Skip to content
  1. Dec 08, 2018
    • Johannes Schindelin's avatar
      Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 · d997aa0e
      Johannes Schindelin authored
      This is a companion patch to cbea2fd2
      
       (NTLM: force the connection to
      HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
      preemptively. However, with other (Negotiate) authentication it is not
      clear to this developer whether there is a way to make it work with
      HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
      error HTTP_1_1_REQUIRED.
      
      Note: we will still keep the NTLM workaround, as it avoids an extra
      round trip.
      
      Daniel Stenberg helped a lot with this patch, in particular by
      suggesting to introduce the Curl_h2_http_1_1_error() function.
      
      Closes #3349
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      d997aa0e
  2. Dec 07, 2018
  3. Dec 06, 2018
  4. Dec 05, 2018
  5. Dec 03, 2018
    • Daniel Gustafsson's avatar
      travis: enable COPYRIGHTYEAR extended warning · f7bdf4b2
      Daniel Gustafsson authored
      The extended warning for checking incorrect COPYRIGHTYEAR is quite
      expensive to run, so rather than expecting every developer to do it
      we ensure it's turned on locally for Travis.
      f7bdf4b2
    • Daniel Gustafsson's avatar
      checksrc: add COPYRIGHTYEAR check · 63817089
      Daniel Gustafsson authored
      
      
      Forgetting to bump the year in the copyright clause when hacking has
      been quite common among curl developers, but a traditional checksrc
      check isn't a good fit as it would penalize anyone hacking on January
      1st (among other things). This adds a more selective COPYRIGHTYEAR
      check which intends to only cover the currently hacked on changeset.
      
      The check for updated copyright year is currently not enforced on all
      files but only on files edited and/or committed locally. This is due to
      the amount of files which aren't updated with their correct copyright
      year at the time of their respective commit.
      
      To further avoid running this expensive check for every developer, it
      adds a new local override mode for checksrc where a .checksrc file can
      be used to turn on extended warnings locally.
      
      Closes #3303
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      63817089
    • Daniel Stenberg's avatar
      CHECKSRC.md: document more warnings · 847b1302
      Daniel Stenberg authored
      Closes #3335
      [ci skip]
      847b1302
  6. Nov 30, 2018
  7. Nov 29, 2018
  8. Nov 28, 2018
  9. Nov 26, 2018
    • James Knight's avatar
      configure: include all libraries in ssl-libs fetch · 0fac7a10
      James Knight authored
      
      
      When compiling a collection of SSL libraries to link against (SSL_LIBS),
      ensure all libraries are included. The call `--libs-only-l` can produce
      only a subset of found in a `--libs` call (e.x. pthread may be excluded).
      Adding `--libs-only-other` ensures other libraries are also included in
      the list. This corrects select build environments compiling against a
      static version of OpenSSL. Before the change, the following could be
      observed:
      
          checking for openssl options with pkg-config... found
          configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
          configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
          configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
          checking for HMAC_Update in -lcrypto... no
          checking for HMAC_Init_ex in -lcrypto... no
          checking OpenSSL linking with -ldl... no
          checking OpenSSL linking with -ldl and -lpthread... no
          configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
          configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
          ...
          SSL support:      no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
          ...
      
      And include the other libraries when compiling SSL_LIBS succeeds with:
      
          checking for openssl options with pkg-config... found
          configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
          configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
          configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
          checking for HMAC_Update in -lcrypto... yes
          checking for SSL_connect in -lssl... yes
          ...
          SSL support:      enabled (OpenSSL)
          ...
      
      Signed-off-by: default avatarJames Knight <james.d.knight@live.com>
      Closes #3193
      0fac7a10
    • Daniel Gustafsson's avatar
      doh: fix typo in infof call · fd104955
      Daniel Gustafsson authored
      
      
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      fd104955
    • Daniel Gustafsson's avatar
      cmdline-opts/gen.pl: define the correct varname · 8802ad96
      Daniel Gustafsson authored
      
      
      The variable definition had a small typo making it declare another
      variable then the intended.
      
      Closes #3304
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      8802ad96
  10. Nov 25, 2018
    • Daniel Stenberg's avatar
      RELEASE-NOTES: synced · 27a5e1f1
      Daniel Stenberg authored
      27a5e1f1
    • Daniel Stenberg's avatar
      curl_easy_perform: fix timeout handling · 34fe0e16
      Daniel Stenberg authored
      curl_multi_wait() was erroneously used from within
      curl_easy_perform(). It could lead to it believing there was no socket
      to wait for and then instead sleep for a while instead of monitoring the
      socket and then miss acting on that activity as swiftly as it should
      (causing an up to 1000 ms delay).
      
      Reported-by: Antoni Villalonga
      Fixes #3305
      Closes #3306
      Closes #3308
      34fe0e16
  11. Nov 23, 2018
  12. Nov 22, 2018
    • Tobias Hintze's avatar
      test: update test20/1322 for eglibc bug workaround · 9944d6ba
      Tobias Hintze authored
      The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
      eglibc-2.19 there is a memory leakage and invalid free bug which
      surfaces in some special circumstances (PF_UNSPEC hint with invalid or
      non-existent names). The valgrind runs in testing fail in these
      situations.
      
      As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
      this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
      on the tests' command line.  This prevents the valgrind failures.
      9944d6ba
    • Tobias Hintze's avatar
      host names: allow trailing dot in name resolve, then strip it · 5b4cce2e
      Tobias Hintze authored
      Delays stripping of trailing dots to after resolving the hostname.
      
      Fixes #3022
      Closes #3222
      5b4cce2e
  13. Nov 21, 2018
    • UnknownShadow200's avatar
    • Daniel Gustafsson's avatar
      configure: Fix typo in comment · 2fcc4367
      Daniel Gustafsson authored
      2fcc4367
    • Michael Kaufmann's avatar
      openssl: support session resume with TLS 1.3 · 549310e9
      Michael Kaufmann authored
      
      
      Session resumption information is not available immediately after a TLS 1.3
      handshake. The client must wait until the server has sent a session ticket.
      
      Use OpenSSL's "new session" callback to get the session information and put it
      into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
      after the server has sent a session ticket.
      
      The "new session" callback is invoked only if OpenSSL's session cache is
      enabled, so enable it and use the "external storage" mode which lets curl manage
      the contents of the session cache.
      
      A pointer to the connection data and the sockindex are now saved as "SSL extra
      data" to make them available to the callback.
      
      This approach also works for old SSL/TLS versions and old OpenSSL versions.
      
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      
      Fixes #3202
      Closes #3271
      549310e9
    • Michael Kaufmann's avatar
      ssl: fix compilation with OpenSSL 0.9.7 · 30a65381
      Michael Kaufmann authored
      - ENGINE_cleanup() was used without including "openssl/engine.h"
      - enable engine support for OpenSSL 0.9.7
      
      Closes #3266
      30a65381
    • Daniel Stenberg's avatar
      openssl: disable TLS renegotiation with BoringSSL · 59311bd3
      Daniel Stenberg authored
      Since we're close to feature freeze, this change disables this feature
      with an #ifdef. Define ALLOW_RENEG at build-time to enable.
      
      This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
      applications opt-in this.
      
      Concern-raised-by: David Benjamin
      Fixes #3283
      Closes #3293
      59311bd3