- Nov 26, 2018
-
-
James Knight authored
When compiling a collection of SSL libraries to link against (SSL_LIBS), ensure all libraries are included. The call `--libs-only-l` can produce only a subset of found in a `--libs` call (e.x. pthread may be excluded). Adding `--libs-only-other` ensures other libraries are also included in the list. This corrects select build environments compiling against a static version of OpenSSL. Before the change, the following could be observed: checking for openssl options with pkg-config... found configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl " configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " checking for HMAC_Update in -lcrypto... no checking for HMAC_Init_ex in -lcrypto... no checking OpenSSL linking with -ldl... no checking OpenSSL linking with -ldl and -lpthread... no configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more. configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this. ... SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} ) ... And include the other libraries when compiling SSL_LIBS succeeds with: checking for openssl options with pkg-config... found configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread " configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " checking for HMAC_Update in -lcrypto... yes checking for SSL_connect in -lssl... yes ... SSL support: enabled (OpenSSL) ... Signed-off-by: James Knight <james.d.knight@live.com> Closes #3193
-
Daniel Gustafsson authored
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Daniel Gustafsson authored
The variable definition had a small typo making it declare another variable then the intended. Closes #3304 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
- Nov 25, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
curl_multi_wait() was erroneously used from within curl_easy_perform(). It could lead to it believing there was no socket to wait for and then instead sleep for a while instead of monitoring the socket and then miss acting on that activity as swiftly as it should (causing an up to 1000 ms delay). Reported-by: Antoni Villalonga Fixes #3305 Closes #3306 Closes #3308
-
- Nov 23, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Important for when the file is going to be read again and thus must not contain old contents! Adds test 327 to verify. Reported-by: daboul on github Fixes #3299 Closes #3300
-
Daniel Stenberg authored
-
Daniel Stenberg authored
The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
-
- Nov 22, 2018
-
-
Tobias Hintze authored
The tests 20 and 1322 are using getaddrinfo of libc for resolving. In eglibc-2.19 there is a memory leakage and invalid free bug which surfaces in some special circumstances (PF_UNSPEC hint with invalid or non-existent names). The valgrind runs in testing fail in these situations. As the tests 20/1322 are not specific on either protocol (IPv4/IPv6) this commit changes the hints to IPv4 protocol by passing `--ipv4` flag on the tests' command line. This prevents the valgrind failures.
-
Tobias Hintze authored
Delays stripping of trailing dots to after resolving the hostname. Fixes #3022 Closes #3222
-
- Nov 21, 2018
-
-
UnknownShadow200 authored
Closes #3295
-
Daniel Gustafsson authored
-
Michael Kaufmann authored
Session resumption information is not available immediately after a TLS 1.3 handshake. The client must wait until the server has sent a session ticket. Use OpenSSL's "new session" callback to get the session information and put it into curl's session cache. For TLS 1.3 sessions, this callback will be invoked after the server has sent a session ticket. The "new session" callback is invoked only if OpenSSL's session cache is enabled, so enable it and use the "external storage" mode which lets curl manage the contents of the session cache. A pointer to the connection data and the sockindex are now saved as "SSL extra data" to make them available to the callback. This approach also works for old SSL/TLS versions and old OpenSSL versions. Reviewed-by: Daniel Stenberg <daniel@haxx.se> Fixes #3202 Closes #3271
-
Michael Kaufmann authored
- ENGINE_cleanup() was used without including "openssl/engine.h" - enable engine support for OpenSSL 0.9.7 Closes #3266
-
Daniel Stenberg authored
Since we're close to feature freeze, this change disables this feature with an #ifdef. Define ALLOW_RENEG at build-time to enable. This could be converted to a bit for CURLOPT_SSL_OPTIONS to let applications opt-in this. Concern-raised-by: David Benjamin Fixes #3283 Closes #3293
-
- Nov 20, 2018
-
-
Romain Fliedel authored
When using c-ares for asyn dns, the dns socket fd was silently closed by c-ares without curl being aware. curl would then 'realize' the fd has been removed at next call of Curl_resolver_getsock, and only then notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with CURL_POLL_REMOVE. At this point the fd is already closed. By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this patch allows curl to be notified that the fd is not longer needed for neither for write nor read. At this point by calling Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE before the fd is actually closed by ares. In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore since it does not allow passing a different sock_state_cb_data Closes #3238
-
Romain Fliedel authored
-
pkubaj authored
lib/curl_ntlm.c had code that read as follows: #ifdef USE_OPENSSL # ifdef USE_OPENSSL # else # .. # endif #endif Remove the redundant USE_OPENSSL along with #else (it's not possible to reach it anyway). The removed construction is a leftover from when the SSLeay support was removed. Closes #3269 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
Han Han authored
Closes #3291
-
- Nov 19, 2018
-
-
Han Han authored
-
Han Han authored
-
Patrick Monnerat authored
-
Patrick Monnerat authored
-
Patrick Monnerat authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
The license for the impacket package was not in our tree. Imported now from upstream's https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE Reported-by: infinnovation-dev on github Fixes #3276 Closes #3277
-
- Nov 18, 2018
-
-
Daniel Gustafsson authored
The partial struct initialization in 397664a0 caused a warning on uninitialized MODULEENTRY32 struct members: /src/tool_doswin.c:681:3: warning: missing initializer for field 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}' [-Wmissing-field-initializers] This is sort of a bogus warning as the remaining members will be set to zero by the compiler, as all omitted members are. Nevertheless, remove the warning by omitting all members and setting the dwSize members explicitly. Closes #3254 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
-
- Nov 17, 2018
-
-
Daniel Gustafsson authored
Commit 709cf76f deprecated USE_SSLEAY, as curl since long isn't compatible with the SSLeay library. This removes the few leftovers that were omitted in the less frequently used platform targets. Closes #3270 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
- Nov 16, 2018
-
-
Elia Tufarolo authored
Fix HTTP POST using CURLAUTH_NEGOTIATE. Closes #3275
-
Daniel Stenberg authored
Brought-by: bobmitchell1956 on github Fixes #3278 Closes #3279
-
Peter Wu authored
The SSL_CTX_set_msg_callback callback is not just called for the Handshake or Alert protocols, but also for the raw record header (SSL3_RT_HEADER) and the decrypted inner record type (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid excess debug spam when using `curl -v` against a TLSv1.3-enabled server: * TLSv1.3 (IN), TLS app data, [no content] (0): (Following this message, another callback for the decrypted handshake/alert messages will be be present anyway.) Closes https://github.com/curl/curl/pull/3281
-
- Nov 15, 2018
-
-
Marc Hoersken authored
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer, but does not work together with SO_REUSEADDR being on. The default changes were made with stunnel 5.34 and 5.35.
-
- Nov 13, 2018
-
-
Kamil Dudka authored
Closes #3262
-
Daniel Stenberg authored
Fixes #3261
-
Daniel Gustafsson authored
Commit 5bfaa86c introduced a new compiler warning on Windows cross compilation with GCC. See below for an example of the warning from the autobuild logs (whitespace edited to fit): /src/tool_cb_wrt.c:175:9: warning: cast from function call of type 'intptr_t {aka long long int}' to non-matching type 'void *' [-Wbad-function-cast] (HANDLE) _get_osfhandle(fileno(outs->stream)), ^ Store the return value from _get_osfhandle() in an intermediate variable and cast the variable in WriteConsoleW() rather than the function call directly to avoid a compiler warning. In passing, also add inspection of the MultiByteToWideChar() return value and return failure in case an error is reported. Closes #3263 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> Reviewed-by: Viktor Szakats <commit@vszakats.net>
-
- Nov 12, 2018
-
-
Daniel Stenberg authored
-
- Nov 10, 2018
-
-
Daniel Stenberg authored
-
- Nov 09, 2018
-
-
Tim Rühsen authored
Curl_ftp_parselist: avoid unsigned integer overflows The overflow has no real world impact, just avoid it for "best practice". Closes #3225
-
Daniel Stenberg authored
The end port number in a given range was not included in the range used, as it is documented to be. Reported-by: infinnovation-dev on github Fixes #3251 Closes #3255
-