string formatting: fix 4 printf-style format strings

proxy: Support HTTPS proxy and SOCKS+HTTP(s)

* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is est

proxy: Support HTTPS proxy and SOCKS+HTTP(s)

* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

--proxy-cacert FILE CA certificate to verify peer against
--proxy-capath DIR CA directory to verify peer against
--proxy-cert CERT[:PASSWD] Client certificate file and password
--proxy-cert-type TYPE Certificate file type (DER/PEM/ENG)
--proxy-ciphers LIST SSL ciphers to use
--proxy-crlfile FILE Get a CRL list in PEM format from the file
--proxy-insecure Allow connections to proxies with bad certs
--proxy-key KEY Private key file name
--proxy-key-type TYPE Private key file type (DER/PEM/ENG)
--proxy-pass PASS Pass phrase for the private key
--proxy-ssl-allow-beast Allow security flaw to improve interop
--proxy-sslv2 Use SSLv2
--proxy-sslv3 Use SSLv3
--proxy-tlsv1 Use TLSv1
--proxy-tlsuser USER TLS username
--proxy-tlspassword STRING TLS password
--proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.

show more ...

strcasecompare: all case insensitive string compares ignore locale now

We had some confusions on when each function was used. We should not act
differently on different locales anyway.

internals: rename the SessionHandle struct to Curl_easy

connections: non-HTTP proxies on different ports aren't reused either

Reported-by: Oleg Pudeyev and fuchaoqun

Fixes #648

lib: include curl_printf.h as one of the last headers

curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((fo

lib: include curl_printf.h as one of the last headers

curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((format(printf, ...))) markers etc.

To avoid that they cause problems with system includes, we include
curl_printf.h after any system headers. That makes the three last
headers to always be, and we keep them in this order:

curl_printf.h
curl_memory.h
memdebug.h

None of them include system headers, they all do funny #defines.

Reported-by: David Benjamin

Fixes #743

show more ...

news: CURLOPT_CONNECT_TO and --connect-to

Makes curl connect to the given host+port instead of the host+port found
in the URL.

URLs: change all http:// URLs to https://

conncache: fixed memory leak on OOM (torture tests)

hostip: fix unintended destruction of hash table

.. and added unit1602 for hash.c

bundles: store no/default/pipeline/multiplex

to allow code to act differently on the situation.

Also added some more info message for the connection re-use function to
make it c

bundles: store no/default/pipeline/multiplex

to allow code to act differently on the situation.

Also added some more info message for the connection re-use function to
make it clearer when connections are not re-used.

show more ...

Curl_conncache_add_conn: fix memory leak on OOM

conncache: keep bundles on host+port bases, not only host names

Previously we counted all connections to a specific host name and that
would be used for the CURLMOPT_MAX_HOST_CONNECTIONS

conncache: keep bundles on host+port bases, not only host names

Previously we counted all connections to a specific host name and that
would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example,
while servers on different port numbers are normally considered
different "origins" on the web and should thus be considered different
hosts.

show more ...

bundles: merged into conncache.c

All the existing Curl_bundle* functions were only ever used from within
the conncache.c file, so I moved them over and made them static (and
removed

bundles: merged into conncache.c

All the existing Curl_bundle* functions were only ever used from within
the conncache.c file, so I moved them over and made them static (and
removed the Curl_ prefix).

show more ...

connection cache: avoid Curl_hash_alloc()

... by using plain structs instead of pointers for the connection cache,
we can avoid several dynamic allocations that weren't necessary.

proxy: re-use proxy connections (regression)

When checking for a connection to re-use, a proxy-using request must
check for and use a proxy connection and not one based on the host
n

proxy: re-use proxy connections (regression)

When checking for a connection to re-use, a proxy-using request must
check for and use a proxy connection and not one based on the host
name!

Added test 1421 to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1492

show more ...

conncache: Fixed specifiers in infof() for long and size_t variables

debug: added new connection cache output, plus fixups

Debug output 'typo' fix.

Don't print an extra "0x" in
* Pipe broke: handle 0x0x2546d88, url = /

Add debug output

debug: added new connection cache output, plus fixups

Debug output 'typo' fix.

Don't print an extra "0x" in
* Pipe broke: handle 0x0x2546d88, url = /

Add debug output.
Print the number of connections in the connection cache when
adding one, and not only when one is removed.

Fix typos in comments.

show more ...

code cleanup: we prefer 'CURLcode result'

... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

code cleanup: we prefer 'CURLcode result'

... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

Also, unify code for checking for CURLcode errors with:

if(result) or if(!result)

instead of

if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)

show more ...

cleanups: reduce variable scope

cppcheck pointed these out.

create_conn: prune dead connections

Bringing back the old functionality that was mistakenly removed when the
connection cache was remade. When creating a new connection, all the
exis

create_conn: prune dead connections

Bringing back the old functionality that was mistakenly removed when the
connection cache was remade. When creating a new connection, all the
existing ones are checked and those that are known to be dead get
disconnected for real and removed from the connection cache. It helps
the cache from holding on to very many stale connections and aids in
keeping down the number of system sockets in wait states.

Help-by: Jonatan Vela <jonatan.vela@ergon.ch>

Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html

show more ...

conncache: move the connection counter to the cache struct

The static connection counter caused a race condition. Moving the
connection id counter into conncache solves it, as well as si

conncache: move the connection counter to the cache struct

The static connection counter caused a race condition. Moving the
connection id counter into conncache solves it, as well as simplifying
the related logic.

show more ...

Updated copyright year for recent changes

conncache.c: fix possible dereference of null pointer

curl_easy_init: use less mallocs

By introducing an internal alternative to curl_multi_init() that accepts
parameters to set the hash sizes, easy handles will now use tiny socket
and

curl_easy_init: use less mallocs

By introducing an internal alternative to curl_multi_init() that accepts
parameters to set the hash sizes, easy handles will now use tiny socket
and connection hash tables since it will only ever add a single easy
handle to that multi handle.

This decreased the number mallocs in test 40 (which is a rather simple
and typical easy interface use case) from 1142 to 138. The maximum
amount of memory allocated used went down from 118969 to 78805.

show more ...