tests: make precheck for HTTP on 127.0.0.1 into a feature

It can now be required easily in <features> instead of having perl code
in a <precheck>.

Closes #15039

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so

tests: remove leading spaces from some tags

The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so
widespread in testcases is probably that they have been copy and pasted.

Hence, fixing them all now might curb this practice from now on.

Closes #12028

show more ...

tests: update cookie expiry dates to far in the future

This allows testing Y2038 with system time set to after that, so that
actual Y2038 issues can be exposed, and not masked by expiry

tests: update cookie expiry dates to far in the future

This allows testing Y2038 with system time set to after that, so that
actual Y2038 issues can be exposed, and not masked by expiry errors.

Fixes #11576
Closes #11610

show more ...

misc: fix spelling mistakes

Reported-by: musvaage on github
Fixes #11171
Closes #11172

tests: use %LOGDIR to refer to the log directory

This will allow it be set dynamically.

Ref: #10818

tests: add `cookies` features

These tests don't work with `--disable-cookies`.

Closes https://github.com/curl/curl/pull/10713

cookie: treat a blank domain in Set-Cookie: as non-existing

This matches what RFC 6265 section 5.2.3 says.

Extended test 31 to verify.

Fixes #9164
Reported-by: Gwen Sha

cookie: treat a blank domain in Set-Cookie: as non-existing

This matches what RFC 6265 section 5.2.3 says.

Extended test 31 to verify.

Fixes #9164
Reported-by: Gwen Shapira
Closes #9177

show more ...

http: consider cookies over localhost to be secure

Updated test31.
Added test 392 to verify secure cookies used for http://localhost

Reviewed-by: Daniel Gustafsson
Fixes #67

http: consider cookies over localhost to be secure

Updated test31.
Added test 392 to verify secure cookies used for http://localhost

Reviewed-by: Daniel Gustafsson
Fixes #6733
Closes #7263

show more ...

tests: use %TESTNUMBER instead of fixed number

This makes the tests easier to copy and relocate to other test numbers
without having to update content.

Closes #6738

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers

tests: fixup several tests

missing CRs and modified %hostip

lib556/test556: use a real HTTP version to make test reuse more convenient

make sure the weekday in Date headers matches the date

test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d)

Gets the test working with external proxies like Privoxy again.

Closes #6463

show more ...

tests: updated tests for Hyper

curl.se: new home

Closes #6172

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Close

runtests: provide curl's version string as %VERSION for tests

... so that we can check HTTP requests for User-Agent: curl/%VERSION

Update 600+ test cases accordingly.

Closes #6037

show more ...

tests: allow tests to pass by 2037-02-12

similar to commit f508d29f3902104018

Closes #3443

cookies: leave secure cookies alone

Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the sta

cookies: leave secure cookies alone

Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a

cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.

Closes #2524

show more ...

tests: made a couple of prechecks consistent with others

Also removed a TODO suggesting caching the precheck results. Tests
showed this would save about 0.1 sec on the total test run tim

tests: made a couple of prechecks consistent with others

Also removed a TODO suggesting caching the precheck results. Tests
showed this would save about 0.1 sec on the total test run time on a
relatively modern system, an unnoticeable gain at the cost of longer and
more complicated code. There would also be a danger that a cached test
result would be inappropriately returned, such as when other test
dependencies (like environment variables) are different or when the
precheck causes side effects (like filesystem changes).

show more ...

URLs: change all http:// URLs to https://

cookie: handle spaces after the name in Set-Cookie

"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.co

cookie: handle spaces after the name in Set-Cookie

"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.com/bagder/curl/issues/195
Reported-by: cromestant
Help-by: Frank Gevaerts

show more ...

cookies: only use full host matches for hosts used as IP address

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies,

cookies: only use full host matches for hosts used as IP address

By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html

show more ...

cookies: follow-up fix for path checking

The initial fix to only compare full path names were done in commit
04f52e9b4db0 but found out to be incomplete. This takes should make the
c

cookies: follow-up fix for path checking

The initial fix to only compare full path names were done in commit
04f52e9b4db0 but found out to be incomplete. This takes should make the
change more complete and there's now two additional tests to verify
(test 31 and 62).

show more ...

Add a HOSTIP precheck for tests 31 and 1105

They currently only work for 127.0.0.1 which
is hardcoded and can't be easily changed.

Use carriage returns in all headers in test 31

Trailing spaces were left unmodifed, assuming they were intentional.

cookies: change the URL in the cookie jar file header

cookie parser: handle 'secure='

There are two keywords in cookie headers that don't follow the regular
name=value style: secure and httponly. Still we must support that they
are writ

cookie parser: handle 'secure='

There are two keywords in cookie headers that don't follow the regular
name=value style: secure and httponly. Still we must support that they
are written like 'secure=' and then treat them as if they were written
'secure'. Test case 31 was much extended by Rob Ward to test this.

Bug: http://curl.haxx.se/bug/view.cgi?id=3349227
Reported by: "gnombat"

show more ...