| 155551c4 | 28-May-2020 |
Daniel Stenberg |
urldata: fix comments: Curl_done() is called multi_done() now
... since 575e885db |
| 697f984e | 03-May-2020 |
Peter Wu |
ngtcp2: use common key log routine for better thread-safety
Tested with ngtcp2 built against the OpenSSL library. Additionally
tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QU
ngtcp2: use common key log routine for better thread-safety
Tested with ngtcp2 built against the OpenSSL library. Additionally
tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC).
The TLS backend (independent of QUIC) may or may not already have opened
the keylog file before. Therefore Curl_tls_keylog_open is always called
to ensure the file is open.
show more ...
|
| 7be7c56b | 03-May-2020 |
Peter Wu |
wolfssl: add SSLKEYLOGFILE support
Tested following the same curl and tshark commands as in commit
"vtls: Extract and simplify key log file handling from OpenSSL" using
WolfSSL v4.4.
wolfssl: add SSLKEYLOGFILE support
Tested following the same curl and tshark commands as in commit
"vtls: Extract and simplify key log file handling from OpenSSL" using
WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with
`./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`.
Full support for this feature requires certain wolfSSL build options,
see "Availability note" in lib/vtls/wolfssl.c for details.
Closes #5327
show more ...
|
| 6011a986 | 03-May-2020 |
Peter Wu |
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
show more ...
|
| d528d975 | 27-May-2020 |
Daniel Stenberg |
FILEFORMAT: add more features that tests can depend on |
| 3d44bfb0 | 21-May-2020 |
Michael Kaufmann |
transfer: close connection after excess data has been read
For HTTP 1.x, it's a protocol error when the server sends more bytes
than announced. If this happens, don't reuse the connectio
transfer: close connection after excess data has been read
For HTTP 1.x, it's a protocol error when the server sends more bytes
than announced. If this happens, don't reuse the connection, because the
start position of the next response is undefined.
Closes #5440
show more ...
|
| 18e63b16 | 26-May-2020 |
Estanislau Augé-Pujadas |
Revert "ssh: ignore timeouts during disconnect"
This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in
curl 7.54.1.
Bug: https://curl.haxx.se/mail/lib-2020-05/
Revert "ssh: ignore timeouts during disconnect"
This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in
curl 7.54.1.
Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html
Closes #5465
show more ...
|
| 7414fb25 | 26-May-2020 |
Daniel Stenberg |
urldata: connect related booleans live in struct ConnectBits
And remove a few unused booleans!
Closes #5461 |
| 67d2802d | 26-May-2020 |
Daniel Stenberg |
hostip: on macOS avoid DoH when given a numerical IP address
When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that
numerical IP addresses still need to get "resolved" - but no
hostip: on macOS avoid DoH when given a numerical IP address
When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that
numerical IP addresses still need to get "resolved" - but not with DoH.
Reported-by: Viktor Szakats
Fixes #5454
Closes #5459
show more ...
|
| 96a822f6 | 25-May-2020 |
Daniel Stenberg |
ngtcp2: cleanup memory when failing to connect
Reported-by: Peter Wu
Fixes #5447 (the ngtcp2 side of it)
Closes #5451 |
| 3ff207f7 | 25-May-2020 |
Daniel Stenberg |
quiche: clean up memory properly when failing to connect
Addresses the quiche side of #5447
Reported-by: Peter Wu
Closes #5450 |
| d23cc224 | 26-May-2020 |
Daniel Stenberg |
cleanup: use a single space after equals sign in assignments |
| ad829b21 | 25-May-2020 |
Daniel Stenberg |
url: accept "any length" credentials for proxy auth
They're only limited to the maximum string input restrictions, not to
256 bytes.
Added test 1178 to verify
Reported-
url: accept "any length" credentials for proxy auth
They're only limited to the maximum string input restrictions, not to
256 bytes.
Added test 1178 to verify
Reported-by: Will Roberts
Fixes #5448
Closes #5449
show more ...
|
| 96f52abf | 25-May-2020 |
Maksim Stsepanenka |
test1167: fixes in badsymbols.pl
Closes #5442 |
| d844f2b9 | 25-May-2020 |
Daniel Stenberg |
altsvc: fix parser for lines ending with CRLF
Fixed the alt-svc parser to treat a newline as end of line.
The unit tests in test 1654 were done without CRLF and thus didn't quite
altsvc: fix parser for lines ending with CRLF
Fixed the alt-svc parser to treat a newline as end of line.
The unit tests in test 1654 were done without CRLF and thus didn't quite
match the real world. Now they use CRLF as well.
Reported-by: Peter Wu
Assisted-by: Peter Wu
Assisted-by: Jay Satiro
Fixes #5445
Closes #5446
show more ...
|
| 308c243d | 25-May-2020 |
Viktor Szakats |
all: fix codespell errors
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes https://github.com/curl/curl/pull/5452 |
| 54d12228 | 23-May-2020 |
Peter Wu |
ngtcp2: fix build with current ngtcp2 master implementing draft 28
Based on client.cc changes from ngtcp2. Tested with current git master,
ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff
ngtcp2: fix build with current ngtcp2 master implementing draft 28
Based on client.cc changes from ngtcp2. Tested with current git master,
ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff479d4380.
Fixes #5444
Closes #5443
show more ...
|
| 82a33efb | 25-May-2020 |
Daniel Stenberg |
RELEASE-NOTES: synced
moved the new setopts up to a "change" |
| b955250b | 25-May-2020 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| d75e6ce8 | 23-May-2020 |
Daniel Stenberg |
copyright: updated year ranges out of sync
... and whitelisted a few more files in the the copyright.pl script. |
| 7f406334 | 19-May-2020 |
Gilles Vollant |
setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
Closes #5431 |
| 006d2991 | 20-May-2020 |
Daniel Stenberg |
curl: remove -J "informational" written on stdout
curl would previously show "curl: Saved to filename 'name from header'"
if -J was used and a name was picked from the Content-Dispositio
curl: remove -J "informational" written on stdout
curl would previously show "curl: Saved to filename 'name from header'"
if -J was used and a name was picked from the Content-Disposition
header. That output could interfer with other stdout output, such as -w.
This commit removes that output line.
Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html
Reported-by: Коваленко Анатолий Викторович
Closes #5435
show more ...
|
| 421171a8 | 10-May-2020 |
Peter Wu |
travis: simplify quiche build instructions wrt boringssl
quiche builds boringssl as static library, reuse that instead of
building another shared library.
Closes #5438 |
| 06e266e0 | 20-May-2020 |
Peter Wu |
configure: fix pthread check with static boringssl
A shared boringssl/OpenSSL library requires -lcrypto only for linking.
A static build additionally requires `-ldl -lpthread`. In the la
configure: fix pthread check with static boringssl
A shared boringssl/OpenSSL library requires -lcrypto only for linking.
A static build additionally requires `-ldl -lpthread`. In the latter
case `-lpthread` is added to LIBS which prevented `-pthread` from being
added to CFLAGS. Clear LIBS to fix linking failures for libtest tests.
show more ...
|
| f6c6a159 | 21-May-2020 |
Daniel Stenberg |
Revert "sendf: make failf() use the mvsnprintf() return code"
This reverts commit 74623551f306990e70c7c5515b88972005604a74.
Instead mark the function call with (void). Getting the r
Revert "sendf: make failf() use the mvsnprintf() return code"
This reverts commit 74623551f306990e70c7c5515b88972005604a74.
Instead mark the function call with (void). Getting the return code and
using it instead triggered Coverity warning CID 1463596 because
snprintf() can return a negative value...
Closes #5441
show more ...
|
