| #
08872971 |
| 13-May-2024 |
Viktor Szakats |
lib/v*: tidy up types and casts
Also add a couple of negative checks.
Cherry-picked from #13489
Closes #13622
|
| #
eacec9a3 |
| 02-Jun-2024 |
Bo Anderson |
x509asn1: add some common ECDSA OIDs
Closes #13857
|
| #
9aa1d412 |
| 02-Jun-2024 |
Bo Anderson |
x509asn1: fallback to dotted OID representation
Reported-by: Luke Hamburg
Fixes #13845
Closes #13858
|
| #
13ca4386 |
| 17-May-2024 |
Daniel Stenberg |
x509asn1: return error on missing OID
to avoid crash when dereferencing a NULL pointer.
Reported-by: Trzik on github
Patch-by: Trzik on github
Fixes #13684
Closes #13685
|
| #
623c3a8f |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: switch from malloc to dynbuf
Closes #12808
|
| #
cd48e8f8 |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: make utf8asn1str() use dynbuf instead of malloc + memcpy
Closes #12808
|
| #
98b41dd4 |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: reduce malloc in Curl_extract_certinfo
Using dynbuf
Closes #12808
|
| #
641257ea |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: remove code for WANT_VERIFYHOST
No code ever sets this anymore since we dropped gskit
Follow-up to 78d6232f1f326b9ab4d
Closes #12804
|
| #
3829759b |
| 08-Dec-2023 |
Viktor Szakats |
build: enable missing OpenSSF-recommended warnings, with fixes
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1]
build: enable missing OpenSSF-recommended warnings, with fixes
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].
Enable new recommended warnings (except `-Wsign-conversion`):
- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
printf arguments with it. This is a copy of existing
`CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
with redefinting the `printf` symbol:
https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
checks. Previously it was always disabled due to the internal `printf`
macro.
Fix them:
- fix bug where an `set_ipv6_v6only()` call was missed in builds with
`--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.
[1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md
Closes #12489
show more ...
|
| #
fa714830 |
| 17-Nov-2023 |
Stefan Eissing |
vtls/vquic, keep peer name information together
- add `struct ssl_peer` to keep hostname, dispname and sni
for a filter
- allocate `sni` for use in VTLS backend
- eliminate `Cu
vtls/vquic, keep peer name information together
- add `struct ssl_peer` to keep hostname, dispname and sni
for a filter
- allocate `sni` for use in VTLS backend
- eliminate `Curl_ssl_snihost()` and its use of the download buffer
- use ssl_peer in SSL and QUIC filters
Closes #12349
show more ...
|
| #
78d6232f |
| 07-Aug-2023 |
Daniel Stenberg |
gskit: remove
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
gskit: remove
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features
making it an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"
This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.
It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.
Closes #11460
show more ...
|
| #
367a66b1 |
| 02-Aug-2023 |
Daniel Stenberg |
lib: fix a few *printf() flag mistakes
Reported-by: Gisle Vanem
Ref: #11574
Closes #11579
|
| #
7c8bae0d |
| 29-Jul-2023 |
Daniel Stenberg |
nss: remove support for this TLS library
Closes #11459
|
| #
8e85764b |
| 22-May-2023 |
Daniel Stenberg |
lib: remove unused functions, make single-use static
Closes #11174
|
| #
127eb0d8 |
| 21-May-2023 |
Daniel Stenberg |
misc: fix spelling mistakes
Reported-by: musvaage on github
Fixes #11171
Closes #11172
|
| #
6466071e |
| 06-Mar-2023 |
Daniel Stenberg |
x509asn1: use plain %x, not %lx, when the arg is an int
Pointed out by Coverity.
Closes #10689
|
| #
22eec780 |
| 26-Feb-2023 |
Daniel Stenberg |
x509asn1.c: use correct format specifier for infof() call
Detected by Coverity
Closes #10614
|
| #
1f693e0a |
| 05-Jan-2023 |
Jon Rumsey |
x509asn1: fix compile errors and warnings
Various small issues when built for GSKit
Closes #10238
|
| #
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- save
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
checksrc is updated to allow non-year using copyright statements
Closes #10205
show more ...
|
| #
4fc77377 |
| 02-Jan-2023 |
Daniel Stenberg |
Revert "x509asn1: avoid freeing unallocated pointers"
This reverts commit 6b19247e794cfdf4ec63c5880d8f4f5485f653ab.
Fixes #10163
Closes #10207
|
| #
57d2d9b6 |
| 13-Dec-2022 |
Daniel Stenberg |
lib: use size_t or int etc instead of longs
Since long is not using a consistent data size in curl builds, making it
often "waste" 32 bits.
Closes #10088
|
| #
6b19247e |
| 14-Dec-2022 |
Daniel Gustafsson |
x509asn1: avoid freeing unallocated pointers
When utf8asn1str fails there is no allocation returned, so freeing
the return pointer in **to is at best a no-op and at worst a double-
f
x509asn1: avoid freeing unallocated pointers
When utf8asn1str fails there is no allocation returned, so freeing
the return pointer in **to is at best a no-op and at worst a double-
free bug waiting to happen. The current coding isn't hiding any such
bugs but to future proof, avoid freeing the return value pointer iff
the function failed.
Closes: #10087
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
| #
af22c2a5 |
| 22-Nov-2022 |
Stefan Eissing |
vtls: localization of state data in filters
- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct co
vtls: localization of state data in filters
- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct connectdata and made internal
to vtls
- ssl_connect_data is allocated in the added filter, kept at cf->ctx
- added function to let a ssl filter access its ssl_primary_config and
ssl_config_data this selects the propert subfields in conn and data,
for filters added as plain or proxy
- adjusted all backends to use the changed api
- adjusted all backends to access config data via the exposed
functions, no longer using conn or data directly
cfilter renames for clear purpose:
- methods `Curl_conn_*(data, conn, sockindex)` work on the complete
filter chain at `sockindex` and connection `conn`.
- methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter
instance.
- methods `Curl_conn_cf()` work on/with filter instances at a
connection.
- rebased and resolved some naming conflicts
- hostname validation (und session lookup) on SECONDARY use the same
name as on FIRST (again).
new debug macros and removing connectdata from function signatures where not
needed.
adapting schannel for new Curl_read_plain paramter.
Closes #9919
show more ...
|
| #
8dd95da3 |
| 05-Sep-2022 |
Daniel Stenberg |
ctype: remove all use of <ctype.h>, use our own versions
Except in the test servers.
Closes #9433
|
| #
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.
This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.
Closes #8869
show more ...
|
