| 0fb4e592 | 19-Aug-2024 |
Viktor Szakats |
tidy-up: adjust casing of project names (continued)
Replace remaining `LibSSH2` with `libssh2`.
Follow-up to 6343034dd12fabfa88c998eb1182cbc6394afe25 #14160
Closes #14602 |
| a5598b6f | 19-Aug-2024 |
Daniel Stenberg |
pingpong: drain the input buffer when reading responses
As the data might be held by TLS buffers, leaving some and expecting to
get called again is error prone.
Reported-by: ral
pingpong: drain the input buffer when reading responses
As the data might be held by TLS buffers, leaving some and expecting to
get called again is error prone.
Reported-by: ralfjunker on github
Fixes #14201
Closes #14597
show more ...
|
| ca882351 | 19-Aug-2024 |
Daniel Stenberg |
KNOWN_BUGS: Heimdal memory leaks
Closes #14446
Closes #14604 |
| 145f87b9 | 19-Aug-2024 |
Daniel Stenberg |
build: use -Wno-format-overflow
-Wformat-overflow is not a warning that we want enabled as it does not
help us. It can only bring us false positives since it warns on bad uses
of spr
build: use -Wno-format-overflow
-Wformat-overflow is not a warning that we want enabled as it does not
help us. It can only bring us false positives since it warns on bad uses
of sprintf and vsprintf ("that might overflow the destination buffer").
Two functions we explicitly ban in curl code.
The only way this flag triggers warnings in curl code is false positives
for functions we have marked with the CURL_PRINTF() macro.
Further: it seems -Wformat-trunaction option might in turn also enable
-Wformat-overflow, so if this second option is used, we need to
explicitly set -Wno-format-overflow - not just skip setting
-Wformat-overflow.
Reported-by: Viktor Szakats
Fixes #14168
Closes #14598
show more ...
|
| c2e814f8 | 14-Aug-2024 |
Viktor Szakats |
cmake/FindNettle: log message when found via `pkg-config`
The message mimics the CMake-native message (by
`find_package_handle_standard_args()`), with the header path and version number.
cmake/FindNettle: log message when found via `pkg-config`
The message mimics the CMake-native message (by
`find_package_handle_standard_args()`), with the header path and version number.
Closes #14596
show more ...
|
| 9fc2d7b8 | 19-Aug-2024 |
Viktor Szakats |
cmake: adjust GSSAPI option description
krb5 also builds with CMake, not only Heimdal.
Ref: 558814e16d84aa202c5ccc0c8108a9d728e77a58
Closes #14595 |
| 12399737 | 19-Aug-2024 |
Viktor Szakats |
CI/azure: disable parallel tests, allow IDN tests
They started show the similar flakiness as the GHA ones after enabling
parallel tests (`-j2`) by default.
Example flaky run:
CI/azure: disable parallel tests, allow IDN tests
They started show the similar flakiness as the GHA ones after enabling
parallel tests (`-j2`) by default.
Example flaky run:
https://dev.azure.com/daniel0244/curl/_build/results?buildId=24763&view=results
Ubuntu:
```
FAIL 137: 'FTP download without size in RETR string' FTP, RETR, --data-binary
FAIL 336: 'FTP range download when SIZE doesn't work' FTP, PASV, TYPE A, RETR
FAIL 975: 'HTTP with auth redirected to FTP allowing auth to continue' HTTP, FTP, --location-trusted
FAIL 1378: 'FTP DL, file without Content-Disposition inside, using -o fname' FTP, RETR
```
MSYS2 mingw32:
```
FAIL 1501: 'FTP with multi interface and slow LIST response' FTP, RETR, multi, LIST, DELAY
```
MSYS2 mingw64:
```
FAIL 1501: 'FTP with multi interface and slow LIST response' FTP, RETR, multi, LIST, DELAY
```
Follow-up to 0324d557e4b4f754ea89636ea9164065f6446560 #11510
Closes #14593
show more ...
|
| 47849be5 | 17-Aug-2024 |
Viktor Szakats |
cmake/FindNettle: skip `pkg-config` for custom configs
If either `NETTLE_INCLUDE_DIR` or `NETTLE_LIBRARY` is set to customize
the `nettle` dependency, skip `pkg-config` and use the CMake
cmake/FindNettle: skip `pkg-config` for custom configs
If either `NETTLE_INCLUDE_DIR` or `NETTLE_LIBRARY` is set to customize
the `nettle` dependency, skip `pkg-config` and use the CMake-native
detection to honor these custom settings.
Closes #14584
show more ...
|
| 5b2a659e | 19-Aug-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
mbedtls: fix setting tls version
TLS max values lower than 1.2 were automatically set to 1.2. Other SSL
backends (that dropped TLS 1.0 and 1.1) do not do that.
Closes #14588 |
| ff94698d | 19-Aug-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
wolfssl: fix setting tls version
The value CURL_SSLVERSION_TLSv1_0 was unsupported.
Closes #14587 |
| 38fa458e | 19-Aug-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
rustls: fix setting tls version
The value CURL_SSLVERSION_TLSv1_0 was unsupported.
Closes #14586 |
| 7a7c7a89 | 19-Aug-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
bearssl: fix setting tls version
Previously version_max was ignored.
Closes #14585 |
| 73f62aca | 18-Aug-2024 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| dcf5a538 | 18-Aug-2024 |
Viktor Szakats |
cmake: fix `cmakelint` warnings
- keep line lengths below 132 characters.
- fix two "weird indentation" warnings.
Reported-by: Dan Fandrich
Bug: #14580
Closes #14583 |
| 3e60f174 | 17-Aug-2024 |
Viktor Szakats |
cmake: tidy up more in Find modules
- add `NAMES` where missing.
- document input variables (including deprecated ones.)
- comment cleanups.
- FindWolfSSL: drop stray `QUIET` fro
cmake: tidy up more in Find modules
- add `NAMES` where missing.
- document input variables (including deprecated ones.)
- comment cleanups.
- FindWolfSSL: drop stray `QUIET` from `pkg_check_modules()`.
(`QUIET` may be re-added for all modules in the future.)
Closes #14579
show more ...
|
| c57d3aeb | 18-Aug-2024 |
Viktor Szakats |
appveyor: drop uploading artifacts
Uploading artifacts sometimes results in this error:
```
Uploading artifacts...
[1/1] _bld\src\curl.exe (2,022,912 bytes)...100%
Error uplo
appveyor: drop uploading artifacts
Uploading artifacts sometimes results in this error:
```
Uploading artifacts...
[1/1] _bld\src\curl.exe (2,022,912 bytes)...100%
Error uploading artifact to the storage: Remote server returned 503: Service Temporarily Unavailable
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/50424126/job/e4envval6xkicv1i#L123
The artifacts are also probably not useful to upload for every run. Also
note that they were missing external DLL dependencies.
Leave the logic there commented, to make it easy to enable as needed for
debugging or testing artifacts locally.
Closes #14581
show more ...
|
| 1d292465 | 16-Aug-2024 |
Viktor Szakats |
cmake: tidy up around ngtcp2 and wolfSSL
- fix to add the `m` library without path.
Follow-up to 8577f4ca084b8a3926b869a48a29d41a810eceb5 #14343
Authored-by: Tal Regev
Fixe
cmake: tidy up around ngtcp2 and wolfSSL
- fix to add the `m` library without path.
Follow-up to 8577f4ca084b8a3926b869a48a29d41a810eceb5 #14343
Authored-by: Tal Regev
Fixes #14549
- move `m` library detection to wolfSSL Find module.
`m` is necessary for wolfSSL (wolfcrypt) library functions called by
`libngtcp2_crypto_wolfssl`.
Follow-up to 8577f4ca084b8a3926b869a48a29d41a810eceb5 #14343
- fix comment header about supported `COMPONENT` names.
- quote strings.
- lowercase local variables.
Closes #14576
show more ...
|
| 24889acb | 17-Aug-2024 |
Viktor Szakats |
cmake: do not unset the deprecated mixed-case variables
To avoid interference with the calling env.
(Keep unsetting for the DIRS/DIR cases in BearSSL and mbedTLS, because
the de
cmake: do not unset the deprecated mixed-case variables
To avoid interference with the calling env.
(Keep unsetting for the DIRS/DIR cases in BearSSL and mbedTLS, because
the deprecated variables play a new role in the detection.)
Follow-up to 9fbda4ca75483ee0a43289526e88d8f1e8ca2a78 #14574
show more ...
|
| 9fbda4ca | 16-Aug-2024 |
Viktor Szakats |
cmake: rename wolfSSL and zstd config variables to uppercase
To match with other config variables and other projects.
Rename these CMake configuration variables:
- `WolfSSL_INCL
cmake: rename wolfSSL and zstd config variables to uppercase
To match with other config variables and other projects.
Rename these CMake configuration variables:
- `WolfSSL_INCLUDE_DIR` -> `WOLFSSL_INCLUDE_DIR`
- `WolfSSL_LIBRARY` -> `WOLFSSL_LIBRARY`
- `Zstd_INCLUDE_DIR` -> `ZSTD_INCLUDE_DIR`
- `Zstd_LIBRARY` -> `ZSTD_LIBRARY`
The old values continue to work, with a warning suggesting the new name.
Also:
- add similar warnings for earlier renames for mbedTLS and BearSSL.
- rename internal variables `PC_Zstd_*` to uppercase.
Follow-up to db39c668a8e33e064b9eb20892cd027f46302f77 #14542
Closes #14574
show more ...
|
| 47a48647 | 17-Aug-2024 |
Daniel Stenberg |
location: fix typo
Follow-up to 5fcf96930efc
Bug: https://github.com/curl/curl/pull/14471#pullrequestreview-2244131475
Reported-by: Joshix-1 on github |
| 5fcf9693 | 09-Aug-2024 |
XYenon |
docs: add description of effect of --location-trusted on cookie
Closes #14471 |
| 88727f7e | 16-Aug-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
docs: improve cipher options documentation
Closes #14407 |
| b2488afb | 14-Aug-2024 |
renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
GHA: update github/codeql-action digest to 429e197
Closes #14425 |
| 6fc66e16 | 30-Jul-2024 |
Viktor Petersson |
SECURITY: mention OpenSSF best practices gold badge
Closes #14319 |
| 88cae145 | 05-Aug-2024 |
Justin Maggard |
mbedtls: add more informative logging
After TLS handshare, indicate which TLS version was negotiated in
addition to the cipher in the handshake completed log message.
Also use t
mbedtls: add more informative logging
After TLS handshare, indicate which TLS version was negotiated in
addition to the cipher in the handshake completed log message.
Also use the verify callback for certificate logging and collection.
This allows things to work even when MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
is disabled in the mbedtls library.
And lastly, catch certificate validation errors later so we can give the
user more informative error messages that indicate what the failure was
from certificate validation.
Tested on both current LTS versions (2.28 and 3.6).
Closes #14444
show more ...
|
