proxy, by
appending ;type=a or ;type=i to the URL. Without this setting, or it being set
to 0 (zero, the default), \fICURLOPT_TRANSFERTEXT(3)\fP has no effect when
doing FTP via a proxy. Beware that not all proxies support this feature.
diff --git a/docs/libcurl/opts/GNURLOPT_PUT.3 b/docs/libcurl/opts/GNURLOPT_PUT.3
index d3e919f59..0c23e47c2 100644
--- a/docs/libcurl/opts/GNURLOPT_PUT.3
+++ b/docs/libcurl/opts/GNURLOPT_PUT.3
@@ -22,7 +22,7 @@
.\"
.TH CURLOPT_PUT 3 "17 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
.SH NAME
-CURLOPT_PUT \- make a HTTP PUT request
+CURLOPT_PUT \- make an HTTP PUT request
.SH SYNOPSIS
#include <gnurl/curl.h>
diff --git a/docs/libcurl/opts/GNURLOPT_QUOTE.3
b/docs/libcurl/opts/GNURLOPT_QUOTE.3
index a89dd7426..cfe062232 100644
--- a/docs/libcurl/opts/GNURLOPT_QUOTE.3
+++ b/docs/libcurl/opts/GNURLOPT_QUOTE.3
@@ -34,7 +34,7 @@ prior to your request. This will be done before any other
commands are issued
list of 'struct curl_slist' structs properly filled in with text strings. Use
\fIcurl_slist_append(3)\fP to append strings (commands) to the list, and clear
the entire list afterwards with \fIcurl_slist_free_all(3)\fP. Disable this
-operation again by setting a NULL to this option. When speaking to a FTP
+operation again by setting a NULL to this option. When speaking to an FTP
server, prefix the command with an asterisk (*) to make libcurl continue even
if the command fails as by default libcurl will stop at first failure.
diff --git a/docs/libcurl/opts/GNURLOPT_REQUEST_TARGET.3
b/docs/libcurl/opts/GNURLOPT_REQUEST_TARGET.3
index eabefaa2d..88ae1397e 100644
--- a/docs/libcurl/opts/GNURLOPT_REQUEST_TARGET.3
+++ b/docs/libcurl/opts/GNURLOPT_REQUEST_TARGET.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_REQUEST_TARGET \- specify an alternative target for this request
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_REQUEST_TARGET, string);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_RESOLVER_START_DATA.3
b/docs/libcurl/opts/GNURLOPT_RESOLVER_START_DATA.3
index 4d8f8793e..a1612ca38 100644
--- a/docs/libcurl/opts/GNURLOPT_RESOLVER_START_DATA.3
+++ b/docs/libcurl/opts/GNURLOPT_RESOLVER_START_DATA.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_RESOLVER_START_DATA \- custom pointer passed to the resolver start
callback
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RESOLVER_START_DATA, void
*pointer);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_RESOLVER_START_FUNCTION.3
b/docs/libcurl/opts/GNURLOPT_RESOLVER_START_FUNCTION.3
index fd11910ce..4e3f111c2 100644
--- a/docs/libcurl/opts/GNURLOPT_RESOLVER_START_FUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_RESOLVER_START_FUNCTION.3
@@ -25,7 +25,7 @@
CURLOPT_RESOLVER_START_FUNCTION \- set callback to be called before a new
resolve request is started
.SH SYNOPSIS
.nf
-#include <curl/curl.h>
+#include <gnurl/curl.h>
int resolver_start_cb(void *resolver_state, void *reserved, void *userdata);
diff --git a/docs/libcurl/opts/GNURLOPT_RTSP_CLIENT_CSEQ.3
b/docs/libcurl/opts/GNURLOPT_RTSP_CLIENT_CSEQ.3
index 19a4c864b..084c47282 100644
--- a/docs/libcurl/opts/GNURLOPT_RTSP_CLIENT_CSEQ.3
+++ b/docs/libcurl/opts/GNURLOPT_RTSP_CLIENT_CSEQ.3
@@ -28,7 +28,7 @@ CURLOPT_RTSP_CLIENT_CSEQ \- set the RTSP client CSEQ number
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_CLIENT_CSEQ, long cseq);
.SH DESCRIPTION
-Pass a long to set the the CSEQ number to issue for the next RTSP
+Pass a long to set the CSEQ number to issue for the next RTSP
request. Useful if the application is resuming a previously broken
connection. The CSEQ will increment from this new number henceforth.
.SH DEFAULT
diff --git a/docs/libcurl/opts/GNURLOPT_RTSP_REQUEST.3
b/docs/libcurl/opts/GNURLOPT_RTSP_REQUEST.3
index 02f6ae42d..a82b725f1 100644
--- a/docs/libcurl/opts/GNURLOPT_RTSP_REQUEST.3
+++ b/docs/libcurl/opts/GNURLOPT_RTSP_REQUEST.3
@@ -46,7 +46,7 @@ not needed for this method)\fP
When sent by a client, this method changes the description of the session. For
example, if a client is using the server to record a meeting, the client can
use Announce to inform the server of all the meta-information about the
-session. ANNOUNCE acts like a HTTP PUT or POST just like
+session. ANNOUNCE acts like an HTTP PUT or POST just like
\fICURL_RTSPREQ_SET_PARAMETER\fP
.IP CURL_RTSPREQ_SETUP
Setup is used to initialize the transport layer for the session. The
@@ -68,16 +68,16 @@ different connections.
.IP CURL_RTSPREQ_GET_PARAMETER
Retrieve a parameter from the server. By default, libcurl will automatically
include a \fIContent-Type: text/parameters\fP header on all non-empty requests
-unless a custom one is set. GET_PARAMETER acts just like a HTTP PUT or POST
+unless a custom one is set. GET_PARAMETER acts just like an HTTP PUT or POST
(see \fICURL_RTSPREQ_SET_PARAMETER\fP).
Applications wishing to send a heartbeat message (e.g. in the presence of a
server-specified timeout) should send use an empty GET_PARAMETER request.
.IP CURL_RTSPREQ_SET_PARAMETER
Set a parameter on the server. By default, libcurl will automatically include
a \fIContent-Type: text/parameters\fP header unless a custom one is set. The
-interaction with SET_PARAMETER is much like a HTTP PUT or POST. An application
+interaction with SET_PARAMETER is much like an HTTP PUT or POST. An application
may either use \fICURLOPT_UPLOAD(3)\fP with \fICURLOPT_READDATA(3)\fP like a
-HTTP PUT, or it may use \fICURLOPT_POSTFIELDS(3)\fP like a HTTP POST. No
+HTTP PUT, or it may use \fICURLOPT_POSTFIELDS(3)\fP like an HTTP POST. No
chunked transfers are allowed, so the application must set the
\fICURLOPT_INFILESIZE(3)\fP in the former and \fICURLOPT_POSTFIELDSIZE(3)\fP
in the latter. Also, there is no use of multi-part POSTs within RTSP.
diff --git a/docs/libcurl/opts/GNURLOPT_SEEKFUNCTION.3
b/docs/libcurl/opts/GNURLOPT_SEEKFUNCTION.3
index 0e1a4d8f2..c5ad6988a 100644
--- a/docs/libcurl/opts/GNURLOPT_SEEKFUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_SEEKFUNCTION.3
@@ -45,7 +45,7 @@ input stream and can be used to fast forward a file in a
resumed upload
(instead of reading all uploaded bytes with the normal read
function/callback). It is also called to rewind a stream when data has already
been sent to the server and needs to be sent again. This may happen when doing
-a HTTP PUT or POST with a multi-pass authentication method, or when an
+an HTTP PUT or POST with a multi-pass authentication method, or when an
existing HTTP connection is reused too late and the server closes the
connection. The function shall work like fseek(3) or lseek(3) and it gets
SEEK_SET, SEEK_CUR or SEEK_END as argument for \fIorigin\fP, although libcurl
diff --git a/docs/libcurl/opts/GNURLOPT_SOCKS5_AUTH.3
b/docs/libcurl/opts/GNURLOPT_SOCKS5_AUTH.3
index 7b5e5822b..2b66830db 100644
--- a/docs/libcurl/opts/GNURLOPT_SOCKS5_AUTH.3
+++ b/docs/libcurl/opts/GNURLOPT_SOCKS5_AUTH.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_SOCKS5_AUTH \- set allowed methods for SOCKS5 proxy authentication
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SOCKS5_AUTH, long bitmask);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3
b/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3
index 5445cb0d2..9715162b4 100644
--- a/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3
+++ b/docs/libcurl/opts/GNURLOPT_SSH_COMPRESSION.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_SSH_COMPRESSION \- enables automatic decompression of HTTP downloads
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_COMPRESSION, long enable);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_SSLCERT.3
b/docs/libcurl/opts/GNURLOPT_SSLCERT.3
index 536f52910..3cfa7ec21 100644
--- a/docs/libcurl/opts/GNURLOPT_SSLCERT.3
+++ b/docs/libcurl/opts/GNURLOPT_SSLCERT.3
@@ -38,6 +38,17 @@ you wish to authenticate with as it is named in the security
database. If you
want to use a file from the current directory, please precede it with "./"
prefix, in order to avoid confusion with a nickname.
+(Schannel/WinSSL only) Client certificates must be specified by a path
+expression to a certificate store. (Loading PFX is not supported; you can
+import it to a store first). You can use
+"<store location>\\<store name>\\<thumbprint>" to refer to a certificate
+in the system certificates store, for example,
+"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is
+usually a SHA-1 hex string which you can see in certificate details. Following
+store locations are supported: CurrentUser, LocalMachine, CurrentService,
+Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy,
+LocalMachineEnterprise.
+
When using a client certificate, you most likely also need to provide a
private key with \fICURLOPT_SSLKEY(3)\fP.
diff --git a/docs/libcurl/opts/GNURLOPT_SSL_CTX_DATA.3
b/docs/libcurl/opts/GNURLOPT_SSL_CTX_DATA.3
index 216bdec3a..7b6dec4b3 100644
--- a/docs/libcurl/opts/GNURLOPT_SSL_CTX_DATA.3
+++ b/docs/libcurl/opts/GNURLOPT_SSL_CTX_DATA.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_SSL_CTX_DATA \- custom pointer passed to ssl_ctx callback
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
.SH DESCRIPTION
@@ -40,7 +40,7 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
/* OpenSSL specific */
#include <openssl/ssl.h>
-#include <curl/curl.h>
+#include <gnurl/curl.h>
#include <stdio.h>
static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
diff --git a/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
index b142d061d..b0b8d6fda 100644
--- a/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
@@ -56,7 +56,7 @@ each time, but note the pointer may be the same as from a
prior call.
To use this properly, a non-trivial amount of knowledge of your SSL library is
necessary. For example, you can use this function to call library-specific
callbacks to add additional validation code for certificates, and even to
-change the actual URI of a HTTPS request.
+change the actual URI of an HTTPS request.
.SH DEFAULT
NULL
.SH PROTOCOLS
diff --git a/docs/libcurl/opts/GNURLOPT_STREAM_DEPENDS_E.3
b/docs/libcurl/opts/GNURLOPT_STREAM_DEPENDS_E.3
index 52ff36a1b..18e8cef04 100644
--- a/docs/libcurl/opts/GNURLOPT_STREAM_DEPENDS_E.3
+++ b/docs/libcurl/opts/GNURLOPT_STREAM_DEPENDS_E.3
@@ -22,7 +22,7 @@
.\"
.TH CURLOPT_STREAM_DEPENDS_E 3 "13 Sep 2015" "libcurl 7.46.0"
"curl_easy_setopt options"
.SH NAME
-CURLOPT_STREAM_DEPENDS_E \- set stream this transfer depends on execlusively
+CURLOPT_STREAM_DEPENDS_E \- set stream this transfer depends on exclusively
.SH SYNOPSIS
#include <gnurl/curl.h>
diff --git a/docs/libcurl/opts/GNURLOPT_STREAM_WEIGHT.3
b/docs/libcurl/opts/GNURLOPT_STREAM_WEIGHT.3
index 5ae575507..325a68070 100644
--- a/docs/libcurl/opts/GNURLOPT_STREAM_WEIGHT.3
+++ b/docs/libcurl/opts/GNURLOPT_STREAM_WEIGHT.3
@@ -36,7 +36,7 @@ sense and is only usable when doing multiple streams over the
same
connections, which thus implies that you use \fICURLMOPT_PIPELINING(3)\fP.
This option can be set during transfer and will then cause the updated weight
-info get sent to the server the next time a HTTP/2 frame is sent to the
+info get sent to the server the next time an HTTP/2 frame is sent to the
server.
See section 5.3 of RFC 7540 for protocol details:
diff --git a/docs/libcurl/opts/GNURLOPT_SUPPRESS_CONNECT_HEADERS.3
b/docs/libcurl/opts/GNURLOPT_SUPPRESS_CONNECT_HEADERS.3
index 8cfec7a8f..22f83790f 100644
--- a/docs/libcurl/opts/GNURLOPT_SUPPRESS_CONNECT_HEADERS.3
+++ b/docs/libcurl/opts/GNURLOPT_SUPPRESS_CONNECT_HEADERS.3
@@ -25,7 +25,7 @@
CURLOPT_SUPPRESS_CONNECT_HEADERS \- Suppress proxy CONNECT response headers
from user callbacks
.SH SYNOPSIS
.nf
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SUPPRESS_CONNECT_HEADERS, long
onoff);
.fi
diff --git a/docs/libcurl/opts/GNURLOPT_TIMEVALUE_LARGE.3
b/docs/libcurl/opts/GNURLOPT_TIMEVALUE_LARGE.3
index 884b51236..b41ffb000 100644
--- a/docs/libcurl/opts/GNURLOPT_TIMEVALUE_LARGE.3
+++ b/docs/libcurl/opts/GNURLOPT_TIMEVALUE_LARGE.3
@@ -24,7 +24,7 @@
.SH NAME
CURLOPT_TIMEVALUE_LARGE \- set time value for conditional
.SH SYNOPSIS
-#include <curl/curl.h>
+#include <gnurl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TIMEVALUE_LARGE, curl_off_t
val);
.SH DESCRIPTION
diff --git a/docs/libcurl/opts/GNURLOPT_UNIX_SOCKET_PATH.3
b/docs/libcurl/opts/GNURLOPT_UNIX_SOCKET_PATH.3
index 31bb82b0b..c79c5e2bc 100644
--- a/docs/libcurl/opts/GNURLOPT_UNIX_SOCKET_PATH.3
+++ b/docs/libcurl/opts/GNURLOPT_UNIX_SOCKET_PATH.3
@@ -56,7 +56,7 @@ All protocols except for file:// and FTP are supported in
theory. HTTP, IMAP,
POP3 and SMTP should in particular work (including their SSL/TLS variants).
.SH EXAMPLE
Given that you have an nginx server running, listening on /tmp/nginx.sock, you
-can request a HTTP resource with:
+can request an HTTP resource with:
.nf
curl_easy_setopt(curl_handle, CURLOPT_UNIX_SOCKET_PATH, "/tmp/nginx.sock");
diff --git a/docs/libcurl/opts/GNURLOPT_UPLOAD.3
b/docs/libcurl/opts/GNURLOPT_UPLOAD.3
index be4807086..d50b8dfa7 100644
--- a/docs/libcurl/opts/GNURLOPT_UPLOAD.3
+++ b/docs/libcurl/opts/GNURLOPT_UPLOAD.3
@@ -37,7 +37,7 @@ the PUT request unless you tell libcurl otherwise.
Using PUT with HTTP 1.1 implies the use of a "Expect: 100-continue" header.
You can disable this header with \fICURLOPT_HTTPHEADER(3)\fP as usual.
-If you use PUT to a HTTP 1.1 server, you can upload data without knowing the
+If you use PUT to an HTTP 1.1 server, you can upload data without knowing the
size before starting the transfer if you use chunked encoding. You enable this
by adding a header like "Transfer-Encoding: chunked" with
\fICURLOPT_HTTPHEADER(3)\fP. With HTTP 1.0 or without chunked transfer, you
diff --git a/docs/libcurl/opts/GNURLOPT_URL.3 b/docs/libcurl/opts/GNURLOPT_URL.3
index 95f7f8820..c477649c6 100644
--- a/docs/libcurl/opts/GNURLOPT_URL.3
+++ b/docs/libcurl/opts/GNURLOPT_URL.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -108,7 +108,7 @@ The path part of the URL is protocol specific and whilst
some examples are
given below this list is not conclusive:
.IP HTTP
-The path part of a HTTP request specifies the file to retrieve and from what
+The path part of an HTTP request specifies the file to retrieve and from what
directory. If the directory is not specified then the web server's root
directory is used. If the file is omitted then the default document will be
retrieved for either the directory specified or the root directory. The exact
@@ -286,6 +286,16 @@ escape it by providing it as backslash and its ASCII value
in hexadecimal:
The application does not have to keep the string around after setting this
option.
+.SH ENCODING
+The string pointed to in the \fICURLOPT_URL(3)\fP argument is generally
+expected to be a sequence of characters using an ASCII compatible encoding.
+
+If libcurl is built with IDN support, the server name part of the URL can use
+an "international name" by using the current encoding (according to locale) or
+UTF-8 (when winidn is used).
+
+If libcurl is built without IDN support, the server name is used exactly as
+specified when passed to the name resolver functions.
.SH DEFAULT
There is no default URL. If this option isn't set, no transfer can be
performed.
diff --git a/docs/libcurl/opts/Makefile.inc b/docs/libcurl/opts/Makefile.inc
index 618eb08f3..620f32bd8 100644
--- a/docs/libcurl/opts/Makefile.inc
+++ b/docs/libcurl/opts/Makefile.inc
@@ -112,6 +112,7 @@ man_MANS = \
GNURLOPT_DNS_LOCAL_IP4.3 \
GNURLOPT_DNS_LOCAL_IP6.3 \
GNURLOPT_DNS_SERVERS.3 \
+ GNURLOPT_DNS_SHUFFLE_ADDRESSES.3 \
GNURLOPT_DNS_USE_GLOBAL_CACHE.3 \
GNURLOPT_EGDSOCKET.3 \
GNURLOPT_ERRORBUFFER.3 \
@@ -137,6 +138,7 @@ man_MANS = \
GNURLOPT_FTP_USE_PRET.3 \
GNURLOPT_GSSAPI_DELEGATION.3 \
GNURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 \
+ GNURLOPT_HAPROXYPROTOCOL.3 \
GNURLOPT_HEADER.3 \
GNURLOPT_HEADERDATA.3 \
GNURLOPT_HEADERFUNCTION.3 \
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index c58086fb7..52e8407dd 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -373,6 +373,7 @@ CURLOPT_DNS_INTERFACE 7.33.0
CURLOPT_DNS_LOCAL_IP4 7.33.0
CURLOPT_DNS_LOCAL_IP6 7.33.0
CURLOPT_DNS_SERVERS 7.24.0
+CURLOPT_DNS_SHUFFLE_ADDRESSES 7.60.0
CURLOPT_DNS_USE_GLOBAL_CACHE 7.9.3 7.11.1
CURLOPT_EGDSOCKET 7.7
CURLOPT_ENCODING 7.10
@@ -404,6 +405,7 @@ CURLOPT_FTP_USE_EPSV 7.9.2
CURLOPT_FTP_USE_PRET 7.20.0
CURLOPT_GSSAPI_DELEGATION 7.22.0
CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS 7.59.0
+CURLOPT_HAPROXYPROTOCOL 7.60.0
CURLOPT_HEADER 7.1
CURLOPT_HEADERDATA 7.10
CURLOPT_HEADERFUNCTION 7.7.2
diff --git a/include/gnurl/curl.h b/include/gnurl/curl.h
index fa019eca9..3fd4ca87d 100644
--- a/include/gnurl/curl.h
+++ b/include/gnurl/curl.h
@@ -1841,6 +1841,12 @@ typedef enum {
/* User data to pass to the resolver start callback. */
CINIT(RESOLVER_START_DATA, OBJECTPOINT, 273),
+ /* send HAProxy PROXY protocol header? */
+ CINIT(HAPROXYPROTOCOL, LONG, 274),
+
+ /* shuffle addresses before use when DNS returns multiple */
+ CINIT(DNS_SHUFFLE_ADDRESSES, LONG, 275),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/include/gnurl/curlver.h b/include/gnurl/curlver.h
index 5149d2f77..26f2371a7 100644
--- a/include/gnurl/curlver.h
+++ b/include/gnurl/curlver.h
@@ -30,12 +30,12 @@
/* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "7.59.0-DEV"
+#define LIBCURL_VERSION "7.60.0-DEV"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 59
+#define LIBCURL_VERSION_MINOR 60
#define LIBCURL_VERSION_PATCH 0
/* This is the numeric version of the libcurl version number, meant for easier
@@ -57,7 +57,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x073B00
+#define LIBCURL_VERSION_NUM 0x073C00
/*
* This is the date and time when the full source package was created. The
diff --git a/include/gnurl/system.h b/include/gnurl/system.h
index 07bbd9ca9..eac4cfeb6 100644
--- a/include/gnurl/system.h
+++ b/include/gnurl/system.h
@@ -300,7 +300,9 @@
#elif defined(__SUNPRO_C) /* Oracle Solaris Studio */
# if !defined(__LP64) && (defined(__ILP32) || \
- defined(__i386) || defined(__sparcv8))
+ defined(__i386) || \
+ defined(__sparcv8) || \
+ defined(__sparcv8plus))
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
diff --git a/lib/Makefile.inc b/lib/Makefile.inc
index 69f9b403d..61c23411d 100644
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -29,8 +29,8 @@ LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h
LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \
vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \
- vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c \
- vtls/mbedtls.c
+ vtls/cyassl.c vtls/schannel.c vtls/schannel_verify.c \
+ vtls/darwinssl.c vtls/gskit.c vtls/mbedtls.c
LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \
vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \
diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c
index 1ac3fc809..b11fab246 100644
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -79,6 +79,10 @@
#include "curl_memory.h"
#include "memdebug.h"
+struct resdata {
+ struct curltime start;
+};
+
/*
* Curl_resolver_global_init()
* Called from curl_global_init() to initialize global resolver environment.
@@ -102,11 +106,13 @@ void Curl_resolver_global_cleanup(void)
* Curl_resolver_init()
* Called from curl_easy_init() -> Curl_open() to initialize resolver
* URL-state specific environment ('resolver' member of the UrlState
- * structure). Does nothing here.
+ * structure).
*/
CURLcode Curl_resolver_init(void **resolver)
{
- (void)resolver;
+ *resolver = calloc(1, sizeof(struct resdata));
+ if(!*resolver)
+ return CURLE_OUT_OF_MEMORY;
return CURLE_OK;
}
@@ -114,24 +120,22 @@ CURLcode Curl_resolver_init(void **resolver)
* Curl_resolver_cleanup()
* Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver
* URL-state specific environment ('resolver' member of the UrlState
- * structure). Does nothing here.
+ * structure).
*/
void Curl_resolver_cleanup(void *resolver)
{
- (void)resolver;
+ free(resolver);
}
/*
* Curl_resolver_duphandle()
* Called from curl_easy_duphandle() to duplicate resolver URL state-specific
- * environment ('resolver' member of the UrlState structure). Does nothing
- * here.
+ * environment ('resolver' member of the UrlState structure).
*/
int Curl_resolver_duphandle(void **to, void *from)
{
- (void)to;
(void)from;
- return CURLE_OK;
+ return Curl_resolver_init(to);
}
static void destroy_async_data(struct Curl_async *);
@@ -561,9 +565,22 @@ int Curl_resolver_getsock(struct connectdata *conn,
curl_socket_t *socks,
int numsocks)
{
- (void)conn;
+ time_t milli;
+ timediff_t ms;
+ struct Curl_easy *data = conn->data;
+ struct resdata *reslv = (struct resdata *)data->state.resolver;
(void)socks;
(void)numsocks;
+ ms = Curl_timediff(Curl_now(), reslv->start);
+ if(ms < 10)
+ milli = ms/3;
+ else if(ms <= 50)
+ milli = 10;
+ else if(ms <= 250)
+ milli = 50;
+ else
+ milli = 200;
+ Curl_expire(data, milli, EXPIRE_ASYNC_NAME);
return 0;
}
@@ -577,6 +594,8 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata
*conn,
int *waitp)
{
struct in_addr in;
+ struct Curl_easy *data = conn->data;
+ struct resdata *reslv = (struct resdata *)data->state.resolver;
*waitp = 0; /* default to synchronous response */
@@ -584,14 +603,17 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct
connectdata *conn,
/* This is a dotted IP address 123.123.123.123-style */
return Curl_ip2addr(AF_INET, &in, hostname, port);
+ reslv->start = Curl_now();
+
/* fire up a new resolver thread! */
if(init_resolve_thread(conn, hostname, port, NULL)) {
*waitp = 1; /* expect asynchronous response */
return NULL;
}
- /* fall-back to blocking version */
- return Curl_ipv4_resolve_r(hostname, port);
+ failf(conn->data, "getaddrinfo() thread failed\n");
+
+ return NULL;
}
#else /* !HAVE_GETADDRINFO */
@@ -605,10 +627,10 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct
connectdata *conn,
int *waitp)
{
struct addrinfo hints;
- Curl_addrinfo *res;
- int error;
char sbuf[12];
int pf = PF_INET;
+ struct Curl_easy *data = conn->data;
+ struct resdata *reslv = (struct resdata *)data->state.resolver;
*waitp = 0; /* default to synchronous response */
@@ -658,27 +680,16 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct
connectdata *conn,
snprintf(sbuf, sizeof(sbuf), "%d", port);
+ reslv->start = Curl_now();
/* fire up a new resolver thread! */
if(init_resolve_thread(conn, hostname, port, &hints)) {
*waitp = 1; /* expect asynchronous response */
return NULL;
}
- /* fall-back to blocking version */
- infof(conn->data, "init_resolve_thread() failed for %s; %s\n",
- hostname, Curl_strerror(conn, errno));
-
- error = Curl_getaddrinfo_ex(hostname, sbuf, &hints, &res);
- if(error) {
- infof(conn->data, "getaddrinfo() failed for %s:%d; %s\n",
- hostname, port, Curl_strerror(conn, SOCKERRNO));
- return NULL;
- }
- else {
- Curl_addrinfo_set_port(res, port);
- }
+ failf(data, "getaddrinfo() thread failed to start\n");
+ return NULL;
- return res;
}
#endif /* !HAVE_GETADDRINFO */
diff --git a/lib/checksrc.pl b/lib/checksrc.pl
index c86222b21..c90e245ee 100755
--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -47,7 +47,7 @@ my %warnings = (
'COMMANOSPACE' => 'comma without following space',
'BRACEELSE' => '} else on the same line',
'PARENBRACE' => '){ without sufficient space',
- 'SPACESEMILCOLON' => 'space before semicolon',
+ 'SPACESEMICOLON' => 'space before semicolon',
'BANNEDFUNC' => 'a banned function was used',
'FOPENMODE' => 'fopen needs a macro for the mode string',
'BRACEPOS' => 'wrong position for an open brace',
@@ -462,14 +462,14 @@ sub scanfile {
# check for space before the semicolon last in a line
if($l =~ /^(.*[^ ].*) ;$/) {
- checkwarn("SPACESEMILCOLON",
+ checkwarn("SPACESEMICOLON",
$line, length($1), $file, $ol, "space before last
semicolon");
}
# scan for use of banned functions
if($l =~ /^(.*\W)
(gets|
- strtok|
+ strtok|
v?sprintf|
(str|_mbs|_tcs|_wcs)n?cat|
LoadLibrary(Ex)?(A|W)?)
@@ -499,9 +499,9 @@ sub scanfile {
}
# if the previous line starts with if/while/for AND ends with an open
- # brace, check that this line is indented $indent more steps, if not
- # a cpp line
- if($prevl =~ /^( *)(if|while|for)\(.*\{\z/) {
+ # brace, or an else statement, check that this line is indented $indent
+ # more steps, if not a cpp line
+ if($prevl =~ /^( *)((if|while|for)\(.*\{|else)\z/) {
my $first = length($1);
# this line has some character besides spaces
@@ -511,7 +511,7 @@ sub scanfile {
if($expect != $second) {
my $diff = $second - $first;
checkwarn("INDENTATION", $line, length($1), $file, $ol,
- "not indented $indent steps, uses $diff)");
+ "not indented $indent steps (uses $diff)");
}
}
@@ -573,7 +573,7 @@ sub scanfile {
if($nostr =~ /(.*)\;[a-z0-9]/i) {
checkwarn("SEMINOSPACE",
$line, length($1)+1, $file, $ol,
- "no space after semilcolon");
+ "no space after semicolon");
}
# check for more than one consecutive space before open brace or
diff --git a/lib/content_encoding.c b/lib/content_encoding.c
index 047245170..5a32d0791 100644
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -873,10 +873,9 @@ static contenc_writer *new_unencoding_writer(struct
connectdata *conn,
contenc_writer *downstream)
{
size_t sz = offsetof(contenc_writer, params) + handler->paramsize;
- contenc_writer *writer = (contenc_writer *) malloc(sz);
+ contenc_writer *writer = (contenc_writer *) calloc(1, sz);
if(writer) {
- memset(writer, 0, sz);
writer->handler = handler;
writer->downstream = downstream;
if(handler->init_writer(conn, writer)) {
diff --git a/lib/cookie.c b/lib/cookie.c
index 63deee163..29f627fd4 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -143,6 +143,28 @@ static bool tailmatch(const char *cooke_domain, const char
*hostname)
}
/*
+ * Return true if the given string is an IP(v4|v6) address.
+ */
+static bool isip(const char *domain)
+{
+ struct in_addr addr;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr6;
+#endif
+
+ if(Curl_inet_pton(AF_INET, domain, &addr)
+#ifdef ENABLE_IPV6
+ || Curl_inet_pton(AF_INET6, domain, &addr6)
+#endif
+ ) {
+ /* domain name given as IP address */
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/*
* matching cookie path and url path
* RFC6265 5.1.4 Paths and Path-Match
*/
@@ -218,6 +240,62 @@ pathmatched:
}
/*
+ * Return the top-level domain, for optimal hashing.
+ */
+static const char *get_top_domain(const char * const domain, size_t *outlen)
+{
+ size_t len;
+ const char *first = NULL, *last;
+
+ if(!domain)
+ return NULL;
+
+ len = strlen(domain);
+ last = memrchr(domain, '.', len);
+ if(last) {
+ first = memrchr(domain, '.', (size_t) (last - domain));
+ if(first)
+ len -= (size_t) (++first - domain);
+ }
+
+ if(outlen)
+ *outlen = len;
+
+ return first? first: domain;
+}
+
+/*
+ * A case-insensitive hash for the cookie domains.
+ */
+static size_t cookie_hash_domain(const char *domain, const size_t len)
+{
+ const char *end = domain + len;
+ size_t h = 5381;
+
+ while(domain < end) {
+ h += h << 5;
+ h ^= Curl_raw_toupper(*domain++);
+ }
+
+ return (h % COOKIE_HASH_SIZE);
+}
+
+/*
+ * Hash this domain.
+ */
+static size_t cookiehash(const char * const domain)
+{
+ const char *top;
+ size_t len;
+
+ if(!domain || isip(domain))
+ return 0;
+
+ top = get_top_domain(domain, &len);
+ return cookie_hash_domain(top, len);
+}
+
+/*
* cookie path sanitize
*/
static char *sanitize_cookie_path(const char *cookie_path)
@@ -303,48 +381,29 @@ static void remove_expired(struct CookieInfo *cookies)
{
struct Cookie *co, *nx, *pv;
curl_off_t now = (curl_off_t)time(NULL);
-
- co = cookies->cookies;
- pv = NULL;
- while(co) {
- nx = co->next;
- if(co->expires && co->expires < now) {
- if(!pv) {
- cookies->cookies = co->next;
+ unsigned int i;
+
+ for(i = 0; i < COOKIE_HASH_SIZE; i++) {
+ co = cookies->cookies[i];
+ pv = NULL;
+ while(co) {
+ nx = co->next;
+ if(co->expires && co->expires < now) {
+ if(!pv) {
+ cookies->cookies[i] = co->next;
+ }
+ else {
+ pv->next = co->next;
+ }
+ cookies->numcookies--;
+ freecookie(co);
}
else {
- pv->next = co->next;
+ pv = co;
}
- cookies->numcookies--;
- freecookie(co);
+ co = nx;
}
- else {
- pv = co;
- }
- co = nx;
- }
-}
-
-/*
- * Return true if the given string is an IP(v4|v6) address.
- */
-static bool isip(const char *domain)
-{
- struct in_addr addr;
-#ifdef ENABLE_IPV6
- struct in6_addr addr6;
-#endif
-
- if(Curl_inet_pton(AF_INET, domain, &addr)
-#ifdef ENABLE_IPV6
- || Curl_inet_pton(AF_INET6, domain, &addr6)
-#endif
- ) {
- /* domain name given as IP address */
- return TRUE;
}
-
- return FALSE;
}
/****************************************************************************
@@ -368,6 +427,7 @@ Curl_cookie_add(struct Curl_easy *data,
struct CookieInfo *c,
bool httpheader, /* TRUE if HTTP header-style line */
+ bool noexpire, /* if TRUE, skip remove_expired() */
char *lineptr, /* first character of the line */
const char *domain, /* default domain */
const char *path) /* full path used when this cookie is set,
@@ -380,6 +440,7 @@ Curl_cookie_add(struct Curl_easy *data,
time_t now = time(NULL);
bool replace_old = FALSE;
bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */
+ size_t myhash;
#ifdef USE_LIBPSL
const psl_ctx_t *psl;
@@ -467,10 +528,16 @@ Curl_cookie_add(struct Curl_easy *data,
while(*whatptr && ISBLANK(*whatptr))
whatptr++;
- if(!co->name && sep) {
+ if(!co->name) {
/* The very first name/value pair is the actual cookie name */
+ if(!sep) {
+ /* Bad name/value pair. */
+ badcookie = TRUE;
+ break;
+ }
co->name = strdup(name);
co->value = strdup(whatptr);
+ done = TRUE;
if(!co->name || !co->value) {
badcookie = TRUE;
break;
@@ -819,7 +886,8 @@ Curl_cookie_add(struct Curl_easy *data,
the same domain and path as this */
/* at first, remove expired cookies */
- remove_expired(c);
+ if(!noexpire)
+ remove_expired(c);
#ifdef USE_LIBPSL
/* Check if the domain is a Public Suffix and if yes, ignore the cookie.
@@ -836,7 +904,8 @@ Curl_cookie_add(struct Curl_easy *data,
}
#endif
- clist = c->cookies;
+ myhash = cookiehash(co->domain);
+ clist = c->cookies[myhash];
replace_old = FALSE;
while(clist) {
if(strcasecompare(clist->name, co->name)) {
@@ -922,7 +991,7 @@ Curl_cookie_add(struct Curl_easy *data,
if(lastc)
lastc->next = co;
else
- c->cookies = co;
+ c->cookies[myhash] = co;
c->numcookies++; /* one more cookie in the jar */
}
@@ -1026,9 +1095,10 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy
*data,
while(*lineptr && ISBLANK(*lineptr))
lineptr++;
- Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL);
+ Curl_cookie_add(data, c, headerline, TRUE, lineptr, NULL, NULL);
}
free(line); /* free the line buffer */
+ remove_expired(c); /* run this once, not on every cookie */
if(fromfile)
fclose(fp);
@@ -1134,8 +1204,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
struct Cookie *mainco = NULL;
size_t matches = 0;
bool is_ip;
+ const size_t myhash = cookiehash(host);
- if(!c || !c->cookies)
+ if(!c || !c->cookies[myhash])
return NULL; /* no cookie struct or no cookies in the struct */
/* at first, remove expired cookies */
@@ -1144,7 +1215,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
/* check if host is an IP(v4|v6) address */
is_ip = isip(host);
- co = c->cookies;
+ co = c->cookies[myhash];
while(co) {
/* only process this cookie if it is not expired or had no expire
@@ -1232,8 +1303,11 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
void Curl_cookie_clearall(struct CookieInfo *cookies)
{
if(cookies) {
- Curl_cookie_freelist(cookies->cookies);
- cookies->cookies = NULL;
+ unsigned int i;
+ for(i = 0; i < COOKIE_HASH_SIZE; i++) {
+ Curl_cookie_freelist(cookies->cookies[i]);
+ cookies->cookies[i] = NULL;
+ }
cookies->numcookies = 0;
}
}
@@ -1267,31 +1341,37 @@ void Curl_cookie_freelist(struct Cookie *co)
void Curl_cookie_clearsess(struct CookieInfo *cookies)
{
struct Cookie *first, *curr, *next, *prev = NULL;
+ unsigned int i;
- if(!cookies || !cookies->cookies)
+ if(!cookies)
return;
- first = curr = prev = cookies->cookies;
+ for(i = 0; i < COOKIE_HASH_SIZE; i++) {
+ if(!cookies->cookies[i])
+ continue;
- for(; curr; curr = next) {
- next = curr->next;
- if(!curr->expires) {
- if(first == curr)
- first = next;
+ first = curr = prev = cookies->cookies[i];
- if(prev == curr)
- prev = next;
- else
- prev->next = next;
+ for(; curr; curr = next) {
+ next = curr->next;
+ if(!curr->expires) {
+ if(first == curr)
+ first = next;
+
+ if(prev == curr)
+ prev = next;
+ else
+ prev->next = next;
- freecookie(curr);
- cookies->numcookies--;
+ freecookie(curr);
+ cookies->numcookies--;
+ }
+ else
+ prev = curr;
}
- else
- prev = curr;
- }
- cookies->cookies = first;
+ cookies->cookies[i] = first;
+ }
}
@@ -1304,9 +1384,12 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
****************************************************************************/
void Curl_cookie_cleanup(struct CookieInfo *c)
{
+ unsigned int i;
+
if(c) {
free(c->filename);
- Curl_cookie_freelist(c->cookies);
+ for(i = 0; i < COOKIE_HASH_SIZE; i++)
+ Curl_cookie_freelist(c->cookies[i]);
free(c); /* free the base struct as well */
}
}
@@ -1355,6 +1438,7 @@ static int cookie_output(struct CookieInfo *c, const char
*dumphere)
FILE *out;
bool use_stdout = FALSE;
char *format_ptr;
+ unsigned int i;
if((NULL == c) || (0 == c->numcookies))
/* If there are no known cookies, we don't write or even create any
@@ -1364,6 +1448,10 @@ static int cookie_output(struct CookieInfo *c, const
char *dumphere)
/* at first, remove expired cookies */
remove_expired(c);
+ /* make sure we still have cookies after expiration */
+ if(0 == c->numcookies)
+ return 0;
+
if(!strcmp("-", dumphere)) {
/* use stdout */
out = stdout;
@@ -1380,18 +1468,20 @@ static int cookie_output(struct CookieInfo *c, const
char *dumphere)
"# This file was generated by libcurl! Edit at your own risk.\n\n",
out);
- for(co = c->cookies; co; co = co->next) {
- if(!co->domain)
- continue;
- format_ptr = get_netscape_format(co);
- if(format_ptr == NULL) {
- fprintf(out, "#\n# Fatal libcurl error\n");
- if(!use_stdout)
- fclose(out);
- return 1;
+ for(i = 0; i < COOKIE_HASH_SIZE; i++) {
+ for(co = c->cookies[i]; co; co = co->next) {
+ if(!co->domain)
+ continue;
+ format_ptr = get_netscape_format(co);
+ if(format_ptr == NULL) {
+ fprintf(out, "#\n# Fatal libcurl error\n");
+ if(!use_stdout)
+ fclose(out);
+ return 1;
+ }
+ fprintf(out, "%s\n", format_ptr);
+ free(format_ptr);
}
- fprintf(out, "%s\n", format_ptr);
- free(format_ptr);
}
if(!use_stdout)
@@ -1406,26 +1496,29 @@ static struct curl_slist *cookie_list(struct Curl_easy
*data)
struct curl_slist *beg;
struct Cookie *c;
char *line;
+ unsigned int i;
if((data->cookies == NULL) ||
(data->cookies->numcookies == 0))
return NULL;
- for(c = data->cookies->cookies; c; c = c->next) {
- if(!c->domain)
- continue;
- line = get_netscape_format(c);
- if(!line) {
- curl_slist_free_all(list);
- return NULL;
- }
- beg = Curl_slist_append_nodup(list, line);
- if(!beg) {
- free(line);
- curl_slist_free_all(list);
- return NULL;
+ for(i = 0; i < COOKIE_HASH_SIZE; i++) {
+ for(c = data->cookies->cookies[i]; c; c = c->next) {
+ if(!c->domain)
+ continue;
+ line = get_netscape_format(c);
+ if(!line) {
+ curl_slist_free_all(list);
+ return NULL;
+ }
+ beg = Curl_slist_append_nodup(list, line);
+ if(!beg) {
+ free(line);
+ curl_slist_free_all(list);
+ return NULL;
+ }
+ list = beg;
}
- list = beg;
}
return list;
diff --git a/lib/cookie.h b/lib/cookie.h
index bb13dacea..8be887cc9 100644
--- a/lib/cookie.h
+++ b/lib/cookie.h
@@ -45,9 +45,11 @@ struct Cookie {
bool httponly; /* true if the httponly directive is present */
};
+#define COOKIE_HASH_SIZE 256
+
struct CookieInfo {
/* linked list of cookies we know of */
- struct Cookie *cookies;
+ struct Cookie *cookies[COOKIE_HASH_SIZE];
char *filename; /* file we read from/write to */
bool running; /* state info, for cookie adding information */
@@ -67,7 +69,6 @@ struct CookieInfo {
*/
#define MAX_COOKIE_LINE 5000
-#define MAX_COOKIE_LINE_TXT "4999"
/* This is the maximum length of a cookie name or content we deal with: */
#define MAX_NAME 4096
@@ -80,7 +81,8 @@ struct Curl_easy;
*/
struct Cookie *Curl_cookie_add(struct Curl_easy *data,
- struct CookieInfo *, bool header, char *lineptr,
+ struct CookieInfo *, bool header, bool noexpiry,
+ char *lineptr,
const char *domain, const char *path);
struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
diff --git a/lib/curl_addrinfo.c b/lib/curl_addrinfo.c
index b289a4831..8ef1cfc68 100644
--- a/lib/curl_addrinfo.c
+++ b/lib/curl_addrinfo.c
@@ -345,7 +345,7 @@ Curl_he2ai(const struct hostent *he, int port)
addr = (void *)ai->ai_addr; /* storage area for this info */
memcpy(&addr->sin_addr, curr, sizeof(struct in_addr));
- addr->sin_family = (unsigned short)(he->h_addrtype);
+ addr->sin_family = (CURL_SA_FAMILY_T)(he->h_addrtype);
addr->sin_port = htons((unsigned short)port);
break;
@@ -354,7 +354,7 @@ Curl_he2ai(const struct hostent *he, int port)
addr6 = (void *)ai->ai_addr; /* storage area for this info */
memcpy(&addr6->sin6_addr, curr, sizeof(struct in6_addr));
- addr6->sin6_family = (unsigned short)(he->h_addrtype);
+ addr6->sin6_family = (CURL_SA_FAMILY_T)(he->h_addrtype);
addr6->sin6_port = htons((unsigned short)port);
break;
#endif
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index e640cc656..4b12083f2 100644
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -398,6 +398,9 @@
/* if zlib is available */
#cmakedefine HAVE_LIBZ 1
+/* if brotli is available */
+#cmakedefine HAVE_BROTLI 1
+
/* if your compiler supports LL */
#cmakedefine HAVE_LL 1
diff --git a/lib/curl_ctype.c b/lib/curl_ctype.c
index 4f5abc207..1a47fb5e6 100644
--- a/lib/curl_ctype.c
+++ b/lib/curl_ctype.c
@@ -22,6 +22,8 @@
#include "curl_setup.h"
+#ifndef CURL_DOES_CONVERSIONS
+
#undef _U
#define _U (1<<0) /* upper case */
#undef _L
@@ -120,3 +122,12 @@ int Curl_islower(int c)
return FALSE;
return (ascii[c] & (_L));
}
+
+int Curl_iscntrl(int c)
+{
+ if((c < 0) || (c >= 0x80))
+ return FALSE;
+ return (ascii[c] & (_C));
+}
+
+#endif /* !CURL_DOES_CONVERSIONS */
diff --git a/lib/curl_ctype.h b/lib/curl_ctype.h
index da3bd95a6..6e94bb1b4 100644
--- a/lib/curl_ctype.h
+++ b/lib/curl_ctype.h
@@ -22,6 +22,34 @@
*
***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef CURL_DOES_CONVERSIONS
+
+/*
+ * Uppercase macro versions of ANSI/ISO is*() functions/macros which
+ * avoid negative number inputs with argument byte codes > 127.
+ *
+ * For non-ASCII platforms the C library character classification routines
+ * are used despite being locale-dependent, because this is better than
+ * not to work at all.
+ */
+#include <ctype.h>
+
+#define ISSPACE(x) (isspace((int) ((unsigned char)x)))
+#define ISDIGIT(x) (isdigit((int) ((unsigned char)x)))
+#define ISALNUM(x) (isalnum((int) ((unsigned char)x)))
+#define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x)))
+#define ISGRAPH(x) (isgraph((int) ((unsigned char)x)))
+#define ISALPHA(x) (isalpha((int) ((unsigned char)x)))
+#define ISPRINT(x) (isprint((int) ((unsigned char)x)))
+#define ISUPPER(x) (isupper((int) ((unsigned char)x)))
+#define ISLOWER(x) (islower((int) ((unsigned char)x)))
+#define ISCNTRL(x) (iscntrl((int) ((unsigned char)x)))
+#define ISASCII(x) (isascii((int) ((unsigned char)x)))
+
+#else
+
int Curl_isspace(int c);
int Curl_isdigit(int c);
int Curl_isalnum(int c);
@@ -31,6 +59,7 @@ int Curl_isprint(int c);
int Curl_isalpha(int c);
int Curl_isupper(int c);
int Curl_islower(int c);
+int Curl_iscntrl(int c);
#define ISSPACE(x) (Curl_isspace((int) ((unsigned char)x)))
#define ISDIGIT(x) (Curl_isdigit((int) ((unsigned char)x)))
@@ -41,7 +70,11 @@ int Curl_islower(int c);
#define ISPRINT(x) (Curl_isprint((int) ((unsigned char)x)))
#define ISUPPER(x) (Curl_isupper((int) ((unsigned char)x)))
#define ISLOWER(x) (Curl_islower((int) ((unsigned char)x)))
+#define ISCNTRL(x) (Curl_iscntrl((int) ((unsigned char)x)))
#define ISASCII(x) (((x) >= 0) && ((x) <= 0x80))
+
+#endif
+
#define ISBLANK(x) (int)((((unsigned char)x) == ' ') || \
(((unsigned char)x) == '\t'))
diff --git a/lib/curl_memrchr.c b/lib/curl_memrchr.c
index 629f327ae..d17c100a3 100644
--- a/lib/curl_memrchr.c
+++ b/lib/curl_memrchr.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -44,17 +44,18 @@
void *
Curl_memrchr(const void *s, int c, size_t n)
{
- const unsigned char *p = s;
- const unsigned char *q = s;
+ if(n > 0) {
+ const unsigned char *p = s;
+ const unsigned char *q = s;
- p += n - 1;
+ p += n - 1;
- while(p >= q) {
- if(*p == (unsigned char)c)
- return (void *)p;
- p--;
+ while(p >= q) {
+ if(*p == (unsigned char)c)
+ return (void *)p;
+ p--;
+ }
}
-
return NULL;
}
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c
index e8962769c..e27cab353 100644
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -646,15 +646,6 @@ CURLcode Curl_hmac_md5(const unsigned char *key, unsigned
int keylen,
return CURLE_OK;
}
-#ifndef SIZE_T_MAX
-/* some limits.h headers have this defined, some don't */
-#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
-#define SIZE_T_MAX 18446744073709551615U
-#else
-#define SIZE_T_MAX 4294967295U
-#endif
-#endif
-
/* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
* (uppercase UserName + Domain) as the data
*/
@@ -754,12 +745,10 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char
*ntlmv2hash,
len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;
/* Allocate the response */
- ptr = malloc(len);
+ ptr = calloc(1, len);
if(!ptr)
return CURLE_OUT_OF_MEMORY;
- memset(ptr, 0, len);
-
/* Create the BLOB structure */
snprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN,
"%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */
diff --git a/lib/curl_path.h b/lib/curl_path.h
index e89f4c79f..ebac6f375 100644
--- a/lib/curl_path.h
+++ b/lib/curl_path.h
@@ -1,3 +1,5 @@
+#ifndef HEADER_CURL_PATH_H
+#define HEADER_CURL_PATH_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -5,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -42,3 +44,4 @@ CURLcode Curl_getworkingpath(struct connectdata *conn,
char **path);
CURLcode Curl_get_pathname(const char **cpp, char **path, char *homedir);
+#endif
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c
index 26ac6d04a..158ea004d 100644
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -265,7 +265,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct
connectdata *conn,
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
conn->host.name;
const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#if defined(USE_KERBEROS5)
+#if defined(USE_KERBEROS5) || defined(USE_NTLM)
const char *service = data->set.str[STRING_SERVICE_NAME] ?
data->set.str[STRING_SERVICE_NAME] :
sasl->params->service;
@@ -333,7 +333,10 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct
connectdata *conn,
if(force_ir || data->set.sasl_ir)
result = Curl_auth_create_ntlm_type1_message(data,
conn->user, conn->passwd,
- &conn->ntlm, &resp, &len);
+ service,
+ hostname,
+ &conn->ntlm, &resp,
+ &len);
}
else
#endif
@@ -419,13 +422,11 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct
connectdata *conn,
char *chlg = NULL;
size_t chlglen = 0;
#endif
-#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5)
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
+ defined(USE_NTLM)
const char *service = data->set.str[STRING_SERVICE_NAME] ?
data->set.str[STRING_SERVICE_NAME] :
sasl->params->service;
-#endif
-#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
- defined(USE_NTLM)
char *serverdata;
#endif
size_t len = 0;
@@ -496,6 +497,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct
connectdata *conn,
/* Create the type-1 message */
result = Curl_auth_create_ntlm_type1_message(data,
conn->user, conn->passwd,
+ service, hostname,
&conn->ntlm, &resp, &len);
newstate = SASL_NTLM_TYPE2MSG;
break;
diff --git a/lib/curl_setup.h b/lib/curl_setup.h
index 89fd060c2..0d5a577cc 100644
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -447,6 +447,15 @@
# endif
#endif
+#ifndef SIZE_T_MAX
+/* some limits.h headers have this defined, some don't */
+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
+#define SIZE_T_MAX 18446744073709551615U
+#else
+#define SIZE_T_MAX 4294967295U
+#endif
+#endif
+
/*
* Arg 2 type for gethostname in case it hasn't been defined in config file.
*/
@@ -786,4 +795,9 @@ endings either CRLF or LF so 't' is appropriate.
# endif
# endif
+/* for systems that don't detect this in configure, use a sensible default */
+#ifndef CURL_SA_FAMILY_T
+#define CURL_SA_FAMILY_T unsigned short
+#endif
+
#endif /* HEADER_CURL_SETUP_H */
diff --git a/lib/easy.c b/lib/easy.c
index 8bf200650..5f8d22c40 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -746,6 +746,10 @@ static CURLcode easy_perform(struct Curl_easy *data, bool
events)
if(!data)
return CURLE_BAD_FUNCTION_ARGUMENT;
+ if(data->set.errorbuffer)
+ /* clear this as early as possible */
+ data->set.errorbuffer[0] = 0;
+
if(data->multi) {
failf(data, "easy handle already used in multi handle");
return CURLE_FAILED_INIT;
@@ -888,6 +892,9 @@ static CURLcode dupset(struct Curl_easy *dst, struct
Curl_easy *src)
/* Duplicate mime data. */
result = Curl_mime_duppart(&dst->set.mimepost, &src->set.mimepost);
+ if(src->set.resolve)
+ dst->change.resolve = dst->set.resolve;
+
return result;
}
@@ -1099,6 +1106,10 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int
action)
(KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) )
Curl_expire(data, 0, EXPIRE_RUN_NOW); /* get this handle going again */
+ /* This transfer may have been moved in or out of the bundle, update
+ the corresponding socket callback, if used */
+ Curl_updatesocket(data);
+
return result;
}
diff --git a/lib/fileinfo.c b/lib/fileinfo.c
index 387298847..4e72e1eba 100644
--- a/lib/fileinfo.c
+++ b/lib/fileinfo.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2010 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -33,14 +33,11 @@ struct fileinfo *Curl_fileinfo_alloc(void)
return calloc(1, sizeof(struct fileinfo));
}
-void Curl_fileinfo_dtor(void *user, void *element)
+void Curl_fileinfo_cleanup(struct fileinfo *finfo)
{
- struct fileinfo *finfo = element;
- (void) user;
if(!finfo)
return;
Curl_safefree(finfo->info.b_data);
-
free(finfo);
}
diff --git a/lib/fileinfo.h b/lib/fileinfo.h
index a5ead4685..ed3347de4 100644
--- a/lib/fileinfo.h
+++ b/lib/fileinfo.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010, 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2010 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -31,7 +31,6 @@ struct fileinfo {
};
struct fileinfo *Curl_fileinfo_alloc(void);
-
-void Curl_fileinfo_dtor(void *, void *);
+void Curl_fileinfo_cleanup(struct fileinfo *finfo);
#endif /* HEADER_CURL_FILEINFO_H */
diff --git a/lib/ftp.c b/lib/ftp.c
index 426845bea..9c434af80 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -1621,7 +1621,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata
*conn,
Curl_set_in_callback(data, true);
seekerr = conn->seek_func(conn->seek_client, data->state.resume_from,
SEEK_SET);
- Curl_set_in_callback(data, true);
+ Curl_set_in_callback(data, false);
}
if(seekerr != CURL_SEEKFUNC_OK) {
@@ -1788,7 +1788,7 @@ static CURLcode ftp_epsv_disable(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- if(conn->bits.ipv6) {
+ if(conn->bits.ipv6 && !(conn->bits.tunnel_proxy || conn->bits.socksproxy)) {
/* We can't disable EPSV when doing IPv6, so this is instead a fail */
failf(conn->data, "Failed EPSV attempt, exiting\n");
return CURLE_WEIRD_SERVER_REPLY;
@@ -1910,13 +1910,13 @@ static CURLcode ftp_state_pasv_resp(struct connectdata
*conn,
if(data->set.ftp_skip_ip) {
/* told to ignore the remotely given IP but instead use the host we used
for the control connection */
- infof(data, "Skip %d.%d.%d.%d for data connection, re-use %s instead\n",
+ infof(data, "Skip %u.%u.%u.%u for data connection, re-use %s instead\n",
ip[0], ip[1], ip[2], ip[3],
conn->host.name);
ftpc->newhost = strdup(control_address(conn));
}
else
- ftpc->newhost = aprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+ ftpc->newhost = aprintf("%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
if(!ftpc->newhost)
return CURLE_OUT_OF_MEMORY;
@@ -3687,10 +3687,10 @@ CURLcode ftp_perform(struct connectdata *conn,
static void wc_data_dtor(void *ptr)
{
- struct ftp_wc_tmpdata *tmp = ptr;
- if(tmp)
- Curl_ftp_parselist_data_free(&tmp->parser);
- free(tmp);
+ struct ftp_wc *ftpwc = ptr;
+ if(ftpwc && ftpwc->parser)
+ Curl_ftp_parselist_data_free(&ftpwc->parser);
+ free(ftpwc);
}
static CURLcode init_wc_data(struct connectdata *conn)
@@ -3699,7 +3699,7 @@ static CURLcode init_wc_data(struct connectdata *conn)
char *path = conn->data->state.path;
struct WildcardData *wildcard = &(conn->data->wildcard);
CURLcode result = CURLE_OK;
- struct ftp_wc_tmpdata *ftp_tmp;
+ struct ftp_wc *ftpwc = NULL;
last_slash = strrchr(conn->data->state.path, '/');
if(last_slash) {
@@ -3731,23 +3731,22 @@ static CURLcode init_wc_data(struct connectdata *conn)
/* program continues only if URL is not ending with slash, allocate needed
resources for wildcard transfer */
- /* allocate ftp protocol specific temporary wildcard data */
- ftp_tmp = calloc(1, sizeof(struct ftp_wc_tmpdata));
- if(!ftp_tmp) {
- Curl_safefree(wildcard->pattern);
- return CURLE_OUT_OF_MEMORY;
+ /* allocate ftp protocol specific wildcard data */
+ ftpwc = calloc(1, sizeof(struct ftp_wc));
+ if(!ftpwc) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
}
/* INITIALIZE parselist structure */
- ftp_tmp->parser = Curl_ftp_parselist_data_alloc();
- if(!ftp_tmp->parser) {
- Curl_safefree(wildcard->pattern);
- free(ftp_tmp);
- return CURLE_OUT_OF_MEMORY;
+ ftpwc->parser = Curl_ftp_parselist_data_alloc();
+ if(!ftpwc->parser) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
}
- wildcard->tmp = ftp_tmp; /* put it to the WildcardData tmp pointer */
- wildcard->tmp_dtor = wc_data_dtor;
+ wildcard->protdata = ftpwc; /* put it to the WildcardData tmp pointer */
+ wildcard->dtor = wc_data_dtor;
/* wildcard does not support NOCWD option (assert it?) */
if(conn->data->set.ftp_filemethod == FTPFILE_NOCWD)
@@ -3756,33 +3755,36 @@ static CURLcode init_wc_data(struct connectdata *conn)
/* try to parse ftp url */
result = ftp_parse_url_path(conn);
if(result) {
- Curl_safefree(wildcard->pattern);
- wildcard->tmp_dtor(wildcard->tmp);
- wildcard->tmp_dtor = ZERO_NULL;
- wildcard->tmp = NULL;
- return result;
+ goto fail;
}
wildcard->path = strdup(conn->data->state.path);
if(!wildcard->path) {
- Curl_safefree(wildcard->pattern);
- wildcard->tmp_dtor(wildcard->tmp);
- wildcard->tmp_dtor = ZERO_NULL;
- wildcard->tmp = NULL;
- return CURLE_OUT_OF_MEMORY;
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
}
/* backup old write_function */
- ftp_tmp->backup.write_function = conn->data->set.fwrite_func;
+ ftpwc->backup.write_function = conn->data->set.fwrite_func;
/* parsing write function */
conn->data->set.fwrite_func = Curl_ftp_parselist;
/* backup old file descriptor */
- ftp_tmp->backup.file_descriptor = conn->data->set.out;
+ ftpwc->backup.file_descriptor = conn->data->set.out;
/* let the writefunc callback know what curl pointer is working with */
conn->data->set.out = conn;
infof(conn->data, "Wildcard - Parsing started\n");
return CURLE_OK;
+
+ fail:
+ if(ftpwc) {
+ Curl_ftp_parselist_data_free(&ftpwc->parser);
+ free(ftpwc);
+ }
+ Curl_safefree(wildcard->pattern);
+ wildcard->dtor = ZERO_NULL;
+ wildcard->protdata = NULL;
+ return result;
}
/* This is called recursively */
@@ -3803,14 +3805,14 @@ static CURLcode wc_statemach(struct connectdata *conn)
case CURLWC_MATCHING: {
/* In this state is LIST response successfully parsed, so lets restore
previous WRITEFUNCTION callback and WRITEDATA pointer */
- struct ftp_wc_tmpdata *ftp_tmp = wildcard->tmp;
- conn->data->set.fwrite_func = ftp_tmp->backup.write_function;
- conn->data->set.out = ftp_tmp->backup.file_descriptor;
- ftp_tmp->backup.write_function = ZERO_NULL;
- ftp_tmp->backup.file_descriptor = NULL;
+ struct ftp_wc *ftpwc = wildcard->protdata;
+ conn->data->set.fwrite_func = ftpwc->backup.write_function;
+ conn->data->set.out = ftpwc->backup.file_descriptor;
+ ftpwc->backup.write_function = ZERO_NULL;
+ ftpwc->backup.file_descriptor = NULL;
wildcard->state = CURLWC_DOWNLOADING;
- if(Curl_ftp_parselist_geterror(ftp_tmp->parser)) {
+ if(Curl_ftp_parselist_geterror(ftpwc->parser)) {
/* error found in LIST parsing */
wildcard->state = CURLWC_CLEAN;
return wc_statemach(conn);
@@ -3892,10 +3894,10 @@ static CURLcode wc_statemach(struct connectdata *conn)
}
case CURLWC_CLEAN: {
- struct ftp_wc_tmpdata *ftp_tmp = wildcard->tmp;
+ struct ftp_wc *ftpwc = wildcard->protdata;
result = CURLE_OK;
- if(ftp_tmp)
- result = Curl_ftp_parselist_geterror(ftp_tmp->parser);
+ if(ftpwc)
+ result = Curl_ftp_parselist_geterror(ftpwc->parser);
wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE;
} break;
@@ -3903,6 +3905,8 @@ static CURLcode wc_statemach(struct connectdata *conn)
case CURLWC_DONE:
case CURLWC_ERROR:
case CURLWC_CLEAR:
+ if(wildcard->dtor)
+ wildcard->dtor(wildcard->protdata);
break;
}
diff --git a/lib/ftp.h b/lib/ftp.h
index e4aa63f17..7ec339118 100644
--- a/lib/ftp.h
+++ b/lib/ftp.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -81,7 +81,7 @@ typedef enum {
struct ftp_parselist_data; /* defined later in ftplistparser.c */
-struct ftp_wc_tmpdata {
+struct ftp_wc {
struct ftp_parselist_data *parser;
struct {
diff --git a/lib/ftplistparser.c b/lib/ftplistparser.c
index e4de8cba0..371199441 100644
--- a/lib/ftplistparser.c
+++ b/lib/ftplistparser.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -185,10 +185,13 @@ struct ftp_parselist_data
*Curl_ftp_parselist_data_alloc(void)
}
-void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data)
+void Curl_ftp_parselist_data_free(struct ftp_parselist_data **parserp)
{
- free(*pl_data);
- *pl_data = NULL;
+ struct ftp_parselist_data *parser = *parserp;
+ if(parser)
+ Curl_fileinfo_cleanup(parser->file_data);
+ free(parser);
+ *parserp = NULL;
}
@@ -270,9 +273,9 @@ static CURLcode ftp_pl_insert_finfo(struct connectdata
*conn,
{
curl_fnmatch_callback compare;
struct WildcardData *wc = &conn->data->wildcard;
- struct ftp_wc_tmpdata *tmpdata = wc->tmp;
+ struct ftp_wc *ftpwc = wc->protdata;
struct curl_llist *llist = &wc->filelist;
- struct ftp_parselist_data *parser = tmpdata->parser;
+ struct ftp_parselist_data *parser = ftpwc->parser;
bool add = TRUE;
struct curl_fileinfo *finfo = &infop->info;
@@ -313,10 +316,10 @@ static CURLcode ftp_pl_insert_finfo(struct connectdata
*conn,
Curl_llist_insert_next(llist, llist->tail, finfo, &infop->list);
}
else {
- Curl_fileinfo_dtor(NULL, finfo);
+ Curl_fileinfo_cleanup(infop);
}
- tmpdata->parser->file_data = NULL;
+ ftpwc->parser->file_data = NULL;
return CURLE_OK;
}
@@ -325,8 +328,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t
nmemb,
{
size_t bufflen = size*nmemb;
struct connectdata *conn = (struct connectdata *)connptr;
- struct ftp_wc_tmpdata *tmpdata = conn->data->wildcard.tmp;
- struct ftp_parselist_data *parser = tmpdata->parser;
+ struct ftp_wc *ftpwc = conn->data->wildcard.protdata;
+ struct ftp_parselist_data *parser = ftpwc->parser;
struct fileinfo *infop;
struct curl_fileinfo *finfo;
unsigned long i = 0;
@@ -381,7 +384,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t
nmemb,
finfo->b_data = tmp;
}
else {
- Curl_fileinfo_dtor(NULL, parser->file_data);
+ Curl_fileinfo_cleanup(parser->file_data);
parser->file_data = NULL;
parser->error = CURLE_OUT_OF_MEMORY;
goto fail;
@@ -1003,12 +1006,13 @@ size_t Curl_ftp_parselist(char *buffer, size_t size,
size_t nmemb,
i++;
}
+ return retsize;
fail:
/* Clean up any allocated memory. */
if(parser->file_data) {
- Curl_fileinfo_dtor(NULL, parser->file_data);
+ Curl_fileinfo_cleanup(parser->file_data);
parser->file_data = NULL;
}
diff --git a/lib/hash.c b/lib/hash.c
index 5733d975b..56a019f05 100644
--- a/lib/hash.c
+++ b/lib/hash.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -261,11 +261,11 @@ size_t Curl_hash_str(void *key, size_t key_length, size_t
slots_num)
{
const char *key_str = (const char *) key;
const char *end = key_str + key_length;
- unsigned long h = 5381;
+ size_t h = 5381;
while(key_str < end) {
h += h << 5;
- h ^= (unsigned long) *key_str++;
+ h ^= *key_str++;
}
return (h % slots_num);
diff --git a/lib/hostcheck.c b/lib/hostcheck.c
index 37bcc12c1..c9d8112d8 100644
--- a/lib/hostcheck.c
+++ b/lib/hostcheck.c
@@ -25,7 +25,7 @@
#if defined(USE_OPENSSL) \
|| defined(USE_AXTLS) \
|| defined(USE_GSKIT) \
- || (defined(USE_SCHANNEL) && defined(_WIN32_WCE))
+ || defined(USE_SCHANNEL)
/* these backends use functions from this file */
#ifdef HAVE_NETINET_IN_H
diff --git a/lib/hostip.c b/lib/hostip.c
index 8554d39d1..c2f9defd9 100644
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -54,6 +54,7 @@
#include "sendf.h"
#include "hostip.h"
#include "hash.h"
+#include "rand.h"
#include "share.h"
#include "strerror.h"
#include "url.h"
@@ -367,6 +368,70 @@ Curl_fetch_addr(struct connectdata *conn,
}
/*
+ * Curl_shuffle_addr() shuffles the order of addresses in a 'Curl_addrinfo'
+ * struct by re-linking its linked list.
+ *
+ * The addr argument should be the address of a pointer to the head node of a
+ * `Curl_addrinfo` list and it will be modified to point to the new head after
+ * shuffling.
+ *
+ * Not declared static only to make it easy to use in a unit test!
+ *
+ * @unittest: 1608
+ */
+CURLcode Curl_shuffle_addr(struct Curl_easy *data, Curl_addrinfo **addr)
+{
+ CURLcode result = CURLE_OK;
+ const int num_addrs = Curl_num_addresses(*addr);
+
+ if(num_addrs > 1) {
+ Curl_addrinfo **nodes;
+ infof(data, "Shuffling %i addresses", num_addrs);
+
+ nodes = malloc(num_addrs*sizeof(*nodes));
+ if(nodes) {
+ int i;
+ unsigned int *rnd;
+ const size_t rnd_size = num_addrs * sizeof(*rnd);
+
+ /* build a plain array of Curl_addrinfo pointers */
+ nodes[0] = *addr;
+ for(i = 1; i < num_addrs; i++) {
+ nodes[i] = nodes[i-1]->ai_next;
+ }
+
+ rnd = malloc(rnd_size);
+ if(rnd) {
+ /* Fisher-Yates shuffle */
+ if(Curl_rand(data, (unsigned char *)rnd, rnd_size) == CURLE_OK) {
+ Curl_addrinfo *swap_tmp;
+ for(i = num_addrs - 1; i > 0; i--) {
+ swap_tmp = nodes[rnd[i] % (i + 1)];
+ nodes[rnd[i] % (i + 1)] = nodes[i];
+ nodes[i] = swap_tmp;
+ }
+
+ /* relink list in the new order */
+ for(i = 1; i < num_addrs; i++) {
+ nodes[i-1]->ai_next = nodes[i];
+ }
+
+ nodes[num_addrs-1]->ai_next = NULL;
+ *addr = nodes[0];
+ }
+ free(rnd);
+ }
+ else
+ result = CURLE_OUT_OF_MEMORY;
+ free(nodes);
+ }
+ else
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ return result;
+}
+
+/*
* Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
*
* When calling Curl_resolv() has resulted in a response with a returned
@@ -386,6 +451,13 @@ Curl_cache_addr(struct Curl_easy *data,
struct Curl_dns_entry *dns;
struct Curl_dns_entry *dns2;
+ /* shuffle addresses if requested */
+ if(data->set.dns_shuffle_addresses) {
+ CURLcode result = Curl_shuffle_addr(data, &addr);
+ if(!result)
+ return NULL;
+ }
+
/* Create an entry id, based upon the hostname and port */
entry_id = create_hostcache_id(hostname, port);
/* If we can't create the entry id, fail */
diff --git a/lib/hostip.h b/lib/hostip.h
index 298eeeee3..1de4bee8d 100644
--- a/lib/hostip.h
+++ b/lib/hostip.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -182,6 +182,17 @@ struct Curl_dns_entry *
Curl_fetch_addr(struct connectdata *conn,
const char *hostname,
int port);
+
+/*
+ * Curl_shuffle_addr() shuffles the order of addresses in a 'Curl_addrinfo'
+ * struct by re-linking its linked list.
+ *
+ * The addr argument should be the address of a pointer to the head node of a
+ * `Curl_addrinfo` list and it will be modified to point to the new head after
+ * shuffling.
+ */
+CURLcode Curl_shuffle_addr(struct Curl_easy *data, Curl_addrinfo **addr);
+
/*
* Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
*
diff --git a/lib/http.c b/lib/http.c
index ca63eddd6..1b3272174 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -92,6 +92,8 @@ static int http_getsock_do(struct connectdata *conn,
int numsocks);
static int http_should_fail(struct connectdata *conn);
+static CURLcode add_haproxy_protocol_header(struct connectdata *conn);
+
#ifdef USE_SSL
static CURLcode https_connecting(struct connectdata *conn, bool *done);
static int https_getsock(struct connectdata *conn,
@@ -212,8 +214,6 @@ char *Curl_copy_header_value(const char *header)
char *value;
size_t len;
- DEBUGASSERT(header);
-
/* Find the end of the header name */
while(*header && (*header != ':'))
++header;
@@ -433,7 +433,7 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
data left to send, keep on sending. */
/* rewind data when completely done sending! */
- if(!conn->bits.authneg) {
+ if(!conn->bits.authneg && (conn->writesockfd != CURL_SOCKET_BAD)) {
conn->bits.rewindaftersend = TRUE;
infof(data, "Rewind stream after send\n");
}
@@ -1358,6 +1358,13 @@ CURLcode Curl_http_connect(struct connectdata *conn,
bool *done)
/* nothing else to do except wait right now - we're not done here. */
return CURLE_OK;
+ if(conn->data->set.haproxyprotocol) {
+ /* add HAProxy PROXY protocol header */
+ result = add_haproxy_protocol_header(conn);
+ if(result)
+ return result;
+ }
+
if(conn->given->protocol & CURLPROTO_HTTPS) {
/* perform SSL initialization */
result = https_connecting(conn, done);
@@ -1383,6 +1390,47 @@ static int http_getsock_do(struct connectdata *conn,
return GETSOCK_WRITESOCK(0);
}
+static CURLcode add_haproxy_protocol_header(struct connectdata *conn)
+{
+ char proxy_header[128];
+ Curl_send_buffer *req_buffer;
+ CURLcode result;
+ char tcp_version[5];
+
+ /* Emit the correct prefix for IPv6 */
+ if(conn->bits.ipv6) {
+ strcpy(tcp_version, "TCP6");
+ }
+ else {
+ strcpy(tcp_version, "TCP4");
+ }
+
+ snprintf(proxy_header,
+ sizeof proxy_header,
+ "PROXY %s %s %s %li %li\r\n",
+ tcp_version,
+ conn->data->info.conn_local_ip,
+ conn->data->info.conn_primary_ip,
+ conn->data->info.conn_local_port,
+ conn->data->info.conn_primary_port);
+
+ req_buffer = Curl_add_buffer_init();
+ if(!req_buffer)
+ return CURLE_OUT_OF_MEMORY;
+
+ result = Curl_add_bufferf(req_buffer, proxy_header);
+ if(result)
+ return result;
+
+ result = Curl_add_buffer_send(req_buffer,
+ conn,
+ &conn->data->info.request_size,
+ 0,
+ FIRSTSOCKET);
+
+ return result;
+}
+
#ifdef USE_SSL
static CURLcode https_connecting(struct connectdata *conn, bool *done)
{
@@ -2084,7 +2132,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
host,
conn->bits.ipv6_ip?"]":"");
else
- conn->allocptr.host = aprintf("Host: %s%s%s:%hu\r\n",
+ conn->allocptr.host = aprintf("Host: %s%s%s:%d\r\n",
conn->bits.ipv6_ip?"[":"",
host,
conn->bits.ipv6_ip?"]":"",
@@ -2966,6 +3014,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
{
CURLcode result;
struct SingleRequest *k = &data->req;
+ ssize_t onread = *nread;
+ char *ostr = k->str;
/* header line within buffer loop */
do {
@@ -3030,7 +3080,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
else {
/* this was all we read so it's all a bad header */
k->badheader = HEADER_ALLBAD;
- *nread = (ssize_t)rest_length;
+ *nread = onread;
+ k->str = ostr;
+ return CURLE_OK;
}
break;
}
@@ -3684,7 +3736,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy
*data,
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE,
CURL_LOCK_ACCESS_SINGLE);
Curl_cookie_add(data,
- data->cookies, TRUE, k->p + 11,
+ data->cookies, TRUE, FALSE, k->p + 11,
/* If there is a custom-set Host: name, use it
here, or else use real peer host name. */
conn->allocptr.cookiehost?
diff --git a/lib/http.h b/lib/http.h
index 35b829679..28caed123 100644
--- a/lib/http.h
+++ b/lib/http.h
@@ -104,7 +104,7 @@ CURLcode Curl_http_perhapsrewind(struct connectdata *conn);
This value used to be fairly big (100K), but we must take into account that
if the server rejects the POST due for authentication reasons, this data
- will always be uncondtionally sent and thus it may not be larger than can
+ will always be unconditionally sent and thus it may not be larger than can
always be afforded to send twice.
It must not be greater than 64K to work on VMS.
@@ -186,9 +186,6 @@ struct HTTP {
#endif
};
-typedef int (*sending)(void); /* Curl_send */
-typedef int (*recving)(void); /* Curl_recv */
-
#ifdef USE_NGHTTP2
/* h2 settings for this connection */
struct h2settings {
@@ -197,15 +194,14 @@ struct h2settings {
};
#endif
-
struct http_conn {
#ifdef USE_NGHTTP2
#define H2_BINSETTINGS_LEN 80
nghttp2_session *h2;
uint8_t binsettings[H2_BINSETTINGS_LEN];
size_t binlen; /* length of the binsettings data */
- sending send_underlying; /* underlying send Curl_send callback */
- recving recv_underlying; /* underlying recv Curl_recv callback */
+ Curl_send *send_underlying; /* underlying send Curl_send callback */
+ Curl_recv *recv_underlying; /* underlying recv Curl_recv callback */
char *inbuf; /* buffer to receive data from underlying socket */
size_t inbuflen; /* number of bytes filled in inbuf */
size_t nread_inbuf; /* number of bytes read from in inbuf */
diff --git a/lib/http2.c b/lib/http2.c
index fd32b2405..20df99627 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -41,6 +41,7 @@
#include "curl_memory.h"
#include "memdebug.h"
+#define H2_BUFSIZE 32768
#define MIN(x,y) ((x)<(y)?(x):(y))
#if (NGHTTP2_VERSION_NUM < 0x010000)
@@ -71,6 +72,16 @@
#define H2BUGF(x) do { } WHILE_FALSE
#endif
+
+static ssize_t http2_recv(struct connectdata *conn, int sockindex,
+ char *mem, size_t len, CURLcode *err);
+static bool http2_connisdead(struct connectdata *conn);
+static int h2_session_send(struct Curl_easy *data,
+ nghttp2_session *h2);
+static int h2_process_pending_input(struct connectdata *conn,
+ struct http_conn *httpc,
+ CURLcode *err);
+
/*
* Curl_http2_init_state() is called when the easy handle is created and
* allows for HTTP/2 specific init of state.
@@ -97,6 +108,7 @@ static int http2_perform_getsock(const struct connectdata
*conn,
int numsocks)
{
const struct http_conn *c = &conn->proto.httpc;
+ struct SingleRequest *k = &conn->data->req;
int bitmap = GETSOCK_BLANK;
(void)numsocks;
@@ -108,7 +120,9 @@ static int http2_perform_getsock(const struct connectdata
*conn,
always be ready for one */
bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
- if(nghttp2_session_want_write(c->h2))
+ /* we're still uploading or the HTTP/2 layer wants to send data */
+ if(((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) ||
+ nghttp2_session_want_write(c->h2))
bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
return bitmap;
@@ -151,6 +165,7 @@ static CURLcode http2_disconnect(struct connectdata *conn,
nghttp2_session_del(c->h2);
Curl_safefree(c->inbuf);
http2_stream_free(conn->data->req.protop);
+ conn->data->state.drain = 0;
H2BUGF(infof(conn->data, "HTTP/2 DISCONNECT done\n"));
@@ -164,29 +179,54 @@ static CURLcode http2_disconnect(struct connectdata *conn,
* Instead, if it is readable, run Curl_connalive() to peek at the socket
* and distinguish between closed and data.
*/
-static bool http2_connisdead(struct connectdata *check)
+static bool http2_connisdead(struct connectdata *conn)
{
int sval;
- bool ret_val = TRUE;
+ bool dead = TRUE;
- sval = SOCKET_READABLE(check->sock[FIRSTSOCKET], 0);
+ if(conn->bits.close)
+ return TRUE;
+
+ sval = SOCKET_READABLE(conn->sock[FIRSTSOCKET], 0);
if(sval == 0) {
/* timeout */
- ret_val = FALSE;
+ dead = FALSE;
}
else if(sval & CURL_CSELECT_ERR) {
/* socket is in an error state */
- ret_val = TRUE;
+ dead = TRUE;
}
else if(sval & CURL_CSELECT_IN) {
/* readable with no error. could still be closed */
- ret_val = !Curl_connalive(check);
+ dead = !Curl_connalive(conn);
+ if(!dead) {
+ /* This happens before we've sent off a request and the connection is
+ not in use by any other thransfer, there shouldn't be any data here,
+ only "protocol frames" */
+ CURLcode result;
+ struct http_conn *httpc = &conn->proto.httpc;
+ ssize_t nread = -1;
+ if(httpc->recv_underlying)
+ /* if called "too early", this pointer isn't setup yet! */
+ nread = ((Curl_recv *)httpc->recv_underlying)(
+ conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result);
+ if(nread != -1) {
+ infof(conn->data,
+ "%d bytes stray data read before trying h2 connection\n",
+ (int)nread);
+ httpc->nread_inbuf = 0;
+ httpc->inbuflen = nread;
+ (void)h2_process_pending_input(conn, httpc, &result);
+ }
+ else
+ /* the read failed so let's say this is dead anyway */
+ dead = TRUE;
+ }
}
- return ret_val;
+ return dead;
}
-
static unsigned int http2_conncheck(struct connectdata *check,
unsigned int checks_to_perform)
{
@@ -519,7 +559,6 @@ static int on_frame_recv(nghttp2_session *session, const
nghttp2_frame *frame,
struct http_conn *httpc = &conn->proto.httpc;
struct Curl_easy *data_s = NULL;
struct HTTP *stream = NULL;
- static int lastStream = -1;
int rv;
size_t left, ncopy;
int32_t stream_id = frame->hd.stream_id;
@@ -550,9 +589,6 @@ static int on_frame_recv(nghttp2_session *session, const
nghttp2_frame *frame,
return 0;
}
data_s = nghttp2_session_get_stream_user_data(session, stream_id);
- if(lastStream != stream_id) {
- lastStream = stream_id;
- }
if(!data_s) {
H2BUGF(infof(conn->data,
"No Curl_easy associated with stream: %x\n",
@@ -562,7 +598,7 @@ static int on_frame_recv(nghttp2_session *session, const
nghttp2_frame *frame,
stream = data_s->req.protop;
if(!stream) {
- H2BUGF(infof(conn->data, "No proto pointer for stream: %x\n",
+ H2BUGF(infof(data_s, "No proto pointer for stream: %x\n",
stream_id));
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
@@ -590,8 +626,10 @@ static int on_frame_recv(nghttp2_session *session, const
nghttp2_frame *frame,
}
/* nghttp2 guarantees that :status is received, and we store it to
- stream->status_code */
- DEBUGASSERT(stream->status_code != -1);
+ stream->status_code. Fuzzing has proven this can still be reached
+ without status code having been set. */
+ if(stream->status_code == -1)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
/* Only final status code signals the end of header */
if(stream->status_code / 100 != 1) {
@@ -638,7 +676,7 @@ static int on_frame_recv(nghttp2_session *session, const
nghttp2_frame *frame,
}
break;
default:
- H2BUGF(infof(conn->data, "Got frame type %x for stream %u!\n",
+ H2BUGF(infof(data_s, "Got frame type %x for stream %u!\n",
frame->hd.type, stream_id));
break;
}
@@ -837,16 +875,12 @@ static int on_begin_headers(nghttp2_session *session,
return 0;
}
- /* This is trailer HEADERS started. Allocate buffer for them. */
- H2BUGF(infof(data_s, "trailer field started\n"));
-
- DEBUGASSERT(stream->trailer_recvbuf == NULL);
-
- stream->trailer_recvbuf = Curl_add_buffer_init();
if(!stream->trailer_recvbuf) {
- return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+ stream->trailer_recvbuf = Curl_add_buffer_init();
+ if(!stream->trailer_recvbuf) {
+ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+ }
}
-
return 0;
}
@@ -1039,8 +1073,6 @@ static ssize_t data_source_read_callback(nghttp2_session
*session,
return nread;
}
-#define H2_BUFSIZE 32768
-
#ifdef NGHTTP2_HAS_ERROR_CALLBACK
static int error_callback(nghttp2_session *session,
const char *msg,
@@ -1078,7 +1110,6 @@ void Curl_http2_done(struct connectdata *conn, bool
premature)
struct http_conn *httpc = &conn->proto.httpc;
if(http->header_recvbuf) {
- H2BUGF(infof(data, "free header_recvbuf!!\n"));
Curl_add_buffer_free(http->header_recvbuf);
http->header_recvbuf = NULL; /* clear the pointer */
Curl_add_buffer_free(http->trailer_recvbuf);
@@ -1227,9 +1258,6 @@ static int should_close_session(struct http_conn *httpc)
!nghttp2_session_want_write(httpc->h2);
}
-static int h2_session_send(struct Curl_easy *data,
- nghttp2_session *h2);
-
/*
* h2_process_pending_input() processes pending input left in
* httpc->inbuf. Then, call h2_session_send() to send pending data.
@@ -1351,7 +1379,15 @@ static ssize_t http2_handle_stream_close(struct
connectdata *conn,
/* Reset to FALSE to prevent infinite loop in readwrite_data function. */
stream->closed = FALSE;
- if(httpc->error_code != NGHTTP2_NO_ERROR) {
+ if(httpc->error_code == NGHTTP2_REFUSED_STREAM) {
+ H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection!\n",
+ stream->stream_id));
+ connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */
+ data->state.refused_stream = TRUE;
+ *err = CURLE_RECV_ERROR; /* trigger Curl_retry_request() later */
+ return -1;
+ }
+ else if(httpc->error_code != NGHTTP2_NO_ERROR) {
failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)",
stream->stream_id, Curl_http2_strerror(httpc->error_code),
httpc->error_code);
@@ -1361,7 +1397,7 @@ static ssize_t http2_handle_stream_close(struct
connectdata *conn,
if(!stream->bodystarted) {
failf(data, "HTTP/2 stream %u was closed cleanly, but before getting "
- " all response header fields, teated as error",
+ " all response header fields, treated as error",
stream->stream_id);
*err = CURLE_HTTP2_STREAM;
return -1;
@@ -1579,9 +1615,9 @@ static ssize_t http2_recv(struct connectdata *conn, int
sockindex,
}
if(nread == 0) {
- failf(data, "Unexpected EOF");
- *err = CURLE_RECV_ERROR;
- return -1;
+ H2BUGF(infof(data, "end of stream\n"));
+ *err = CURLE_OK;
+ return 0;
}
H2BUGF(infof(data, "nread=%zd\n", nread));
@@ -1827,8 +1863,11 @@ static ssize_t http2_send(struct connectdata *conn, int
sockindex,
return -1;
}
- /* Extract :method, :path from request line */
- line_end = strstr(hdbuf, "\r\n");
+ /* Extract :method, :path from request line
+ We do line endings with CRLF so checking for CR is enough */
+ line_end = memchr(hdbuf, '\r', len);
+ if(!line_end)
+ goto fail;
/* Method does not contain spaces */
end = memchr(hdbuf, ' ', line_end - hdbuf);
@@ -1886,8 +1925,10 @@ static ssize_t http2_send(struct connectdata *conn, int
sockindex,
hdbuf = line_end + 2;
- line_end = strstr(hdbuf, "\r\n");
- if(line_end == hdbuf)
+ /* check for next CR, but only within the piece of data left in the given
+ buffer */
+ line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem));
+ if(!line_end || (line_end == hdbuf))
goto fail;
/* header continuation lines are not supported */
@@ -2096,8 +2137,8 @@ CURLcode Curl_http2_switched(struct connectdata *conn,
if(result)
return result;
- httpc->recv_underlying = (recving)conn->recv[FIRSTSOCKET];
- httpc->send_underlying = (sending)conn->send[FIRSTSOCKET];
+ httpc->recv_underlying = conn->recv[FIRSTSOCKET];
+ httpc->send_underlying = conn->send[FIRSTSOCKET];
conn->recv[FIRSTSOCKET] = http2_recv;
conn->send[FIRSTSOCKET] = http2_send;
diff --git a/lib/http_chunks.c b/lib/http_chunks.c
index 8368eeca6..18dfcb282 100644
--- a/lib/http_chunks.c
+++ b/lib/http_chunks.c
@@ -74,6 +74,19 @@
*/
+#ifdef CURL_DOES_CONVERSIONS
+/* Check for an ASCII hex digit.
+ We avoid the use of ISXDIGIT to accommodate non-ASCII hosts. */
+static bool Curl_isxdigit_ascii(char digit)
+{
+ return (digit >= 0x30 && digit <= 0x39) /* 0-9 */
+ || (digit >= 0x41 && digit <= 0x46) /* A-F */
+ || (digit >= 0x61 && digit <= 0x66); /* a-f */
+}
+#else
+#define Curl_isxdigit_ascii(x) Curl_isxdigit(x)
+#endif
+
void Curl_httpchunk_init(struct connectdata *conn)
{
struct Curl_chunker *chunk = &conn->chunk;
@@ -119,7 +132,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
while(length) {
switch(ch->state) {
case CHUNK_HEX:
- if(Curl_isxdigit(*datap)) {
+ if(Curl_isxdigit_ascii(*datap)) {
if(ch->hexindex < MAXNUM_SIZE) {
ch->hexbuffer[ch->hexindex] = *datap;
datap++;
diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 51375e81d..ddcd65b3b 100644
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -89,7 +89,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool
proxy,
}
}
- /* Initilise the security context and decode our challenge */
+ /* Initialize the security context and decode our challenge */
result = Curl_auth_decode_spnego_message(data, userp, passwdp, service,
host, header, neg_ctx);
diff --git a/lib/http_ntlm.c b/lib/http_ntlm.c
index 0f1edcf65..fd5540b5d 100644
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -121,9 +121,11 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool
proxy)
server, which is for a plain host or for a HTTP proxy */
char **allocuserpwd;
- /* point to the name and password for this */
+ /* point to the username, password, service and host */
const char *userp;
const char *passwdp;
+ const char *service = NULL;
+ const char *hostname = NULL;
/* point to the correct struct with this */
struct ntlmdata *ntlm;
@@ -141,6 +143,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool
proxy)
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
passwdp = conn->http_proxy.passwd;
+ service = conn->data->set.str[STRING_PROXY_SERVICE_NAME] ?
+ conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
+ hostname = conn->http_proxy.host.name;
ntlm = &conn->proxyntlm;
authp = &conn->data->state.authproxy;
}
@@ -148,6 +153,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool
proxy)
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
passwdp = conn->passwd;
+ service = conn->data->set.str[STRING_SERVICE_NAME] ?
+ conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
+ hostname = conn->host.name;
ntlm = &conn->ntlm;
authp = &conn->data->state.authhost;
}
@@ -174,7 +182,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool
proxy)
default: /* for the weird cases we (re)start here */
/* Create a type-1 message */
result = Curl_auth_create_ntlm_type1_message(conn->data, userp, passwdp,
- ntlm, &base64, &len);
+ service, hostname,
+ ntlm, &base64,
+ &len);
if(result)
return result;
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 4465befa1..85e0be083 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -221,7 +221,7 @@ static CURLcode CONNECT(struct connectdata *conn,
if(!req_buffer)
return CURLE_OUT_OF_MEMORY;
- host_port = aprintf("%s:%hu", hostname, remote_port);
+ host_port = aprintf("%s:%d", hostname, remote_port);
if(!host_port) {
Curl_add_buffer_free(req_buffer);
return CURLE_OUT_OF_MEMORY;
@@ -245,7 +245,7 @@ static CURLcode CONNECT(struct connectdata *conn,
if(hostname != conn->host.name)
ipv6_ip = (strchr(hostname, ':') != NULL);
hostheader = /* host:port with IPv6 support */
- aprintf("%s%s%s:%hu", ipv6_ip?"[":"", hostname, ipv6_ip?"]":"",
+ aprintf("%s%s%s:%d", ipv6_ip?"[":"", hostname, ipv6_ip?"]":"",
remote_port);
if(!hostheader) {
Curl_add_buffer_free(req_buffer);
diff --git a/lib/md5.c b/lib/md5.c
index a14542a85..ef53f59bb 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -484,6 +484,11 @@ static void MD5_Final(unsigned char *result, MD5_CTX *ctx)
#endif /* CRYPTO LIBS */
+/* Disable this picky gcc-8 compiler warning */
+#if defined(__GNUC__) && (__GNUC__ >= 8)
+#pragma GCC diagnostic ignored "-Wcast-function-type"
+#endif
+
const HMAC_params Curl_HMAC_MD5[] = {
{
(HMAC_hinit_func) MD5_Init, /* Hash initialization function. */
diff --git a/lib/mime.c b/lib/mime.c
index 4e48db7dd..cbb4a2ce5 100644
--- a/lib/mime.c
+++ b/lib/mime.c
@@ -241,7 +241,7 @@ static FILE * vmsfopenread(const char *file, const char
*mode)
static char *Curl_basename(char *path)
{
/* Ignore all the details above for now and make a quick and simple
- implementaion here */
+ implementation here */
char *s1;
char *s2;
@@ -1193,7 +1193,10 @@ CURLcode Curl_mime_duppart(curl_mimepart *dst, const
curl_mimepart *src)
}
/* Duplicate other fields. */
- dst->encoder = src->encoder;
+ if(dst != NULL)
+ dst->encoder = src->encoder;
+ else
+ res = CURLE_WRITE_ERROR;
if(!res)
res = curl_mime_type(dst, src->mimetype);
if(!res)
@@ -1202,7 +1205,7 @@ CURLcode Curl_mime_duppart(curl_mimepart *dst, const
curl_mimepart *src)
res = curl_mime_filename(dst, src->filename);
/* If an error occurred, rollback. */
- if(res)
+ if(res && dst)
Curl_mime_cleanpart(dst);
return res;
diff --git a/lib/multi.c b/lib/multi.c
index 5641effe2..bf68f18f7 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -77,6 +77,7 @@ static CURLMcode add_next_timeout(struct curltime now,
struct Curl_easy *d);
static CURLMcode multi_timeout(struct Curl_multi *multi,
long *timeout_ms);
+static void process_pending_handles(struct Curl_multi *multi);
#ifdef DEBUGBUILD
static const char * const statename[]={
@@ -378,6 +379,8 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
* potential multi's connection cache growing which won't be undone in this
* function no matter what.
*/
+ if(data->set.errorbuffer)
+ data->set.errorbuffer[0] = 0;
/* set the easy handle */
multistate(data, CURLM_STATE_INIT);
@@ -538,10 +541,14 @@ static CURLcode multi_done(struct connectdata **connp,
result = CURLE_ABORTED_BY_CALLBACK;
}
+ process_pending_handles(data->multi); /* connection / multiplex */
+
if(conn->send_pipe.size || conn->recv_pipe.size) {
/* Stop if pipeline is not empty . */
data->easy_conn = NULL;
- DEBUGF(infof(data, "Connection still in use, no more multi_done now!\n"));
+ DEBUGF(infof(data, "Connection still in use %d/%d, "
+ "no more multi_done now!\n",
+ conn->send_pipe.size, conn->recv_pipe.size));
return CURLE_OK;
}
@@ -653,10 +660,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi
*multi,
/* this handle is "alive" so we need to count down the total number of
alive connections when this is removed */
multi->num_alive--;
-
- /* When this handle gets removed, other handles may be able to get the
- connection */
- Curl_multi_process_pending_handles(multi);
}
if(data->easy_conn &&
@@ -1339,7 +1342,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(multi_ischanged(multi, TRUE)) {
DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!\n"));
- Curl_multi_process_pending_handles(multi);
+ process_pending_handles(multi); /* pipelined/multiplexed */
}
if(data->easy_conn && data->mstate > CURLM_STATE_CONNECT &&
@@ -1785,16 +1788,17 @@ static CURLMcode multi_runsingle(struct Curl_multi
*multi,
case CURLM_STATE_DO_DONE:
/* Move ourselves from the send to recv pipeline */
Curl_move_handle_from_send_to_recv_pipe(data, data->easy_conn);
- /* Check if we can move pending requests to send pipe */
- Curl_multi_process_pending_handles(multi);
+
+ if(data->easy_conn->bits.multiplex || data->easy_conn->send_pipe.size)
+ /* Check if we can move pending requests to send pipe */
+ process_pending_handles(multi); /* pipelined/multiplexed */
/* Only perform the transfer if there's a good socket to work with.
Having both BAD is a signal to skip immediately to DONE */
if((data->easy_conn->sockfd != CURL_SOCKET_BAD) ||
(data->easy_conn->writesockfd != CURL_SOCKET_BAD))
multistate(data, CURLM_STATE_WAITPERFORM);
- else
- {
+ else {
if(data->state.wildcardmatch &&
((data->easy_conn->handler->flags & PROTOPT_WILDCARD) == 0)) {
data->wildcard.state = CURLWC_DONE;
@@ -1823,22 +1827,26 @@ static CURLMcode multi_runsingle(struct Curl_multi
*multi,
if(!result) {
send_timeout_ms = 0;
if(data->set.max_send_speed > 0)
- send_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.uploaded,
- data->progress.ul_limit_size,
- data->set.max_send_speed,
- data->progress.ul_limit_start,
- now);
+ send_timeout_ms =
+ Curl_pgrsLimitWaitTime(data->progress.uploaded,
+ data->progress.ul_limit_size,
+ data->set.max_send_speed,
+ data->progress.ul_limit_start,
+ now);
recv_timeout_ms = 0;
if(data->set.max_recv_speed > 0)
- recv_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.downloaded,
- data->progress.dl_limit_size,
- data->set.max_recv_speed,
- data->progress.dl_limit_start,
- now);
-
- if(send_timeout_ms <= 0 && recv_timeout_ms <= 0)
+ recv_timeout_ms =
+ Curl_pgrsLimitWaitTime(data->progress.downloaded,
+ data->progress.dl_limit_size,
+ data->set.max_recv_speed,
+ data->progress.dl_limit_start,
+ now);
+
+ if(!send_timeout_ms && !recv_timeout_ms) {
multistate(data, CURLM_STATE_PERFORM);
+ Curl_ratelimit(data, now);
+ }
else if(send_timeout_ms >= recv_timeout_ms)
Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST);
else
@@ -1870,7 +1878,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
data->progress.dl_limit_start,
now);
- if(send_timeout_ms > 0 || recv_timeout_ms > 0) {
+ if(send_timeout_ms || recv_timeout_ms) {
+ Curl_ratelimit(data, now);
multistate(data, CURLM_STATE_TOOFAST);
if(send_timeout_ms >= recv_timeout_ms)
Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST);
@@ -1938,9 +1947,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(data->easy_conn->recv_pipe.head)
Curl_expire(data->easy_conn->recv_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
- /* Check if we can move pending requests to send pipe */
- Curl_multi_process_pending_handles(multi);
-
/* When we follow redirects or is set to retry the connection, we must
to go back to the CONNECT state */
if(data->req.newurl || retry) {
@@ -1997,8 +2003,10 @@ static CURLMcode multi_runsingle(struct Curl_multi
*multi,
/* Remove ourselves from the receive pipeline, if we are there. */
Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe);
- /* Check if we can move pending requests to send pipe */
- Curl_multi_process_pending_handles(multi);
+
+ if(data->easy_conn->bits.multiplex || data->easy_conn->send_pipe.size)
+ /* Check if we can move pending requests to connection */
+ process_pending_handles(multi); /* pipelined/multiplexing */
/* post-transfer command */
res = multi_done(&data->easy_conn, result, FALSE);
@@ -2066,7 +2074,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
data->state.pipe_broke = FALSE;
/* Check if we can move pending requests to send pipe */
- Curl_multi_process_pending_handles(multi);
+ process_pending_handles(multi); /* connection */
if(data->easy_conn) {
/* if this has a connection, unsubscribe from the pipelines */
@@ -2416,6 +2424,12 @@ static void singlesocket(struct Curl_multi *multi,
data->numsocks = num;
}
+void Curl_updatesocket(struct Curl_easy *data)
+{
+ singlesocket(data->multi, data);
+}
+
+
/*
* Curl_multi_closed()
*
@@ -3068,25 +3082,21 @@ struct curl_llist
*Curl_multi_pipelining_server_bl(struct Curl_multi *multi)
return &multi->pipelining_server_bl;
}
-void Curl_multi_process_pending_handles(struct Curl_multi *multi)
+static void process_pending_handles(struct Curl_multi *multi)
{
struct curl_llist_element *e = multi->pending.head;
-
- while(e) {
+ if(e) {
struct Curl_easy *data = e->ptr;
- struct curl_llist_element *next = e->next;
- if(data->mstate == CURLM_STATE_CONNECT_PEND) {
- multistate(data, CURLM_STATE_CONNECT);
+ DEBUGASSERT(data->mstate == CURLM_STATE_CONNECT_PEND);
- /* Remove this node from the list */
- Curl_llist_remove(&multi->pending, e, NULL);
+ multistate(data, CURLM_STATE_CONNECT);
- /* Make sure that the handle will be processed soonish. */
- Curl_expire(data, 0, EXPIRE_RUN_NOW);
- }
+ /* Remove this node from the list */
+ Curl_llist_remove(&multi->pending, e, NULL);
- e = next; /* operate on next handle */
+ /* Make sure that the handle will be processed soonish. */
+ Curl_expire(data, 0, EXPIRE_RUN_NOW);
}
}
diff --git a/lib/multiif.h b/lib/multiif.h
index a988bfd4a..c8fb5ca0d 100644
--- a/lib/multiif.h
+++ b/lib/multiif.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -26,6 +26,7 @@
* Prototypes for library-wide functions provided by multi.c
*/
+void Curl_updatesocket(struct Curl_easy *data);
void Curl_expire(struct Curl_easy *data, time_t milli, expire_id);
void Curl_expire_clear(struct Curl_easy *data);
void Curl_expire_done(struct Curl_easy *data, expire_id id);
@@ -58,8 +59,6 @@ struct Curl_multi *Curl_multi_handle(int hashsize, int
chashsize);
void Curl_multi_dump(struct Curl_multi *multi);
#endif
-void Curl_multi_process_pending_handles(struct Curl_multi *multi);
-
/* Return the value of the CURLMOPT_MAX_HOST_CONNECTIONS option */
size_t Curl_multi_max_host_connections(struct Curl_multi *multi);
diff --git a/lib/nwlib.c b/lib/nwlib.c
index 290cbe31f..215d933ac 100644
--- a/lib/nwlib.c
+++ b/lib/nwlib.c
@@ -186,11 +186,9 @@ int GetOrSetUpData(int id, libdata_t **appData,
app_data = (libdata_t *) get_app_data(id);
if(!app_data) {
- app_data = malloc(sizeof(libdata_t));
+ app_data = calloc(1, sizeof(libdata_t));
if(app_data) {
- memset(app_data, 0, sizeof(libdata_t));
-
app_data->tenbytes = malloc(10);
app_data->lock = NXMutexAlloc(0, 0, &liblock);
diff --git a/lib/openldap.c b/lib/openldap.c
index e2308825a..573cd66a6 100644
--- a/lib/openldap.c
+++ b/lib/openldap.c
@@ -536,7 +536,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int
sockindex, char *buf,
data->req.bytecount += bv.bv_len + 5;
for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals);
- (rc == LDAP_SUCCESS) && bvals;
+ rc == LDAP_SUCCESS;
rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, &bvals)) {
int i;
@@ -548,6 +548,27 @@ static ssize_t ldap_recv(struct connectdata *conn, int
sockindex, char *buf,
else
binary = 0;
+ if(bvals == NULL) {
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val,
+ bv.bv_len);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)":\n", 2);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+ data->req.bytecount += bv.bv_len + 3;
+ continue;
+ }
+
for(i = 0; bvals[i].bv_val != NULL; i++) {
int binval = 0;
writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
diff --git a/lib/parsedate.c b/lib/parsedate.c
index f86628741..a97310e55 100644
--- a/lib/parsedate.c
+++ b/lib/parsedate.c
@@ -119,6 +119,7 @@ static int parsedate(const char *date, time_t *output);
#define tDAYZONE -60 /* offset for daylight savings time */
static const struct tzinfo tz[]= {
{"GMT", 0}, /* Greenwich Mean */
+ {"UT", 0}, /* Universal Time */
{"UTC", 0}, /* Universal (Coordinated) */
{"WET", 0}, /* Western European */
{"BST", 0 tDAYZONE}, /* British Summer */
diff --git a/lib/pingpong.c b/lib/pingpong.c
index 438856a99..ad370ee82 100644
--- a/lib/pingpong.c
+++ b/lib/pingpong.c
@@ -304,7 +304,10 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
* it would have been populated with something of size int to begin
* with, even though its datatype may be larger than an int.
*/
- DEBUGASSERT((ptr + pp->cache_size) <= (buf + data->set.buffer_size + 1));
+ if((ptr + pp->cache_size) > (buf + data->set.buffer_size + 1)) {
+ failf(data, "cached response data too big to handle");
+ return CURLE_RECV_ERROR;
+ }
memcpy(ptr, pp->cache, pp->cache_size);
gotbytes = (ssize_t)pp->cache_size;
free(pp->cache); /* free the cache */
diff --git a/lib/progress.c b/lib/progress.c
index ce8be7ffb..f59faa3d3 100644
--- a/lib/progress.c
+++ b/lib/progress.c
@@ -28,6 +28,9 @@
#include "progress.h"
#include "curl_printf.h"
+/* check rate limits within this many recent milliseconds, at minimum. */
+#define MIN_RATE_LIMIT_PERIOD 3000
+
/* Provide a string that is 2 + 1 + 2 + 1 + 2 = 8 letters long (plus the zero
byte) */
static void time2str(char *r, curl_off_t seconds)
@@ -235,6 +238,7 @@ void Curl_pgrsStartNow(struct Curl_easy *data)
data->progress.dl_limit_start.tv_usec = 0;
/* clear all bits except HIDE and HEADERS_OUT */
data->progress.flags &= PGRS_HIDE|PGRS_HEADERS_OUT;
+ Curl_ratelimit(data, data->progress.start);
}
/*
@@ -265,13 +269,13 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize,
time_t minimum;
time_t actual;
- /* we don't have a starting point yet -- return 0 so it gets (re)set */
- if(start.tv_sec == 0 && start.tv_usec == 0)
- return 0;
-
- if(!limit)
+ if(!limit || !size)
return 0;
+ /*
+ * 'minimum' is the number of milliseconds 'size' should take to download to
+ * stay below 'limit'.
+ */
if(size < CURL_OFF_T_MAX/1000)
minimum = (time_t) (CURL_OFF_T_C(1000) * size / limit);
else {
@@ -282,48 +286,56 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize,
minimum = TIME_T_MAX;
}
+ /*
+ * 'actual' is the time in milliseconds it took to actually download the
+ * last 'size' bytes.
+ */
actual = Curl_timediff(now, start);
-
- if(actual < minimum)
+ if(actual < minimum) {
+ /* if it downloaded the data faster than the limit, make it wait the
+ difference */
return (minimum - actual);
+ }
return 0;
}
+/*
+ * Set the number of downloaded bytes so far.
+ */
void Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size)
{
- struct curltime now = Curl_now();
-
data->progress.downloaded = size;
+}
- /* download speed limit */
- if((data->set.max_recv_speed > 0) &&
- (Curl_pgrsLimitWaitTime(data->progress.downloaded,
- data->progress.dl_limit_size,
- data->set.max_recv_speed,
- data->progress.dl_limit_start,
- now) == 0)) {
- data->progress.dl_limit_start = now;
- data->progress.dl_limit_size = size;
+/*
+ * Update the timestamp and sizestamp to use for rate limit calculations.
+ */
+void Curl_ratelimit(struct Curl_easy *data, struct curltime now)
+{
+ /* don't set a new stamp unless the time since last update is long enough */
+ if(data->set.max_recv_speed > 0) {
+ if(Curl_timediff(now, data->progress.dl_limit_start) >=
+ MIN_RATE_LIMIT_PERIOD) {
+ data->progress.dl_limit_start = now;
+ data->progress.dl_limit_size = data->progress.downloaded;
+ }
+ }
+ if(data->set.max_send_speed > 0) {
+ if(Curl_timediff(now, data->progress.ul_limit_start) >=
+ MIN_RATE_LIMIT_PERIOD) {
+ data->progress.ul_limit_start = now;
+ data->progress.ul_limit_size = data->progress.uploaded;
+ }
}
}
+/*
+ * Set the number of uploaded bytes so far.
+ */
void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size)
{
- struct curltime now = Curl_now();
-
data->progress.uploaded = size;
-
- /* upload speed limit */
- if((data->set.max_send_speed > 0) &&
- (Curl_pgrsLimitWaitTime(data->progress.uploaded,
- data->progress.ul_limit_size,
- data->set.max_send_speed,
- data->progress.ul_limit_start,
- now) == 0)) {
- data->progress.ul_limit_start = now;
- data->progress.ul_limit_size = size;
- }
}
void Curl_pgrsSetDownloadSize(struct Curl_easy *data, curl_off_t size)
diff --git a/lib/progress.h b/lib/progress.h
index 3c2231cb6..2baa925db 100644
--- a/lib/progress.h
+++ b/lib/progress.h
@@ -46,6 +46,7 @@ void Curl_pgrsSetDownloadSize(struct Curl_easy *data,
curl_off_t size);
void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size);
void Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size);
void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size);
+void Curl_ratelimit(struct Curl_easy *data, struct curltime now);
int Curl_pgrsUpdate(struct connectdata *);
void Curl_pgrsResetTransferSizes(struct Curl_easy *data);
void Curl_pgrsTime(struct Curl_easy *data, timerid timer);
diff --git a/lib/rtsp.c b/lib/rtsp.c
index 1b5890bc4..5e64571f6 100644
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -764,8 +764,7 @@ CURLcode rtp_client_write(struct connectdata *conn, char
*ptr, size_t len)
writeit = data->set.fwrite_rtp;
user_ptr = data->set.rtp_out;
}
- else
- {
+ else {
writeit = data->set.fwrite_func;
user_ptr = data->set.out;
}
diff --git a/lib/setopt.c b/lib/setopt.c
index 9c96eb358..af53ee3ef 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -781,11 +781,13 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
if(checkprefix("Set-Cookie:", argptr))
/* HTTP Header format line */
- Curl_cookie_add(data, data->cookies, TRUE, argptr + 11, NULL, NULL);
+ Curl_cookie_add(data, data->cookies, TRUE, FALSE, argptr + 11, NULL,
+ NULL);
else
/* Netscape format line */
- Curl_cookie_add(data, data->cookies, FALSE, argptr, NULL, NULL);
+ Curl_cookie_add(data, data->cookies, FALSE, FALSE, argptr, NULL,
+ NULL);
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
free(argptr);
@@ -1037,6 +1039,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
*/
data->set.socks5_gssapi_nec = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
+#endif
case CURLOPT_SOCKS5_GSSAPI_SERVICE:
case CURLOPT_PROXY_SERVICE_NAME:
@@ -1046,10 +1049,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
result = Curl_setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME],
va_arg(param, char *));
break;
-#endif
-#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
- defined(USE_SPNEGO)
case CURLOPT_SERVICE_NAME:
/*
* Set authentication service name for DIGEST-MD5, Kerberos 5 and SPNEGO
@@ -1058,8 +1058,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
va_arg(param, char *));
break;
-#endif
-
case CURLOPT_HEADERDATA:
/*
* Custom pointer to pass the header write callback function
@@ -1603,6 +1601,13 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
data->set.crlf = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
+ case CURLOPT_HAPROXYPROTOCOL:
+ /*
+ * Set to send the HAProxy Proxy Protocol header
+ */
+ data->set.haproxyprotocol = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
case CURLOPT_INTERFACE:
/*
* Set what interface or address/hostname to bind the socket to when
@@ -1743,7 +1748,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
* Set a SSL_CTX callback
*/
#ifdef USE_SSL
- if(Curl_ssl->have_ssl_ctx)
+ if(Curl_ssl->supports & SSLSUPP_SSL_CTX)
data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
else
#endif
@@ -1754,7 +1759,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
* Set a SSL_CTX callback parameter pointer
*/
#ifdef USE_SSL
- if(Curl_ssl->have_ssl_ctx)
+ if(Curl_ssl->supports & SSLSUPP_SSL_CTX)
data->set.ssl.fsslctxp = va_arg(param, void *);
else
#endif
@@ -1773,7 +1778,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
break;
case CURLOPT_CERTINFO:
#ifdef USE_SSL
- if(Curl_ssl->have_certinfo)
+ if(Curl_ssl->supports & SSLSUPP_CERTINFO)
data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE;
else
#endif
@@ -1785,7 +1790,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
* Specify file name of the public key in DER format.
*/
#ifdef USE_SSL
- if(Curl_ssl->have_pinnedpubkey)
+ if(Curl_ssl->supports & SSLSUPP_PINNEDPUBKEY)
result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
va_arg(param, char *));
else
@@ -1798,7 +1803,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
* Specify file name of the public key in DER format.
*/
#ifdef USE_SSL
- if(Curl_ssl->have_pinnedpubkey)
+ if(Curl_ssl->supports & SSLSUPP_PINNEDPUBKEY)
result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY],
va_arg(param, char *));
else
@@ -1826,7 +1831,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
* certificates which have been prepared using openssl c_rehash utility.
*/
#ifdef USE_SSL
- if(Curl_ssl->have_ca_path)
+ if(Curl_ssl->supports & SSLSUPP_CA_PATH)
/* This does not work on windows. */
result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
va_arg(param, char *));
@@ -1840,7 +1845,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
* CA certificates which have been prepared using openssl c_rehash utility.
*/
#ifdef USE_SSL
- if(Curl_ssl->have_ca_path)
+ if(Curl_ssl->supports & SSLSUPP_CA_PATH)
/* This does not work on windows. */
result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY],
va_arg(param, char *));
@@ -2554,6 +2559,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption
option,
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.happy_eyeballs_timeout = arg;
break;
+ case CURLOPT_DNS_SHUFFLE_ADDRESSES:
+ data->set.dns_shuffle_addresses = (0 != va_arg(param, long)) ? TRUE:FALSE;
+ break;
default:
/* unknown tag and its companion, just ignore: */
result = CURLE_UNKNOWN_OPTION;
diff --git a/lib/smb.c b/lib/smb.c
index b4326341e..9ac61505c 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -790,10 +790,16 @@ static CURLcode smb_request_state(struct connectdata
*conn, bool *done)
else {
smb_m = (const struct smb_nt_create_response*) msg;
conn->data->req.size = smb_swap64(smb_m->end_of_file);
- Curl_pgrsSetDownloadSize(conn->data, conn->data->req.size);
- if(conn->data->set.get_filetime)
- get_posix_time(&conn->data->info.filetime, smb_m->last_change_time);
- next_state = SMB_DOWNLOAD;
+ if(conn->data->req.size < 0) {
+ req->result = CURLE_WEIRD_SERVER_REPLY;
+ next_state = SMB_CLOSE;
+ }
+ else {
+ Curl_pgrsSetDownloadSize(conn->data, conn->data->req.size);
+ if(conn->data->set.get_filetime)
+ get_posix_time(&conn->data->info.filetime, smb_m->last_change_time);
+ next_state = SMB_DOWNLOAD;
+ }
}
break;
diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c
index 944bdaf49..c9e04db52 100644
--- a/lib/ssh-libssh.c
+++ b/lib/ssh-libssh.c
@@ -2425,8 +2425,7 @@ static ssize_t sftp_recv(struct connectdata *conn, int
sockindex,
ssize_t nread;
(void)sockindex;
- if(len >= (size_t)1<<32)
- len = (size_t)(1<<31)-1;
+ DEBUGASSERT(len < CURL_MAX_READ_SIZE);
switch(conn->proto.sshc.sftp_recv_state) {
case 0:
diff --git a/lib/ssh.c b/lib/ssh.c
index 4a56dcccf..7563c467c 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -784,8 +784,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn,
bool *block)
* This is done by simply passing sshc->rsa_pub = NULL.
*/
if(data->set.str[STRING_SSH_PUBLIC_KEY]
- /* treat empty string the same way as NULL */
- && data->set.str[STRING_SSH_PUBLIC_KEY][0]) {
+ /* treat empty string the same way as NULL */
+ && data->set.str[STRING_SSH_PUBLIC_KEY][0]) {
sshc->rsa_pub = strdup(data->set.str[STRING_SSH_PUBLIC_KEY]);
if(!sshc->rsa_pub)
out_of_memory = TRUE;
@@ -839,7 +839,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn,
bool *block)
state(conn, SSH_AUTH_DONE);
}
else {
- char *err_msg;
+ char *err_msg = NULL;
(void)libssh2_session_last_error(sshc->ssh_session,
&err_msg, NULL, 0);
infof(data, "SSH public key authentication failed: %s\n", err_msg);
@@ -1046,7 +1046,7 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
*/
sshc->sftp_session = libssh2_sftp_init(sshc->ssh_session);
if(!sshc->sftp_session) {
- char *err_msg;
+ char *err_msg = NULL;
if(libssh2_session_last_errno(sshc->ssh_session) ==
LIBSSH2_ERROR_EAGAIN) {
rc = LIBSSH2_ERROR_EAGAIN;
@@ -1253,7 +1253,7 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(strncasecompare(cmd, "ln ", 3) ||
- strncasecompare(cmd, "symlink ", 8)) {
+ strncasecompare(cmd, "symlink ", 8)) {
/* symbolic linking */
/* sshc->quote_path1 is the source */
/* get the destination */
@@ -2143,8 +2143,8 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc ||
- !(attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) ||
- (attrs.filesize == 0)) {
+ !(attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) ||
+ (attrs.filesize == 0)) {
/*
* libssh2_sftp_open() didn't return an error, so maybe the server
* just doesn't support stat()
@@ -2276,7 +2276,10 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc < 0) {
- infof(data, "Failed to close libssh2 file\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to close libssh2 file: %d %s\n", rc, err_msg);
}
sshc->sftp_handle = NULL;
}
@@ -2310,7 +2313,10 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc < 0) {
- infof(data, "Failed to close libssh2 file\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session, &err_msg,
+ NULL, 0);
+ infof(data, "Failed to close libssh2 file: %d %s\n", rc, err_msg);
}
sshc->sftp_handle = NULL;
}
@@ -2365,7 +2371,7 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
data->state.infilesize);
if(!sshc->ssh_channel) {
int ssh_err;
- char *err_msg;
+ char *err_msg = NULL;
if(libssh2_session_last_errno(sshc->ssh_session) ==
LIBSSH2_ERROR_EAGAIN) {
@@ -2419,9 +2425,9 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
* be set in sb
*/
- /*
- * If support for >2GB files exists, use it.
- */
+ /*
+ * If support for >2GB files exists, use it.
+ */
/* get a fresh new channel from the ssh layer */
#if LIBSSH2_VERSION_NUM < 0x010700
@@ -2438,7 +2444,7 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
if(!sshc->ssh_channel) {
int ssh_err;
- char *err_msg;
+ char *err_msg = NULL;
if(libssh2_session_last_errno(sshc->ssh_session) ==
LIBSSH2_ERROR_EAGAIN) {
@@ -2491,7 +2497,11 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc) {
- infof(data, "Failed to send libssh2 channel EOF\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to send libssh2 channel EOF: %d %s\n",
+ rc, err_msg);
}
}
state(conn, SSH_SCP_WAIT_EOF);
@@ -2504,7 +2514,10 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc) {
- infof(data, "Failed to get channel EOF: %d\n", rc);
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to get channel EOF: %d %s\n", rc, err_msg);
}
}
state(conn, SSH_SCP_WAIT_CLOSE);
@@ -2517,7 +2530,10 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc) {
- infof(data, "Channel failed to close: %d\n", rc);
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Channel failed to close: %d %s\n", rc, err_msg);
}
}
state(conn, SSH_SCP_CHANNEL_FREE);
@@ -2530,7 +2546,11 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc < 0) {
- infof(data, "Failed to free libssh2 scp subsystem\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to free libssh2 scp subsystem: %d %s\n",
+ rc, err_msg);
}
sshc->ssh_channel = NULL;
}
@@ -2552,7 +2572,11 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc < 0) {
- infof(data, "Failed to free libssh2 scp subsystem\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to free libssh2 scp subsystem: %d %s\n",
+ rc, err_msg);
}
sshc->ssh_channel = NULL;
}
@@ -2563,7 +2587,11 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc < 0) {
- infof(data, "Failed to disconnect libssh2 session\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to disconnect libssh2 session: %d %s\n",
+ rc, err_msg);
}
}
@@ -2588,7 +2616,11 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc < 0) {
- infof(data, "Failed to disconnect from libssh2 agent\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to disconnect from libssh2 agent: %d %s\n",
+ rc, err_msg);
}
libssh2_agent_free(sshc->ssh_agent);
sshc->ssh_agent = NULL;
@@ -2606,7 +2638,10 @@ static CURLcode ssh_statemach_act(struct connectdata
*conn, bool *block)
break;
}
if(rc < 0) {
- infof(data, "Failed to free libssh2 session\n");
+ char *err_msg = NULL;
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ infof(data, "Failed to free libssh2 session: %d %s\n", rc, err_msg);
}
sshc->ssh_session = NULL;
}
diff --git a/lib/strtoofft.c b/lib/strtoofft.c
index 363647737..546a3ff75 100644
--- a/lib/strtoofft.c
+++ b/lib/strtoofft.c
@@ -220,8 +220,6 @@ CURLofft curlx_strtoofft(const char *str, char **endp, int
base,
errno = 0;
*num = 0; /* clear by default */
- DEBUGASSERT(str);
-
while(*str && ISSPACE(*str))
str++;
if('-' == *str) {
diff --git a/lib/telnet.c b/lib/telnet.c
index 1766669ec..c57098f2b 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -1203,8 +1203,7 @@ CURLcode telrcv(struct connectdata *conn,
CURL_SB_ACCUM(tn, c);
tn->telrcv_state = CURL_TS_SB;
}
- else
- {
+ else {
CURL_SB_ACCUM(tn, CURL_IAC);
CURL_SB_ACCUM(tn, CURL_SE);
tn->subpointer -= 2;
diff --git a/lib/tftp.c b/lib/tftp.c
index 5e624d3c4..74ec0ac90 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1010,7 +1010,7 @@ static CURLcode tftp_connect(struct connectdata *conn,
bool *done)
state->requested_blksize = blksize;
((struct sockaddr *)&state->local_addr)->sa_family =
- (unsigned short)(conn->ip_addr->ai_family);
+ (CURL_SA_FAMILY_T)(conn->ip_addr->ai_family);
tftp_set_timeouts(state);
diff --git a/lib/timeval.c b/lib/timeval.c
index 66f923a8e..f4bf83531 100644
--- a/lib/timeval.c
+++ b/lib/timeval.c
@@ -110,7 +110,7 @@ struct curltime Curl_now(void)
usecs /= 1000;
cnow.tv_sec = usecs / 1000000;
- cnow.tv_usec = usecs % 1000000;
+ cnow.tv_usec = (int)(usecs % 1000000);
return cnow;
}
@@ -128,7 +128,7 @@ struct curltime Curl_now(void)
struct curltime ret;
(void)gettimeofday(&now, NULL);
ret.tv_sec = now.tv_sec;
- ret.tv_usec = now.tv_usec;
+ ret.tv_usec = (int)now.tv_usec;
return ret;
}
diff --git a/lib/transfer.c b/lib/transfer.c
index ae301d230..15578109d 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -717,7 +717,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
#endif /* CURL_DISABLE_HTTP */
/* Account for body content stored in the header buffer */
- if(k->badheader && !k->ignorebody) {
+ if((k->badheader == HEADER_PARTHEADER) && !k->ignorebody) {
DEBUGF(infof(data, "Increasing bytecount by %zu from hbuflen\n",
k->hbuflen));
k->bytecount += k->hbuflen;
@@ -1447,6 +1447,16 @@ static const char *find_host_sep(const char *url)
}
/*
+ * Decide in an encoding-independent manner whether a character in an
+ * URL must be escaped. The same criterion must be used in strlen_url()
+ * and strcpy_url().
+ */
+static bool urlchar_needs_escaping(int c)
+{
+ return !(ISCNTRL(c) || ISSPACE(c) || ISGRAPH(c));
+}
+
+/*
* strlen_url() returns the length of the given URL if the spaces within the
* URL were properly URL encoded.
* URL encoding should be skipped for host names, otherwise IDN resolution
@@ -1474,7 +1484,7 @@ static size_t strlen_url(const char *url, bool relative)
left = FALSE;
/* fall through */
default:
- if(*ptr >= 0x80)
+ if(urlchar_needs_escaping(*ptr))
newlen += 2;
newlen++;
break;
@@ -1519,7 +1529,7 @@ static void strcpy_url(char *output, const char *url,
bool relative)
left = FALSE;
/* fall through */
default:
- if(*iptr >= 0x80) {
+ if(urlchar_needs_escaping(*iptr)) {
snprintf(optr, 4, "%%%02x", *iptr);
optr += 3;
}
@@ -1926,7 +1936,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
char **url)
{
struct Curl_easy *data = conn->data;
-
+ bool retry = FALSE;
*url = NULL;
/* if we're talking upload, we can't do the checks below, unless the protocol
@@ -1939,7 +1949,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
conn->bits.reuse &&
(!data->set.opt_no_body
|| (conn->handler->protocol & PROTO_FAMILY_HTTP)) &&
- (data->set.rtspreq != RTSPREQ_RECEIVE)) {
+ (data->set.rtspreq != RTSPREQ_RECEIVE))
/* We got no data, we attempted to re-use a connection. For HTTP this
can be a retry so we try again regardless if we expected a body.
For other protocols we only try again only if we expected a body.
@@ -1947,6 +1957,19 @@ CURLcode Curl_retry_request(struct connectdata *conn,
This might happen if the connection was left alive when we were
done using it before, but that was closed when we wanted to read from
it again. Bad luck. Retry the same request on a fresh connect! */
+ retry = TRUE;
+ else if(data->state.refused_stream &&
+ (data->req.bytecount + data->req.headerbytecount == 0) ) {
+ /* This was sent on a refused stream, safe to rerun. A refused stream
+ error can typically only happen on HTTP/2 level if the stream is safe
+ to issue again, but the nghttp2 API can deliver the message to other
+ streams as well, which is why this adds the check the data counters
+ too. */
+ infof(conn->data, "REFUSED_STREAM, retrying a fresh connect\n");
+ data->state.refused_stream = FALSE; /* clear again */
+ retry = TRUE;
+ }
+ if(retry) {
infof(conn->data, "Connection died, retrying a fresh connect\n");
*url = strdup(conn->data->change.url);
if(!*url)
@@ -1995,11 +2018,19 @@ Curl_setup_transfer(
DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
- /* now copy all input parameters */
- conn->sockfd = sockindex == -1 ?
+ if(conn->bits.multiplex || conn->httpversion == 20) {
+ /* when multiplexing, the read/write sockets need to be the same! */
+ conn->sockfd = sockindex == -1 ?
+ ((writesockindex == -1 ? CURL_SOCKET_BAD : conn->sock[writesockindex])) :
+ conn->sock[sockindex];
+ conn->writesockfd = conn->sockfd;
+ }
+ else {
+ conn->sockfd = sockindex == -1 ?
CURL_SOCKET_BAD : conn->sock[sockindex];
- conn->writesockfd = writesockindex == -1 ?
+ conn->writesockfd = writesockindex == -1 ?
CURL_SOCKET_BAD:conn->sock[writesockindex];
+ }
k->getheader = getheader;
k->size = size;
@@ -2018,10 +2049,10 @@ Curl_setup_transfer(
/* we want header and/or body, if neither then don't do this! */
if(k->getheader || !data->set.opt_no_body) {
- if(conn->sockfd != CURL_SOCKET_BAD)
+ if(sockindex != -1)
k->keepon |= KEEP_RECV;
- if(conn->writesockfd != CURL_SOCKET_BAD) {
+ if(writesockindex != -1) {
struct HTTP *http = data->req.protop;
/* HTTP 1.1 magic:
@@ -2052,7 +2083,7 @@ Curl_setup_transfer(
/* enable the write bit when we're not waiting for continue */
k->keepon |= KEEP_SEND;
}
- } /* if(conn->writesockfd != CURL_SOCKET_BAD) */
+ } /* if(writesockindex != -1) */
} /* if(k->getheader || !data->set.opt_no_body) */
}
diff --git a/lib/url.c b/lib/url.c
index 945d4e327..701f83ab3 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -488,25 +488,33 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->socks5_gssapi_nec = FALSE;
#endif
- /* This is our preferred CA cert bundle/path since install time */
+ /* Set the default CA cert bundle/path detected/specified at build time.
+ *
+ * If Schannel (WinSSL) is the selected SSL backend then these locations
+ * are ignored. We allow setting CA location for schannel only when
+ * explicitly specified by the user via CURLOPT_CAINFO / --cacert.
+ */
+ if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) {
#if defined(CURL_CA_BUNDLE)
- result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
- if(result)
- return result;
+ result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
+ if(result)
+ return result;
- result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE);
- if(result)
- return result;
+ result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY],
+ CURL_CA_BUNDLE);
+ if(result)
+ return result;
#endif
#if defined(CURL_CA_PATH)
- result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], CURL_CA_PATH);
- if(result)
- return result;
+ result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], CURL_CA_PATH);
+ if(result)
+ return result;
- result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
- if(result)
- return result;
+ result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
+ if(result)
+ return result;
#endif
+ }
set->wildcard_enabled = FALSE;
set->chunk_bgn = ZERO_NULL;
@@ -2067,15 +2075,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy
*data,
return CURLE_URL_MALFORMAT;
}
- if(url_has_scheme && path[0] == '/' && path[1] == '/' &&
- path[2] == '/' && path[3] == '/') {
- /* This appears to be a UNC string (usually indicating a SMB share).
- * We don't do SMB in file: URLs. (TODO?)
- */
- failf(data, "SMB shares are not supported in file: URLs.");
- return CURLE_URL_MALFORMAT;
- }
-
/* Extra handling URLs with an authority component (i.e. that start with
* "file://")
*
@@ -2114,25 +2113,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy
*data,
ptr += 9; /* now points to the slash after the host */
}
- /*
- * RFC 8089, Appendix D, Section D.1, says:
- *
- * > In a POSIX file system, the root of the file system is represented
- * > as a directory with a zero-length name, usually written as "/"; the
- * > presence of this root in a file URI can be taken as given by the
- * > initial slash in the "path-absolute" rule.
- *
- * i.e. the first slash is part of the path.
- *
- * However in RFC 1738 the "/" between the host (or port) and the
- * URL-path was NOT part of the URL-path. Any agent that followed the
- * older spec strictly, and wanted to refer to a file with an absolute
- * path, would have included a second slash. So if there are two
- * slashes, swallow one.
- */
- if('/' == ptr[1]) /* note: the only way ptr[0]!='/' is if ptr[1]==':' */
- ptr++;
-
/* This cannot be done with strcpy, as the memory chunks overlap! */
memmove(path, ptr, strlen(ptr) + 1);
}
@@ -2690,13 +2670,20 @@ static char *detect_proxy(struct connectdata *conn)
prox = curl_getenv(proxy_env);
}
- if(prox)
+ envp = proxy_env;
+ if(prox) {
proxy = prox; /* use this */
+ }
else {
- proxy = curl_getenv("all_proxy"); /* default proxy to use */
- if(!proxy)
- proxy = curl_getenv("ALL_PROXY");
+ envp = (char *)"all_proxy";
+ proxy = curl_getenv(envp); /* default proxy to use */
+ if(!proxy) {
+ envp = (char *)"ALL_PROXY";
+ proxy = curl_getenv(envp);
+ }
}
+ if(proxy)
+ infof(conn->data, "Uses proxy env variable %s == '%s'\n", envp, proxy);
return proxy;
}
@@ -2753,7 +2740,7 @@ static CURLcode parse_proxy(struct Curl_easy *data,
proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */
#ifdef USE_SSL
- if(!Curl_ssl->support_https_proxy)
+ if(!(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY))
#endif
if(proxytype == CURLPROXY_HTTPS) {
failf(data, "Unsupported proxy \'%s\', libcurl is built without the "
@@ -2981,9 +2968,15 @@ static CURLcode create_conn_helper_init_proxy(struct
connectdata *conn)
}
if(!data->set.str[STRING_NOPROXY]) {
- no_proxy = curl_getenv("no_proxy");
- if(!no_proxy)
- no_proxy = curl_getenv("NO_PROXY");
+ const char *p = "no_proxy";
+ no_proxy = curl_getenv(p);
+ if(!no_proxy) {
+ p = "NO_PROXY";
+ no_proxy = curl_getenv(p);
+ }
+ if(no_proxy) {
+ infof(conn->data, "Uses proxy env variable %s == '%s'\n", p, no_proxy);
+ }
}
if(check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY] ?
@@ -3426,7 +3419,7 @@ static CURLcode parse_remote_port(struct Curl_easy *data,
* stripped off. It would be better to work directly from the original
* URL and simply replace the port part of it.
*/
- url = aprintf("%s://%s%s%s:%hu%s%s%s", conn->given->scheme,
+ url = aprintf("%s://%s%s%s:%d%s%s%s", conn->given->scheme,
conn->bits.ipv6_ip?"[":"", conn->host.name,
conn->bits.ipv6_ip?"]":"", conn->remote_port,
data->state.slash_removed?"/":"", data->state.path,
diff --git a/lib/urldata.h b/lib/urldata.h
index eb61bf5d8..1f90ad993 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -98,6 +98,20 @@
#include "hash.h"
#include "splay.h"
+/* return the count of bytes sent, or -1 on error */
+typedef ssize_t (Curl_send)(struct connectdata *conn, /* connection data */
+ int sockindex, /* socketindex */
+ const void *buf, /* data to write */
+ size_t len, /* max amount to write */
+ CURLcode *err); /* error to return */
+
+/* return the count of bytes read, or -1 on error */
+typedef ssize_t (Curl_recv)(struct connectdata *conn, /* connection data */
+ int sockindex, /* socketindex */
+ char *buf, /* store data here */
+ size_t len, /* max amount to read */
+ CURLcode *err); /* error to return */
+
#include "mime.h"
#include "imap.h"
#include "pop3.h"
@@ -329,6 +343,7 @@ struct ntlmdata {
BYTE *output_token;
BYTE *input_token;
size_t input_token_len;
+ TCHAR *spn;
#else
unsigned int flags;
unsigned char nonce[8];
@@ -704,20 +719,6 @@ struct Curl_handler {
#define CONNRESULT_NONE 0 /* No extra information. */
#define CONNRESULT_DEAD (1<<0) /* The connection is dead. */
-/* return the count of bytes sent, or -1 on error */
-typedef ssize_t (Curl_send)(struct connectdata *conn, /* connection data */
- int sockindex, /* socketindex */
- const void *buf, /* data to write */
- size_t len, /* max amount to write */
- CURLcode *err); /* error to return */
-
-/* return the count of bytes read, or -1 on error */
-typedef ssize_t (Curl_recv)(struct connectdata *conn, /* connection data */
- int sockindex, /* socketindex */
- char *buf, /* store data here */
- size_t len, /* max amount to read */
- CURLcode *err); /* error to return */
-
#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
struct postponed_data {
char *buffer; /* Temporal store for received data during
@@ -896,7 +897,7 @@ struct connectdata {
well be the same we read from.
CURL_SOCKET_BAD disables */
- /** Dynamicly allocated strings, MUST be freed before this **/
+ /** Dynamically allocated strings, MUST be freed before this **/
/** struct is killed. **/
struct dynamically_allocated_data {
char *proxyuserpwd;
@@ -1226,7 +1227,7 @@ struct UrlState {
curl_off_t current_speed; /* the ProgressShow() function sets this,
bytes / second */
bool this_is_a_follow; /* this is a followed Location: request */
-
+ bool refused_stream; /* this was refused, try again */
char *first_host; /* host name of the first (not followed) request.
if set, this should be the host name that we will
sent authorization to, no else. Used to make Location:
@@ -1423,13 +1424,8 @@ enum dupstring {
STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */
STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */
#endif
-#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
STRING_PROXY_SERVICE_NAME, /* Proxy service name */
-#endif
-#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
- defined(USE_SPNEGO) || defined(HAVE_GSSAPI)
STRING_SERVICE_NAME, /* Service name */
-#endif
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
@@ -1675,10 +1671,14 @@ struct UserDefined {
bool suppress_connect_headers; /* suppress proxy CONNECT response headers
from user callbacks */
+ bool dns_shuffle_addresses; /* whether to shuffle addresses before use */
+
struct Curl_easy *stream_depends_on;
bool stream_depends_e; /* set or don't set the Exclusive bit */
int stream_weight;
+ bool haproxyprotocol; /* whether to send HAProxy PROXY protocol header */
+
struct Curl_http2_dep *stream_dependents;
bool abstract_unix_socket;
diff --git a/lib/vauth/cleartext.c b/lib/vauth/cleartext.c
index 25364579e..02ae6136d 100644
--- a/lib/vauth/cleartext.c
+++ b/lib/vauth/cleartext.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -73,16 +73,10 @@ CURLcode Curl_auth_create_plain_message(struct Curl_easy
*data,
ulen = strlen(userp);
plen = strlen(passwdp);
- /* Compute binary message length, checking for overflows. */
- plainlen = 2 * ulen;
- if(plainlen < ulen)
- return CURLE_OUT_OF_MEMORY;
- plainlen += plen;
- if(plainlen < plen)
- return CURLE_OUT_OF_MEMORY;
- plainlen += 2;
- if(plainlen < 2)
+ /* Compute binary message length. Check for overflows. */
+ if((ulen > SIZE_T_MAX/2) || (plen > (SIZE_T_MAX/2 - 2)))
return CURLE_OUT_OF_MEMORY;
+ plainlen = 2 * ulen + plen + 2;
plainauth = malloc(plainlen);
if(!plainauth)
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index afff1dae9..7efe75ca3 100644
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -135,7 +135,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct
Curl_easy *data,
}
if(!krb5->credentials) {
- /* Do we have credientials to use or are we using single sign-on? */
+ /* Do we have credentials to use or are we using single sign-on? */
if(userp && *userp) {
/* Populate our identity structure */
result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);
@@ -150,12 +150,10 @@ CURLcode Curl_auth_create_gssapi_user_message(struct
Curl_easy *data,
krb5->p_identity = NULL;
/* Allocate our credentials handle */
- krb5->credentials = malloc(sizeof(CredHandle));
+ krb5->credentials = calloc(1, sizeof(CredHandle));
if(!krb5->credentials)
return CURLE_OUT_OF_MEMORY;
- memset(krb5->credentials, 0, sizeof(CredHandle));
-
/* Acquire our credentials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *)
@@ -167,11 +165,9 @@ CURLcode Curl_auth_create_gssapi_user_message(struct
Curl_easy *data,
return CURLE_LOGIN_DENIED;
/* Allocate our new context handle */
- krb5->context = malloc(sizeof(CtxtHandle));
+ krb5->context = calloc(1, sizeof(CtxtHandle));
if(!krb5->context)
return CURLE_OUT_OF_MEMORY;
-
- memset(krb5->context, 0, sizeof(CtxtHandle));
}
if(chlg64 && *chlg64) {
diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c
index 1e0d4792e..cdb8d8f0d 100644
--- a/lib/vauth/ntlm.c
+++ b/lib/vauth/ntlm.c
@@ -63,9 +63,9 @@
/* "NTLMSSP" signature is always in ASCII regardless of the platform */
#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
-#define SHORTPAIR(x) ((x) & 0xff), (((x) >> 8) & 0xff)
-#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8) & 0xff), \
- (((x) >> 16) & 0xff), (((x) >> 24) & 0xff)
+#define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff))
+#define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \
+ ((int)(((x) >> 16) & 0xff)), ((int)(((x) >> 24) & 0xff))
#if DEBUG_ME
# define DEBUG_OUT(x) x
@@ -355,6 +355,8 @@ static void unicodecpy(unsigned char *dest, const char
*src, size_t length)
* data [in] - The session handle.
* userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * host [in] - The host name.
* ntlm [in/out] - The NTLM data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
@@ -365,6 +367,8 @@ static void unicodecpy(unsigned char *dest, const char
*src, size_t length)
CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
const char *userp,
const char *passwdp,
+ const char *service,
+ const char *hostname,
struct ntlmdata *ntlm,
char **outptr, size_t *outlen)
{
@@ -394,6 +398,8 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct
Curl_easy *data,
domain are empty */
(void)userp;
(void)passwdp;
+ (void)service,
+ (void)hostname,
/* Clean up any former leftovers and initialise to defaults */
Curl_auth_ntlm_cleanup(ntlm);
diff --git a/lib/vauth/ntlm.h b/lib/vauth/ntlm.h
index f906a3c7a..1136b0f8d 100644
--- a/lib/vauth/ntlm.h
+++ b/lib/vauth/ntlm.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_NTLM_H
-#define HEADER_CURL_NTLM_H
+#ifndef HEADER_VAUTH_NTLM_H
+#define HEADER_VAUTH_NTLM_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -140,4 +140,4 @@
#endif /* USE_NTLM */
-#endif /* HEADER_CURL_NTLM_H */
+#endif /* HEADER_VAUTH_NTLM_H */
diff --git a/lib/vauth/ntlm_sspi.c b/lib/vauth/ntlm_sspi.c
index c955b69ea..54a1dc16d 100644
--- a/lib/vauth/ntlm_sspi.c
+++ b/lib/vauth/ntlm_sspi.c
@@ -70,6 +70,8 @@ bool Curl_auth_is_ntlm_supported(void)
* data [in] - The session handle.
* userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * host [in] - The host name.
* ntlm [in/out] - The NTLM data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
@@ -80,6 +82,8 @@ bool Curl_auth_is_ntlm_supported(void)
CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
const char *userp,
const char *passwdp,
+ const char *service,
+ const char *host,
struct ntlmdata *ntlm,
char **outptr, size_t *outlen)
{
@@ -125,12 +129,10 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct
Curl_easy *data,
ntlm->p_identity = NULL;
/* Allocate our credentials handle */
- ntlm->credentials = malloc(sizeof(CredHandle));
+ ntlm->credentials = calloc(1, sizeof(CredHandle));
if(!ntlm->credentials)
return CURLE_OUT_OF_MEMORY;
- memset(ntlm->credentials, 0, sizeof(CredHandle));
-
/* Acquire our credentials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_NTLM),
@@ -141,11 +143,13 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct
Curl_easy *data,
return CURLE_LOGIN_DENIED;
/* Allocate our new context handle */
- ntlm->context = malloc(sizeof(CtxtHandle));
+ ntlm->context = calloc(1, sizeof(CtxtHandle));
if(!ntlm->context)
return CURLE_OUT_OF_MEMORY;
- memset(ntlm->context, 0, sizeof(CtxtHandle));
+ ntlm->spn = Curl_auth_build_spn(service, host, NULL);
+ if(!ntlm->spn)
+ return CURLE_OUT_OF_MEMORY;
/* Setup the type-1 "output" security buffer */
type_1_desc.ulVersion = SECBUFFER_VERSION;
@@ -157,7 +161,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct
Curl_easy *data,
/* Generate our type-1 message */
status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
- (TCHAR *) TEXT(""),
+ ntlm->spn,
0, 0, SECURITY_NETWORK_DREP,
NULL, 0,
ntlm->context, &type_1_desc,
@@ -275,7 +279,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct
Curl_easy *data,
/* Generate our type-3 message */
status = s_pSecFn->InitializeSecurityContext(ntlm->credentials,
ntlm->context,
- (TCHAR *) TEXT(""),
+ ntlm->spn,
0, 0, SECURITY_NETWORK_DREP,
&type_2_desc,
0, ntlm->context,
@@ -333,6 +337,8 @@ void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm)
/* Reset any variables */
ntlm->token_max = 0;
+
+ Curl_safefree(ntlm->spn);
}
#endif /* USE_WINDOWS_SSPI && USE_NTLM */
diff --git a/lib/vauth/spnego_sspi.c b/lib/vauth/spnego_sspi.c
index b1b04aadf..aaed94a6a 100644
--- a/lib/vauth/spnego_sspi.c
+++ b/lib/vauth/spnego_sspi.c
@@ -138,7 +138,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy
*data,
}
if(!nego->credentials) {
- /* Do we have credientials to use or are we using single sign-on? */
+ /* Do we have credentials to use or are we using single sign-on? */
if(user && *user) {
/* Populate our identity structure */
result = Curl_create_sspi_identity(user, password, &nego->identity);
@@ -153,12 +153,10 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy
*data,
nego->p_identity = NULL;
/* Allocate our credentials handle */
- nego->credentials = malloc(sizeof(CredHandle));
+ nego->credentials = calloc(1, sizeof(CredHandle));
if(!nego->credentials)
return CURLE_OUT_OF_MEMORY;
- memset(nego->credentials, 0, sizeof(CredHandle));
-
/* Acquire our credentials handle */
nego->status =
s_pSecFn->AcquireCredentialsHandle(NULL,
@@ -170,11 +168,9 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy
*data,
return CURLE_LOGIN_DENIED;
/* Allocate our new context handle */
- nego->context = malloc(sizeof(CtxtHandle));
+ nego->context = calloc(1, sizeof(CtxtHandle));
if(!nego->context)
return CURLE_OUT_OF_MEMORY;
-
- memset(nego->context, 0, sizeof(CtxtHandle));
}
if(chlg64 && *chlg64) {
diff --git a/lib/vauth/vauth.c b/lib/vauth/vauth.c
index 9d17ae8c2..612b7c3e8 100644
--- a/lib/vauth/vauth.c
+++ b/lib/vauth/vauth.c
@@ -115,8 +115,8 @@ TCHAR *Curl_auth_build_spn(const char *service, const char
*host,
* address@hidden (User Principal Name)
*
* Note: The user name may be empty when using a GSS-API library or Windows SSPI
-* as the user and domain are either obtained from the credientals cache when
-* using GSS-API or via the currently logged in user's credientals when using
+* as the user and domain are either obtained from the credentials cache when
+* using GSS-API or via the currently logged in user's credentials when using
* Windows SSPI.
*
* Parameters:
@@ -138,7 +138,7 @@ bool Curl_auth_user_contains_domain(const char *user)
}
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
else
- /* User and domain are obtained from the GSS-API credientials cache or the
+ /* User and domain are obtained from the GSS-API credentials cache or the
currently logged in user from Windows */
valid = TRUE;
#endif
diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h
index 15abea520..d0ca53ad9 100644
--- a/lib/vauth/vauth.h
+++ b/lib/vauth/vauth.h
@@ -122,6 +122,8 @@ bool Curl_auth_is_ntlm_supported(void);
CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
const char *userp,
const char *passwdp,
+ const char *service,
+ const char *host,
struct ntlmdata *ntlm,
char **outptr,
size_t *outlen);
diff --git a/lib/version.c b/lib/version.c
index 3fb163ee5..69b0bbaaa 100644
--- a/lib/version.c
+++ b/lib/version.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -399,7 +399,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
#ifdef USE_SSL
Curl_ssl_version(ssl_buffer, sizeof(ssl_buffer));
version_info.ssl_version = ssl_buffer;
- if(Curl_ssl->support_https_proxy)
+ if(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY)
version_info.features |= CURL_VERSION_HTTPS_PROXY;
else
version_info.features &= ~CURL_VERSION_HTTPS_PROXY;
diff --git a/lib/vtls/axtls.c b/lib/vtls/axtls.c
index 9294f49ed..5ed898b4f 100644
--- a/lib/vtls/axtls.c
+++ b/lib/vtls/axtls.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2010, DirecTV, Contact: Eric Hu, <address@hidden>.
- * Copyright (C) 2010 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2010 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -703,13 +703,7 @@ static void *Curl_axtls_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_axtls = {
{ CURLSSLBACKEND_AXTLS, "axtls" }, /* info */
-
- 0, /* have_ca_path */
- 0, /* have_certinfo */
- 0, /* have_pinnedpubkey */
- 0, /* have_ssl_ctx */
- 0, /* support_https_proxy */
-
+ 0, /* no fancy stuff */
sizeof(struct ssl_backend_data),
/*
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 1bd42d2c8..20ce460e8 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -187,8 +187,13 @@ cyassl_connect_step1(struct connectdata *conn,
use_sni(TRUE);
break;
case CURL_SSLVERSION_TLSv1_0:
+#ifdef WOLFSSL_ALLOW_TLSV10
req_method = TLSv1_client_method();
use_sni(TRUE);
+#else
+ failf(data, "CyaSSL does not support TLS 1.0");
+ return CURLE_NOT_BUILT_IN;
+#endif
break;
case CURL_SSLVERSION_TLSv1_1:
req_method = TLSv1_1_client_method();
@@ -966,7 +971,7 @@ static CURLcode Curl_cyassl_random(struct Curl_easy *data,
return CURLE_OK;
}
-static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum /* output */,
size_t unused)
@@ -976,6 +981,7 @@ static void Curl_cyassl_sha256sum(const unsigned char *tmp,
/* input */
InitSha256(&SHA256pw);
Sha256Update(&SHA256pw, tmp, (word32)tmplen);
Sha256Final(&SHA256pw, sha256sum);
+ return CURLE_OK;
}
static void *Curl_cyassl_get_internals(struct ssl_connect_data *connssl,
@@ -988,15 +994,10 @@ static void *Curl_cyassl_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_cyassl = {
{ CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */
- 0, /* have_ca_path */
- 0, /* have_certinfo */
#ifdef KEEP_PEER_CERT
- 1, /* have_pinnedpubkey */
-#else
- 0, /* have_pinnedpubkey */
+ SSLSUPP_PINNEDPUBKEY |
#endif
- 1, /* have_ssl_ctx */
- 0, /* support_https_proxy */
+ SSLSUPP_SSL_CTX,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index 694ac572d..45fe49d82 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012 - 2017, Nick Zitzmann, <address@hidden>.
- * Copyright (C) 2012 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2012 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1195,12 +1195,14 @@ static OSStatus CopyIdentityFromPKCS12File(const char
*cPath,
*out_cert_and_key = (SecIdentityRef) identity;
break;
}
+#if CURL_BUILD_MAC_10_7
else if(itemID == SecCertificateGetTypeID()) {
status = SecIdentityCreateWithCertificate(NULL,
(SecCertificateRef) item,
out_cert_and_key);
break;
}
+#endif
}
}
@@ -1389,7 +1391,7 @@ static CURLcode darwinssl_connect_step1(struct
connectdata *conn,
#endif /* CURL_BUILD_MAC */
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
- if(SSLCreateContext != NULL) { /* use the newer API if avaialble */
+ if(SSLCreateContext != NULL) { /* use the newer API if available */
if(BACKEND->ssl_ctx)
CFRelease(BACKEND->ssl_ctx);
BACKEND->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
@@ -2892,13 +2894,14 @@ static CURLcode Curl_darwinssl_md5sum(unsigned char
*tmp, /* input */
return CURLE_OK;
}
-static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum, /* output */
size_t sha256len)
{
assert(sha256len >= CURL_SHA256_DIGEST_LENGTH);
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
+ return CURLE_OK;
}
static bool Curl_darwinssl_false_start(void)
@@ -3026,15 +3029,11 @@ static void *Curl_darwinssl_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_darwinssl = {
{ CURLSSLBACKEND_DARWINSSL, "darwinssl" }, /* info */
- 0, /* have_ca_path */
- 0, /* have_certinfo */
#ifdef DARWIN_SSL_PINNEDPUBKEY
- 1, /* have_pinnedpubkey */
+ SSLSUPP_PINNEDPUBKEY,
#else
- 0, /* have_pinnedpubkey */
+ 0,
#endif /* DARWIN_SSL_PINNEDPUBKEY */
- 0, /* have_ssl_ctx */
- 0, /* support_https_proxy */
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index c8f60fda7..a04d791af 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1353,12 +1353,8 @@ static void *Curl_gskit_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_gskit = {
{ CURLSSLBACKEND_GSKIT, "gskit" }, /* info */
- 0, /* have_ca_path */
- 1, /* have_certinfo */
- 1, /* have_pinnedpubkey */
- 0, /* have_ssl_ctx */
- /* TODO: convert to 1 and fix test #1014 (if need) */
- 0, /* support_https_proxy */
+ SSLSUPP_CERTINFO |
+ SSLSUPP_PINNEDPUBKEY,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 078874103..207b0fd1b 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -152,7 +152,8 @@ static int gtls_mapped_sockerrno(void)
static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
{
- ssize_t ret = swrite(CURLX_POINTER_TO_INTEGER_CAST(s), buf, len);
+ curl_socket_t sock = *(curl_socket_t *)s;
+ ssize_t ret = swrite(sock, buf, len);
#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
if(ret < 0)
gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
@@ -162,7 +163,8 @@ static ssize_t Curl_gtls_push(void *s, const void *buf,
size_t len)
static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
{
- ssize_t ret = sread(CURLX_POINTER_TO_INTEGER_CAST(s), buf, len);
+ curl_socket_t sock = *(curl_socket_t *)s;
+ ssize_t ret = sread(sock, buf, len);
#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
if(ret < 0)
gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
@@ -848,7 +850,7 @@ gtls_connect_step1(struct connectdata *conn,
}
else {
/* file descriptor for the socket */
- transport_ptr = CURLX_INTEGER_TO_POINTER_CAST(conn->sock[sockindex]);
+ transport_ptr = &conn->sock[sockindex];
gnutls_transport_push = Curl_gtls_push;
gnutls_transport_pull = Curl_gtls_pull;
}
@@ -1761,7 +1763,7 @@ static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /*
input */
return CURLE_OK;
}
-static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum, /* output */
size_t sha256len)
@@ -1778,6 +1780,7 @@ static void Curl_gtls_sha256sum(const unsigned char *tmp,
/* input */
memcpy(sha256sum, gcry_md_read(SHA256pw, 0), sha256len);
gcry_md_close(SHA256pw);
#endif
+ return CURLE_OK;
}
static bool Curl_gtls_cert_status_request(void)
@@ -1799,11 +1802,10 @@ static void *Curl_gtls_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_gnutls = {
{ CURLSSLBACKEND_GNUTLS, "gnutls" }, /* info */
- 1, /* have_ca_path */
- 1, /* have_certinfo */
- 1, /* have_pinnedpubkey */
- 0, /* have_ssl_ctx */
- 1, /* support_https_proxy */
+ SSLSUPP_CA_PATH |
+ SSLSUPP_CERTINFO |
+ SSLSUPP_PINNEDPUBKEY |
+ SSLSUPP_HTTPS_PROXY,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 28251a388..d7759dc84 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <address@hidden>
- * Copyright (C) 2012 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2012 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -815,7 +815,7 @@ static void Curl_mbedtls_session_free(void *ptr)
static size_t Curl_mbedtls_version(char *buffer, size_t size)
{
unsigned int version = mbedtls_version_get_number();
- return snprintf(buffer, size, "mbedTLS/%d.%d.%d", version>>24,
+ return snprintf(buffer, size, "mbedTLS/%u.%u.%u", version>>24,
(version>>16)&0xff, (version>>8)&0xff);
}
@@ -1023,13 +1023,20 @@ static bool Curl_mbedtls_data_pending(const struct
connectdata *conn,
return mbedtls_ssl_get_bytes_avail(&BACKEND->ssl) != 0;
}
-static void Curl_mbedtls_sha256sum(const unsigned char *input,
+static CURLcode Curl_mbedtls_sha256sum(const unsigned char *input,
size_t inputlen,
unsigned char *sha256sum,
size_t sha256len UNUSED_PARAM)
{
(void)sha256len;
+#if MBEDTLS_VERSION_NUMBER < 0x02070000
mbedtls_sha256(input, inputlen, sha256sum, 0);
+#else
+ /* returns 0 on success, otherwise failure */
+ if(mbedtls_sha256_ret(input, inputlen, sha256sum, 0) != 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+#endif
+ return CURLE_OK;
}
static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl,
@@ -1042,11 +1049,9 @@ static void *Curl_mbedtls_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_mbedtls = {
{ CURLSSLBACKEND_MBEDTLS, "mbedtls" }, /* info */
- 1, /* have_ca_path */
- 0, /* have_certinfo */
- 1, /* have_pinnedpubkey */
- 1, /* have_ssl_ctx */
- 0, /* support_https_proxy */
+ SSLSUPP_CA_PATH |
+ SSLSUPP_PINNEDPUBKEY |
+ SSLSUPP_SSL_CTX,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 458f9d814..7cd450cda 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -2314,7 +2314,7 @@ static CURLcode Curl_nss_md5sum(unsigned char *tmp, /*
input */
return CURLE_OK;
}
-static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_nss_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum, /* output */
size_t sha256len)
@@ -2325,6 +2325,8 @@ static void Curl_nss_sha256sum(const unsigned char *tmp,
/* input */
PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen));
PK11_DigestFinal(SHA256pw, sha256sum, &SHA256out, curlx_uztoui(sha256len));
PK11_DestroyContext(SHA256pw, PR_TRUE);
+
+ return CURLE_OK;
}
static bool Curl_nss_cert_status_request(void)
@@ -2355,11 +2357,10 @@ static void *Curl_nss_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_nss = {
{ CURLSSLBACKEND_NSS, "nss" }, /* info */
- 1, /* have_ca_path */
- 1, /* have_certinfo */
- 1, /* have_pinnedpubkey */
- 0, /* have_ssl_ctx */
- 1, /* support_https_proxy */
+ SSLSUPP_CA_PATH |
+ SSLSUPP_CERTINFO |
+ SSLSUPP_PINNEDPUBKEY |
+ SSLSUPP_HTTPS_PROXY,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 2a6b3cfac..f6a4bd3fb 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -104,13 +104,22 @@
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
- !defined(LIBRESSL_VERSION_NUMBER)
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
#define CONST_EXTS const
#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
+
+/* funny typecast define due to difference in API */
+#ifdef LIBRESSL_VERSION_NUMBER
+#define ARG2_X509_signature_print (X509_ALGOR *)
+#else
+#define ARG2_X509_signature_print
+#endif
+
#else
/* For OpenSSL before 1.1.0 */
#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
@@ -128,7 +137,8 @@ static unsigned long OpenSSL_version_num(void)
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
- !defined(LIBRESSL_VERSION_NUMBER)
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
#define HAVE_X509_GET0_SIGNATURE 1
#endif
@@ -147,7 +157,7 @@ static unsigned long OpenSSL_version_num(void)
* Whether SSL_CTX_set_keylog_callback is available.
* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
* BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
- * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
+ * LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
* lies and pretends to be OpenSSL 2.0.0).
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
@@ -259,7 +269,9 @@ static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t
*state)
if(!session || !keylog_file_fp)
return;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+ !(defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
/* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
* we have a valid SSL context if we have a non-NULL session. */
SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
@@ -649,18 +661,28 @@ int cert_stuff(struct connectdata *conn,
case SSL_FILETYPE_PKCS12:
{
- FILE *f;
- PKCS12 *p12;
+ BIO *fp = NULL;
+ PKCS12 *p12 = NULL;
EVP_PKEY *pri;
STACK_OF(X509) *ca = NULL;
- f = fopen(cert_file, "rb");
- if(!f) {
+ fp = BIO_new(BIO_s_file());
+ if(fp == NULL) {
+ failf(data,
+ "BIO_new return NULL, " OSSL_PACKAGE
+ " error %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ return 0;
+ }
+
+ if(BIO_read_filename(fp, cert_file) <= 0) {
failf(data, "could not open PKCS12 file '%s'", cert_file);
+ BIO_free(fp);
return 0;
}
- p12 = d2i_PKCS12_fp(f, NULL);
- fclose(f);
+ p12 = d2i_PKCS12_bio(fp, NULL);
+ BIO_free(fp);
if(!p12) {
failf(data, "error reading PKCS12 file '%s'", cert_file);
@@ -1311,6 +1333,51 @@ static void Curl_ossl_close_all(struct Curl_easy *data)
/* ====================================================== */
+/*
+ * Match subjectAltName against the host name. This requires a conversion
+ * in CURL_DOES_CONVERSIONS builds.
+ */
+static bool subj_alt_hostcheck(struct Curl_easy *data,
+ const char *match_pattern, const char *hostname,
+ const char *dispname)
+#ifdef CURL_DOES_CONVERSIONS
+{
+ bool res = FALSE;
+
+ /* Curl_cert_hostcheck uses host encoding, but we get ASCII from
+ OpenSSl.
+ */
+ char *match_pattern2 = strdup(match_pattern);
+
+ if(match_pattern2) {
+ if(Curl_convert_from_network(data, match_pattern2,
+ strlen(match_pattern2)) == CURLE_OK) {
+ if(Curl_cert_hostcheck(match_pattern2, hostname)) {
+ res = TRUE;
+ infof(data,
+ " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
+ dispname, match_pattern2);
+ }
+ }
+ free(match_pattern2);
+ }
+ else {
+ failf(data,
+ "SSL: out of memory when allocating temporary for subjectAltName");
+ }
+ return res;
+}
+#else
+{
+ if(Curl_cert_hostcheck(match_pattern, hostname)) {
+ infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
+ dispname, match_pattern);
+ return TRUE;
+ }
+ return FALSE;
+}
+#endif
+
/* Quote from RFC2818 section 3.1 "Server Identity"
@@ -1410,11 +1477,8 @@ static CURLcode verifyhost(struct connectdata *conn,
X509 *server_cert)
if((altlen == strlen(altptr)) &&
/* if this isn't true, there was an embedded zero in the name
string and we cannot match it. */
- Curl_cert_hostcheck(altptr, hostname)) {
+ subj_alt_hostcheck(data, altptr, hostname, dispname)) {
dnsmatched = TRUE;
- infof(data,
- " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
- dispname, altptr);
}
break;
@@ -1725,13 +1789,40 @@ static const char *ssl_msg_type(int ssl_ver, int msg)
case SSL3_MT_CERTIFICATE_STATUS:
return "Certificate Status";
#endif
+#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
+ case SSL3_MT_ENCRYPTED_EXTENSIONS:
+ return "Encrypted Extensions";
+#endif
+#ifdef SSL3_MT_END_OF_EARLY_DATA
+ case SSL3_MT_END_OF_EARLY_DATA:
+ return "End of early data";
+#endif
+#ifdef SSL3_MT_KEY_UPDATE
+ case SSL3_MT_KEY_UPDATE:
+ return "Key update";
+#endif
+#ifdef SSL3_MT_NEXT_PROTO
+ case SSL3_MT_NEXT_PROTO:
+ return "Next protocol";
+#endif
+#ifdef SSL3_MT_MESSAGE_HASH
+ case SSL3_MT_MESSAGE_HASH:
+ return "Message hash";
+#endif
}
}
return "Unknown";
}
-static const char *tls_rt_type(int type)
+static const char *tls_rt_type(int type, const void *buf, size_t buflen)
{
+ (void)buf;
+ (void)buflen;
+#ifdef SSL3_RT_INNER_CONTENT_TYPE
+ if(type == SSL3_RT_INNER_CONTENT_TYPE && buf && buflen >= 1)
+ type = *(unsigned char *)buf;
+#endif
+
switch(type) {
#ifdef SSL3_RT_HEADER
case SSL3_RT_HEADER:
@@ -1759,10 +1850,7 @@ static void ssl_tls_trace(int direction, int ssl_ver,
int content_type,
void *userp)
{
struct Curl_easy *data;
- const char *msg_name, *tls_rt_name;
- char ssl_buf[1024];
char unknown[32];
- int msg_type, txt_len;
const char *verstr = NULL;
struct connectdata *conn = userp;
@@ -1810,6 +1898,10 @@ static void ssl_tls_trace(int direction, int ssl_ver,
int content_type,
}
if(ssl_ver) {
+ const char *msg_name, *tls_rt_name;
+ char ssl_buf[1024];
+ int msg_type, txt_len;
+
/* the info given when the version is zero is not that useful for us */
ssl_ver >>= 8; /* check the upper 8 bits only below */
@@ -1819,17 +1911,28 @@ static void ssl_tls_trace(int direction, int ssl_ver,
int content_type,
* is at 'buf[0]'.
*/
if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
- tls_rt_name = tls_rt_type(content_type);
+ tls_rt_name = tls_rt_type(content_type, buf, len);
else
tls_rt_name = "";
- msg_type = *(char *)buf;
- msg_name = ssl_msg_type(ssl_ver, msg_type);
+#ifdef SSL3_RT_INNER_CONTENT_TYPE
+ if(content_type == SSL3_RT_INNER_CONTENT_TYPE) {
+ msg_type = 0;
+ msg_name = "[no content]";
+ }
+ else
+#endif
+ {
+ msg_type = *(char *)buf;
+ msg_name = ssl_msg_type(ssl_ver, msg_type);
+ }
txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
verstr, direction?"OUT":"IN",
tls_rt_name, msg_name, msg_type);
- Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) {
+ Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ }
}
Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
@@ -2082,8 +2185,7 @@ static CURLcode ossl_connect_step1(struct connectdata
*conn, int sockindex)
case CURL_SSLVERSION_TLSv1_2:
case CURL_SSLVERSION_TLSv1_3:
/* it will be handled later with the context options */
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
- !defined(LIBRESSL_VERSION_NUMBER)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
req_method = TLS_client_method();
#else
req_method = SSLv23_client_method();
@@ -2338,11 +2440,10 @@ static CURLcode ossl_connect_step1(struct connectdata
*conn, int sockindex)
#endif
if(ssl_cafile || ssl_capath) {
- if(verifypeer) {
- /* tell SSL where to find CA certificates that are used to verify
- the servers certificate. */
- if(!SSL_CTX_load_verify_locations(BACKEND->ctx,
- ssl_cafile, ssl_capath)) {
+ /* tell SSL where to find CA certificates that are used to verify
+ the servers certificate. */
+ if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
+ if(verifypeer) {
/* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate verify locations:\n"
" CAfile: %s\n CApath: %s",
@@ -2350,18 +2451,20 @@ static CURLcode ossl_connect_step1(struct connectdata
*conn, int sockindex)
ssl_capath ? ssl_capath : "none");
return CURLE_SSL_CACERT_BADFILE;
}
- else {
- /* Everything is fine. */
- infof(data, "successfully set certificate verify locations:\n"
- " CAfile: %s\n CApath: %s\n",
- ssl_cafile ? ssl_cafile : "none",
- ssl_capath ? ssl_capath : "none");
- }
+ /* Just continue with a warning if no strict certificate verification
+ is required. */
+ infof(data, "error setting certificate verify locations,"
+ " continuing anyway:\n");
}
else {
- infof(data, "ignoring certificate verify locations due to "
- "disabled peer verification\n");
+ /* Everything is fine. */
+ infof(data, "successfully set certificate verify locations:\n");
}
+ infof(data,
+ " CAfile: %s\n"
+ " CApath: %s\n",
+ ssl_cafile ? ssl_cafile : "none",
+ ssl_capath ? ssl_capath : "none");
}
#ifdef CURL_CA_FALLBACK
else if(verifypeer) {
@@ -2799,7 +2902,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
ASN1_STRING *a = ASN1_STRING_new();
if(a) {
X509_get0_signature(&psig, &palg, x);
- X509_signature_print(mem, palg, a);
+ X509_signature_print(mem, ARG2_X509_signature_print palg, a);
ASN1_STRING_free(a);
if(palg) {
@@ -3034,7 +3137,8 @@ static CURLcode servercert(struct connectdata *conn,
long lerr, len;
struct Curl_easy *data = conn->data;
X509 *issuer;
- FILE *fp;
+ BIO *fp = NULL;
+ char error_buffer[256]="";
char buffer[2048];
const char *ptr;
long * const certverifyresult = SSL_IS_PROXY() ?
@@ -3045,8 +3149,20 @@ static CURLcode servercert(struct connectdata *conn,
/* we've been asked to gather certificate info! */
(void)get_cert_chain(conn, connssl);
+ fp = BIO_new(BIO_s_file());
+ if(fp == NULL) {
+ failf(data,
+ "BIO_new return NULL, " OSSL_PACKAGE
+ " error %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ BIO_free(mem);
+ return 0;
+ }
+
BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
if(!BACKEND->server_cert) {
+ BIO_free(fp);
BIO_free(mem);
if(!strict)
return CURLE_OK;
@@ -3076,6 +3192,7 @@ static CURLcode servercert(struct connectdata *conn,
if(SSL_CONN_CONFIG(verifyhost)) {
result = verifyhost(conn, BACKEND->server_cert);
if(result) {
+ BIO_free(fp);
X509_free(BACKEND->server_cert);
BACKEND->server_cert = NULL;
return result;
@@ -3097,35 +3214,35 @@ static CURLcode servercert(struct connectdata *conn,
/* e.g. match issuer name with provided issuer certificate */
if(SSL_SET_OPTION(issuercert)) {
- fp = fopen(SSL_SET_OPTION(issuercert), FOPEN_READTEXT);
- if(!fp) {
+ if(BIO_read_filename(fp, SSL_SET_OPTION(issuercert)) <= 0) {
if(strict)
failf(data, "SSL: Unable to open issuer cert (%s)",
SSL_SET_OPTION(issuercert));
+ BIO_free(fp);
X509_free(BACKEND->server_cert);
BACKEND->server_cert = NULL;
return CURLE_SSL_ISSUER_ERROR;
}
- issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
+ issuer = PEM_read_bio_X509(fp, NULL, ZERO_NULL, NULL);
if(!issuer) {
if(strict)
failf(data, "SSL: Unable to read issuer cert (%s)",
SSL_SET_OPTION(issuercert));
- X509_free(BACKEND->server_cert);
+ BIO_free(fp);
X509_free(issuer);
- fclose(fp);
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
return CURLE_SSL_ISSUER_ERROR;
}
- fclose(fp);
-
if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) {
if(strict)
failf(data, "SSL: Certificate issuer check failed (%s)",
SSL_SET_OPTION(issuercert));
- X509_free(BACKEND->server_cert);
+ BIO_free(fp);
X509_free(issuer);
+ X509_free(BACKEND->server_cert);
BACKEND->server_cert = NULL;
return CURLE_SSL_ISSUER_ERROR;
}
@@ -3160,6 +3277,7 @@ static CURLcode servercert(struct connectdata *conn,
if(SSL_CONN_CONFIG(verifystatus)) {
result = verifystatus(conn, connssl);
if(result) {
+ BIO_free(fp);
X509_free(BACKEND->server_cert);
BACKEND->server_cert = NULL;
return result;
@@ -3179,6 +3297,7 @@ static CURLcode servercert(struct connectdata *conn,
failf(data, "SSL: public key does not match pinned public key!");
}
+ BIO_free(fp);
X509_free(BACKEND->server_cert);
BACKEND->server_cert = NULL;
connssl->connecting_state = ssl_connect_done;
@@ -3592,7 +3711,7 @@ static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /*
input */
}
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
-static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum /* output */,
size_t unused)
@@ -3606,6 +3725,7 @@ static void Curl_ossl_sha256sum(const unsigned char *tmp,
/* input */
EVP_DigestUpdate(mdctx, tmp, tmplen);
EVP_DigestFinal_ex(mdctx, sha256sum, &len);
EVP_MD_CTX_destroy(mdctx);
+ return CURLE_OK;
}
#endif
@@ -3630,11 +3750,11 @@ static void *Curl_ossl_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_openssl = {
{ CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
- 1, /* have_ca_path */
- 1, /* have_certinfo */
- 1, /* have_pinnedpubkey */
- 1, /* have_ssl_ctx */
- 1, /* support_https_proxy */
+ SSLSUPP_CA_PATH |
+ SSLSUPP_CERTINFO |
+ SSLSUPP_PINNEDPUBKEY |
+ SSLSUPP_SSL_CTX |
+ SSLSUPP_HTTPS_PROXY,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index df29fa945..604cb4c86 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2012 - 2018, Daniel Stenberg, <address@hidden>, et al.
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <address@hidden>
*
* This software is licensed as described in the file COPYING, which
@@ -620,12 +620,10 @@ polarssl_connect_step3(struct connectdata *conn,
ssl_session *our_ssl_sessionid;
void *old_ssl_sessionid = NULL;
- our_ssl_sessionid = malloc(sizeof(ssl_session));
+ our_ssl_sessionid = calloc(1, sizeof(ssl_session));
if(!our_ssl_sessionid)
return CURLE_OUT_OF_MEMORY;
- memset(our_ssl_sessionid, 0, sizeof(ssl_session));
-
ret = ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
if(ret) {
failf(data, "ssl_get_session returned -0x%x", -ret);
@@ -882,13 +880,14 @@ static bool Curl_polarssl_data_pending(const struct
connectdata *conn,
return ssl_get_bytes_avail(&BACKEND->ssl) != 0;
}
-static void Curl_polarssl_sha256sum(const unsigned char *input,
+static CURLcode Curl_polarssl_sha256sum(const unsigned char *input,
size_t inputlen,
unsigned char *sha256sum,
size_t sha256len UNUSED_PARAM)
{
(void)sha256len;
sha256(input, inputlen, sha256sum, 0);
+ return CURLE_OK;
}
static void *Curl_polarssl_get_internals(struct ssl_connect_data *connssl,
@@ -901,11 +900,8 @@ static void *Curl_polarssl_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_polarssl = {
{ CURLSSLBACKEND_POLARSSL, "polarssl" }, /* info */
- 1, /* have_ca_path */
- 0, /* have_certinfo */
- 1, /* have_pinnedpubkey */
- 0, /* have_ssl_ctx */
- 0, /* support_https_proxy */
+ SSLSUPP_CA_PATH |
+ SSLSUPP_PINNEDPUBKEY,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index b8afe46f1..2cfd5c19f 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -42,13 +42,12 @@
#ifdef USE_SCHANNEL
+#define EXPOSE_SCHANNEL_INTERNAL_STRUCTS
+
#ifndef USE_WINDOWS_SSPI
# error "Can't compile SCHANNEL support without SSPI."
#endif
-#include <schnlsp.h>
-#include <schannel.h>
-#include "curl_sspi.h"
#include "schannel.h"
#include "vtls.h"
#include "sendf.h"
@@ -61,7 +60,6 @@
#include "x509asn1.h"
#include "curl_printf.h"
#include "system_win32.h"
-#include "hostcheck.h"
/* The last #include file should be: */
#include "curl_memory.h"
@@ -92,6 +90,12 @@
#endif
#endif
+#ifdef UNICODE
+#define CURL_CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W
+#else
+#define CURL_CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_A
+#endif
+
#ifndef SP_PROT_SSL2_CLIENT
#define SP_PROT_SSL2_CLIENT 0x00000008
#endif
@@ -124,6 +128,9 @@
#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096
#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024
+#define CERT_THUMBPRINT_STR_LEN 40
+#define CERT_THUMBPRINT_DATA_LEN 20
+
/* Uncomment to force verbose output
* #define infof(x, y, ...) printf(y, __VA_ARGS__)
* #define failf(x, y, ...) printf(y, __VA_ARGS__)
@@ -133,37 +140,6 @@
# define CALG_SHA_256 0x0000800c
#endif
-/* Structs to store Schannel handles */
-struct curl_schannel_cred {
- CredHandle cred_handle;
- TimeStamp time_stamp;
- int refcount;
-};
-
-struct curl_schannel_ctxt {
- CtxtHandle ctxt_handle;
- TimeStamp time_stamp;
-};
-
-struct ssl_backend_data {
- struct curl_schannel_cred *cred;
- struct curl_schannel_ctxt *ctxt;
- SecPkgContext_StreamSizes stream_sizes;
- size_t encdata_length, decdata_length;
- size_t encdata_offset, decdata_offset;
- unsigned char *encdata_buffer, *decdata_buffer;
- /* encdata_is_incomplete: if encdata contains only a partial record that
- can't be decrypted without another Curl_read_plain (that is, status is
- SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes
- more bytes into encdata then set this back to false. */
- bool encdata_is_incomplete;
- unsigned long req_flags, ret_flags;
- CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
- bool recv_sspi_close_notify; /* true if connection closed by close_notify */
- bool recv_connection_closed; /* true if connection closed, regardless how */
- bool use_alpn; /* true if ALPN is used for this connection */
-};
-
#define BACKEND connssl->backend
static Curl_recv schannel_recv;
@@ -172,10 +148,6 @@ static Curl_send schannel_send;
static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
const char *pinnedpubkey);
-#ifdef _WIN32_WCE
-static CURLcode verify_certificate(struct connectdata *conn, int sockindex);
-#endif
-
static void InitSecBuffer(SecBuffer *buffer, unsigned long BufType,
void *BufDataPtr, unsigned long BufByteSize)
{
@@ -228,6 +200,56 @@ set_ssl_version_min_max(SCHANNEL_CRED *schannel_cred,
struct connectdata *conn)
}
static CURLcode
+get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
+ TCHAR **thumbprint)
+{
+ TCHAR *sep;
+ size_t store_name_len;
+
+ sep = _tcschr(path, TEXT('\\'));
+ if(sep == NULL)
+ return CURLE_SSL_CONNECT_ERROR;
+
+ store_name_len = sep - path;
+
+ if(_tcsnccmp(path, TEXT("CurrentUser"), store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_CURRENT_USER;
+ else if(_tcsnccmp(path, TEXT("LocalMachine"), store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE;
+ else if(_tcsnccmp(path, TEXT("CurrentService"), store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_CURRENT_SERVICE;
+ else if(_tcsnccmp(path, TEXT("Services"), store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_SERVICES;
+ else if(_tcsnccmp(path, TEXT("Users"), store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_USERS;
+ else if(_tcsnccmp(path, TEXT("CurrentUserGroupPolicy"),
+ store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY;
+ else if(_tcsnccmp(path, TEXT("LocalMachineGroupPolicy"),
+ store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY;
+ else if(_tcsnccmp(path, TEXT("LocalMachineEnterprise"),
+ store_name_len) == 0)
+ *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE;
+ else
+ return CURLE_SSL_CONNECT_ERROR;
+
+ *store_path = sep + 1;
+
+ sep = _tcschr(*store_path, TEXT('\\'));
+ if(sep == NULL)
+ return CURLE_SSL_CONNECT_ERROR;
+
+ *sep = 0;
+
+ *thumbprint = sep + 1;
+ if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN)
+ return CURLE_SSL_CONNECT_ERROR;
+
+ return CURLE_OK;
+}
+
+static CURLcode
schannel_connect_step1(struct connectdata *conn, int sockindex)
{
ssize_t written = -1;
@@ -241,6 +263,7 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
unsigned char alpn_buffer[128];
#endif
SCHANNEL_CRED schannel_cred;
+ PCCERT_CONTEXT client_certs[1] = { NULL };
SECURITY_STATUS sspi_status = SEC_E_OK;
struct curl_schannel_cred *old_cred = NULL;
struct in_addr addr;
@@ -275,6 +298,26 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
BACKEND->use_alpn = false;
#endif
+#ifdef _WIN32_WCE
+ /* certificate validation on CE doesn't seem to work right; we'll
+ * do it following a more manual process. */
+ BACKEND->use_manual_cred_validation = true;
+#else
+ if(SSL_CONN_CONFIG(CAfile)) {
+ if(Curl_verify_windows_version(6, 1, PLATFORM_WINNT,
+ VERSION_GREATER_THAN_EQUAL)) {
+ BACKEND->use_manual_cred_validation = true;
+ }
+ else {
+ failf(data, "schannel: this version of Windows is too old to support "
+ "certificate verification via CA bundle file.");
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ }
+ else
+ BACKEND->use_manual_cred_validation = false;
+#endif
+
BACKEND->cred = NULL;
/* check for an existing re-usable credential handle */
@@ -298,26 +341,23 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
if(conn->ssl_config.verifypeer) {
-#ifdef _WIN32_WCE
- /* certificate validation on CE doesn't seem to work right; we'll
- do it following a more manual process. */
- schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
- SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
- SCH_CRED_IGNORE_REVOCATION_OFFLINE;
-#else
- schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION;
+ if(BACKEND->use_manual_cred_validation)
+ schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION;
+ else
+ schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION;
+
/* TODO s/data->set.ssl.no_revoke/SSL_SET_OPTION(no_revoke)/g */
- if(data->set.ssl.no_revoke)
+ if(data->set.ssl.no_revoke) {
schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
- SCH_CRED_IGNORE_REVOCATION_OFFLINE;
- else
- schannel_cred.dwFlags |= SCH_CRED_REVOCATION_CHECK_CHAIN;
-#endif
- if(data->set.ssl.no_revoke)
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+
infof(data, "schannel: disabled server certificate revocation "
"checks\n");
- else
+ }
+ else {
+ schannel_cred.dwFlags |= SCH_CRED_REVOCATION_CHECK_CHAIN;
infof(data, "schannel: checking server certificate revocation\n");
+ }
}
else {
schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
@@ -361,14 +401,70 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
return CURLE_SSL_CONNECT_ERROR;
}
+ /* client certificate */
+ if(data->set.ssl.cert) {
+ DWORD cert_store_name;
+ TCHAR *cert_store_path;
+ TCHAR *cert_thumbprint_str;
+ CRYPT_HASH_BLOB cert_thumbprint;
+ BYTE cert_thumbprint_data[CERT_THUMBPRINT_DATA_LEN];
+ HCERTSTORE cert_store;
+
+ TCHAR *cert_path = Curl_convert_UTF8_to_tchar(data->set.ssl.cert);
+ if(!cert_path)
+ return CURLE_OUT_OF_MEMORY;
+
+ result = get_cert_location(cert_path, &cert_store_name,
+ &cert_store_path, &cert_thumbprint_str);
+ if(result != CURLE_OK) {
+ Curl_unicodefree(cert_path);
+ return result;
+ }
+
+ cert_store = CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0,
+ (HCRYPTPROV)NULL,
+ cert_store_name, cert_store_path);
+ if(!cert_store) {
+ Curl_unicodefree(cert_path);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ cert_thumbprint.pbData = cert_thumbprint_data;
+ cert_thumbprint.cbData = CERT_THUMBPRINT_DATA_LEN;
+
+ if(!CryptStringToBinary(cert_thumbprint_str, CERT_THUMBPRINT_STR_LEN,
+ CRYPT_STRING_HEX,
+ cert_thumbprint_data, &cert_thumbprint.cbData,
+ NULL, NULL)) {
+ Curl_unicodefree(cert_path);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ client_certs[0] = CertFindCertificateInStore(
+ cert_store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0,
+ CERT_FIND_HASH, &cert_thumbprint, NULL);
+
+ Curl_unicodefree(cert_path);
+
+ if(client_certs[0]) {
+ schannel_cred.cCreds = 1;
+ schannel_cred.paCred = client_certs;
+ }
+
+ CertCloseStore(cert_store, 0);
+ }
+
/* allocate memory for the re-usable credential handle */
BACKEND->cred = (struct curl_schannel_cred *)
- malloc(sizeof(struct curl_schannel_cred));
+ calloc(1, sizeof(struct curl_schannel_cred));
if(!BACKEND->cred) {
failf(data, "schannel: unable to allocate memory");
+
+ if(client_certs[0])
+ CertFreeCertificateContext(client_certs[0]);
+
return CURLE_OUT_OF_MEMORY;
}
- memset(BACKEND->cred, 0, sizeof(struct curl_schannel_cred));
BACKEND->cred->refcount = 1;
/* https://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx
@@ -380,6 +476,9 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
&BACKEND->cred->cred_handle,
&BACKEND->cred->time_stamp);
+ if(client_certs[0])
+ CertFreeCertificateContext(client_certs[0]);
+
if(sspi_status != SEC_E_OK) {
if(sspi_status == SEC_E_WRONG_PRINCIPAL)
failf(data, "schannel: SNI or certificate check failed: %s",
@@ -445,8 +544,7 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
InitSecBuffer(&inbuf, SECBUFFER_APPLICATION_PROTOCOLS, alpn_buffer, cur);
InitSecBufferDesc(&inbuf_desc, &inbuf, 1);
}
- else
- {
+ else {
InitSecBuffer(&inbuf, SECBUFFER_EMPTY, NULL, 0);
InitSecBufferDesc(&inbuf_desc, &inbuf, 1);
}
@@ -466,12 +564,11 @@ schannel_connect_step1(struct connectdata *conn, int
sockindex)
/* allocate memory for the security context handle */
BACKEND->ctxt = (struct curl_schannel_ctxt *)
- malloc(sizeof(struct curl_schannel_ctxt));
+ calloc(1, sizeof(struct curl_schannel_ctxt));
if(!BACKEND->ctxt) {
failf(data, "schannel: unable to allocate memory");
return CURLE_OUT_OF_MEMORY;
}
- memset(BACKEND->ctxt, 0, sizeof(struct curl_schannel_ctxt));
host_name = Curl_convert_UTF8_to_tchar(hostname);
if(!host_name)
@@ -780,12 +877,9 @@ schannel_connect_step2(struct connectdata *conn, int
sockindex)
}
}
-#ifdef _WIN32_WCE
- /* Windows CE doesn't do any server certificate validation.
- We have to do it manually. */
- if(conn->ssl_config.verifypeer)
+ if(conn->ssl_config.verifypeer && BACKEND->use_manual_cred_validation) {
return verify_certificate(conn, sockindex);
-#endif
+ }
return CURLE_OK;
}
@@ -1750,146 +1844,6 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata
*conn, int sockindex,
return result;
}
-#ifdef _WIN32_WCE
-static CURLcode verify_certificate(struct connectdata *conn, int sockindex)
-{
- SECURITY_STATUS status;
- struct Curl_easy *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- CURLcode result = CURLE_OK;
- CERT_CONTEXT *pCertContextServer = NULL;
- const CERT_CHAIN_CONTEXT *pChainContext = NULL;
- const char * const conn_hostname = SSL_IS_PROXY() ?
- conn->http_proxy.host.name :
- conn->host.name;
-
- status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
- SECPKG_ATTR_REMOTE_CERT_CONTEXT,
- &pCertContextServer);
-
- if((status != SEC_E_OK) || (pCertContextServer == NULL)) {
- failf(data, "schannel: Failed to read remote certificate context: %s",
- Curl_sspi_strerror(conn, status));
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
-
- if(result == CURLE_OK) {
- CERT_CHAIN_PARA ChainPara;
- memset(&ChainPara, 0, sizeof(ChainPara));
- ChainPara.cbSize = sizeof(ChainPara);
-
- if(!CertGetCertificateChain(NULL,
- pCertContextServer,
- NULL,
- pCertContextServer->hCertStore,
- &ChainPara,
- (data->set.ssl.no_revoke ? 0 :
- CERT_CHAIN_REVOCATION_CHECK_CHAIN),
- NULL,
- &pChainContext)) {
- failf(data, "schannel: CertGetCertificateChain failed: %s",
- Curl_sspi_strerror(conn, GetLastError()));
- pChainContext = NULL;
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
-
- if(result == CURLE_OK) {
- CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0];
- DWORD dwTrustErrorMask = ~(DWORD)(CERT_TRUST_IS_NOT_TIME_NESTED);
- dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus;
- if(dwTrustErrorMask) {
- if(dwTrustErrorMask & CERT_TRUST_IS_REVOKED)
- failf(data, "schannel: CertGetCertificateChain trust error"
- " CERT_TRUST_IS_REVOKED");
- else if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN)
- failf(data, "schannel: CertGetCertificateChain trust error"
- " CERT_TRUST_IS_PARTIAL_CHAIN");
- else if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT)
- failf(data, "schannel: CertGetCertificateChain trust error"
- " CERT_TRUST_IS_UNTRUSTED_ROOT");
- else if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID)
- failf(data, "schannel: CertGetCertificateChain trust error"
- " CERT_TRUST_IS_NOT_TIME_VALID");
- else
- failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x",
- dwTrustErrorMask);
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
- }
- }
-
- if(result == CURLE_OK) {
- if(conn->ssl_config.verifyhost) {
- TCHAR cert_hostname_buff[256];
- DWORD len;
-
- /* TODO: Fix this for certificates with multiple alternative names.
- Right now we're only asking for the first preferred alternative name.
- Instead we'd need to do all via CERT_NAME_SEARCH_ALL_NAMES_FLAG
- (if WinCE supports that?) and run this section in a loop for each.
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa376086.aspx
- curl: (51) schannel: CertGetNameString() certificate hostname
- (.google.com) did not match connection (google.com)
- */
- len = CertGetNameString(pCertContextServer,
- CERT_NAME_DNS_TYPE,
- CERT_NAME_DISABLE_IE4_UTF8_FLAG,
- NULL,
- cert_hostname_buff,
- 256);
- if(len > 0) {
- const char *cert_hostname;
-
- /* Comparing the cert name and the connection hostname encoded as UTF-8
- * is acceptable since both values are assumed to use ASCII
- * (or some equivalent) encoding
- */
- cert_hostname = Curl_convert_tchar_to_UTF8(cert_hostname_buff);
- if(!cert_hostname) {
- result = CURLE_OUT_OF_MEMORY;
- }
- else{
- int match_result;
-
- match_result = Curl_cert_hostcheck(cert_hostname, conn->host.name);
- if(match_result == CURL_HOST_MATCH) {
- infof(data,
- "schannel: connection hostname (%s) validated "
- "against certificate name (%s)\n",
- conn->host.name,
- cert_hostname);
- result = CURLE_OK;
- }
- else{
- failf(data,
- "schannel: connection hostname (%s) "
- "does not match certificate name (%s)",
- conn->host.name,
- cert_hostname);
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
- Curl_unicodefree(cert_hostname);
- }
- }
- else {
- failf(data,
- "schannel: CertGetNameString did not provide any "
- "certificate name information");
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
- }
- }
-
- if(pChainContext)
- CertFreeCertificateChain(pChainContext);
-
- if(pCertContextServer)
- CertFreeCertificateContext(pCertContextServer);
-
- return result;
-}
-#endif /* _WIN32_WCE */
-
static void Curl_schannel_checksum(const unsigned char *input,
size_t inputlen,
unsigned char *checksum,
@@ -1949,13 +1903,14 @@ static CURLcode Curl_schannel_md5sum(unsigned char
*input,
return CURLE_OK;
}
-static void Curl_schannel_sha256sum(const unsigned char *input,
+static CURLcode Curl_schannel_sha256sum(const unsigned char *input,
size_t inputlen,
unsigned char *sha256sum,
size_t sha256len)
{
Curl_schannel_checksum(input, inputlen, sha256sum, sha256len,
PROV_RSA_AES, CALG_SHA_256);
+ return CURLE_OK;
}
static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl,
@@ -1968,11 +1923,8 @@ static void *Curl_schannel_get_internals(struct
ssl_connect_data *connssl,
const struct Curl_ssl Curl_ssl_schannel = {
{ CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */
- 0, /* have_ca_path */
- 1, /* have_certinfo */
- 1, /* have_pinnedpubkey */
- 0, /* have_ssl_ctx */
- 0, /* support_https_proxy */
+ SSLSUPP_CERTINFO |
+ SSLSUPP_PINNEDPUBKEY,
sizeof(struct ssl_backend_data),
diff --git a/lib/vtls/schannel.h b/lib/vtls/schannel.h
index 932103da4..447690027 100644
--- a/lib/vtls/schannel.h
+++ b/lib/vtls/schannel.h
@@ -26,9 +26,49 @@
#ifdef USE_SCHANNEL
+#include <schnlsp.h>
+#include <schannel.h>
+#include "curl_sspi.h"
+
#include "urldata.h"
extern const struct Curl_ssl Curl_ssl_schannel;
+CURLcode verify_certificate(struct connectdata *conn, int sockindex);
+
+/* structs to expose only in schannel.c and schannel_verify.c */
+#ifdef EXPOSE_SCHANNEL_INTERNAL_STRUCTS
+struct curl_schannel_cred {
+ CredHandle cred_handle;
+ TimeStamp time_stamp;
+ int refcount;
+};
+
+struct curl_schannel_ctxt {
+ CtxtHandle ctxt_handle;
+ TimeStamp time_stamp;
+};
+
+struct ssl_backend_data {
+ struct curl_schannel_cred *cred;
+ struct curl_schannel_ctxt *ctxt;
+ SecPkgContext_StreamSizes stream_sizes;
+ size_t encdata_length, decdata_length;
+ size_t encdata_offset, decdata_offset;
+ unsigned char *encdata_buffer, *decdata_buffer;
+ /* encdata_is_incomplete: if encdata contains only a partial record that
+ can't be decrypted without another Curl_read_plain (that is, status is
+ SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes
+ more bytes into encdata then set this back to false. */
+ bool encdata_is_incomplete;
+ unsigned long req_flags, ret_flags;
+ CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
+ bool recv_sspi_close_notify; /* true if connection closed by close_notify */
+ bool recv_connection_closed; /* true if connection closed, regardless how */
+ bool use_alpn; /* true if ALPN is used for this connection */
+ bool use_manual_cred_validation; /* true if manual cred validation is used */
+};
+#endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */
+
#endif /* USE_SCHANNEL */
#endif /* HEADER_CURL_SCHANNEL_H */
diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
new file mode 100644
index 000000000..db187dd6b
--- /dev/null
+++ b/lib/vtls/schannel_verify.c
@@ -0,0 +1,551 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2016, Marc Hoersken, <address@hidden>
+ * Copyright (C) 2012, Mark Salisbury, <address@hidden>
+ * Copyright (C) 2012 - 2018, Daniel Stenberg, <address@hidden>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for SChannel-specific certificate verification. This code should
+ * only be invoked by code in schannel.c.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_SCHANNEL
+
+#define EXPOSE_SCHANNEL_INTERNAL_STRUCTS
+
+#ifndef USE_WINDOWS_SSPI
+# error "Can't compile SCHANNEL support without SSPI."
+#endif
+
+#include "schannel.h"
+#include "vtls.h"
+#include "sendf.h"
+#include "strerror.h"
+#include "curl_multibyte.h"
+#include "curl_printf.h"
+#include "hostcheck.h"
+#include "system_win32.h"
+
+/* The last #include file should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#define BACKEND connssl->backend
+
+#define MAX_CAFILE_SIZE 1048576 /* 1 MiB */
+#define BEGIN_CERT "-----BEGIN CERTIFICATE-----\n"
+#define END_CERT "\n-----END CERTIFICATE-----"
+
+typedef struct {
+ DWORD cbSize;
+ HCERTSTORE hRestrictedRoot;
+ HCERTSTORE hRestrictedTrust;
+ HCERTSTORE hRestrictedOther;
+ DWORD cAdditionalStore;
+ HCERTSTORE *rghAdditionalStore;
+ DWORD dwFlags;
+ DWORD dwUrlRetrievalTimeout;
+ DWORD MaximumCachedCertificates;
+ DWORD CycleDetectionModulus;
+ HCERTSTORE hExclusiveRoot;
+ HCERTSTORE hExclusiveTrustedPeople;
+} CERT_CHAIN_ENGINE_CONFIG_WIN7, *PCERT_CHAIN_ENGINE_CONFIG_WIN7;
+
+
+static CURLcode add_certs_to_store(HCERTSTORE trust_store,
+ const char *ca_file,
+ struct connectdata *conn)
+{
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
+ HANDLE ca_file_handle = INVALID_HANDLE_VALUE;
+ LARGE_INTEGER file_size;
+ char *ca_file_buffer = NULL;
+ char *current_ca_file_ptr = NULL;
+ const TCHAR *ca_file_tstr = NULL;
+ size_t ca_file_bufsize = 0;
+ DWORD total_bytes_read = 0;
+ bool more_certs = 0;
+ int num_certs = 0;
+ size_t END_CERT_LEN;
+
+ ca_file_tstr = Curl_convert_UTF8_to_tchar(ca_file);
+ if(!ca_file_tstr) {
+ failf(data,
+ "schannel: invalid path name for CA file '%s': %s",
+ ca_file, Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ goto cleanup;
+ }
+
+ /*
+ * Read the CA file completely into memory before parsing it. This
+ * optimizes for the common case where the CA file will be relatively
+ * small ( < 1 MiB ).
+ */
+ ca_file_handle = CreateFile(ca_file_tstr,
+ GENERIC_READ,
+ 0,
+ NULL,
+ OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL,
+ NULL);
+ if(ca_file_handle == INVALID_HANDLE_VALUE) {
+ failf(data,
+ "schannel: failed to open CA file '%s': %s",
+ ca_file, Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ goto cleanup;
+ }
+
+ if(!GetFileSizeEx(ca_file_handle, &file_size)) {
+ failf(data,
+ "schannel: failed to determine size of CA file '%s': %s",
+ ca_file, Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ goto cleanup;
+ }
+
+ if(file_size.QuadPart > MAX_CAFILE_SIZE) {
+ failf(data,
+ "schannel: CA file exceeds max size of %u bytes",
+ MAX_CAFILE_SIZE);
+ result = CURLE_OUT_OF_MEMORY;
+ goto cleanup;
+ }
+
+ ca_file_bufsize = (size_t)file_size.QuadPart;
+ ca_file_buffer = (char *)malloc(ca_file_bufsize + 1);
+ if(!ca_file_buffer) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto cleanup;
+ }
+
+ result = CURLE_OK;
+ while(total_bytes_read < ca_file_bufsize) {
+ DWORD bytes_to_read = (DWORD)(ca_file_bufsize - total_bytes_read);
+ DWORD bytes_read = 0;
+
+ if(!ReadFile(ca_file_handle, ca_file_buffer + total_bytes_read,
+ bytes_to_read, &bytes_read, NULL)) {
+
+ failf(data,
+ "schannel: failed to read from CA file '%s': %s",
+ ca_file, Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ goto cleanup;
+ }
+ if(bytes_read == 0) {
+ /* Premature EOF -- adjust the bufsize to the new value */
+ ca_file_bufsize = total_bytes_read;
+ }
+ else {
+ total_bytes_read += bytes_read;
+ }
+ }
+
+ /* Null terminate the buffer */
+ ca_file_buffer[ca_file_bufsize] = '\0';
+
+ if(result != CURLE_OK) {
+ goto cleanup;
+ }
+
+ END_CERT_LEN = strlen(END_CERT);
+
+ more_certs = 1;
+ current_ca_file_ptr = ca_file_buffer;
+ while(more_certs && *current_ca_file_ptr != '\0') {
+ char *begin_cert_ptr = strstr(current_ca_file_ptr, BEGIN_CERT);
+ if(!begin_cert_ptr) {
+ more_certs = 0;
+ }
+ else {
+ char *end_cert_ptr = strstr(begin_cert_ptr, END_CERT);
+ if(!end_cert_ptr) {
+ failf(data,
+ "schannel: CA file '%s' is not correctly formatted",
+ ca_file);
+ result = CURLE_SSL_CACERT_BADFILE;
+ more_certs = 0;
+ }
+ else {
+ CERT_BLOB cert_blob;
+ CERT_CONTEXT *cert_context = NULL;
+ BOOL add_cert_result = FALSE;
+ DWORD actual_content_type = 0;
+ DWORD cert_size = (DWORD)
+ ((end_cert_ptr + END_CERT_LEN) - begin_cert_ptr);
+
+ cert_blob.pbData = (BYTE *)begin_cert_ptr;
+ cert_blob.cbData = cert_size;
+ if(!CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
+ &cert_blob,
+ CERT_QUERY_CONTENT_FLAG_CERT,
+ CERT_QUERY_FORMAT_FLAG_ALL,
+ 0,
+ NULL,
+ &actual_content_type,
+ NULL,
+ NULL,
+ NULL,
+ &cert_context)) {
+
+ failf(data,
+ "schannel: failed to extract certificate from CA file "
+ "'%s': %s",
+ ca_file, Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ more_certs = 0;
+ }
+ else {
+ current_ca_file_ptr = begin_cert_ptr + cert_size;
+
+ /* Sanity check that the cert_context object is the right type */
+ if(CERT_QUERY_CONTENT_CERT != actual_content_type) {
+ failf(data,
+ "schannel: unexpected content type '%d' when extracting "
+ "certificate from CA file '%s'",
+ actual_content_type, ca_file);
+ result = CURLE_SSL_CACERT_BADFILE;
+ more_certs = 0;
+ }
+ else {
+ add_cert_result =
+ CertAddCertificateContextToStore(trust_store,
+ cert_context,
+ CERT_STORE_ADD_ALWAYS,
+ NULL);
+ CertFreeCertificateContext(cert_context);
+ if(!add_cert_result) {
+ failf(data,
+ "schannel: failed to add certificate from CA file '%s'"
+ "to certificate store: %s",
+ ca_file, Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ more_certs = 0;
+ }
+ else {
+ num_certs++;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if(result == CURLE_OK) {
+ if(!num_certs) {
+ infof(data,
+ "schannel: did not add any certificates from CA file '%s'\n",
+ ca_file);
+ }
+ else {
+ infof(data,
+ "schannel: added %d certificate(s) from CA file '%s'\n",
+ num_certs, ca_file);
+ }
+ }
+
+cleanup:
+ if(ca_file_handle != INVALID_HANDLE_VALUE) {
+ CloseHandle(ca_file_handle);
+ }
+ Curl_safefree(ca_file_buffer);
+ Curl_unicodefree(ca_file_tstr);
+
+ return result;
+}
+
+static CURLcode verify_host(struct Curl_easy *data,
+ CERT_CONTEXT *pCertContextServer,
+ const char * const conn_hostname)
+{
+ CURLcode result = CURLE_PEER_FAILED_VERIFICATION;
+ TCHAR *cert_hostname_buff = NULL;
+ size_t cert_hostname_buff_index = 0;
+ DWORD len = 0;
+ DWORD actual_len = 0;
+
+ /* CertGetNameString will provide the 8-bit character string without
+ * any decoding */
+ DWORD name_flags = CERT_NAME_DISABLE_IE4_UTF8_FLAG;
+
+#ifdef CERT_NAME_SEARCH_ALL_NAMES_FLAG
+ name_flags |= CERT_NAME_SEARCH_ALL_NAMES_FLAG;
+#endif
+
+ /* Determine the size of the string needed for the cert hostname */
+ len = CertGetNameString(pCertContextServer,
+ CERT_NAME_DNS_TYPE,
+ name_flags,
+ NULL,
+ NULL,
+ 0);
+ if(len == 0) {
+ failf(data,
+ "schannel: CertGetNameString() returned no "
+ "certificate name information");
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ goto cleanup;
+ }
+
+ /* CertGetNameString guarantees that the returned name will not contain
+ * embedded null bytes. This appears to be undocumented behavior.
+ */
+ cert_hostname_buff = (LPTSTR)malloc(len * sizeof(TCHAR));
+ actual_len = CertGetNameString(pCertContextServer,
+ CERT_NAME_DNS_TYPE,
+ name_flags,
+ NULL,
+ (LPTSTR) cert_hostname_buff,
+ len);
+
+ /* Sanity check */
+ if(actual_len != len) {
+ failf(data,
+ "schannel: CertGetNameString() returned certificate "
+ "name information of unexpected size");
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ goto cleanup;
+ }
+
+ /* If HAVE_CERT_NAME_SEARCH_ALL_NAMES is available, the output
+ * will contain all DNS names, where each name is null-terminated
+ * and the last DNS name is double null-terminated. Due to this
+ * encoding, use the length of the buffer to iterate over all names.
+ */
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ while(cert_hostname_buff_index < len &&
+ cert_hostname_buff[cert_hostname_buff_index] != TEXT('\0') &&
+ result == CURLE_PEER_FAILED_VERIFICATION) {
+
+ char *cert_hostname;
+
+ /* Comparing the cert name and the connection hostname encoded as UTF-8
+ * is acceptable since both values are assumed to use ASCII
+ * (or some equivalent) encoding
+ */
+ cert_hostname = Curl_convert_tchar_to_UTF8(
+ &cert_hostname_buff[cert_hostname_buff_index]);
+ if(!cert_hostname) {
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ else {
+ int match_result;
+
+ match_result = Curl_cert_hostcheck(cert_hostname, conn_hostname);
+ if(match_result == CURL_HOST_MATCH) {
+ infof(data,
+ "schannel: connection hostname (%s) validated "
+ "against certificate name (%s)\n",
+ conn_hostname, cert_hostname);
+ result = CURLE_OK;
+ }
+ else {
+ size_t cert_hostname_len;
+
+ infof(data,
+ "schannel: connection hostname (%s) did not match "
+ "against certificate name (%s)\n",
+ conn_hostname, cert_hostname);
+
+ cert_hostname_len = _tcslen(
+ &cert_hostname_buff[cert_hostname_buff_index]);
+
+ /* Move on to next cert name */
+ cert_hostname_buff_index += cert_hostname_len + 1;
+
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ Curl_unicodefree(cert_hostname);
+ }
+ }
+
+ if(result == CURLE_PEER_FAILED_VERIFICATION) {
+ failf(data,
+ "schannel: CertGetNameString() failed to match "
+ "connection hostname (%s) against server certificate names",
+ conn_hostname);
+ }
+ else if(result != CURLE_OK)
+ failf(data, "schannel: server certificate name verification failed");
+
+cleanup:
+ Curl_unicodefree(cert_hostname_buff);
+
+ return result;
+}
+
+CURLcode verify_certificate(struct connectdata *conn, int sockindex)
+{
+ SECURITY_STATUS status;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ CURLcode result = CURLE_OK;
+ CERT_CONTEXT *pCertContextServer = NULL;
+ const CERT_CHAIN_CONTEXT *pChainContext = NULL;
+ HCERTCHAINENGINE cert_chain_engine = NULL;
+ HCERTSTORE trust_store = NULL;
+ const char * const conn_hostname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.name :
+ conn->host.name;
+
+ status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
+ SECPKG_ATTR_REMOTE_CERT_CONTEXT,
+ &pCertContextServer);
+
+ if((status != SEC_E_OK) || (pCertContextServer == NULL)) {
+ failf(data, "schannel: Failed to read remote certificate context: %s",
+ Curl_sspi_strerror(conn, status));
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ if(result == CURLE_OK && SSL_CONN_CONFIG(CAfile) &&
+ BACKEND->use_manual_cred_validation) {
+ /*
+ * Create a chain engine that uses the certificates in the CA file as
+ * trusted certificates. This is only supported on Windows 7+.
+ */
+
+ if(Curl_verify_windows_version(6, 1, PLATFORM_WINNT, VERSION_LESS_THAN)) {
+ failf(data, "schannel: this version of Windows is too old to support "
+ "certificate verification via CA bundle file.");
+ result = CURLE_SSL_CACERT_BADFILE;
+ }
+ else {
+ /* Open the certificate store */
+ trust_store = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ 0,
+ (HCRYPTPROV)NULL,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+ if(!trust_store) {
+ failf(data, "schannel: failed to create certificate store: %s",
+ Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ }
+ else {
+ result = add_certs_to_store(trust_store, SSL_CONN_CONFIG(CAfile),
+ conn);
+ }
+ }
+
+ if(result == CURLE_OK) {
+ CERT_CHAIN_ENGINE_CONFIG_WIN7 engine_config;
+ BOOL create_engine_result;
+
+ memset(&engine_config, 0, sizeof(engine_config));
+ engine_config.cbSize = sizeof(engine_config);
+ engine_config.hExclusiveRoot = trust_store;
+
+ /* CertCreateCertificateChainEngine will check the expected size of the
+ * CERT_CHAIN_ENGINE_CONFIG structure and fail if the specified size
+ * does not match the expected size. When this occurs, it indicates that
+ * CAINFO is not supported on the version of Windows in use.
+ */
+ create_engine_result =
+ CertCreateCertificateChainEngine(
+ (CERT_CHAIN_ENGINE_CONFIG *)&engine_config, &cert_chain_engine);
+ if(!create_engine_result) {
+ failf(data,
+ "schannel: failed to create certificate chain engine: %s",
+ Curl_strerror(conn, GetLastError()));
+ result = CURLE_SSL_CACERT_BADFILE;
+ }
+ }
+ }
+
+ if(result == CURLE_OK) {
+ CERT_CHAIN_PARA ChainPara;
+
+ memset(&ChainPara, 0, sizeof(ChainPara));
+ ChainPara.cbSize = sizeof(ChainPara);
+
+ if(!CertGetCertificateChain(cert_chain_engine,
+ pCertContextServer,
+ NULL,
+ pCertContextServer->hCertStore,
+ &ChainPara,
+ (data->set.ssl.no_revoke ? 0 :
+ CERT_CHAIN_REVOCATION_CHECK_CHAIN),
+ NULL,
+ &pChainContext)) {
+ failf(data, "schannel: CertGetCertificateChain failed: %s",
+ Curl_sspi_strerror(conn, GetLastError()));
+ pChainContext = NULL;
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ if(result == CURLE_OK) {
+ CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0];
+ DWORD dwTrustErrorMask = ~(DWORD)(CERT_TRUST_IS_NOT_TIME_NESTED);
+ dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus;
+ if(dwTrustErrorMask) {
+ if(dwTrustErrorMask & CERT_TRUST_IS_REVOKED)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_REVOKED");
+ else if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_PARTIAL_CHAIN");
+ else if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_UNTRUSTED_ROOT");
+ else if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_NOT_TIME_VALID");
+ else if(dwTrustErrorMask & CERT_TRUST_REVOCATION_STATUS_UNKNOWN)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_REVOCATION_STATUS_UNKNOWN");
+ else
+ failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x",
+ dwTrustErrorMask);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ }
+ }
+
+ if(result == CURLE_OK) {
+ if(SSL_CONN_CONFIG(verifyhost)) {
+ result = verify_host(conn->data, pCertContextServer, conn_hostname);
+ }
+ }
+
+ if(cert_chain_engine) {
+ CertFreeCertificateChainEngine(cert_chain_engine);
+ }
+
+ if(trust_store) {
+ CertCloseStore(trust_store, 0);
+ }
+
+ if(pChainContext)
+ CertFreeCertificateChain(pChainContext);
+
+ if(pCertContextServer)
+ CertFreeCertificateContext(pCertContextServer);
+
+ return result;
+}
+
+#endif /* USE_SCHANNEL */
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index def1d30cb..ee5bc7a0a 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -211,7 +211,7 @@ ssl_connect_init_proxy(struct connectdata *conn, int
sockindex)
!conn->proxy_ssl[sockindex].use) {
struct ssl_backend_data *pbdata;
- if(!Curl_ssl->support_https_proxy)
+ if(!(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY))
return CURLE_NOT_BUILT_IN;
/* The pointers to the ssl backend data, which is opaque here, are swapped
@@ -511,7 +511,7 @@ void Curl_ssl_close_all(struct Curl_easy *data)
#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS) || \
- defined(USE_MBEDTLS)
+ defined(USE_MBEDTLS) || defined(USE_CYASSL)
int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks,
int numsocks)
{
@@ -831,8 +831,12 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
sha256sumdigest = malloc(CURL_SHA256_DIGEST_LENGTH);
if(!sha256sumdigest)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl->sha256sum(pubkey, pubkeylen,
+ encode = Curl_ssl->sha256sum(pubkey, pubkeylen,
sha256sumdigest, CURL_SHA256_DIGEST_LENGTH);
+
+ if(encode != CURLE_OK)
+ return encode;
+
encode = Curl_base64_encode(data, (char *)sha256sumdigest,
CURL_SHA256_DIGEST_LENGTH, &encoded,
&encodedlen);
@@ -1127,13 +1131,7 @@ static void Curl_multissl_close(struct connectdata
*conn, int sockindex)
static const struct Curl_ssl Curl_ssl_multi = {
{ CURLSSLBACKEND_NONE, "multi" }, /* info */
-
- 0, /* have_ca_path */
- 0, /* have_certinfo */
- 0, /* have_pinnedpubkey */
- 0, /* have_ssl_ctx */
- 0, /* support_https_proxy */
-
+ 0, /* supports nothing */
(size_t)-1, /* something insanely large to be on the safe side */
Curl_multissl_init, /* init */
@@ -1300,6 +1298,9 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const
char *name,
{
int i;
+ if(avail)
+ *avail = (const curl_ssl_backend **)&available_backends;
+
if(Curl_ssl != &Curl_ssl_multi)
return id == Curl_ssl->info.id ? CURLSSLSET_OK : CURLSSLSET_TOO_LATE;
@@ -1311,8 +1312,6 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const
char *name,
}
}
- if(avail)
- *avail = (const curl_ssl_backend **)&available_backends;
return CURLSSLSET_UNKNOWN_BACKEND;
}
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index c5f9d4a3f..e7b87c4d3 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -26,20 +26,19 @@
struct connectdata;
struct ssl_connect_data;
+#define SSLSUPP_CA_PATH (1<<0) /* supports CAPATH */
+#define SSLSUPP_CERTINFO (1<<1) /* supports CURLOPT_CERTINFO */
+#define SSLSUPP_PINNEDPUBKEY (1<<2) /* supports CURLOPT_PINNEDPUBLICKEY */
+#define SSLSUPP_SSL_CTX (1<<3) /* supports CURLOPT_SSL_CTX */
+#define SSLSUPP_HTTPS_PROXY (1<<4) /* supports access via HTTPS proxies */
+
struct Curl_ssl {
/*
* This *must* be the first entry to allow returning the list of available
* backends in curl_global_sslset().
*/
curl_ssl_backend info;
-
- unsigned have_ca_path:1; /* supports CAPATH */
- unsigned have_certinfo:1; /* supports CURLOPT_CERTINFO */
- unsigned have_pinnedpubkey:1; /* supports CURLOPT_PINNEDPUBLICKEY */
- unsigned have_ssl_ctx:1; /* supports CURLOPT_SSL_CTX_* */
-
- unsigned support_https_proxy:1; /* supports access via HTTPS proxies */
-
+ unsigned int supports; /* bitfield, see above */
size_t sizeof_ssl_backend_data;
int (*init)(void);
@@ -72,7 +71,7 @@ struct Curl_ssl {
CURLcode (*md5sum)(unsigned char *input, size_t inputlen,
unsigned char *md5sum, size_t md5sumlen);
- void (*sha256sum)(const unsigned char *input, size_t inputlen,
+ CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
unsigned char *sha256sum, size_t sha256sumlen);
};
@@ -113,8 +112,10 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t
inputlen,
#endif
#ifndef MD5_DIGEST_LENGTH
+#ifndef LIBWOLFSSL_VERSION_HEX /* because WolfSSL borks this */
#define MD5_DIGEST_LENGTH 16 /* fixed size */
#endif
+#endif
#ifndef CURL_SHA256_DIGEST_LENGTH
#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
diff --git a/lib/warnless.h b/lib/warnless.h
index 318c020c2..e31323971 100644
--- a/lib/warnless.h
+++ b/lib/warnless.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -26,11 +26,6 @@
#include <gnurl/curl.h> /* for curl_socket_t */
#endif
-#define CURLX_POINTER_TO_INTEGER_CAST(p) \
- ((char *)(p) - (char *)NULL)
-#define CURLX_INTEGER_TO_POINTER_CAST(i) \
- ((void *)((char *)NULL + (i)))
-
unsigned short curlx_ultous(unsigned long ulnum);
unsigned char curlx_ultouc(unsigned long ulnum);
diff --git a/lib/wildcard.c b/lib/wildcard.c
index af45c79bd..8ba0989b4 100644
--- a/lib/wildcard.c
+++ b/lib/wildcard.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -30,9 +30,15 @@
#include "curl_memory.h"
#include "memdebug.h"
+static void fileinfo_dtor(void *user, void *element)
+{
+ (void)user;
+ Curl_fileinfo_cleanup(element);
+}
+
CURLcode Curl_wildcard_init(struct WildcardData *wc)
{
- Curl_llist_init(&wc->filelist, Curl_fileinfo_dtor);
+ Curl_llist_init(&wc->filelist, fileinfo_dtor);
wc->state = CURLWC_INIT;
return CURLE_OK;
@@ -43,12 +49,12 @@ void Curl_wildcard_dtor(struct WildcardData *wc)
if(!wc)
return;
- if(wc->tmp_dtor) {
- wc->tmp_dtor(wc->tmp);
- wc->tmp_dtor = ZERO_NULL;
- wc->tmp = NULL;
+ if(wc->dtor) {
+ wc->dtor(wc->protdata);
+ wc->dtor = ZERO_NULL;
+ wc->protdata = NULL;
}
- DEBUGASSERT(wc->tmp == NULL);
+ DEBUGASSERT(wc->protdata == NULL);
Curl_llist_destroy(&wc->filelist, NULL);
diff --git a/lib/wildcard.h b/lib/wildcard.h
index 89d965ccf..9e7035097 100644
--- a/lib/wildcard.h
+++ b/lib/wildcard.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 2010 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -40,7 +40,7 @@ typedef enum {
will end */
} curl_wildcard_states;
-typedef void (*curl_wildcard_tmp_dtor)(void *ptr);
+typedef void (*curl_wildcard_dtor)(void *ptr);
/* struct keeping information about wildcard download process */
struct WildcardData {
@@ -48,8 +48,8 @@ struct WildcardData {
char *path; /* path to the directory, where we trying wildcard-match */
char *pattern; /* wildcard pattern */
struct curl_llist filelist; /* llist with struct Curl_fileinfo */
- void *tmp; /* pointer to protocol specific temporary data */
- curl_wildcard_tmp_dtor tmp_dtor;
+ void *protdata; /* pointer to protocol specific temporary data */
+ curl_wildcard_dtor dtor;
void *customptr; /* for CURLOPT_CHUNK_DATA pointer */
};
diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4
index 422946e26..c1ae6a559 100644
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+# Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -1044,6 +1044,23 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
tmp_CFLAGS="$tmp_CFLAGS -Wdouble-promotion"
fi
#
+ dnl Only gcc 6 or later
+ if test "$compiler_num" -ge "600"; then
+ tmp_CFLAGS="$tmp_CFLAGS -Wshift-negative-value"
+ tmp_CFLAGS="$tmp_CFLAGS -Wshift-overflow=2"
+ tmp_CFLAGS="$tmp_CFLAGS -Wnull-dereference"
+ tmp_CFLAGS="$tmp_CFLAGS -Wduplicated-cond"
+ fi
+ #
+ dnl Only gcc 7 or later
+ if test "$compiler_num" -ge "700"; then
+ tmp_CFLAGS="$tmp_CFLAGS -Wduplicated-branches"
+ tmp_CFLAGS="$tmp_CFLAGS -Wrestrict"
+ tmp_CFLAGS="$tmp_CFLAGS -Walloc-zero"
+ tmp_CFLAGS="$tmp_CFLAGS -Wformat-overflow=2"
+ tmp_CFLAGS="$tmp_CFLAGS -Wformat-truncation=2"
+ fi
+ #
fi
#
dnl Do not issue warnings for code in system include paths.
@@ -1282,15 +1299,6 @@ AC_DEFUN([CURL_CHECK_CURLDEBUG], [
want_curldebug="no"
fi
fi
- #
- if test "$want_curldebug" = "yes"; then
- CPPFLAGS="-DCURLDEBUG $CPPFLAGS"
- squeeze CPPFLAGS
- fi
- if test "$want_debug" = "yes"; then
- CPPFLAGS="-DDEBUGBUILD $CPPFLAGS"
- squeeze CPPFLAGS
- fi
])
diff --git a/m4/curl-confopts.m4 b/m4/curl-confopts.m4
index 6dcd0f1a6..ad6acd8f0 100644
--- a/m4/curl-confopts.m4
+++ b/m4/curl-confopts.m4
@@ -114,6 +114,7 @@ AC_HELP_STRING([--disable-curldebug],[Disable curl debug
memory tracking]),
dnl as a request to disable curldebug.
if test "$want_debug" = "yes"; then
AC_MSG_RESULT([(assumed) yes])
+ AC_DEFINE(CURLDEBUG, 1, [to enable curl debug memory tracking])
else
AC_MSG_RESULT([no])
fi
@@ -130,6 +131,7 @@ AC_HELP_STRING([--disable-curldebug],[Disable curl debug
memory tracking]),
dnl --disable-curldebug had been given setting shell variable
dnl want_curldebug to 'no'.
want_curldebug="yes"
+ AC_DEFINE(CURLDEBUG, 1, [to enable curl debug memory tracking])
AC_MSG_RESULT([yes])
;;
esac
@@ -164,6 +166,7 @@ AC_HELP_STRING([--disable-debug],[Disable debug build
options]),
*)
dnl --enable-debug option used
want_debug="yes"
+ AC_DEFINE(DEBUGBUILD, 1, [enable debug build options])
;;
esac
AC_MSG_RESULT([$want_debug])
diff --git a/m4/curl-functions.m4 b/m4/curl-functions.m4
index dde7fe2ea..1bbde9ed5 100644
--- a/m4/curl-functions.m4
+++ b/m4/curl-functions.m4
@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+# Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -7008,3 +7008,19 @@ AC_DEFUN([CURL_CHECK_FUNC_WRITEV], [
curl_cv_func_writev="no"
fi
])
+
+dnl CURL_RUN_IFELSE
+dnl -------------------------------------------------
+dnl Wrapper macro to use instead of AC_RUN_IFELSE. It
+dnl sets LD_LIBRARY_PATH locally for this run only, from the
+dnl CURL_LIBRARY_PATH variable. It keeps the LD_LIBRARY_PATH
+dnl changes contained within this macro.
+
+AC_DEFUN([CURL_RUN_IFELSE], [
+ AC_REQUIRE([AC_RUN_IFELSE])dnl
+
+ old=$LD_LIBRARY_PATH
+ LD_LIBRARY_PATH=$CURL_LIBRARY_PATH
+ AC_RUN_IFELSE([AC_LANG_SOURCE([$1])], $2, $3, $4)
+ LD_LIBRARY_PATH=$old # restore
+])
diff --git a/packages/DOS/README b/packages/DOS/README
index c2ab9b9aa..5278f2c13 100644
--- a/packages/DOS/README
+++ b/packages/DOS/README
@@ -4,7 +4,7 @@ Watt-32 stack.
'make djgpp' in the root curl dir should build it fine.
Note 1: djgpp 2.04 beta has a sscanf() bug so the URL parsing isn't
- done proberly. Use djgpp 2.03 until they fix it.
+ done properly. Use djgpp 2.03 until they fix it.
Note 2: Compile Watt-32 (and OpenSSL) with the same version of djgpp.
Otherwise things go wrong because things like FS-extensions and
diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in
index a21ee9bba..b2ff6d6fb 100644
--- a/packages/OS400/curl.inc.in
+++ b/packages/OS400/curl.inc.in
@@ -1330,6 +1330,10 @@
d c 20272
d CURLOPT_RESOLVER_START_DATA...
d c 10273
+ d CURLOPT_HAPROXYPROTOCOL...
+ d c 00274
+ d CURLOPT_DNS_SHUFFLE_ADDRESSES...
+ d c 00275
*
/if not defined(CURL_NO_OLDIES)
d CURLOPT_FILE c 10001
diff --git a/packages/OS400/os400sys.c b/packages/OS400/os400sys.c
index 8ae635e43..c80f01080 100644
--- a/packages/OS400/os400sys.c
+++ b/packages/OS400/os400sys.c
@@ -140,11 +140,12 @@ get_buffer(buffer_t * buf, long size)
return buf->buf;
if(!buf->buf) {
- if((buf->buf = malloc(size)))
+ buf->buf = malloc(size);
+ if(buf->buf)
buf->size = size;
return buf->buf;
- }
+ }
if((unsigned long) size <= buf->size) {
/* Shorten the buffer only if it frees a significant byte count. This
@@ -152,14 +153,15 @@ get_buffer(buffer_t * buf, long size)
if(buf->size - size < MIN_BYTE_GAIN)
return buf->buf;
- }
+ }
/* Resize the buffer. */
- if((cp = realloc(buf->buf, size))) {
+ cp = realloc(buf->buf, size);
+ if(cp) {
buf->buf = cp;
buf->size = size;
- }
+ }
else if(size <= buf->size)
cp = buf->buf;
@@ -193,14 +195,15 @@ buffer_threaded(localkey_t key, long size)
/* Allocate buffer descriptors for the current thread. */
- if(!(bufs = calloc((size_t) LK_LAST, sizeof *bufs)))
+ bufs = calloc((size_t) LK_LAST, sizeof *bufs);
+ if(!bufs)
return (char *) NULL;
if(pthread_setspecific(thdkey, (void *) bufs)) {
free(bufs);
return (char *) NULL;
- }
}
+ }
return get_buffer(bufs + key, size);
}
@@ -273,15 +276,19 @@ Curl_getnameinfo_a(const struct sockaddr * sa,
curl_socklen_t salen,
enodename = (char *) NULL;
eservname = (char *) NULL;
- if(nodename && nodenamelen)
- if(!(enodename = malloc(nodenamelen)))
+ if(nodename && nodenamelen) {
+ enodename = malloc(nodenamelen);
+ if(!enodename)
return EAI_MEMORY;
+ }
- if(servname && servnamelen)
- if(!(eservname = malloc(servnamelen))) {
+ if(servname && servnamelen) {
+ eservname = malloc(servnamelen);
+ if(!eservname) {
free(enodename);
return EAI_MEMORY;
- }
+ }
+ }
status = getnameinfo(sa, salen, enodename, nodenamelen,
eservname, servnamelen, flags);
@@ -323,24 +330,26 @@ Curl_getaddrinfo_a(const char * nodename, const char *
servname,
if(nodename) {
i = strlen(nodename);
- if(!(enodename = malloc(i + 1)))
+ enodename = malloc(i + 1);
+ if(!enodename)
return EAI_MEMORY;
i = QadrtConvertA2E(enodename, nodename, i, i);
enodename[i] = '\0';
- }
+ }
if(servname) {
i = strlen(servname);
- if(!(eservname = malloc(i + 1))) {
+ eservname = malloc(i + 1);
+ if(!eservname) {
free(enodename);
return EAI_MEMORY;
- }
+ }
QadrtConvertA2E(eservname, servname, i, i);
eservname[i] = '\0';
- }
+ }
status = getaddrinfo(enodename, eservname, hints, res);
free(enodename);
@@ -385,10 +394,12 @@ Curl_gsk_environment_open(gsk_handle * my_env_handle)
if(!my_env_handle)
return GSK_OS400_ERROR_INVALID_POINTER;
- if(!(p = (struct Curl_gsk_descriptor *) malloc(sizeof *p)))
+ p = (struct Curl_gsk_descriptor *) malloc(sizeof *p);
+ if(!p)
return GSK_INSUFFICIENT_STORAGE;
p->strlist = (struct gskstrlist *) NULL;
- if((rc = gsk_environment_open(&p->h)) != GSK_OK)
+ rc = gsk_environment_open(&p->h);
+ if(rc != GSK_OK)
free(p);
else
*my_env_handle = (gsk_handle) p;
@@ -410,10 +421,12 @@ Curl_gsk_secure_soc_open(gsk_handle my_env_handle,
if(!my_session_handle)
return GSK_OS400_ERROR_INVALID_POINTER;
h = ((struct Curl_gsk_descriptor *) my_env_handle)->h;
- if(!(p = (struct Curl_gsk_descriptor *) malloc(sizeof *p)))
+ p = (struct Curl_gsk_descriptor *) malloc(sizeof *p);
+ if(!p)
return GSK_INSUFFICIENT_STORAGE;
p->strlist = (struct gskstrlist *) NULL;
- if((rc = gsk_secure_soc_open(h, &p->h)) != GSK_OK)
+ rc = gsk_secure_soc_open(h, &p->h);
+ if(rc != GSK_OK)
free(p);
else
*my_session_handle = (gsk_handle) p;
@@ -448,7 +461,8 @@ Curl_gsk_environment_close(gsk_handle * my_env_handle)
if(!*my_env_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) *my_env_handle;
- if((rc = gsk_environment_close(&p->h)) == GSK_OK) {
+ rc = gsk_environment_close(&p->h);
+ if(rc == GSK_OK) {
gsk_free_handle(p);
*my_env_handle = (gsk_handle) NULL;
}
@@ -468,7 +482,8 @@ Curl_gsk_secure_soc_close(gsk_handle * my_session_handle)
if(!*my_session_handle)
return GSK_INVALID_HANDLE;
p = (struct Curl_gsk_descriptor *) *my_session_handle;
- if((rc = gsk_secure_soc_close(&p->h)) == GSK_OK) {
+ rc = gsk_secure_soc_close(&p->h);
+ if(rc == GSK_OK) {
gsk_free_handle(p);
*my_session_handle = (gsk_handle) NULL;
}
@@ -520,8 +535,9 @@ Curl_gsk_attribute_set_buffer_a(gsk_handle my_gsk_handle,
GSK_BUF_ID bufID,
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
if(!bufSize)
bufSize = strlen(buffer);
- if(!(ebcdicbuf = malloc(bufSize + 1)))
- return GSK_INSUFFICIENT_STORAGE;
+ ebcdicbuf = malloc(bufSize + 1);
+ if(!ebcdicbuf)
+ return GSK_INSUFFICIENT_STORAGE;
QadrtConvertA2E(ebcdicbuf, buffer, bufSize, bufSize);
ebcdicbuf[bufSize] = '\0';
rc = gsk_attribute_set_buffer(p->h, bufID, ebcdicbuf, bufSize);
@@ -586,9 +602,11 @@ cachestring(struct Curl_gsk_descriptor * p,
if(sp->ebcdicstr == ebcdicbuf)
break;
if(!sp) {
- if(!(sp = (struct gskstrlist *) malloc(sizeof *sp)))
+ sp = (struct gskstrlist *) malloc(sizeof *sp);
+ if(!sp)
return GSK_INSUFFICIENT_STORAGE;
- if(!(asciibuf = malloc(bufsize + 1))) {
+ asciibuf = malloc(bufsize + 1);
+ if(!asciibuf) {
free(sp);
return GSK_INSUFFICIENT_STORAGE;
}
@@ -619,9 +637,11 @@ Curl_gsk_attribute_get_buffer_a(gsk_handle my_gsk_handle,
GSK_BUF_ID bufID,
if(!buffer || !bufSize)
return GSK_OS400_ERROR_INVALID_POINTER;
p = (struct Curl_gsk_descriptor *) my_gsk_handle;
- if((rc = gsk_attribute_get_buffer(p->h, bufID, &mybuf, &mylen)) != GSK_OK)
+ rc = gsk_attribute_get_buffer(p->h, bufID, &mybuf, &mylen);
+ if(rc != GSK_OK)
return rc;
- if((rc = cachestring(p, mybuf, mylen, buffer)) == GSK_OK)
+ rc = cachestring(p, mybuf, mylen, buffer);
+ if(rc == GSK_OK)
*bufSize = mylen;
return rc;
}
@@ -756,19 +776,20 @@ Curl_gss_convert_in_place(OM_uint32 * minor_status,
gss_buffer_t buf)
i = buf->length;
if(i) {
- if(!(t = malloc(i))) {
+ t = malloc(i);
+ if(!t) {
gss_release_buffer(minor_status, buf);
if(minor_status)
*minor_status = ENOMEM;
return -1;
- }
+ }
QadrtConvertE2A(t, buf->value, i, i);
memcpy(buf->value, t, i);
free(t);
- }
+ }
return 0;
}
@@ -789,12 +810,13 @@ Curl_gss_import_name_a(OM_uint32 * minor_status,
gss_buffer_t in_name,
memcpy((char *) &in, (char *) in_name, sizeof in);
i = in.length;
- if(!(in.value = malloc(i + 1))) {
+ in.value = malloc(i + 1);
+ if(!in.value) {
if(minor_status)
*minor_status = ENOMEM;
return GSS_S_FAILURE;
- }
+ }
QadrtConvertA2E(in.value, in_name->value, i, i);
((char *) in.value)[i] = '\0';
@@ -849,23 +871,26 @@ Curl_gss_init_sec_context_a(OM_uint32 * minor_status,
gss_buffer_t inp;
in.value = NULL;
+ inp = input_token;
- if((inp = input_token))
+ if(inp) {
if(inp->length && inp->value) {
i = inp->length;
- if(!(in.value = malloc(i + 1))) {
+ in.value = malloc(i + 1);
+ if(!in.value) {
if(minor_status)
*minor_status = ENOMEM;
return GSS_S_FAILURE;
- }
+ }
QadrtConvertA2E(in.value, input_token->value, i, i);
((char *) in.value)[i] = '\0';
in.length = i;
inp = ∈
- }
+ }
+ }
rc = gss_init_sec_context(minor_status, cred_handle, context_handle,
target_name, mech_type, req_flags, time_req,
@@ -932,7 +957,8 @@ Curl_ldap_init_a(char * host, int port)
i = strlen(host);
- if(!(ehost = malloc(i + 1)))
+ ehost = malloc(i + 1);
+ if(!ehost)
return (void *) NULL;
QadrtConvertA2E(ehost, host, i, i);
@@ -957,24 +983,26 @@ Curl_ldap_simple_bind_s_a(void * ld, char * dn, char *
passwd)
if(dn) {
i = strlen(dn);
- if(!(edn = malloc(i + 1)))
+ edn = malloc(i + 1);
+ if(!edn)
return LDAP_NO_MEMORY;
QadrtConvertA2E(edn, dn, i, i);
edn[i] = '\0';
- }
+ }
if(passwd) {
i = strlen(passwd);
- if(!(epasswd = malloc(i + 1))) {
+ epasswd = malloc(i + 1);
+ if(!epasswd) {
free(edn);
return LDAP_NO_MEMORY;
- }
+ }
QadrtConvertA2E(epasswd, passwd, i, i);
epasswd[i] = '\0';
- }
+ }
i = ldap_simple_bind_s(ld, edn, epasswd);
free(epasswd);
@@ -1003,39 +1031,43 @@ Curl_ldap_search_s_a(void * ld, char * base, int scope,
char * filter,
if(base) {
i = strlen(base);
- if(!(ebase = malloc(i + 1)))
+ ebase = malloc(i + 1);
+ if(!ebase)
status = LDAP_NO_MEMORY;
else {
QadrtConvertA2E(ebase, base, i, i);
ebase[i] = '\0';
- }
}
+ }
if(filter && status == LDAP_SUCCESS) {
i = strlen(filter);
- if(!(efilter = malloc(i + 1)))
+ efilter = malloc(i + 1);
+ if(!efilter)
status = LDAP_NO_MEMORY;
else {
QadrtConvertA2E(efilter, filter, i, i);
efilter[i] = '\0';
- }
}
+ }
if(attrs && status == LDAP_SUCCESS) {
for(i = 0; attrs[i++];)
;
- if(!(eattrs = calloc(i, sizeof *eattrs)))
+ eattrs = calloc(i, sizeof *eattrs);
+ if(!eattrs)
status = LDAP_NO_MEMORY;
else {
for(j = 0; attrs[j]; j++) {
i = strlen(attrs[j]);
- if(!(eattrs[j] = malloc(i + 1))) {
+ eattrs[j] = malloc(i + 1);
+ if(!eattrs[j]) {
status = LDAP_NO_MEMORY;
break;
- }
+ }
QadrtConvertA2E(eattrs[j], attrs[j], i, i);
eattrs[j][i] = '\0';
@@ -1073,15 +1105,16 @@ Curl_ldap_get_values_len_a(void * ld, LDAPMessage *
entry, const char * attr)
if(attr) {
int i = strlen(attr);
- if(!(cp = malloc(i + 1))) {
+ cp = malloc(i + 1);
+ if(!cp) {
ldap_set_lderrno(ld, LDAP_NO_MEMORY, NULL,
ldap_err2string(LDAP_NO_MEMORY));
return (struct berval * *) NULL;
- }
+ }
QadrtConvertA2E(cp, attr, i, i);
cp[i] = '\0';
- }
+ }
result = ldap_get_values_len(ld, entry, cp);
free(cp);
@@ -1116,7 +1149,8 @@ Curl_ldap_get_dn_a(void * ld, LDAPMessage * entry)
i = strlen(cp);
- if(!(cp2 = malloc(i + 1)))
+ cp2 = malloc(i + 1);
+ if(!cp2)
return cp2;
QadrtConvertE2A(cp2, cp, i, i);
@@ -1148,7 +1182,8 @@ Curl_ldap_first_attribute_a(void * ld,
i = strlen(cp);
- if(!(cp2 = malloc(i + 1)))
+ cp2 = malloc(i + 1);
+ if(!cp2)
return cp2;
QadrtConvertE2A(cp2, cp, i, i);
@@ -1180,7 +1215,8 @@ Curl_ldap_next_attribute_a(void * ld,
i = strlen(cp);
- if(!(cp2 = malloc(i + 1)))
+ cp2 = malloc(i + 1);
+ if(!cp2)
return cp2;
QadrtConvertE2A(cp2, cp, i, i);
diff --git a/projects/build-openssl.bat b/projects/build-openssl.bat
index 21709b76b..d337b219c 100644
--- a/projects/build-openssl.bat
+++ b/projects/build-openssl.bat
@@ -82,11 +82,11 @@ rem
***************************************************************************
set VC_VER=14.0
set VC_DESC=VC14
set "VC_PATH=Microsoft Visual Studio 14.0\VC"
- ) else if /i "%~1" == "vc15" (
- set VC_VER=15.0
- set VC_DESC=VC15
+ ) else if /i "%~1" == "vc14.1" (
+ set VC_VER=14.1
+ set VC_DESC=VC14.1
- rem Determine the VC15 path based on the installed edition in decending
+ rem Determine the VC14.1 path based on the installed edition in descending
rem order (Enterprise, then Professional and finally Community)
if exist "%PF%\Microsoft Visual Studio\2017\Enterprise\VC" (
set "VC_PATH=Microsoft Visual Studio\2017\Enterprise\VC"
@@ -109,6 +109,24 @@ rem
***************************************************************************
goto syntax
) else if /i "%~1" == "-help" (
goto syntax
+ ) else if /i "%~1" == "-VSpath" (
+ if "%~2" == "" (
+ echo.
+ echo Error. Please provide VS Path.
+ goto error
+ ) else (
+ set "ABS_VC_PATH=%~2\VC"
+ shift
+ )
+ ) else if /i "%~1" == "-perlpath" (
+ if "%~2" == "" (
+ echo.
+ echo Error. Please provide Perl root Path.
+ goto error
+ ) else (
+ set "PERL_PATH=%~2"
+ shift
+ )
) else (
if not defined START_DIR (
set START_DIR=%~1%
@@ -126,25 +144,37 @@ rem
***************************************************************************
rem Default the start directory if one isn't specified
if not defined START_DIR set START_DIR=..\..\openssl
- rem Check we have a program files directory
- if not defined PF goto nopf
-
+ if not defined ABS_VC_PATH (
+ rem Check we have a program files directory
+ if not defined PF goto nopf
+ set "ABS_VC_PATH=%PF%\%VC_PATH%"
+ )
+
rem Check we have Visual Studio installed
- if not exist "%PF%\%VC_PATH%" goto novc
-
- rem Check we have Perl in our path
- echo %PATH% | findstr /I /C:"\Perl" 1>nul
- if errorlevel 1 (
- rem It isn't so check we have it installed and set the path if it is
- if exist "%SystemDrive%\Perl" (
- set "PATH=%SystemDrive%\Perl\bin;%PATH%"
- ) else (
- if exist "%SystemDrive%\Perl64" (
- set "PATH=%SystemDrive%\Perl64\bin;%PATH%"
- ) else (
- goto noperl
- )
- )
+ if not exist "%ABS_VC_PATH%" goto novc
+
+
+ if not defined PERL_PATH (
+ rem Check we have Perl in our path
+ rem using !! below as %% was having \Microsoft was unexecpted error.
+ echo !PATH! | findstr /I /C:"\Perl" 1>nul
+ if errorlevel 1 (
+ rem It isn't so check we have it installed and set the path if
it is
+ if exist "%SystemDrive%\Perl" (
+ set "PATH=%SystemDrive%\Perl\bin;%PATH%"
+ ) else (
+ if exist "%SystemDrive%\Perl64" (
+ set "PATH=%SystemDrive%\Perl64\bin;%PATH%"
+ ) else (
+
+
+
+ goto noperl
+ )
+ )
+ )
+ ) else (
+ set "PATH=%PERL_PATH%\Perl\bin;%PATH%"
)
rem Check the start directory exists
@@ -178,7 +208,7 @@ rem
***************************************************************************
if "%VC_VER%" == "11.0" set VCVARS_PLATFORM=amd64
if "%VC_VER%" == "12.0" set VCVARS_PLATFORM=amd64
if "%VC_VER%" == "14.0" set VCVARS_PLATFORM=amd64
- if "%VC_VER%" == "15.0" set VCVARS_PLATFORM=amd64
+ if "%VC_VER%" == "14.1" set VCVARS_PLATFORM=amd64
)
:start
@@ -186,20 +216,20 @@ rem
***************************************************************************
set SAVED_PATH=%CD%
if "%VC_VER%" == "6.0" (
- call "%PF%\%VC_PATH%\bin\vcvars32"
+ call "%ABS_VC_PATH%\bin\vcvars32"
) else if "%VC_VER%" == "7.0" (
- call "%PF%\%VC_PATH%\bin\vcvars32"
+ call "%ABS_VC_PATH%\bin\vcvars32"
) else if "%VC_VER%" == "7.1" (
- call "%PF%\%VC_PATH%\bin\vcvars32"
- ) else if "%VC_VER%" == "15.0" (
- call "%PF%\%VC_PATH%\Auxiliary\Build\vcvarsall" %VCVARS_PLATFORM%
+ call "%ABS_VC_PATH%\bin\vcvars32"
+ ) else if "%VC_VER%" == "14.1" (
+ call "%ABS_VC_PATH%\Auxiliary\Build\vcvarsall" %VCVARS_PLATFORM%
) else (
- call "%PF%\%VC_PATH%\vcvarsall" %VCVARS_PLATFORM%
+ call "%ABS_VC_PATH%\vcvarsall" %VCVARS_PLATFORM%
)
echo.
- cd %SAVED_PATH%
- cd %START_DIR%
+ cd /d %SAVED_PATH%
+ if defined START_DIR cd /d %START_DIR%
goto %BUILD_PLATFORM%
:x64
@@ -351,7 +381,7 @@ rem
***************************************************************************
:syntax
rem Display the help
echo.
- echo Usage: build-openssl ^<compiler^> [platform] [configuration] [directory]
+ echo Usage: build-openssl ^<compiler^> [platform] [configuration]
[directory] [-VSpath] ["VSpath"] [-perlpath] ["perlpath"]
echo.
echo Compiler:
echo.
@@ -364,7 +394,7 @@ rem
***************************************************************************
echo vc11 - Use Visual Studio 2012
echo vc12 - Use Visual Studio 2013
echo vc14 - Use Visual Studio 2015
- echo vc15 - Use Visual Studio 2017
+ echo vc14.1 - Use Visual Studio 2017
echo.
echo Platform:
echo.
@@ -379,6 +409,14 @@ rem
***************************************************************************
echo Other:
echo.
echo directory - Specifies the OpenSSL source directory
+ echo.
+ echo -VSpath - Specify the custom VS path if Visual Studio is installed at
other location
+ echo then "C:/<ProgramFiles>/Microsoft Visual Studio[version]
+ echo For e.g. -VSpath "C:\apps\MVS14"
+ echo.
+ echo -perlpath - Specify the custom perl root path if perl is not located at
"C:\Perl" and it is a
+ echo portable copy of perl and not installed on the win system
+ echo For e.g. -perlpath
"D:\strawberry-perl-5.24.3.1-64bit-portable"
goto error
:unknown
@@ -399,11 +437,15 @@ rem
***************************************************************************
:novc
echo.
echo Error: %VC_DESC% is not installed
+ echo Error: Please check whether Visual compiler is installed at the path
"%ABS_VC_PATH%"
+ echo Error: Please provide proper VS Path by using -VSpath
goto error
:noperl
echo.
echo Error: Perl is not installed
+ echo Error: Please check whether Perl is installed or it is at location
"C:\Perl"
+ echo Error: If Perl is portable please provide perl root path by using
-perlpath
goto error
:nox64
@@ -429,6 +471,6 @@ rem
***************************************************************************
exit /B 1
:success
- cd %SAVED_PATH%
+ cd /d %SAVED_PATH%
endlocal
exit /B 0
diff --git a/projects/build-wolfssl.bat b/projects/build-wolfssl.bat
index e5cf1536a..9a7d67b79 100644
--- a/projects/build-wolfssl.bat
+++ b/projects/build-wolfssl.bat
@@ -68,12 +68,12 @@ rem
***************************************************************************
set VC_DESC=VC14
set VC_TOOLSET=v140
set "VC_PATH=Microsoft Visual Studio 14.0\VC"
- ) else if /i "%~1" == "vc15" (
- set VC_VER=15.0
- set VC_DESC=VC15
+ ) else if /i "%~1" == "vc14.1" (
+ set VC_VER=14.1
+ set VC_DESC=VC14.1
set VC_TOOLSET=v141
- rem Determine the VC15 path based on the installed edition in decending
+ rem Determine the VC14.1 path based on the installed edition in descending
rem order (Enterprise, then Professional and finally Community)
if exist "%PF%\Microsoft Visual Studio\2017\Enterprise\VC" (
set "VC_PATH=Microsoft Visual Studio\2017\Enterprise\VC"
@@ -81,7 +81,7 @@ rem
***************************************************************************
set "VC_PATH=Microsoft Visual Studio\2017\Professional\VC"
) else (
set "VC_PATH=Microsoft Visual Studio\2017\Community\VC"
- )
+ )
) else if /i "%~1" == "x86" (
set BUILD_PLATFORM=x86
) else if /i "%~1" == "x64" (
@@ -132,22 +132,22 @@ rem
***************************************************************************
if "%VC_VER%" == "11.0" set VCVARS_PLATFORM=amd64
if "%VC_VER%" == "12.0" set VCVARS_PLATFORM=amd64
if "%VC_VER%" == "14.0" set VCVARS_PLATFORM=amd64
- if "%VC_VER%" == "15.0" set VCVARS_PLATFORM=amd64
+ if "%VC_VER%" == "14.1" set VCVARS_PLATFORM=amd64
)
:start
echo.
set SAVED_PATH=%CD%
- if "%VC_VER%" == "15.0" (
+ if "%VC_VER%" == "14.1" (
call "%PF%\%VC_PATH%\Auxiliary\Build\vcvarsall" %VCVARS_PLATFORM%
) else (
call "%PF%\%VC_PATH%\vcvarsall" %VCVARS_PLATFORM%
)
echo.
- cd %SAVED_PATH%
- cd %START_DIR%
+ cd /d %SAVED_PATH%
+ if defined START_DIR cd /d %START_DIR%
goto %BUILD_PLATFORM%
:x64
@@ -307,7 +307,7 @@ rem
***************************************************************************
echo vc11 - Use Visual Studio 2012
echo vc12 - Use Visual Studio 2013
echo vc14 - Use Visual Studio 2015
- echo vc15 - Use Visual Studio 2017
+ echo vc14.1 - Use Visual Studio 2017
echo.
echo Platform:
echo.
@@ -369,6 +369,6 @@ rem
***************************************************************************
echo %SUCCESSFUL_BUILDS%
echo.
)
- cd %SAVED_PATH%
+ cd /d %SAVED_PATH%
endlocal
exit /B 0
diff --git a/scripts/contributors.sh b/scripts/contributors.sh
index db7aab8e0..d37c1199e 100755
--- a/scripts/contributors.sh
+++ b/scripts/contributors.sh
@@ -6,7 +6,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 2013-2017, Daniel Stenberg, <address@hidden>, et al.
+# Copyright (C) 2013-2018, Daniel Stenberg, <address@hidden>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -50,6 +50,7 @@ cut -d: -f2- | \
cut '-d(' -f1 | \
cut '-d<' -f1 | \
tr , '\012' | \
+sed 's/ at github/ on github/' | \
sed 's/ and /\n/' | \
sed -e 's/^ //' -e 's/ $//g' -e 's/@users.noreply.github.com$/ on github/'
diff --git a/src/tool_cb_dbg.c b/src/tool_cb_dbg.c
index aa1ef857c..16bfb4208 100644
--- a/src/tool_cb_dbg.c
+++ b/src/tool_cb_dbg.c
@@ -146,7 +146,7 @@ int tool_debug_cb(CURL *handle, curl_infotype type,
if(!config->isatty || ((output != stderr) && (output != stdout))) {
if(!newl)
fprintf(output, "%s%s ", timebuf, s_infotype[type]);
- fprintf(output, "[%zd bytes data]\n", size);
+ fprintf(output, "[%zu bytes data]\n", size);
newl = FALSE;
traced_data = TRUE;
}
@@ -229,7 +229,7 @@ static void dump(const char *timebuf, const char *text,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stream, "%s%s, %zd bytes (0x%zx)\n", timebuf, text, size, size);
+ fprintf(stream, "%s%s, %zu bytes (0x%zx)\n", timebuf, text, size, size);
for(i = 0; i < size; i += width) {
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 743ce725d..9abaa9d39 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -252,6 +252,7 @@ struct OperationConfig {
bool ssh_compression; /* enable/disable SSH compression */
long happy_eyeballs_timeout_ms; /* happy eyeballs timeout in milliseconds.
0 is valid. default: CURL_HET_DEFAULT. */
+ bool haproxy_protocol; /* whether to send HAProxy PROXY protocol */
struct GlobalConfig *global;
struct OperationConfig *prev;
struct OperationConfig *next; /* Always last in the struct */
diff --git a/src/tool_doswin.c b/src/tool_doswin.c
index 91299986a..c3a8826ff 100644
--- a/src/tool_doswin.c
+++ b/src/tool_doswin.c
@@ -638,12 +638,19 @@ char **__crt0_glob_function(char *arg)
*/
CURLcode FindWin32CACert(struct OperationConfig *config,
+ curl_sslbackend backend,
const char *bundle_file)
{
CURLcode result = CURLE_OK;
- /* search and set cert file only if libcurl supports SSL */
- if(curlinfo->features & CURL_VERSION_SSL) {
+ /* Search and set cert file only if libcurl supports SSL.
+ *
+ * If Schannel (WinSSL) is the selected SSL backend then these locations
+ * are ignored. We allow setting CA location for schannel only when
+ * explicitly specified by the user via CURLOPT_CAINFO / --cacert.
+ */
+ if((curlinfo->features & CURL_VERSION_SSL) &&
+ backend != CURLSSLBACKEND_SCHANNEL) {
DWORD res_len;
char buf[PATH_MAX];
diff --git a/src/tool_doswin.h b/src/tool_doswin.h
index f649ef023..289281f4f 100644
--- a/src/tool_doswin.h
+++ b/src/tool_doswin.h
@@ -58,6 +58,7 @@ char **__crt0_glob_function(char *arg);
#ifdef WIN32
CURLcode FindWin32CACert(struct OperationConfig *config,
+ curl_sslbackend backend,
const char *bundle_file);
#endif /* WIN32 */
diff --git a/src/tool_formparse.c b/src/tool_formparse.c
index 719e3413f..5313b3441 100644
--- a/src/tool_formparse.c
+++ b/src/tool_formparse.c
@@ -451,11 +451,10 @@ static CURLcode file_or_stdin(curl_mimepart *part, const
char *file)
if(strcmp(file, "-"))
return curl_mime_filedata(part, file);
- sip = (standard_input *) malloc(sizeof *sip);
+ sip = (standard_input *) calloc(1, sizeof *sip);
if(!sip)
return CURLE_OUT_OF_MEMORY;
- memset((char *) sip, 0, sizeof *sip);
set_binmode(stdin);
/* If stdin is a regular file, do not buffer data but read it when needed. */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 7ce9c28c7..19454c84a 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -112,6 +112,7 @@ static const struct LongShort aliases[]= {
{"*x", "krb", ARG_STRING},
{"*x", "krb4", ARG_STRING},
/* 'krb4' is the previous name */
+ {"*X", "haproxy-protocol", ARG_BOOL},
{"*y", "max-filesize", ARG_STRING},
{"*z", "disable-eprt", ARG_BOOL},
{"*Z", "eprt", ARG_BOOL},
@@ -779,6 +780,9 @@ ParameterError getparameter(const char *flag, /* f or
-long-flag */
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
+ case 'X': /* --haproxy-protocol */
+ config->haproxy_protocol = toggle;
+ break;
case 'y': /* --max-filesize */
{
curl_off_t value;
diff --git a/src/tool_help.c b/src/tool_help.c
index 9796b7e87..6f5ad08d4 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -164,6 +164,8 @@ static const struct helptxt helptext[] = {
"How long to wait in milliseconds for IPv6 before trying IPv4"},
{"-I, --head",
"Show document info only"},
+ {" --haproxy-protocol",
+ "Send HAProxy PROXY protocol header"},
{"-H, --header <header/@file>",
"Pass custom header(s) to server"},
{"-h, --help",
@@ -226,7 +228,7 @@ static const struct helptxt helptext[] = {
"Maximum file size to download"},
{" --max-redirs <num>",
"Maximum number of redirects allowed"},
- {"-m, --max-time <time>",
+ {"-m, --max-time <seconds>",
"Maximum time allowed for the transfer"},
{" --metalink",
"Process given URLs as metalink XML file"},
diff --git a/src/tool_metalink.c b/src/tool_metalink.c
index bbbfc2a65..03f159745 100644
--- a/src/tool_metalink.c
+++ b/src/tool_metalink.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -243,7 +243,7 @@ static int nss_hash_init(void **pctx, SECOidTag hash_alg)
{
PK11Context *ctx;
- /* we have to initialize NSS if not initialized alraedy */
+ /* we have to initialize NSS if not initialized already */
if(!NSS_IsInitialized() && !nss_context) {
static NSSInitParameters params;
params.length = sizeof params;
@@ -461,6 +461,11 @@ static void SHA256_Final(unsigned char digest[32],
SHA256_CTX *ctx)
#endif /* CRYPTO LIBS */
+/* Disable this picky gcc-8 compiler warning */
+#if defined(__GNUC__) && (__GNUC__ >= 8)
+#pragma GCC diagnostic ignored "-Wcast-function-type"
+#endif
+
const digest_params MD5_DIGEST_PARAMS[] = {
{
(Curl_digest_init_func) MD5_Init,
diff --git a/src/tool_operate.c b/src/tool_operate.c
index e8b434a53..626c30888 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -228,52 +228,76 @@ static CURLcode operate_do(struct GlobalConfig *global,
if(!config->cacert &&
!config->capath &&
!config->insecure_ok) {
- char *env;
- env = curlx_getenv("CURL_CA_BUNDLE");
- if(env) {
- config->cacert = strdup(env);
- if(!config->cacert) {
- curl_free(env);
- helpf(global->errors, "out of memory\n");
- result = CURLE_OUT_OF_MEMORY;
- goto quit_curl;
- }
+ struct curl_tlssessioninfo *tls_backend_info = NULL;
+
+ /* With the addition of CAINFO support for Schannel, this search could find
+ * a certificate bundle that was previously ignored. To maintain backward
+ * compatibility, only perform this search if not using Schannel.
+ */
+ result = curl_easy_getinfo(config->easy,
+ CURLINFO_TLS_SSL_PTR,
+ &tls_backend_info);
+ if(result) {
+ goto quit_curl;
}
- else {
- env = curlx_getenv("SSL_CERT_DIR");
+
+ /* Set the CA cert locations specified in the environment. For Windows if
+ * no environment-specified filename is found then check for CA bundle
+ * default filename curl-ca-bundle.crt in the user's PATH.
+ *
+ * If Schannel (WinSSL) is the selected SSL backend then these locations
+ * are ignored. We allow setting CA location for schannel only when
+ * explicitly specified by the user via CURLOPT_CAINFO / --cacert.
+ */
+ if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) {
+ char *env;
+ env = curlx_getenv("CURL_CA_BUNDLE");
if(env) {
- config->capath = strdup(env);
- if(!config->capath) {
+ config->cacert = strdup(env);
+ if(!config->cacert) {
curl_free(env);
helpf(global->errors, "out of memory\n");
result = CURLE_OUT_OF_MEMORY;
goto quit_curl;
}
- capath_from_env = true;
}
else {
- env = curlx_getenv("SSL_CERT_FILE");
+ env = curlx_getenv("SSL_CERT_DIR");
if(env) {
- config->cacert = strdup(env);
- if(!config->cacert) {
+ config->capath = strdup(env);
+ if(!config->capath) {
curl_free(env);
helpf(global->errors, "out of memory\n");
result = CURLE_OUT_OF_MEMORY;
goto quit_curl;
}
+ capath_from_env = true;
+ }
+ else {
+ env = curlx_getenv("SSL_CERT_FILE");
+ if(env) {
+ config->cacert = strdup(env);
+ if(!config->cacert) {
+ curl_free(env);
+ helpf(global->errors, "out of memory\n");
+ result = CURLE_OUT_OF_MEMORY;
+ goto quit_curl;
+ }
+ }
}
}
- }
- if(env)
- curl_free(env);
+ if(env)
+ curl_free(env);
#ifdef WIN32
- else {
- result = FindWin32CACert(config, "curl-ca-bundle.crt");
- if(result)
- goto quit_curl;
- }
+ else {
+ result = FindWin32CACert(config, tls_backend_info->backend,
+ "curl-ca-bundle.crt");
+ if(result)
+ goto quit_curl;
+ }
#endif
+ }
}
if(config->postfields) {
@@ -432,8 +456,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
the number of resources as urlnum. */
urlnum = count_next_metalink_resource(mlfile);
}
- else
- if(!config->globoff) {
+ else if(!config->globoff) {
/* Unless explicitly shut off, we expand '{...}' and '[...]'
expressions and return total number of URLs in pattern set */
result = glob_url(&urls, urlnode->url, &urlnum,
@@ -1445,6 +1468,10 @@ static CURLcode operate_do(struct GlobalConfig *global,
my_setopt(curl, CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS,
config->happy_eyeballs_timeout_ms);
+ /* new in 7.60.0 */
+ if(config->haproxy_protocol)
+ my_setopt(curl, CURLOPT_HAPROXYPROTOCOL, 1L);
+
/* initialize retry vars for loop below */
retry_sleep_default = (config->retry_delay) ?
config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */
@@ -1566,9 +1593,13 @@ static CURLcode operate_do(struct GlobalConfig *global,
}
} /* if CURLE_OK */
else if(result) {
+ long protocol;
+
curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response);
+ curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol);
- if(response/100 == 4)
+ if((protocol == CURLPROTO_FTP || protocol == CURLPROTO_FTPS) &&
+ response / 100 == 4)
/*
* This is typically when the FTP server only allows a certain
* amount of users and we are not one of them. All 4xx codes
@@ -1826,8 +1857,7 @@ static CURLcode operate_do(struct GlobalConfig *global,
*/
break;
}
- else
- if(urlnum > 1) {
+ else if(urlnum > 1) {
/* when url globbing, exit loop upon critical error */
if(is_fatal_error(result))
break;
@@ -1973,7 +2003,7 @@ CURLcode operate(struct GlobalConfig *config, int argc,
argv_item_t argv[])
size_t count = 0;
struct OperationConfig *operation = config->first;
- /* Get the required aguments for each operation */
+ /* Get the required arguments for each operation */
while(!result && operation) {
result = get_args(operation, count++);
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index f78d058cd..6fae23620 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -579,7 +579,7 @@ CURLcode glob_next_url(char **globbed, URLGlob *glob)
}
break;
case UPTNumRange:
- snprintf(buf, buflen, "%0*ld",
+ snprintf(buf, buflen, "%0*lu",
pat->content.NumRange.padlength,
pat->content.NumRange.ptr_n);
len = strlen(buf);
diff --git a/tests/FILEFORMAT b/tests/FILEFORMAT
index 5426f333f..d584ac163 100644
--- a/tests/FILEFORMAT
+++ b/tests/FILEFORMAT
@@ -231,6 +231,7 @@ ipv6
Kerberos
large_file
libz
+manual
Metalink
NSS
NTLM
@@ -293,8 +294,8 @@ command is run. They are cleared again after the command
has been run.
Variables are first substituted as in the <command> section.
</setenv>
-<command [option="no-output/no-include"] [timeout="secs"] [delay="secs"]
- [type="perl"]>
+<command [option="no-output/no-include/force-output"] [timeout="secs"]
+ [delay="secs"][type="perl"]>
command line to run, there's a bunch of %variables that get replaced
accordingly.
@@ -317,6 +318,9 @@ Set option="no-output" to prevent the test script to slap
on the --output
argument that directs the output to a file. The --output is also not added if
the verify/stdout section is used.
+Set option="force-output" to make use of --output even when the test is
+otherwise written to verify stdout.
+
Set option="no-include" to prevent the test script to slap on the --include
argument.
diff --git a/tests/certs/Makefile.am b/tests/certs/Makefile.am
index 7e7f1fa3d..6a1c22aa6 100644
--- a/tests/certs/Makefile.am
+++ b/tests/certs/Makefile.am
@@ -62,7 +62,25 @@ GENERATEDCERTS = \
Server-localhost0h-sv.key \
Server-localhost0h-sv.pem \
Server-localhost0h-sv.pub.der \
- Server-localhost0h-sv.pub.pem
+ Server-localhost0h-sv.pub.pem \
+ Server-localhost-firstSAN-sv.crl \
+ Server-localhost-firstSAN-sv.crt \
+ Server-localhost-firstSAN-sv.csr \
+ Server-localhost-firstSAN-sv.der \
+ Server-localhost-firstSAN-sv.dhp \
+ Server-localhost-firstSAN-sv.key \
+ Server-localhost-firstSAN-sv.pem \
+ Server-localhost-firstSAN-sv.pub.der \
+ Server-localhost-firstSAN-sv.pub.pem \
+ Server-localhost-lastSAN-sv.crl \
+ Server-localhost-lastSAN-sv.crt \
+ Server-localhost-lastSAN-sv.csr \
+ Server-localhost-lastSAN-sv.der \
+ Server-localhost-lastSAN-sv.dhp \
+ Server-localhost-lastSAN-sv.key \
+ Server-localhost-lastSAN-sv.pem \
+ Server-localhost-lastSAN-sv.pub.der \
+ Server-localhost-lastSAN-sv.pub.pem
SRPFILES = \
srp-verifier-conf \
@@ -76,7 +94,8 @@ clean-certs:
cd $(srcdir); rm -f $(GENERATEDCERTS)
build-certs: $(srcdir)/EdelCurlRoot-ca.cacert
$(srcdir)/Server-localhost-sv.pem \
- $(srcdir)/Server-localhost.nn-sv.pem $(srcdir)/Server-localhost0h-sv.pem
+ $(srcdir)/Server-localhost.nn-sv.pem
$(srcdir)/Server-localhost0h-sv.pem \
+ $(srcdir)/Server-localhost-firstSAN-sv.pem
$(srcdir)/Server-localhost-lastSAN-sv.pem
$(srcdir)/EdelCurlRoot-ca.cacert:
cd $(srcdir); scripts/genroot.sh EdelCurlRoot
@@ -89,3 +108,9 @@ $(srcdir)/Server-localhost.nn-sv.pem:
$(srcdir)/EdelCurlRoot-ca.cacert
$(srcdir)/Server-localhost0h-sv.pem: $(srcdir)/EdelCurlRoot-ca.cacert
cd $(srcdir); scripts/genserv.sh Server-localhost0h EdelCurlRoot
+
+$(srcdir)/Server-localhost-firstSAN-sv.pem: $(srcdir)/EdelCurlRoot-ca.cacert
+ cd $(srcdir); scripts/genserv.sh Server-localhost-firstSAN EdelCurlRoot
+
+$(srcdir)/Server-localhost-lastSAN-sv.pem: $(srcdir)/EdelCurlRoot-ca.cacert
+ cd $(srcdir); scripts/genserv.sh Server-localhost-firstSAN EdelCurlRoot
diff --git a/tests/certs/Server-localhost-firstSAN-sv.crl
b/tests/certs/Server-localhost-firstSAN-sv.crl
new file mode 100644
index 000000000..af0be0d39
--- /dev/null
+++ b/tests/certs/Server-localhost-firstSAN-sv.crl
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB9TCB3gIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE
+CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG
+A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTE2MDgzMDE4MzIx
+NVoXDTE2MDkyOTE4MzIxNVowMjAXAgYNZJ8o86IXDTE2MDgzMDE4MzAxNVowFwIG
+DWSfO0UqFw0xNjA4MzAxODMyMTVaoA4wDDAKBgNVHRQEAwIBATANBgkqhkiG9w0B
+AQUFAAOCAQEAOUlXQDrOURgODds6feyO+87oPHkgTveOiTm8CtSVHObxwkPkHTIg
+pivd7iXccgEc8CstcGF9Pk5KLVJrXXxEKgGr69NZNGtHa8xXlYSIh+Vre0Pni3Px
+sUAMcsnvGt+cYw/5s/2Wy9u5UVzfJwdxjkxMMp9X648AqeSop229541zGV47M4ox
+h0wh2Mj/w/CFUKw0ijVgVWff5DhKXVaLPCXdh7hhgXcsYUZ4W3G/iOL/jd+Ji88o
+OmZvoP+MOco6or13rz178bGB1mS626z7EU/HNgP8sn25TyQwwopr9uW6H7VvRMaI
+6uwWvihKgoGCRVSVwYEfX+oOLadfJqdHdg==
+-----END X509 CRL-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.crt
b/tests/certs/Server-localhost-firstSAN-sv.crt
new file mode 100644
index 000000000..5e37ef0e2
--- /dev/null
+++ b/tests/certs/Server-localhost-firstSAN-sv.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14725819352362 (0xd649f3b452a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = Northern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 30 18:32:15 2016 GMT
+ Not After : Nov 16 18:32:15 2024 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = localhost.nn
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c5:87:2e:fb:f5:88:8a:39:4c:62:88:9f:fb:4a:
+ 02:1c:27:92:9d:0b:65:a2:70:1f:d1:b7:de:c8:1d:
+ 87:28:4b:9c:4b:cc:f6:f6:7c:83:1f:2d:76:be:41:
+ 29:5e:31:fa:23:0c:2d:7d:cb:38:c2:8b:54:8f:fc:
+ 6a:50:6d:c7:d7:af:72:fb:3b:a1:a7:4d:c4:1b:d2:
+ 0d:75:7c:92:62:97:48:c4:e8:12:c0:00:33:66:0e:
+ 28:17:0f:5c:36:d6:50:70:ec:c8:9f:a2:ae:b9:eb:
+ eb:19:05:f0:53:83:42:2a:ae:40:1f:fa:fb:7a:b7:
+ 86:4c:ab:6b:28:0b:2f:7f:81
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost, DNS:localhost1, DNS:localhost2
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 2C:4D:DD:54:88:59:3F:A4:34:9C:E3:56:FF:95:0F:E2:CE:51:20:95
+ X509v3 Authority Key Identifier:
+
keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 77:cd:d2:17:91:a6:4b:70:de:79:6a:20:82:a3:56:a3:d0:6a:
+ ba:f7:7d:6f:00:69:d2:06:06:0b:da:cd:49:9d:36:fd:d0:cc:
+ bd:8a:dc:e1:d6:89:c9:23:02:8a:19:2d:14:ca:c6:06:87:66:
+ c7:f4:32:37:95:0d:f1:a7:1c:a1:fe:43:4f:3b:03:03:e2:1a:
+ c6:fc:91:d5:0d:a0:7e:82:60:14:31:2f:6d:b8:f4:57:98:8d:
+ 04:74:a3:82:28:6d:1c:b4:de:1a:70:bd:fe:73:ac:b7:96:ec:
+ 7c:9b:6d:64:c6:f8:67:39:c7:ea:f4:aa:48:26:b8:14:85:f0:
+ 00:ab:8f:bd:1a:95:e2:a7:63:92:35:1e:37:04:c2:70:2c:1c:
+ 56:95:b1:83:70:8c:99:88:1c:8a:6f:7a:a2:0d:84:dd:4f:0e:
+ 3e:8b:fb:31:cf:ae:ee:b0:e4:f6:c1:8d:d1:98:a9:8d:17:1f:
+ 5d:5a:79:e8:7c:97:ab:40:bc:aa:7e:c4:0b:19:30:ad:18:aa:
+ 9c:9b:eb:3f:35:d3:86:9c:3a:cc:e6:9a:2c:47:d1:bb:36:6e:
+ f2:c5:d4:e3:0c:5b:c6:eb:30:e6:0d:3a:4b:3a:a3:6b:62:93:
+ 8b:6a:59:1f:48:66:2e:d9:70:14:b6:aa:4f:d1:3b:38:5e:e6:
+ 79:7f:b7:00
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIGDWSfO0UqMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
+Fw0xNjA4MzAxODMyMTVaFw0yNDExMTYxODMyMTVaMFcxCzAJBgNVBAYTAk5OMTEw
+LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
+MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAMWHLvv1iIo5TGKIn/tKAhwnkp0LZaJwH9G33sgdhyhLnEvM9vZ8gx8tdr5B
+KV4x+iMMLX3LOMKLVI/8alBtx9evcvs7oadNxBvSDXV8kmKXSMToEsAAM2YOKBcP
+XDbWUHDsyJ+irrnr6xkF8FODQiquQB/6+3q3hkyraygLL3+BAgMBAAGjgZ4wgZsw
+LAYDVR0RBCUwI4IJbG9jYWxob3N0ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3QyMAsG
+A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULE3dVIhZ
+P6Q0nONW/5UP4s5RIJUwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAd83SF5GmS3DeeWoggqNWo9Bq
+uvd9bwBp0gYGC9rNSZ02/dDMvYrc4daJySMCihktFMrGBodmx/QyN5UN8accof5D
+TzsDA+IaxvyR1Q2gfoJgFDEvbbj0V5iNBHSjgihtHLTeGnC9/nOst5bsfJttZMb4
+ZznH6vSqSCa4FIXwAKuPvRqV4qdjkjUeNwTCcCwcVpWxg3CMmYgcim96og2E3U8O
+Pov7Mc+u7rDk9sGN0ZipjRcfXVp56HyXq0C8qn7ECxkwrRiqnJvrPzXThpw6zOaa
+LEfRuzZu8sXU4wxbxusw5g06Szqja2KTi2pZH0hmLtlwFLaqT9E7OF7meX+3AA==
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.csr
b/tests/certs/Server-localhost-firstSAN-sv.csr
new file mode 100644
index 000000000..729034e47
--- /dev/null
+++ b/tests/certs/Server-localhost-firstSAN-sv.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
+cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z
+dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxYcu+/WIijlMYoif+0oC
+HCeSnQtlonAf0bfeyB2HKEucS8z29nyDHy12vkEpXjH6Iwwtfcs4wotUj/xqUG3H
+169y+zuhp03EG9INdXySYpdIxOgSwAAzZg4oFw9cNtZQcOzIn6KuuevrGQXwU4NC
+Kq5AH/r7ereGTKtrKAsvf4ECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBADlhAYRy
+2heMP/fGllGXW/uAEm2q6ubWhqgd3/5d+06LjTIs57qT/nwbr79e1PxholGWM+Zb
+/NGKZ4geZK0mJT/gnaJCyUsrjdp2KIEw9zmBoZyypJd/5Fhe1tzX0xwG40+3np9K
+orpp7wcILLeMho8+I4mNEzOJHidxy/9uia5U
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.der
b/tests/certs/Server-localhost-firstSAN-sv.der
new file mode 100644
index 000000000..c878bfb1d
Binary files /dev/null and b/tests/certs/Server-localhost-firstSAN-sv.der differ
diff --git a/tests/certs/Server-localhost-sv.dhp
b/tests/certs/Server-localhost-firstSAN-sv.dhp
similarity index 100%
copy from tests/certs/Server-localhost-sv.dhp
copy to tests/certs/Server-localhost-firstSAN-sv.dhp
diff --git a/tests/certs/Server-localhost-firstSAN-sv.key
b/tests/certs/Server-localhost-firstSAN-sv.key
new file mode 100644
index 000000000..490326634
--- /dev/null
+++ b/tests/certs/Server-localhost-firstSAN-sv.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDFhy779YiKOUxiiJ/7SgIcJ5KdC2WicB/Rt97IHYcoS5xLzPb2
+fIMfLXa+QSleMfojDC19yzjCi1SP/GpQbcfXr3L7O6GnTcQb0g11fJJil0jE6BLA
+ADNmDigXD1w21lBw7Mifoq656+sZBfBTg0IqrkAf+vt6t4ZMq2soCy9/gQIDAQAB
+AoGAUjKXErJyR1LgvoAsUt3RUvYExOVhPd963kKtqojfHZ2ZRNHeU2QtDGRW7YUg
+OdqCRONkatyOmiZw4hogA6graJKiqKLvM/F4qRoLsxH9T/cSOIl9QjZVkUd1HV/Z
+iJluibPTewVyfoYzkq48GN+QIi//msYKBjI5Q2Yybn4WrgECQQDk/mDp4sAvuLXL
+NxaQKuDZA5TxU2u8GTItFqOoHneVFSJLE4O3kr7wh47O817mnljZfskZwVXBYx6R
+VbXsy8ZJAkEA3NLRFh8cR03CN+eYPi33JrUVRSrn8eAB5MNOaOdO4mT0pTAzfVfe
+g6rMDnK2n7WZzwf6YmvRVyppW2/kQjyPeQJAXoa3ILTuWoSn3owN71MT3+E/oWKr
+LUlFUiFvSx3QhSTlNBKJI8UatpVumPUTbqVczeMtRkltidfNrXaxE1+GqQJAW9WU
+vMVtZj3xUnyPNPS6vy85zE0ertmBEBklJ71icgaYM4aLM0pysIE8YZnVVzAX6iCg
+QYQjSEPMEwnCfMVgyQJAcWnk6HPLbJmUt+ZGGAcqzfycR6jMKFnm4st2Ld6JuDT2
+h2lb40Uma9gO+aXLIf+K9prCxb+7nR1M3qLwV4krkQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost-firstSAN-sv.pem
b/tests/certs/Server-localhost-firstSAN-sv.pem
new file mode 100644
index 000000000..2b5ada518
--- /dev/null
+++ b/tests/certs/Server-localhost-firstSAN-sv.pem
@@ -0,0 +1,120 @@
+extensions = x509v3
+[ x509v3 ]
+subjectAltName = DNS:localhost,DNS:localhost1,DNS:localhost2
+keyUsage = keyEncipherment,digitalSignature,keyAgreement
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost.nn
+
+[something]
+# The key
+# the certificate
+# some dhparam
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDFhy779YiKOUxiiJ/7SgIcJ5KdC2WicB/Rt97IHYcoS5xLzPb2
+fIMfLXa+QSleMfojDC19yzjCi1SP/GpQbcfXr3L7O6GnTcQb0g11fJJil0jE6BLA
+ADNmDigXD1w21lBw7Mifoq656+sZBfBTg0IqrkAf+vt6t4ZMq2soCy9/gQIDAQAB
+AoGAUjKXErJyR1LgvoAsUt3RUvYExOVhPd963kKtqojfHZ2ZRNHeU2QtDGRW7YUg
+OdqCRONkatyOmiZw4hogA6graJKiqKLvM/F4qRoLsxH9T/cSOIl9QjZVkUd1HV/Z
+iJluibPTewVyfoYzkq48GN+QIi//msYKBjI5Q2Yybn4WrgECQQDk/mDp4sAvuLXL
+NxaQKuDZA5TxU2u8GTItFqOoHneVFSJLE4O3kr7wh47O817mnljZfskZwVXBYx6R
+VbXsy8ZJAkEA3NLRFh8cR03CN+eYPi33JrUVRSrn8eAB5MNOaOdO4mT0pTAzfVfe
+g6rMDnK2n7WZzwf6YmvRVyppW2/kQjyPeQJAXoa3ILTuWoSn3owN71MT3+E/oWKr
+LUlFUiFvSx3QhSTlNBKJI8UatpVumPUTbqVczeMtRkltidfNrXaxE1+GqQJAW9WU
+vMVtZj3xUnyPNPS6vy85zE0ertmBEBklJ71icgaYM4aLM0pysIE8YZnVVzAX6iCg
+QYQjSEPMEwnCfMVgyQJAcWnk6HPLbJmUt+ZGGAcqzfycR6jMKFnm4st2Ld6JuDT2
+h2lb40Uma9gO+aXLIf+K9prCxb+7nR1M3qLwV4krkQ==
+-----END RSA PRIVATE KEY-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14725819352362 (0xd649f3b452a)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = Northern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 30 18:32:15 2016 GMT
+ Not After : Nov 16 18:32:15 2024 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = localhost.nn
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c5:87:2e:fb:f5:88:8a:39:4c:62:88:9f:fb:4a:
+ 02:1c:27:92:9d:0b:65:a2:70:1f:d1:b7:de:c8:1d:
+ 87:28:4b:9c:4b:cc:f6:f6:7c:83:1f:2d:76:be:41:
+ 29:5e:31:fa:23:0c:2d:7d:cb:38:c2:8b:54:8f:fc:
+ 6a:50:6d:c7:d7:af:72:fb:3b:a1:a7:4d:c4:1b:d2:
+ 0d:75:7c:92:62:97:48:c4:e8:12:c0:00:33:66:0e:
+ 28:17:0f:5c:36:d6:50:70:ec:c8:9f:a2:ae:b9:eb:
+ eb:19:05:f0:53:83:42:2a:ae:40:1f:fa:fb:7a:b7:
+ 86:4c:ab:6b:28:0b:2f:7f:81
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost, DNS:localhost1, DNS:localhost2
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 2C:4D:DD:54:88:59:3F:A4:34:9C:E3:56:FF:95:0F:E2:CE:51:20:95
+ X509v3 Authority Key Identifier:
+
keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 77:cd:d2:17:91:a6:4b:70:de:79:6a:20:82:a3:56:a3:d0:6a:
+ ba:f7:7d:6f:00:69:d2:06:06:0b:da:cd:49:9d:36:fd:d0:cc:
+ bd:8a:dc:e1:d6:89:c9:23:02:8a:19:2d:14:ca:c6:06:87:66:
+ c7:f4:32:37:95:0d:f1:a7:1c:a1:fe:43:4f:3b:03:03:e2:1a:
+ c6:fc:91:d5:0d:a0:7e:82:60:14:31:2f:6d:b8:f4:57:98:8d:
+ 04:74:a3:82:28:6d:1c:b4:de:1a:70:bd:fe:73:ac:b7:96:ec:
+ 7c:9b:6d:64:c6:f8:67:39:c7:ea:f4:aa:48:26:b8:14:85:f0:
+ 00:ab:8f:bd:1a:95:e2:a7:63:92:35:1e:37:04:c2:70:2c:1c:
+ 56:95:b1:83:70:8c:99:88:1c:8a:6f:7a:a2:0d:84:dd:4f:0e:
+ 3e:8b:fb:31:cf:ae:ee:b0:e4:f6:c1:8d:d1:98:a9:8d:17:1f:
+ 5d:5a:79:e8:7c:97:ab:40:bc:aa:7e:c4:0b:19:30:ad:18:aa:
+ 9c:9b:eb:3f:35:d3:86:9c:3a:cc:e6:9a:2c:47:d1:bb:36:6e:
+ f2:c5:d4:e3:0c:5b:c6:eb:30:e6:0d:3a:4b:3a:a3:6b:62:93:
+ 8b:6a:59:1f:48:66:2e:d9:70:14:b6:aa:4f:d1:3b:38:5e:e6:
+ 79:7f:b7:00
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIGDWSfO0UqMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
+Fw0xNjA4MzAxODMyMTVaFw0yNDExMTYxODMyMTVaMFcxCzAJBgNVBAYTAk5OMTEw
+LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
+MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAMWHLvv1iIo5TGKIn/tKAhwnkp0LZaJwH9G33sgdhyhLnEvM9vZ8gx8tdr5B
+KV4x+iMMLX3LOMKLVI/8alBtx9evcvs7oadNxBvSDXV8kmKXSMToEsAAM2YOKBcP
+XDbWUHDsyJ+irrnr6xkF8FODQiquQB/6+3q3hkyraygLL3+BAgMBAAGjgZ4wgZsw
+LAYDVR0RBCUwI4IJbG9jYWxob3N0ggpsb2NhbGhvc3Qxggpsb2NhbGhvc3QyMAsG
+A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULE3dVIhZ
+P6Q0nONW/5UP4s5RIJUwHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAd83SF5GmS3DeeWoggqNWo9Bq
+uvd9bwBp0gYGC9rNSZ02/dDMvYrc4daJySMCihktFMrGBodmx/QyN5UN8accof5D
+TzsDA+IaxvyR1Q2gfoJgFDEvbbj0V5iNBHSjgihtHLTeGnC9/nOst5bsfJttZMb4
+ZznH6vSqSCa4FIXwAKuPvRqV4qdjkjUeNwTCcCwcVpWxg3CMmYgcim96og2E3U8O
+Pov7Mc+u7rDk9sGN0ZipjRcfXVp56HyXq0C8qn7ECxkwrRiqnJvrPzXThpw6zOaa
+LEfRuzZu8sXU4wxbxusw5g06Szqja2KTi2pZH0hmLtlwFLaqT9E7OF7meX+3AA==
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-sv.prm
b/tests/certs/Server-localhost-firstSAN-sv.prm
similarity index 86%
copy from tests/certs/Server-localhost-sv.prm
copy to tests/certs/Server-localhost-firstSAN-sv.prm
index 50ccfd858..f299a3cbf 100644
--- a/tests/certs/Server-localhost-sv.prm
+++ b/tests/certs/Server-localhost-firstSAN-sv.prm
@@ -1,6 +1,6 @@
extensions = x509v3
[ x509v3 ]
-subjectAltName = DNS:localhost
+subjectAltName = DNS:localhost,DNS:localhost1,DNS:localhost2
keyUsage = keyEncipherment,digitalSignature,keyAgreement
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
@@ -17,7 +17,7 @@ countryName_value = NN
organizationName = "Organization Name"
organizationName_value = Edel Curl Arctic Illudium Research Cloud
commonName = "Common Name"
-commonName_value = localhost
+commonName_value = localhost.nn
[something]
# The key
diff --git a/tests/certs/Server-localhost-firstSAN-sv.pub.der
b/tests/certs/Server-localhost-firstSAN-sv.pub.der
new file mode 100644
index 000000000..fb1b486a6
Binary files /dev/null and b/tests/certs/Server-localhost-firstSAN-sv.pub.der
differ
diff --git a/tests/certs/Server-localhost-firstSAN-sv.pub.pem
b/tests/certs/Server-localhost-firstSAN-sv.pub.pem
new file mode 100644
index 000000000..ef1459476
--- /dev/null
+++ b/tests/certs/Server-localhost-firstSAN-sv.pub.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFhy779YiKOUxiiJ/7SgIcJ5Kd
+C2WicB/Rt97IHYcoS5xLzPb2fIMfLXa+QSleMfojDC19yzjCi1SP/GpQbcfXr3L7
+O6GnTcQb0g11fJJil0jE6BLAADNmDigXD1w21lBw7Mifoq656+sZBfBTg0IqrkAf
++vt6t4ZMq2soCy9/gQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.crl
b/tests/certs/Server-localhost-lastSAN-sv.crl
new file mode 100644
index 000000000..486bf926a
--- /dev/null
+++ b/tests/certs/Server-localhost-lastSAN-sv.crl
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICDjCB9wIBATANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJOTjExMC8GA1UE
+CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDEmMCQG
+A1UEAwwdTm9ydGhlcm4gTm93aGVyZSBUcnVzdCBBbmNob3IXDTE2MDgzMDE4MzI1
+N1oXDTE2MDkyOTE4MzI1N1owSzAXAgYNZJ8o86IXDTE2MDgzMDE4MzAxNVowFwIG
+DWSfO0UqFw0xNjA4MzAxODMyMTVaMBcCBg1kn0GuixcNMTYwODMwMTgzMjU3WqAO
+MAwwCgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAE0v3zGBeKKuODAUugh7
+l6bJi7Cs0CDhuBJ8wCpwL5XRGwWhYChJtEXWFUKLBhMarIPYKEv3f3rd8gtFII/8
+wmnxoTL6eXZNL+FpHkZJ+blsHi73G7xzpB6kdFHIxI4tixwiUCe85u6WIRWkIEBs
+kyPPAgbnosF37umQfEaBrweVy+EztrYw8jgd0oDBybQp25p7Noa0N4uDoDInuOgP
+A7Q1Zf0ndWjrlEQtjMAUdA6blGKlb8BjMPtX50mbXuXctLeICns8TVUSQSiKU+oR
+1QTgbkl+AfdaFlfNAum4a42bCLyeBQ/O31NydZbCE8o2q9PqPepAkL9dXhMLiK/a
+tjA=
+-----END X509 CRL-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.crt
b/tests/certs/Server-localhost-lastSAN-sv.crt
new file mode 100644
index 000000000..a6d8ae9c2
--- /dev/null
+++ b/tests/certs/Server-localhost-lastSAN-sv.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14725819772555 (0xd649f41ae8b)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = Northern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 30 18:32:57 2016 GMT
+ Not After : Nov 16 18:32:57 2024 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = localhost.nn
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:a3:2a:75:d7:bf:75:41:40:be:42:b8:b9:00:28:
+ f1:45:29:55:bc:36:ca:a6:b7:86:93:97:25:84:aa:
+ c9:80:ac:41:d9:28:fb:b0:68:4b:5b:ee:bd:94:83:
+ da:2b:f6:cc:cc:11:df:fb:48:e6:e9:d5:97:41:7f:
+ 9a:0d:b7:87:96:12:22:41:2a:7f:95:8a:14:d6:6c:
+ 4b:34:df:18:29:01:0d:b2:3c:4d:c8:c4:5e:87:fa:
+ 9f:aa:ee:a4:73:e9:bb:74:57:85:24:2a:51:e4:43:
+ 5c:4b:97:51:52:b9:82:6e:9c:ce:ae:0f:91:45:25:
+ f9:b4:24:66:8e:47:1f:d7:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost1, DNS:localhost2, DNS:localhost
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 2C:CF:E3:6E:08:F9:CE:9B:98:3B:B3:17:7F:0C:9D:E4:5B:1B:76:8A
+ X509v3 Authority Key Identifier:
+
keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 2e:3d:c1:a2:a7:e4:70:f8:a8:13:86:c3:af:22:1f:e9:e1:62:
+ f4:cf:16:66:a8:3b:70:f6:12:30:be:fe:8e:44:1b:71:b5:c1:
+ e0:4b:66:c4:5d:d4:d7:7d:49:43:4a:6d:22:1b:ce:3d:e3:14:
+ 14:b3:6d:3a:93:39:0c:9b:2c:83:35:1d:7e:7c:29:29:3c:51:
+ 6b:27:c3:5b:2d:f2:61:18:f8:c7:90:be:3b:68:3f:08:9b:ac:
+ 68:01:d2:0c:ec:aa:5d:9e:78:b7:8b:84:04:01:b2:08:ef:df:
+ 0c:f2:29:99:fe:61:d1:65:80:aa:ef:df:8e:28:55:a6:f9:88:
+ 0c:01:bb:fc:1c:9e:9c:08:8d:c5:34:24:91:c1:ac:71:22:e1:
+ 12:78:e0:45:d5:e2:39:c4:3c:16:09:80:d0:5b:bc:49:0a:4c:
+ a3:5b:e1:36:40:ed:26:6d:8d:a0:d3:4a:3c:86:93:2f:d4:0a:
+ 3c:72:08:62:d7:66:d0:b3:05:c2:0f:1d:af:3c:65:67:f2:6c:
+ 76:a5:9c:37:ac:c4:ac:96:b7:e4:c0:ef:a4:5b:28:1e:16:09:
+ 15:f6:7b:bb:5d:a2:94:9a:df:52:7b:ae:c9:39:f4:18:9e:84:
+ 57:6c:d3:6d:ae:35:38:8f:8f:9b:0d:df:77:69:ae:25:ec:ce:
+ d0:2b:bd:8d
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIGDWSfQa6LMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
+Fw0xNjA4MzAxODMyNTdaFw0yNDExMTYxODMyNTdaMFcxCzAJBgNVBAYTAk5OMTEw
+LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
+MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKMqdde/dUFAvkK4uQAo8UUpVbw2yqa3hpOXJYSqyYCsQdko+7BoS1vuvZSD
+2iv2zMwR3/tI5unVl0F/mg23h5YSIkEqf5WKFNZsSzTfGCkBDbI8TcjEXof6n6ru
+pHPpu3RXhSQqUeRDXEuXUVK5gm6czq4PkUUl+bQkZo5HH9fVAgMBAAGjgZ4wgZsw
+LAYDVR0RBCUwI4IKbG9jYWxob3N0MYIKbG9jYWxob3N0MoIJbG9jYWxob3N0MAsG
+A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULM/jbgj5
+zpuYO7MXfwyd5FsbdoowHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEALj3BoqfkcPioE4bDryIf6eFi
+9M8WZqg7cPYSML7+jkQbcbXB4EtmxF3U131JQ0ptIhvOPeMUFLNtOpM5DJssgzUd
+fnwpKTxRayfDWy3yYRj4x5C+O2g/CJusaAHSDOyqXZ54t4uEBAGyCO/fDPIpmf5h
+0WWAqu/fjihVpvmIDAG7/ByenAiNxTQkkcGscSLhEnjgRdXiOcQ8FgmA0Fu8SQpM
+o1vhNkDtJm2NoNNKPIaTL9QKPHIIYtdm0LMFwg8drzxlZ/JsdqWcN6zErJa35MDv
+pFsoHhYJFfZ7u12ilJrfUnuuyTn0GJ6EV2zTba41OI+Pmw3fd2muJezO0Cu9jQ==
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.csr
b/tests/certs/Server-localhost-lastSAN-sv.csr
new file mode 100644
index 000000000..bf6355540
--- /dev/null
+++ b/tests/certs/Server-localhost-lastSAN-sv.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBlzCCAQACAQAwVzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB
+cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxFTATBgNVBAMMDGxvY2FsaG9z
+dC5ubjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoyp11791QUC+Qri5ACjx
+RSlVvDbKpreGk5clhKrJgKxB2Sj7sGhLW+69lIPaK/bMzBHf+0jm6dWXQX+aDbeH
+lhIiQSp/lYoU1mxLNN8YKQENsjxNyMReh/qfqu6kc+m7dFeFJCpR5ENcS5dRUrmC
+bpzOrg+RRSX5tCRmjkcf19UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBACoIAlf0
+hSnZJOBBt7FS7iXlNRyKZAD881jhHFux+Gxq3gtbJsP57c+ALZ3MswjjUXW0Iq11
+IZLeZQGCAHYp4/GuTHbaq0qo1LjgpTqgQfwEB3BqNGs6yJiST+3risgawFbfqEDY
+LCm7rs/yyaOdMjwdwrUMciSv5KtlXZ1VThyt
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.der
b/tests/certs/Server-localhost-lastSAN-sv.der
new file mode 100644
index 000000000..5ffa9ce38
Binary files /dev/null and b/tests/certs/Server-localhost-lastSAN-sv.der differ
diff --git a/tests/certs/Server-localhost-sv.dhp
b/tests/certs/Server-localhost-lastSAN-sv.dhp
similarity index 100%
copy from tests/certs/Server-localhost-sv.dhp
copy to tests/certs/Server-localhost-lastSAN-sv.dhp
diff --git a/tests/certs/Server-localhost-lastSAN-sv.key
b/tests/certs/Server-localhost-lastSAN-sv.key
new file mode 100644
index 000000000..824ee6fec
--- /dev/null
+++ b/tests/certs/Server-localhost-lastSAN-sv.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCjKnXXv3VBQL5CuLkAKPFFKVW8Nsqmt4aTlyWEqsmArEHZKPuw
+aEtb7r2Ug9or9szMEd/7SObp1ZdBf5oNt4eWEiJBKn+VihTWbEs03xgpAQ2yPE3I
+xF6H+p+q7qRz6bt0V4UkKlHkQ1xLl1FSuYJunM6uD5FFJfm0JGaORx/X1QIDAQAB
+AoGAaC2QGDSSNRuVXxx6YnPBuJrvtsB1G4VKU6nJtq8lARb65CCassOkegow2UZm
+YnOtxw4SqGqfpOVPMe66+c8Yrd+6zimC7VorxmfhNxqOO34bxzztKKk8Q7c+odl3
++c4aVnFBk2hzuOW4PuJoFfFNQZWmh/XJdKK85X+bkryS/oECQQDTdzwYyDxvrPaw
+ZeR5oDleopk5W5QwmBAq4ehtie1oZfhzlNZzPOjnI9I71MRYdCwkesKHL2k6q7cT
+jA4sSmx5AkEAxYc6+o8l0/HE8HzypWe/ZfozaY3ccIFzmvcwQorbCvAxDtZ1DbFy
+VWLOgM/6gwDIUDF6ckaInaVmiVJl60Y3PQJAZFBOuO7cBJoHWDytuqiwLl1x1EzG
+KpsoKD+MU9I3RewBhUrYxEfjsCpFA8716YQKoK9/ckOiZouoyGQLISWY+QJAG5id
+AMxm+Ilafk62h61K7DBcZm7PUViEki3erC1CFPEhqXUEvXkBBDTdrNlholPFqI6B
+EN4R0BR/ksfUPV598QJAF8jl/8gz8pmAWmqw8tKbWdQeDgisyTHeYlPMxq4fUbLH
+mJk05csSX9CTg4eO7NRRwPxODKmPCd88sZZSOuTQmQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/certs/Server-localhost-lastSAN-sv.pem
b/tests/certs/Server-localhost-lastSAN-sv.pem
new file mode 100644
index 000000000..b563e0a76
--- /dev/null
+++ b/tests/certs/Server-localhost-lastSAN-sv.pem
@@ -0,0 +1,120 @@
+extensions = x509v3
+[ x509v3 ]
+subjectAltName = DNS:localhost1,DNS:localhost2,DNS:localhost
+keyUsage = keyEncipherment,digitalSignature,keyAgreement
+extendedKeyUsage = serverAuth
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid
+basicConstraints = CA:false
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+default_md = sha256
+string_mask = utf8only
+[ req_DN ]
+countryName = "Country Name is Northern Nowhere"
+countryName_value = NN
+organizationName = "Organization Name"
+organizationName_value = Edel Curl Arctic Illudium Research Cloud
+commonName = "Common Name"
+commonName_value = localhost.nn
+
+[something]
+# The key
+# the certificate
+# some dhparam
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCjKnXXv3VBQL5CuLkAKPFFKVW8Nsqmt4aTlyWEqsmArEHZKPuw
+aEtb7r2Ug9or9szMEd/7SObp1ZdBf5oNt4eWEiJBKn+VihTWbEs03xgpAQ2yPE3I
+xF6H+p+q7qRz6bt0V4UkKlHkQ1xLl1FSuYJunM6uD5FFJfm0JGaORx/X1QIDAQAB
+AoGAaC2QGDSSNRuVXxx6YnPBuJrvtsB1G4VKU6nJtq8lARb65CCassOkegow2UZm
+YnOtxw4SqGqfpOVPMe66+c8Yrd+6zimC7VorxmfhNxqOO34bxzztKKk8Q7c+odl3
++c4aVnFBk2hzuOW4PuJoFfFNQZWmh/XJdKK85X+bkryS/oECQQDTdzwYyDxvrPaw
+ZeR5oDleopk5W5QwmBAq4ehtie1oZfhzlNZzPOjnI9I71MRYdCwkesKHL2k6q7cT
+jA4sSmx5AkEAxYc6+o8l0/HE8HzypWe/ZfozaY3ccIFzmvcwQorbCvAxDtZ1DbFy
+VWLOgM/6gwDIUDF6ckaInaVmiVJl60Y3PQJAZFBOuO7cBJoHWDytuqiwLl1x1EzG
+KpsoKD+MU9I3RewBhUrYxEfjsCpFA8716YQKoK9/ckOiZouoyGQLISWY+QJAG5id
+AMxm+Ilafk62h61K7DBcZm7PUViEki3erC1CFPEhqXUEvXkBBDTdrNlholPFqI6B
+EN4R0BR/ksfUPV598QJAF8jl/8gz8pmAWmqw8tKbWdQeDgisyTHeYlPMxq4fUbLH
+mJk05csSX9CTg4eO7NRRwPxODKmPCd88sZZSOuTQmQ==
+-----END RSA PRIVATE KEY-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14725819772555 (0xd649f41ae8b)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = Northern Nowhere Trust Anchor
+ Validity
+ Not Before: Aug 30 18:32:57 2016 GMT
+ Not After : Nov 16 18:32:57 2024 GMT
+ Subject:
+ countryName = NN
+ organizationName = Edel Curl Arctic Illudium Research
Cloud
+ commonName = localhost.nn
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:a3:2a:75:d7:bf:75:41:40:be:42:b8:b9:00:28:
+ f1:45:29:55:bc:36:ca:a6:b7:86:93:97:25:84:aa:
+ c9:80:ac:41:d9:28:fb:b0:68:4b:5b:ee:bd:94:83:
+ da:2b:f6:cc:cc:11:df:fb:48:e6:e9:d5:97:41:7f:
+ 9a:0d:b7:87:96:12:22:41:2a:7f:95:8a:14:d6:6c:
+ 4b:34:df:18:29:01:0d:b2:3c:4d:c8:c4:5e:87:fa:
+ 9f:aa:ee:a4:73:e9:bb:74:57:85:24:2a:51:e4:43:
+ 5c:4b:97:51:52:b9:82:6e:9c:ce:ae:0f:91:45:25:
+ f9:b4:24:66:8e:47:1f:d7:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:localhost1, DNS:localhost2, DNS:localhost
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment, Key Agreement
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Key Identifier:
+ 2C:CF:E3:6E:08:F9:CE:9B:98:3B:B3:17:7F:0C:9D:E4:5B:1B:76:8A
+ X509v3 Authority Key Identifier:
+
keyid:12:CA:BA:4B:46:04:A7:75:8A:2C:E8:0E:54:94:BC:12:65:A6:7B:CE
+
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha1WithRSAEncryption
+ 2e:3d:c1:a2:a7:e4:70:f8:a8:13:86:c3:af:22:1f:e9:e1:62:
+ f4:cf:16:66:a8:3b:70:f6:12:30:be:fe:8e:44:1b:71:b5:c1:
+ e0:4b:66:c4:5d:d4:d7:7d:49:43:4a:6d:22:1b:ce:3d:e3:14:
+ 14:b3:6d:3a:93:39:0c:9b:2c:83:35:1d:7e:7c:29:29:3c:51:
+ 6b:27:c3:5b:2d:f2:61:18:f8:c7:90:be:3b:68:3f:08:9b:ac:
+ 68:01:d2:0c:ec:aa:5d:9e:78:b7:8b:84:04:01:b2:08:ef:df:
+ 0c:f2:29:99:fe:61:d1:65:80:aa:ef:df:8e:28:55:a6:f9:88:
+ 0c:01:bb:fc:1c:9e:9c:08:8d:c5:34:24:91:c1:ac:71:22:e1:
+ 12:78:e0:45:d5:e2:39:c4:3c:16:09:80:d0:5b:bc:49:0a:4c:
+ a3:5b:e1:36:40:ed:26:6d:8d:a0:d3:4a:3c:86:93:2f:d4:0a:
+ 3c:72:08:62:d7:66:d0:b3:05:c2:0f:1d:af:3c:65:67:f2:6c:
+ 76:a5:9c:37:ac:c4:ac:96:b7:e4:c0:ef:a4:5b:28:1e:16:09:
+ 15:f6:7b:bb:5d:a2:94:9a:df:52:7b:ae:c9:39:f4:18:9e:84:
+ 57:6c:d3:6d:ae:35:38:8f:8f:9b:0d:df:77:69:ae:25:ec:ce:
+ d0:2b:bd:8d
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIGDWSfQa6LMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNVBAYT
+Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo
+IENsb3VkMSYwJAYDVQQDDB1Ob3J0aGVybiBOb3doZXJlIFRydXN0IEFuY2hvcjAe
+Fw0xNjA4MzAxODMyNTdaFw0yNDExMTYxODMyNTdaMFcxCzAJBgNVBAYTAk5OMTEw
+LwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNoIENsb3Vk
+MRUwEwYDVQQDDAxsb2NhbGhvc3Qubm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKMqdde/dUFAvkK4uQAo8UUpVbw2yqa3hpOXJYSqyYCsQdko+7BoS1vuvZSD
+2iv2zMwR3/tI5unVl0F/mg23h5YSIkEqf5WKFNZsSzTfGCkBDbI8TcjEXof6n6ru
+pHPpu3RXhSQqUeRDXEuXUVK5gm6czq4PkUUl+bQkZo5HH9fVAgMBAAGjgZ4wgZsw
+LAYDVR0RBCUwI4IKbG9jYWxob3N0MYIKbG9jYWxob3N0MoIJbG9jYWxob3N0MAsG
+A1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQULM/jbgj5
+zpuYO7MXfwyd5FsbdoowHwYDVR0jBBgwFoAUEsq6S0YEp3WKLOgOVJS8EmWme84w
+CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEALj3BoqfkcPioE4bDryIf6eFi
+9M8WZqg7cPYSML7+jkQbcbXB4EtmxF3U131JQ0ptIhvOPeMUFLNtOpM5DJssgzUd
+fnwpKTxRayfDWy3yYRj4x5C+O2g/CJusaAHSDOyqXZ54t4uEBAGyCO/fDPIpmf5h
+0WWAqu/fjihVpvmIDAG7/ByenAiNxTQkkcGscSLhEnjgRdXiOcQ8FgmA0Fu8SQpM
+o1vhNkDtJm2NoNNKPIaTL9QKPHIIYtdm0LMFwg8drzxlZ/JsdqWcN6zErJa35MDv
+pFsoHhYJFfZ7u12ilJrfUnuuyTn0GJ6EV2zTba41OI+Pmw3fd2muJezO0Cu9jQ==
+-----END CERTIFICATE-----
diff --git a/tests/certs/Server-localhost-sv.prm
b/tests/certs/Server-localhost-lastSAN-sv.prm
similarity index 86%
copy from tests/certs/Server-localhost-sv.prm
copy to tests/certs/Server-localhost-lastSAN-sv.prm
index 50ccfd858..faefe6802 100644
--- a/tests/certs/Server-localhost-sv.prm
+++ b/tests/certs/Server-localhost-lastSAN-sv.prm
@@ -1,6 +1,6 @@
extensions = x509v3
[ x509v3 ]
-subjectAltName = DNS:localhost
+subjectAltName = DNS:localhost1,DNS:localhost2,DNS:localhost
keyUsage = keyEncipherment,digitalSignature,keyAgreement
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
@@ -17,7 +17,7 @@ countryName_value = NN
organizationName = "Organization Name"
organizationName_value = Edel Curl Arctic Illudium Research Cloud
commonName = "Common Name"
-commonName_value = localhost
+commonName_value = localhost.nn
[something]
# The key
diff --git a/tests/certs/Server-localhost-lastSAN-sv.pub.der
b/tests/certs/Server-localhost-lastSAN-sv.pub.der
new file mode 100644
index 000000000..06fe6d066
Binary files /dev/null and b/tests/certs/Server-localhost-lastSAN-sv.pub.der
differ
diff --git a/tests/certs/Server-localhost-lastSAN-sv.pub.pem
b/tests/certs/Server-localhost-lastSAN-sv.pub.pem
new file mode 100644
index 000000000..a8e2dd4c7
--- /dev/null
+++ b/tests/certs/Server-localhost-lastSAN-sv.pub.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjKnXXv3VBQL5CuLkAKPFFKVW8
+Nsqmt4aTlyWEqsmArEHZKPuwaEtb7r2Ug9or9szMEd/7SObp1ZdBf5oNt4eWEiJB
+Kn+VihTWbEs03xgpAQ2yPE3IxF6H+p+q7qRz6bt0V4UkKlHkQ1xLl1FSuYJunM6u
+D5FFJfm0JGaORx/X1QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index eaf0deb05..51e80a8e9 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -127,9 +127,9 @@ test1120 test1121 test1122 test1123 test1124 test1125
test1126 test1127 \
test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \
test1136 test1137 test1138 test1141 test1142 test1143 \
test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
-test1152 test1153 test1154 \
+test1152 test1153 test1154 test1155 \
\
-test1160 test1161 test1162 test1163 \
+test1160 test1161 test1162 test1163 test1164 \
test1170 test1171 \
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
@@ -165,7 +165,7 @@ test1424 test1425 test1426 test1427 \
test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
test1444 test1445 test1446 test1447 test1448 test1449 test1450 test1451 \
-test1452 test1453 test1454 \
+test1452 test1453 test1454 test1455 test1456 \
test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
test1516 test1517 \
@@ -177,6 +177,7 @@ test1533 test1534 test1535 test1536 test1537 test1538 \
test1540 \
test1550 test1551 test1552 test1553 test1554 test1555 test1556 \
test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 \
+test1608 \
\
test1700 test1701 test1702 \
\
@@ -194,4 +195,6 @@ test2048 test2049 test2050 test2051 test2052 test2053
test2054 test2055 \
test2056 test2057 test2058 test2059 test2060 test2061 test2062 test2063 \
test2064 test2065 test2066 test2067 test2068 test2069 \
\
-test2070 test2071 test2072 test2073
+test2070 test2071 test2072 test2073 \
+\
+test3000 test3001
diff --git a/tests/data/test1026 b/tests/data/test1026
index e47b12a0a..bd5dc9c85 100644
--- a/tests/data/test1026
+++ b/tests/data/test1026
@@ -13,6 +13,9 @@
#
# Client-side
<client>
+<features>
+manual
+</features>
<server>
none
</server>
diff --git a/tests/data/test1108 b/tests/data/test1108
index 7b779e11f..f83eb9570 100644
--- a/tests/data/test1108
+++ b/tests/data/test1108
@@ -11,7 +11,7 @@ PRET
<reply>
<servercmd>
-REPLY PRET 550 unkown command
+REPLY PRET 550 unknown command
</servercmd>
</reply>
diff --git a/tests/data/test1136 b/tests/data/test1136
index d3327e843..2030bd271 100644
--- a/tests/data/test1136
+++ b/tests/data/test1136
@@ -56,8 +56,8 @@ http://www.example.ck/1136 http://www.ck/1136
http://z-1.compute-1.amazonaws.com
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
-.www.example.ck TRUE / FALSE 0 test2 allowed2
.www.ck TRUE / FALSE 0 test4 allowed4
+.www.example.ck TRUE / FALSE 0 test2 allowed2
.z-1.compute-1.amazonaws.com TRUE / FALSE 0 test5
forbidden5
</file>
</verify>
diff --git a/tests/data/test1148 b/tests/data/test1148
index 52f6c7eb1..f483bcd53 100644
--- a/tests/data/test1148
+++ b/tests/data/test1148
@@ -37,6 +37,10 @@ progress-bar
<command>
http://%HOSTIP:%HTTPPORT/1148 -# --stderr log/stderrlog1148
</command>
+<setenv>
+LC_ALL=
+LC_NUMERIC=en_US.UTF-8
+</setenv>
</client>
#
@@ -50,8 +54,13 @@ Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
+# This allows the last 4 letters of the bar to get updated without it
+# matters. We're mostly checking the width of it anyway.
<file name="log/stderrlog1148">
-
######################################################################## 100.0%
+
bar 100.0%
</file>
+<stripfile>
+s/####################################################################..../bar/
+</stripfile>
</verify>
</testcase>
diff --git a/tests/data/test1161 b/tests/data/test1155
similarity index 71%
copy from tests/data/test1161
copy to tests/data/test1155
index 179531314..0eae2a9d4 100644
--- a/tests/data/test1161
+++ b/tests/data/test1155
@@ -14,7 +14,7 @@ cookies
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Content-Length: 0
-Set-Cookie: ckyPersistent=permanent;path=;path=/
+Set-Cookie: domain=value;secure;path=/
</data>
</reply>
@@ -25,10 +25,10 @@ Set-Cookie: ckyPersistent=permanent;path=;path=/
http
</server>
<name>
-HTTP cookie with path set twice
+HTTP cookie with parameter word as name
</name>
<command>
-http://%HOSTIP:%HTTPPORT/1161 -c log/cookies1161.txt
+http://%HOSTIP:%HTTPPORT/1155 -c log/cookies1155.txt
</command>
</client>
@@ -38,17 +38,17 @@ http://%HOSTIP:%HTTPPORT/1161 -c log/cookies1161.txt
^User-Agent:.*
</strip>
<protocol>
-GET /1161 HTTP/1.1
+GET /1155 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
-<file name="log/cookies1161.txt">
+<file name="log/cookies1155.txt">
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
-127.0.0.1 FALSE / FALSE 0 ckyPersistent permanent
+127.0.0.1 FALSE / TRUE 0 domain value
</file>
</verify>
</testcase>
diff --git a/tests/data/test1164 b/tests/data/test1164
new file mode 100644
index 000000000..061e395cc
--- /dev/null
+++ b/tests/data/test1164
@@ -0,0 +1,52 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+# perl -e 'print "swsclose" . "\0" x 200;' | base64
+# 'swsclose' is there to force server to close after send
+<data nocheck="yes" base64="yes">
+c3dzY2xvc2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP/0.9 GET and all zeroes
+ </name>
+ <command option="force-output">
+http://%HOSTIP:%HTTPPORT/1164 -w '%{size_download}\n'
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /1164 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+<stdout>
+208
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/data/test1208 b/tests/data/test1208
index 504f6c7bb..b4545b569 100644
--- a/tests/data/test1208
+++ b/tests/data/test1208
@@ -5,6 +5,7 @@ FTP
PORT
RETR
NODATACONN150
+flaky
</keywords>
</info>
# Server-side
diff --git a/tests/data/test1209 b/tests/data/test1209
index 7086829f1..76bce5fd5 100644
--- a/tests/data/test1209
+++ b/tests/data/test1209
@@ -39,7 +39,7 @@ s/^EPRT \|1\|(.*)/EPRT \|1\|/
# The protocol part does not include QUIT simply because the error is
# CURLE_OPERATION_TIMEDOUT (28) which is a generic timeout error without
-# specificly saying for which connection it concerns, and for timeouts libcurl
+# specifically saying for which connection it concerns, and for timeouts
libcurl
# marks the control channel as "invalid". As this test case times out for the
# data connection it could still use the control channel.
<protocol>
diff --git a/tests/data/test1322 b/tests/data/test1455
similarity index 69%
copy from tests/data/test1322
copy to tests/data/test1455
index bf10a8d0b..7768a1f89 100644
--- a/tests/data/test1322
+++ b/tests/data/test1455
@@ -3,15 +3,13 @@
<keywords>
HTTP
HTTP GET
---resolve
-trailing dot
</keywords>
</info>
#
# Server-side
-<reply>
-<data>
+<reply name="1455">
+<data nocheck=yes>
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
@@ -21,7 +19,7 @@ Accept-Ranges: bytes
Content-Length: 6
Connection: close
Content-Type: text/html
-Funny-head: yesyes
+Funny-head: barkbark
-foo-
</data>
@@ -34,10 +32,10 @@ Funny-head: yesyes
http
</server>
<name>
-HTTP with --resolve and hostname with trailing dot
+HTTP GET when PROXY Protocol enabled
</name>
<command>
---resolve example.com:%HTTPPORT:%HOSTIP http://example.com.:%HTTPPORT/1322
+http://%HOSTIP:%HTTPPORT/1455 --haproxy-protocol --local-port 37756
</command>
</client>
@@ -48,8 +46,9 @@ HTTP with --resolve and hostname with trailing dot
^User-Agent:.*
</strip>
<protocol>
-GET /1322 HTTP/1.1
-Host: example.com:%HTTPPORT
+PROXY TCP4 %CLIENTIP %HOSTIP 37756 %HTTPPORT
+GET /1455 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
Accept: */*
</protocol>
diff --git a/tests/data/test240 b/tests/data/test1456
similarity index 78%
copy from tests/data/test240
copy to tests/data/test1456
index cd8594d63..07a6e7c03 100644
--- a/tests/data/test240
+++ b/tests/data/test1456
@@ -9,7 +9,7 @@ IPv6
#
# Server-side
<reply>
-<data>
+<data nocheck=yes>
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
@@ -35,10 +35,10 @@ ipv6
http-ipv6
</server>
<name>
-HTTP-IPv6 GET
+HTTP-IPv6 GET with PROXY protocol
</name>
<command>
--g "http://%HOST6IP:%HTTP6PORT/240";
+-g "http://%HOST6IP:%HTTP6PORT/1456"; --local-port 44444 --haproxy-protocol
</command>
</client>
@@ -49,7 +49,8 @@ HTTP-IPv6 GET
^User-Agent:
</strip>
<protocol>
-GET /240 HTTP/1.1
+PROXY TCP6 ::1 ::1 44444 %HTTP6PORT
+GET /1456 HTTP/1.1
Host: %HOST6IP:%HTTP6PORT
Accept: */*
diff --git a/tests/data/test155 b/tests/data/test155
index b6451ec2e..9bdc8414c 100644
--- a/tests/data/test155
+++ b/tests/data/test155
@@ -39,7 +39,7 @@ This is not the real page either!
# This is supposed to be returned when the server gets the second
# Authorization: NTLM line passed-in from the client
<data1002>
-HTTP/1.1 200 Type-3 Recevied and all Things are fine swsclose
+HTTP/1.1 200 Type-3 Received and all Things are fine swsclose
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
@@ -62,7 +62,7 @@ Content-Length: 34
Content-Type: text/html; charset=iso-8859-1
WWW-Authenticate: NTLM
TlRMTVNTUAACAAAAAgACADAAAAAGgoEAc51AYVDgyNcAAAAAAAAAAG4AbgAyAAAAQ0MCAAQAQwBDAAEAEgBFAEwASQBTAEEAQgBFAFQASAAEABgAYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAwAsAGUAbABpAHMAYQBiAGUAdABoAC4AYwBjAC4AaQBjAGUAZABlAHYALgBuAHUAAAAAAA==
-HTTP/1.1 200 Type-3 Recevied and all Things are fine swsclose
+HTTP/1.1 200 Type-3 Received and all Things are fine swsclose
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 32
diff --git a/tests/data/test1303 b/tests/data/test1608
similarity index 76%
copy from tests/data/test1303
copy to tests/data/test1608
index 925b47e15..702310757 100644
--- a/tests/data/test1303
+++ b/tests/data/test1608
@@ -2,7 +2,7 @@
<info>
<keywords>
unittest
-Curl_timeleft
+curlopt_dns_shuffle_addresses
</keywords>
</info>
@@ -16,10 +16,10 @@ none
unittest
</features>
<name>
-Curl_timeleft unit tests
+verify DNS shuffling
</name>
<tool>
-unit1303
+unit1608
</tool>
</client>
diff --git a/tests/data/test2072 b/tests/data/test2072
index 2949c2502..0d2489ff1 100644
--- a/tests/data/test2072
+++ b/tests/data/test2072
@@ -6,6 +6,13 @@ FILE
</info>
<reply>
+<data>
+foo
+ bar
+bar
+ foo
+moo
+</data>
</reply>
# Client-side
@@ -14,12 +21,15 @@ FILE
file
</server>
<name>
-file:// with SMB path
+file:// with unix path resolution behavior for the case of extra slashes
</name>
<command>
-file:////bad-host%PWD/log/test1145.txt
+file:////%PWD/log/test2072.txt
</command>
-<file name="log/test1145.txt">
+<precheck>
+perl -e "print 'Test requires a unix system' if ( $^O eq 'MSWin32' || $^O eq
'cygwin' || $^O eq 'dos');"
+</precheck>
+<file name="log/test2072.txt">
foo
bar
bar
@@ -30,9 +40,5 @@ moo
# Verify data after the test has been "shot"
<verify>
-# CURLE_URL_MALFORMAT is error code 3
-<errorcode>
-3
-</errorcode>
</verify>
</testcase>
diff --git a/tests/data/test310 b/tests/data/test3000
similarity index 81%
copy from tests/data/test310
copy to tests/data/test3000
index e7a9379ab..e62e53168 100644
--- a/tests/data/test310
+++ b/tests/data/test3000
@@ -27,13 +27,13 @@ MooMoo
SSL
</features>
<server>
-https Server-localhost-sv.pem
+https Server-localhost-firstSAN-sv.pem
</server>
- <name>
-simple HTTPS GET
- </name>
- <command>
---cacert %SRCDIR/certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/310
+<name>
+HTTPS GET to localhost, first subject alt name matches, CN does not match
+</name>
+<command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/3000
</command>
# Ensure that we're running on localhost because we're checking the host name
<precheck>
@@ -48,7 +48,7 @@ perl -e "print 'Test requires default test server host' if (
'%HOSTIP' ne '127.0
^User-Agent:.*
</strip>
<protocol>
-GET /310 HTTP/1.1
+GET /3000 HTTP/1.1
Host: localhost:%HTTPSPORT
Accept: */*
diff --git a/tests/data/test310 b/tests/data/test3001
similarity index 81%
copy from tests/data/test310
copy to tests/data/test3001
index e7a9379ab..706c3f752 100644
--- a/tests/data/test310
+++ b/tests/data/test3001
@@ -27,13 +27,13 @@ MooMoo
SSL
</features>
<server>
-https Server-localhost-sv.pem
+https Server-localhost-lastSAN-sv.pem
</server>
- <name>
-simple HTTPS GET
- </name>
- <command>
---cacert %SRCDIR/certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/310
+<name>
+HTTPS GET to localhost, last subject alt name matches, CN does not match
+</name>
+<command>
+--cacert %SRCDIR/certs/EdelCurlRoot-ca.crt https://localhost:%HTTPSPORT/3001
</command>
# Ensure that we're running on localhost because we're checking the host name
<precheck>
@@ -48,7 +48,7 @@ perl -e "print 'Test requires default test server host' if (
'%HOSTIP' ne '127.0
^User-Agent:.*
</strip>
<protocol>
-GET /310 HTTP/1.1
+GET /3001 HTTP/1.1
Host: localhost:%HTTPSPORT
Accept: */*
diff --git a/tests/data/test46 b/tests/data/test46
index abcbda8e6..fd0e666c6 100644
--- a/tests/data/test46
+++ b/tests/data/test46
@@ -33,7 +33,7 @@ This server reply is for testing cookies
http
</server>
<name>
-HTTP, get cookies and store in cookie jar
+HTTP with bad domain name, get cookies and store in cookie jar
</name>
# Explicitly set the time zone to a known good one, in case the user is
# using one of the 'right' zones that take into account leap seconds
@@ -42,7 +42,7 @@ HTTP, get cookies and store in cookie jar
TZ=GMT
</setenv>
<command>
-%HOSTIP:%HTTPPORT/want/46 -c log/jar46 -b log/injar46
+domain..tld:%HTTPPORT/want/46 --resolve domain..tld:%HTTPPORT:%HOSTIP -c
log/jar46 -b log/injar46
</command>
<file name="log/injar46">
# Netscape HTTP Cookie File
@@ -51,9 +51,9 @@ TZ=GMT
www.fake.come FALSE / FALSE 2022144953 cookiecliente si
www.loser.com FALSE / FALSE 2139150993 UID 99
-%HOSTIP FALSE / FALSE 1739150993 mooo indeed
-#HttpOnly_%HOSTIP FALSE /want FALSE 1739150993 mooo2 indeed2
-%HOSTIP FALSE /want FALSE 0 empty
+domain..tld FALSE / FALSE 1739150993 mooo indeed
+#HttpOnly_domain..tld FALSE /want FALSE 1739150993 mooo2 indeed2
+domain..tld FALSE /want FALSE 0 empty
</file>
</client>
@@ -64,7 +64,7 @@ www.loser.com FALSE / FALSE 2139150993 UID
99
</strip>
<protocol>
GET /want/46 HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
+Host: domain..tld:%HTTPPORT
Accept: */*
Cookie: empty=; mooo2=indeed2; mooo=indeed
@@ -75,15 +75,15 @@ Cookie: empty=; mooo2=indeed2; mooo=indeed
# This file was generated by libcurl! Edit at your own risk.
www.fake.come FALSE / FALSE 2022144953 cookiecliente si
+domain..tld FALSE / FALSE 1739150993 mooo indeed
+#HttpOnly_domain..tld FALSE /want FALSE 1739150993 mooo2 indeed2
+domain..tld FALSE /want FALSE 0 empty
+domain..tld FALSE / FALSE 2054030187 ckyPersistent
permanent
+domain..tld FALSE / FALSE 0 ckySession temporary
+domain..tld FALSE / FALSE 0 ASPSESSIONIDQGGQQSJJ
GKNBDIFAAOFDPDAIEAKDIBKE
+domain..tld FALSE / FALSE 0 justaname
+domain..tld FALSE /want/ FALSE 0 simplyhuge
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
[...]
www.loser.com FALSE / FALSE 2139150993 UID 99
-%HOSTIP FALSE / FALSE 1739150993 mooo indeed
-#HttpOnly_%HOSTIP FALSE /want FALSE 1739150993 mooo2 indeed2
-%HOSTIP FALSE /want FALSE 0 empty
-%HOSTIP FALSE / FALSE 2054030187 ckyPersistent
permanent
-%HOSTIP FALSE / FALSE 0 ckySession temporary
-%HOSTIP FALSE / FALSE 0 ASPSESSIONIDQGGQQSJJ
GKNBDIFAAOFDPDAIEAKDIBKE
-%HOSTIP FALSE / FALSE 0 justaname
-%HOSTIP FALSE /want/ FALSE 0 simplyhuge
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
[...]
</file>
</verify>
</testcase>
diff --git a/tests/libtest/.gitignore b/tests/libtest/.gitignore
index f368550a1..e10d96d9a 100644
--- a/tests/libtest/.gitignore
+++ b/tests/libtest/.gitignore
@@ -5,6 +5,6 @@ lib19[0-9][0-9]
lib2033
lib5[0-9][0-9]
lib64[3-5]
-lib65[0-3]
+lib65[0-9]
libauthretry
libntlmconnect
diff --git a/tests/libtest/lib1502.c b/tests/libtest/lib1502.c
index 6f253c7ec..5b75e2f2a 100644
--- a/tests/libtest/lib1502.c
+++ b/tests/libtest/lib1502.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -40,6 +40,7 @@
int test(char *URL)
{
CURL *easy = NULL;
+ CURL *dup;
CURLM *multi = NULL;
int still_running;
int res = 0;
@@ -72,6 +73,15 @@ int test(char *URL)
easy_setopt(easy, CURLOPT_HEADER, 1L);
easy_setopt(easy, CURLOPT_RESOLVE, dns_cache_list);
+ dup = curl_easy_duphandle(easy);
+ if(dup) {
+ curl_easy_cleanup(easy);
+ easy = dup;
+ }
+ else {
+ return CURLE_OUT_OF_MEMORY;
+ }
+
multi_init(multi);
multi_add_handle(multi, easy);
diff --git a/tests/libtest/lib1509.c b/tests/libtest/lib1509.c
index ccb668304..63bc589b1 100644
--- a/tests/libtest/lib1509.c
+++ b/tests/libtest/lib1509.c
@@ -69,7 +69,7 @@ int test(char *URL)
goto test_cleanup;
}
- printf("header length is ........: %lu\n", headerSize);
+ printf("header length is ........: %ld\n", headerSize);
printf("header length should be..: %lu\n", realHeaderSize);
test_cleanup:
diff --git a/tests/libtest/lib1535.c b/tests/libtest/lib1535.c
index 32519f206..6ff03467d 100644
--- a/tests/libtest/lib1535.c
+++ b/tests/libtest/lib1535.c
@@ -71,7 +71,7 @@ int test(char *URL)
}
if(protocol != CURLPROTO_HTTP) {
fprintf(stderr, "%s:%d protocol of http resource is incorrect; "
- "expected %ld but is %ld\n",
+ "expected %d but is %ld\n",
__FILE__, __LINE__, CURLPROTO_HTTP, protocol);
res = CURLE_HTTP_RETURNED_ERROR;
goto test_cleanup;
diff --git a/tests/libtest/lib1536.c b/tests/libtest/lib1536.c
index 7f5b61499..0c04bbf8e 100644
--- a/tests/libtest/lib1536.c
+++ b/tests/libtest/lib1536.c
@@ -72,7 +72,7 @@ int test(char *URL)
if(memcmp(scheme, "HTTP", 5) != 0) {
fprintf(stderr, "%s:%d scheme of http resource is incorrect; "
"expected 'HTTP' but is %s\n",
- __FILE__, __LINE__, CURLPROTO_HTTP,
+ __FILE__, __LINE__,
(scheme == NULL ? "NULL" : "invalid"));
res = CURLE_HTTP_RETURNED_ERROR;
goto test_cleanup;
diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
index e7451907c..2f7d9a011 100644
--- a/tests/libtest/lib517.c
+++ b/tests/libtest/lib517.c
@@ -47,6 +47,7 @@ static struct dcheck dates[] = {
{"Sun/Nov/6/94/GMT", 784080000 },
{"Sun, 06 Nov 1994 08:49:37 CET", 784108177 },
{"06 Nov 1994 08:49:37 EST", 784129777 },
+ {"Sun, 06 Nov 1994 08:49:37 UT", 784111777 },
{"Sun, 12 Sep 2004 15:05:58 -0700", 1095026758 },
{"Sat, 11 Sep 2004 21:32:11 +0200", 1094931131 },
{"20040912 15:05:58 -0700", 1095026758 },
diff --git a/tests/libtest/lib552.c b/tests/libtest/lib552.c
index 5082eb044..83797f3c2 100644
--- a/tests/libtest/lib552.c
+++ b/tests/libtest/lib552.c
@@ -46,11 +46,11 @@ void dump(const char *text,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stream, "%s, %d bytes (0x%x)\n", text, (int)size, (int)size);
+ fprintf(stream, "%s, %zu bytes (0x%zx)\n", text, size, size);
for(i = 0; i<size; i += width) {
- fprintf(stream, "%04x: ", (int)i);
+ fprintf(stream, "%04zx: ", i);
if(!nohex) {
/* hex not disabled, show it */
diff --git a/tests/libtest/stub_gssapi.c b/tests/libtest/stub_gssapi.c
index 168becf88..883cc1900 100644
--- a/tests/libtest/stub_gssapi.c
+++ b/tests/libtest/stub_gssapi.c
@@ -324,7 +324,7 @@ OM_uint32 gss_display_status(OM_uint32 *min,
if(status_string->value)
status_string->length = strlen(status_string->value);
else
- return GSS_S_FAILURE;
+ return GSS_S_FAILURE;
}
return GSS_S_COMPLETE;
diff --git a/tests/libtest/testtrace.c b/tests/libtest/testtrace.c
index 5c68b3b1b..63e022b33 100644
--- a/tests/libtest/testtrace.c
+++ b/tests/libtest/testtrace.c
@@ -43,12 +43,12 @@ void libtest_debug_dump(const char *timebuf, const char
*text, FILE *stream,
/* without the hex output, we can fit more on screen */
width = 0x40;
- fprintf(stream, "%s%s, %d bytes (0x%x)\n", timebuf, text,
- (int)size, (int)size);
+ fprintf(stream, "%s%s, %zu bytes (0x%zx)\n", timebuf, text,
+ size, size);
for(i = 0; i < size; i += width) {
- fprintf(stream, "%04x: ", (int)i);
+ fprintf(stream, "%04zx: ", i);
if(!nohex) {
/* hex not disabled, show it */
diff --git a/tests/runtests.pl b/tests/runtests.pl
index c4492655a..c0a68c272 100755
--- a/tests/runtests.pl
+++ b/tests/runtests.pl
@@ -235,6 +235,7 @@ my $has_threadedres;# set if built with threaded resolver
my $has_psl; # set if libcurl is built with PSL support
my $has_ldpreload; # set if curl is built for systems supporting LD_PRELOAD
my $has_multissl; # set if curl is build with MultiSSL support
+my $has_manual; # set if curl is built with built-in manual
# this version is decided by the particular nghttp2 library that is being used
my $h2cver = "h2c";
@@ -3033,6 +3034,17 @@ sub checksystem {
"TrackMemory feature (--enable-curldebug)";
}
+ open(M, "$CURL -M 2>&1|");
+ while(my $s = <M>) {
+ if($s =~ /built-in manual was disabled at build-time/) {
+ $has_manual = 0;
+ last;
+ }
+ $has_manual = 1;
+ last;
+ }
+ close(M);
+
$has_shared = `sh $CURLCONFIG --built-shared`;
chomp $has_shared;
@@ -3472,6 +3484,11 @@ sub singletest {
next;
}
}
+ elsif($1 eq "manual") {
+ if($has_manual) {
+ next;
+ }
+ }
elsif($1 eq "socks") {
next;
}
@@ -3909,7 +3926,8 @@ sub singletest {
if((!$cmdhash{'option'}) || ($cmdhash{'option'} !~ /no-output/)) {
#We may slap on --output!
- if (address@hidden) {
+ if (address@hidden ||
+ ($cmdhash{'option'} && $cmdhash{'option'} =~ /force-output/)) {
$out=" --output $CURLOUT ";
}
}
diff --git a/tests/server/fake_ntlm.c b/tests/server/fake_ntlm.c
index ca2b438b6..ec127a8af 100644
--- a/tests/server/fake_ntlm.c
+++ b/tests/server/fake_ntlm.c
@@ -37,7 +37,7 @@
/* include memdebug.h last */
#include "memdebug.h"
-#define LOGFILE "log/fake_ntlm%d.log"
+#define LOGFILE "log/fake_ntlm%ld.log"
const char *serverlogfile;
diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c
index 40f5bdb48..844d35a4e 100644
--- a/tests/server/sockfilt.c
+++ b/tests/server/sockfilt.c
@@ -727,24 +727,20 @@ static int select_ws(int nfds, fd_set *readfds, fd_set
*writefds,
}
/* allocate internal array for the internal data */
- data = malloc(nfds * sizeof(struct select_ws_data));
+ data = calloc(nfds, sizeof(struct select_ws_data));
if(data == NULL) {
errno = ENOMEM;
return -1;
}
/* allocate internal array for the internal event handles */
- handles = malloc(nfds * sizeof(HANDLE));
+ handles = calloc(nfds, sizeof(HANDLE));
if(handles == NULL) {
free(data);
errno = ENOMEM;
return -1;
}
- /* clear internal arrays */
- memset(data, 0, nfds * sizeof(struct select_ws_data));
- memset(handles, 0, nfds * sizeof(HANDLE));
-
/* loop over the handles in the input descriptor sets */
for(fds = 0; fds < nfds; fds++) {
networkevents = 0;
diff --git a/tests/testcurl.pl b/tests/testcurl.pl
index 48fde3dcf..5000253c3 100755
--- a/tests/testcurl.pl
+++ b/tests/testcurl.pl
@@ -31,7 +31,7 @@
# at a regular interval. The output is suitable to be mailed to
# address@hidden to be dealt with automatically (make sure the
# subject includes the word "autobuild" as the mail gets silently discarded
-# otherwise). The most current build status (with a resonable backlog) will
+# otherwise). The most current build status (with a reasonable backlog) will
# be published on the curl site, at https://curl.haxx.se/auto/
# USAGE:
diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
index 17481f339..ac9d3bd23 100644
--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
@@ -9,7 +9,8 @@ UNITPROGS = unit1300 unit1301 unit1302 unit1303 unit1304
unit1305 unit1307 \
unit1308 unit1309 unit1323 \
unit1330 unit1394 unit1395 unit1396 unit1397 unit1398 \
unit1399 \
- unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607
+ unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \
+ unit1608
unit1300_SOURCES = unit1300.c $(UNITFILES)
unit1300_CPPFLAGS = $(AM_CPPFLAGS)
@@ -88,3 +89,6 @@ unit1606_CPPFLAGS = $(AM_CPPFLAGS)
unit1607_SOURCES = unit1607.c $(UNITFILES)
unit1607_CPPFLAGS = $(AM_CPPFLAGS)
+
+unit1608_SOURCES = unit1608.c $(UNITFILES)
+unit1608_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/tests/unit/unit1309.c b/tests/unit/unit1309.c
index 9a07c9332..9d885389d 100644
--- a/tests/unit/unit1309.c
+++ b/tests/unit/unit1309.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, 2017, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -73,6 +73,7 @@ UNITTEST_START
struct Curl_tree *root, *removed;
struct Curl_tree nodes[NUM_NODES*3];
+ size_t storage[NUM_NODES*3];
int rc;
int i, j;
struct curltime tv_now = {0, 0};
@@ -81,14 +82,11 @@ UNITTEST_START
/* add nodes */
for(i = 0; i < NUM_NODES; i++) {
struct curltime key;
- size_t payload;
key.tv_sec = 0;
key.tv_usec = (541*i)%1023;
- payload = (size_t) key.tv_usec;
-
- /* for simplicity */
- nodes[i].payload = CURLX_INTEGER_TO_POINTER_CAST(payload);
+ storage[i] = key.tv_usec;
+ nodes[i].payload = &storage[i];
root = Curl_splayinsert(key, root, &nodes[i]);
}
@@ -99,8 +97,8 @@ UNITTEST_START
int rem = (i + 7)%NUM_NODES;
printf("Tree look:\n");
splayprint(root, 0, 1);
- printf("remove pointer %d, payload %ld\n", rem,
- CURLX_POINTER_TO_INTEGER_CAST(nodes[rem].payload));
+ printf("remove pointer %d, payload %zu\n", rem,
+ *(size_t *)nodes[rem].payload);
rc = Curl_splayremovebyaddr(root, &nodes[rem], &root);
if(rc) {
/* failed! */
@@ -120,9 +118,8 @@ UNITTEST_START
/* add some nodes with the same key */
for(j = 0; j <= i % 3; j++) {
- size_t payload = key.tv_usec*10 + j;
- /* for simplicity */
- nodes[i * 3 + j].payload = CURLX_INTEGER_TO_POINTER_CAST(payload);
+ storage[i * 3 + j] = key.tv_usec*10 + j;
+ nodes[i * 3 + j].payload = &storage[i * 3 + j];
root = Curl_splayinsert(key, root, &nodes[i * 3 + j]);
}
}
@@ -133,9 +130,9 @@ UNITTEST_START
tv_now.tv_usec = i;
root = Curl_splaygetbest(tv_now, root, &removed);
while(removed != NULL) {
- printf("removed payload %ld[%ld]\n",
- CURLX_POINTER_TO_INTEGER_CAST(removed->payload) / 10,
- CURLX_POINTER_TO_INTEGER_CAST(removed->payload) % 10);
+ printf("removed payload %zu[%zu]\n",
+ (*(size_t *)removed->payload) / 10,
+ (*(size_t *)removed->payload) % 10);
root = Curl_splaygetbest(tv_now, root, &removed);
}
}
@@ -143,7 +140,3 @@ UNITTEST_START
fail_unless(root == NULL, "tree not empty when it should be");
UNITTEST_STOP
-
-
-
-
diff --git a/tests/unit/unit1395.c b/tests/unit/unit1395.c
index 527f28142..78fdfa021 100644
--- a/tests/unit/unit1395.c
+++ b/tests/unit/unit1395.c
@@ -79,13 +79,13 @@ UNITTEST_START
abort_unless(out != NULL, "returned NULL!");
if(strcmp(out, pairs[i].output)) {
- fprintf(stderr, "Test %d: '%s' gave '%s' instead of '%s'\n",
+ fprintf(stderr, "Test %u: '%s' gave '%s' instead of '%s'\n",
i, pairs[i].input, out, pairs[i].output);
fail("Test case output mismatched");
fails++;
}
else
- fprintf(stderr, "Test %d: OK\n", i);
+ fprintf(stderr, "Test %u: OK\n", i);
free(out);
}
diff --git a/tests/unit/unit1605.c b/tests/unit/unit1608.c
similarity index 57%
copy from tests/unit/unit1605.c
copy to tests/unit/unit1608.c
index 57a9199c5..9ae474ba9 100644
--- a/tests/unit/unit1605.c
+++ b/tests/unit/unit1608.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -21,35 +21,50 @@
***************************************************************************/
#include "curlcheck.h"
-#include "llist.h"
+#include "hostip.h"
-static CURL *easy;
+#define NUM_ADDRS 8
+static struct Curl_addrinfo addrs[NUM_ADDRS];
static CURLcode unit_setup(void)
{
- int res = CURLE_OK;
+ int i;
+ for(i = 0; i < NUM_ADDRS - 1; i++) {
+ addrs[i].ai_next = &addrs[i + 1];
+ }
- global_init(CURL_GLOBAL_ALL);
- easy = curl_easy_init();
- if(!easy)
- return CURLE_OUT_OF_MEMORY;
- return res;
+ return CURLE_OK;
}
static void unit_stop(void)
{
- curl_easy_cleanup(easy);
- curl_global_cleanup();
+
}
UNITTEST_START
- int len;
- char *esc;
+{
+ int i;
+ CURLcode code;
+ struct Curl_addrinfo* addrhead = addrs;
+
+ struct Curl_easy *easy = curl_easy_init();
+ abort_unless(easy, "out of memory");
- esc = curl_easy_escape(easy, "", -1);
- fail_unless(esc == NULL, "negative string length can't work");
+ code = curl_easy_setopt(easy, CURLOPT_DNS_SHUFFLE_ADDRESSES, 1L);
+ abort_unless(code == CURLE_OK, "curl_easy_setopt failed");
- esc = curl_easy_unescape(easy, "%41%41%41%41", -1, &len);
- fail_unless(esc == NULL, "negative string length can't work");
+ /* Shuffle repeatedly and make sure that the list changes */
+ for(i = 0; i < 10; i++) {
+ if(CURLE_OK != Curl_shuffle_addr(easy, &addrhead))
+ break;
+ if(addrhead != addrs)
+ break;
+ }
+ curl_easy_cleanup(easy);
+
+ abort_unless(addrhead != addrs, "addresses are not being reordered");
+
+ return 0;
+}
UNITTEST_STOP
diff --git a/winbuild/BUILD.WINDOWS.txt b/winbuild/BUILD.WINDOWS.txt
index 98deed01e..33252f8e5 100644
--- a/winbuild/BUILD.WINDOWS.txt
+++ b/winbuild/BUILD.WINDOWS.txt
@@ -12,7 +12,7 @@ Building with Visual C++, prerequisites
The latest Platform SDK can be downloaded freely from:
- https://msdn.microsoft.com/en-us/windows/bb980924
+ https://developer.microsoft.com/en-us/windows/downloads/sdk-archive
If you are building with VC6 then you will also need the February 2003
Edition of the Platform SDK which can be downloaded from:
@@ -44,15 +44,25 @@ Building straight from git
Building with Visual C++
========================
-Open a Visual Studio Command prompt or the SDK CMD shell.
+Open a Visual Studio Command prompt:
- Using the CMD Shell:
- choose the right environment via the setenv command (see setenv /?)
- for the full list of options. setenv /xp /x86 /release for example.
+ Using the 'Developer Command Prompt for VS <version>' menu entry:
+ where version is the Visual Studio version. The developer prompt at
default
+ uses the x86 mode. It is required to call Vcvarsall.bat to setup the
prompt
+ for the machine type you want, using Vcvarsall.bat.
+ This type of command prompt may not exist in all Visual Studio versions.
- Using the Visual Studio command prompt Shell:
- Everything is already pre-configured by calling one of the command
- prompt.
+ For more information, check:
+
https://docs.microsoft.com/en-us/dotnet/framework/tools/developer-command-prompt-for-vs
+
https://docs.microsoft.com/en-us/cpp/build/how-to-enable-a-64-bit-visual-cpp-toolset-on-the-command-line
+
+ Using the 'VS <version> <platform> <type> Command Prompt' menu entry:
+ where version is the Visual Studio version, platform is e.g. x64
+ and type Native of Cross platform build. This type of command prompt
+ may not exist in all Visual Studio versions.
+
+ See also:
+ https://msdn.microsoft.com/en-us/library/f2ccy3wt.aspx
Once you are in the console, go to the winbuild directory in the Curl
sources:
@@ -65,26 +75,32 @@ a directory named using the options given to the nmake call.
nmake /f Makefile.vc mode=<static or dll> <options>
where <options> is one or many of:
- VC=<6,7,8,9,10,11,12,14,15> - VC versions
- WITH_DEVEL=<path> - Paths for the development files (SSL, zlib,
etc.)
- Defaults to sibbling directory deps: ../deps
- Libraries can be fetched at
http://windows.php.net/downloads/php-sdk/deps/
- Uncompress them into the deps folder.
- WITH_SSL=<dll or static> - Enable OpenSSL support, DLL or static
- WITH_NGHTTP2=<dll or static> - Enable HTTP/2 support, DLL or static
- WITH_MBEDTLS=<dll or static> - Enable mbedTLS support, DLL or static
- WITH_CARES=<dll or static> - Enable c-ares support, DLL or static
- WITH_ZLIB=<dll or static> - Enable zlib support, DLL or static
- WITH_SSH2=<dll or static> - Enable libSSH2 support, DLL or static
- ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes
- ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes
- ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs, defaults to
yes
- Requires Windows Vista or later, or
installation from:
-
https://www.microsoft.com/downloads/details.aspx?FamilyID=AD6158D7-DDBA-416A-9109-07607425A815
- ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support, defaults
to yes
- GEN_PDB=<yes or no> - Generate Program Database (debug symbols for
release build)
- DEBUG=<yes or no> - Debug builds
- MACHINE=<x86 or x64> - Target architecture (default is x86)
+ VC=<6,7,8,9,10,11,12,14,15> - VC versions
+ WITH_DEVEL=<path> - Paths for the development files (SSL, zlib,
etc.)
+ Defaults to sibbling directory deps: ../deps
+ Libraries can be fetched at
http://windows.php.net/downloads/php-sdk/deps/
+ Uncompress them into the deps folder.
+ WITH_SSL=<dll or static> - Enable OpenSSL support, DLL or static
+ WITH_NGHTTP2=<dll or static> - Enable HTTP/2 support, DLL or static
+ WITH_MBEDTLS=<dll or static> - Enable mbedTLS support, DLL or static
+ WITH_CARES=<dll or static> - Enable c-ares support, DLL or static
+ WITH_ZLIB=<dll or static> - Enable zlib support, DLL or static
+ WITH_SSH2=<dll or static> - Enable libSSH2 support, DLL or static
+ ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes
+ ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes
+ ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs, defaults to
yes
+ Requires Windows Vista or later
+ ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support, defaults
to yes
+ GEN_PDB=<yes or no> - Generate Program Database (debug symbols
for release build)
+ DEBUG=<yes or no> - Debug builds
+ MACHINE=<x86 or x64> - Target architecture (default is x86)
+ CARES_PATH=<path to cares> - Custom path for c-ares
+ MBEDTLS_PATH=<path to mbedTLS> - Custom path for mbedTLS
+ NGHTTP2_PATH=<path to HTTP/2> - Custom path for nghttp2
+ SSH2_PATH=<path to libSSH2> - Custom path for libSSH2
+ SSL_PATH=<path to OpenSSL> - Custom path for OpenSSL
+ ZLIB_PATH=<path to zlib> - Custom path for zlib
+
Static linking of Microsoft's C RunTime (CRT):
==============================================
diff --git a/winbuild/Makefile.vc b/winbuild/Makefile.vc
index 46919fc2d..a874b77f8 100644
--- a/winbuild/Makefile.vc
+++ b/winbuild/Makefile.vc
@@ -37,26 +37,31 @@ CFGSET=true
!MESSAGE Usage: nmake /f Makefile.vc mode=<static or dll> <options>
!MESSAGE where <options> is one or many of:
-!MESSAGE VC=<6,7,8,9,10,11,12,14,15> - VC versions
-!MESSAGE WITH_DEVEL=<path> - Paths for the development files
(SSL, zlib, etc.)
-!MESSAGE Defaults to sibbling directory deps:
../deps
-!MESSAGE Libraries can be fetched at
http://pecl2.php.net/downloads/php-windows-builds/
-!MESSAGE Uncompress them into the deps folder.
-!MESSAGE WITH_SSL=<dll or static> - Enable OpenSSL support, DLL or static
-!MESSAGE WITH_NGHTTP2=<dll or static> - Enable HTTP/2 support, DLL or static
-!MESSAGE WITH_CARES=<dll or static> - Enable c-ares support, DLL or static
-!MESSAGE WITH_ZLIB=<dll or static> - Enable zlib support, DLL or static
-!MESSAGE WITH_SSH2=<dll or static> - Enable libSSH2 support, DLL or static
-!MESSAGE WITH_MBEDTLS=<dll or static> - Enable mbedTLS support, DLL or static
-!MESSAGE ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs,
defaults to yes
-!MESSAGE Requires Windows Vista or later, or
installation from:
-!MESSAGE
https://www.microsoft.com/en-us/download/details.aspx?id=734
-!MESSAGE ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes
-!MESSAGE ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes
-!MESSAGE ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support,
defaults to yes
-!MESSAGE GEN_PDB=<yes or no> - Generate Program Database (debug
symbols for release build)
-!MESSAGE DEBUG=<yes or no> - Debug builds
-!MESSAGE MACHINE=<x86 or x64> - Target architecture (default x64 on
AMD64, x86 on others)
+!MESSAGE VC=<6,7,8,9,10,11,12,14,15> - VC versions
+!MESSAGE WITH_DEVEL=<path> - Paths for the development files
(SSL, zlib, etc.)
+!MESSAGE Defaults to sibbling directory
deps: ../deps
+!MESSAGE Libraries can be fetched at
http://pecl2.php.net/downloads/php-windows-builds/
+!MESSAGE Uncompress them into the deps
folder.
+!MESSAGE WITH_SSL=<dll or static> - Enable OpenSSL support, DLL or
static
+!MESSAGE WITH_NGHTTP2=<dll or static> - Enable HTTP/2 support, DLL or
static
+!MESSAGE WITH_CARES=<dll or static> - Enable c-ares support, DLL or
static
+!MESSAGE WITH_ZLIB=<dll or static> - Enable zlib support, DLL or static
+!MESSAGE WITH_SSH2=<dll or static> - Enable libSSH2 support, DLL or
static
+!MESSAGE WITH_MBEDTLS=<dll or static> - Enable mbedTLS support, DLL or
static
+!MESSAGE ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs,
defaults to yes
+!MESSAGE Requires Windows Vista or later
+!MESSAGE ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes
+!MESSAGE ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to
yes
+!MESSAGE ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support,
defaults to yes
+!MESSAGE GEN_PDB=<yes or no> - Generate Program Database (debug
symbols for release build)
+!MESSAGE DEBUG=<yes or no> - Debug builds
+!MESSAGE MACHINE=<x86 or x64> - Target architecture (default x64
on AMD64, x86 on others)
+!MESSAGE CARES_PATH=<path to cares> - Custom path for c-ares
+!MESSAGE MBEDTLS_PATH=<path to mbedTLS> - Custom path for mbedTLS
+!MESSAGE NGHTTP2_PATH=<path to HTTP/2> - Custom path for nghttp2
+!MESSAGE SSH2_PATH=<path to libSSH2> - Custom path for libSSH2
+!MESSAGE SSL_PATH=<path to OpenSSL> - Custom path for OpenSSL
+!MESSAGE ZLIB_PATH=<path to zlib> - Custom path for zlib
!ERROR please choose a valid mode
!ENDIF
@@ -270,3 +275,6 @@ $(MODE):
copy_from_lib:
echo copying .c...
FOR %%i IN ($(CURLX_CFILES:/=\)) DO copy %%i ..\src\
+
+clean:
+ $(MAKE) /NOLOGO /F MakefileBuild.vc $@
diff --git a/winbuild/MakefileBuild.vc b/winbuild/MakefileBuild.vc
index 28500aeba..bf79db376 100644
--- a/winbuild/MakefileBuild.vc
+++ b/winbuild/MakefileBuild.vc
@@ -70,14 +70,19 @@ CFLAGS = /I. /I ../lib /I../include /nologo /W4
/wd4127 /EHsc /DWIN32 /FD /
LFLAGS = /nologo /machine:$(MACHINE)
LNKDLL = link.exe /DLL
-LNKLIB = link.exe /lib
+# Use lib.exe instead of link.exe as link.exe /lib has the following bad
habits:
+# - optimizing options like /opt:ref raises warnings (at least in Visual
Studio 2015)
+# - all (including Windows) dependencies are aggregated (as static parts)
+# - link.exe /lib is not documented (anymore) at MSDN
+# Instead of id: just create an archive, that contains all objects
+LNKLIB = lib.exe
CFLAGS_PDB = /Zi
LFLAGS_PDB = /incremental:no /opt:ref,icf /DEBUG
CFLAGS_LIBCURL_STATIC = /DCURL_STATICLIB
-WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib
+WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib
BASE_NAME = libcurl
BASE_NAME_DEBUG = $(BASE_NAME)_debug
@@ -97,9 +102,9 @@ PDB_NAME_DLL = $(BASE_NAME).pdb
PDB_NAME_DLL_DEBUG = $(BASE_NAME_DEBUG).pdb
# CURL Command section
-PROGRAM_NAME = curl.exe
-CURL_CFLAGS = /I../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c
-CURL_LFLAGS = /nologo /out:$(DIRDIST)\bin\$(PROGRAM_NAME) /subsystem:console
/machine:$(MACHINE)
+PROGRAM_NAME = curl.exe
+CURL_CFLAGS = /I../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c
+CURL_LFLAGS = /out:$(DIRDIST)\bin\$(PROGRAM_NAME) /subsystem:console
$(LFLAGS)
CURL_RESFLAGS = /i../include
#############################################################
@@ -108,57 +113,92 @@ LIBCURL_SRC_DIR = ..\lib
CURL_SRC_DIR = ..\src
!IFNDEF WITH_DEVEL
-WITH_DEVEL = ../../deps
+WITH_DEVEL = ../../deps
!ENDIF
-DEVEL_INCLUDE = $(WITH_DEVEL)/include
-DEVEL_LIB = $(WITH_DEVEL)/lib
-DEVEL_BIN = $(WITH_DEVEL)/bin
+DEVEL_INCLUDE= $(WITH_DEVEL)/include
+DEVEL_LIB = $(WITH_DEVEL)/lib
-CFLAGS = $(CFLAGS) /I"$(DEVEL_INCLUDE)"
-LFLAGS = $(LFLAGS) "/LIBPATH:$(DEVEL_LIB)"
+!IF EXISTS("$(DEVEL_INCLUDE)")
+CFLAGS = $(CFLAGS) /I"$(DEVEL_INCLUDE)"
+!ENDIF
+!IF EXISTS("$(DEVEL_LIB)")
+LFLAGS = $(LFLAGS) "/LIBPATH:$(DEVEL_LIB)"
+!ENDIF
+!IFDEF SSL_PATH
+SSL_INC_DIR = $(SSL_PATH)\include
+SSL_LIB_DIR = $(SSL_PATH)\lib
+SSL_LFLAGS = $(SSL_LFLAGS) "/LIBPATH:$(SSL_LIB_DIR)"
+!ELSE
+SSL_INC_DIR=$(DEVEL_INCLUDE)\openssl
+SSL_LIB_DIR=$(DEVEL_LIB)
+!ENDIF
-!IF "$(WITH_SSL)"=="dll"
-!IF EXISTS("$(DEVEL_LIB)\libssl.lib")
+!IF "$(WITH_SSL)"=="dll" || "$(WITH_SSL)"=="static"
+!IF EXISTS("$(SSL_LIB_DIR)\libssl.lib")
SSL_LIBS = libssl.lib libcrypto.lib
!ELSE
SSL_LIBS = libeay32.lib ssleay32.lib
!ENDIF
USE_SSL = true
-SSL = dll
-!ELSEIF "$(WITH_SSL)"=="static"
-!IF EXISTS("$(DEVEL_LIB)\libssl.lib")
-SSL_LIBS = libssl.lib libcrypto.lib gdi32.lib user32.lib crypt32.lib
-!ELSE
-SSL_LIBS = libeay32.lib ssleay32.lib gdi32.lib user32.lib crypt32.lib
+SSL = $(WITH_SSL)
+!IF "$(WITH_SSL)"=="static"
+WIN_LIBS = $(WIN_LIBS) gdi32.lib user32.lib crypt32.lib
!ENDIF
-USE_SSL = true
-SSL = static
!ENDIF
!IFDEF USE_SSL
-SSL_CFLAGS = /DUSE_OPENSSL /I"$(DEVEL_INCLUDE)/openssl"
-!IF EXISTS("$(DEVEL_INCLUDE)\openssl\is_boringssl.h")
+SSL_CFLAGS = /DUSE_OPENSSL /I"$(SSL_INC_DIR)"
+!IF EXISTS("$(SSL_INC_DIR)\is_boringssl.h")
SSL_CFLAGS = $(SSL_CFLAGS) /DHAVE_BORINGSSL
!ENDIF
!ENDIF
+
+!IFDEF NGHTTP2_PATH
+NGHTTP2_INC_DIR = $(NGHTTP2_PATH)\include
+NGHTTP2_LIB_DIR = $(NGHTTP2_PATH)\lib
+NGHTTP2_LFLAGS = $(NGHTTP2_LFLAGS) "/LIBPATH:$(NGHTTP2_LIB_DIR)"
+!ELSE
+NGHTTP2_INC_DIR = $(DEVEL_INCLUDE)
+NGHTTP2_LIB_DIR = $(DEVEL_LIB)
+!ENDIF
+
!IF "$(WITH_NGHTTP2)"=="dll"
-NGHTTP2_CFLAGS = /DUSE_NGHTTP2
+NGHTTP2_CFLAGS = /DUSE_NGHTTP2 /I"$(NGHTTP2_INC_DIR)"
NGHTTP2_LIBS = nghttp2.lib
!ELSEIF "$(WITH_NGHTTP2)"=="static"
-NGHTTP2_CFLAGS = /DUSE_NGHTTP2 /DNGHTTP2_STATICLIB
+NGHTTP2_CFLAGS = /DUSE_NGHTTP2 /DNGHTTP2_STATICLIB /I"$(NGHTTP2_INC_DIR)"
NGHTTP2_LIBS = nghttp2_static.lib
!ENDIF
+
+!IFDEF MBEDTLS_PATH
+MBEDTLS_INC_DIR = $(MBEDTLS_PATH)\include
+MBEDTLS_LIB_DIR = $(MBEDTLS_PATH)\lib
+MBEDTLS_LFLAGS = $(MBEDTLS_LFLAGS) "/LIBPATH:$(MBEDTLS_LIB_DIR)"
+!ELSE
+MBEDTLS_INC_DIR = $(DEVEL_INCLUDE)
+MBEDTLS_LIB_DIR = $(DEVEL_LIB)
+!ENDIF
+
!IF "$(WITH_MBEDTLS)"=="dll" || "$(WITH_MBEDTLS)"=="static"
USE_MBEDTLS = true
MBEDTLS = $(WITH_MBEDTLS)
-MBEDTLS_CFLAGS = /DUSE_MBEDTLS
+MBEDTLS_CFLAGS = /DUSE_MBEDTLS /I"$(MBEDTLS_INC_DIR)"
MBEDTLS_LIBS = mbedtls.lib mbedcrypto.lib mbedx509.lib
!ENDIF
+!IFDEF CARES_PATH
+CARES_INC_DIR = $(CARES_PATH)\include
+CARES_LIB_DIR = $(CARES_PATH)\lib
+CARES_LFLAGS = $(CARES_LFLAGS) "/LIBPATH:$(CARES_LIB_DIR)"
+!ELSE
+CARES_INC_DIR = $(DEVEL_INCLUDE)/cares
+CARES_LIB_DIR = $(DEVEL_LIB)
+!ENDIF
+
!IF "$(WITH_CARES)"=="dll"
!IF "$(DEBUG)"=="yes"
CARES_LIBS = caresd.lib
@@ -178,15 +218,25 @@ CARES = static
!ENDIF
!IFDEF USE_CARES
-CARES_CFLAGS = /DUSE_ARES /I"$(DEVEL_INCLUDE)/cares"
+CARES_CFLAGS = /DUSE_ARES /I"$(CARES_INC_DIR)"
+!ENDIF
+
+
+!IFDEF ZLIB_PATH
+ZLIB_INC_DIR = $(ZLIB_PATH)\include
+ZLIB_LIB_DIR = $(ZLIB_PATH)\lib
+ZLIB_LFLAGS = $(ZLIB_LFLAGS) "/LIBPATH:$(ZLIB_LIB_DIR)"
+!ELSE
+ZLIB_INC_DIR = $(DEVEL_INCLUDE)
+ZLIB_LIB_DIR = $(DEVEL_LIB)
!ENDIF
# Depending on how zlib is built the libraries have different names, we
# try to handle them all.
!IF "$(WITH_ZLIB)"=="dll"
-!IF EXISTS("$(DEVEL_LIB)\zlibwapi.lib")
+!IF EXISTS("$(ZLIB_LIB_DIR)\zlibwapi.lib")
ZLIB_LIBS = zlibwapi.lib
-!ELSEIF EXISTS("$(DEVEL_LIB)\zdll.lib")
+!ELSEIF EXISTS("$(ZLIB_LIB_DIR)\zdll.lib")
ZLIB_LIBS = zdll.lib
!ELSE
ZLIB_LIBS = zlib.lib
@@ -194,9 +244,9 @@ ZLIB_LIBS = zlib.lib
USE_ZLIB = true
ZLIB = dll
!ELSEIF "$(WITH_ZLIB)"=="static"
-!IF EXISTS("$(DEVEL_LIB)\zlibstat.lib")
+!IF EXISTS("$(ZLIB_LIB_DIR)\zlibstat.lib")
ZLIB_LIBS = zlibstat.lib
-!ELSEIF EXISTS("$(DEVEL_LIB)\zlib.lib")
+!ELSEIF EXISTS("$(ZLIB_LIB_DIR)\zlib.lib")
ZLIB_LIBS = zlib.lib
!ELSE
ZLIB_LIBS = zlib_a.lib
@@ -206,23 +256,38 @@ ZLIB = static
!ENDIF
!IFDEF USE_ZLIB
-ZLIB_CFLAGS = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ
+ZLIB_CFLAGS = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I"$(ZLIB_INC_DIR)"
!ENDIF
+!IFDEF SSH2_PATH
+SSH2_INC_DIR= $(SSH2_PATH)\include
+SSH2_LIB_DIR= $(SSH2_PATH)\lib
+SSH2_LFLAGS = $(SSH2_LFLAGS) "/LIBPATH:$(SSH2_LIB_DIR)"
+!ELSE
+SSH2_LIB_DIR= $(DEVEL_LIB)
+SSH2_INC_DIR= $(DEVEL_INCLUDE)/libssh2
+!ENDIF
+
!IF "$(WITH_SSH2)"=="dll"
SSH2_LIBS = libssh2.lib
USE_SSH2 = true
SSH2 = dll
!ELSEIF "$(WITH_SSH2)"=="static"
-SSH2_LIBS = libssh2_a.lib user32.lib
+# libssh2 NMakefile on Windows at default creates a static library without _a
suffix
+!IF EXISTS("$(SSH2_LIB_DIR)\libssh2.lib")
+SSH2_LIBS = libssh2.lib
+!ELSE
+SSH2_LIBS = libssh2_a.lib
+!ENDIF
+WIN_LIBS = $(WIN_LIBS) user32.lib
USE_SSH2 = true
SSH2 = static
!ENDIF
!IFDEF USE_SSH2
SSH2_CFLAGS = /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32
/DLIBSSH2_LIBRARY /DUSE_LIBSSH2
-SSH2_CFLAGS = $(SSH2_CFLAGS) /I$(WITH_DEVEL)/include/libssh2
+SSH2_CFLAGS = $(SSH2_CFLAGS) /I$(SSH2_INC_DIR)
!ENDIF
@@ -330,7 +395,7 @@ CURL_RC_FLAGS = /i../include /dDEBUGBUILD=0 /Fo $@
$(CURL_SRC_DIR)\curl.rc
!IF "$(AS_DLL)" == "true"
-LNK = $(LNKDLL) $(WIN_LIBS) /out:$(LIB_DIROBJ)\$(TARGET)
+LNK = $(LNKDLL) $(LFLAGS) $(WIN_LIBS) /out:$(LIB_DIROBJ)\$(TARGET)
!IF "$(DEBUG)"=="yes"
TARGET = $(LIB_NAME_DLL_DEBUG)
LNK = $(LNK) /DEBUG /IMPLIB:$(LIB_DIROBJ)\$(LIB_NAME_IMP_DEBUG)
@@ -354,7 +419,7 @@ PDB = $(PDB_NAME_STATIC_DEBUG)
TARGET = $(LIB_NAME_STATIC)
PDB = $(PDB_NAME_STATIC)
!ENDIF
-LNK = $(LNKLIB) $(WIN_LIBS) /out:$(LIB_DIROBJ)\$(TARGET)
+LNK = $(LNKLIB) /out:$(LIB_DIROBJ)\$(TARGET)
CURL_CC = $(CURL_CC) $(CFLAGS_LIBCURL_STATIC)
# AS_DLL
@@ -416,27 +481,7 @@ DIRDIST = ..\builds\$(CONFIG_NAME_LIB)\
#
CURL_LINK = link.exe /incremental:no /libpath:"$(DIRDIST)\lib"
-#!IF "$(CFG)" == "release-ssh2-ssl-dll-zlib"
-#TARGET = $(LIB_NAME_STATIC)
-#LNK = $(LNKLIB) $(WINLIBS) $(SSLLIBS) $(ZLIBLIBS) $(SSH2LIBS)
$(SSL_LFLAGS) $(ZLIB_LFLAGS) $(LFLAGSSSH) /out:$(LIB_DIROBJ)\$(TARGET)
-#CC = $(CCNODBG) $(RTLIB) $(SSL_CFLAGS) $(ZLIB_CFLAGS) $(CFLAGSLIB)
$(SSH2_CFLAGS)
-#CFGSET = TRUE
-#!ENDIF
-
-#######################
-# Only the clean target can be used if a config was not provided.
-#
-!IF "$(CFGSET)" == "FALSE"
-clean:
- @-erase /s *.dll 2> NUL
- @-erase /s *.exp 2> NUL
- @-erase /s *.idb 2> NUL
- @-erase /s *.lib 2> NUL
- @-erase /s *.obj 2> NUL
- @-erase /s *.pch 2> NUL
- @-erase /s *.pdb 2> NUL
- @-erase /s *.res 2> NUL
-!ELSE
+!IF "$(CFGSET)" != "FALSE"
# A mode was provided, so the library can be built.
#
!include CURL_OBJS.inc
@@ -472,7 +517,7 @@ $(TARGET): $(LIB_OBJS) $(LIB_DIROBJ) $(DISTDIR)
@echo GenPDB: $(GEN_PDB)
@echo Debug: $(DEBUG)
@echo Machine: $(MACHINE)
- $(LNK) $(LFLAGS) $(LIB_OBJS)
+ $(LNK) $(LIB_OBJS)
@echo Copying libs...
@if exist $(LIB_DIROBJ)\$(LIB_NAME_DLL) copy
$(LIB_DIROBJ)\$(LIB_NAME_DLL) $(DIRDIST)\bin\ /y >nul 2<&1
@if exist $(LIB_DIROBJ)\$(LIB_NAME_STATIC) copy
$(LIB_DIROBJ)\$(LIB_NAME_STATIC) $(DIRDIST)\lib\ /y >nul 2<&1
@@ -563,3 +608,17 @@ $(CURL_DIROBJ)\curl.res: $(CURL_SRC_DIR)\curl.rc
rc $(CURL_RC_FLAGS)
!ENDIF # End of case where a config was provided.
+
+clean:
+ @-erase /s *.dll 2> NUL
+ @-erase /s *.exp 2> NUL
+ @-erase /s *.idb 2> NUL
+ @-erase /s *.lib 2> NUL
+ @-erase /s *.obj 2> NUL
+ @-erase /s *.pch 2> NUL
+ @-erase /s *.pdb 2> NUL
+ @-erase /s *.res 2> NUL
+ @if exist $(LIB_DIROBJ) rd /s/q $(LIB_DIROBJ)
+ @if exist $(CURL_DIROBJ)rd /s/q $(CURL_DIROBJ)
+ @if exist $(DIRDIST) rd /s/q $(DIRDIST)
+
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] branch master updated (422f18ebe -> 97f0e8cf8),
gnunet <=
- [GNUnet-SVN] [gnurl] 01/178: FTP: fix typo in recursive callback detection for seeking, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 06/178: http2: fixes typo, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 17/178: ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 05/178: user-agent.d:: mention --proxy-header as well, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 07/178: RELEASE-NOTES: toward 7.60.0, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 02/178: SECURITY-PROCESS: mention how we write/add advisories, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 04/178: transfer: make HTTP without headers count correct body size, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 03/178: test1208: marked flaky, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 19/178: cmake: add support for brotli, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 16/178: resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES, gnunet, 2018/05/23