strerror: Preserve Windows error code in some functions

This is a follow-up to af02162 which removed (SET_)ERRNO macros. That
commit was an earlier draft that I committed by mistake, whi

strerror: Preserve Windows error code in some functions

This is a follow-up to af02162 which removed (SET_)ERRNO macros. That
commit was an earlier draft that I committed by mistake, which was then
remedied by a5834e5 and e909de6, and now this commit. With this commit
there is now no difference between the current code and the changes that
were approved in the final draft.

Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem
Ref: https://github.com/curl/curl/pull/1589

show more ...

errno: fix non-windows builds after af0216251b94e7

curl_setup_once: Remove ERRNO/SET_ERRNO macros

Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.

I reviewed the code an

curl_setup_once: Remove ERRNO/SET_ERRNO macros

Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.

I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.

Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589

show more ...

checksrc: warn for assignments within if() expressions

... they're already frowned upon in our source code style guide, this
now enforces the rule harder.

checksrc: stricter no-space-before-paren enforcement

In order to make the code style more uniform everywhere

idn: switch to libidn2 use and IDNA2008 support

CVE-2016-8625

Bug: https://curl.haxx.se/docs/adv_20161102K.html
Reported-by: Christian Heimes

s/cURL/curl

The tool was never called cURL, only the project. But even so, we have
more and more over time switched to just use lower case.

errors: new alias CURLE_WEIRD_SERVER_REPLY (8)

Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP

errors: new alias CURLE_WEIRD_SERVER_REPLY (8)

Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as
more of a generic "failed to parse" introduce an alias without FTP in
the name.

Closes https://github.com/curl/curl/pull/975

show more ...

lib: include curl_printf.h as one of the last headers

curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((fo

lib: include curl_printf.h as one of the last headers

curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((format(printf, ...))) markers etc.

To avoid that they cause problems with system includes, we include
curl_printf.h after any system headers. That makes the three last
headers to always be, and we keep them in this order:

curl_printf.h
curl_memory.h
memdebug.h

None of them include system headers, they all do funny #defines.

Reported-by: David Benjamin

Fixes #743

show more ...

http2: Add handling stream level error

Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped. This is
undesirabl

http2: Add handling stream level error

Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped. This is
undesirable since there may be other streams multiplexed and they are
very much fine. This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open. The existing
CURLE_HTTP2 means connection error in general.

Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663

show more ...

strerror: don't bit shift a signed integer

Bug: https://github.com/curl/curl/issues/744
Reported-by: Alexis La Goutte

URLs: change all http:// URLs to https://

curl_sspi: fix possibly undefined CRYPT_E_REVOKED

Bug: https://github.com/bagder/curl/pull/411
Reported-by: Viktor Szakats

strerror: Add CRYPT_E_REVOKED to SSPI error strings

strerror: Change SEC_E_ILLEGAL_MESSAGE description

Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS
and language specific, and invariably translated to something not

strerror: Change SEC_E_ILLEGAL_MESSAGE description

Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS
and language specific, and invariably translated to something not very
helpful like: "The message received was unexpected or badly formatted."

Bug: https://github.com/bagder/curl/issues/267
Reported-by: Michael Osipov

show more ...

checksrc: use space after comma

mprintf.h: remove #ifdef CURLDEBUG

... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.

url: add CURLOPT_SSL_VERIFYSTATUS option

This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066

url: add CURLOPT_SSL_VERIFYSTATUS option

This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.

show more ...

code cleanup: we prefer 'CURLcode result'

... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

code cleanup: we prefer 'CURLcode result'

... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

Also, unify code for checking for CURLcode errors with:

if(result) or if(!result)

instead of

if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)

show more ...

Factorize pinned public key code into generic file handling and backend specific

SSL: implement public key pinning

Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Prov

SSL: implement public key pinning

Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der

show more ...

http2: more and better error checking

1 - fixes the warnings when built without http2 support

2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically whe

http2: more and better error checking

1 - fixes the warnings when built without http2 support

2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.

show more ...

strerror: fix comment about vxworks' strerror_r buffer size

Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek

CURLM_ADDED_ALREADY: new error code

Doing curl_multi_add_handle() on an easy handle that is already added to
a multi handle now returns this error code. It previously returned
CURLM_

CURLM_ADDED_ALREADY: new error code

Doing curl_multi_add_handle() on an easy handle that is already added to
a multi handle now returns this error code. It previously returned
CURLM_BAD_EASY_HANDLE for this condition.

show more ...

Multiple pipelines and limiting the number of connections.

Introducing a number of options to the multi interface that
allows for multiple pipelines to the same host, in order to
opt

Multiple pipelines and limiting the number of connections.

Introducing a number of options to the multi interface that
allows for multiple pipelines to the same host, in order to
optimize the balance between the penalty for opening new
connections and the potential pipelining latency.

Two new options for limiting the number of connections:

CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
to the same host. When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished, so we can reuse the connection.

CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished. The free connection will then be reused, if possible, or
closed if the pending handle can't reuse it.

Several new options for pipelining:

CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
pipeline is "full" when a connection is to be reused, a new connection
will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
If not, the handle will be put in a pending state until a connection is
ready (either free or a pipe got shorter).

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a transfer with a content
length that is larger than this.

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a chunk larger than this.

CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
pipelining.

CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
pipelining.

See the curl_multi_setopt() man page for details.

show more ...