summaryrefslogtreecommitdiff
path: root/libs
diff options
context:
space:
mode:
authorGeorge Hazan <ghazan@miranda.im>2017-12-06 21:44:09 +0300
committerGeorge Hazan <ghazan@miranda.im>2017-12-06 21:44:17 +0300
commit4b6980f68d25901133519bc1ad1c5376819a3876 (patch)
tree0d919622bfc2659f34a7bed303fefb99ecab052a /libs
parent0112d2767268037cf63e44c4464cf9eed237d06d (diff)
libcurl: update to 7.57
Diffstat (limited to 'libs')
-rw-r--r--libs/libcurl/include/README28
-rw-r--r--libs/libcurl/include/curl/curl.h754
-rw-r--r--libs/libcurl/include/curl/curlrules.h262
-rw-r--r--libs/libcurl/include/curl/curlver.h26
-rw-r--r--libs/libcurl/include/curl/easy.h6
-rw-r--r--libs/libcurl/include/curl/mprintf.h37
-rw-r--r--libs/libcurl/include/curl/multi.h46
-rw-r--r--libs/libcurl/include/curl/stdcheaders.h8
-rw-r--r--libs/libcurl/include/curl/system.h (renamed from libs/libcurl/include/curl/curlbuild.h)396
-rw-r--r--libs/libcurl/include/curl/typecheck-gcc.h318
-rw-r--r--libs/libcurl/libcurl.vcxproj10
-rw-r--r--libs/libcurl/src/CMakeLists.txt131
-rw-r--r--libs/libcurl/src/Makefile.Watcom275
-rw-r--r--libs/libcurl/src/Makefile.am141
-rw-r--r--libs/libcurl/src/Makefile.b32185
-rw-r--r--libs/libcurl/src/Makefile.in3264
-rw-r--r--libs/libcurl/src/Makefile.inc81
-rw-r--r--libs/libcurl/src/Makefile.m32387
-rw-r--r--libs/libcurl/src/Makefile.netware761
-rw-r--r--libs/libcurl/src/Makefile.vxworks177
-rw-r--r--libs/libcurl/src/README.ares69
-rw-r--r--libs/libcurl/src/README.curl_off_t68
-rw-r--r--libs/libcurl/src/README.curlx61
-rw-r--r--libs/libcurl/src/README.encoding60
-rw-r--r--libs/libcurl/src/README.hostip35
-rw-r--r--libs/libcurl/src/README.httpauth74
-rw-r--r--libs/libcurl/src/README.memoryleak55
-rw-r--r--libs/libcurl/src/README.multi_socket53
-rw-r--r--libs/libcurl/src/README.pingpong30
-rw-r--r--libs/libcurl/src/README.pipelining51
-rw-r--r--libs/libcurl/src/amigaos.c10
-rw-r--r--libs/libcurl/src/amigaos.h2
-rw-r--r--libs/libcurl/src/arpa_telnet.h2
-rw-r--r--libs/libcurl/src/asyn-ares.c134
-rw-r--r--libs/libcurl/src/asyn-thread.c225
-rw-r--r--libs/libcurl/src/asyn.h4
-rw-r--r--libs/libcurl/src/axtls.h68
-rw-r--r--libs/libcurl/src/base64.c240
-rw-r--r--libs/libcurl/src/bundles.c110
-rw-r--r--libs/libcurl/src/bundles.h45
-rw-r--r--libs/libcurl/src/checksrc.pl451
-rw-r--r--libs/libcurl/src/config-amigaos.h7
-rw-r--r--libs/libcurl/src/config-dos.h19
-rw-r--r--libs/libcurl/src/config-mac.h5
-rw-r--r--libs/libcurl/src/config-os400.h32
-rw-r--r--libs/libcurl/src/config-riscos.h2
-rw-r--r--libs/libcurl/src/config-symbian.h25
-rw-r--r--libs/libcurl/src/config-tpf.h18
-rw-r--r--libs/libcurl/src/config-vxworks.h12
-rw-r--r--libs/libcurl/src/config-win32.h113
-rw-r--r--libs/libcurl/src/config-win32ce.h13
-rw-r--r--libs/libcurl/src/conncache.c333
-rw-r--r--libs/libcurl/src/conncache.h35
-rw-r--r--libs/libcurl/src/connect.c850
-rw-r--r--libs/libcurl/src/connect.h67
-rw-r--r--libs/libcurl/src/content_encoding.c763
-rw-r--r--libs/libcurl/src/content_encoding.h47
-rw-r--r--libs/libcurl/src/cookie.c646
-rw-r--r--libs/libcurl/src/cookie.h27
-rw-r--r--libs/libcurl/src/curl_addrinfo.c145
-rw-r--r--libs/libcurl/src/curl_addrinfo.h19
-rw-r--r--libs/libcurl/src/curl_base64.h9
-rw-r--r--libs/libcurl/src/curl_config.h.cmake1005
-rw-r--r--libs/libcurl/src/curl_config.h.in1042
-rw-r--r--libs/libcurl/src/curl_darwinssl.h78
-rw-r--r--libs/libcurl/src/curl_des.c63
-rw-r--r--libs/libcurl/src/curl_des.h34
-rw-r--r--libs/libcurl/src/curl_endian.c124
-rw-r--r--libs/libcurl/src/curl_endian.h46
-rw-r--r--libs/libcurl/src/curl_fnmatch.c45
-rw-r--r--libs/libcurl/src/curl_fnmatch.h2
-rw-r--r--libs/libcurl/src/curl_gethostname.c10
-rw-r--r--libs/libcurl/src/curl_gethostname.h2
-rw-r--r--libs/libcurl/src/curl_gssapi.c78
-rw-r--r--libs/libcurl/src/curl_gssapi.h34
-rw-r--r--libs/libcurl/src/curl_hmac.h28
-rw-r--r--libs/libcurl/src/curl_ldap.h2
-rw-r--r--libs/libcurl/src/curl_md4.h14
-rw-r--r--libs/libcurl/src/curl_md5.h2
-rw-r--r--libs/libcurl/src/curl_memory.h32
-rw-r--r--libs/libcurl/src/curl_memrchr.c11
-rw-r--r--libs/libcurl/src/curl_memrchr.h2
-rw-r--r--libs/libcurl/src/curl_multibyte.c22
-rw-r--r--libs/libcurl/src/curl_multibyte.h14
-rw-r--r--libs/libcurl/src/curl_ntlm_core.c525
-rw-r--r--libs/libcurl/src/curl_ntlm_core.h97
-rw-r--r--libs/libcurl/src/curl_ntlm_wb.c154
-rw-r--r--libs/libcurl/src/curl_ntlm_wb.h9
-rw-r--r--libs/libcurl/src/curl_printf.h56
-rw-r--r--libs/libcurl/src/curl_rtmp.c41
-rw-r--r--libs/libcurl/src/curl_rtmp.h2
-rw-r--r--libs/libcurl/src/curl_sasl.c939
-rw-r--r--libs/libcurl/src/curl_sasl.h166
-rw-r--r--libs/libcurl/src/curl_schannel.c1308
-rw-r--r--libs/libcurl/src/curl_schannel.h132
-rw-r--r--libs/libcurl/src/curl_sec.h18
-rw-r--r--libs/libcurl/src/curl_setup.h256
-rw-r--r--libs/libcurl/src/curl_setup_once.h18
-rw-r--r--libs/libcurl/src/curl_sha256.h32
-rw-r--r--libs/libcurl/src/curl_sspi.c149
-rw-r--r--libs/libcurl/src/curl_sspi.h221
-rw-r--r--libs/libcurl/src/curl_threads.c61
-rw-r--r--libs/libcurl/src/curl_threads.h18
-rw-r--r--libs/libcurl/src/curlx.h28
-rw-r--r--libs/libcurl/src/cyassl.c611
-rw-r--r--libs/libcurl/src/cyassl.h64
-rw-r--r--libs/libcurl/src/dict.c61
-rw-r--r--libs/libcurl/src/dict.h2
-rw-r--r--libs/libcurl/src/dotdot.c48
-rw-r--r--libs/libcurl/src/dotdot.h6
-rw-r--r--libs/libcurl/src/easy.c603
-rw-r--r--libs/libcurl/src/easyif.h6
-rw-r--r--libs/libcurl/src/escape.c112
-rw-r--r--libs/libcurl/src/escape.h4
-rw-r--r--libs/libcurl/src/file.c226
-rw-r--r--libs/libcurl/src/file.h2
-rw-r--r--libs/libcurl/src/fileinfo.c20
-rw-r--r--libs/libcurl/src/fileinfo.h14
-rw-r--r--libs/libcurl/src/firefox-db2pem.sh54
-rw-r--r--libs/libcurl/src/formdata.c1098
-rw-r--r--libs/libcurl/src/formdata.h61
-rw-r--r--libs/libcurl/src/ftp.c1273
-rw-r--r--libs/libcurl/src/ftp.h19
-rw-r--r--libs/libcurl/src/ftplistparser.c347
-rw-r--r--libs/libcurl/src/ftplistparser.h2
-rw-r--r--libs/libcurl/src/getenv.c5
-rw-r--r--libs/libcurl/src/getinfo.c228
-rw-r--r--libs/libcurl/src/getinfo.h6
-rw-r--r--libs/libcurl/src/gopher.c70
-rw-r--r--libs/libcurl/src/gopher.h2
-rw-r--r--libs/libcurl/src/gskit.c906
-rw-r--r--libs/libcurl/src/gskit.h64
-rw-r--r--libs/libcurl/src/gtls.c1119
-rw-r--r--libs/libcurl/src/gtls.h81
-rw-r--r--libs/libcurl/src/hash.c190
-rw-r--r--libs/libcurl/src/hash.h30
-rw-r--r--libs/libcurl/src/hmac.c21
-rw-r--r--libs/libcurl/src/hostasyn.c38
-rw-r--r--libs/libcurl/src/hostcheck.c99
-rw-r--r--libs/libcurl/src/hostcheck.h2
-rw-r--r--libs/libcurl/src/hostip.c360
-rw-r--r--libs/libcurl/src/hostip.h59
-rw-r--r--libs/libcurl/src/hostip4.c28
-rw-r--r--libs/libcurl/src/hostip6.c56
-rw-r--r--libs/libcurl/src/hostsyn.c26
-rw-r--r--libs/libcurl/src/http.c1938
-rw-r--r--libs/libcurl/src/http.h101
-rw-r--r--libs/libcurl/src/http2.c2250
-rw-r--r--libs/libcurl/src/http2.h48
-rw-r--r--libs/libcurl/src/http_chunks.c196
-rw-r--r--libs/libcurl/src/http_chunks.h49
-rw-r--r--libs/libcurl/src/http_digest.c568
-rw-r--r--libs/libcurl/src/http_digest.h25
-rw-r--r--libs/libcurl/src/http_negotiate.c376
-rw-r--r--libs/libcurl/src/http_negotiate.h18
-rw-r--r--libs/libcurl/src/http_negotiate_sspi.c308
-rw-r--r--libs/libcurl/src/http_ntlm.c (renamed from libs/libcurl/src/curl_ntlm.c)99
-rw-r--r--libs/libcurl/src/http_ntlm.h (renamed from libs/libcurl/src/curl_ntlm.h)12
-rw-r--r--libs/libcurl/src/http_proxy.c785
-rw-r--r--libs/libcurl/src/http_proxy.h20
-rw-r--r--libs/libcurl/src/idn_win32.c90
-rw-r--r--libs/libcurl/src/if2ip.c116
-rw-r--r--libs/libcurl/src/if2ip.h16
-rw-r--r--libs/libcurl/src/imap.c1232
-rw-r--r--libs/libcurl/src/imap.h37
-rw-r--r--libs/libcurl/src/inet_ntop.c32
-rw-r--r--libs/libcurl/src/inet_ntop.h6
-rw-r--r--libs/libcurl/src/inet_pton.c22
-rw-r--r--libs/libcurl/src/inet_pton.h7
-rw-r--r--libs/libcurl/src/krb4.c440
-rw-r--r--libs/libcurl/src/krb4.h57
-rw-r--r--libs/libcurl/src/krb5.c87
-rw-r--r--libs/libcurl/src/ldap.c789
-rw-r--r--libs/libcurl/src/libcurl.plist35
-rw-r--r--libs/libcurl/src/libcurl.rc12
-rw-r--r--libs/libcurl/src/libcurl.vers.in13
-rw-r--r--libs/libcurl/src/llist.c67
-rw-r--r--libs/libcurl/src/llist.h21
-rw-r--r--libs/libcurl/src/makefile.amiga21
-rw-r--r--libs/libcurl/src/makefile.dj72
-rw-r--r--libs/libcurl/src/md4.c505
-rw-r--r--libs/libcurl/src/md5.c592
-rw-r--r--libs/libcurl/src/memdebug.c146
-rw-r--r--libs/libcurl/src/memdebug.h56
-rw-r--r--libs/libcurl/src/mime.c1908
-rw-r--r--libs/libcurl/src/mime.h137
-rw-r--r--libs/libcurl/src/mk-ca-bundle.pl447
-rw-r--r--libs/libcurl/src/mk-ca-bundle.vbs431
-rw-r--r--libs/libcurl/src/mprintf.c343
-rw-r--r--libs/libcurl/src/multi.c2148
-rw-r--r--libs/libcurl/src/multihandle.h82
-rw-r--r--libs/libcurl/src/multiif.h39
-rw-r--r--libs/libcurl/src/netrc.c123
-rw-r--r--libs/libcurl/src/netrc.h2
-rw-r--r--libs/libcurl/src/non-ascii.c161
-rw-r--r--libs/libcurl/src/non-ascii.h20
-rw-r--r--libs/libcurl/src/nonblock.c9
-rw-r--r--libs/libcurl/src/nonblock.h2
-rw-r--r--libs/libcurl/src/nss.c1574
-rw-r--r--libs/libcurl/src/nssg.h88
-rw-r--r--libs/libcurl/src/nwlib.c66
-rw-r--r--libs/libcurl/src/nwos.c12
-rw-r--r--libs/libcurl/src/objnames-test08.sh217
-rw-r--r--libs/libcurl/src/objnames-test10.sh217
-rw-r--r--libs/libcurl/src/objnames.inc107
-rw-r--r--libs/libcurl/src/openldap.c196
-rw-r--r--libs/libcurl/src/openssl.c3661
-rw-r--r--libs/libcurl/src/openssl.h37
-rw-r--r--libs/libcurl/src/parsedate.c113
-rw-r--r--libs/libcurl/src/parsedate.h2
-rw-r--r--libs/libcurl/src/pingpong.c153
-rw-r--r--libs/libcurl/src/pingpong.h14
-rw-r--r--libs/libcurl/src/pipeline.c278
-rw-r--r--libs/libcurl/src/pipeline.h30
-rw-r--r--libs/libcurl/src/polarssl.c706
-rw-r--r--libs/libcurl/src/polarssl.h67
-rw-r--r--libs/libcurl/src/pop3.c1129
-rw-r--r--libs/libcurl/src/pop3.h26
-rw-r--r--libs/libcurl/src/progress.c310
-rw-r--r--libs/libcurl/src/progress.h27
-rw-r--r--libs/libcurl/src/qssl.c521
-rw-r--r--libs/libcurl/src/qssl.h61
-rw-r--r--libs/libcurl/src/rand.c179
-rw-r--r--libs/libcurl/src/rand.h47
-rw-r--r--libs/libcurl/src/rtsp.c251
-rw-r--r--libs/libcurl/src/rtsp.h4
-rw-r--r--libs/libcurl/src/security.c215
-rw-r--r--libs/libcurl/src/select.c133
-rw-r--r--libs/libcurl/src/select.h22
-rw-r--r--libs/libcurl/src/sendf.c557
-rw-r--r--libs/libcurl/src/sendf.h16
-rw-r--r--libs/libcurl/src/setopt.c2554
-rw-r--r--libs/libcurl/src/setopt.h27
-rw-r--r--libs/libcurl/src/setup-os400.h77
-rw-r--r--libs/libcurl/src/setup-vms.h186
-rw-r--r--libs/libcurl/src/sha256.c262
-rw-r--r--libs/libcurl/src/share.c54
-rw-r--r--libs/libcurl/src/share.h15
-rw-r--r--libs/libcurl/src/sigpipe.h78
-rw-r--r--libs/libcurl/src/slist.c10
-rw-r--r--libs/libcurl/src/slist.h2
-rw-r--r--libs/libcurl/src/smb.c1005
-rw-r--r--libs/libcurl/src/smb.h271
-rw-r--r--libs/libcurl/src/smtp.c1352
-rw-r--r--libs/libcurl/src/smtp.h29
-rw-r--r--libs/libcurl/src/sockaddr.h2
-rw-r--r--libs/libcurl/src/socks.c319
-rw-r--r--libs/libcurl/src/socks.h9
-rw-r--r--libs/libcurl/src/socks_gssapi.c210
-rw-r--r--libs/libcurl/src/socks_sspi.c178
-rw-r--r--libs/libcurl/src/speedcheck.c71
-rw-r--r--libs/libcurl/src/speedcheck.h10
-rw-r--r--libs/libcurl/src/splay.c130
-rw-r--r--libs/libcurl/src/splay.h24
-rw-r--r--libs/libcurl/src/ssh.c878
-rw-r--r--libs/libcurl/src/ssh.h43
-rw-r--r--libs/libcurl/src/sslgen.c676
-rw-r--r--libs/libcurl/src/sslgen.h126
-rw-r--r--libs/libcurl/src/ssluse.c2696
-rw-r--r--libs/libcurl/src/ssluse.h99
-rw-r--r--libs/libcurl/src/strcase.c (renamed from libs/libcurl/src/rawstr.c)55
-rw-r--r--libs/libcurl/src/strcase.h (renamed from libs/libcurl/src/rawstr.h)28
-rw-r--r--libs/libcurl/src/strdup.c62
-rw-r--r--libs/libcurl/src/strdup.h6
-rw-r--r--libs/libcurl/src/strequal.c79
-rw-r--r--libs/libcurl/src/strerror.c226
-rw-r--r--libs/libcurl/src/strerror.h6
-rw-r--r--libs/libcurl/src/strtok.c2
-rw-r--r--libs/libcurl/src/strtok.h2
-rw-r--r--libs/libcurl/src/strtoofft.c74
-rw-r--r--libs/libcurl/src/strtoofft.h32
-rw-r--r--libs/libcurl/src/system_win32.c329
-rw-r--r--libs/libcurl/src/system_win32.h61
-rw-r--r--libs/libcurl/src/telnet.c390
-rw-r--r--libs/libcurl/src/telnet.h2
-rw-r--r--libs/libcurl/src/tftp.c365
-rw-r--r--libs/libcurl/src/tftp.h2
-rw-r--r--libs/libcurl/src/timeval.c126
-rw-r--r--libs/libcurl/src/timeval.h40
-rw-r--r--libs/libcurl/src/transfer.c940
-rw-r--r--libs/libcurl/src/transfer.h27
-rw-r--r--libs/libcurl/src/url.c5407
-rw-r--r--libs/libcurl/src/url.h57
-rw-r--r--libs/libcurl/src/urldata.h839
-rw-r--r--libs/libcurl/src/vauth/cleartext.c165
-rw-r--r--libs/libcurl/src/vauth/cram.c138
-rw-r--r--libs/libcurl/src/vauth/digest.c1003
-rw-r--r--libs/libcurl/src/vauth/digest.h47
-rw-r--r--libs/libcurl/src/vauth/digest_sspi.c669
-rw-r--r--libs/libcurl/src/vauth/krb5_gssapi.c401
-rw-r--r--libs/libcurl/src/vauth/krb5_sspi.c518
-rw-r--r--libs/libcurl/src/vauth/ntlm.c (renamed from libs/libcurl/src/curl_ntlm_msgs.c)589
-rw-r--r--libs/libcurl/src/vauth/ntlm.h (renamed from libs/libcurl/src/curl_ntlm_msgs.h)47
-rw-r--r--libs/libcurl/src/vauth/ntlm_sspi.c338
-rw-r--r--libs/libcurl/src/vauth/oauth2.c86
-rw-r--r--libs/libcurl/src/vauth/spnego_gssapi.c278
-rw-r--r--libs/libcurl/src/vauth/spnego_sspi.c324
-rw-r--r--libs/libcurl/src/vauth/vauth.c147
-rw-r--r--libs/libcurl/src/vauth/vauth.h205
-rw-r--r--libs/libcurl/src/version.c142
-rw-r--r--libs/libcurl/src/vtls/axtls.c (renamed from libs/libcurl/src/axtls.c)393
-rw-r--r--libs/libcurl/src/vtls/axtls.h34
-rw-r--r--libs/libcurl/src/vtls/cyassl.c1017
-rw-r--r--libs/libcurl/src/vtls/cyassl.h (renamed from libs/libcurl/src/strequal.h)18
-rw-r--r--libs/libcurl/src/vtls/darwinssl.c (renamed from libs/libcurl/src/curl_darwinssl.c)1647
-rw-r--r--libs/libcurl/src/vtls/darwinssl.h32
-rw-r--r--libs/libcurl/src/vtls/gskit.c1390
-rw-r--r--libs/libcurl/src/vtls/gskit.h38
-rw-r--r--libs/libcurl/src/vtls/gtls.c1841
-rw-r--r--libs/libcurl/src/vtls/gtls.h34
-rw-r--r--libs/libcurl/src/vtls/mbedtls.c1075
-rw-r--r--libs/libcurl/src/vtls/mbedtls.h32
-rw-r--r--libs/libcurl/src/vtls/nss.c2380
-rw-r--r--libs/libcurl/src/vtls/nssg.h39
-rw-r--r--libs/libcurl/src/vtls/openssl.c3661
-rw-r--r--libs/libcurl/src/vtls/openssl.h37
-rw-r--r--libs/libcurl/src/vtls/polarssl.c937
-rw-r--r--libs/libcurl/src/vtls/polarssl.h32
-rw-r--r--libs/libcurl/src/vtls/polarssl_threadlock.c (renamed from libs/libcurl/src/polarssl_threadlock.c)25
-rw-r--r--libs/libcurl/src/vtls/polarssl_threadlock.h (renamed from libs/libcurl/src/polarssl_threadlock.h)22
-rw-r--r--libs/libcurl/src/vtls/schannel.c1852
-rw-r--r--libs/libcurl/src/vtls/schannel.h34
-rw-r--r--libs/libcurl/src/vtls/vtls.c1326
-rw-r--r--libs/libcurl/src/vtls/vtls.h274
-rw-r--r--libs/libcurl/src/warnless.c127
-rw-r--r--libs/libcurl/src/warnless.h27
-rw-r--r--libs/libcurl/src/wildcard.c38
-rw-r--r--libs/libcurl/src/wildcard.h13
-rw-r--r--libs/libcurl/src/x509asn1.c423
-rw-r--r--libs/libcurl/src/x509asn1.h37
330 files changed, 66410 insertions, 33494 deletions
diff --git a/libs/libcurl/include/README b/libs/libcurl/include/README
index 3e52a1d0a6..c2589ec8c4 100644
--- a/libs/libcurl/include/README
+++ b/libs/libcurl/include/README
@@ -16,31 +16,9 @@ curl subdirectory. It makes it more likely to survive future modifications.
NOTE FOR LIBCURL HACKERS
-The following notes apply to libcurl version 7.19.0 and later.
-
-* The distributed curl/curlbuild.h file is only intended to be used on systems
- which can not run the also distributed configure script.
-
-* The distributed curlbuild.h file is generated as a copy of curlbuild.h.dist
- when the libcurl source code distribution archive file is originally created.
-
* If you check out from git on a non-configure platform, you must run the
- appropriate buildconf* script to set up curlbuild.h and other local files
- before being able of compiling the library.
-
-* On systems capable of running the configure script, the configure process
- will overwrite the distributed include/curl/curlbuild.h file with one that
- is suitable and specific to the library being configured and built, which
- is generated from the include/curl/curlbuild.h.in template file.
-
-* If you intend to distribute an already compiled libcurl library you _MUST_
- also distribute along with it the generated curl/curlbuild.h which has been
- used to compile it. Otherwise the library will be of no use for the users of
- the library that you have built. It is _your_ responsibility to provide this
- file. No one at the cURL project can know how you have built the library.
-
-* File curl/curlbuild.h includes platform and configuration dependent info,
- and must not be modified by anyone. Configure script generates it for you.
+ appropriate buildconf* script to set up files before being able of compiling
+ the library.
* We cannot assume anything else but very basic compiler features being
present. While libcurl requires an ANSI C compiler to build, some of the
@@ -52,4 +30,4 @@ The following notes apply to libcurl version 7.19.0 and later.
To figure out how to do good and portable checks for features, operating
systems or specific hardwarare, a very good resource is Bjorn Reese's
-collection at http://predef.sf.net/
+collection at https://sourceforge.net/p/predef/wiki/
diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h
index 4e09cf7288..9ad5c20dfe 100644
--- a/libs/libcurl/include/curl/curl.h
+++ b/libs/libcurl/include/curl/curl.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,15 +24,18 @@
/*
* If you have libcurl problems, all docs and details are found here:
- * http://curl.haxx.se/libcurl/
+ * https://curl.haxx.se/libcurl/
*
* curl-library mailing list subscription and unsubscription web interface:
- * http://cool.haxx.se/mailman/listinfo/curl-library/
+ * https://cool.haxx.se/mailman/listinfo/curl-library/
*/
+#ifdef CURL_NO_OLDIES
+#define CURL_STRICTER
+#endif
+
#include "curlver.h" /* libcurl version defines */
-#include "curlbuild.h" /* libcurl build definitions */
-#include "curlrules.h" /* libcurl rules enforcement */
+#include "system.h" /* determine things run-time */
/*
* Define WIN32 when build target is Win32 API
@@ -56,7 +59,8 @@
#include <time.h>
#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__)
-#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || defined(__LWIP_OPT_H__))
+#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || \
+ defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H))
/* The check above prevents the winsock2 inclusion if winsock.h already was
included, since they can't co-exist without problems */
#include <winsock2.h>
@@ -69,7 +73,8 @@
require it! */
#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
- defined(ANDROID) || defined(__ANDROID__) || \
+ defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \
+ defined(__CYGWIN__) || \
(defined(__FreeBSD_version) && (__FreeBSD_version < 800000))
#include <sys/select.h>
#endif
@@ -90,7 +95,13 @@
extern "C" {
#endif
+#if defined(BUILDING_LIBCURL) || defined(CURL_STRICTER)
+typedef struct Curl_easy CURL;
+typedef struct Curl_share CURLSH;
+#else
typedef void CURL;
+typedef void CURLSH;
+#endif
/*
* libcurl external API function linkage decorations.
@@ -112,7 +123,7 @@ typedef void CURL;
#ifndef curl_socket_typedef
/* socket typedef */
-#if defined(WIN32) && !defined(__LWIP_OPT_H__)
+#if defined(WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H)
typedef SOCKET curl_socket_t;
#define CURL_SOCKET_BAD INVALID_SOCKET
#else
@@ -122,38 +133,69 @@ typedef int curl_socket_t;
#define curl_socket_typedef
#endif /* curl_socket_typedef */
+/* enum for the different supported SSL backends */
+typedef enum {
+ CURLSSLBACKEND_NONE = 0,
+ CURLSSLBACKEND_OPENSSL = 1,
+ CURLSSLBACKEND_GNUTLS = 2,
+ CURLSSLBACKEND_NSS = 3,
+ CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */
+ CURLSSLBACKEND_GSKIT = 5,
+ CURLSSLBACKEND_POLARSSL = 6,
+ CURLSSLBACKEND_WOLFSSL = 7,
+ CURLSSLBACKEND_SCHANNEL = 8,
+ CURLSSLBACKEND_DARWINSSL = 9,
+ CURLSSLBACKEND_AXTLS = 10,
+ CURLSSLBACKEND_MBEDTLS = 11
+} curl_sslbackend;
+
+/* aliases for library clones and renames */
+#define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL
+#define CURLSSLBACKEND_BORINGSSL CURLSSLBACKEND_OPENSSL
+#define CURLSSLBACKEND_CYASSL CURLSSLBACKEND_WOLFSSL
+
struct curl_httppost {
struct curl_httppost *next; /* next entry in the list */
char *name; /* pointer to allocated name */
long namelength; /* length of name length */
char *contents; /* pointer to allocated data contents */
- long contentslength; /* length of contents field */
+ long contentslength; /* length of contents field, see also
+ CURL_HTTPPOST_LARGE */
char *buffer; /* pointer to allocated buffer contents */
long bufferlength; /* length of buffer field */
char *contenttype; /* Content-Type */
- struct curl_slist* contentheader; /* list of extra headers for this form */
+ struct curl_slist *contentheader; /* list of extra headers for this form */
struct curl_httppost *more; /* if one field name has more than one
file, this link should link to following
files */
long flags; /* as defined below */
-#define HTTPPOST_FILENAME (1<<0) /* specified content is a file name */
-#define HTTPPOST_READFILE (1<<1) /* specified content is a file name */
-#define HTTPPOST_PTRNAME (1<<2) /* name is only stored pointer
- do not free in formfree */
-#define HTTPPOST_PTRCONTENTS (1<<3) /* contents is only stored pointer
- do not free in formfree */
-#define HTTPPOST_BUFFER (1<<4) /* upload file from buffer */
-#define HTTPPOST_PTRBUFFER (1<<5) /* upload file from pointer contents */
-#define HTTPPOST_CALLBACK (1<<6) /* upload file contents by using the
- regular read callback to get the data
- and pass the given pointer as custom
- pointer */
+
+/* specified content is a file name */
+#define CURL_HTTPPOST_FILENAME (1<<0)
+/* specified content is a file name */
+#define CURL_HTTPPOST_READFILE (1<<1)
+/* name is only stored pointer do not free in formfree */
+#define CURL_HTTPPOST_PTRNAME (1<<2)
+/* contents is only stored pointer do not free in formfree */
+#define CURL_HTTPPOST_PTRCONTENTS (1<<3)
+/* upload file from buffer */
+#define CURL_HTTPPOST_BUFFER (1<<4)
+/* upload file from pointer contents */
+#define CURL_HTTPPOST_PTRBUFFER (1<<5)
+/* upload file contents by using the regular read callback to get the data and
+ pass the given pointer as custom pointer */
+#define CURL_HTTPPOST_CALLBACK (1<<6)
+/* use size in 'contentlen', added in 7.46.0 */
+#define CURL_HTTPPOST_LARGE (1<<7)
char *showfilename; /* The file name to show. If not set, the
actual file name will be used (if this
is a file part) */
void *userp; /* custom pointer used for
HTTPPOST_CALLBACK posts */
+ curl_off_t contentlen; /* alternative length of contents
+ field. Used if CURL_HTTPPOST_LARGE is
+ set. Added in 7.46.0 */
};
/* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered
@@ -172,6 +214,11 @@ typedef int (*curl_xferinfo_callback)(void *clientp,
curl_off_t ultotal,
curl_off_t ulnow);
+#ifndef CURL_MAX_READ_SIZE
+ /* The maximum receive buffer size configurable via CURLOPT_BUFFERSIZE. */
+#define CURL_MAX_READ_SIZE 524288
+#endif
+
#ifndef CURL_MAX_WRITE_SIZE
/* Tests have proven that 20K is a very bad buffer size for uploads on
Windows, while 16K for some odd reason performed a lot better.
@@ -249,7 +296,7 @@ struct curl_fileinfo {
unsigned int flags;
/* used internally */
- char * b_data;
+ char *b_data;
size_t b_size;
size_t b_used;
};
@@ -310,7 +357,7 @@ typedef size_t (*curl_read_callback)(char *buffer,
size_t nitems,
void *instream);
-typedef enum {
+typedef enum {
CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */
CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */
CURLSOCKTYPE_LAST /* never use */
@@ -352,7 +399,7 @@ typedef enum {
CURLIOE_LAST /* never use */
} curlioerr;
-typedef enum {
+typedef enum {
CURLIOCMD_NOP, /* no operation */
CURLIOCMD_RESTARTREAD, /* restart the read stream from start */
CURLIOCMD_LAST /* never use */
@@ -362,6 +409,7 @@ typedef curlioerr (*curl_ioctl_callback)(CURL *handle,
int cmd,
void *clientp);
+#ifndef CURL_DID_MEMORY_FUNC_TYPEDEFS
/*
* The following typedef's are signatures of malloc, free, realloc, strdup and
* calloc respectively. Function pointers of these types can be passed to the
@@ -374,6 +422,9 @@ typedef void *(*curl_realloc_callback)(void *ptr, size_t size);
typedef char *(*curl_strdup_callback)(const char *str);
typedef void *(*curl_calloc_callback)(size_t nmemb, size_t size);
+#define CURL_DID_MEMORY_FUNC_TYPEDEFS
+#endif
+
/* the kind of data that is passed to information_callback*/
typedef enum {
CURLINFO_TEXT = 0,
@@ -410,7 +461,7 @@ typedef enum {
CURLE_COULDNT_RESOLVE_PROXY, /* 5 */
CURLE_COULDNT_RESOLVE_HOST, /* 6 */
CURLE_COULDNT_CONNECT, /* 7 */
- CURLE_FTP_WEIRD_SERVER_REPLY, /* 8 */
+ CURLE_WEIRD_SERVER_REPLY, /* 8 */
CURLE_REMOTE_ACCESS_DENIED, /* 9 a service was denied by the server
due to lack of access - when login fails
this is not returned. */
@@ -423,7 +474,9 @@ typedef enum {
CURLE_FTP_WEIRD_PASV_REPLY, /* 13 */
CURLE_FTP_WEIRD_227_FORMAT, /* 14 */
CURLE_FTP_CANT_GET_HOST, /* 15 */
- CURLE_OBSOLETE16, /* 16 - NOT USED */
+ CURLE_HTTP2, /* 16 - A problem in the http2 framing layer.
+ [was obsoleted in August 2007 for 7.17.0,
+ reused in July 2014 for 7.38.0] */
CURLE_FTP_COULDNT_SET_TYPE, /* 17 */
CURLE_PARTIAL_FILE, /* 18 */
CURLE_FTP_COULDNT_RETR_FILE, /* 19 */
@@ -452,15 +505,15 @@ typedef enum {
CURLE_LDAP_CANNOT_BIND, /* 38 */
CURLE_LDAP_SEARCH_FAILED, /* 39 */
CURLE_OBSOLETE40, /* 40 - NOT USED */
- CURLE_FUNCTION_NOT_FOUND, /* 41 */
+ CURLE_FUNCTION_NOT_FOUND, /* 41 - NOT USED starting with 7.53.0 */
CURLE_ABORTED_BY_CALLBACK, /* 42 */
CURLE_BAD_FUNCTION_ARGUMENT, /* 43 */
CURLE_OBSOLETE44, /* 44 - NOT USED */
CURLE_INTERFACE_FAILED, /* 45 - CURLOPT_INTERFACE failed */
CURLE_OBSOLETE46, /* 46 - NOT USED */
- CURLE_TOO_MANY_REDIRECTS , /* 47 - catch endless re-direct loops */
+ CURLE_TOO_MANY_REDIRECTS, /* 47 - catch endless re-direct loops */
CURLE_UNKNOWN_OPTION, /* 48 - User specified an unknown option */
- CURLE_TELNET_OPTION_SYNTAX , /* 49 - Malformed telnet option */
+ CURLE_TELNET_OPTION_SYNTAX, /* 49 - Malformed telnet option */
CURLE_OBSOLETE50, /* 50 - NOT USED */
CURLE_PEER_FAILED_VERIFICATION, /* 51 - peer's certificate or fingerprint
wasn't verified fine */
@@ -519,18 +572,27 @@ typedef enum {
CURLE_CHUNK_FAILED, /* 88 - chunk callback reported error */
CURLE_NO_CONNECTION_AVAILABLE, /* 89 - No connection available, the
session will be queued */
+ CURLE_SSL_PINNEDPUBKEYNOTMATCH, /* 90 - specified pinned public key did not
+ match */
+ CURLE_SSL_INVALIDCERTSTATUS, /* 91 - invalid certificate status */
+ CURLE_HTTP2_STREAM, /* 92 - stream error in HTTP/2 framing layer
+ */
CURL_LAST /* never use! */
} CURLcode;
#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
the obsolete stuff removed! */
-/* Previously obsoletes error codes re-used in 7.24.0 */
+/* Previously obsolete error code re-used in 7.38.0 */
+#define CURLE_OBSOLETE16 CURLE_HTTP2
+
+/* Previously obsolete error codes re-used in 7.24.0 */
#define CURLE_OBSOLETE10 CURLE_FTP_ACCEPT_FAILED
#define CURLE_OBSOLETE12 CURLE_FTP_ACCEPT_TIMEOUT
/* compatibility with older names */
#define CURLOPT_ENCODING CURLOPT_ACCEPT_ENCODING
+#define CURLE_FTP_WEIRD_SERVER_REPLY CURLE_WEIRD_SERVER_REPLY
/* The following were added in 7.21.5, April 2011 */
#define CURLE_UNKNOWN_TELNET_OPTION CURLE_UNKNOWN_OPTION
@@ -579,6 +641,16 @@ typedef enum {
make programs break */
#define CURLE_ALREADY_COMPLETE 99999
+/* Provide defines for really old option names */
+#define CURLOPT_FILE CURLOPT_WRITEDATA /* name changed in 7.9.7 */
+#define CURLOPT_INFILE CURLOPT_READDATA /* name changed in 7.9.7 */
+#define CURLOPT_WRITEHEADER CURLOPT_HEADERDATA
+
+/* Since long deprecated options with no code in the lib that does anything
+ with them. */
+#define CURLOPT_WRITEINFO CURLOPT_OBSOLETE40
+#define CURLOPT_CLOSEPOLICY CURLOPT_OBSOLETE72
+
#endif /*!CURL_NO_OLDIES*/
/* This prototype applies to all conversion callbacks */
@@ -594,6 +666,7 @@ typedef enum {
CONNECT HTTP/1.1 */
CURLPROXY_HTTP_1_0 = 1, /* added in 7.19.4, force to use CONNECT
HTTP/1.0 */
+ CURLPROXY_HTTPS = 2, /* added in 7.52.0 */
CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already
in 7.10 */
CURLPROXY_SOCKS5 = 5, /* added in 7.10 */
@@ -609,7 +682,8 @@ typedef enum {
* CURLAUTH_NONE - No HTTP authentication
* CURLAUTH_BASIC - HTTP Basic authentication (default)
* CURLAUTH_DIGEST - HTTP Digest authentication
- * CURLAUTH_GSSNEGOTIATE - HTTP GSS-Negotiate authentication
+ * CURLAUTH_NEGOTIATE - HTTP Negotiate (SPNEGO) authentication
+ * CURLAUTH_GSSNEGOTIATE - Alias for CURLAUTH_NEGOTIATE (deprecated)
* CURLAUTH_NTLM - HTTP NTLM authentication
* CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour
* CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper
@@ -622,7 +696,11 @@ typedef enum {
#define CURLAUTH_NONE ((unsigned long)0)
#define CURLAUTH_BASIC (((unsigned long)1)<<0)
#define CURLAUTH_DIGEST (((unsigned long)1)<<1)
-#define CURLAUTH_GSSNEGOTIATE (((unsigned long)1)<<2)
+#define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2)
+/* Deprecated since the advent of CURLAUTH_NEGOTIATE */
+#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE
+/* Used for CURLOPT_SOCKS5_AUTH to stay terminologically correct */
+#define CURLAUTH_GSSAPI CURLAUTH_NEGOTIATE
#define CURLAUTH_NTLM (((unsigned long)1)<<3)
#define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4)
#define CURLAUTH_NTLM_WB (((unsigned long)1)<<5)
@@ -704,6 +782,10 @@ typedef enum {
servers, a user can this way allow the vulnerability back. */
#define CURLSSLOPT_ALLOW_BEAST (1<<0)
+/* - NO_REVOKE tells libcurl to disable certificate revocation checks for those
+ SSL backends where such behavior is present. */
+#define CURLSSLOPT_NO_REVOKE (1<<1)
+
#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
the obsolete stuff removed! */
@@ -754,6 +836,10 @@ typedef enum {
CURLFTPMETHOD_LAST /* not an option, never use */
} curl_ftpmethod;
+/* bitmask defines for CURLOPT_HEADEROPT */
+#define CURLHEADER_UNIFIED 0
+#define CURLHEADER_SEPARATE (1<<0)
+
/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */
#define CURLPROTO_HTTP (1<<0)
#define CURLPROTO_HTTPS (1<<1)
@@ -781,15 +867,21 @@ typedef enum {
#define CURLPROTO_RTMPS (1<<23)
#define CURLPROTO_RTMPTS (1<<24)
#define CURLPROTO_GOPHER (1<<25)
+#define CURLPROTO_SMB (1<<26)
+#define CURLPROTO_SMBS (1<<27)
#define CURLPROTO_ALL (~0) /* enable everything */
/* long may be 32 or 64 bits, but we should never depend on anything else
but 32 */
#define CURLOPTTYPE_LONG 0
#define CURLOPTTYPE_OBJECTPOINT 10000
+#define CURLOPTTYPE_STRINGPOINT 10000
#define CURLOPTTYPE_FUNCTIONPOINT 20000
#define CURLOPTTYPE_OFF_T 30000
+/* *STRINGPOINT is an alias for OBJECTPOINT to allow tools to extract the
+ string options from the header file */
+
/* name is uppercase CURLOPT_<name>,
type is one of the defined CURLOPTTYPE_<type>
number is unique identifier */
@@ -803,6 +895,7 @@ typedef enum {
/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */
#define LONG CURLOPTTYPE_LONG
#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT
+#define STRINGPOINT CURLOPTTYPE_OBJECTPOINT
#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT
#define OFF_T CURLOPTTYPE_OFF_T
#define CINIT(name,type,number) CURLOPT_/**/name = type + number
@@ -816,30 +909,30 @@ typedef enum {
typedef enum {
/* This is the FILE * or void * the regular output should be written to. */
- CINIT(FILE, OBJECTPOINT, 1),
+ CINIT(WRITEDATA, OBJECTPOINT, 1),
/* The full URL to get/put */
- CINIT(URL, OBJECTPOINT, 2),
+ CINIT(URL, STRINGPOINT, 2),
/* Port number to connect to, if other than default. */
CINIT(PORT, LONG, 3),
/* Name of proxy to use. */
- CINIT(PROXY, OBJECTPOINT, 4),
+ CINIT(PROXY, STRINGPOINT, 4),
- /* "name:password" to use when fetching. */
- CINIT(USERPWD, OBJECTPOINT, 5),
+ /* "user:password;options" to use when fetching. */
+ CINIT(USERPWD, STRINGPOINT, 5),
- /* "name:password" to use with proxy. */
- CINIT(PROXYUSERPWD, OBJECTPOINT, 6),
+ /* "user:password" to use with proxy. */
+ CINIT(PROXYUSERPWD, STRINGPOINT, 6),
/* Range to get, specified as an ASCII string. */
- CINIT(RANGE, OBJECTPOINT, 7),
+ CINIT(RANGE, STRINGPOINT, 7),
/* not used */
/* Specified file stream to upload from (use as input): */
- CINIT(INFILE, OBJECTPOINT, 9),
+ CINIT(READDATA, OBJECTPOINT, 9),
/* Buffer to receive error messages in, must be at least CURL_ERROR_SIZE
* bytes big. If this is not used, error messages go to stderr instead: */
@@ -871,14 +964,14 @@ typedef enum {
CINIT(POSTFIELDS, OBJECTPOINT, 15),
/* Set the referrer page (needed by some CGIs) */
- CINIT(REFERER, OBJECTPOINT, 16),
+ CINIT(REFERER, STRINGPOINT, 16),
/* Set the FTP PORT string (interface name, named or numerical IP address)
Use i.e '-' to use default address. */
- CINIT(FTPPORT, OBJECTPOINT, 17),
+ CINIT(FTPPORT, STRINGPOINT, 17),
/* Set the User-Agent string (examined by some CGIs) */
- CINIT(USERAGENT, OBJECTPOINT, 18),
+ CINIT(USERAGENT, STRINGPOINT, 18),
/* If the download receives less than "low speed limit" bytes/second
* during "low speed time" seconds, the operations is aborted.
@@ -901,19 +994,20 @@ typedef enum {
CINIT(RESUME_FROM, LONG, 21),
/* Set cookie in request: */
- CINIT(COOKIE, OBJECTPOINT, 22),
+ CINIT(COOKIE, STRINGPOINT, 22),
- /* This points to a linked list of headers, struct curl_slist kind */
+ /* This points to a linked list of headers, struct curl_slist kind. This
+ list is also used for RTSP (in spite of its name) */
CINIT(HTTPHEADER, OBJECTPOINT, 23),
/* This points to a linked list of post entries, struct curl_httppost */
CINIT(HTTPPOST, OBJECTPOINT, 24),
/* name of the file keeping your private SSL-certificate */
- CINIT(SSLCERT, OBJECTPOINT, 25),
+ CINIT(SSLCERT, STRINGPOINT, 25),
/* password for the SSL or SSH private key */
- CINIT(KEYPASSWD, OBJECTPOINT, 26),
+ CINIT(KEYPASSWD, STRINGPOINT, 26),
/* send TYPE parameter? */
CINIT(CRLF, LONG, 27),
@@ -923,11 +1017,11 @@ typedef enum {
/* send FILE * or void * to store headers to, if you use a callback it
is simply passed to the callback unmodified */
- CINIT(WRITEHEADER, OBJECTPOINT, 29),
+ CINIT(HEADERDATA, OBJECTPOINT, 29),
/* point to a file to read the initial cookies from, also enables
"cookie awareness" */
- CINIT(COOKIEFILE, OBJECTPOINT, 31),
+ CINIT(COOKIEFILE, STRINGPOINT, 31),
/* What version to specifically try to use.
See CURL_SSLVERSION defines below. */
@@ -946,9 +1040,9 @@ typedef enum {
HTTP: DELETE, TRACE and others
FTP: to use a different list command
*/
- CINIT(CUSTOMREQUEST, OBJECTPOINT, 36),
+ CINIT(CUSTOMREQUEST, STRINGPOINT, 36),
- /* HTTP request, for odd commands like DELETE, TRACE and others */
+ /* FILE handle to use instead of stderr */
CINIT(STDERR, OBJECTPOINT, 37),
/* 38 is not used */
@@ -956,13 +1050,13 @@ typedef enum {
/* send linked-list of post-transfer QUOTE commands */
CINIT(POSTQUOTE, OBJECTPOINT, 39),
- CINIT(WRITEINFO, OBJECTPOINT, 40), /* DEPRECATED, do not use! */
+ CINIT(OBSOLETE40, OBJECTPOINT, 40), /* OBSOLETE, do not use! */
CINIT(VERBOSE, LONG, 41), /* talk a lot */
CINIT(HEADER, LONG, 42), /* throw the header out too */
CINIT(NOPROGRESS, LONG, 43), /* shut off the progress meter */
CINIT(NOBODY, LONG, 44), /* use HEAD to get http document */
- CINIT(FAILONERROR, LONG, 45), /* no output on http error codes >= 300 */
+ CINIT(FAILONERROR, LONG, 45), /* no output on http error codes >= 400 */
CINIT(UPLOAD, LONG, 46), /* this is an upload */
CINIT(POST, LONG, 47), /* HTTP POST method */
CINIT(DIRLISTONLY, LONG, 48), /* bare names when listing directories */
@@ -1005,19 +1099,19 @@ typedef enum {
CINIT(HTTPPROXYTUNNEL, LONG, 61),
/* Set the interface string to use as outgoing network interface */
- CINIT(INTERFACE, OBJECTPOINT, 62),
+ CINIT(INTERFACE, STRINGPOINT, 62),
/* Set the krb4/5 security level, this also enables krb4/5 awareness. This
* is a string, 'clear', 'safe', 'confidential' or 'private'. If the string
* is set but doesn't match one of these, 'private' will be used. */
- CINIT(KRBLEVEL, OBJECTPOINT, 63),
+ CINIT(KRBLEVEL, STRINGPOINT, 63),
/* Set if we should verify the peer in ssl handshake, set 1 to verify. */
CINIT(SSL_VERIFYPEER, LONG, 64),
/* The CApath or CAfile used to validate the peer certificate
this option is used only if SSL_VERIFYPEER is true */
- CINIT(CAINFO, OBJECTPOINT, 65),
+ CINIT(CAINFO, STRINGPOINT, 65),
/* 66 = OBSOLETE */
/* 67 = OBSOLETE */
@@ -1035,7 +1129,7 @@ typedef enum {
/* Max amount of cached alive connections */
CINIT(MAXCONNECTS, LONG, 71),
- CINIT(CLOSEPOLICY, LONG, 72), /* DEPRECATED, do not use! */
+ CINIT(OBSOLETE72, LONG, 72), /* OBSOLETE, do not use! */
/* 73 = OBSOLETE */
@@ -1051,10 +1145,10 @@ typedef enum {
/* Set to a file name that contains random data for libcurl to use to
seed the random engine when doing SSL connects. */
- CINIT(RANDOM_FILE, OBJECTPOINT, 76),
+ CINIT(RANDOM_FILE, STRINGPOINT, 76),
/* Set to the Entropy Gathering Daemon socket pathname */
- CINIT(EGDSOCKET, OBJECTPOINT, 77),
+ CINIT(EGDSOCKET, STRINGPOINT, 77),
/* Time-out connect operations after this amount of seconds, if connects are
OK within this time, then fine... This only aborts the connect phase. */
@@ -1076,10 +1170,10 @@ typedef enum {
/* Specify which file name to write all known cookies in after completed
operation. Set file name to "-" (dash) to make it go to stdout. */
- CINIT(COOKIEJAR, OBJECTPOINT, 82),
+ CINIT(COOKIEJAR, STRINGPOINT, 82),
/* Specify which SSL ciphers to use */
- CINIT(SSL_CIPHER_LIST, OBJECTPOINT, 83),
+ CINIT(SSL_CIPHER_LIST, STRINGPOINT, 83),
/* Specify which HTTP version to use! This must be set to one of the
CURL_HTTP_VERSION* enums set below. */
@@ -1091,16 +1185,16 @@ typedef enum {
CINIT(FTP_USE_EPSV, LONG, 85),
/* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") */
- CINIT(SSLCERTTYPE, OBJECTPOINT, 86),
+ CINIT(SSLCERTTYPE, STRINGPOINT, 86),
/* name of the file keeping your private SSL-key */
- CINIT(SSLKEY, OBJECTPOINT, 87),
+ CINIT(SSLKEY, STRINGPOINT, 87),
/* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") */
- CINIT(SSLKEYTYPE, OBJECTPOINT, 88),
+ CINIT(SSLKEYTYPE, STRINGPOINT, 88),
/* crypto engine for the SSL-sub system */
- CINIT(SSLENGINE, OBJECTPOINT, 89),
+ CINIT(SSLENGINE, STRINGPOINT, 89),
/* set the crypto engine for the SSL-sub system as default
the param has no meaning...
@@ -1127,7 +1221,7 @@ typedef enum {
/* The CApath directory used to validate the peer certificate
this option is used only if SSL_VERIFYPEER is true */
- CINIT(CAPATH, OBJECTPOINT, 97),
+ CINIT(CAPATH, STRINGPOINT, 97),
/* Instruct libcurl to use a smaller receive buffer */
CINIT(BUFFERSIZE, LONG, 98),
@@ -1141,13 +1235,14 @@ typedef enum {
CINIT(SHARE, OBJECTPOINT, 100),
/* indicates type of proxy. accepted values are CURLPROXY_HTTP (default),
- CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */
+ CURLPROXY_HTTPS, CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and
+ CURLPROXY_SOCKS5. */
CINIT(PROXYTYPE, LONG, 101),
/* Set the Accept-Encoding string. Use this to tell a server you would like
the response to be compressed. Before 7.21.6, this was known as
CURLOPT_ENCODING */
- CINIT(ACCEPT_ENCODING, OBJECTPOINT, 102),
+ CINIT(ACCEPT_ENCODING, STRINGPOINT, 102),
/* Set pointer to private data */
CINIT(PRIVATE, OBJECTPOINT, 103),
@@ -1228,7 +1323,7 @@ typedef enum {
to parse (using the CURLOPT_NETRC option). If not set, libcurl will do
a poor attempt to find the user's home directory and check for a .netrc
file in there. */
- CINIT(NETRC_FILE, OBJECTPOINT, 118),
+ CINIT(NETRC_FILE, STRINGPOINT, 118),
/* Enable SSL/TLS for FTP, pick one of:
CURLUSESSL_TRY - try using SSL, proceed anyway otherwise
@@ -1271,10 +1366,10 @@ typedef enum {
/* zero terminated string for pass on to the FTP server when asked for
"account" info */
- CINIT(FTP_ACCOUNT, OBJECTPOINT, 134),
+ CINIT(FTP_ACCOUNT, STRINGPOINT, 134),
- /* feed cookies into cookie engine */
- CINIT(COOKIELIST, OBJECTPOINT, 135),
+ /* feed cookie into cookie engine */
+ CINIT(COOKIELIST, STRINGPOINT, 135),
/* ignore Content-Length */
CINIT(IGNORE_CONTENT_LENGTH, LONG, 136),
@@ -1320,7 +1415,7 @@ typedef enum {
CINIT(MAX_RECV_SPEED_LARGE, OFF_T, 146),
/* Pointer to command string to send if USER/PASS fails. */
- CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147),
+ CINIT(FTP_ALTERNATIVE_TO_USER, STRINGPOINT, 147),
/* callback function for setting socket options */
CINIT(SOCKOPTFUNCTION, FUNCTIONPOINT, 148),
@@ -1334,8 +1429,8 @@ typedef enum {
CINIT(SSH_AUTH_TYPES, LONG, 151),
/* Used by scp/sftp to do public/private key authentication */
- CINIT(SSH_PUBLIC_KEYFILE, OBJECTPOINT, 152),
- CINIT(SSH_PRIVATE_KEYFILE, OBJECTPOINT, 153),
+ CINIT(SSH_PUBLIC_KEYFILE, STRINGPOINT, 152),
+ CINIT(SSH_PRIVATE_KEYFILE, STRINGPOINT, 153),
/* Send CCC (Clear Command Channel) after authentication */
CINIT(FTP_SSL_CCC, LONG, 154),
@@ -1359,7 +1454,7 @@ typedef enum {
CINIT(POSTREDIR, LONG, 161),
/* used by scp/sftp to verify the host's public key */
- CINIT(SSH_HOST_PUBLIC_KEY_MD5, OBJECTPOINT, 162),
+ CINIT(SSH_HOST_PUBLIC_KEY_MD5, STRINGPOINT, 162),
/* Callback function for opening socket (instead of socket(2)). Optionally,
callback is able change the address or refuse to connect returning
@@ -1379,26 +1474,25 @@ typedef enum {
CINIT(SEEKDATA, OBJECTPOINT, 168),
/* CRL file */
- CINIT(CRLFILE, OBJECTPOINT, 169),
+ CINIT(CRLFILE, STRINGPOINT, 169),
/* Issuer certificate */
- CINIT(ISSUERCERT, OBJECTPOINT, 170),
+ CINIT(ISSUERCERT, STRINGPOINT, 170),
/* (IPv6) Address scope */
CINIT(ADDRESS_SCOPE, LONG, 171),
/* Collect certificate chain info and allow it to get retrievable with
- CURLINFO_CERTINFO after the transfer is complete. (Unfortunately) only
- working with OpenSSL-powered builds. */
+ CURLINFO_CERTINFO after the transfer is complete. */
CINIT(CERTINFO, LONG, 172),
/* "name" and "pwd" to use when fetching. */
- CINIT(USERNAME, OBJECTPOINT, 173),
- CINIT(PASSWORD, OBJECTPOINT, 174),
+ CINIT(USERNAME, STRINGPOINT, 173),
+ CINIT(PASSWORD, STRINGPOINT, 174),
/* "name" and "pwd" to use with Proxy when fetching. */
- CINIT(PROXYUSERNAME, OBJECTPOINT, 175),
- CINIT(PROXYPASSWORD, OBJECTPOINT, 176),
+ CINIT(PROXYUSERNAME, STRINGPOINT, 175),
+ CINIT(PROXYPASSWORD, STRINGPOINT, 176),
/* Comma separated list of hostnames defining no-proxy zones. These should
match both hostnames directly, and hostnames within a domain. For
@@ -1407,13 +1501,13 @@ typedef enum {
implementations of this, .local.com will be considered to be the same as
local.com. A single * is the only valid wildcard, and effectively
disables the use of proxy. */
- CINIT(NOPROXY, OBJECTPOINT, 177),
+ CINIT(NOPROXY, STRINGPOINT, 177),
/* block size for TFTP transfers */
CINIT(TFTP_BLKSIZE, LONG, 178),
/* Socks Service */
- CINIT(SOCKS5_GSSAPI_SERVICE, OBJECTPOINT, 179),
+ CINIT(SOCKS5_GSSAPI_SERVICE, STRINGPOINT, 179), /* DEPRECATED, do not use! */
/* Socks Service */
CINIT(SOCKS5_GSSAPI_NEC, LONG, 180),
@@ -1431,7 +1525,7 @@ typedef enum {
CINIT(REDIR_PROTOCOLS, LONG, 182),
/* set the SSH knownhost file name to use */
- CINIT(SSH_KNOWNHOSTS, OBJECTPOINT, 183),
+ CINIT(SSH_KNOWNHOSTS, STRINGPOINT, 183),
/* set the SSH host key callback, must point to a curl_sshkeycallback
function */
@@ -1441,9 +1535,9 @@ typedef enum {
CINIT(SSH_KEYDATA, OBJECTPOINT, 185),
/* set the SMTP mail originator */
- CINIT(MAIL_FROM, OBJECTPOINT, 186),
+ CINIT(MAIL_FROM, STRINGPOINT, 186),
- /* set the SMTP mail receiver(s) */
+ /* set the list of SMTP mail receiver(s) */
CINIT(MAIL_RCPT, OBJECTPOINT, 187),
/* FTP: send PRET before PASV */
@@ -1453,13 +1547,13 @@ typedef enum {
CINIT(RTSP_REQUEST, LONG, 189),
/* The RTSP session identifier */
- CINIT(RTSP_SESSION_ID, OBJECTPOINT, 190),
+ CINIT(RTSP_SESSION_ID, STRINGPOINT, 190),
/* The RTSP stream URI */
- CINIT(RTSP_STREAM_URI, OBJECTPOINT, 191),
+ CINIT(RTSP_STREAM_URI, STRINGPOINT, 191),
/* The Transport: header to use in RTSP requests */
- CINIT(RTSP_TRANSPORT, OBJECTPOINT, 192),
+ CINIT(RTSP_TRANSPORT, STRINGPOINT, 192),
/* Manually initialize the client RTSP CSeq for this handle */
CINIT(RTSP_CLIENT_CSEQ, LONG, 193),
@@ -1497,13 +1591,13 @@ typedef enum {
CINIT(RESOLVE, OBJECTPOINT, 203),
/* Set a username for authenticated TLS */
- CINIT(TLSAUTH_USERNAME, OBJECTPOINT, 204),
+ CINIT(TLSAUTH_USERNAME, STRINGPOINT, 204),
/* Set a password for authenticated TLS */
- CINIT(TLSAUTH_PASSWORD, OBJECTPOINT, 205),
+ CINIT(TLSAUTH_PASSWORD, STRINGPOINT, 205),
/* Set authentication type for authenticated TLS */
- CINIT(TLSAUTH_TYPE, OBJECTPOINT, 206),
+ CINIT(TLSAUTH_TYPE, STRINGPOINT, 206),
/* Set to 1 to enable the "TE:" header in HTTP requests to ask for
compressed transfer-encoded responses. Set to 0 to disable the use of TE:
@@ -1526,10 +1620,10 @@ typedef enum {
CINIT(GSSAPI_DELEGATION, LONG, 210),
/* Set the name servers to use for DNS resolution */
- CINIT(DNS_SERVERS, OBJECTPOINT, 211),
+ CINIT(DNS_SERVERS, STRINGPOINT, 211),
/* Time-out accept operations (currently for FTP only) after this amount
- of miliseconds. */
+ of milliseconds. */
CINIT(ACCEPTTIMEOUT_MS, LONG, 212),
/* Set TCP keepalive */
@@ -1543,7 +1637,7 @@ typedef enum {
CINIT(SSL_OPTIONS, LONG, 216),
/* Set the SMTP auth originator */
- CINIT(MAIL_AUTH, OBJECTPOINT, 217),
+ CINIT(MAIL_AUTH, STRINGPOINT, 217),
/* Enable/disable SASL initial response */
CINIT(SASL_IR, LONG, 218),
@@ -1554,20 +1648,173 @@ typedef enum {
CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219),
/* The XOAUTH2 bearer token */
- CINIT(XOAUTH2_BEARER, OBJECTPOINT, 220),
+ CINIT(XOAUTH2_BEARER, STRINGPOINT, 220),
/* Set the interface string to use as outgoing network
* interface for DNS requests.
* Only supported by the c-ares DNS backend */
- CINIT(DNS_INTERFACE, OBJECTPOINT, 221),
+ CINIT(DNS_INTERFACE, STRINGPOINT, 221),
/* Set the local IPv4 address to use for outgoing DNS requests.
* Only supported by the c-ares DNS backend */
- CINIT(DNS_LOCAL_IP4, OBJECTPOINT, 222),
+ CINIT(DNS_LOCAL_IP4, STRINGPOINT, 222),
/* Set the local IPv4 address to use for outgoing DNS requests.
* Only supported by the c-ares DNS backend */
- CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
+ CINIT(DNS_LOCAL_IP6, STRINGPOINT, 223),
+
+ /* Set authentication options directly */
+ CINIT(LOGIN_OPTIONS, STRINGPOINT, 224),
+
+ /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */
+ CINIT(SSL_ENABLE_NPN, LONG, 225),
+
+ /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */
+ CINIT(SSL_ENABLE_ALPN, LONG, 226),
+
+ /* Time to wait for a response to a HTTP request containing an
+ * Expect: 100-continue header before sending the data anyway. */
+ CINIT(EXPECT_100_TIMEOUT_MS, LONG, 227),
+
+ /* This points to a linked list of headers used for proxy requests only,
+ struct curl_slist kind */
+ CINIT(PROXYHEADER, OBJECTPOINT, 228),
+
+ /* Pass in a bitmask of "header options" */
+ CINIT(HEADEROPT, LONG, 229),
+
+ /* The public key in DER form used to validate the peer public key
+ this option is used only if SSL_VERIFYPEER is true */
+ CINIT(PINNEDPUBLICKEY, STRINGPOINT, 230),
+
+ /* Path to Unix domain socket */
+ CINIT(UNIX_SOCKET_PATH, STRINGPOINT, 231),
+
+ /* Set if we should verify the certificate status. */
+ CINIT(SSL_VERIFYSTATUS, LONG, 232),
+
+ /* Set if we should enable TLS false start. */
+ CINIT(SSL_FALSESTART, LONG, 233),
+
+ /* Do not squash dot-dot sequences */
+ CINIT(PATH_AS_IS, LONG, 234),
+
+ /* Proxy Service Name */
+ CINIT(PROXY_SERVICE_NAME, STRINGPOINT, 235),
+
+ /* Service Name */
+ CINIT(SERVICE_NAME, STRINGPOINT, 236),
+
+ /* Wait/don't wait for pipe/mutex to clarify */
+ CINIT(PIPEWAIT, LONG, 237),
+
+ /* Set the protocol used when curl is given a URL without a protocol */
+ CINIT(DEFAULT_PROTOCOL, STRINGPOINT, 238),
+
+ /* Set stream weight, 1 - 256 (default is 16) */
+ CINIT(STREAM_WEIGHT, LONG, 239),
+
+ /* Set stream dependency on another CURL handle */
+ CINIT(STREAM_DEPENDS, OBJECTPOINT, 240),
+
+ /* Set E-xclusive stream dependency on another CURL handle */
+ CINIT(STREAM_DEPENDS_E, OBJECTPOINT, 241),
+
+ /* Do not send any tftp option requests to the server */
+ CINIT(TFTP_NO_OPTIONS, LONG, 242),
+
+ /* Linked-list of host:port:connect-to-host:connect-to-port,
+ overrides the URL's host:port (only for the network layer) */
+ CINIT(CONNECT_TO, OBJECTPOINT, 243),
+
+ /* Set TCP Fast Open */
+ CINIT(TCP_FASTOPEN, LONG, 244),
+
+ /* Continue to send data if the server responds early with an
+ * HTTP status code >= 300 */
+ CINIT(KEEP_SENDING_ON_ERROR, LONG, 245),
+
+ /* The CApath or CAfile used to validate the proxy certificate
+ this option is used only if PROXY_SSL_VERIFYPEER is true */
+ CINIT(PROXY_CAINFO, STRINGPOINT, 246),
+
+ /* The CApath directory used to validate the proxy certificate
+ this option is used only if PROXY_SSL_VERIFYPEER is true */
+ CINIT(PROXY_CAPATH, STRINGPOINT, 247),
+
+ /* Set if we should verify the proxy in ssl handshake,
+ set 1 to verify. */
+ CINIT(PROXY_SSL_VERIFYPEER, LONG, 248),
+
+ /* Set if we should verify the Common name from the proxy certificate in ssl
+ * handshake, set 1 to check existence, 2 to ensure that it matches
+ * the provided hostname. */
+ CINIT(PROXY_SSL_VERIFYHOST, LONG, 249),
+
+ /* What version to specifically try to use for proxy.
+ See CURL_SSLVERSION defines below. */
+ CINIT(PROXY_SSLVERSION, LONG, 250),
+
+ /* Set a username for authenticated TLS for proxy */
+ CINIT(PROXY_TLSAUTH_USERNAME, STRINGPOINT, 251),
+
+ /* Set a password for authenticated TLS for proxy */
+ CINIT(PROXY_TLSAUTH_PASSWORD, STRINGPOINT, 252),
+
+ /* Set authentication type for authenticated TLS for proxy */
+ CINIT(PROXY_TLSAUTH_TYPE, STRINGPOINT, 253),
+
+ /* name of the file keeping your private SSL-certificate for proxy */
+ CINIT(PROXY_SSLCERT, STRINGPOINT, 254),
+
+ /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") for
+ proxy */
+ CINIT(PROXY_SSLCERTTYPE, STRINGPOINT, 255),
+
+ /* name of the file keeping your private SSL-key for proxy */
+ CINIT(PROXY_SSLKEY, STRINGPOINT, 256),
+
+ /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") for
+ proxy */
+ CINIT(PROXY_SSLKEYTYPE, STRINGPOINT, 257),
+
+ /* password for the SSL private key for proxy */
+ CINIT(PROXY_KEYPASSWD, STRINGPOINT, 258),
+
+ /* Specify which SSL ciphers to use for proxy */
+ CINIT(PROXY_SSL_CIPHER_LIST, STRINGPOINT, 259),
+
+ /* CRL file for proxy */
+ CINIT(PROXY_CRLFILE, STRINGPOINT, 260),
+
+ /* Enable/disable specific SSL features with a bitmask for proxy, see
+ CURLSSLOPT_* */
+ CINIT(PROXY_SSL_OPTIONS, LONG, 261),
+
+ /* Name of pre proxy to use. */
+ CINIT(PRE_PROXY, STRINGPOINT, 262),
+
+ /* The public key in DER form used to validate the proxy public key
+ this option is used only if PROXY_SSL_VERIFYPEER is true */
+ CINIT(PROXY_PINNEDPUBLICKEY, STRINGPOINT, 263),
+
+ /* Path to an abstract Unix domain socket */
+ CINIT(ABSTRACT_UNIX_SOCKET, STRINGPOINT, 264),
+
+ /* Suppress proxy CONNECT response headers from user callbacks */
+ CINIT(SUPPRESS_CONNECT_HEADERS, LONG, 265),
+
+ /* The request target, instead of extracted from the URL */
+ CINIT(REQUEST_TARGET, STRINGPOINT, 266),
+
+ /* bitmask of allowed auth methods for connections to SOCKS5 proxies */
+ CINIT(SOCKS5_AUTH, LONG, 267),
+
+ /* Enable/disable SSH compression */
+ CINIT(SSH_COMPRESSION, LONG, 268),
+
+ /* Post MIME data. */
+ CINIT(MIMEPOST, OBJECTPOINT, 269),
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
@@ -1605,13 +1852,10 @@ typedef enum {
option might be handy to force libcurl to use a specific IP version. */
#define CURL_IPRESOLVE_WHATEVER 0 /* default, resolves addresses to all IP
versions that your system allows */
-#define CURL_IPRESOLVE_V4 1 /* resolve to ipv4 addresses */
-#define CURL_IPRESOLVE_V6 2 /* resolve to ipv6 addresses */
+#define CURL_IPRESOLVE_V4 1 /* resolve to IPv4 addresses */
+#define CURL_IPRESOLVE_V6 2 /* resolve to IPv6 addresses */
/* three convenient "aliases" that follow the name scheme better */
-#define CURLOPT_WRITEDATA CURLOPT_FILE
-#define CURLOPT_READDATA CURLOPT_INFILE
-#define CURLOPT_HEADERDATA CURLOPT_WRITEHEADER
#define CURLOPT_RTSPHEADER CURLOPT_HTTPHEADER
/* These enums are for use with the CURLOPT_HTTP_VERSION option. */
@@ -1621,11 +1865,19 @@ enum {
for us! */
CURL_HTTP_VERSION_1_0, /* please use HTTP 1.0 in the request */
CURL_HTTP_VERSION_1_1, /* please use HTTP 1.1 in the request */
- CURL_HTTP_VERSION_2_0, /* please use HTTP 2.0 in the request */
+ CURL_HTTP_VERSION_2_0, /* please use HTTP 2 in the request */
+ CURL_HTTP_VERSION_2TLS, /* use version 2 for HTTPS, version 1.1 for HTTP */
+ CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE, /* please use HTTP 2 without HTTP/1.1
+ Upgrade */
CURL_HTTP_VERSION_LAST /* *ILLEGAL* http version */
};
+/* Convenience definition simple because the name of the version is HTTP/2 and
+ not 2.0. The 2_0 version of the enum name was set while the version was
+ still planned to be 2.0 and we stick to it for compatibility. */
+#define CURL_HTTP_VERSION_2 CURL_HTTP_VERSION_2_0
+
/*
* Public API enums for RTSP requests
*/
@@ -1659,13 +1911,29 @@ enum CURL_NETRC_OPTION {
enum {
CURL_SSLVERSION_DEFAULT,
- CURL_SSLVERSION_TLSv1,
+ CURL_SSLVERSION_TLSv1, /* TLS 1.x */
CURL_SSLVERSION_SSLv2,
CURL_SSLVERSION_SSLv3,
+ CURL_SSLVERSION_TLSv1_0,
+ CURL_SSLVERSION_TLSv1_1,
+ CURL_SSLVERSION_TLSv1_2,
+ CURL_SSLVERSION_TLSv1_3,
CURL_SSLVERSION_LAST /* never use, keep last */
};
+enum {
+ CURL_SSLVERSION_MAX_NONE = 0,
+ CURL_SSLVERSION_MAX_DEFAULT = (CURL_SSLVERSION_TLSv1 << 16),
+ CURL_SSLVERSION_MAX_TLSv1_0 = (CURL_SSLVERSION_TLSv1_0 << 16),
+ CURL_SSLVERSION_MAX_TLSv1_1 = (CURL_SSLVERSION_TLSv1_1 << 16),
+ CURL_SSLVERSION_MAX_TLSv1_2 = (CURL_SSLVERSION_TLSv1_2 << 16),
+ CURL_SSLVERSION_MAX_TLSv1_3 = (CURL_SSLVERSION_TLSv1_3 << 16),
+
+ /* never use, keep last */
+ CURL_SSLVERSION_MAX_LAST = (CURL_SSLVERSION_LAST << 16)
+};
+
enum CURL_TLSAUTH {
CURL_TLSAUTH_NONE,
CURL_TLSAUTH_SRP,
@@ -1694,12 +1962,140 @@ typedef enum {
CURL_TIMECOND_LAST
} curl_TimeCond;
+/* Special size_t value signaling a zero-terminated string. */
+#define CURL_ZERO_TERMINATED ((size_t) -1)
/* curl_strequal() and curl_strnequal() are subject for removal in a future
- libcurl, see lib/README.curlx for details */
-CURL_EXTERN int (curl_strequal)(const char *s1, const char *s2);
-CURL_EXTERN int (curl_strnequal)(const char *s1, const char *s2, size_t n);
+ release */
+CURL_EXTERN int curl_strequal(const char *s1, const char *s2);
+CURL_EXTERN int curl_strnequal(const char *s1, const char *s2, size_t n);
+/* Mime/form handling support. */
+typedef struct curl_mime_s curl_mime; /* Mime context. */
+typedef struct curl_mimepart_s curl_mimepart; /* Mime part context. */
+
+/*
+ * NAME curl_mime_init()
+ *
+ * DESCRIPTION
+ *
+ * Create a mime context and return its handle. The easy parameter is the
+ * target handle.
+ */
+CURL_EXTERN curl_mime *curl_mime_init(CURL *easy);
+
+/*
+ * NAME curl_mime_free()
+ *
+ * DESCRIPTION
+ *
+ * release a mime handle and its substructures.
+ */
+CURL_EXTERN void curl_mime_free(curl_mime *mime);
+
+/*
+ * NAME curl_mime_addpart()
+ *
+ * DESCRIPTION
+ *
+ * Append a new empty part to the given mime context and return a handle to
+ * the created part.
+ */
+CURL_EXTERN curl_mimepart *curl_mime_addpart(curl_mime *mime);
+
+/*
+ * NAME curl_mime_name()
+ *
+ * DESCRIPTION
+ *
+ * Set mime/form part name.
+ */
+CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part, const char *name);
+
+/*
+ * NAME curl_mime_filename()
+ *
+ * DESCRIPTION
+ *
+ * Set mime part remote file name.
+ */
+CURL_EXTERN CURLcode curl_mime_filename(curl_mimepart *part,
+ const char *filename);
+
+/*
+ * NAME curl_mime_type()
+ *
+ * DESCRIPTION
+ *
+ * Set mime part type.
+ */
+CURL_EXTERN CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype);
+
+/*
+ * NAME curl_mime_encoder()
+ *
+ * DESCRIPTION
+ *
+ * Set mime data transfer encoder.
+ */
+CURL_EXTERN CURLcode curl_mime_encoder(curl_mimepart *part,
+ const char *encoding);
+
+/*
+ * NAME curl_mime_data()
+ *
+ * DESCRIPTION
+ *
+ * Set mime part data source from memory data,
+ */
+CURL_EXTERN CURLcode curl_mime_data(curl_mimepart *part,
+ const char *data, size_t datasize);
+
+/*
+ * NAME curl_mime_filedata()
+ *
+ * DESCRIPTION
+ *
+ * Set mime part data source from named file.
+ */
+CURL_EXTERN CURLcode curl_mime_filedata(curl_mimepart *part,
+ const char *filename);
+
+/*
+ * NAME curl_mime_data_cb()
+ *
+ * DESCRIPTION
+ *
+ * Set mime part data source from callback function.
+ */
+CURL_EXTERN CURLcode curl_mime_data_cb(curl_mimepart *part,
+ curl_off_t datasize,
+ curl_read_callback readfunc,
+ curl_seek_callback seekfunc,
+ curl_free_callback freefunc,
+ void *arg);
+
+/*
+ * NAME curl_mime_subparts()
+ *
+ * DESCRIPTION
+ *
+ * Set mime part data source from subparts.
+ */
+CURL_EXTERN CURLcode curl_mime_subparts(curl_mimepart *part,
+ curl_mime *subparts);
+/*
+ * NAME curl_mime_headers()
+ *
+ * DESCRIPTION
+ *
+ * Set mime part headers.
+ */
+CURL_EXTERN CURLcode curl_mime_headers(curl_mimepart *part,
+ struct curl_slist *headers,
+ int take_ownership);
+
+/* Old form API. */
/* name is uppercase CURLFORM_<name> */
#ifdef CFINIT
#undef CFINIT
@@ -1738,6 +2134,7 @@ typedef enum {
CFINIT(OBSOLETE2),
CFINIT(STREAM),
+ CFINIT(CONTENTLEN), /* added in 7.46.0, provide a curl_off_t length */
CURLFORM_LASTENTRY /* the last unused */
} CURLformoption;
@@ -1941,6 +2338,47 @@ struct curl_slist {
};
/*
+ * NAME curl_global_sslset()
+ *
+ * DESCRIPTION
+ *
+ * When built with multiple SSL backends, curl_global_sslset() allows to
+ * choose one. This function can only be called once, and it must be called
+ * *before* curl_global_init().
+ *
+ * The backend can be identified by the id (e.g. CURLSSLBACKEND_OPENSSL). The
+ * backend can also be specified via the name parameter (passing -1 as id).
+ * If both id and name are specified, the name will be ignored. If neither id
+ * nor name are specified, the function will fail with
+ * CURLSSLSET_UNKNOWN_BACKEND and set the "avail" pointer to the
+ * NULL-terminated list of available backends.
+ *
+ * Upon success, the function returns CURLSSLSET_OK.
+ *
+ * If the specified SSL backend is not available, the function returns
+ * CURLSSLSET_UNKNOWN_BACKEND and sets the "avail" pointer to a NULL-terminated
+ * list of available SSL backends.
+ *
+ * The SSL backend can be set only once. If it has already been set, a
+ * subsequent attempt to change it will result in a CURLSSLSET_TOO_LATE.
+ */
+
+typedef struct {
+ curl_sslbackend id;
+ const char *name;
+} curl_ssl_backend;
+
+typedef enum {
+ CURLSSLSET_OK = 0,
+ CURLSSLSET_UNKNOWN_BACKEND,
+ CURLSSLSET_TOO_LATE,
+ CURLSSLSET_NO_BACKENDS /* libcurl was built without any SSL support */
+} CURLsslset;
+
+CURL_EXTERN CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
+ const curl_ssl_backend ***avail);
+
+/*
* NAME curl_slist_append()
*
* DESCRIPTION
@@ -1980,10 +2418,21 @@ struct curl_certinfo {
format "name: value" */
};
+/* Information about the SSL library used and the respective internal SSL
+ handle, which can be used to obtain further information regarding the
+ connection. Asked for with CURLINFO_TLS_SSL_PTR or CURLINFO_TLS_SESSION. */
+struct curl_tlssessioninfo {
+ curl_sslbackend backend;
+ void *internals;
+};
+
#define CURLINFO_STRING 0x100000
#define CURLINFO_LONG 0x200000
#define CURLINFO_DOUBLE 0x300000
#define CURLINFO_SLIST 0x400000
+#define CURLINFO_PTR 0x400000 /* same as SLIST */
+#define CURLINFO_SOCKET 0x500000
+#define CURLINFO_OFF_T 0x600000
#define CURLINFO_MASK 0x0fffff
#define CURLINFO_TYPEMASK 0xf00000
@@ -1996,15 +2445,21 @@ typedef enum {
CURLINFO_CONNECT_TIME = CURLINFO_DOUBLE + 5,
CURLINFO_PRETRANSFER_TIME = CURLINFO_DOUBLE + 6,
CURLINFO_SIZE_UPLOAD = CURLINFO_DOUBLE + 7,
+ CURLINFO_SIZE_UPLOAD_T = CURLINFO_OFF_T + 7,
CURLINFO_SIZE_DOWNLOAD = CURLINFO_DOUBLE + 8,
+ CURLINFO_SIZE_DOWNLOAD_T = CURLINFO_OFF_T + 8,
CURLINFO_SPEED_DOWNLOAD = CURLINFO_DOUBLE + 9,
+ CURLINFO_SPEED_DOWNLOAD_T = CURLINFO_OFF_T + 9,
CURLINFO_SPEED_UPLOAD = CURLINFO_DOUBLE + 10,
+ CURLINFO_SPEED_UPLOAD_T = CURLINFO_OFF_T + 10,
CURLINFO_HEADER_SIZE = CURLINFO_LONG + 11,
CURLINFO_REQUEST_SIZE = CURLINFO_LONG + 12,
CURLINFO_SSL_VERIFYRESULT = CURLINFO_LONG + 13,
CURLINFO_FILETIME = CURLINFO_LONG + 14,
CURLINFO_CONTENT_LENGTH_DOWNLOAD = CURLINFO_DOUBLE + 15,
+ CURLINFO_CONTENT_LENGTH_DOWNLOAD_T = CURLINFO_OFF_T + 15,
CURLINFO_CONTENT_LENGTH_UPLOAD = CURLINFO_DOUBLE + 16,
+ CURLINFO_CONTENT_LENGTH_UPLOAD_T = CURLINFO_OFF_T + 16,
CURLINFO_STARTTRANSFER_TIME = CURLINFO_DOUBLE + 17,
CURLINFO_CONTENT_TYPE = CURLINFO_STRING + 18,
CURLINFO_REDIRECT_TIME = CURLINFO_DOUBLE + 19,
@@ -2022,7 +2477,7 @@ typedef enum {
CURLINFO_REDIRECT_URL = CURLINFO_STRING + 31,
CURLINFO_PRIMARY_IP = CURLINFO_STRING + 32,
CURLINFO_APPCONNECT_TIME = CURLINFO_DOUBLE + 33,
- CURLINFO_CERTINFO = CURLINFO_SLIST + 34,
+ CURLINFO_CERTINFO = CURLINFO_PTR + 34,
CURLINFO_CONDITION_UNMET = CURLINFO_LONG + 35,
CURLINFO_RTSP_SESSION_ID = CURLINFO_STRING + 36,
CURLINFO_RTSP_CLIENT_CSEQ = CURLINFO_LONG + 37,
@@ -2031,9 +2486,16 @@ typedef enum {
CURLINFO_PRIMARY_PORT = CURLINFO_LONG + 40,
CURLINFO_LOCAL_IP = CURLINFO_STRING + 41,
CURLINFO_LOCAL_PORT = CURLINFO_LONG + 42,
+ CURLINFO_TLS_SESSION = CURLINFO_PTR + 43,
+ CURLINFO_ACTIVESOCKET = CURLINFO_SOCKET + 44,
+ CURLINFO_TLS_SSL_PTR = CURLINFO_PTR + 45,
+ CURLINFO_HTTP_VERSION = CURLINFO_LONG + 46,
+ CURLINFO_PROXY_SSL_VERIFYRESULT = CURLINFO_LONG + 47,
+ CURLINFO_PROTOCOL = CURLINFO_LONG + 48,
+ CURLINFO_SCHEME = CURLINFO_STRING + 49,
/* Fill in new entries below here! */
- CURLINFO_LASTONE = 42
+ CURLINFO_LASTONE = 49
} CURLINFO;
/* CURLINFO_RESPONSE_CODE is the new name for the option previously known as
@@ -2052,7 +2514,7 @@ typedef enum {
CURLCLOSEPOLICY_LAST /* last, never use this */
} curl_closepolicy;
-#define CURL_GLOBAL_SSL (1<<0)
+#define CURL_GLOBAL_SSL (1<<0) /* no purpose since since 7.57.0 */
#define CURL_GLOBAL_WIN32 (1<<1)
#define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32)
#define CURL_GLOBAL_NOTHING 0
@@ -2095,7 +2557,6 @@ typedef void (*curl_unlock_function)(CURL *handle,
curl_lock_data data,
void *userptr);
-typedef void CURLSH;
typedef enum {
CURLSHE_OK, /* all is fine */
@@ -2131,6 +2592,7 @@ typedef enum {
CURLVERSION_SECOND,
CURLVERSION_THIRD,
CURLVERSION_FOURTH,
+ CURLVERSION_FIFTH,
CURLVERSION_LAST /* never actually use this */
} CURLversion;
@@ -2139,7 +2601,7 @@ typedef enum {
meant to be a built-in version number for what kind of struct the caller
expects. If the struct ever changes, we redefine the NOW to another enum
from above. */
-#define CURLVERSION_NOW CURLVERSION_FOURTH
+#define CURLVERSION_NOW CURLVERSION_FIFTH
typedef struct {
CURLversion age; /* age of the returned struct */
@@ -2167,25 +2629,43 @@ typedef struct {
const char *libssh_version; /* human readable string */
+ /* These fields were added in CURLVERSION_FIFTH */
+
+ unsigned int brotli_ver_num; /* Numeric Brotli version
+ (MAJOR << 24) | (MINOR << 12) | PATCH */
+ const char *brotli_version; /* human readable string. */
+
} curl_version_info_data;
-#define CURL_VERSION_IPV6 (1<<0) /* IPv6-enabled */
-#define CURL_VERSION_KERBEROS4 (1<<1) /* kerberos auth is supported */
-#define CURL_VERSION_SSL (1<<2) /* SSL options are present */
-#define CURL_VERSION_LIBZ (1<<3) /* libz features are present */
-#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */
-#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support */
-#define CURL_VERSION_DEBUG (1<<6) /* built with debug capabilities */
-#define CURL_VERSION_ASYNCHDNS (1<<7) /* asynchronous dns resolves */
-#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth */
-#define CURL_VERSION_LARGEFILE (1<<9) /* supports files bigger than 2GB */
-#define CURL_VERSION_IDN (1<<10) /* International Domain Names support */
-#define CURL_VERSION_SSPI (1<<11) /* SSPI is supported */
-#define CURL_VERSION_CONV (1<<12) /* character conversions supported */
-#define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
-#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
-#define CURL_VERSION_NTLM_WB (1<<15) /* NTLM delegating to winbind helper */
-#define CURL_VERSION_HTTP2 (1<<16) /* HTTP2 support built-in */
+#define CURL_VERSION_IPV6 (1<<0) /* IPv6-enabled */
+#define CURL_VERSION_KERBEROS4 (1<<1) /* Kerberos V4 auth is supported
+ (deprecated) */
+#define CURL_VERSION_SSL (1<<2) /* SSL options are present */
+#define CURL_VERSION_LIBZ (1<<3) /* libz features are present */
+#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */
+#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth is supported
+ (deprecated) */
+#define CURL_VERSION_DEBUG (1<<6) /* Built with debug capabilities */
+#define CURL_VERSION_ASYNCHDNS (1<<7) /* Asynchronous DNS resolves */
+#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth is supported */
+#define CURL_VERSION_LARGEFILE (1<<9) /* Supports files larger than 2GB */
+#define CURL_VERSION_IDN (1<<10) /* Internationized Domain Names are
+ supported */
+#define CURL_VERSION_SSPI (1<<11) /* Built against Windows SSPI */
+#define CURL_VERSION_CONV (1<<12) /* Character conversions supported */
+#define CURL_VERSION_CURLDEBUG (1<<13) /* Debug memory tracking supported */
+#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
+#define CURL_VERSION_NTLM_WB (1<<15) /* NTLM delegation to winbind helper
+ is supported */
+#define CURL_VERSION_HTTP2 (1<<16) /* HTTP2 support built-in */
+#define CURL_VERSION_GSSAPI (1<<17) /* Built against a GSS-API library */
+#define CURL_VERSION_KERBEROS5 (1<<18) /* Kerberos V5 auth is supported */
+#define CURL_VERSION_UNIX_SOCKETS (1<<19) /* Unix domain sockets support */
+#define CURL_VERSION_PSL (1<<20) /* Mozilla's Public Suffix List, used
+ for cookie domain verification */
+#define CURL_VERSION_HTTPS_PROXY (1<<21) /* HTTPS-proxy support built-in */
+#define CURL_VERSION_MULTI_SSL (1<<22) /* Multiple SSL backends available */
+#define CURL_VERSION_BROTLI (1<<23) /* Brotli features are present. */
/*
* NAME curl_version_info()
diff --git a/libs/libcurl/include/curl/curlrules.h b/libs/libcurl/include/curl/curlrules.h
deleted file mode 100644
index 7c2ede35b6..0000000000
--- a/libs/libcurl/include/curl/curlrules.h
+++ /dev/null
@@ -1,262 +0,0 @@
-#ifndef __CURL_CURLRULES_H
-#define __CURL_CURLRULES_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/* ================================================================ */
-/* COMPILE TIME SANITY CHECKS */
-/* ================================================================ */
-
-/*
- * NOTE 1:
- * -------
- *
- * All checks done in this file are intentionally placed in a public
- * header file which is pulled by curl/curl.h when an application is
- * being built using an already built libcurl library. Additionally
- * this file is also included and used when building the library.
- *
- * If compilation fails on this file it is certainly sure that the
- * problem is elsewhere. It could be a problem in the curlbuild.h
- * header file, or simply that you are using different compilation
- * settings than those used to build the library.
- *
- * Nothing in this file is intended to be modified or adjusted by the
- * curl library user nor by the curl library builder.
- *
- * Do not deactivate any check, these are done to make sure that the
- * library is properly built and used.
- *
- * You can find further help on the libcurl development mailing list:
- * http://cool.haxx.se/mailman/listinfo/curl-library/
- *
- * NOTE 2
- * ------
- *
- * Some of the following compile time checks are based on the fact
- * that the dimension of a constant array can not be a negative one.
- * In this way if the compile time verification fails, the compilation
- * will fail issuing an error. The error description wording is compiler
- * dependent but it will be quite similar to one of the following:
- *
- * "negative subscript or subscript is too large"
- * "array must have at least one element"
- * "-1 is an illegal array size"
- * "size of array is negative"
- *
- * If you are building an application which tries to use an already
- * built libcurl library and you are getting this kind of errors on
- * this file, it is a clear indication that there is a mismatch between
- * how the library was built and how you are trying to use it for your
- * application. Your already compiled or binary library provider is the
- * only one who can give you the details you need to properly use it.
- */
-
-/*
- * Verify that some macros are actually defined.
- */
-
-#ifndef CURL_SIZEOF_LONG
-# error "CURL_SIZEOF_LONG definition is missing!"
- Error Compilation_aborted_CURL_SIZEOF_LONG_is_missing
-#endif
-
-#ifndef CURL_TYPEOF_CURL_SOCKLEN_T
-# error "CURL_TYPEOF_CURL_SOCKLEN_T definition is missing!"
- Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_is_missing
-#endif
-
-#ifndef CURL_SIZEOF_CURL_SOCKLEN_T
-# error "CURL_SIZEOF_CURL_SOCKLEN_T definition is missing!"
- Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_is_missing
-#endif
-
-#ifndef CURL_TYPEOF_CURL_OFF_T
-# error "CURL_TYPEOF_CURL_OFF_T definition is missing!"
- Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_is_missing
-#endif
-
-#ifndef CURL_FORMAT_CURL_OFF_T
-# error "CURL_FORMAT_CURL_OFF_T definition is missing!"
- Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_is_missing
-#endif
-
-#ifndef CURL_FORMAT_CURL_OFF_TU
-# error "CURL_FORMAT_CURL_OFF_TU definition is missing!"
- Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_is_missing
-#endif
-
-#ifndef CURL_FORMAT_OFF_T
-# error "CURL_FORMAT_OFF_T definition is missing!"
- Error Compilation_aborted_CURL_FORMAT_OFF_T_is_missing
-#endif
-
-#ifndef CURL_SIZEOF_CURL_OFF_T
-# error "CURL_SIZEOF_CURL_OFF_T definition is missing!"
- Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_is_missing
-#endif
-
-#ifndef CURL_SUFFIX_CURL_OFF_T
-# error "CURL_SUFFIX_CURL_OFF_T definition is missing!"
- Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_is_missing
-#endif
-
-#ifndef CURL_SUFFIX_CURL_OFF_TU
-# error "CURL_SUFFIX_CURL_OFF_TU definition is missing!"
- Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_is_missing
-#endif
-
-/*
- * Macros private to this header file.
- */
-
-#define CurlchkszEQ(t, s) sizeof(t) == s ? 1 : -1
-
-#define CurlchkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1
-
-/*
- * Verify that the size previously defined and expected for long
- * is the same as the one reported by sizeof() at compile time.
- */
-
-typedef char
- __curl_rule_01__
- [CurlchkszEQ(long, CURL_SIZEOF_LONG)];
-
-/*
- * Verify that the size previously defined and expected for
- * curl_off_t is actually the the same as the one reported
- * by sizeof() at compile time.
- */
-
-typedef char
- __curl_rule_02__
- [CurlchkszEQ(curl_off_t, CURL_SIZEOF_CURL_OFF_T)];
-
-/*
- * Verify at compile time that the size of curl_off_t as reported
- * by sizeof() is greater or equal than the one reported for long
- * for the current compilation.
- */
-
-typedef char
- __curl_rule_03__
- [CurlchkszGE(curl_off_t, long)];
-
-/*
- * Verify that the size previously defined and expected for
- * curl_socklen_t is actually the the same as the one reported
- * by sizeof() at compile time.
- */
-
-typedef char
- __curl_rule_04__
- [CurlchkszEQ(curl_socklen_t, CURL_SIZEOF_CURL_SOCKLEN_T)];
-
-/*
- * Verify at compile time that the size of curl_socklen_t as reported
- * by sizeof() is greater or equal than the one reported for int for
- * the current compilation.
- */
-
-typedef char
- __curl_rule_05__
- [CurlchkszGE(curl_socklen_t, int)];
-
-/* ================================================================ */
-/* EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS */
-/* ================================================================ */
-
-/*
- * CURL_ISOCPP and CURL_OFF_T_C definitions are done here in order to allow
- * these to be visible and exported by the external libcurl interface API,
- * while also making them visible to the library internals, simply including
- * curl_setup.h, without actually needing to include curl.h internally.
- * If some day this section would grow big enough, all this should be moved
- * to its own header file.
- */
-
-/*
- * Figure out if we can use the ## preprocessor operator, which is supported
- * by ISO/ANSI C and C++. Some compilers support it without setting __STDC__
- * or __cplusplus so we need to carefully check for them too.
- */
-
-#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) || \
- defined(__HP_aCC) || defined(__BORLANDC__) || defined(__LCC__) || \
- defined(__POCC__) || defined(__SALFORDC__) || defined(__HIGHC__) || \
- defined(__ILEC400__)
- /* This compiler is believed to have an ISO compatible preprocessor */
-#define CURL_ISOCPP
-#else
- /* This compiler is believed NOT to have an ISO compatible preprocessor */
-#undef CURL_ISOCPP
-#endif
-
-/*
- * Macros for minimum-width signed and unsigned curl_off_t integer constants.
- */
-
-#if defined(__BORLANDC__) && (__BORLANDC__ == 0x0551)
-# define __CURL_OFF_T_C_HLPR2(x) x
-# define __CURL_OFF_T_C_HLPR1(x) __CURL_OFF_T_C_HLPR2(x)
-# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \
- __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_T)
-# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \
- __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_TU)
-#else
-# ifdef CURL_ISOCPP
-# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val ## Suffix
-# else
-# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val/**/Suffix
-# endif
-# define __CURL_OFF_T_C_HLPR1(Val,Suffix) __CURL_OFF_T_C_HLPR2(Val,Suffix)
-# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_T)
-# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_TU)
-#endif
-
-/*
- * Get rid of macros private to this header file.
- */
-
-#undef CurlchkszEQ
-#undef CurlchkszGE
-
-/*
- * Get rid of macros not intended to exist beyond this point.
- */
-
-#undef CURL_PULL_WS2TCPIP_H
-#undef CURL_PULL_SYS_TYPES_H
-#undef CURL_PULL_SYS_SOCKET_H
-#undef CURL_PULL_SYS_POLL_H
-#undef CURL_PULL_STDINT_H
-#undef CURL_PULL_INTTYPES_H
-
-#undef CURL_TYPEOF_CURL_SOCKLEN_T
-#undef CURL_TYPEOF_CURL_OFF_T
-
-#ifdef CURL_NO_OLDIES
-#undef CURL_FORMAT_OFF_T /* not required since 7.19.0 - obsoleted in 7.20.0 */
-#endif
-
-#endif /* __CURL_CURLRULES_H */
diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h
index 43c681bc98..30b1463078 100644
--- a/libs/libcurl/include/curl/curlver.h
+++ b/libs/libcurl/include/curl/curlver.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,16 +26,16 @@
a script at release-time. This was made its own header file in 7.11.2 */
/* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2013 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "1996 - 2017 Daniel Stenberg, <daniel@haxx.se>."
/* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "7.33.0"
+#define LIBCURL_VERSION "7.57.0"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 33
+#define LIBCURL_VERSION_MINOR 57
#define LIBCURL_VERSION_PATCH 0
/* This is the numeric version of the libcurl version number, meant for easier
@@ -52,18 +52,26 @@
This 6-digit (24 bits) hexadecimal number does not show pre-release number,
and it is always a greater number in a more recent release. It makes
comparisons with greater than and less than work.
+
+ Note: This define is the full hex number and _does not_ use the
+ CURL_VERSION_BITS() macro since curl's own configure script greps for it
+ and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x072100
+#define LIBCURL_VERSION_NUM 0x073900
/*
* This is the date and time when the full source package was created. The
* timestamp is not stored in git, as the timestamp is properly set in the
* tarballs by the maketgz script.
*
- * The format of the date should follow this template:
+ * The format of the date follows this template:
*
- * "Mon Feb 12 11:35:33 UTC 2007"
+ * "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "Mon Oct 14 14:42:58 UTC 2013"
+#define LIBCURL_TIMESTAMP "2017-11-29"
+
+#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z)
+#define CURL_AT_LEAST_VERSION(x,y,z) \
+ (LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z))
#endif /* __CURL_CURLVER_H */
diff --git a/libs/libcurl/include/curl/easy.h b/libs/libcurl/include/curl/easy.h
index c1e3e76096..752c5049f8 100644
--- a/libs/libcurl/include/curl/easy.h
+++ b/libs/libcurl/include/curl/easy.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -58,7 +58,7 @@ CURL_EXTERN CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...);
* curl_easy_duphandle() for each new thread to avoid a series of identical
* curl_easy_setopt() invokes in every thread.
*/
-CURL_EXTERN CURL* curl_easy_duphandle(CURL *curl);
+CURL_EXTERN CURL *curl_easy_duphandle(CURL *curl);
/*
* NAME curl_easy_reset()
diff --git a/libs/libcurl/include/curl/mprintf.h b/libs/libcurl/include/curl/mprintf.h
index cc9e7f5d1f..e20f546e19 100644
--- a/libs/libcurl/include/curl/mprintf.h
+++ b/libs/libcurl/include/curl/mprintf.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,8 +24,7 @@
#include <stdarg.h>
#include <stdio.h> /* needed for FILE */
-
-#include "curl.h"
+#include "curl.h" /* for CURL_EXTERN */
#ifdef __cplusplus
extern "C" {
@@ -44,36 +43,6 @@ CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength,
CURL_EXTERN char *curl_maprintf(const char *format, ...);
CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
-#ifdef _MPRINTF_REPLACE
-# undef printf
-# undef fprintf
-# undef sprintf
-# undef vsprintf
-# undef snprintf
-# undef vprintf
-# undef vfprintf
-# undef vsnprintf
-# undef aprintf
-# undef vaprintf
-# define printf curl_mprintf
-# define fprintf curl_mfprintf
-#ifdef CURLDEBUG
-/* When built with CURLDEBUG we define away the sprintf functions since we
- don't want internal code to be using them */
-# define sprintf sprintf_was_used
-# define vsprintf vsprintf_was_used
-#else
-# define sprintf curl_msprintf
-# define vsprintf curl_mvsprintf
-#endif
-# define snprintf curl_msnprintf
-# define vprintf curl_mvprintf
-# define vfprintf curl_mvfprintf
-# define vsnprintf curl_mvsnprintf
-# define aprintf curl_maprintf
-# define vaprintf curl_mvaprintf
-#endif
-
#ifdef __cplusplus
}
#endif
diff --git a/libs/libcurl/include/curl/multi.h b/libs/libcurl/include/curl/multi.h
index 3c4acb0f6e..911c91dd1a 100644
--- a/libs/libcurl/include/curl/multi.h
+++ b/libs/libcurl/include/curl/multi.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -52,7 +52,11 @@
extern "C" {
#endif
+#if defined(BUILDING_LIBCURL) || defined(CURL_STRICTER)
+typedef struct Curl_multi CURLM;
+#else
typedef void CURLM;
+#endif
typedef enum {
CURLM_CALL_MULTI_PERFORM = -1, /* please call curl_multi_perform() or
@@ -74,6 +78,11 @@ typedef enum {
curl_multi_perform() and CURLM_CALL_MULTI_PERFORM */
#define CURLM_CALL_MULTI_SOCKET CURLM_CALL_MULTI_PERFORM
+/* bitmask bits for CURLMOPT_PIPELINING */
+#define CURLPIPE_NOTHING 0L
+#define CURLPIPE_HTTP1 1L
+#define CURLPIPE_MULTIPLEX 2L
+
typedef enum {
CURLMSG_NONE, /* first, not used */
CURLMSG_DONE, /* This easy handle has completed. 'result' contains
@@ -209,7 +218,7 @@ CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle);
* curl_multi_cleanup().
*
* The 'CURLMsg' struct is meant to be very simple and only contain
- * very basic informations. If more involved information is wanted,
+ * very basic information. If more involved information is wanted,
* we will provide the particular "transfer handle" in that struct
* and that should/could/would be used in subsequent
* curl_easy_getinfo() calls (or similar). The point being that we
@@ -365,6 +374,12 @@ typedef enum {
/* maximum number of open connections in total */
CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13),
+ /* This is the server push callback function pointer */
+ CINIT(PUSHFUNCTION, FUNCTIONPOINT, 14),
+
+ /* This is the argument passed to the server push callback */
+ CINIT(PUSHDATA, OBJECTPOINT, 15),
+
CURLMOPT_LASTENTRY /* the last unused */
} CURLMoption;
@@ -392,6 +407,31 @@ CURL_EXTERN CURLMcode curl_multi_setopt(CURLM *multi_handle,
CURL_EXTERN CURLMcode curl_multi_assign(CURLM *multi_handle,
curl_socket_t sockfd, void *sockp);
+
+/*
+ * Name: curl_push_callback
+ *
+ * Desc: This callback gets called when a new stream is being pushed by the
+ * server. It approves or denies the new stream.
+ *
+ * Returns: CURL_PUSH_OK or CURL_PUSH_DENY.
+ */
+#define CURL_PUSH_OK 0
+#define CURL_PUSH_DENY 1
+
+struct curl_pushheaders; /* forward declaration only */
+
+CURL_EXTERN char *curl_pushheader_bynum(struct curl_pushheaders *h,
+ size_t num);
+CURL_EXTERN char *curl_pushheader_byname(struct curl_pushheaders *h,
+ const char *name);
+
+typedef int (*curl_push_callback)(CURL *parent,
+ CURL *easy,
+ size_t num_headers,
+ struct curl_pushheaders *headers,
+ void *userp);
+
#ifdef __cplusplus
} /* end of extern "C" */
#endif
diff --git a/libs/libcurl/include/curl/stdcheaders.h b/libs/libcurl/include/curl/stdcheaders.h
index ad82ef6335..027b6f4211 100644
--- a/libs/libcurl/include/curl/stdcheaders.h
+++ b/libs/libcurl/include/curl/stdcheaders.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,8 +24,8 @@
#include <sys/types.h>
-size_t fread (void *, size_t, size_t, FILE *);
-size_t fwrite (const void *, size_t, size_t, FILE *);
+size_t fread(void *, size_t, size_t, FILE *);
+size_t fwrite(const void *, size_t, size_t, FILE *);
int strcasecmp(const char *, const char *);
int strncasecmp(const char *, const char *, size_t);
diff --git a/libs/libcurl/include/curl/curlbuild.h b/libs/libcurl/include/curl/system.h
index 3ad2f018d8..39dae754cd 100644
--- a/libs/libcurl/include/curl/curlbuild.h
+++ b/libs/libcurl/include/curl/system.h
@@ -1,5 +1,5 @@
-#ifndef __CURL_CURLBUILD_H
-#define __CURL_CURLBUILD_H
+#ifndef __CURL_SYSTEM_H
+#define __CURL_SYSTEM_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,387 +22,201 @@
*
***************************************************************************/
-/* ================================================================ */
-/* NOTES FOR CONFIGURE CAPABLE SYSTEMS */
-/* ================================================================ */
-
-/*
- * NOTE 1:
- * -------
- *
- * See file include/curl/curlbuild.h.in, run configure, and forget
- * that this file exists it is only used for non-configure systems.
- * But you can keep reading if you want ;-)
- *
- */
-
-/* ================================================================ */
-/* NOTES FOR NON-CONFIGURE SYSTEMS */
-/* ================================================================ */
-
/*
- * NOTE 1:
- * -------
- *
- * Nothing in this file is intended to be modified or adjusted by the
- * curl library user nor by the curl library builder.
- *
- * If you think that something actually needs to be changed, adjusted
- * or fixed in this file, then, report it on the libcurl development
- * mailing list: http://cool.haxx.se/mailman/listinfo/curl-library/
- *
- * Try to keep one section per platform, compiler and architecture,
- * otherwise, if an existing section is reused for a different one and
- * later on the original is adjusted, probably the piggybacking one can
- * be adversely changed.
- *
- * In order to differentiate between platforms/compilers/architectures
- * use only compiler built in predefined preprocessor symbols.
- *
- * This header file shall only export symbols which are 'curl' or 'CURL'
- * prefixed, otherwise public name space would be polluted.
+ * Try to keep one section per platform, compiler and architecture, otherwise,
+ * if an existing section is reused for a different one and later on the
+ * original is adjusted, probably the piggybacking one can be adversely
+ * changed.
*
- * NOTE 2:
- * -------
+ * In order to differentiate between platforms/compilers/architectures use
+ * only compiler built in predefined preprocessor symbols.
*
- * For any given platform/compiler curl_off_t must be typedef'ed to a
- * 64-bit wide signed integral data type. The width of this data type
- * must remain constant and independent of any possible large file
- * support settings.
+ * curl_off_t
+ * ----------
*
- * As an exception to the above, curl_off_t shall be typedef'ed to a
- * 32-bit wide signed integral data type if there is no 64-bit type.
+ * For any given platform/compiler curl_off_t must be typedef'ed to a 64-bit
+ * wide signed integral data type. The width of this data type must remain
+ * constant and independent of any possible large file support settings.
*
- * As a general rule, curl_off_t shall not be mapped to off_t. This
- * rule shall only be violated if off_t is the only 64-bit data type
- * available and the size of off_t is independent of large file support
- * settings. Keep your build on the safe side avoiding an off_t gating.
- * If you have a 64-bit off_t then take for sure that another 64-bit
- * data type exists, dig deeper and you will find it.
+ * As an exception to the above, curl_off_t shall be typedef'ed to a 32-bit
+ * wide signed integral data type if there is no 64-bit type.
*
- * NOTE 3:
- * -------
- *
- * Right now you might be staring at file include/curl/curlbuild.h.dist or
- * at file include/curl/curlbuild.h, this is due to the following reason:
- * file include/curl/curlbuild.h.dist is renamed to include/curl/curlbuild.h
- * when the libcurl source code distribution archive file is created.
- *
- * File include/curl/curlbuild.h.dist is not included in the distribution
- * archive. File include/curl/curlbuild.h is not present in the git tree.
- *
- * The distributed include/curl/curlbuild.h file is only intended to be used
- * on systems which can not run the also distributed configure script.
- *
- * On systems capable of running the configure script, the configure process
- * will overwrite the distributed include/curl/curlbuild.h file with one that
- * is suitable and specific to the library being configured and built, which
- * is generated from the include/curl/curlbuild.h.in template file.
- *
- * If you check out from git on a non-configure platform, you must run the
- * appropriate buildconf* script to set up curlbuild.h and other local files.
+ * As a general rule, curl_off_t shall not be mapped to off_t. This rule shall
+ * only be violated if off_t is the only 64-bit data type available and the
+ * size of off_t is independent of large file support settings. Keep your
+ * build on the safe side avoiding an off_t gating. If you have a 64-bit
+ * off_t then take for sure that another 64-bit data type exists, dig deeper
+ * and you will find it.
*
*/
-/* ================================================================ */
-/* DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE */
-/* ================================================================ */
-
-#ifdef CURL_SIZEOF_LONG
-# error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
-#endif
-
-#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
-# error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
-#endif
-
-#ifdef CURL_SIZEOF_CURL_SOCKLEN_T
-# error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
-#endif
-
-#ifdef CURL_TYPEOF_CURL_OFF_T
-# error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
-#endif
-
-#ifdef CURL_FORMAT_CURL_OFF_T
-# error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
-#endif
-
-#ifdef CURL_FORMAT_CURL_OFF_TU
-# error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
-#endif
-
-#ifdef CURL_FORMAT_OFF_T
-# error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
-#endif
-
-#ifdef CURL_SIZEOF_CURL_OFF_T
-# error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
-#endif
-
-#ifdef CURL_SUFFIX_CURL_OFF_T
-# error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
-#endif
-
-#ifdef CURL_SUFFIX_CURL_OFF_TU
-# error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
- Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
-#endif
-
-/* ================================================================ */
-/* EXTERNAL INTERFACE SETTINGS FOR NON-CONFIGURE SYSTEMS ONLY */
-/* ================================================================ */
-
#if defined(__DJGPP__) || defined(__GO32__)
# if defined(__DJGPP__) && (__DJGPP__ > 1)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# else
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__SALFORDC__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__BORLANDC__)
# if (__BORLANDC__ < 0x520)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# else
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T __int64
# define CURL_FORMAT_CURL_OFF_T "I64d"
# define CURL_FORMAT_CURL_OFF_TU "I64u"
-# define CURL_FORMAT_OFF_T "%I64d"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T i64
# define CURL_SUFFIX_CURL_OFF_TU ui64
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__TURBOC__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__WATCOMC__)
# if defined(__386__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T __int64
# define CURL_FORMAT_CURL_OFF_T "I64d"
# define CURL_FORMAT_CURL_OFF_TU "I64u"
-# define CURL_FORMAT_OFF_T "%I64d"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T i64
# define CURL_SUFFIX_CURL_OFF_TU ui64
# else
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__POCC__)
# if (__POCC__ < 280)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# elif defined(_MSC_VER)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T __int64
# define CURL_FORMAT_CURL_OFF_T "I64d"
# define CURL_FORMAT_CURL_OFF_TU "I64u"
-# define CURL_FORMAT_OFF_T "%I64d"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T i64
# define CURL_SUFFIX_CURL_OFF_TU ui64
# else
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__LCC__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__SYMBIAN32__)
# if defined(__EABI__) /* Treat all ARM compilers equally */
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# elif defined(__CW32__)
# pragma longlong on
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# elif defined(__VC32__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T __int64
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__MWERKS__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(_WIN32_WCE)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T __int64
# define CURL_FORMAT_CURL_OFF_T "I64d"
# define CURL_FORMAT_CURL_OFF_TU "I64u"
-# define CURL_FORMAT_OFF_T "%I64d"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T i64
# define CURL_SUFFIX_CURL_OFF_TU ui64
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__MINGW32__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "I64d"
# define CURL_FORMAT_CURL_OFF_TU "I64u"
-# define CURL_FORMAT_OFF_T "%I64d"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
-# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
+# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
+# define CURL_PULL_SYS_TYPES_H 1
+# define CURL_PULL_WS2TCPIP_H 1
#elif defined(__VMS)
# if defined(__VAX)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# else
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
#elif defined(__OS400__)
# if defined(__ILEC400__)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
# define CURL_PULL_SYS_TYPES_H 1
# define CURL_PULL_SYS_SOCKET_H 1
# endif
@@ -410,37 +224,28 @@
#elif defined(__MVS__)
# if defined(__IBMC__) || defined(__IBMCPP__)
# if defined(_ILP32)
-# define CURL_SIZEOF_LONG 4
# elif defined(_LP64)
-# define CURL_SIZEOF_LONG 8
# endif
# if defined(_LONG_LONG)
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# elif defined(_LP64)
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# else
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
# define CURL_PULL_SYS_TYPES_H 1
# define CURL_PULL_SYS_SOCKET_H 1
# endif
@@ -448,52 +253,70 @@
#elif defined(__370__)
# if defined(__IBMC__) || defined(__IBMCPP__)
# if defined(_ILP32)
-# define CURL_SIZEOF_LONG 4
# elif defined(_LP64)
-# define CURL_SIZEOF_LONG 8
# endif
# if defined(_LONG_LONG)
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# elif defined(_LP64)
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# else
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
# define CURL_PULL_SYS_TYPES_H 1
# define CURL_PULL_SYS_SOCKET_H 1
# endif
#elif defined(TPF)
-# define CURL_SIZEOF_LONG 8
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
+
+#elif defined(__TINYC__) /* also known as tcc */
+
+# define CURL_TYPEOF_CURL_OFF_T long long
+# define CURL_FORMAT_CURL_OFF_T "lld"
+# define CURL_FORMAT_CURL_OFF_TU "llu"
+# define CURL_SUFFIX_CURL_OFF_T LL
+# define CURL_SUFFIX_CURL_OFF_TU ULL
+# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
+# define CURL_PULL_SYS_TYPES_H 1
+# define CURL_PULL_SYS_SOCKET_H 1
+
+#elif defined(__SUNPRO_C) /* Oracle Solaris Studio */
+# if !defined(__LP64) && (defined(__ILP32) || \
+ defined(__i386) || defined(__sparcv8))
+# define CURL_TYPEOF_CURL_OFF_T long long
+# define CURL_FORMAT_CURL_OFF_T "lld"
+# define CURL_FORMAT_CURL_OFF_TU "llu"
+# define CURL_SUFFIX_CURL_OFF_T LL
+# define CURL_SUFFIX_CURL_OFF_TU ULL
+# elif defined(__LP64) || \
+ defined(__amd64) || defined(__sparcv9)
+# define CURL_TYPEOF_CURL_OFF_T long
+# define CURL_FORMAT_CURL_OFF_T "ld"
+# define CURL_FORMAT_CURL_OFF_TU "lu"
+# define CURL_SUFFIX_CURL_OFF_T L
+# define CURL_SUFFIX_CURL_OFF_TU UL
+# endif
+# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
+# define CURL_PULL_SYS_TYPES_H 1
+# define CURL_PULL_SYS_SOCKET_H 1
/* ===================================== */
/* KEEP MSVC THE PENULTIMATE ENTRY */
@@ -501,61 +324,71 @@
#elif defined(_MSC_VER)
# if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64)
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T __int64
# define CURL_FORMAT_CURL_OFF_T "I64d"
# define CURL_FORMAT_CURL_OFF_TU "I64u"
-# define CURL_FORMAT_OFF_T "%I64d"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T i64
# define CURL_SUFFIX_CURL_OFF_TU ui64
# else
-# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 4
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T int
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
/* ===================================== */
/* KEEP GENERIC GCC THE LAST ENTRY */
/* ===================================== */
#elif defined(__GNUC__)
-# if defined(__ILP32__) || \
- defined(__i386__) || defined(__ppc__) || defined(__arm__)
-# define CURL_SIZEOF_LONG 4
+# if !defined(__LP64__) && \
+ (defined(__ILP32__) || defined(__i386__) || defined(__hppa__) || \
+ defined(__ppc__) || defined(__powerpc__) || defined(__arm__) || \
+ defined(__sparc__) || defined(__mips__) || defined(__sh__) || \
+ defined(__XTENSA__) || \
+ (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 4))
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"
# define CURL_FORMAT_CURL_OFF_TU "llu"
-# define CURL_FORMAT_OFF_T "%lld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T LL
# define CURL_SUFFIX_CURL_OFF_TU ULL
# elif defined(__LP64__) || \
- defined(__x86_64__) || defined(__ppc64__)
-# define CURL_SIZEOF_LONG 8
+ defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) || \
+ (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 8)
# define CURL_TYPEOF_CURL_OFF_T long
# define CURL_FORMAT_CURL_OFF_T "ld"
# define CURL_FORMAT_CURL_OFF_TU "lu"
-# define CURL_FORMAT_OFF_T "%ld"
-# define CURL_SIZEOF_CURL_OFF_T 8
# define CURL_SUFFIX_CURL_OFF_T L
# define CURL_SUFFIX_CURL_OFF_TU UL
# endif
# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t
-# define CURL_SIZEOF_CURL_SOCKLEN_T 4
# define CURL_PULL_SYS_TYPES_H 1
# define CURL_PULL_SYS_SOCKET_H 1
#else
-# error "Unknown non-configure build target!"
- Error Compilation_aborted_Unknown_non_configure_build_target
+/* generic "safe guess" on old 32 bit style */
+# define CURL_TYPEOF_CURL_OFF_T long
+# define CURL_FORMAT_CURL_OFF_T "ld"
+# define CURL_FORMAT_CURL_OFF_TU "lu"
+# define CURL_SUFFIX_CURL_OFF_T L
+# define CURL_SUFFIX_CURL_OFF_TU UL
+# define CURL_TYPEOF_CURL_SOCKLEN_T int
+#endif
+
+#ifdef _AIX
+/* AIX needs <sys/poll.h> */
+#define CURL_PULL_SYS_POLL_H
+#endif
+
+
+/* CURL_PULL_WS2TCPIP_H is defined above when inclusion of header file */
+/* ws2tcpip.h is required here to properly make type definitions below. */
+#ifdef CURL_PULL_WS2TCPIP_H
+# include <winsock2.h>
+# include <windows.h>
+# include <ws2tcpip.h>
#endif
/* CURL_PULL_SYS_TYPES_H is defined above when inclusion of header file */
@@ -570,8 +403,13 @@
# include <sys/socket.h>
#endif
-/* Data type definition of curl_socklen_t. */
+/* CURL_PULL_SYS_POLL_H is defined above when inclusion of header file */
+/* sys/poll.h is required here to properly make type definitions below. */
+#ifdef CURL_PULL_SYS_POLL_H
+# include <sys/poll.h>
+#endif
+/* Data type definition of curl_socklen_t. */
#ifdef CURL_TYPEOF_CURL_SOCKLEN_T
typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;
#endif
@@ -582,4 +420,52 @@
typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;
#endif
-#endif /* __CURL_CURLBUILD_H */
+/*
+ * CURL_ISOCPP and CURL_OFF_T_C definitions are done here in order to allow
+ * these to be visible and exported by the external libcurl interface API,
+ * while also making them visible to the library internals, simply including
+ * curl_setup.h, without actually needing to include curl.h internally.
+ * If some day this section would grow big enough, all this should be moved
+ * to its own header file.
+ */
+
+/*
+ * Figure out if we can use the ## preprocessor operator, which is supported
+ * by ISO/ANSI C and C++. Some compilers support it without setting __STDC__
+ * or __cplusplus so we need to carefully check for them too.
+ */
+
+#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) || \
+ defined(__HP_aCC) || defined(__BORLANDC__) || defined(__LCC__) || \
+ defined(__POCC__) || defined(__SALFORDC__) || defined(__HIGHC__) || \
+ defined(__ILEC400__)
+ /* This compiler is believed to have an ISO compatible preprocessor */
+#define CURL_ISOCPP
+#else
+ /* This compiler is believed NOT to have an ISO compatible preprocessor */
+#undef CURL_ISOCPP
+#endif
+
+/*
+ * Macros for minimum-width signed and unsigned curl_off_t integer constants.
+ */
+
+#if defined(__BORLANDC__) && (__BORLANDC__ == 0x0551)
+# define __CURL_OFF_T_C_HLPR2(x) x
+# define __CURL_OFF_T_C_HLPR1(x) __CURL_OFF_T_C_HLPR2(x)
+# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \
+ __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_T)
+# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \
+ __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_TU)
+#else
+# ifdef CURL_ISOCPP
+# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val ## Suffix
+# else
+# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val/**/Suffix
+# endif
+# define __CURL_OFF_T_C_HLPR1(Val,Suffix) __CURL_OFF_T_C_HLPR2(Val,Suffix)
+# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_T)
+# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_TU)
+#endif
+
+#endif /* __CURL_SYSTEM_H */
diff --git a/libs/libcurl/include/curl/typecheck-gcc.h b/libs/libcurl/include/curl/typecheck-gcc.h
index e8f1dff9ab..10c74c764c 100644
--- a/libs/libcurl/include/curl/typecheck-gcc.h
+++ b/libs/libcurl/include/curl/typecheck-gcc.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -40,7 +40,7 @@
*/
#define curl_easy_setopt(handle, option, value) \
__extension__ ({ \
- __typeof__ (option) _curl_opt = option; \
+ __typeof__(option) _curl_opt = option; \
if(__builtin_constant_p(_curl_opt)) { \
if(_curl_is_long_option(_curl_opt)) \
if(!_curl_is_long(value)) \
@@ -96,6 +96,9 @@ __extension__ ({ \
if((_curl_opt) == CURLOPT_HTTPPOST) \
if(!_curl_is_arr((value), struct curl_httppost)) \
_curl_easy_setopt_err_curl_httpost(); \
+ if((_curl_opt) == CURLOPT_MIMEPOST) \
+ if(!_curl_is_ptr((value), curl_mime)) \
+ _curl_easy_setopt_err_curl_mimepost(); \
if(_curl_is_slist_option(_curl_opt)) \
if(!_curl_is_arr((value), struct curl_slist)) \
_curl_easy_setopt_err_curl_slist(); \
@@ -110,7 +113,7 @@ __extension__ ({ \
/* FIXME: don't allow const pointers */
#define curl_easy_getinfo(handle, info, arg) \
__extension__ ({ \
- __typeof__ (info) _curl_info = info; \
+ __typeof__(info) _curl_info = info; \
if(__builtin_constant_p(_curl_info)) { \
if(_curl_is_string_info(_curl_info)) \
if(!_curl_is_arr((arg), char *)) \
@@ -124,6 +127,18 @@ __extension__ ({ \
if(_curl_is_slist_info(_curl_info)) \
if(!_curl_is_arr((arg), struct curl_slist *)) \
_curl_easy_getinfo_err_curl_slist(); \
+ if(_curl_is_tlssessioninfo_info(_curl_info)) \
+ if(!_curl_is_arr((arg), struct curl_tlssessioninfo *)) \
+ _curl_easy_getinfo_err_curl_tlssesssioninfo(); \
+ if(_curl_is_certinfo_info(_curl_info)) \
+ if(!_curl_is_arr((arg), struct curl_certinfo *)) \
+ _curl_easy_getinfo_err_curl_certinfo(); \
+ if(_curl_is_socket_info(_curl_info)) \
+ if(!_curl_is_arr((arg), curl_socket_t)) \
+ _curl_easy_getinfo_err_curl_socket(); \
+ if(_curl_is_off_t_info(_curl_info)) \
+ if(!_curl_is_arr((arg), curl_off_t)) \
+ _curl_easy_getinfo_err_curl_off_t(); \
} \
curl_easy_getinfo(handle, _curl_info, arg); \
})
@@ -151,7 +166,7 @@ _CURL_WARNING(_curl_easy_setopt_err_curl_off_t,
"curl_easy_setopt expects a curl_off_t argument for this option")
_CURL_WARNING(_curl_easy_setopt_err_string,
"curl_easy_setopt expects a "
- "string (char* or char[]) argument for this option"
+ "string ('char *' or char[]) argument for this option"
)
_CURL_WARNING(_curl_easy_setopt_err_write_callback,
"curl_easy_setopt expects a curl_write_callback argument for this option")
@@ -182,24 +197,38 @@ _CURL_WARNING(_curl_easy_setopt_err_error_buffer,
"curl_easy_setopt expects a "
"char buffer of CURL_ERROR_SIZE as argument for this option")
_CURL_WARNING(_curl_easy_setopt_err_FILE,
- "curl_easy_setopt expects a FILE* argument for this option")
+ "curl_easy_setopt expects a 'FILE *' argument for this option")
_CURL_WARNING(_curl_easy_setopt_err_postfields,
- "curl_easy_setopt expects a void* or char* argument for this option")
+ "curl_easy_setopt expects a 'void *' or 'char *' argument for this option")
_CURL_WARNING(_curl_easy_setopt_err_curl_httpost,
- "curl_easy_setopt expects a struct curl_httppost* argument for this option")
+ "curl_easy_setopt expects a 'struct curl_httppost *' "
+ "argument for this option")
+_CURL_WARNING(_curl_easy_setopt_err_curl_mimepost,
+ "curl_easy_setopt expects a 'curl_mime *' "
+ "argument for this option")
_CURL_WARNING(_curl_easy_setopt_err_curl_slist,
- "curl_easy_setopt expects a struct curl_slist* argument for this option")
+ "curl_easy_setopt expects a 'struct curl_slist *' argument for this option")
_CURL_WARNING(_curl_easy_setopt_err_CURLSH,
"curl_easy_setopt expects a CURLSH* argument for this option")
_CURL_WARNING(_curl_easy_getinfo_err_string,
- "curl_easy_getinfo expects a pointer to char * for this info")
+ "curl_easy_getinfo expects a pointer to 'char *' for this info")
_CURL_WARNING(_curl_easy_getinfo_err_long,
"curl_easy_getinfo expects a pointer to long for this info")
_CURL_WARNING(_curl_easy_getinfo_err_double,
"curl_easy_getinfo expects a pointer to double for this info")
_CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
- "curl_easy_getinfo expects a pointer to struct curl_slist * for this info")
+ "curl_easy_getinfo expects a pointer to 'struct curl_slist *' for this info")
+_CURL_WARNING(_curl_easy_getinfo_err_curl_tlssesssioninfo,
+ "curl_easy_getinfo expects a pointer to "
+ "'struct curl_tlssessioninfo *' for this info")
+_CURL_WARNING(_curl_easy_getinfo_err_curl_certinfo,
+ "curl_easy_getinfo expects a pointer to "
+ "'struct curl_certinfo *' for this info")
+_CURL_WARNING(_curl_easy_getinfo_err_curl_socket,
+ "curl_easy_getinfo expects a pointer to curl_socket_t for this info")
+_CURL_WARNING(_curl_easy_getinfo_err_curl_off_t,
+ "curl_easy_getinfo expects a pointer to curl_off_t for this info")
/* groups of curl_easy_setops options that take the same type of argument */
@@ -218,57 +247,82 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
/* evaluates to true if option takes a char* argument */
#define _curl_is_string_option(option) \
- ((option) == CURLOPT_URL || \
- (option) == CURLOPT_PROXY || \
- (option) == CURLOPT_INTERFACE || \
- (option) == CURLOPT_NETRC_FILE || \
- (option) == CURLOPT_USERPWD || \
- (option) == CURLOPT_USERNAME || \
- (option) == CURLOPT_PASSWORD || \
- (option) == CURLOPT_PROXYUSERPWD || \
- (option) == CURLOPT_PROXYUSERNAME || \
- (option) == CURLOPT_PROXYPASSWORD || \
- (option) == CURLOPT_NOPROXY || \
+ ((option) == CURLOPT_ABSTRACT_UNIX_SOCKET || \
(option) == CURLOPT_ACCEPT_ENCODING || \
- (option) == CURLOPT_REFERER || \
- (option) == CURLOPT_USERAGENT || \
+ (option) == CURLOPT_CAINFO || \
+ (option) == CURLOPT_CAPATH || \
(option) == CURLOPT_COOKIE || \
(option) == CURLOPT_COOKIEFILE || \
(option) == CURLOPT_COOKIEJAR || \
(option) == CURLOPT_COOKIELIST || \
+ (option) == CURLOPT_CRLFILE || \
+ (option) == CURLOPT_CUSTOMREQUEST || \
+ (option) == CURLOPT_DEFAULT_PROTOCOL || \
+ (option) == CURLOPT_DNS_INTERFACE || \
+ (option) == CURLOPT_DNS_LOCAL_IP4 || \
+ (option) == CURLOPT_DNS_LOCAL_IP6 || \
+ (option) == CURLOPT_DNS_SERVERS || \
+ (option) == CURLOPT_EGDSOCKET || \
(option) == CURLOPT_FTPPORT || \
- (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \
(option) == CURLOPT_FTP_ACCOUNT || \
- (option) == CURLOPT_RANGE || \
- (option) == CURLOPT_CUSTOMREQUEST || \
- (option) == CURLOPT_SSLCERT || \
- (option) == CURLOPT_SSLCERTTYPE || \
- (option) == CURLOPT_SSLKEY || \
- (option) == CURLOPT_SSLKEYTYPE || \
+ (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \
+ (option) == CURLOPT_INTERFACE || \
+ (option) == CURLOPT_ISSUERCERT || \
(option) == CURLOPT_KEYPASSWD || \
- (option) == CURLOPT_SSLENGINE || \
- (option) == CURLOPT_CAINFO || \
- (option) == CURLOPT_CAPATH || \
- (option) == CURLOPT_RANDOM_FILE || \
- (option) == CURLOPT_EGDSOCKET || \
- (option) == CURLOPT_SSL_CIPHER_LIST || \
(option) == CURLOPT_KRBLEVEL || \
- (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \
- (option) == CURLOPT_SSH_PUBLIC_KEYFILE || \
- (option) == CURLOPT_SSH_PRIVATE_KEYFILE || \
- (option) == CURLOPT_CRLFILE || \
- (option) == CURLOPT_ISSUERCERT || \
- (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \
- (option) == CURLOPT_SSH_KNOWNHOSTS || \
+ (option) == CURLOPT_LOGIN_OPTIONS || \
+ (option) == CURLOPT_MAIL_AUTH || \
(option) == CURLOPT_MAIL_FROM || \
+ (option) == CURLOPT_NETRC_FILE || \
+ (option) == CURLOPT_NOPROXY || \
+ (option) == CURLOPT_PASSWORD || \
+ (option) == CURLOPT_PINNEDPUBLICKEY || \
+ (option) == CURLOPT_PRE_PROXY || \
+ (option) == CURLOPT_PROXY || \
+ (option) == CURLOPT_PROXYPASSWORD || \
+ (option) == CURLOPT_PROXYUSERNAME || \
+ (option) == CURLOPT_PROXYUSERPWD || \
+ (option) == CURLOPT_PROXY_CAINFO || \
+ (option) == CURLOPT_PROXY_CAPATH || \
+ (option) == CURLOPT_PROXY_CRLFILE || \
+ (option) == CURLOPT_PROXY_KEYPASSWD || \
+ (option) == CURLOPT_PROXY_PINNEDPUBLICKEY || \
+ (option) == CURLOPT_PROXY_SERVICE_NAME || \
+ (option) == CURLOPT_PROXY_SSLCERT || \
+ (option) == CURLOPT_PROXY_SSLCERTTYPE || \
+ (option) == CURLOPT_PROXY_SSLKEY || \
+ (option) == CURLOPT_PROXY_SSLKEYTYPE || \
+ (option) == CURLOPT_PROXY_SSL_CIPHER_LIST || \
+ (option) == CURLOPT_PROXY_TLSAUTH_PASSWORD || \
+ (option) == CURLOPT_PROXY_TLSAUTH_USERNAME || \
+ (option) == CURLOPT_PROXY_TLSAUTH_TYPE || \
+ (option) == CURLOPT_RANDOM_FILE || \
+ (option) == CURLOPT_RANGE || \
+ (option) == CURLOPT_REFERER || \
(option) == CURLOPT_RTSP_SESSION_ID || \
(option) == CURLOPT_RTSP_STREAM_URI || \
(option) == CURLOPT_RTSP_TRANSPORT || \
+ (option) == CURLOPT_SERVICE_NAME || \
+ (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \
+ (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \
+ (option) == CURLOPT_SSH_KNOWNHOSTS || \
+ (option) == CURLOPT_SSH_PRIVATE_KEYFILE || \
+ (option) == CURLOPT_SSH_PUBLIC_KEYFILE || \
+ (option) == CURLOPT_SSLCERT || \
+ (option) == CURLOPT_SSLCERTTYPE || \
+ (option) == CURLOPT_SSLENGINE || \
+ (option) == CURLOPT_SSLKEY || \
+ (option) == CURLOPT_SSLKEYTYPE || \
+ (option) == CURLOPT_SSL_CIPHER_LIST || \
+ (option) == CURLOPT_TLSAUTH_PASSWORD || \
+ (option) == CURLOPT_TLSAUTH_TYPE || \
+ (option) == CURLOPT_TLSAUTH_USERNAME || \
+ (option) == CURLOPT_UNIX_SOCKET_PATH || \
+ (option) == CURLOPT_URL || \
+ (option) == CURLOPT_USERAGENT || \
+ (option) == CURLOPT_USERNAME || \
+ (option) == CURLOPT_USERPWD || \
(option) == CURLOPT_XOAUTH2_BEARER || \
- (option) == CURLOPT_DNS_SERVERS || \
- (option) == CURLOPT_DNS_INTERFACE || \
- (option) == CURLOPT_DNS_LOCAL_IP4 || \
- (option) == CURLOPT_DNS_LOCAL_IP6 || \
0)
/* evaluates to true if option takes a curl_write_callback argument */
@@ -284,21 +338,22 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
/* evaluates to true if option takes a data argument to pass to a callback */
#define _curl_is_cb_data_option(option) \
- ((option) == CURLOPT_WRITEDATA || \
- (option) == CURLOPT_READDATA || \
+ ((option) == CURLOPT_CHUNK_DATA || \
+ (option) == CURLOPT_CLOSESOCKETDATA || \
+ (option) == CURLOPT_DEBUGDATA || \
+ (option) == CURLOPT_FNMATCH_DATA || \
+ (option) == CURLOPT_HEADERDATA || \
+ (option) == CURLOPT_INTERLEAVEDATA || \
(option) == CURLOPT_IOCTLDATA || \
- (option) == CURLOPT_SOCKOPTDATA || \
(option) == CURLOPT_OPENSOCKETDATA || \
+ (option) == CURLOPT_PRIVATE || \
(option) == CURLOPT_PROGRESSDATA || \
- (option) == CURLOPT_WRITEHEADER || \
- (option) == CURLOPT_DEBUGDATA || \
- (option) == CURLOPT_SSL_CTX_DATA || \
+ (option) == CURLOPT_READDATA || \
(option) == CURLOPT_SEEKDATA || \
- (option) == CURLOPT_PRIVATE || \
+ (option) == CURLOPT_SOCKOPTDATA || \
(option) == CURLOPT_SSH_KEYDATA || \
- (option) == CURLOPT_INTERLEAVEDATA || \
- (option) == CURLOPT_CHUNK_DATA || \
- (option) == CURLOPT_FNMATCH_DATA || \
+ (option) == CURLOPT_SSL_CTX_DATA || \
+ (option) == CURLOPT_WRITEDATA || \
0)
/* evaluates to true if option takes a POST data argument (void* or char*) */
@@ -309,13 +364,15 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
/* evaluates to true if option takes a struct curl_slist * argument */
#define _curl_is_slist_option(option) \
- ((option) == CURLOPT_HTTPHEADER || \
- (option) == CURLOPT_HTTP200ALIASES || \
- (option) == CURLOPT_QUOTE || \
+ ((option) == CURLOPT_HTTP200ALIASES || \
+ (option) == CURLOPT_HTTPHEADER || \
+ (option) == CURLOPT_MAIL_RCPT || \
(option) == CURLOPT_POSTQUOTE || \
(option) == CURLOPT_PREQUOTE || \
+ (option) == CURLOPT_PROXYHEADER || \
+ (option) == CURLOPT_QUOTE || \
+ (option) == CURLOPT_RESOLVE || \
(option) == CURLOPT_TELNETOPTIONS || \
- (option) == CURLOPT_MAIL_RCPT || \
0)
/* groups of curl_easy_getinfo infos that take the same type of argument */
@@ -333,8 +390,23 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
(CURLINFO_DOUBLE < (info) && (info) < CURLINFO_SLIST)
/* true if info expects a pointer to struct curl_slist * argument */
-#define _curl_is_slist_info(info) \
- (CURLINFO_SLIST < (info))
+#define _curl_is_slist_info(info) \
+ (((info) == CURLINFO_SSL_ENGINES) || ((info) == CURLINFO_COOKIELIST))
+
+/* true if info expects a pointer to struct curl_tlssessioninfo * argument */
+#define _curl_is_tlssessioninfo_info(info) \
+ (((info) == CURLINFO_TLS_SSL_PTR) || ((info) == CURLINFO_TLS_SESSION))
+
+/* true if info expects a pointer to struct curl_certinfo * argument */
+#define _curl_is_certinfo_info(info) ((info) == CURLINFO_CERTINFO)
+
+/* true if info expects a pointer to struct curl_socket_t argument */
+#define _curl_is_socket_info(info) \
+ (CURLINFO_SOCKET < (info) && (info) < CURLINFO_OFF_T)
+
+/* true if info expects a pointer to curl_off_t argument */
+#define _curl_is_off_t_info(info) \
+ (CURLINFO_OFF_T < (info))
/* typecheck helpers -- check whether given expression has requested type*/
@@ -350,7 +422,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
/* XXX: should evaluate to true iff expr is a pointer */
#define _curl_is_any_ptr(expr) \
- (sizeof(expr) == sizeof(void*))
+ (sizeof(expr) == sizeof(void *))
/* evaluates to true if expr is NULL */
/* XXX: must not evaluate expr, so this check is not accurate */
@@ -413,8 +485,9 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
#endif
/* evaluates to true if expr is of type FILE* */
-#define _curl_is_FILE(expr) \
- (__builtin_types_compatible_p(__typeof__(expr), FILE *))
+#define _curl_is_FILE(expr) \
+ (_curl_is_NULL(expr) || \
+ (__builtin_types_compatible_p(__typeof__(expr), FILE *)))
/* evaluates to true if expr can be passed as POST data (void* or char*) */
#define _curl_is_postfields(expr) \
@@ -429,102 +502,102 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
* function pointers, hide it */
#define _curl_callback_compatible(func, type) \
(__builtin_types_compatible_p(__typeof__(func), type) || \
- __builtin_types_compatible_p(__typeof__(func), type*))
+ __builtin_types_compatible_p(__typeof__(func) *, type))
/* evaluates to true if expr is of type curl_read_callback or "similar" */
#define _curl_is_read_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), __typeof__(fread)) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_read_callback) || \
+ _curl_callback_compatible((expr), __typeof__(fread) *) || \
+ _curl_callback_compatible((expr), curl_read_callback) || \
_curl_callback_compatible((expr), _curl_read_callback1) || \
_curl_callback_compatible((expr), _curl_read_callback2) || \
_curl_callback_compatible((expr), _curl_read_callback3) || \
_curl_callback_compatible((expr), _curl_read_callback4) || \
_curl_callback_compatible((expr), _curl_read_callback5) || \
_curl_callback_compatible((expr), _curl_read_callback6))
-typedef size_t (_curl_read_callback1)(char *, size_t, size_t, void*);
-typedef size_t (_curl_read_callback2)(char *, size_t, size_t, const void*);
-typedef size_t (_curl_read_callback3)(char *, size_t, size_t, FILE*);
-typedef size_t (_curl_read_callback4)(void *, size_t, size_t, void*);
-typedef size_t (_curl_read_callback5)(void *, size_t, size_t, const void*);
-typedef size_t (_curl_read_callback6)(void *, size_t, size_t, FILE*);
+typedef size_t (*_curl_read_callback1)(char *, size_t, size_t, void *);
+typedef size_t (*_curl_read_callback2)(char *, size_t, size_t, const void *);
+typedef size_t (*_curl_read_callback3)(char *, size_t, size_t, FILE *);
+typedef size_t (*_curl_read_callback4)(void *, size_t, size_t, void *);
+typedef size_t (*_curl_read_callback5)(void *, size_t, size_t, const void *);
+typedef size_t (*_curl_read_callback6)(void *, size_t, size_t, FILE *);
/* evaluates to true if expr is of type curl_write_callback or "similar" */
#define _curl_is_write_cb(expr) \
(_curl_is_read_cb(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), __typeof__(fwrite)) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_write_callback) || \
+ _curl_callback_compatible((expr), __typeof__(fwrite) *) || \
+ _curl_callback_compatible((expr), curl_write_callback) || \
_curl_callback_compatible((expr), _curl_write_callback1) || \
_curl_callback_compatible((expr), _curl_write_callback2) || \
_curl_callback_compatible((expr), _curl_write_callback3) || \
_curl_callback_compatible((expr), _curl_write_callback4) || \
_curl_callback_compatible((expr), _curl_write_callback5) || \
_curl_callback_compatible((expr), _curl_write_callback6))
-typedef size_t (_curl_write_callback1)(const char *, size_t, size_t, void*);
-typedef size_t (_curl_write_callback2)(const char *, size_t, size_t,
- const void*);
-typedef size_t (_curl_write_callback3)(const char *, size_t, size_t, FILE*);
-typedef size_t (_curl_write_callback4)(const void *, size_t, size_t, void*);
-typedef size_t (_curl_write_callback5)(const void *, size_t, size_t,
- const void*);
-typedef size_t (_curl_write_callback6)(const void *, size_t, size_t, FILE*);
+typedef size_t (*_curl_write_callback1)(const char *, size_t, size_t, void *);
+typedef size_t (*_curl_write_callback2)(const char *, size_t, size_t,
+ const void *);
+typedef size_t (*_curl_write_callback3)(const char *, size_t, size_t, FILE *);
+typedef size_t (*_curl_write_callback4)(const void *, size_t, size_t, void *);
+typedef size_t (*_curl_write_callback5)(const void *, size_t, size_t,
+ const void *);
+typedef size_t (*_curl_write_callback6)(const void *, size_t, size_t, FILE *);
/* evaluates to true if expr is of type curl_ioctl_callback or "similar" */
#define _curl_is_ioctl_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_ioctl_callback) || \
+ _curl_callback_compatible((expr), curl_ioctl_callback) || \
_curl_callback_compatible((expr), _curl_ioctl_callback1) || \
_curl_callback_compatible((expr), _curl_ioctl_callback2) || \
_curl_callback_compatible((expr), _curl_ioctl_callback3) || \
_curl_callback_compatible((expr), _curl_ioctl_callback4))
-typedef curlioerr (_curl_ioctl_callback1)(CURL *, int, void*);
-typedef curlioerr (_curl_ioctl_callback2)(CURL *, int, const void*);
-typedef curlioerr (_curl_ioctl_callback3)(CURL *, curliocmd, void*);
-typedef curlioerr (_curl_ioctl_callback4)(CURL *, curliocmd, const void*);
+typedef curlioerr (*_curl_ioctl_callback1)(CURL *, int, void *);
+typedef curlioerr (*_curl_ioctl_callback2)(CURL *, int, const void *);
+typedef curlioerr (*_curl_ioctl_callback3)(CURL *, curliocmd, void *);
+typedef curlioerr (*_curl_ioctl_callback4)(CURL *, curliocmd, const void *);
/* evaluates to true if expr is of type curl_sockopt_callback or "similar" */
#define _curl_is_sockopt_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_sockopt_callback) || \
+ _curl_callback_compatible((expr), curl_sockopt_callback) || \
_curl_callback_compatible((expr), _curl_sockopt_callback1) || \
_curl_callback_compatible((expr), _curl_sockopt_callback2))
-typedef int (_curl_sockopt_callback1)(void *, curl_socket_t, curlsocktype);
-typedef int (_curl_sockopt_callback2)(const void *, curl_socket_t,
+typedef int (*_curl_sockopt_callback1)(void *, curl_socket_t, curlsocktype);
+typedef int (*_curl_sockopt_callback2)(const void *, curl_socket_t,
curlsocktype);
/* evaluates to true if expr is of type curl_opensocket_callback or
"similar" */
#define _curl_is_opensocket_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_opensocket_callback) ||\
+ _curl_callback_compatible((expr), curl_opensocket_callback) || \
_curl_callback_compatible((expr), _curl_opensocket_callback1) || \
_curl_callback_compatible((expr), _curl_opensocket_callback2) || \
_curl_callback_compatible((expr), _curl_opensocket_callback3) || \
_curl_callback_compatible((expr), _curl_opensocket_callback4))
-typedef curl_socket_t (_curl_opensocket_callback1)
+typedef curl_socket_t (*_curl_opensocket_callback1)
(void *, curlsocktype, struct curl_sockaddr *);
-typedef curl_socket_t (_curl_opensocket_callback2)
+typedef curl_socket_t (*_curl_opensocket_callback2)
(void *, curlsocktype, const struct curl_sockaddr *);
-typedef curl_socket_t (_curl_opensocket_callback3)
+typedef curl_socket_t (*_curl_opensocket_callback3)
(const void *, curlsocktype, struct curl_sockaddr *);
-typedef curl_socket_t (_curl_opensocket_callback4)
+typedef curl_socket_t (*_curl_opensocket_callback4)
(const void *, curlsocktype, const struct curl_sockaddr *);
/* evaluates to true if expr is of type curl_progress_callback or "similar" */
#define _curl_is_progress_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_progress_callback) || \
+ _curl_callback_compatible((expr), curl_progress_callback) || \
_curl_callback_compatible((expr), _curl_progress_callback1) || \
_curl_callback_compatible((expr), _curl_progress_callback2))
-typedef int (_curl_progress_callback1)(void *,
+typedef int (*_curl_progress_callback1)(void *,
double, double, double, double);
-typedef int (_curl_progress_callback2)(const void *,
+typedef int (*_curl_progress_callback2)(const void *,
double, double, double, double);
/* evaluates to true if expr is of type curl_debug_callback or "similar" */
#define _curl_is_debug_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_debug_callback) || \
+ _curl_callback_compatible((expr), curl_debug_callback) || \
_curl_callback_compatible((expr), _curl_debug_callback1) || \
_curl_callback_compatible((expr), _curl_debug_callback2) || \
_curl_callback_compatible((expr), _curl_debug_callback3) || \
@@ -533,28 +606,28 @@ typedef int (_curl_progress_callback2)(const void *,
_curl_callback_compatible((expr), _curl_debug_callback6) || \
_curl_callback_compatible((expr), _curl_debug_callback7) || \
_curl_callback_compatible((expr), _curl_debug_callback8))
-typedef int (_curl_debug_callback1) (CURL *,
+typedef int (*_curl_debug_callback1) (CURL *,
curl_infotype, char *, size_t, void *);
-typedef int (_curl_debug_callback2) (CURL *,
+typedef int (*_curl_debug_callback2) (CURL *,
curl_infotype, char *, size_t, const void *);
-typedef int (_curl_debug_callback3) (CURL *,
+typedef int (*_curl_debug_callback3) (CURL *,
curl_infotype, const char *, size_t, void *);
-typedef int (_curl_debug_callback4) (CURL *,
+typedef int (*_curl_debug_callback4) (CURL *,
curl_infotype, const char *, size_t, const void *);
-typedef int (_curl_debug_callback5) (CURL *,
+typedef int (*_curl_debug_callback5) (CURL *,
curl_infotype, unsigned char *, size_t, void *);
-typedef int (_curl_debug_callback6) (CURL *,
+typedef int (*_curl_debug_callback6) (CURL *,
curl_infotype, unsigned char *, size_t, const void *);
-typedef int (_curl_debug_callback7) (CURL *,
+typedef int (*_curl_debug_callback7) (CURL *,
curl_infotype, const unsigned char *, size_t, void *);
-typedef int (_curl_debug_callback8) (CURL *,
+typedef int (*_curl_debug_callback8) (CURL *,
curl_infotype, const unsigned char *, size_t, const void *);
/* evaluates to true if expr is of type curl_ssl_ctx_callback or "similar" */
/* this is getting even messier... */
#define _curl_is_ssl_ctx_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_ssl_ctx_callback) || \
+ _curl_callback_compatible((expr), curl_ssl_ctx_callback) || \
_curl_callback_compatible((expr), _curl_ssl_ctx_callback1) || \
_curl_callback_compatible((expr), _curl_ssl_ctx_callback2) || \
_curl_callback_compatible((expr), _curl_ssl_ctx_callback3) || \
@@ -563,18 +636,19 @@ typedef int (_curl_debug_callback8) (CURL *,
_curl_callback_compatible((expr), _curl_ssl_ctx_callback6) || \
_curl_callback_compatible((expr), _curl_ssl_ctx_callback7) || \
_curl_callback_compatible((expr), _curl_ssl_ctx_callback8))
-typedef CURLcode (_curl_ssl_ctx_callback1)(CURL *, void *, void *);
-typedef CURLcode (_curl_ssl_ctx_callback2)(CURL *, void *, const void *);
-typedef CURLcode (_curl_ssl_ctx_callback3)(CURL *, const void *, void *);
-typedef CURLcode (_curl_ssl_ctx_callback4)(CURL *, const void *, const void *);
+typedef CURLcode (*_curl_ssl_ctx_callback1)(CURL *, void *, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback2)(CURL *, void *, const void *);
+typedef CURLcode (*_curl_ssl_ctx_callback3)(CURL *, const void *, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback4)(CURL *, const void *,
+ const void *);
#ifdef HEADER_SSL_H
/* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX
* this will of course break if we're included before OpenSSL headers...
*/
-typedef CURLcode (_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *);
-typedef CURLcode (_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *);
-typedef CURLcode (_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *);
-typedef CURLcode (_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX,
+typedef CURLcode (*_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *);
+typedef CURLcode (*_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX,
const void *);
#else
typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5;
@@ -586,7 +660,7 @@ typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback8;
/* evaluates to true if expr is of type curl_conv_callback or "similar" */
#define _curl_is_conv_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_conv_callback) || \
+ _curl_callback_compatible((expr), curl_conv_callback) || \
_curl_callback_compatible((expr), _curl_conv_callback1) || \
_curl_callback_compatible((expr), _curl_conv_callback2) || \
_curl_callback_compatible((expr), _curl_conv_callback3) || \
@@ -599,7 +673,7 @@ typedef CURLcode (*_curl_conv_callback4)(const void *, size_t length);
/* evaluates to true if expr is of type curl_seek_callback or "similar" */
#define _curl_is_seek_cb(expr) \
(_curl_is_NULL(expr) || \
- __builtin_types_compatible_p(__typeof__(expr), curl_seek_callback) || \
+ _curl_callback_compatible((expr), curl_seek_callback) || \
_curl_callback_compatible((expr), _curl_seek_callback1) || \
_curl_callback_compatible((expr), _curl_seek_callback2))
typedef CURLcode (*_curl_seek_callback1)(void *, curl_off_t, int);
diff --git a/libs/libcurl/libcurl.vcxproj b/libs/libcurl/libcurl.vcxproj
index e9c0aa9e2c..c8e88f1004 100644
--- a/libs/libcurl/libcurl.vcxproj
+++ b/libs/libcurl/libcurl.vcxproj
@@ -25,10 +25,18 @@
<ImportGroup Label="PropertySheets">
<Import Project="$(ProjectDir)..\..\build\vc.common\lib.props" />
</ImportGroup>
+ <ItemGroup>
+ <ClCompile Include="src\vauth\*.c">
+ <PrecompiledHeader>NotUsing</PrecompiledHeader>
+ </ClCompile>
+ <ClCompile Include="src\vtls\*.c">
+ <PrecompiledHeader>NotUsing</PrecompiledHeader>
+ </ClCompile>
+ </ItemGroup>
<ItemDefinitionGroup>
<ClCompile>
<PreprocessorDefinitions>BUILDING_LIBCURL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
- <AdditionalIncludeDirectories>.\include\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>.\include\;.\src\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<DisableSpecificWarnings>4005;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
diff --git a/libs/libcurl/src/CMakeLists.txt b/libs/libcurl/src/CMakeLists.txt
new file mode 100644
index 0000000000..1fabdba908
--- /dev/null
+++ b/libs/libcurl/src/CMakeLists.txt
@@ -0,0 +1,131 @@
+set(LIB_NAME libcurl)
+
+configure_file(curl_config.h.cmake
+ ${CMAKE_CURRENT_BINARY_DIR}/curl_config.h)
+
+transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake")
+include(${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake)
+
+list(APPEND HHEADERS
+ ${CMAKE_CURRENT_BINARY_DIR}/curl_config.h
+ )
+
+if(MSVC)
+ list(APPEND CSOURCES libcurl.rc)
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /wd4127")
+endif()
+
+# SET(CSOURCES
+# # memdebug.c -not used
+# # nwlib.c - Not used
+# # strtok.c - specify later
+# # strtoofft.c - specify later
+# )
+
+# # if we have Kerberos 4, right now this is never on
+# #OPTION(CURL_KRB4 "Use Kerberos 4" OFF)
+# IF(CURL_KRB4)
+# SET(CSOURCES ${CSOURCES}
+# krb4.c
+# security.c
+# )
+# ENDIF(CURL_KRB4)
+
+# #OPTION(CURL_MALLOC_DEBUG "Debug mallocs in Curl" OFF)
+# MARK_AS_ADVANCED(CURL_MALLOC_DEBUG)
+# IF(CURL_MALLOC_DEBUG)
+# SET(CSOURCES ${CSOURCES}
+# memdebug.c
+# )
+# ENDIF(CURL_MALLOC_DEBUG)
+
+# # only build compat strtoofft if we need to
+# IF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
+# SET(CSOURCES ${CSOURCES}
+# strtoofft.c
+# )
+# ENDIF(NOT HAVE_STRTOLL AND NOT HAVE__STRTOI64)
+
+
+# The rest of the build
+
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/../include)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/..)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../include)
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/..)
+include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+include_directories(${CMAKE_CURRENT_BINARY_DIR})
+if(USE_ARES)
+ include_directories(${CARES_INCLUDE_DIR})
+endif()
+
+if(CURL_STATICLIB)
+ # Static lib
+ set(CURL_USER_DEFINED_DYNAMIC_OR_STATIC STATIC)
+else()
+ # DLL / so dynamic lib
+ set(CURL_USER_DEFINED_DYNAMIC_OR_STATIC SHARED)
+endif()
+
+add_library(
+ ${LIB_NAME}
+ ${CURL_USER_DEFINED_DYNAMIC_OR_STATIC}
+ ${HHEADERS} ${CSOURCES}
+ )
+
+if(MSVC AND CURL_STATICLIB)
+ set_target_properties(${LIB_NAME} PROPERTIES STATIC_LIBRARY_FLAGS ${CMAKE_EXE_LINKER_FLAGS})
+endif()
+
+target_link_libraries(${LIB_NAME} ${CURL_LIBS})
+
+if(WIN32)
+ add_definitions( -D_USRDLL )
+endif()
+
+set_target_properties(${LIB_NAME} PROPERTIES COMPILE_DEFINITIONS BUILDING_LIBCURL)
+
+if(HIDES_CURL_PRIVATE_SYMBOLS)
+ set_property(TARGET ${LIB_NAME} APPEND PROPERTY COMPILE_DEFINITIONS "CURL_HIDDEN_SYMBOLS")
+ set_property(TARGET ${LIB_NAME} APPEND PROPERTY COMPILE_FLAGS ${CURL_CFLAG_SYMBOLS_HIDE})
+endif()
+
+# Remove the "lib" prefix since the library is already named "libcurl".
+set_target_properties(${LIB_NAME} PROPERTIES PREFIX "")
+set_target_properties(${LIB_NAME} PROPERTIES IMPORT_PREFIX "")
+
+if(WIN32)
+ if(NOT CURL_STATICLIB)
+ # Add "_imp" as a suffix before the extension to avoid conflicting with the statically linked "libcurl.lib"
+ set_target_properties(${LIB_NAME} PROPERTIES IMPORT_SUFFIX "_imp.lib")
+
+ set_target_properties (${LIB_NAME} PROPERTIES
+ DEBUG_POSTFIX "-d"
+ # Note: no postfix for release variants, let user choose what style of release he wants
+ # MINSIZEREL_POSTFIX "-z"
+ # RELWITHDEBINFO_POSTFIX "-g"
+ )
+ endif()
+endif()
+
+target_include_directories(${LIB_NAME} INTERFACE
+ $<INSTALL_INTERFACE:include>)
+
+install(TARGETS ${LIB_NAME}
+ EXPORT libcurl-target
+ ARCHIVE DESTINATION lib
+ LIBRARY DESTINATION lib
+ RUNTIME DESTINATION bin
+)
+
+export(TARGETS ${LIB_NAME}
+ APPEND FILE ${PROJECT_BINARY_DIR}/libcurl-target.cmake
+ NAMESPACE CURL::
+)
+
+install(EXPORT libcurl-target
+ FILE libcurl-target.cmake
+ NAMESPACE CURL::
+ DESTINATION ${CURL_INSTALL_CMAKE_DIR}
+)
+
diff --git a/libs/libcurl/src/Makefile.Watcom b/libs/libcurl/src/Makefile.Watcom
new file mode 100644
index 0000000000..77e5a6e0a1
--- /dev/null
+++ b/libs/libcurl/src/Makefile.Watcom
@@ -0,0 +1,275 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2005 - 2009, Gisle Vanem <gvanem@yahoo.no>.
+# Copyright (C) 2005 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+#
+# Watcom / OpenWatcom / Win32 makefile for libcurl.
+#
+
+.ERASE
+
+!if $(__VERSION__) < 1280
+!message !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!message ! This Open Watcom version is too old and is no longer supported !
+!message ! Please download latest version from www.openwatcom.org !
+!message !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!error Unsupported version of Open Watcom
+!endif
+
+!ifndef %watcom
+!error WATCOM environment variable not set!
+!endif
+
+# In order to process Makefile.inc wmake must be called with -u switch!
+!ifndef %MAKEFLAGS
+!error You MUST call wmake with the -u switch!
+!endif
+
+!ifdef %libname
+LIBNAME = $(%libname)
+!else
+LIBNAME = libcurl
+!endif
+TARGETS = $(LIBNAME).dll $(LIBNAME).lib
+
+CC = wcc386
+LD = wlink
+AR = wlib
+RC = wrc
+
+!ifdef __LOADDLL__
+! loaddll wcc386 wccd386
+! loaddll wpp386 wppd386
+! loaddll wlib wlibd
+! loaddll wlink wlinkd
+!endif
+
+!ifdef __LINUX__
+CP = cp
+MD = mkdir -p
+!else
+CP = copy 2>NUL
+MD = mkdir
+!endif
+!if $(__VERSION__) > 1290
+RD = rm -rf
+!else ifdef __UNIX__
+RD = rm -rf
+!else
+RD = rmdir /q /s 2>NUL
+!endif
+
+SYS_INCL = -I"$(%watcom)/h/nt" -I"$(%watcom)/h"
+
+CFLAGS = -3r -mf -hc -zff -zgf -zq -zm -zc -s -fr=con -w2 -fpi -oilrtfm &
+ -wcd=201 -bt=nt -d+ -dWIN32 &
+ -dBUILDING_LIBCURL -I. -I"../include" $(SYS_INCL)
+
+!ifdef %debug
+DEBUG = -dDEBUG=1 -dDEBUGBUILD
+CFLAGS += -d3 $(DEBUG)
+!else
+CFLAGS += -d0
+!endif
+
+!ifdef %use_ipv6
+CFLAGS += -d_WIN32_WINNT=0x0501 -dENABLE_IPV6
+!endif
+
+!ifdef %use_sspi
+CFLAGS += -dUSE_WINDOWS_SSPI
+!endif
+
+!ifdef %use_winssl
+CFLAGS += -dUSE_WINDOWS_SSPI
+CFLAGS += -DUSE_SCHANNEL
+!endif
+
+!ifdef %use_winidn
+CFLAGS += -dWINVER=0x0600 -dUSE_WIN32_IDN
+! if $(__VERSION__) <= 1290
+CFLAGS += -dWANT_IDN_PROTOTYPES
+! endif
+!endif
+
+#
+# Change to suite.
+#
+!ifdef %zlib_root
+ZLIB_ROOT = $(%zlib_root)
+!else
+ZLIB_ROOT = ../../zlib-1.2.8
+!endif
+
+!ifdef %libssh2_root
+LIBSSH2_ROOT = $(%libssh2_root)
+!else
+LIBSSH2_ROOT = ../../libssh2-1.5.0
+!endif
+
+!ifdef %librtmp_root
+LIBRTMP_ROOT = $(%librtmp_root)
+!else
+LIBRTMP_ROOT = ../../rtmpdump-2.3
+!endif
+
+!ifdef %openssl_root
+OPENSSL_ROOT = $(%openssl_root)
+!else
+OPENSSL_ROOT = ../../openssl-1.0.2a
+!endif
+
+!ifdef %ares_root
+ARES_ROOT = $(%ares_root)
+!else
+ARES_ROOT = ../ares
+!endif
+
+!ifdef %use_zlib
+CFLAGS += -dHAVE_ZLIB_H -dHAVE_LIBZ -I"$(ZLIB_ROOT)"
+!endif
+
+!ifdef %use_rtmp
+CFLAGS += -dUSE_LIBRTMP -I"$(LIBRTMP_ROOT)"
+!endif
+
+!ifdef %use_ssh2
+CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H -I"$(LIBSSH2_ROOT)/include" -I"$(LIBSSH2_ROOT)/win32"
+!endif
+
+!ifdef %use_ssl
+CFLAGS += -wcd=138 -dUSE_OPENSSL -dUSE_SSLEAY -I"$(OPENSSL_ROOT)/inc32"
+!endif
+
+!ifdef %use_ares
+CFLAGS += -dUSE_ARES -I"$(ARES_ROOT)"
+!endif
+
+!ifdef %use_watt32
+CFLAGS += -dUSE_WATT32 -I"$(%watt_root)/inc"
+!endif
+
+OBJ_BASE = WC_Win32.obj
+!if $(__VERSION__) > 1290
+OBJ_STAT = $(OBJ_BASE)/stat
+OBJ_DYN = $(OBJ_BASE)/dyn
+!else ifdef __UNIX__
+OBJ_STAT = $(OBJ_BASE)/stat
+OBJ_DYN = $(OBJ_BASE)/dyn
+!else
+OBJ_STAT = $(OBJ_BASE)\stat
+OBJ_DYN = $(OBJ_BASE)\dyn
+!endif
+
+LINK_ARG = $(OBJ_DYN)/wlink.arg
+LIB_ARG = $(OBJ_STAT)/wlib.arg
+
+!include Makefile.inc
+
+OBJS1 = ./$(CSOURCES:.c=.obj)
+OBJS2 = $(OBJS1:vtls/=)
+OBJS3 = $(OBJS2:vauth/=)
+OBJS4 = $(OBJS3: = ./)
+OBJS_STAT = $(OBJS4:./=$(OBJ_STAT)/)
+OBJS_DYN = $(OBJS4:./=$(OBJ_DYN)/)
+
+RESOURCE = $(OBJ_DYN)/libcurl.res
+
+DIRS = $(OBJ_BASE) $(OBJ_BASE)/stat $(OBJ_BASE)/dyn
+
+.c : vauth vtls
+
+all: $(DIRS) $(TARGETS) .SYMBOLIC
+ @echo Welcome to libcurl
+
+clean: .SYMBOLIC
+ -rm -f $(OBJS_STAT)
+ -rm -f $(OBJS_DYN)
+ -rm -f $(RESOURCE) $(LINK_ARG) $(LIB_ARG)
+
+vclean distclean: clean .SYMBOLIC
+ -rm -f $(TARGETS) $(LIBNAME).map $(LIBNAME).sym
+ -$(RD) $(OBJ_STAT)
+ -$(RD) $(OBJ_DYN)
+ -$(RD) $(OBJ_BASE)
+
+$(DIRS):
+ -$(MD) $^@
+
+$(LIBNAME).dll: $(OBJS_DYN) $(RESOURCE) $(__MAKEFILES__)
+ %create $(LINK_ARG)
+ @%append $(LINK_ARG) system nt dll
+!ifdef %debug
+ @%append $(LINK_ARG) debug all
+ @%append $(LINK_ARG) option symfile
+!endif
+ @%append $(LINK_ARG) option quiet, caseexact, eliminate
+ @%append $(LINK_ARG) option map=$(OBJ_DYN)/$(LIBNAME).map
+ @%append $(LINK_ARG) option implib=$(LIBNAME)_imp.lib
+ @%append $(LINK_ARG) option res=$(RESOURCE)
+ @for %f in ($(OBJS_DYN)) do @%append $(LINK_ARG) file %f
+ @%append $(LINK_ARG) library wldap32.lib
+!ifdef %use_watt32
+ @%append $(LINK_ARG) library '$(%watt_root)/lib/wattcpw_imp.lib'
+!else
+ @%append $(LINK_ARG) library ws2_32.lib
+!endif
+!ifdef %use_zlib
+ @%append $(LINK_ARG) library '$(ZLIB_ROOT)/zlib.lib'
+!endif
+!ifdef %use_rtmp
+ @%append $(LINK_ARG) library '$(LIBRTMP_ROOT)/librtmp/librtmp.lib'
+!endif
+!ifdef %use_ssh2
+ @%append $(LINK_ARG) library '$(LIBSSH2_ROOT)/win32/libssh2.lib'
+!endif
+!ifdef %use_ssl
+ @%append $(LINK_ARG) library '$(OPENSSL_ROOT)/out32/libeay32.lib'
+ @%append $(LINK_ARG) library '$(OPENSSL_ROOT)/out32/ssleay32.lib'
+!endif
+!ifdef %use_ares
+ @%append $(LINK_ARG) library '$(ARES_ROOT)/cares.lib'
+!endif
+!ifdef %use_winidn
+! if $(__VERSION__) > 1290
+ @%append $(LINK_ARG) library normaliz.lib
+! else
+ @%append $(LINK_ARG) import '_IdnToAscii@20' 'NORMALIZ.DLL'.'IdnToAscii'
+ @%append $(LINK_ARG) import '_IdnToUnicode@20' 'NORMALIZ.DLL'.'IdnToUnicode'
+! endif
+!endif
+ $(LD) name $^@ @$(LINK_ARG)
+
+$(LIBNAME).lib: $(OBJS_STAT)
+ %create $(LIB_ARG)
+ @for %f in ($<) do @%append $(LIB_ARG) +- %f
+ $(AR) -q -b -c -pa $^@ @$(LIB_ARG)
+
+$(RESOURCE): libcurl.rc
+ $(RC) $(DEBUG) -q -r -zm -bt=nt -I"../include" $(SYS_INCL) $[@ -fo=$^@
+
+.c{$(OBJ_DYN)}.obj:
+ $(CC) $(CFLAGS) -bd -br $[@ -fo=$^@
+
+.c{$(OBJ_STAT)}.obj:
+ $(CC) $(CFLAGS) -DCURL_STATICLIB $[@ -fo=$^@
+
diff --git a/libs/libcurl/src/Makefile.am b/libs/libcurl/src/Makefile.am
new file mode 100644
index 0000000000..151c2615e5
--- /dev/null
+++ b/libs/libcurl/src/Makefile.am
@@ -0,0 +1,141 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+AUTOMAKE_OPTIONS = foreign nostdinc
+
+CMAKE_DIST = CMakeLists.txt curl_config.h.cmake
+
+EXTRA_DIST = Makefile.b32 Makefile.m32 config-win32.h \
+ config-win32ce.h config-riscos.h config-mac.h curl_config.h.in \
+ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \
+ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \
+ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \
+ config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \
+ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \
+ objnames-test08.sh objnames-test10.sh objnames.inc
+
+lib_LTLIBRARIES = libcurl.la
+
+if BUILD_UNITTESTS
+noinst_LTLIBRARIES = libcurlu.la
+else
+noinst_LTLIBRARIES =
+endif
+
+# This might hold -Werror
+CFLAGS += @CURL_CFLAG_EXTRAS@
+
+# Specify our include paths here, and do it relative to $(top_srcdir) and
+# $(top_builddir), to ensure that these paths which belong to the library
+# being currently built and tested are searched before the library which
+# might possibly already be installed in the system.
+#
+# $(top_srcdir)/include is for libcurl's external include files
+# $(top_builddir)/lib is for libcurl's generated lib/curl_config.h file
+# $(top_srcdir)/lib for libcurl's lib/curl_setup.h and other "private" files
+# $(top_builddir)/ares is for in-tree c-ares's generated ares_build.h file
+# $(top_srcdir)/ares is for in-tree c-ares's external include files
+
+AM_CPPFLAGS = -I$(top_srcdir)/include \
+ -I$(top_builddir)/lib \
+ -I$(top_srcdir)/lib
+
+if USE_EMBEDDED_ARES
+AM_CPPFLAGS += -I$(top_builddir)/ares \
+ -I$(top_srcdir)/ares
+endif
+
+# Prevent LIBS from being used for all link targets
+LIBS = $(BLANK_AT_MAKETIME)
+
+VERSIONINFO=-version-info 9:0:5
+# This flag accepts an argument of the form current[:revision[:age]]. So,
+# passing -version-info 3:12:1 sets current to 3, revision to 12, and age to
+# 1.
+#
+# Here's the simplified rule guide on how to change -version-info:
+# (current version is C:R:A)
+#
+# 1. if there are only source changes, use C:R+1:A
+# 2. if interfaces were added use C+1:0:A+1
+# 3. if interfaces were removed, then use C+1:0:0
+#
+# For the full guide on libcurl ABI rules, see docs/libcurl/ABI
+
+AM_CPPFLAGS += -DBUILDING_LIBCURL
+AM_LDFLAGS =
+AM_CFLAGS =
+
+libcurl_la_CPPFLAGS_EXTRA =
+libcurl_la_LDFLAGS_EXTRA =
+libcurl_la_CFLAGS_EXTRA =
+
+@CODE_COVERAGE_RULES@
+libcurl_la_LDFLAGS_EXTRA += $(CODE_COVERAGE_LDFLAGS)
+libcurl_la_CFLAGS_EXTRA += $(CODE_COVERAGE_CFLAGS)
+
+if CURL_LT_SHLIB_USE_VERSION_INFO
+libcurl_la_LDFLAGS_EXTRA += $(VERSIONINFO)
+endif
+
+if CURL_LT_SHLIB_USE_NO_UNDEFINED
+libcurl_la_LDFLAGS_EXTRA += -no-undefined
+endif
+
+if CURL_LT_SHLIB_USE_MIMPURE_TEXT
+libcurl_la_LDFLAGS_EXTRA += -mimpure-text
+endif
+
+if CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS
+libcurl_la_LDFLAGS_EXTRA += -Wl,--version-script=libcurl.vers
+endif
+
+if USE_CPPFLAG_CURL_STATICLIB
+libcurl_la_CPPFLAGS_EXTRA += -DCURL_STATICLIB
+endif
+
+if DOING_CURL_SYMBOL_HIDING
+libcurl_la_CPPFLAGS_EXTRA += -DCURL_HIDDEN_SYMBOLS
+libcurl_la_CFLAGS_EXTRA += $(CFLAG_CURL_SYMBOL_HIDING)
+endif
+
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA)
+libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS)
+libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA)
+
+libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS
+libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS)
+libcurlu_la_CFLAGS = $(AM_CFLAGS)
+
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include Makefile.inc
+
+libcurl_la_SOURCES = $(CSOURCES) $(HHEADERS)
+libcurlu_la_SOURCES = $(CSOURCES) $(HHEADERS)
+
+checksrc:
+ @PERL@ $(srcdir)/checksrc.pl -D$(srcdir) -W$(srcdir)/curl_config.h \
+ $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] $(srcdir)/vtls/*.[ch]
+
+if CURLDEBUG
+# for debug builds, we scan the sources on all regular make invokes
+all-local: checksrc
+endif
diff --git a/libs/libcurl/src/Makefile.b32 b/libs/libcurl/src/Makefile.b32
new file mode 100644
index 0000000000..5b5b5fa9fc
--- /dev/null
+++ b/libs/libcurl/src/Makefile.b32
@@ -0,0 +1,185 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2000, Jaepil Kim, <pit@paradise.net.nz>.
+# Copyright (C) 2001 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+############################################################
+#
+# Makefile.b32 - Borland's C++ Compiler 5.X
+#
+# 'BCCDIR' has to be set up to point to the base directory
+# of the compiler, i.e. SET BCCDIR = c:\Borland\BCC55
+#
+############################################################
+
+!if "$(__MAKE__)" == ""
+!error __MAKE__ not defined. Use Borlands's MAKE to process this makefile.
+!endif
+
+# Borland's $(MAKEDIR) expands to the path where make.exe is located,
+# use this feature to define BCCDIR when user has not defined BCCDIR.
+!ifndef BCCDIR
+BCCDIR = $(MAKEDIR)\..
+!endif
+
+# Edit the path below to point to the base of your Zlib sources.
+!ifndef ZLIB_PATH
+ZLIB_PATH = ..\..\zlib-1.2.8
+!endif
+
+# Edit the path below to point to the base of your OpenSSL package.
+!ifndef OPENSSL_PATH
+OPENSSL_PATH = ..\..\openssl-1.0.2a
+!endif
+
+# Set libcurl static lib, dll and import lib
+LIBCURL_LIB = libcurl.lib
+LIBCURL_DLL = libcurl.dll
+LIBCURL_IMPLIB = libcurl_imp.lib
+
+# Setup environment
+PP_CMD = cpp32 -q -P-
+CC_CMD = bcc32 -q -c
+LD = bcc32
+RM = del 2>NUL
+MKDIR = md
+RMDIR = rd /q
+LIB = tlib
+IMPLIB = implib
+
+CC_FLAGS = -5 -O2 -tWM -w -w-aus -w-ccc -w-dup -w-prc -w-pro -w-rch -w-sig -w-spa -w-inl -w-pia -w-pin -Dinline=__inline
+LIBFLAGS = /C /P32
+LDFLAGS = -q -lq -laa -tWD
+
+SRCDIR = .;.\vauth;.\vtls
+OBJDIR = .\BCC_objs
+INCDIRS = -I.;.\lib;..\include
+LINKLIB = $(BCCDIR)\lib\cw32mt.lib $(BCCDIR)\lib\ws2_32.lib
+DEFINES = -DNDEBUG -DWIN32 -DBUILDING_LIBCURL
+
+# By default SSPI support is enabled for BCC
+!ifndef DISABLE_SSPI
+DEFINES = $(DEFINES) -DUSE_WINDOWS_SSPI
+!endif
+
+# By default LDAP support is disabled for BCC
+!ifndef WITH_LDAP
+DEFINES = $(DEFINES) -DCURL_DISABLE_LDAP
+!endif
+
+# ZLIB support is enabled setting WITH_ZLIB=1
+!ifdef WITH_ZLIB
+DEFINES = $(DEFINES) -DHAVE_LIBZ -DHAVE_ZLIB_H
+INCDIRS = $(INCDIRS);$(ZLIB_PATH)
+LINKLIB = $(LINKLIB) $(ZLIB_PATH)\zlib.lib
+!endif
+
+# SSL support is enabled setting WITH_SSL=1
+!ifdef WITH_SSL
+DEFINES = $(DEFINES) -DUSE_OPENSSL
+INCDIRS = $(INCDIRS);$(OPENSSL_PATH)\inc32;$(OPENSSL_PATH)\inc32\openssl
+LINKLIB = $(LINKLIB) $(OPENSSL_PATH)\out32\ssleay32.lib $(OPENSSL_PATH)\out32\libeay32.lib
+!endif
+
+.autodepend
+
+.path.c = $(SRCDIR)
+.path.obj = $(OBJDIR)
+.path.int = $(OBJDIR)
+
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+!include Makefile.inc
+
+# Borland's command line librarian program TLIB version 4.5 is not capable
+# of building a library when any of its objects contains an hyphen in its
+# name, due to a command line parsing bug. In order to workaround this, we
+# build source files with hyphens in their name as objects with underscores
+# using explicit compilation build rules instead of implicit ones.
+
+NOHYPHEN1 = $(CSOURCES:-=_)
+NOHYPHEN2 = $(NOHYPHEN1:vauth/=)
+NOHYPHEN3 = $(NOHYPHEN2:vtls/=)
+
+OBJECTS = $(NOHYPHEN3:.c=.obj)
+PREPROCESSED = $(NOHYPHEN3:.c=.int)
+
+# Borland's command line compiler (BCC32) version 5.5.1 integrated
+# preprocessor has a bug which results in silently generating wrong
+# definitions for libcurl macros such as CURL_OFF_T_C, on the other
+# hand Borland's command line preprocessor (CPP32) version 5.5.1 does
+# not have the bug and achieves proper results. In order to avoid the
+# silent bug we first preprocess source files and later compile the
+# preprocessed result.
+
+.c.obj:
+ @-$(RM) $(@R).int
+ $(PP_CMD) $(CC_FLAGS) $(INCDIRS) $(DEFINES) -o$(@R).int $(<)
+ $(CC_CMD) $(CC_FLAGS) -o$(@) $(@R).int
+
+all: $(OBJDIR) $(LIBCURL_LIB) $(LIBCURL_DLL)
+
+asyn_ares.obj: asyn-ares.c
+ @-$(RM) $(@R).int
+ $(PP_CMD) $(CC_FLAGS) $(INCDIRS) $(DEFINES) -o$(@R).int $(?)
+ $(CC_CMD) $(CC_FLAGS) -o$(@) $(@R).int
+
+asyn_thread.obj: asyn-thread.c
+ @-$(RM) $(@R).int
+ $(PP_CMD) $(CC_FLAGS) $(INCDIRS) $(DEFINES) -o$(@R).int $(?)
+ $(CC_CMD) $(CC_FLAGS) -o$(@) $(@R).int
+
+non_ascii.obj: non-ascii.c
+ @-$(RM) $(@R).int
+ $(PP_CMD) $(CC_FLAGS) $(INCDIRS) $(DEFINES) -o$(@R).int $(?)
+ $(CC_CMD) $(CC_FLAGS) -o$(@) $(@R).int
+
+clean:
+ cd $(OBJDIR)
+ @-$(RM) $(OBJECTS)
+ @-$(RM) $(PREPROCESSED)
+ cd ..
+ @-$(RMDIR) $(OBJDIR)
+ @-$(RM) $(LIBCURL_LIB)
+ @-$(RM) $(LIBCURL_IMPLIB)
+ @-$(RM) libcurl.tds
+
+$(OBJDIR):
+ @-$(RMDIR) $(OBJDIR)
+ @-$(MKDIR) $(OBJDIR)
+
+$(LIBCURL_LIB): $(OBJECTS)
+ @-$(RM) $(LIBCURL_LIB)
+ $(LIB) $(LIBFLAGS) $@ @&&!
++$(**: = &^
++)
+!
+
+$(LIBCURL_DLL) $(LIBCURL_IMPLIB): $(OBJECTS) $(LINKLIB)
+ @-$(RM) $(LIBCURL_DLL)
+ @-$(RM) $(LIBCURL_IMPLIB)
+ $(LD) $(LDFLAGS) -e$(LIBCURL_DLL) @&&!
+$(**: = ^
+)
+!
+ $(IMPLIB) $(LIBCURL_IMPLIB) $(LIBCURL_DLL)
+
+
+# End of Makefile.b32
diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in
new file mode 100644
index 0000000000..545b630d37
--- /dev/null
+++ b/libs/libcurl/src/Makefile.in
@@ -0,0 +1,3264 @@
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@USE_EMBEDDED_ARES_TRUE@am__append_1 = -I$(top_builddir)/ares \
+@USE_EMBEDDED_ARES_TRUE@ -I$(top_srcdir)/ares
+
+@CURL_LT_SHLIB_USE_VERSION_INFO_TRUE@am__append_2 = $(VERSIONINFO)
+@CURL_LT_SHLIB_USE_NO_UNDEFINED_TRUE@am__append_3 = -no-undefined
+@CURL_LT_SHLIB_USE_MIMPURE_TEXT_TRUE@am__append_4 = -mimpure-text
+@CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_TRUE@am__append_5 = -Wl,--version-script=libcurl.vers
+@USE_CPPFLAG_CURL_STATICLIB_TRUE@am__append_6 = -DCURL_STATICLIB
+@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_7 = -DCURL_HIDDEN_SYMBOLS
+@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_8 = $(CFLAG_CURL_SYMBOL_HIDING)
+subdir = lib
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_code_coverage.m4 \
+ $(top_srcdir)/m4/curl-compilers.m4 \
+ $(top_srcdir)/m4/curl-confopts.m4 \
+ $(top_srcdir)/m4/curl-functions.m4 \
+ $(top_srcdir)/m4/curl-openssl.m4 \
+ $(top_srcdir)/m4/curl-override.m4 \
+ $(top_srcdir)/m4/curl-reentrant.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/xc-am-iface.m4 \
+ $(top_srcdir)/m4/xc-cc-check.m4 \
+ $(top_srcdir)/m4/xc-lt-iface.m4 \
+ $(top_srcdir)/m4/xc-translit.m4 \
+ $(top_srcdir)/m4/xc-val-flgs.m4 \
+ $(top_srcdir)/m4/zz40-xc-ovr.m4 \
+ $(top_srcdir)/m4/zz50-xc-ovr.m4 \
+ $(top_srcdir)/m4/zz60-xc-ovr.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = curl_config.h
+CONFIG_CLEAN_FILES = libcurl.vers
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
+libcurl_la_LIBADD =
+am__objects_1 = libcurl_la-file.lo libcurl_la-timeval.lo \
+ libcurl_la-base64.lo libcurl_la-hostip.lo \
+ libcurl_la-progress.lo libcurl_la-formdata.lo \
+ libcurl_la-cookie.lo libcurl_la-http.lo libcurl_la-sendf.lo \
+ libcurl_la-ftp.lo libcurl_la-url.lo libcurl_la-dict.lo \
+ libcurl_la-if2ip.lo libcurl_la-speedcheck.lo \
+ libcurl_la-ldap.lo libcurl_la-version.lo libcurl_la-getenv.lo \
+ libcurl_la-escape.lo libcurl_la-mprintf.lo \
+ libcurl_la-telnet.lo libcurl_la-netrc.lo libcurl_la-getinfo.lo \
+ libcurl_la-transfer.lo libcurl_la-strcase.lo \
+ libcurl_la-easy.lo libcurl_la-security.lo \
+ libcurl_la-curl_fnmatch.lo libcurl_la-fileinfo.lo \
+ libcurl_la-ftplistparser.lo libcurl_la-wildcard.lo \
+ libcurl_la-krb5.lo libcurl_la-memdebug.lo \
+ libcurl_la-http_chunks.lo libcurl_la-strtok.lo \
+ libcurl_la-connect.lo libcurl_la-llist.lo libcurl_la-hash.lo \
+ libcurl_la-multi.lo libcurl_la-content_encoding.lo \
+ libcurl_la-share.lo libcurl_la-http_digest.lo \
+ libcurl_la-md4.lo libcurl_la-md5.lo \
+ libcurl_la-http_negotiate.lo libcurl_la-inet_pton.lo \
+ libcurl_la-strtoofft.lo libcurl_la-strerror.lo \
+ libcurl_la-amigaos.lo libcurl_la-hostasyn.lo \
+ libcurl_la-hostip4.lo libcurl_la-hostip6.lo \
+ libcurl_la-hostsyn.lo libcurl_la-inet_ntop.lo \
+ libcurl_la-parsedate.lo libcurl_la-select.lo \
+ libcurl_la-tftp.lo libcurl_la-splay.lo libcurl_la-strdup.lo \
+ libcurl_la-socks.lo libcurl_la-ssh.lo \
+ libcurl_la-curl_addrinfo.lo libcurl_la-socks_gssapi.lo \
+ libcurl_la-socks_sspi.lo libcurl_la-curl_sspi.lo \
+ libcurl_la-slist.lo libcurl_la-nonblock.lo \
+ libcurl_la-curl_memrchr.lo libcurl_la-imap.lo \
+ libcurl_la-pop3.lo libcurl_la-smtp.lo libcurl_la-pingpong.lo \
+ libcurl_la-rtsp.lo libcurl_la-curl_threads.lo \
+ libcurl_la-warnless.lo libcurl_la-hmac.lo \
+ libcurl_la-curl_rtmp.lo libcurl_la-openldap.lo \
+ libcurl_la-curl_gethostname.lo libcurl_la-gopher.lo \
+ libcurl_la-idn_win32.lo libcurl_la-http_proxy.lo \
+ libcurl_la-non-ascii.lo libcurl_la-asyn-ares.lo \
+ libcurl_la-asyn-thread.lo libcurl_la-curl_gssapi.lo \
+ libcurl_la-http_ntlm.lo libcurl_la-curl_ntlm_wb.lo \
+ libcurl_la-curl_ntlm_core.lo libcurl_la-curl_sasl.lo \
+ libcurl_la-rand.lo libcurl_la-curl_multibyte.lo \
+ libcurl_la-hostcheck.lo libcurl_la-conncache.lo \
+ libcurl_la-pipeline.lo libcurl_la-dotdot.lo \
+ libcurl_la-x509asn1.lo libcurl_la-http2.lo libcurl_la-smb.lo \
+ libcurl_la-curl_endian.lo libcurl_la-curl_des.lo \
+ libcurl_la-system_win32.lo libcurl_la-mime.lo \
+ libcurl_la-sha256.lo libcurl_la-setopt.lo
+am__dirstamp = $(am__leading_dot)dirstamp
+am__objects_2 = vauth/libcurl_la-vauth.lo \
+ vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \
+ vauth/libcurl_la-digest.lo vauth/libcurl_la-digest_sspi.lo \
+ vauth/libcurl_la-krb5_gssapi.lo vauth/libcurl_la-krb5_sspi.lo \
+ vauth/libcurl_la-ntlm.lo vauth/libcurl_la-ntlm_sspi.lo \
+ vauth/libcurl_la-oauth2.lo vauth/libcurl_la-spnego_gssapi.lo \
+ vauth/libcurl_la-spnego_sspi.lo
+am__objects_3 = vtls/libcurl_la-openssl.lo vtls/libcurl_la-gtls.lo \
+ vtls/libcurl_la-vtls.lo vtls/libcurl_la-nss.lo \
+ vtls/libcurl_la-polarssl.lo \
+ vtls/libcurl_la-polarssl_threadlock.lo \
+ vtls/libcurl_la-axtls.lo vtls/libcurl_la-cyassl.lo \
+ vtls/libcurl_la-schannel.lo vtls/libcurl_la-darwinssl.lo \
+ vtls/libcurl_la-gskit.lo vtls/libcurl_la-mbedtls.lo
+am__objects_4 = $(am__objects_1) $(am__objects_2) $(am__objects_3)
+am__objects_5 =
+am__objects_6 = $(am__objects_5) $(am__objects_5) $(am__objects_5)
+am_libcurl_la_OBJECTS = $(am__objects_4) $(am__objects_6)
+libcurl_la_OBJECTS = $(am_libcurl_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+libcurl_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libcurl_la_CFLAGS) \
+ $(CFLAGS) $(libcurl_la_LDFLAGS) $(LDFLAGS) -o $@
+libcurlu_la_LIBADD =
+am__objects_7 = libcurlu_la-file.lo libcurlu_la-timeval.lo \
+ libcurlu_la-base64.lo libcurlu_la-hostip.lo \
+ libcurlu_la-progress.lo libcurlu_la-formdata.lo \
+ libcurlu_la-cookie.lo libcurlu_la-http.lo libcurlu_la-sendf.lo \
+ libcurlu_la-ftp.lo libcurlu_la-url.lo libcurlu_la-dict.lo \
+ libcurlu_la-if2ip.lo libcurlu_la-speedcheck.lo \
+ libcurlu_la-ldap.lo libcurlu_la-version.lo \
+ libcurlu_la-getenv.lo libcurlu_la-escape.lo \
+ libcurlu_la-mprintf.lo libcurlu_la-telnet.lo \
+ libcurlu_la-netrc.lo libcurlu_la-getinfo.lo \
+ libcurlu_la-transfer.lo libcurlu_la-strcase.lo \
+ libcurlu_la-easy.lo libcurlu_la-security.lo \
+ libcurlu_la-curl_fnmatch.lo libcurlu_la-fileinfo.lo \
+ libcurlu_la-ftplistparser.lo libcurlu_la-wildcard.lo \
+ libcurlu_la-krb5.lo libcurlu_la-memdebug.lo \
+ libcurlu_la-http_chunks.lo libcurlu_la-strtok.lo \
+ libcurlu_la-connect.lo libcurlu_la-llist.lo \
+ libcurlu_la-hash.lo libcurlu_la-multi.lo \
+ libcurlu_la-content_encoding.lo libcurlu_la-share.lo \
+ libcurlu_la-http_digest.lo libcurlu_la-md4.lo \
+ libcurlu_la-md5.lo libcurlu_la-http_negotiate.lo \
+ libcurlu_la-inet_pton.lo libcurlu_la-strtoofft.lo \
+ libcurlu_la-strerror.lo libcurlu_la-amigaos.lo \
+ libcurlu_la-hostasyn.lo libcurlu_la-hostip4.lo \
+ libcurlu_la-hostip6.lo libcurlu_la-hostsyn.lo \
+ libcurlu_la-inet_ntop.lo libcurlu_la-parsedate.lo \
+ libcurlu_la-select.lo libcurlu_la-tftp.lo libcurlu_la-splay.lo \
+ libcurlu_la-strdup.lo libcurlu_la-socks.lo libcurlu_la-ssh.lo \
+ libcurlu_la-curl_addrinfo.lo libcurlu_la-socks_gssapi.lo \
+ libcurlu_la-socks_sspi.lo libcurlu_la-curl_sspi.lo \
+ libcurlu_la-slist.lo libcurlu_la-nonblock.lo \
+ libcurlu_la-curl_memrchr.lo libcurlu_la-imap.lo \
+ libcurlu_la-pop3.lo libcurlu_la-smtp.lo \
+ libcurlu_la-pingpong.lo libcurlu_la-rtsp.lo \
+ libcurlu_la-curl_threads.lo libcurlu_la-warnless.lo \
+ libcurlu_la-hmac.lo libcurlu_la-curl_rtmp.lo \
+ libcurlu_la-openldap.lo libcurlu_la-curl_gethostname.lo \
+ libcurlu_la-gopher.lo libcurlu_la-idn_win32.lo \
+ libcurlu_la-http_proxy.lo libcurlu_la-non-ascii.lo \
+ libcurlu_la-asyn-ares.lo libcurlu_la-asyn-thread.lo \
+ libcurlu_la-curl_gssapi.lo libcurlu_la-http_ntlm.lo \
+ libcurlu_la-curl_ntlm_wb.lo libcurlu_la-curl_ntlm_core.lo \
+ libcurlu_la-curl_sasl.lo libcurlu_la-rand.lo \
+ libcurlu_la-curl_multibyte.lo libcurlu_la-hostcheck.lo \
+ libcurlu_la-conncache.lo libcurlu_la-pipeline.lo \
+ libcurlu_la-dotdot.lo libcurlu_la-x509asn1.lo \
+ libcurlu_la-http2.lo libcurlu_la-smb.lo \
+ libcurlu_la-curl_endian.lo libcurlu_la-curl_des.lo \
+ libcurlu_la-system_win32.lo libcurlu_la-mime.lo \
+ libcurlu_la-sha256.lo libcurlu_la-setopt.lo
+am__objects_8 = vauth/libcurlu_la-vauth.lo \
+ vauth/libcurlu_la-cleartext.lo vauth/libcurlu_la-cram.lo \
+ vauth/libcurlu_la-digest.lo vauth/libcurlu_la-digest_sspi.lo \
+ vauth/libcurlu_la-krb5_gssapi.lo \
+ vauth/libcurlu_la-krb5_sspi.lo vauth/libcurlu_la-ntlm.lo \
+ vauth/libcurlu_la-ntlm_sspi.lo vauth/libcurlu_la-oauth2.lo \
+ vauth/libcurlu_la-spnego_gssapi.lo \
+ vauth/libcurlu_la-spnego_sspi.lo
+am__objects_9 = vtls/libcurlu_la-openssl.lo vtls/libcurlu_la-gtls.lo \
+ vtls/libcurlu_la-vtls.lo vtls/libcurlu_la-nss.lo \
+ vtls/libcurlu_la-polarssl.lo \
+ vtls/libcurlu_la-polarssl_threadlock.lo \
+ vtls/libcurlu_la-axtls.lo vtls/libcurlu_la-cyassl.lo \
+ vtls/libcurlu_la-schannel.lo vtls/libcurlu_la-darwinssl.lo \
+ vtls/libcurlu_la-gskit.lo vtls/libcurlu_la-mbedtls.lo
+am__objects_10 = $(am__objects_7) $(am__objects_8) $(am__objects_9)
+am_libcurlu_la_OBJECTS = $(am__objects_10) $(am__objects_6)
+libcurlu_la_OBJECTS = $(am_libcurlu_la_OBJECTS)
+libcurlu_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libcurlu_la_CFLAGS) \
+ $(CFLAGS) $(libcurlu_la_LDFLAGS) $(LDFLAGS) -o $@
+@BUILD_UNITTESTS_TRUE@am_libcurlu_la_rpath =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES =
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(libcurl_la_SOURCES) $(libcurlu_la_SOURCES)
+DIST_SOURCES = $(libcurl_la_SOURCES) $(libcurlu_la_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
+ $(LISP)curl_config.h.in
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.inc \
+ $(srcdir)/curl_config.h.in $(srcdir)/libcurl.vers.in \
+ $(top_srcdir)/depcomp
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AS = @AS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BLANK_AT_MAKETIME = @BLANK_AT_MAKETIME@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+
+# This might hold -Werror
+CFLAGS = @CFLAGS@ @CURL_CFLAG_EXTRAS@
+CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@
+CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@
+CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@
+CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@
+CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@
+CODE_COVERAGE_LDFLAGS = @CODE_COVERAGE_LDFLAGS@
+CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@
+CONFIGURE_OPTIONS = @CONFIGURE_OPTIONS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CPPFLAG_CURL_STATICLIB = @CPPFLAG_CURL_STATICLIB@
+CURLVERSION = @CURLVERSION@
+CURL_CA_BUNDLE = @CURL_CA_BUNDLE@
+CURL_CFLAG_EXTRAS = @CURL_CFLAG_EXTRAS@
+CURL_DISABLE_DICT = @CURL_DISABLE_DICT@
+CURL_DISABLE_FILE = @CURL_DISABLE_FILE@
+CURL_DISABLE_FTP = @CURL_DISABLE_FTP@
+CURL_DISABLE_GOPHER = @CURL_DISABLE_GOPHER@
+CURL_DISABLE_HTTP = @CURL_DISABLE_HTTP@
+CURL_DISABLE_IMAP = @CURL_DISABLE_IMAP@
+CURL_DISABLE_LDAP = @CURL_DISABLE_LDAP@
+CURL_DISABLE_LDAPS = @CURL_DISABLE_LDAPS@
+CURL_DISABLE_POP3 = @CURL_DISABLE_POP3@
+CURL_DISABLE_PROXY = @CURL_DISABLE_PROXY@
+CURL_DISABLE_RTSP = @CURL_DISABLE_RTSP@
+CURL_DISABLE_SMB = @CURL_DISABLE_SMB@
+CURL_DISABLE_SMTP = @CURL_DISABLE_SMTP@
+CURL_DISABLE_TELNET = @CURL_DISABLE_TELNET@
+CURL_DISABLE_TFTP = @CURL_DISABLE_TFTP@
+CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@
+CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@
+CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@
+CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@
+CYGPATH_W = @CYGPATH_W@
+DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ENABLE_SHARED = @ENABLE_SHARED@
+ENABLE_STATIC = @ENABLE_STATIC@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCOV = @GCOV@
+GENHTML = @GENHTML@
+GREP = @GREP@
+HAVE_BROTLI = @HAVE_BROTLI@
+HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@
+HAVE_LDAP_SSL = @HAVE_LDAP_SSL@
+HAVE_LIBZ = @HAVE_LIBZ@
+HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@
+IDN_ENABLED = @IDN_ENABLED@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPV6_ENABLED = @IPV6_ENABLED@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBCURL_LIBS = @LIBCURL_LIBS@
+LIBMETALINK_CPPFLAGS = @LIBMETALINK_CPPFLAGS@
+LIBMETALINK_LDFLAGS = @LIBMETALINK_LDFLAGS@
+LIBMETALINK_LIBS = @LIBMETALINK_LIBS@
+LIBOBJS = @LIBOBJS@
+
+# Prevent LIBS from being used for all link targets
+LIBS = $(BLANK_AT_MAKETIME)
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MANOPT = @MANOPT@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NROFF = @NROFF@
+NSS_LIBS = @NSS_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKGADD_NAME = @PKGADD_NAME@
+PKGADD_PKG = @PKGADD_PKG@
+PKGADD_VENDOR = @PKGADD_VENDOR@
+PKGCONFIG = @PKGCONFIG@
+RANDOM_FILE = @RANDOM_FILE@
+RANLIB = @RANLIB@
+REQUIRE_LIB_DEPS = @REQUIRE_LIB_DEPS@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SSL_ENABLED = @SSL_ENABLED@
+SSL_LIBS = @SSL_LIBS@
+STRIP = @STRIP@
+SUPPORT_FEATURES = @SUPPORT_FEATURES@
+SUPPORT_PROTOCOLS = @SUPPORT_PROTOCOLS@
+USE_ARES = @USE_ARES@
+USE_AXTLS = @USE_AXTLS@
+USE_CYASSL = @USE_CYASSL@
+USE_DARWINSSL = @USE_DARWINSSL@
+USE_GNUTLS = @USE_GNUTLS@
+USE_GNUTLS_NETTLE = @USE_GNUTLS_NETTLE@
+USE_LIBRTMP = @USE_LIBRTMP@
+USE_LIBSSH2 = @USE_LIBSSH2@
+USE_MBEDTLS = @USE_MBEDTLS@
+USE_NGHTTP2 = @USE_NGHTTP2@
+USE_NSS = @USE_NSS@
+USE_OPENLDAP = @USE_OPENLDAP@
+USE_POLARSSL = @USE_POLARSSL@
+USE_SCHANNEL = @USE_SCHANNEL@
+USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@
+USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@
+VERSION = @VERSION@
+VERSIONNUM = @VERSIONNUM@
+ZLIB_LIBS = @ZLIB_LIBS@
+ZSH_FUNCTIONS_DIR = @ZSH_FUNCTIONS_DIR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libext = @libext@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+runstatedir = @runstatedir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+subdirs = @subdirs@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+AUTOMAKE_OPTIONS = foreign nostdinc
+CMAKE_DIST = CMakeLists.txt curl_config.h.cmake
+EXTRA_DIST = Makefile.b32 Makefile.m32 config-win32.h \
+ config-win32ce.h config-riscos.h config-mac.h curl_config.h.in \
+ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \
+ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \
+ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom \
+ config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \
+ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \
+ objnames-test08.sh objnames-test10.sh objnames.inc
+
+lib_LTLIBRARIES = libcurl.la
+@BUILD_UNITTESTS_FALSE@noinst_LTLIBRARIES =
+@BUILD_UNITTESTS_TRUE@noinst_LTLIBRARIES = libcurlu.la
+
+# Specify our include paths here, and do it relative to $(top_srcdir) and
+# $(top_builddir), to ensure that these paths which belong to the library
+# being currently built and tested are searched before the library which
+# might possibly already be installed in the system.
+#
+# $(top_srcdir)/include is for libcurl's external include files
+# $(top_builddir)/lib is for libcurl's generated lib/curl_config.h file
+# $(top_srcdir)/lib for libcurl's lib/curl_setup.h and other "private" files
+# $(top_builddir)/ares is for in-tree c-ares's generated ares_build.h file
+# $(top_srcdir)/ares is for in-tree c-ares's external include files
+# This flag accepts an argument of the form current[:revision[:age]]. So,
+# passing -version-info 3:12:1 sets current to 3, revision to 12, and age to
+# 1.
+#
+# Here's the simplified rule guide on how to change -version-info:
+# (current version is C:R:A)
+#
+# 1. if there are only source changes, use C:R+1:A
+# 2. if interfaces were added use C+1:0:A+1
+# 3. if interfaces were removed, then use C+1:0:0
+#
+# For the full guide on libcurl ABI rules, see docs/libcurl/ABI
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/lib \
+ -I$(top_srcdir)/lib $(am__append_1) -DBUILDING_LIBCURL
+VERSIONINFO = -version-info 9:0:5
+AM_LDFLAGS =
+AM_CFLAGS =
+libcurl_la_CPPFLAGS_EXTRA = $(am__append_6) $(am__append_7)
+libcurl_la_LDFLAGS_EXTRA = $(CODE_COVERAGE_LDFLAGS) $(am__append_2) \
+ $(am__append_3) $(am__append_4) $(am__append_5)
+libcurl_la_CFLAGS_EXTRA = $(CODE_COVERAGE_CFLAGS) $(am__append_8)
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA)
+libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS)
+libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA)
+libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS
+libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS)
+libcurlu_la_CFLAGS = $(AM_CFLAGS)
+LIB_VAUTH_CFILES = vauth/vauth.c vauth/cleartext.c vauth/cram.c \
+ vauth/digest.c vauth/digest_sspi.c vauth/krb5_gssapi.c \
+ vauth/krb5_sspi.c vauth/ntlm.c vauth/ntlm_sspi.c vauth/oauth2.c \
+ vauth/spnego_gssapi.c vauth/spnego_sspi.c
+
+LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h
+LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \
+ vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \
+ vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c \
+ vtls/mbedtls.c
+
+LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \
+ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \
+ vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h \
+ vtls/mbedtls.h
+
+LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
+ cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \
+ ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c \
+ getinfo.c transfer.c strcase.c easy.c security.c curl_fnmatch.c \
+ fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c \
+ strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c \
+ http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c \
+ strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c \
+ inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c \
+ ssh.c curl_addrinfo.c socks_gssapi.c socks_sspi.c \
+ curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c \
+ pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c \
+ openldap.c curl_gethostname.c gopher.c idn_win32.c \
+ http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \
+ http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \
+ curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \
+ x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \
+ mime.c sha256.c setopt.c
+
+LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
+ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \
+ speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h \
+ strcase.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h \
+ wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h \
+ hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h \
+ http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h \
+ inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h \
+ easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h \
+ socks.h ssh.h curl_base64.h curl_addrinfo.h curl_sspi.h \
+ slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h \
+ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \
+ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \
+ http_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \
+ curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \
+ curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \
+ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \
+ curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h
+
+LIB_RCFILES = libcurl.rc
+CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES)
+HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES)
+
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+libcurl_la_SOURCES = $(CSOURCES) $(HHEADERS)
+libcurlu_la_SOURCES = $(CSOURCES) $(HHEADERS)
+all: curl_config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/Makefile.inc $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign lib/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+$(srcdir)/Makefile.inc $(am__empty):
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+curl_config.h: stamp-h1
+ @test -f $@ || rm -f stamp-h1
+ @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
+
+stamp-h1: $(srcdir)/curl_config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status lib/curl_config.h
+$(srcdir)/curl_config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f curl_config.h stamp-h1
+libcurl.vers: $(top_builddir)/config.status $(srcdir)/libcurl.vers.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+vauth/$(am__dirstamp):
+ @$(MKDIR_P) vauth
+ @: > vauth/$(am__dirstamp)
+vauth/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) vauth/$(DEPDIR)
+ @: > vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-vauth.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-cleartext.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-cram.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-digest.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-digest_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-krb5_gssapi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-krb5_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-ntlm.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-ntlm_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-oauth2.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-spnego_gssapi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurl_la-spnego_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vtls/$(am__dirstamp):
+ @$(MKDIR_P) vtls
+ @: > vtls/$(am__dirstamp)
+vtls/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) vtls/$(DEPDIR)
+ @: > vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-openssl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-gtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-vtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-nss.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-polarssl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-polarssl_threadlock.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-axtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-cyassl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-schannel.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-darwinssl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-gskit.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-mbedtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+
+libcurl.la: $(libcurl_la_OBJECTS) $(libcurl_la_DEPENDENCIES) $(EXTRA_libcurl_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libcurl_la_LINK) -rpath $(libdir) $(libcurl_la_OBJECTS) $(libcurl_la_LIBADD) $(LIBS)
+vauth/libcurlu_la-vauth.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-cleartext.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-cram.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-digest.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-digest_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-krb5_gssapi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-krb5_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-ntlm.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-ntlm_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-oauth2.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-spnego_gssapi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vauth/libcurlu_la-spnego_sspi.lo: vauth/$(am__dirstamp) \
+ vauth/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-openssl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-gtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-vtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-nss.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-polarssl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-polarssl_threadlock.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-axtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-cyassl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-schannel.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-darwinssl.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-gskit.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-mbedtls.lo: vtls/$(am__dirstamp) \
+ vtls/$(DEPDIR)/$(am__dirstamp)
+
+libcurlu.la: $(libcurlu_la_OBJECTS) $(libcurlu_la_DEPENDENCIES) $(EXTRA_libcurlu_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libcurlu_la_LINK) $(am_libcurlu_la_rpath) $(libcurlu_la_OBJECTS) $(libcurlu_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+ -rm -f vauth/*.$(OBJEXT)
+ -rm -f vauth/*.lo
+ -rm -f vtls/*.$(OBJEXT)
+ -rm -f vtls/*.lo
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-amigaos.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-asyn-ares.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-asyn-thread.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-base64.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-conncache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-connect.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-content_encoding.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-cookie.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_addrinfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_endian.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_fnmatch.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_gethostname.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_memrchr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_multibyte.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_ntlm_core.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_ntlm_wb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_rtmp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_sasl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_threads.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-dict.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-dotdot.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-easy.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-escape.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-file.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-fileinfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-formdata.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-ftp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-ftplistparser.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-getenv.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-getinfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-gopher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hash.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostasyn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostcheck.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostip.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostip4.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostip6.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostsyn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-http.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-http2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-http_chunks.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-http_digest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-http_negotiate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-http_ntlm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-http_proxy.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-idn_win32.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-if2ip.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-imap.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-inet_ntop.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-inet_pton.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-krb5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-ldap.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-llist.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-md4.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-md5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-memdebug.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-mime.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-mprintf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-multi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-netrc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-non-ascii.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-nonblock.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-openldap.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-parsedate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pingpong.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pipeline.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pop3.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-progress.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-rand.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-rtsp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-security.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-select.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-sendf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-setopt.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-sha256.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-share.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-slist.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-smb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-smtp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-socks.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-socks_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-socks_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-speedcheck.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-splay.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-ssh.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-strcase.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-strdup.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-strerror.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-strtok.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-strtoofft.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-system_win32.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-telnet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-tftp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-timeval.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-transfer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-url.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-version.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-warnless.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-wildcard.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-x509asn1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-amigaos.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-asyn-ares.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-asyn-thread.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-base64.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-conncache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-connect.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-content_encoding.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-cookie.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_addrinfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_endian.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_fnmatch.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_gethostname.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_memrchr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_multibyte.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_ntlm_core.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_ntlm_wb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_rtmp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_sasl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_threads.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-dict.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-dotdot.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-easy.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-escape.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-file.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-fileinfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-formdata.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-ftp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-ftplistparser.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-getenv.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-getinfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-gopher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hash.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostasyn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostcheck.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostip.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostip4.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostip6.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostsyn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-http.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-http2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-http_chunks.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-http_digest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-http_negotiate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-http_ntlm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-http_proxy.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-idn_win32.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-if2ip.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-imap.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-inet_ntop.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-inet_pton.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-krb5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-ldap.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-llist.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-md4.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-md5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-memdebug.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-mime.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-mprintf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-multi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-netrc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-non-ascii.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-nonblock.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-openldap.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-parsedate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pingpong.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pipeline.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pop3.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-progress.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-rand.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-rtsp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-security.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-select.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-sendf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-setopt.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-sha256.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-share.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-slist.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-smb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-smtp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-socks.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-socks_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-socks_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-speedcheck.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-splay.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-ssh.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-strcase.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-strdup.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-strerror.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-strtok.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-strtoofft.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-system_win32.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-telnet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-tftp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-timeval.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-transfer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-url.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-version.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-warnless.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-wildcard.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-x509asn1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-cleartext.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-cram.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-digest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-digest_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-krb5_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-krb5_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-ntlm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-ntlm_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-oauth2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-spnego_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-spnego_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-vauth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-cleartext.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-cram.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-digest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-digest_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-krb5_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-krb5_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-ntlm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-ntlm_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-oauth2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-vauth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-axtls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-cyassl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-darwinssl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-gskit.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-gtls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-nss.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-openssl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-polarssl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-schannel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-vtls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-axtls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-cyassl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-darwinssl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-gskit.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-gtls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-nss.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-openssl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-polarssl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-schannel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-vtls.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+libcurl_la-file.lo: file.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-file.lo -MD -MP -MF $(DEPDIR)/libcurl_la-file.Tpo -c -o libcurl_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-file.Tpo $(DEPDIR)/libcurl_la-file.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='file.c' object='libcurl_la-file.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c
+
+libcurl_la-timeval.lo: timeval.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-timeval.lo -MD -MP -MF $(DEPDIR)/libcurl_la-timeval.Tpo -c -o libcurl_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-timeval.Tpo $(DEPDIR)/libcurl_la-timeval.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='timeval.c' object='libcurl_la-timeval.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c
+
+libcurl_la-base64.lo: base64.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-base64.lo -MD -MP -MF $(DEPDIR)/libcurl_la-base64.Tpo -c -o libcurl_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-base64.Tpo $(DEPDIR)/libcurl_la-base64.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='base64.c' object='libcurl_la-base64.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c
+
+libcurl_la-hostip.lo: hostip.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostip.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostip.Tpo -c -o libcurl_la-hostip.lo `test -f 'hostip.c' || echo '$(srcdir)/'`hostip.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostip.Tpo $(DEPDIR)/libcurl_la-hostip.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostip.c' object='libcurl_la-hostip.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostip.lo `test -f 'hostip.c' || echo '$(srcdir)/'`hostip.c
+
+libcurl_la-progress.lo: progress.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-progress.lo -MD -MP -MF $(DEPDIR)/libcurl_la-progress.Tpo -c -o libcurl_la-progress.lo `test -f 'progress.c' || echo '$(srcdir)/'`progress.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-progress.Tpo $(DEPDIR)/libcurl_la-progress.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='progress.c' object='libcurl_la-progress.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-progress.lo `test -f 'progress.c' || echo '$(srcdir)/'`progress.c
+
+libcurl_la-formdata.lo: formdata.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-formdata.lo -MD -MP -MF $(DEPDIR)/libcurl_la-formdata.Tpo -c -o libcurl_la-formdata.lo `test -f 'formdata.c' || echo '$(srcdir)/'`formdata.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-formdata.Tpo $(DEPDIR)/libcurl_la-formdata.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='formdata.c' object='libcurl_la-formdata.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-formdata.lo `test -f 'formdata.c' || echo '$(srcdir)/'`formdata.c
+
+libcurl_la-cookie.lo: cookie.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-cookie.lo -MD -MP -MF $(DEPDIR)/libcurl_la-cookie.Tpo -c -o libcurl_la-cookie.lo `test -f 'cookie.c' || echo '$(srcdir)/'`cookie.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-cookie.Tpo $(DEPDIR)/libcurl_la-cookie.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cookie.c' object='libcurl_la-cookie.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-cookie.lo `test -f 'cookie.c' || echo '$(srcdir)/'`cookie.c
+
+libcurl_la-http.lo: http.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-http.lo -MD -MP -MF $(DEPDIR)/libcurl_la-http.Tpo -c -o libcurl_la-http.lo `test -f 'http.c' || echo '$(srcdir)/'`http.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-http.Tpo $(DEPDIR)/libcurl_la-http.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http.c' object='libcurl_la-http.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-http.lo `test -f 'http.c' || echo '$(srcdir)/'`http.c
+
+libcurl_la-sendf.lo: sendf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-sendf.lo -MD -MP -MF $(DEPDIR)/libcurl_la-sendf.Tpo -c -o libcurl_la-sendf.lo `test -f 'sendf.c' || echo '$(srcdir)/'`sendf.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-sendf.Tpo $(DEPDIR)/libcurl_la-sendf.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sendf.c' object='libcurl_la-sendf.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-sendf.lo `test -f 'sendf.c' || echo '$(srcdir)/'`sendf.c
+
+libcurl_la-ftp.lo: ftp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-ftp.lo -MD -MP -MF $(DEPDIR)/libcurl_la-ftp.Tpo -c -o libcurl_la-ftp.lo `test -f 'ftp.c' || echo '$(srcdir)/'`ftp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-ftp.Tpo $(DEPDIR)/libcurl_la-ftp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ftp.c' object='libcurl_la-ftp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-ftp.lo `test -f 'ftp.c' || echo '$(srcdir)/'`ftp.c
+
+libcurl_la-url.lo: url.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-url.lo -MD -MP -MF $(DEPDIR)/libcurl_la-url.Tpo -c -o libcurl_la-url.lo `test -f 'url.c' || echo '$(srcdir)/'`url.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-url.Tpo $(DEPDIR)/libcurl_la-url.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='url.c' object='libcurl_la-url.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-url.lo `test -f 'url.c' || echo '$(srcdir)/'`url.c
+
+libcurl_la-dict.lo: dict.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-dict.lo -MD -MP -MF $(DEPDIR)/libcurl_la-dict.Tpo -c -o libcurl_la-dict.lo `test -f 'dict.c' || echo '$(srcdir)/'`dict.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-dict.Tpo $(DEPDIR)/libcurl_la-dict.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='dict.c' object='libcurl_la-dict.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-dict.lo `test -f 'dict.c' || echo '$(srcdir)/'`dict.c
+
+libcurl_la-if2ip.lo: if2ip.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-if2ip.lo -MD -MP -MF $(DEPDIR)/libcurl_la-if2ip.Tpo -c -o libcurl_la-if2ip.lo `test -f 'if2ip.c' || echo '$(srcdir)/'`if2ip.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-if2ip.Tpo $(DEPDIR)/libcurl_la-if2ip.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='if2ip.c' object='libcurl_la-if2ip.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-if2ip.lo `test -f 'if2ip.c' || echo '$(srcdir)/'`if2ip.c
+
+libcurl_la-speedcheck.lo: speedcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-speedcheck.lo -MD -MP -MF $(DEPDIR)/libcurl_la-speedcheck.Tpo -c -o libcurl_la-speedcheck.lo `test -f 'speedcheck.c' || echo '$(srcdir)/'`speedcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-speedcheck.Tpo $(DEPDIR)/libcurl_la-speedcheck.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='speedcheck.c' object='libcurl_la-speedcheck.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-speedcheck.lo `test -f 'speedcheck.c' || echo '$(srcdir)/'`speedcheck.c
+
+libcurl_la-ldap.lo: ldap.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-ldap.lo -MD -MP -MF $(DEPDIR)/libcurl_la-ldap.Tpo -c -o libcurl_la-ldap.lo `test -f 'ldap.c' || echo '$(srcdir)/'`ldap.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-ldap.Tpo $(DEPDIR)/libcurl_la-ldap.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ldap.c' object='libcurl_la-ldap.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-ldap.lo `test -f 'ldap.c' || echo '$(srcdir)/'`ldap.c
+
+libcurl_la-version.lo: version.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-version.lo -MD -MP -MF $(DEPDIR)/libcurl_la-version.Tpo -c -o libcurl_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-version.Tpo $(DEPDIR)/libcurl_la-version.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='version.c' object='libcurl_la-version.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c
+
+libcurl_la-getenv.lo: getenv.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-getenv.lo -MD -MP -MF $(DEPDIR)/libcurl_la-getenv.Tpo -c -o libcurl_la-getenv.lo `test -f 'getenv.c' || echo '$(srcdir)/'`getenv.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-getenv.Tpo $(DEPDIR)/libcurl_la-getenv.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='getenv.c' object='libcurl_la-getenv.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-getenv.lo `test -f 'getenv.c' || echo '$(srcdir)/'`getenv.c
+
+libcurl_la-escape.lo: escape.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-escape.lo -MD -MP -MF $(DEPDIR)/libcurl_la-escape.Tpo -c -o libcurl_la-escape.lo `test -f 'escape.c' || echo '$(srcdir)/'`escape.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-escape.Tpo $(DEPDIR)/libcurl_la-escape.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='escape.c' object='libcurl_la-escape.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-escape.lo `test -f 'escape.c' || echo '$(srcdir)/'`escape.c
+
+libcurl_la-mprintf.lo: mprintf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-mprintf.lo -MD -MP -MF $(DEPDIR)/libcurl_la-mprintf.Tpo -c -o libcurl_la-mprintf.lo `test -f 'mprintf.c' || echo '$(srcdir)/'`mprintf.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-mprintf.Tpo $(DEPDIR)/libcurl_la-mprintf.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mprintf.c' object='libcurl_la-mprintf.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-mprintf.lo `test -f 'mprintf.c' || echo '$(srcdir)/'`mprintf.c
+
+libcurl_la-telnet.lo: telnet.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-telnet.lo -MD -MP -MF $(DEPDIR)/libcurl_la-telnet.Tpo -c -o libcurl_la-telnet.lo `test -f 'telnet.c' || echo '$(srcdir)/'`telnet.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-telnet.Tpo $(DEPDIR)/libcurl_la-telnet.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='telnet.c' object='libcurl_la-telnet.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-telnet.lo `test -f 'telnet.c' || echo '$(srcdir)/'`telnet.c
+
+libcurl_la-netrc.lo: netrc.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-netrc.lo -MD -MP -MF $(DEPDIR)/libcurl_la-netrc.Tpo -c -o libcurl_la-netrc.lo `test -f 'netrc.c' || echo '$(srcdir)/'`netrc.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-netrc.Tpo $(DEPDIR)/libcurl_la-netrc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='netrc.c' object='libcurl_la-netrc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-netrc.lo `test -f 'netrc.c' || echo '$(srcdir)/'`netrc.c
+
+libcurl_la-getinfo.lo: getinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-getinfo.lo -MD -MP -MF $(DEPDIR)/libcurl_la-getinfo.Tpo -c -o libcurl_la-getinfo.lo `test -f 'getinfo.c' || echo '$(srcdir)/'`getinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-getinfo.Tpo $(DEPDIR)/libcurl_la-getinfo.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='getinfo.c' object='libcurl_la-getinfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-getinfo.lo `test -f 'getinfo.c' || echo '$(srcdir)/'`getinfo.c
+
+libcurl_la-transfer.lo: transfer.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-transfer.lo -MD -MP -MF $(DEPDIR)/libcurl_la-transfer.Tpo -c -o libcurl_la-transfer.lo `test -f 'transfer.c' || echo '$(srcdir)/'`transfer.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-transfer.Tpo $(DEPDIR)/libcurl_la-transfer.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='transfer.c' object='libcurl_la-transfer.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-transfer.lo `test -f 'transfer.c' || echo '$(srcdir)/'`transfer.c
+
+libcurl_la-strcase.lo: strcase.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-strcase.lo -MD -MP -MF $(DEPDIR)/libcurl_la-strcase.Tpo -c -o libcurl_la-strcase.lo `test -f 'strcase.c' || echo '$(srcdir)/'`strcase.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-strcase.Tpo $(DEPDIR)/libcurl_la-strcase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strcase.c' object='libcurl_la-strcase.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-strcase.lo `test -f 'strcase.c' || echo '$(srcdir)/'`strcase.c
+
+libcurl_la-easy.lo: easy.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-easy.lo -MD -MP -MF $(DEPDIR)/libcurl_la-easy.Tpo -c -o libcurl_la-easy.lo `test -f 'easy.c' || echo '$(srcdir)/'`easy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-easy.Tpo $(DEPDIR)/libcurl_la-easy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='easy.c' object='libcurl_la-easy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-easy.lo `test -f 'easy.c' || echo '$(srcdir)/'`easy.c
+
+libcurl_la-security.lo: security.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-security.lo -MD -MP -MF $(DEPDIR)/libcurl_la-security.Tpo -c -o libcurl_la-security.lo `test -f 'security.c' || echo '$(srcdir)/'`security.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-security.Tpo $(DEPDIR)/libcurl_la-security.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='security.c' object='libcurl_la-security.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-security.lo `test -f 'security.c' || echo '$(srcdir)/'`security.c
+
+libcurl_la-curl_fnmatch.lo: curl_fnmatch.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_fnmatch.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_fnmatch.Tpo -c -o libcurl_la-curl_fnmatch.lo `test -f 'curl_fnmatch.c' || echo '$(srcdir)/'`curl_fnmatch.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_fnmatch.Tpo $(DEPDIR)/libcurl_la-curl_fnmatch.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_fnmatch.c' object='libcurl_la-curl_fnmatch.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_fnmatch.lo `test -f 'curl_fnmatch.c' || echo '$(srcdir)/'`curl_fnmatch.c
+
+libcurl_la-fileinfo.lo: fileinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-fileinfo.lo -MD -MP -MF $(DEPDIR)/libcurl_la-fileinfo.Tpo -c -o libcurl_la-fileinfo.lo `test -f 'fileinfo.c' || echo '$(srcdir)/'`fileinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-fileinfo.Tpo $(DEPDIR)/libcurl_la-fileinfo.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='fileinfo.c' object='libcurl_la-fileinfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-fileinfo.lo `test -f 'fileinfo.c' || echo '$(srcdir)/'`fileinfo.c
+
+libcurl_la-ftplistparser.lo: ftplistparser.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-ftplistparser.lo -MD -MP -MF $(DEPDIR)/libcurl_la-ftplistparser.Tpo -c -o libcurl_la-ftplistparser.lo `test -f 'ftplistparser.c' || echo '$(srcdir)/'`ftplistparser.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-ftplistparser.Tpo $(DEPDIR)/libcurl_la-ftplistparser.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ftplistparser.c' object='libcurl_la-ftplistparser.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-ftplistparser.lo `test -f 'ftplistparser.c' || echo '$(srcdir)/'`ftplistparser.c
+
+libcurl_la-wildcard.lo: wildcard.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-wildcard.lo -MD -MP -MF $(DEPDIR)/libcurl_la-wildcard.Tpo -c -o libcurl_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-wildcard.Tpo $(DEPDIR)/libcurl_la-wildcard.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wildcard.c' object='libcurl_la-wildcard.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
+
+libcurl_la-krb5.lo: krb5.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-krb5.lo -MD -MP -MF $(DEPDIR)/libcurl_la-krb5.Tpo -c -o libcurl_la-krb5.lo `test -f 'krb5.c' || echo '$(srcdir)/'`krb5.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-krb5.Tpo $(DEPDIR)/libcurl_la-krb5.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='krb5.c' object='libcurl_la-krb5.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-krb5.lo `test -f 'krb5.c' || echo '$(srcdir)/'`krb5.c
+
+libcurl_la-memdebug.lo: memdebug.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-memdebug.lo -MD -MP -MF $(DEPDIR)/libcurl_la-memdebug.Tpo -c -o libcurl_la-memdebug.lo `test -f 'memdebug.c' || echo '$(srcdir)/'`memdebug.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-memdebug.Tpo $(DEPDIR)/libcurl_la-memdebug.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='memdebug.c' object='libcurl_la-memdebug.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-memdebug.lo `test -f 'memdebug.c' || echo '$(srcdir)/'`memdebug.c
+
+libcurl_la-http_chunks.lo: http_chunks.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-http_chunks.lo -MD -MP -MF $(DEPDIR)/libcurl_la-http_chunks.Tpo -c -o libcurl_la-http_chunks.lo `test -f 'http_chunks.c' || echo '$(srcdir)/'`http_chunks.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-http_chunks.Tpo $(DEPDIR)/libcurl_la-http_chunks.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_chunks.c' object='libcurl_la-http_chunks.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-http_chunks.lo `test -f 'http_chunks.c' || echo '$(srcdir)/'`http_chunks.c
+
+libcurl_la-strtok.lo: strtok.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-strtok.lo -MD -MP -MF $(DEPDIR)/libcurl_la-strtok.Tpo -c -o libcurl_la-strtok.lo `test -f 'strtok.c' || echo '$(srcdir)/'`strtok.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-strtok.Tpo $(DEPDIR)/libcurl_la-strtok.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strtok.c' object='libcurl_la-strtok.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-strtok.lo `test -f 'strtok.c' || echo '$(srcdir)/'`strtok.c
+
+libcurl_la-connect.lo: connect.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-connect.lo -MD -MP -MF $(DEPDIR)/libcurl_la-connect.Tpo -c -o libcurl_la-connect.lo `test -f 'connect.c' || echo '$(srcdir)/'`connect.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-connect.Tpo $(DEPDIR)/libcurl_la-connect.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='connect.c' object='libcurl_la-connect.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-connect.lo `test -f 'connect.c' || echo '$(srcdir)/'`connect.c
+
+libcurl_la-llist.lo: llist.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-llist.lo -MD -MP -MF $(DEPDIR)/libcurl_la-llist.Tpo -c -o libcurl_la-llist.lo `test -f 'llist.c' || echo '$(srcdir)/'`llist.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-llist.Tpo $(DEPDIR)/libcurl_la-llist.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='llist.c' object='libcurl_la-llist.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-llist.lo `test -f 'llist.c' || echo '$(srcdir)/'`llist.c
+
+libcurl_la-hash.lo: hash.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hash.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hash.Tpo -c -o libcurl_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hash.Tpo $(DEPDIR)/libcurl_la-hash.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hash.c' object='libcurl_la-hash.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
+
+libcurl_la-multi.lo: multi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-multi.lo -MD -MP -MF $(DEPDIR)/libcurl_la-multi.Tpo -c -o libcurl_la-multi.lo `test -f 'multi.c' || echo '$(srcdir)/'`multi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-multi.Tpo $(DEPDIR)/libcurl_la-multi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='multi.c' object='libcurl_la-multi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-multi.lo `test -f 'multi.c' || echo '$(srcdir)/'`multi.c
+
+libcurl_la-content_encoding.lo: content_encoding.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-content_encoding.lo -MD -MP -MF $(DEPDIR)/libcurl_la-content_encoding.Tpo -c -o libcurl_la-content_encoding.lo `test -f 'content_encoding.c' || echo '$(srcdir)/'`content_encoding.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-content_encoding.Tpo $(DEPDIR)/libcurl_la-content_encoding.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='content_encoding.c' object='libcurl_la-content_encoding.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-content_encoding.lo `test -f 'content_encoding.c' || echo '$(srcdir)/'`content_encoding.c
+
+libcurl_la-share.lo: share.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-share.lo -MD -MP -MF $(DEPDIR)/libcurl_la-share.Tpo -c -o libcurl_la-share.lo `test -f 'share.c' || echo '$(srcdir)/'`share.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-share.Tpo $(DEPDIR)/libcurl_la-share.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='share.c' object='libcurl_la-share.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-share.lo `test -f 'share.c' || echo '$(srcdir)/'`share.c
+
+libcurl_la-http_digest.lo: http_digest.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-http_digest.lo -MD -MP -MF $(DEPDIR)/libcurl_la-http_digest.Tpo -c -o libcurl_la-http_digest.lo `test -f 'http_digest.c' || echo '$(srcdir)/'`http_digest.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-http_digest.Tpo $(DEPDIR)/libcurl_la-http_digest.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_digest.c' object='libcurl_la-http_digest.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-http_digest.lo `test -f 'http_digest.c' || echo '$(srcdir)/'`http_digest.c
+
+libcurl_la-md4.lo: md4.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-md4.lo -MD -MP -MF $(DEPDIR)/libcurl_la-md4.Tpo -c -o libcurl_la-md4.lo `test -f 'md4.c' || echo '$(srcdir)/'`md4.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-md4.Tpo $(DEPDIR)/libcurl_la-md4.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md4.c' object='libcurl_la-md4.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-md4.lo `test -f 'md4.c' || echo '$(srcdir)/'`md4.c
+
+libcurl_la-md5.lo: md5.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-md5.lo -MD -MP -MF $(DEPDIR)/libcurl_la-md5.Tpo -c -o libcurl_la-md5.lo `test -f 'md5.c' || echo '$(srcdir)/'`md5.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-md5.Tpo $(DEPDIR)/libcurl_la-md5.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5.c' object='libcurl_la-md5.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-md5.lo `test -f 'md5.c' || echo '$(srcdir)/'`md5.c
+
+libcurl_la-http_negotiate.lo: http_negotiate.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-http_negotiate.lo -MD -MP -MF $(DEPDIR)/libcurl_la-http_negotiate.Tpo -c -o libcurl_la-http_negotiate.lo `test -f 'http_negotiate.c' || echo '$(srcdir)/'`http_negotiate.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-http_negotiate.Tpo $(DEPDIR)/libcurl_la-http_negotiate.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_negotiate.c' object='libcurl_la-http_negotiate.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-http_negotiate.lo `test -f 'http_negotiate.c' || echo '$(srcdir)/'`http_negotiate.c
+
+libcurl_la-inet_pton.lo: inet_pton.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-inet_pton.lo -MD -MP -MF $(DEPDIR)/libcurl_la-inet_pton.Tpo -c -o libcurl_la-inet_pton.lo `test -f 'inet_pton.c' || echo '$(srcdir)/'`inet_pton.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-inet_pton.Tpo $(DEPDIR)/libcurl_la-inet_pton.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inet_pton.c' object='libcurl_la-inet_pton.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-inet_pton.lo `test -f 'inet_pton.c' || echo '$(srcdir)/'`inet_pton.c
+
+libcurl_la-strtoofft.lo: strtoofft.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-strtoofft.lo -MD -MP -MF $(DEPDIR)/libcurl_la-strtoofft.Tpo -c -o libcurl_la-strtoofft.lo `test -f 'strtoofft.c' || echo '$(srcdir)/'`strtoofft.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-strtoofft.Tpo $(DEPDIR)/libcurl_la-strtoofft.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strtoofft.c' object='libcurl_la-strtoofft.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-strtoofft.lo `test -f 'strtoofft.c' || echo '$(srcdir)/'`strtoofft.c
+
+libcurl_la-strerror.lo: strerror.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-strerror.lo -MD -MP -MF $(DEPDIR)/libcurl_la-strerror.Tpo -c -o libcurl_la-strerror.lo `test -f 'strerror.c' || echo '$(srcdir)/'`strerror.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-strerror.Tpo $(DEPDIR)/libcurl_la-strerror.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strerror.c' object='libcurl_la-strerror.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-strerror.lo `test -f 'strerror.c' || echo '$(srcdir)/'`strerror.c
+
+libcurl_la-amigaos.lo: amigaos.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-amigaos.lo -MD -MP -MF $(DEPDIR)/libcurl_la-amigaos.Tpo -c -o libcurl_la-amigaos.lo `test -f 'amigaos.c' || echo '$(srcdir)/'`amigaos.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-amigaos.Tpo $(DEPDIR)/libcurl_la-amigaos.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='amigaos.c' object='libcurl_la-amigaos.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-amigaos.lo `test -f 'amigaos.c' || echo '$(srcdir)/'`amigaos.c
+
+libcurl_la-hostasyn.lo: hostasyn.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostasyn.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostasyn.Tpo -c -o libcurl_la-hostasyn.lo `test -f 'hostasyn.c' || echo '$(srcdir)/'`hostasyn.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostasyn.Tpo $(DEPDIR)/libcurl_la-hostasyn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostasyn.c' object='libcurl_la-hostasyn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostasyn.lo `test -f 'hostasyn.c' || echo '$(srcdir)/'`hostasyn.c
+
+libcurl_la-hostip4.lo: hostip4.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostip4.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostip4.Tpo -c -o libcurl_la-hostip4.lo `test -f 'hostip4.c' || echo '$(srcdir)/'`hostip4.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostip4.Tpo $(DEPDIR)/libcurl_la-hostip4.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostip4.c' object='libcurl_la-hostip4.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostip4.lo `test -f 'hostip4.c' || echo '$(srcdir)/'`hostip4.c
+
+libcurl_la-hostip6.lo: hostip6.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostip6.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostip6.Tpo -c -o libcurl_la-hostip6.lo `test -f 'hostip6.c' || echo '$(srcdir)/'`hostip6.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostip6.Tpo $(DEPDIR)/libcurl_la-hostip6.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostip6.c' object='libcurl_la-hostip6.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostip6.lo `test -f 'hostip6.c' || echo '$(srcdir)/'`hostip6.c
+
+libcurl_la-hostsyn.lo: hostsyn.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostsyn.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostsyn.Tpo -c -o libcurl_la-hostsyn.lo `test -f 'hostsyn.c' || echo '$(srcdir)/'`hostsyn.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostsyn.Tpo $(DEPDIR)/libcurl_la-hostsyn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostsyn.c' object='libcurl_la-hostsyn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostsyn.lo `test -f 'hostsyn.c' || echo '$(srcdir)/'`hostsyn.c
+
+libcurl_la-inet_ntop.lo: inet_ntop.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-inet_ntop.lo -MD -MP -MF $(DEPDIR)/libcurl_la-inet_ntop.Tpo -c -o libcurl_la-inet_ntop.lo `test -f 'inet_ntop.c' || echo '$(srcdir)/'`inet_ntop.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-inet_ntop.Tpo $(DEPDIR)/libcurl_la-inet_ntop.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inet_ntop.c' object='libcurl_la-inet_ntop.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-inet_ntop.lo `test -f 'inet_ntop.c' || echo '$(srcdir)/'`inet_ntop.c
+
+libcurl_la-parsedate.lo: parsedate.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-parsedate.lo -MD -MP -MF $(DEPDIR)/libcurl_la-parsedate.Tpo -c -o libcurl_la-parsedate.lo `test -f 'parsedate.c' || echo '$(srcdir)/'`parsedate.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-parsedate.Tpo $(DEPDIR)/libcurl_la-parsedate.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='parsedate.c' object='libcurl_la-parsedate.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-parsedate.lo `test -f 'parsedate.c' || echo '$(srcdir)/'`parsedate.c
+
+libcurl_la-select.lo: select.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-select.lo -MD -MP -MF $(DEPDIR)/libcurl_la-select.Tpo -c -o libcurl_la-select.lo `test -f 'select.c' || echo '$(srcdir)/'`select.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-select.Tpo $(DEPDIR)/libcurl_la-select.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='select.c' object='libcurl_la-select.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-select.lo `test -f 'select.c' || echo '$(srcdir)/'`select.c
+
+libcurl_la-tftp.lo: tftp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-tftp.lo -MD -MP -MF $(DEPDIR)/libcurl_la-tftp.Tpo -c -o libcurl_la-tftp.lo `test -f 'tftp.c' || echo '$(srcdir)/'`tftp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-tftp.Tpo $(DEPDIR)/libcurl_la-tftp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tftp.c' object='libcurl_la-tftp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-tftp.lo `test -f 'tftp.c' || echo '$(srcdir)/'`tftp.c
+
+libcurl_la-splay.lo: splay.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-splay.lo -MD -MP -MF $(DEPDIR)/libcurl_la-splay.Tpo -c -o libcurl_la-splay.lo `test -f 'splay.c' || echo '$(srcdir)/'`splay.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-splay.Tpo $(DEPDIR)/libcurl_la-splay.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='splay.c' object='libcurl_la-splay.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-splay.lo `test -f 'splay.c' || echo '$(srcdir)/'`splay.c
+
+libcurl_la-strdup.lo: strdup.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-strdup.lo -MD -MP -MF $(DEPDIR)/libcurl_la-strdup.Tpo -c -o libcurl_la-strdup.lo `test -f 'strdup.c' || echo '$(srcdir)/'`strdup.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-strdup.Tpo $(DEPDIR)/libcurl_la-strdup.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strdup.c' object='libcurl_la-strdup.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-strdup.lo `test -f 'strdup.c' || echo '$(srcdir)/'`strdup.c
+
+libcurl_la-socks.lo: socks.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-socks.lo -MD -MP -MF $(DEPDIR)/libcurl_la-socks.Tpo -c -o libcurl_la-socks.lo `test -f 'socks.c' || echo '$(srcdir)/'`socks.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-socks.Tpo $(DEPDIR)/libcurl_la-socks.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='socks.c' object='libcurl_la-socks.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-socks.lo `test -f 'socks.c' || echo '$(srcdir)/'`socks.c
+
+libcurl_la-ssh.lo: ssh.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-ssh.lo -MD -MP -MF $(DEPDIR)/libcurl_la-ssh.Tpo -c -o libcurl_la-ssh.lo `test -f 'ssh.c' || echo '$(srcdir)/'`ssh.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-ssh.Tpo $(DEPDIR)/libcurl_la-ssh.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ssh.c' object='libcurl_la-ssh.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-ssh.lo `test -f 'ssh.c' || echo '$(srcdir)/'`ssh.c
+
+libcurl_la-curl_addrinfo.lo: curl_addrinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_addrinfo.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_addrinfo.Tpo -c -o libcurl_la-curl_addrinfo.lo `test -f 'curl_addrinfo.c' || echo '$(srcdir)/'`curl_addrinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_addrinfo.Tpo $(DEPDIR)/libcurl_la-curl_addrinfo.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_addrinfo.c' object='libcurl_la-curl_addrinfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_addrinfo.lo `test -f 'curl_addrinfo.c' || echo '$(srcdir)/'`curl_addrinfo.c
+
+libcurl_la-socks_gssapi.lo: socks_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-socks_gssapi.lo -MD -MP -MF $(DEPDIR)/libcurl_la-socks_gssapi.Tpo -c -o libcurl_la-socks_gssapi.lo `test -f 'socks_gssapi.c' || echo '$(srcdir)/'`socks_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-socks_gssapi.Tpo $(DEPDIR)/libcurl_la-socks_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='socks_gssapi.c' object='libcurl_la-socks_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-socks_gssapi.lo `test -f 'socks_gssapi.c' || echo '$(srcdir)/'`socks_gssapi.c
+
+libcurl_la-socks_sspi.lo: socks_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-socks_sspi.lo -MD -MP -MF $(DEPDIR)/libcurl_la-socks_sspi.Tpo -c -o libcurl_la-socks_sspi.lo `test -f 'socks_sspi.c' || echo '$(srcdir)/'`socks_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-socks_sspi.Tpo $(DEPDIR)/libcurl_la-socks_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='socks_sspi.c' object='libcurl_la-socks_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-socks_sspi.lo `test -f 'socks_sspi.c' || echo '$(srcdir)/'`socks_sspi.c
+
+libcurl_la-curl_sspi.lo: curl_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_sspi.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_sspi.Tpo -c -o libcurl_la-curl_sspi.lo `test -f 'curl_sspi.c' || echo '$(srcdir)/'`curl_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_sspi.Tpo $(DEPDIR)/libcurl_la-curl_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_sspi.c' object='libcurl_la-curl_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_sspi.lo `test -f 'curl_sspi.c' || echo '$(srcdir)/'`curl_sspi.c
+
+libcurl_la-slist.lo: slist.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-slist.lo -MD -MP -MF $(DEPDIR)/libcurl_la-slist.Tpo -c -o libcurl_la-slist.lo `test -f 'slist.c' || echo '$(srcdir)/'`slist.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-slist.Tpo $(DEPDIR)/libcurl_la-slist.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='slist.c' object='libcurl_la-slist.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-slist.lo `test -f 'slist.c' || echo '$(srcdir)/'`slist.c
+
+libcurl_la-nonblock.lo: nonblock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-nonblock.lo -MD -MP -MF $(DEPDIR)/libcurl_la-nonblock.Tpo -c -o libcurl_la-nonblock.lo `test -f 'nonblock.c' || echo '$(srcdir)/'`nonblock.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-nonblock.Tpo $(DEPDIR)/libcurl_la-nonblock.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nonblock.c' object='libcurl_la-nonblock.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-nonblock.lo `test -f 'nonblock.c' || echo '$(srcdir)/'`nonblock.c
+
+libcurl_la-curl_memrchr.lo: curl_memrchr.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_memrchr.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_memrchr.Tpo -c -o libcurl_la-curl_memrchr.lo `test -f 'curl_memrchr.c' || echo '$(srcdir)/'`curl_memrchr.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_memrchr.Tpo $(DEPDIR)/libcurl_la-curl_memrchr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_memrchr.c' object='libcurl_la-curl_memrchr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_memrchr.lo `test -f 'curl_memrchr.c' || echo '$(srcdir)/'`curl_memrchr.c
+
+libcurl_la-imap.lo: imap.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-imap.lo -MD -MP -MF $(DEPDIR)/libcurl_la-imap.Tpo -c -o libcurl_la-imap.lo `test -f 'imap.c' || echo '$(srcdir)/'`imap.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-imap.Tpo $(DEPDIR)/libcurl_la-imap.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imap.c' object='libcurl_la-imap.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-imap.lo `test -f 'imap.c' || echo '$(srcdir)/'`imap.c
+
+libcurl_la-pop3.lo: pop3.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-pop3.lo -MD -MP -MF $(DEPDIR)/libcurl_la-pop3.Tpo -c -o libcurl_la-pop3.lo `test -f 'pop3.c' || echo '$(srcdir)/'`pop3.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-pop3.Tpo $(DEPDIR)/libcurl_la-pop3.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pop3.c' object='libcurl_la-pop3.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-pop3.lo `test -f 'pop3.c' || echo '$(srcdir)/'`pop3.c
+
+libcurl_la-smtp.lo: smtp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-smtp.lo -MD -MP -MF $(DEPDIR)/libcurl_la-smtp.Tpo -c -o libcurl_la-smtp.lo `test -f 'smtp.c' || echo '$(srcdir)/'`smtp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-smtp.Tpo $(DEPDIR)/libcurl_la-smtp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='smtp.c' object='libcurl_la-smtp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-smtp.lo `test -f 'smtp.c' || echo '$(srcdir)/'`smtp.c
+
+libcurl_la-pingpong.lo: pingpong.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-pingpong.lo -MD -MP -MF $(DEPDIR)/libcurl_la-pingpong.Tpo -c -o libcurl_la-pingpong.lo `test -f 'pingpong.c' || echo '$(srcdir)/'`pingpong.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-pingpong.Tpo $(DEPDIR)/libcurl_la-pingpong.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pingpong.c' object='libcurl_la-pingpong.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-pingpong.lo `test -f 'pingpong.c' || echo '$(srcdir)/'`pingpong.c
+
+libcurl_la-rtsp.lo: rtsp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-rtsp.lo -MD -MP -MF $(DEPDIR)/libcurl_la-rtsp.Tpo -c -o libcurl_la-rtsp.lo `test -f 'rtsp.c' || echo '$(srcdir)/'`rtsp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-rtsp.Tpo $(DEPDIR)/libcurl_la-rtsp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rtsp.c' object='libcurl_la-rtsp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-rtsp.lo `test -f 'rtsp.c' || echo '$(srcdir)/'`rtsp.c
+
+libcurl_la-curl_threads.lo: curl_threads.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_threads.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_threads.Tpo -c -o libcurl_la-curl_threads.lo `test -f 'curl_threads.c' || echo '$(srcdir)/'`curl_threads.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_threads.Tpo $(DEPDIR)/libcurl_la-curl_threads.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_threads.c' object='libcurl_la-curl_threads.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_threads.lo `test -f 'curl_threads.c' || echo '$(srcdir)/'`curl_threads.c
+
+libcurl_la-warnless.lo: warnless.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-warnless.lo -MD -MP -MF $(DEPDIR)/libcurl_la-warnless.Tpo -c -o libcurl_la-warnless.lo `test -f 'warnless.c' || echo '$(srcdir)/'`warnless.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-warnless.Tpo $(DEPDIR)/libcurl_la-warnless.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='warnless.c' object='libcurl_la-warnless.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-warnless.lo `test -f 'warnless.c' || echo '$(srcdir)/'`warnless.c
+
+libcurl_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hmac.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hmac.Tpo -c -o libcurl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hmac.Tpo $(DEPDIR)/libcurl_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac.c' object='libcurl_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libcurl_la-curl_rtmp.lo: curl_rtmp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_rtmp.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_rtmp.Tpo -c -o libcurl_la-curl_rtmp.lo `test -f 'curl_rtmp.c' || echo '$(srcdir)/'`curl_rtmp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_rtmp.Tpo $(DEPDIR)/libcurl_la-curl_rtmp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_rtmp.c' object='libcurl_la-curl_rtmp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_rtmp.lo `test -f 'curl_rtmp.c' || echo '$(srcdir)/'`curl_rtmp.c
+
+libcurl_la-openldap.lo: openldap.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-openldap.lo -MD -MP -MF $(DEPDIR)/libcurl_la-openldap.Tpo -c -o libcurl_la-openldap.lo `test -f 'openldap.c' || echo '$(srcdir)/'`openldap.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-openldap.Tpo $(DEPDIR)/libcurl_la-openldap.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='openldap.c' object='libcurl_la-openldap.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-openldap.lo `test -f 'openldap.c' || echo '$(srcdir)/'`openldap.c
+
+libcurl_la-curl_gethostname.lo: curl_gethostname.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_gethostname.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_gethostname.Tpo -c -o libcurl_la-curl_gethostname.lo `test -f 'curl_gethostname.c' || echo '$(srcdir)/'`curl_gethostname.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_gethostname.Tpo $(DEPDIR)/libcurl_la-curl_gethostname.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_gethostname.c' object='libcurl_la-curl_gethostname.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_gethostname.lo `test -f 'curl_gethostname.c' || echo '$(srcdir)/'`curl_gethostname.c
+
+libcurl_la-gopher.lo: gopher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-gopher.lo -MD -MP -MF $(DEPDIR)/libcurl_la-gopher.Tpo -c -o libcurl_la-gopher.lo `test -f 'gopher.c' || echo '$(srcdir)/'`gopher.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-gopher.Tpo $(DEPDIR)/libcurl_la-gopher.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gopher.c' object='libcurl_la-gopher.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-gopher.lo `test -f 'gopher.c' || echo '$(srcdir)/'`gopher.c
+
+libcurl_la-idn_win32.lo: idn_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-idn_win32.lo -MD -MP -MF $(DEPDIR)/libcurl_la-idn_win32.Tpo -c -o libcurl_la-idn_win32.lo `test -f 'idn_win32.c' || echo '$(srcdir)/'`idn_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-idn_win32.Tpo $(DEPDIR)/libcurl_la-idn_win32.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='idn_win32.c' object='libcurl_la-idn_win32.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-idn_win32.lo `test -f 'idn_win32.c' || echo '$(srcdir)/'`idn_win32.c
+
+libcurl_la-http_proxy.lo: http_proxy.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-http_proxy.lo -MD -MP -MF $(DEPDIR)/libcurl_la-http_proxy.Tpo -c -o libcurl_la-http_proxy.lo `test -f 'http_proxy.c' || echo '$(srcdir)/'`http_proxy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-http_proxy.Tpo $(DEPDIR)/libcurl_la-http_proxy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_proxy.c' object='libcurl_la-http_proxy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-http_proxy.lo `test -f 'http_proxy.c' || echo '$(srcdir)/'`http_proxy.c
+
+libcurl_la-non-ascii.lo: non-ascii.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-non-ascii.lo -MD -MP -MF $(DEPDIR)/libcurl_la-non-ascii.Tpo -c -o libcurl_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-non-ascii.Tpo $(DEPDIR)/libcurl_la-non-ascii.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='non-ascii.c' object='libcurl_la-non-ascii.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c
+
+libcurl_la-asyn-ares.lo: asyn-ares.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-asyn-ares.lo -MD -MP -MF $(DEPDIR)/libcurl_la-asyn-ares.Tpo -c -o libcurl_la-asyn-ares.lo `test -f 'asyn-ares.c' || echo '$(srcdir)/'`asyn-ares.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-asyn-ares.Tpo $(DEPDIR)/libcurl_la-asyn-ares.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asyn-ares.c' object='libcurl_la-asyn-ares.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-asyn-ares.lo `test -f 'asyn-ares.c' || echo '$(srcdir)/'`asyn-ares.c
+
+libcurl_la-asyn-thread.lo: asyn-thread.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-asyn-thread.lo -MD -MP -MF $(DEPDIR)/libcurl_la-asyn-thread.Tpo -c -o libcurl_la-asyn-thread.lo `test -f 'asyn-thread.c' || echo '$(srcdir)/'`asyn-thread.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-asyn-thread.Tpo $(DEPDIR)/libcurl_la-asyn-thread.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asyn-thread.c' object='libcurl_la-asyn-thread.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-asyn-thread.lo `test -f 'asyn-thread.c' || echo '$(srcdir)/'`asyn-thread.c
+
+libcurl_la-curl_gssapi.lo: curl_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_gssapi.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_gssapi.Tpo -c -o libcurl_la-curl_gssapi.lo `test -f 'curl_gssapi.c' || echo '$(srcdir)/'`curl_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_gssapi.Tpo $(DEPDIR)/libcurl_la-curl_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_gssapi.c' object='libcurl_la-curl_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_gssapi.lo `test -f 'curl_gssapi.c' || echo '$(srcdir)/'`curl_gssapi.c
+
+libcurl_la-http_ntlm.lo: http_ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-http_ntlm.lo -MD -MP -MF $(DEPDIR)/libcurl_la-http_ntlm.Tpo -c -o libcurl_la-http_ntlm.lo `test -f 'http_ntlm.c' || echo '$(srcdir)/'`http_ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-http_ntlm.Tpo $(DEPDIR)/libcurl_la-http_ntlm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_ntlm.c' object='libcurl_la-http_ntlm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-http_ntlm.lo `test -f 'http_ntlm.c' || echo '$(srcdir)/'`http_ntlm.c
+
+libcurl_la-curl_ntlm_wb.lo: curl_ntlm_wb.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_ntlm_wb.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_ntlm_wb.Tpo -c -o libcurl_la-curl_ntlm_wb.lo `test -f 'curl_ntlm_wb.c' || echo '$(srcdir)/'`curl_ntlm_wb.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_ntlm_wb.Tpo $(DEPDIR)/libcurl_la-curl_ntlm_wb.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_ntlm_wb.c' object='libcurl_la-curl_ntlm_wb.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_ntlm_wb.lo `test -f 'curl_ntlm_wb.c' || echo '$(srcdir)/'`curl_ntlm_wb.c
+
+libcurl_la-curl_ntlm_core.lo: curl_ntlm_core.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_ntlm_core.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_ntlm_core.Tpo -c -o libcurl_la-curl_ntlm_core.lo `test -f 'curl_ntlm_core.c' || echo '$(srcdir)/'`curl_ntlm_core.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_ntlm_core.Tpo $(DEPDIR)/libcurl_la-curl_ntlm_core.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_ntlm_core.c' object='libcurl_la-curl_ntlm_core.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_ntlm_core.lo `test -f 'curl_ntlm_core.c' || echo '$(srcdir)/'`curl_ntlm_core.c
+
+libcurl_la-curl_sasl.lo: curl_sasl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_sasl.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_sasl.Tpo -c -o libcurl_la-curl_sasl.lo `test -f 'curl_sasl.c' || echo '$(srcdir)/'`curl_sasl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_sasl.Tpo $(DEPDIR)/libcurl_la-curl_sasl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_sasl.c' object='libcurl_la-curl_sasl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_sasl.lo `test -f 'curl_sasl.c' || echo '$(srcdir)/'`curl_sasl.c
+
+libcurl_la-rand.lo: rand.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-rand.lo -MD -MP -MF $(DEPDIR)/libcurl_la-rand.Tpo -c -o libcurl_la-rand.lo `test -f 'rand.c' || echo '$(srcdir)/'`rand.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-rand.Tpo $(DEPDIR)/libcurl_la-rand.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rand.c' object='libcurl_la-rand.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-rand.lo `test -f 'rand.c' || echo '$(srcdir)/'`rand.c
+
+libcurl_la-curl_multibyte.lo: curl_multibyte.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_multibyte.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_multibyte.Tpo -c -o libcurl_la-curl_multibyte.lo `test -f 'curl_multibyte.c' || echo '$(srcdir)/'`curl_multibyte.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_multibyte.Tpo $(DEPDIR)/libcurl_la-curl_multibyte.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_multibyte.c' object='libcurl_la-curl_multibyte.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_multibyte.lo `test -f 'curl_multibyte.c' || echo '$(srcdir)/'`curl_multibyte.c
+
+libcurl_la-hostcheck.lo: hostcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostcheck.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostcheck.Tpo -c -o libcurl_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostcheck.Tpo $(DEPDIR)/libcurl_la-hostcheck.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostcheck.c' object='libcurl_la-hostcheck.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c
+
+libcurl_la-conncache.lo: conncache.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-conncache.lo -MD -MP -MF $(DEPDIR)/libcurl_la-conncache.Tpo -c -o libcurl_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-conncache.Tpo $(DEPDIR)/libcurl_la-conncache.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='conncache.c' object='libcurl_la-conncache.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c
+
+libcurl_la-pipeline.lo: pipeline.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-pipeline.lo -MD -MP -MF $(DEPDIR)/libcurl_la-pipeline.Tpo -c -o libcurl_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-pipeline.Tpo $(DEPDIR)/libcurl_la-pipeline.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pipeline.c' object='libcurl_la-pipeline.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
+
+libcurl_la-dotdot.lo: dotdot.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-dotdot.lo -MD -MP -MF $(DEPDIR)/libcurl_la-dotdot.Tpo -c -o libcurl_la-dotdot.lo `test -f 'dotdot.c' || echo '$(srcdir)/'`dotdot.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-dotdot.Tpo $(DEPDIR)/libcurl_la-dotdot.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='dotdot.c' object='libcurl_la-dotdot.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-dotdot.lo `test -f 'dotdot.c' || echo '$(srcdir)/'`dotdot.c
+
+libcurl_la-x509asn1.lo: x509asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-x509asn1.lo -MD -MP -MF $(DEPDIR)/libcurl_la-x509asn1.Tpo -c -o libcurl_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-x509asn1.Tpo $(DEPDIR)/libcurl_la-x509asn1.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509asn1.c' object='libcurl_la-x509asn1.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c
+
+libcurl_la-http2.lo: http2.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-http2.lo -MD -MP -MF $(DEPDIR)/libcurl_la-http2.Tpo -c -o libcurl_la-http2.lo `test -f 'http2.c' || echo '$(srcdir)/'`http2.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-http2.Tpo $(DEPDIR)/libcurl_la-http2.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http2.c' object='libcurl_la-http2.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-http2.lo `test -f 'http2.c' || echo '$(srcdir)/'`http2.c
+
+libcurl_la-smb.lo: smb.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-smb.lo -MD -MP -MF $(DEPDIR)/libcurl_la-smb.Tpo -c -o libcurl_la-smb.lo `test -f 'smb.c' || echo '$(srcdir)/'`smb.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-smb.Tpo $(DEPDIR)/libcurl_la-smb.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='smb.c' object='libcurl_la-smb.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-smb.lo `test -f 'smb.c' || echo '$(srcdir)/'`smb.c
+
+libcurl_la-curl_endian.lo: curl_endian.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_endian.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_endian.Tpo -c -o libcurl_la-curl_endian.lo `test -f 'curl_endian.c' || echo '$(srcdir)/'`curl_endian.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_endian.Tpo $(DEPDIR)/libcurl_la-curl_endian.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_endian.c' object='libcurl_la-curl_endian.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_endian.lo `test -f 'curl_endian.c' || echo '$(srcdir)/'`curl_endian.c
+
+libcurl_la-curl_des.lo: curl_des.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_des.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_des.Tpo -c -o libcurl_la-curl_des.lo `test -f 'curl_des.c' || echo '$(srcdir)/'`curl_des.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_des.Tpo $(DEPDIR)/libcurl_la-curl_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_des.c' object='libcurl_la-curl_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_des.lo `test -f 'curl_des.c' || echo '$(srcdir)/'`curl_des.c
+
+libcurl_la-system_win32.lo: system_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-system_win32.lo -MD -MP -MF $(DEPDIR)/libcurl_la-system_win32.Tpo -c -o libcurl_la-system_win32.lo `test -f 'system_win32.c' || echo '$(srcdir)/'`system_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-system_win32.Tpo $(DEPDIR)/libcurl_la-system_win32.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='system_win32.c' object='libcurl_la-system_win32.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-system_win32.lo `test -f 'system_win32.c' || echo '$(srcdir)/'`system_win32.c
+
+libcurl_la-mime.lo: mime.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-mime.lo -MD -MP -MF $(DEPDIR)/libcurl_la-mime.Tpo -c -o libcurl_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-mime.Tpo $(DEPDIR)/libcurl_la-mime.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mime.c' object='libcurl_la-mime.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c
+
+libcurl_la-sha256.lo: sha256.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-sha256.lo -MD -MP -MF $(DEPDIR)/libcurl_la-sha256.Tpo -c -o libcurl_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-sha256.Tpo $(DEPDIR)/libcurl_la-sha256.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sha256.c' object='libcurl_la-sha256.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c
+
+libcurl_la-setopt.lo: setopt.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-setopt.lo -MD -MP -MF $(DEPDIR)/libcurl_la-setopt.Tpo -c -o libcurl_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-setopt.Tpo $(DEPDIR)/libcurl_la-setopt.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='setopt.c' object='libcurl_la-setopt.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c
+
+vauth/libcurl_la-vauth.lo: vauth/vauth.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-vauth.Tpo -c -o vauth/libcurl_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-vauth.Tpo vauth/$(DEPDIR)/libcurl_la-vauth.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/vauth.c' object='vauth/libcurl_la-vauth.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c
+
+vauth/libcurl_la-cleartext.lo: vauth/cleartext.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-cleartext.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-cleartext.Tpo -c -o vauth/libcurl_la-cleartext.lo `test -f 'vauth/cleartext.c' || echo '$(srcdir)/'`vauth/cleartext.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-cleartext.Tpo vauth/$(DEPDIR)/libcurl_la-cleartext.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/cleartext.c' object='vauth/libcurl_la-cleartext.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-cleartext.lo `test -f 'vauth/cleartext.c' || echo '$(srcdir)/'`vauth/cleartext.c
+
+vauth/libcurl_la-cram.lo: vauth/cram.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-cram.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-cram.Tpo -c -o vauth/libcurl_la-cram.lo `test -f 'vauth/cram.c' || echo '$(srcdir)/'`vauth/cram.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-cram.Tpo vauth/$(DEPDIR)/libcurl_la-cram.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/cram.c' object='vauth/libcurl_la-cram.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-cram.lo `test -f 'vauth/cram.c' || echo '$(srcdir)/'`vauth/cram.c
+
+vauth/libcurl_la-digest.lo: vauth/digest.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-digest.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-digest.Tpo -c -o vauth/libcurl_la-digest.lo `test -f 'vauth/digest.c' || echo '$(srcdir)/'`vauth/digest.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-digest.Tpo vauth/$(DEPDIR)/libcurl_la-digest.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/digest.c' object='vauth/libcurl_la-digest.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-digest.lo `test -f 'vauth/digest.c' || echo '$(srcdir)/'`vauth/digest.c
+
+vauth/libcurl_la-digest_sspi.lo: vauth/digest_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-digest_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-digest_sspi.Tpo -c -o vauth/libcurl_la-digest_sspi.lo `test -f 'vauth/digest_sspi.c' || echo '$(srcdir)/'`vauth/digest_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-digest_sspi.Tpo vauth/$(DEPDIR)/libcurl_la-digest_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/digest_sspi.c' object='vauth/libcurl_la-digest_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-digest_sspi.lo `test -f 'vauth/digest_sspi.c' || echo '$(srcdir)/'`vauth/digest_sspi.c
+
+vauth/libcurl_la-krb5_gssapi.lo: vauth/krb5_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-krb5_gssapi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-krb5_gssapi.Tpo -c -o vauth/libcurl_la-krb5_gssapi.lo `test -f 'vauth/krb5_gssapi.c' || echo '$(srcdir)/'`vauth/krb5_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-krb5_gssapi.Tpo vauth/$(DEPDIR)/libcurl_la-krb5_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/krb5_gssapi.c' object='vauth/libcurl_la-krb5_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-krb5_gssapi.lo `test -f 'vauth/krb5_gssapi.c' || echo '$(srcdir)/'`vauth/krb5_gssapi.c
+
+vauth/libcurl_la-krb5_sspi.lo: vauth/krb5_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-krb5_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-krb5_sspi.Tpo -c -o vauth/libcurl_la-krb5_sspi.lo `test -f 'vauth/krb5_sspi.c' || echo '$(srcdir)/'`vauth/krb5_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-krb5_sspi.Tpo vauth/$(DEPDIR)/libcurl_la-krb5_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/krb5_sspi.c' object='vauth/libcurl_la-krb5_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-krb5_sspi.lo `test -f 'vauth/krb5_sspi.c' || echo '$(srcdir)/'`vauth/krb5_sspi.c
+
+vauth/libcurl_la-ntlm.lo: vauth/ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-ntlm.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-ntlm.Tpo -c -o vauth/libcurl_la-ntlm.lo `test -f 'vauth/ntlm.c' || echo '$(srcdir)/'`vauth/ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-ntlm.Tpo vauth/$(DEPDIR)/libcurl_la-ntlm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/ntlm.c' object='vauth/libcurl_la-ntlm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-ntlm.lo `test -f 'vauth/ntlm.c' || echo '$(srcdir)/'`vauth/ntlm.c
+
+vauth/libcurl_la-ntlm_sspi.lo: vauth/ntlm_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-ntlm_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-ntlm_sspi.Tpo -c -o vauth/libcurl_la-ntlm_sspi.lo `test -f 'vauth/ntlm_sspi.c' || echo '$(srcdir)/'`vauth/ntlm_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-ntlm_sspi.Tpo vauth/$(DEPDIR)/libcurl_la-ntlm_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/ntlm_sspi.c' object='vauth/libcurl_la-ntlm_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-ntlm_sspi.lo `test -f 'vauth/ntlm_sspi.c' || echo '$(srcdir)/'`vauth/ntlm_sspi.c
+
+vauth/libcurl_la-oauth2.lo: vauth/oauth2.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-oauth2.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-oauth2.Tpo -c -o vauth/libcurl_la-oauth2.lo `test -f 'vauth/oauth2.c' || echo '$(srcdir)/'`vauth/oauth2.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-oauth2.Tpo vauth/$(DEPDIR)/libcurl_la-oauth2.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/oauth2.c' object='vauth/libcurl_la-oauth2.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-oauth2.lo `test -f 'vauth/oauth2.c' || echo '$(srcdir)/'`vauth/oauth2.c
+
+vauth/libcurl_la-spnego_gssapi.lo: vauth/spnego_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-spnego_gssapi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-spnego_gssapi.Tpo -c -o vauth/libcurl_la-spnego_gssapi.lo `test -f 'vauth/spnego_gssapi.c' || echo '$(srcdir)/'`vauth/spnego_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-spnego_gssapi.Tpo vauth/$(DEPDIR)/libcurl_la-spnego_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/spnego_gssapi.c' object='vauth/libcurl_la-spnego_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-spnego_gssapi.lo `test -f 'vauth/spnego_gssapi.c' || echo '$(srcdir)/'`vauth/spnego_gssapi.c
+
+vauth/libcurl_la-spnego_sspi.lo: vauth/spnego_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-spnego_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-spnego_sspi.Tpo -c -o vauth/libcurl_la-spnego_sspi.lo `test -f 'vauth/spnego_sspi.c' || echo '$(srcdir)/'`vauth/spnego_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-spnego_sspi.Tpo vauth/$(DEPDIR)/libcurl_la-spnego_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/spnego_sspi.c' object='vauth/libcurl_la-spnego_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurl_la-spnego_sspi.lo `test -f 'vauth/spnego_sspi.c' || echo '$(srcdir)/'`vauth/spnego_sspi.c
+
+vtls/libcurl_la-openssl.lo: vtls/openssl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-openssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-openssl.Tpo -c -o vtls/libcurl_la-openssl.lo `test -f 'vtls/openssl.c' || echo '$(srcdir)/'`vtls/openssl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-openssl.Tpo vtls/$(DEPDIR)/libcurl_la-openssl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/openssl.c' object='vtls/libcurl_la-openssl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-openssl.lo `test -f 'vtls/openssl.c' || echo '$(srcdir)/'`vtls/openssl.c
+
+vtls/libcurl_la-gtls.lo: vtls/gtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-gtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-gtls.Tpo -c -o vtls/libcurl_la-gtls.lo `test -f 'vtls/gtls.c' || echo '$(srcdir)/'`vtls/gtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-gtls.Tpo vtls/$(DEPDIR)/libcurl_la-gtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/gtls.c' object='vtls/libcurl_la-gtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-gtls.lo `test -f 'vtls/gtls.c' || echo '$(srcdir)/'`vtls/gtls.c
+
+vtls/libcurl_la-vtls.lo: vtls/vtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-vtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-vtls.Tpo -c -o vtls/libcurl_la-vtls.lo `test -f 'vtls/vtls.c' || echo '$(srcdir)/'`vtls/vtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-vtls.Tpo vtls/$(DEPDIR)/libcurl_la-vtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/vtls.c' object='vtls/libcurl_la-vtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-vtls.lo `test -f 'vtls/vtls.c' || echo '$(srcdir)/'`vtls/vtls.c
+
+vtls/libcurl_la-nss.lo: vtls/nss.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-nss.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-nss.Tpo -c -o vtls/libcurl_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-nss.Tpo vtls/$(DEPDIR)/libcurl_la-nss.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/nss.c' object='vtls/libcurl_la-nss.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c
+
+vtls/libcurl_la-polarssl.lo: vtls/polarssl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-polarssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-polarssl.Tpo -c -o vtls/libcurl_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-polarssl.Tpo vtls/$(DEPDIR)/libcurl_la-polarssl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl.c' object='vtls/libcurl_la-polarssl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c
+
+vtls/libcurl_la-polarssl_threadlock.lo: vtls/polarssl_threadlock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-polarssl_threadlock.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Tpo -c -o vtls/libcurl_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Tpo vtls/$(DEPDIR)/libcurl_la-polarssl_threadlock.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl_threadlock.c' object='vtls/libcurl_la-polarssl_threadlock.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c
+
+vtls/libcurl_la-axtls.lo: vtls/axtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-axtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-axtls.Tpo -c -o vtls/libcurl_la-axtls.lo `test -f 'vtls/axtls.c' || echo '$(srcdir)/'`vtls/axtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-axtls.Tpo vtls/$(DEPDIR)/libcurl_la-axtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/axtls.c' object='vtls/libcurl_la-axtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-axtls.lo `test -f 'vtls/axtls.c' || echo '$(srcdir)/'`vtls/axtls.c
+
+vtls/libcurl_la-cyassl.lo: vtls/cyassl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-cyassl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-cyassl.Tpo -c -o vtls/libcurl_la-cyassl.lo `test -f 'vtls/cyassl.c' || echo '$(srcdir)/'`vtls/cyassl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-cyassl.Tpo vtls/$(DEPDIR)/libcurl_la-cyassl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/cyassl.c' object='vtls/libcurl_la-cyassl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-cyassl.lo `test -f 'vtls/cyassl.c' || echo '$(srcdir)/'`vtls/cyassl.c
+
+vtls/libcurl_la-schannel.lo: vtls/schannel.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-schannel.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-schannel.Tpo -c -o vtls/libcurl_la-schannel.lo `test -f 'vtls/schannel.c' || echo '$(srcdir)/'`vtls/schannel.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-schannel.Tpo vtls/$(DEPDIR)/libcurl_la-schannel.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/schannel.c' object='vtls/libcurl_la-schannel.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-schannel.lo `test -f 'vtls/schannel.c' || echo '$(srcdir)/'`vtls/schannel.c
+
+vtls/libcurl_la-darwinssl.lo: vtls/darwinssl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-darwinssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-darwinssl.Tpo -c -o vtls/libcurl_la-darwinssl.lo `test -f 'vtls/darwinssl.c' || echo '$(srcdir)/'`vtls/darwinssl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-darwinssl.Tpo vtls/$(DEPDIR)/libcurl_la-darwinssl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/darwinssl.c' object='vtls/libcurl_la-darwinssl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-darwinssl.lo `test -f 'vtls/darwinssl.c' || echo '$(srcdir)/'`vtls/darwinssl.c
+
+vtls/libcurl_la-gskit.lo: vtls/gskit.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-gskit.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-gskit.Tpo -c -o vtls/libcurl_la-gskit.lo `test -f 'vtls/gskit.c' || echo '$(srcdir)/'`vtls/gskit.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-gskit.Tpo vtls/$(DEPDIR)/libcurl_la-gskit.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/gskit.c' object='vtls/libcurl_la-gskit.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-gskit.lo `test -f 'vtls/gskit.c' || echo '$(srcdir)/'`vtls/gskit.c
+
+vtls/libcurl_la-mbedtls.lo: vtls/mbedtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-mbedtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-mbedtls.Tpo -c -o vtls/libcurl_la-mbedtls.lo `test -f 'vtls/mbedtls.c' || echo '$(srcdir)/'`vtls/mbedtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-mbedtls.Tpo vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/mbedtls.c' object='vtls/libcurl_la-mbedtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-mbedtls.lo `test -f 'vtls/mbedtls.c' || echo '$(srcdir)/'`vtls/mbedtls.c
+
+libcurlu_la-file.lo: file.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-file.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-file.Tpo -c -o libcurlu_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-file.Tpo $(DEPDIR)/libcurlu_la-file.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='file.c' object='libcurlu_la-file.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-file.lo `test -f 'file.c' || echo '$(srcdir)/'`file.c
+
+libcurlu_la-timeval.lo: timeval.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-timeval.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-timeval.Tpo -c -o libcurlu_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-timeval.Tpo $(DEPDIR)/libcurlu_la-timeval.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='timeval.c' object='libcurlu_la-timeval.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c
+
+libcurlu_la-base64.lo: base64.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-base64.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-base64.Tpo -c -o libcurlu_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-base64.Tpo $(DEPDIR)/libcurlu_la-base64.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='base64.c' object='libcurlu_la-base64.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-base64.lo `test -f 'base64.c' || echo '$(srcdir)/'`base64.c
+
+libcurlu_la-hostip.lo: hostip.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostip.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostip.Tpo -c -o libcurlu_la-hostip.lo `test -f 'hostip.c' || echo '$(srcdir)/'`hostip.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostip.Tpo $(DEPDIR)/libcurlu_la-hostip.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostip.c' object='libcurlu_la-hostip.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostip.lo `test -f 'hostip.c' || echo '$(srcdir)/'`hostip.c
+
+libcurlu_la-progress.lo: progress.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-progress.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-progress.Tpo -c -o libcurlu_la-progress.lo `test -f 'progress.c' || echo '$(srcdir)/'`progress.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-progress.Tpo $(DEPDIR)/libcurlu_la-progress.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='progress.c' object='libcurlu_la-progress.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-progress.lo `test -f 'progress.c' || echo '$(srcdir)/'`progress.c
+
+libcurlu_la-formdata.lo: formdata.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-formdata.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-formdata.Tpo -c -o libcurlu_la-formdata.lo `test -f 'formdata.c' || echo '$(srcdir)/'`formdata.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-formdata.Tpo $(DEPDIR)/libcurlu_la-formdata.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='formdata.c' object='libcurlu_la-formdata.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-formdata.lo `test -f 'formdata.c' || echo '$(srcdir)/'`formdata.c
+
+libcurlu_la-cookie.lo: cookie.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-cookie.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-cookie.Tpo -c -o libcurlu_la-cookie.lo `test -f 'cookie.c' || echo '$(srcdir)/'`cookie.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-cookie.Tpo $(DEPDIR)/libcurlu_la-cookie.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cookie.c' object='libcurlu_la-cookie.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-cookie.lo `test -f 'cookie.c' || echo '$(srcdir)/'`cookie.c
+
+libcurlu_la-http.lo: http.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-http.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-http.Tpo -c -o libcurlu_la-http.lo `test -f 'http.c' || echo '$(srcdir)/'`http.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-http.Tpo $(DEPDIR)/libcurlu_la-http.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http.c' object='libcurlu_la-http.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-http.lo `test -f 'http.c' || echo '$(srcdir)/'`http.c
+
+libcurlu_la-sendf.lo: sendf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-sendf.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-sendf.Tpo -c -o libcurlu_la-sendf.lo `test -f 'sendf.c' || echo '$(srcdir)/'`sendf.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-sendf.Tpo $(DEPDIR)/libcurlu_la-sendf.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sendf.c' object='libcurlu_la-sendf.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-sendf.lo `test -f 'sendf.c' || echo '$(srcdir)/'`sendf.c
+
+libcurlu_la-ftp.lo: ftp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-ftp.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-ftp.Tpo -c -o libcurlu_la-ftp.lo `test -f 'ftp.c' || echo '$(srcdir)/'`ftp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-ftp.Tpo $(DEPDIR)/libcurlu_la-ftp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ftp.c' object='libcurlu_la-ftp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-ftp.lo `test -f 'ftp.c' || echo '$(srcdir)/'`ftp.c
+
+libcurlu_la-url.lo: url.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-url.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-url.Tpo -c -o libcurlu_la-url.lo `test -f 'url.c' || echo '$(srcdir)/'`url.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-url.Tpo $(DEPDIR)/libcurlu_la-url.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='url.c' object='libcurlu_la-url.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-url.lo `test -f 'url.c' || echo '$(srcdir)/'`url.c
+
+libcurlu_la-dict.lo: dict.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-dict.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-dict.Tpo -c -o libcurlu_la-dict.lo `test -f 'dict.c' || echo '$(srcdir)/'`dict.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-dict.Tpo $(DEPDIR)/libcurlu_la-dict.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='dict.c' object='libcurlu_la-dict.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-dict.lo `test -f 'dict.c' || echo '$(srcdir)/'`dict.c
+
+libcurlu_la-if2ip.lo: if2ip.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-if2ip.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-if2ip.Tpo -c -o libcurlu_la-if2ip.lo `test -f 'if2ip.c' || echo '$(srcdir)/'`if2ip.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-if2ip.Tpo $(DEPDIR)/libcurlu_la-if2ip.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='if2ip.c' object='libcurlu_la-if2ip.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-if2ip.lo `test -f 'if2ip.c' || echo '$(srcdir)/'`if2ip.c
+
+libcurlu_la-speedcheck.lo: speedcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-speedcheck.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-speedcheck.Tpo -c -o libcurlu_la-speedcheck.lo `test -f 'speedcheck.c' || echo '$(srcdir)/'`speedcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-speedcheck.Tpo $(DEPDIR)/libcurlu_la-speedcheck.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='speedcheck.c' object='libcurlu_la-speedcheck.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-speedcheck.lo `test -f 'speedcheck.c' || echo '$(srcdir)/'`speedcheck.c
+
+libcurlu_la-ldap.lo: ldap.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-ldap.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-ldap.Tpo -c -o libcurlu_la-ldap.lo `test -f 'ldap.c' || echo '$(srcdir)/'`ldap.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-ldap.Tpo $(DEPDIR)/libcurlu_la-ldap.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ldap.c' object='libcurlu_la-ldap.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-ldap.lo `test -f 'ldap.c' || echo '$(srcdir)/'`ldap.c
+
+libcurlu_la-version.lo: version.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-version.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-version.Tpo -c -o libcurlu_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-version.Tpo $(DEPDIR)/libcurlu_la-version.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='version.c' object='libcurlu_la-version.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-version.lo `test -f 'version.c' || echo '$(srcdir)/'`version.c
+
+libcurlu_la-getenv.lo: getenv.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-getenv.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-getenv.Tpo -c -o libcurlu_la-getenv.lo `test -f 'getenv.c' || echo '$(srcdir)/'`getenv.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-getenv.Tpo $(DEPDIR)/libcurlu_la-getenv.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='getenv.c' object='libcurlu_la-getenv.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-getenv.lo `test -f 'getenv.c' || echo '$(srcdir)/'`getenv.c
+
+libcurlu_la-escape.lo: escape.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-escape.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-escape.Tpo -c -o libcurlu_la-escape.lo `test -f 'escape.c' || echo '$(srcdir)/'`escape.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-escape.Tpo $(DEPDIR)/libcurlu_la-escape.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='escape.c' object='libcurlu_la-escape.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-escape.lo `test -f 'escape.c' || echo '$(srcdir)/'`escape.c
+
+libcurlu_la-mprintf.lo: mprintf.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-mprintf.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-mprintf.Tpo -c -o libcurlu_la-mprintf.lo `test -f 'mprintf.c' || echo '$(srcdir)/'`mprintf.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-mprintf.Tpo $(DEPDIR)/libcurlu_la-mprintf.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mprintf.c' object='libcurlu_la-mprintf.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-mprintf.lo `test -f 'mprintf.c' || echo '$(srcdir)/'`mprintf.c
+
+libcurlu_la-telnet.lo: telnet.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-telnet.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-telnet.Tpo -c -o libcurlu_la-telnet.lo `test -f 'telnet.c' || echo '$(srcdir)/'`telnet.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-telnet.Tpo $(DEPDIR)/libcurlu_la-telnet.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='telnet.c' object='libcurlu_la-telnet.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-telnet.lo `test -f 'telnet.c' || echo '$(srcdir)/'`telnet.c
+
+libcurlu_la-netrc.lo: netrc.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-netrc.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-netrc.Tpo -c -o libcurlu_la-netrc.lo `test -f 'netrc.c' || echo '$(srcdir)/'`netrc.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-netrc.Tpo $(DEPDIR)/libcurlu_la-netrc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='netrc.c' object='libcurlu_la-netrc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-netrc.lo `test -f 'netrc.c' || echo '$(srcdir)/'`netrc.c
+
+libcurlu_la-getinfo.lo: getinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-getinfo.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-getinfo.Tpo -c -o libcurlu_la-getinfo.lo `test -f 'getinfo.c' || echo '$(srcdir)/'`getinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-getinfo.Tpo $(DEPDIR)/libcurlu_la-getinfo.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='getinfo.c' object='libcurlu_la-getinfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-getinfo.lo `test -f 'getinfo.c' || echo '$(srcdir)/'`getinfo.c
+
+libcurlu_la-transfer.lo: transfer.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-transfer.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-transfer.Tpo -c -o libcurlu_la-transfer.lo `test -f 'transfer.c' || echo '$(srcdir)/'`transfer.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-transfer.Tpo $(DEPDIR)/libcurlu_la-transfer.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='transfer.c' object='libcurlu_la-transfer.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-transfer.lo `test -f 'transfer.c' || echo '$(srcdir)/'`transfer.c
+
+libcurlu_la-strcase.lo: strcase.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-strcase.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-strcase.Tpo -c -o libcurlu_la-strcase.lo `test -f 'strcase.c' || echo '$(srcdir)/'`strcase.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-strcase.Tpo $(DEPDIR)/libcurlu_la-strcase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strcase.c' object='libcurlu_la-strcase.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-strcase.lo `test -f 'strcase.c' || echo '$(srcdir)/'`strcase.c
+
+libcurlu_la-easy.lo: easy.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-easy.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-easy.Tpo -c -o libcurlu_la-easy.lo `test -f 'easy.c' || echo '$(srcdir)/'`easy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-easy.Tpo $(DEPDIR)/libcurlu_la-easy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='easy.c' object='libcurlu_la-easy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-easy.lo `test -f 'easy.c' || echo '$(srcdir)/'`easy.c
+
+libcurlu_la-security.lo: security.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-security.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-security.Tpo -c -o libcurlu_la-security.lo `test -f 'security.c' || echo '$(srcdir)/'`security.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-security.Tpo $(DEPDIR)/libcurlu_la-security.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='security.c' object='libcurlu_la-security.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-security.lo `test -f 'security.c' || echo '$(srcdir)/'`security.c
+
+libcurlu_la-curl_fnmatch.lo: curl_fnmatch.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_fnmatch.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_fnmatch.Tpo -c -o libcurlu_la-curl_fnmatch.lo `test -f 'curl_fnmatch.c' || echo '$(srcdir)/'`curl_fnmatch.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_fnmatch.Tpo $(DEPDIR)/libcurlu_la-curl_fnmatch.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_fnmatch.c' object='libcurlu_la-curl_fnmatch.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_fnmatch.lo `test -f 'curl_fnmatch.c' || echo '$(srcdir)/'`curl_fnmatch.c
+
+libcurlu_la-fileinfo.lo: fileinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-fileinfo.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-fileinfo.Tpo -c -o libcurlu_la-fileinfo.lo `test -f 'fileinfo.c' || echo '$(srcdir)/'`fileinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-fileinfo.Tpo $(DEPDIR)/libcurlu_la-fileinfo.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='fileinfo.c' object='libcurlu_la-fileinfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-fileinfo.lo `test -f 'fileinfo.c' || echo '$(srcdir)/'`fileinfo.c
+
+libcurlu_la-ftplistparser.lo: ftplistparser.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-ftplistparser.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-ftplistparser.Tpo -c -o libcurlu_la-ftplistparser.lo `test -f 'ftplistparser.c' || echo '$(srcdir)/'`ftplistparser.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-ftplistparser.Tpo $(DEPDIR)/libcurlu_la-ftplistparser.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ftplistparser.c' object='libcurlu_la-ftplistparser.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-ftplistparser.lo `test -f 'ftplistparser.c' || echo '$(srcdir)/'`ftplistparser.c
+
+libcurlu_la-wildcard.lo: wildcard.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-wildcard.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-wildcard.Tpo -c -o libcurlu_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-wildcard.Tpo $(DEPDIR)/libcurlu_la-wildcard.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='wildcard.c' object='libcurlu_la-wildcard.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c
+
+libcurlu_la-krb5.lo: krb5.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-krb5.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-krb5.Tpo -c -o libcurlu_la-krb5.lo `test -f 'krb5.c' || echo '$(srcdir)/'`krb5.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-krb5.Tpo $(DEPDIR)/libcurlu_la-krb5.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='krb5.c' object='libcurlu_la-krb5.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-krb5.lo `test -f 'krb5.c' || echo '$(srcdir)/'`krb5.c
+
+libcurlu_la-memdebug.lo: memdebug.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-memdebug.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-memdebug.Tpo -c -o libcurlu_la-memdebug.lo `test -f 'memdebug.c' || echo '$(srcdir)/'`memdebug.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-memdebug.Tpo $(DEPDIR)/libcurlu_la-memdebug.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='memdebug.c' object='libcurlu_la-memdebug.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-memdebug.lo `test -f 'memdebug.c' || echo '$(srcdir)/'`memdebug.c
+
+libcurlu_la-http_chunks.lo: http_chunks.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-http_chunks.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-http_chunks.Tpo -c -o libcurlu_la-http_chunks.lo `test -f 'http_chunks.c' || echo '$(srcdir)/'`http_chunks.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-http_chunks.Tpo $(DEPDIR)/libcurlu_la-http_chunks.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_chunks.c' object='libcurlu_la-http_chunks.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-http_chunks.lo `test -f 'http_chunks.c' || echo '$(srcdir)/'`http_chunks.c
+
+libcurlu_la-strtok.lo: strtok.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-strtok.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-strtok.Tpo -c -o libcurlu_la-strtok.lo `test -f 'strtok.c' || echo '$(srcdir)/'`strtok.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-strtok.Tpo $(DEPDIR)/libcurlu_la-strtok.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strtok.c' object='libcurlu_la-strtok.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-strtok.lo `test -f 'strtok.c' || echo '$(srcdir)/'`strtok.c
+
+libcurlu_la-connect.lo: connect.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-connect.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-connect.Tpo -c -o libcurlu_la-connect.lo `test -f 'connect.c' || echo '$(srcdir)/'`connect.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-connect.Tpo $(DEPDIR)/libcurlu_la-connect.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='connect.c' object='libcurlu_la-connect.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-connect.lo `test -f 'connect.c' || echo '$(srcdir)/'`connect.c
+
+libcurlu_la-llist.lo: llist.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-llist.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-llist.Tpo -c -o libcurlu_la-llist.lo `test -f 'llist.c' || echo '$(srcdir)/'`llist.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-llist.Tpo $(DEPDIR)/libcurlu_la-llist.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='llist.c' object='libcurlu_la-llist.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-llist.lo `test -f 'llist.c' || echo '$(srcdir)/'`llist.c
+
+libcurlu_la-hash.lo: hash.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hash.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hash.Tpo -c -o libcurlu_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hash.Tpo $(DEPDIR)/libcurlu_la-hash.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hash.c' object='libcurlu_la-hash.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c
+
+libcurlu_la-multi.lo: multi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-multi.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-multi.Tpo -c -o libcurlu_la-multi.lo `test -f 'multi.c' || echo '$(srcdir)/'`multi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-multi.Tpo $(DEPDIR)/libcurlu_la-multi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='multi.c' object='libcurlu_la-multi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-multi.lo `test -f 'multi.c' || echo '$(srcdir)/'`multi.c
+
+libcurlu_la-content_encoding.lo: content_encoding.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-content_encoding.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-content_encoding.Tpo -c -o libcurlu_la-content_encoding.lo `test -f 'content_encoding.c' || echo '$(srcdir)/'`content_encoding.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-content_encoding.Tpo $(DEPDIR)/libcurlu_la-content_encoding.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='content_encoding.c' object='libcurlu_la-content_encoding.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-content_encoding.lo `test -f 'content_encoding.c' || echo '$(srcdir)/'`content_encoding.c
+
+libcurlu_la-share.lo: share.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-share.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-share.Tpo -c -o libcurlu_la-share.lo `test -f 'share.c' || echo '$(srcdir)/'`share.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-share.Tpo $(DEPDIR)/libcurlu_la-share.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='share.c' object='libcurlu_la-share.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-share.lo `test -f 'share.c' || echo '$(srcdir)/'`share.c
+
+libcurlu_la-http_digest.lo: http_digest.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-http_digest.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-http_digest.Tpo -c -o libcurlu_la-http_digest.lo `test -f 'http_digest.c' || echo '$(srcdir)/'`http_digest.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-http_digest.Tpo $(DEPDIR)/libcurlu_la-http_digest.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_digest.c' object='libcurlu_la-http_digest.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-http_digest.lo `test -f 'http_digest.c' || echo '$(srcdir)/'`http_digest.c
+
+libcurlu_la-md4.lo: md4.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-md4.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-md4.Tpo -c -o libcurlu_la-md4.lo `test -f 'md4.c' || echo '$(srcdir)/'`md4.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-md4.Tpo $(DEPDIR)/libcurlu_la-md4.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md4.c' object='libcurlu_la-md4.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-md4.lo `test -f 'md4.c' || echo '$(srcdir)/'`md4.c
+
+libcurlu_la-md5.lo: md5.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-md5.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-md5.Tpo -c -o libcurlu_la-md5.lo `test -f 'md5.c' || echo '$(srcdir)/'`md5.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-md5.Tpo $(DEPDIR)/libcurlu_la-md5.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5.c' object='libcurlu_la-md5.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-md5.lo `test -f 'md5.c' || echo '$(srcdir)/'`md5.c
+
+libcurlu_la-http_negotiate.lo: http_negotiate.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-http_negotiate.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-http_negotiate.Tpo -c -o libcurlu_la-http_negotiate.lo `test -f 'http_negotiate.c' || echo '$(srcdir)/'`http_negotiate.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-http_negotiate.Tpo $(DEPDIR)/libcurlu_la-http_negotiate.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_negotiate.c' object='libcurlu_la-http_negotiate.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-http_negotiate.lo `test -f 'http_negotiate.c' || echo '$(srcdir)/'`http_negotiate.c
+
+libcurlu_la-inet_pton.lo: inet_pton.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-inet_pton.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-inet_pton.Tpo -c -o libcurlu_la-inet_pton.lo `test -f 'inet_pton.c' || echo '$(srcdir)/'`inet_pton.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-inet_pton.Tpo $(DEPDIR)/libcurlu_la-inet_pton.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inet_pton.c' object='libcurlu_la-inet_pton.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-inet_pton.lo `test -f 'inet_pton.c' || echo '$(srcdir)/'`inet_pton.c
+
+libcurlu_la-strtoofft.lo: strtoofft.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-strtoofft.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-strtoofft.Tpo -c -o libcurlu_la-strtoofft.lo `test -f 'strtoofft.c' || echo '$(srcdir)/'`strtoofft.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-strtoofft.Tpo $(DEPDIR)/libcurlu_la-strtoofft.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strtoofft.c' object='libcurlu_la-strtoofft.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-strtoofft.lo `test -f 'strtoofft.c' || echo '$(srcdir)/'`strtoofft.c
+
+libcurlu_la-strerror.lo: strerror.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-strerror.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-strerror.Tpo -c -o libcurlu_la-strerror.lo `test -f 'strerror.c' || echo '$(srcdir)/'`strerror.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-strerror.Tpo $(DEPDIR)/libcurlu_la-strerror.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strerror.c' object='libcurlu_la-strerror.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-strerror.lo `test -f 'strerror.c' || echo '$(srcdir)/'`strerror.c
+
+libcurlu_la-amigaos.lo: amigaos.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-amigaos.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-amigaos.Tpo -c -o libcurlu_la-amigaos.lo `test -f 'amigaos.c' || echo '$(srcdir)/'`amigaos.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-amigaos.Tpo $(DEPDIR)/libcurlu_la-amigaos.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='amigaos.c' object='libcurlu_la-amigaos.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-amigaos.lo `test -f 'amigaos.c' || echo '$(srcdir)/'`amigaos.c
+
+libcurlu_la-hostasyn.lo: hostasyn.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostasyn.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostasyn.Tpo -c -o libcurlu_la-hostasyn.lo `test -f 'hostasyn.c' || echo '$(srcdir)/'`hostasyn.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostasyn.Tpo $(DEPDIR)/libcurlu_la-hostasyn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostasyn.c' object='libcurlu_la-hostasyn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostasyn.lo `test -f 'hostasyn.c' || echo '$(srcdir)/'`hostasyn.c
+
+libcurlu_la-hostip4.lo: hostip4.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostip4.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostip4.Tpo -c -o libcurlu_la-hostip4.lo `test -f 'hostip4.c' || echo '$(srcdir)/'`hostip4.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostip4.Tpo $(DEPDIR)/libcurlu_la-hostip4.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostip4.c' object='libcurlu_la-hostip4.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostip4.lo `test -f 'hostip4.c' || echo '$(srcdir)/'`hostip4.c
+
+libcurlu_la-hostip6.lo: hostip6.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostip6.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostip6.Tpo -c -o libcurlu_la-hostip6.lo `test -f 'hostip6.c' || echo '$(srcdir)/'`hostip6.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostip6.Tpo $(DEPDIR)/libcurlu_la-hostip6.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostip6.c' object='libcurlu_la-hostip6.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostip6.lo `test -f 'hostip6.c' || echo '$(srcdir)/'`hostip6.c
+
+libcurlu_la-hostsyn.lo: hostsyn.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostsyn.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostsyn.Tpo -c -o libcurlu_la-hostsyn.lo `test -f 'hostsyn.c' || echo '$(srcdir)/'`hostsyn.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostsyn.Tpo $(DEPDIR)/libcurlu_la-hostsyn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostsyn.c' object='libcurlu_la-hostsyn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostsyn.lo `test -f 'hostsyn.c' || echo '$(srcdir)/'`hostsyn.c
+
+libcurlu_la-inet_ntop.lo: inet_ntop.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-inet_ntop.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-inet_ntop.Tpo -c -o libcurlu_la-inet_ntop.lo `test -f 'inet_ntop.c' || echo '$(srcdir)/'`inet_ntop.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-inet_ntop.Tpo $(DEPDIR)/libcurlu_la-inet_ntop.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='inet_ntop.c' object='libcurlu_la-inet_ntop.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-inet_ntop.lo `test -f 'inet_ntop.c' || echo '$(srcdir)/'`inet_ntop.c
+
+libcurlu_la-parsedate.lo: parsedate.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-parsedate.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-parsedate.Tpo -c -o libcurlu_la-parsedate.lo `test -f 'parsedate.c' || echo '$(srcdir)/'`parsedate.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-parsedate.Tpo $(DEPDIR)/libcurlu_la-parsedate.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='parsedate.c' object='libcurlu_la-parsedate.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-parsedate.lo `test -f 'parsedate.c' || echo '$(srcdir)/'`parsedate.c
+
+libcurlu_la-select.lo: select.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-select.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-select.Tpo -c -o libcurlu_la-select.lo `test -f 'select.c' || echo '$(srcdir)/'`select.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-select.Tpo $(DEPDIR)/libcurlu_la-select.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='select.c' object='libcurlu_la-select.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-select.lo `test -f 'select.c' || echo '$(srcdir)/'`select.c
+
+libcurlu_la-tftp.lo: tftp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-tftp.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-tftp.Tpo -c -o libcurlu_la-tftp.lo `test -f 'tftp.c' || echo '$(srcdir)/'`tftp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-tftp.Tpo $(DEPDIR)/libcurlu_la-tftp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tftp.c' object='libcurlu_la-tftp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-tftp.lo `test -f 'tftp.c' || echo '$(srcdir)/'`tftp.c
+
+libcurlu_la-splay.lo: splay.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-splay.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-splay.Tpo -c -o libcurlu_la-splay.lo `test -f 'splay.c' || echo '$(srcdir)/'`splay.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-splay.Tpo $(DEPDIR)/libcurlu_la-splay.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='splay.c' object='libcurlu_la-splay.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-splay.lo `test -f 'splay.c' || echo '$(srcdir)/'`splay.c
+
+libcurlu_la-strdup.lo: strdup.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-strdup.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-strdup.Tpo -c -o libcurlu_la-strdup.lo `test -f 'strdup.c' || echo '$(srcdir)/'`strdup.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-strdup.Tpo $(DEPDIR)/libcurlu_la-strdup.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='strdup.c' object='libcurlu_la-strdup.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-strdup.lo `test -f 'strdup.c' || echo '$(srcdir)/'`strdup.c
+
+libcurlu_la-socks.lo: socks.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-socks.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-socks.Tpo -c -o libcurlu_la-socks.lo `test -f 'socks.c' || echo '$(srcdir)/'`socks.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-socks.Tpo $(DEPDIR)/libcurlu_la-socks.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='socks.c' object='libcurlu_la-socks.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-socks.lo `test -f 'socks.c' || echo '$(srcdir)/'`socks.c
+
+libcurlu_la-ssh.lo: ssh.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-ssh.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-ssh.Tpo -c -o libcurlu_la-ssh.lo `test -f 'ssh.c' || echo '$(srcdir)/'`ssh.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-ssh.Tpo $(DEPDIR)/libcurlu_la-ssh.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ssh.c' object='libcurlu_la-ssh.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-ssh.lo `test -f 'ssh.c' || echo '$(srcdir)/'`ssh.c
+
+libcurlu_la-curl_addrinfo.lo: curl_addrinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_addrinfo.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_addrinfo.Tpo -c -o libcurlu_la-curl_addrinfo.lo `test -f 'curl_addrinfo.c' || echo '$(srcdir)/'`curl_addrinfo.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_addrinfo.Tpo $(DEPDIR)/libcurlu_la-curl_addrinfo.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_addrinfo.c' object='libcurlu_la-curl_addrinfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_addrinfo.lo `test -f 'curl_addrinfo.c' || echo '$(srcdir)/'`curl_addrinfo.c
+
+libcurlu_la-socks_gssapi.lo: socks_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-socks_gssapi.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-socks_gssapi.Tpo -c -o libcurlu_la-socks_gssapi.lo `test -f 'socks_gssapi.c' || echo '$(srcdir)/'`socks_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-socks_gssapi.Tpo $(DEPDIR)/libcurlu_la-socks_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='socks_gssapi.c' object='libcurlu_la-socks_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-socks_gssapi.lo `test -f 'socks_gssapi.c' || echo '$(srcdir)/'`socks_gssapi.c
+
+libcurlu_la-socks_sspi.lo: socks_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-socks_sspi.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-socks_sspi.Tpo -c -o libcurlu_la-socks_sspi.lo `test -f 'socks_sspi.c' || echo '$(srcdir)/'`socks_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-socks_sspi.Tpo $(DEPDIR)/libcurlu_la-socks_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='socks_sspi.c' object='libcurlu_la-socks_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-socks_sspi.lo `test -f 'socks_sspi.c' || echo '$(srcdir)/'`socks_sspi.c
+
+libcurlu_la-curl_sspi.lo: curl_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_sspi.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_sspi.Tpo -c -o libcurlu_la-curl_sspi.lo `test -f 'curl_sspi.c' || echo '$(srcdir)/'`curl_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_sspi.Tpo $(DEPDIR)/libcurlu_la-curl_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_sspi.c' object='libcurlu_la-curl_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_sspi.lo `test -f 'curl_sspi.c' || echo '$(srcdir)/'`curl_sspi.c
+
+libcurlu_la-slist.lo: slist.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-slist.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-slist.Tpo -c -o libcurlu_la-slist.lo `test -f 'slist.c' || echo '$(srcdir)/'`slist.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-slist.Tpo $(DEPDIR)/libcurlu_la-slist.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='slist.c' object='libcurlu_la-slist.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-slist.lo `test -f 'slist.c' || echo '$(srcdir)/'`slist.c
+
+libcurlu_la-nonblock.lo: nonblock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-nonblock.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-nonblock.Tpo -c -o libcurlu_la-nonblock.lo `test -f 'nonblock.c' || echo '$(srcdir)/'`nonblock.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-nonblock.Tpo $(DEPDIR)/libcurlu_la-nonblock.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nonblock.c' object='libcurlu_la-nonblock.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-nonblock.lo `test -f 'nonblock.c' || echo '$(srcdir)/'`nonblock.c
+
+libcurlu_la-curl_memrchr.lo: curl_memrchr.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_memrchr.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_memrchr.Tpo -c -o libcurlu_la-curl_memrchr.lo `test -f 'curl_memrchr.c' || echo '$(srcdir)/'`curl_memrchr.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_memrchr.Tpo $(DEPDIR)/libcurlu_la-curl_memrchr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_memrchr.c' object='libcurlu_la-curl_memrchr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_memrchr.lo `test -f 'curl_memrchr.c' || echo '$(srcdir)/'`curl_memrchr.c
+
+libcurlu_la-imap.lo: imap.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-imap.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-imap.Tpo -c -o libcurlu_la-imap.lo `test -f 'imap.c' || echo '$(srcdir)/'`imap.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-imap.Tpo $(DEPDIR)/libcurlu_la-imap.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='imap.c' object='libcurlu_la-imap.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-imap.lo `test -f 'imap.c' || echo '$(srcdir)/'`imap.c
+
+libcurlu_la-pop3.lo: pop3.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-pop3.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-pop3.Tpo -c -o libcurlu_la-pop3.lo `test -f 'pop3.c' || echo '$(srcdir)/'`pop3.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-pop3.Tpo $(DEPDIR)/libcurlu_la-pop3.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pop3.c' object='libcurlu_la-pop3.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-pop3.lo `test -f 'pop3.c' || echo '$(srcdir)/'`pop3.c
+
+libcurlu_la-smtp.lo: smtp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-smtp.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-smtp.Tpo -c -o libcurlu_la-smtp.lo `test -f 'smtp.c' || echo '$(srcdir)/'`smtp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-smtp.Tpo $(DEPDIR)/libcurlu_la-smtp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='smtp.c' object='libcurlu_la-smtp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-smtp.lo `test -f 'smtp.c' || echo '$(srcdir)/'`smtp.c
+
+libcurlu_la-pingpong.lo: pingpong.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-pingpong.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-pingpong.Tpo -c -o libcurlu_la-pingpong.lo `test -f 'pingpong.c' || echo '$(srcdir)/'`pingpong.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-pingpong.Tpo $(DEPDIR)/libcurlu_la-pingpong.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pingpong.c' object='libcurlu_la-pingpong.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-pingpong.lo `test -f 'pingpong.c' || echo '$(srcdir)/'`pingpong.c
+
+libcurlu_la-rtsp.lo: rtsp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-rtsp.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-rtsp.Tpo -c -o libcurlu_la-rtsp.lo `test -f 'rtsp.c' || echo '$(srcdir)/'`rtsp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-rtsp.Tpo $(DEPDIR)/libcurlu_la-rtsp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rtsp.c' object='libcurlu_la-rtsp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-rtsp.lo `test -f 'rtsp.c' || echo '$(srcdir)/'`rtsp.c
+
+libcurlu_la-curl_threads.lo: curl_threads.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_threads.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_threads.Tpo -c -o libcurlu_la-curl_threads.lo `test -f 'curl_threads.c' || echo '$(srcdir)/'`curl_threads.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_threads.Tpo $(DEPDIR)/libcurlu_la-curl_threads.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_threads.c' object='libcurlu_la-curl_threads.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_threads.lo `test -f 'curl_threads.c' || echo '$(srcdir)/'`curl_threads.c
+
+libcurlu_la-warnless.lo: warnless.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-warnless.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-warnless.Tpo -c -o libcurlu_la-warnless.lo `test -f 'warnless.c' || echo '$(srcdir)/'`warnless.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-warnless.Tpo $(DEPDIR)/libcurlu_la-warnless.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='warnless.c' object='libcurlu_la-warnless.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-warnless.lo `test -f 'warnless.c' || echo '$(srcdir)/'`warnless.c
+
+libcurlu_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hmac.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hmac.Tpo -c -o libcurlu_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hmac.Tpo $(DEPDIR)/libcurlu_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmac.c' object='libcurlu_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libcurlu_la-curl_rtmp.lo: curl_rtmp.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_rtmp.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_rtmp.Tpo -c -o libcurlu_la-curl_rtmp.lo `test -f 'curl_rtmp.c' || echo '$(srcdir)/'`curl_rtmp.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_rtmp.Tpo $(DEPDIR)/libcurlu_la-curl_rtmp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_rtmp.c' object='libcurlu_la-curl_rtmp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_rtmp.lo `test -f 'curl_rtmp.c' || echo '$(srcdir)/'`curl_rtmp.c
+
+libcurlu_la-openldap.lo: openldap.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-openldap.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-openldap.Tpo -c -o libcurlu_la-openldap.lo `test -f 'openldap.c' || echo '$(srcdir)/'`openldap.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-openldap.Tpo $(DEPDIR)/libcurlu_la-openldap.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='openldap.c' object='libcurlu_la-openldap.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-openldap.lo `test -f 'openldap.c' || echo '$(srcdir)/'`openldap.c
+
+libcurlu_la-curl_gethostname.lo: curl_gethostname.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_gethostname.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_gethostname.Tpo -c -o libcurlu_la-curl_gethostname.lo `test -f 'curl_gethostname.c' || echo '$(srcdir)/'`curl_gethostname.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_gethostname.Tpo $(DEPDIR)/libcurlu_la-curl_gethostname.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_gethostname.c' object='libcurlu_la-curl_gethostname.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_gethostname.lo `test -f 'curl_gethostname.c' || echo '$(srcdir)/'`curl_gethostname.c
+
+libcurlu_la-gopher.lo: gopher.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-gopher.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-gopher.Tpo -c -o libcurlu_la-gopher.lo `test -f 'gopher.c' || echo '$(srcdir)/'`gopher.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-gopher.Tpo $(DEPDIR)/libcurlu_la-gopher.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gopher.c' object='libcurlu_la-gopher.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-gopher.lo `test -f 'gopher.c' || echo '$(srcdir)/'`gopher.c
+
+libcurlu_la-idn_win32.lo: idn_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-idn_win32.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-idn_win32.Tpo -c -o libcurlu_la-idn_win32.lo `test -f 'idn_win32.c' || echo '$(srcdir)/'`idn_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-idn_win32.Tpo $(DEPDIR)/libcurlu_la-idn_win32.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='idn_win32.c' object='libcurlu_la-idn_win32.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-idn_win32.lo `test -f 'idn_win32.c' || echo '$(srcdir)/'`idn_win32.c
+
+libcurlu_la-http_proxy.lo: http_proxy.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-http_proxy.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-http_proxy.Tpo -c -o libcurlu_la-http_proxy.lo `test -f 'http_proxy.c' || echo '$(srcdir)/'`http_proxy.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-http_proxy.Tpo $(DEPDIR)/libcurlu_la-http_proxy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_proxy.c' object='libcurlu_la-http_proxy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-http_proxy.lo `test -f 'http_proxy.c' || echo '$(srcdir)/'`http_proxy.c
+
+libcurlu_la-non-ascii.lo: non-ascii.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-non-ascii.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-non-ascii.Tpo -c -o libcurlu_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-non-ascii.Tpo $(DEPDIR)/libcurlu_la-non-ascii.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='non-ascii.c' object='libcurlu_la-non-ascii.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c
+
+libcurlu_la-asyn-ares.lo: asyn-ares.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-asyn-ares.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-asyn-ares.Tpo -c -o libcurlu_la-asyn-ares.lo `test -f 'asyn-ares.c' || echo '$(srcdir)/'`asyn-ares.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-asyn-ares.Tpo $(DEPDIR)/libcurlu_la-asyn-ares.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asyn-ares.c' object='libcurlu_la-asyn-ares.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-asyn-ares.lo `test -f 'asyn-ares.c' || echo '$(srcdir)/'`asyn-ares.c
+
+libcurlu_la-asyn-thread.lo: asyn-thread.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-asyn-thread.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-asyn-thread.Tpo -c -o libcurlu_la-asyn-thread.lo `test -f 'asyn-thread.c' || echo '$(srcdir)/'`asyn-thread.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-asyn-thread.Tpo $(DEPDIR)/libcurlu_la-asyn-thread.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asyn-thread.c' object='libcurlu_la-asyn-thread.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-asyn-thread.lo `test -f 'asyn-thread.c' || echo '$(srcdir)/'`asyn-thread.c
+
+libcurlu_la-curl_gssapi.lo: curl_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_gssapi.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_gssapi.Tpo -c -o libcurlu_la-curl_gssapi.lo `test -f 'curl_gssapi.c' || echo '$(srcdir)/'`curl_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_gssapi.Tpo $(DEPDIR)/libcurlu_la-curl_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_gssapi.c' object='libcurlu_la-curl_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_gssapi.lo `test -f 'curl_gssapi.c' || echo '$(srcdir)/'`curl_gssapi.c
+
+libcurlu_la-http_ntlm.lo: http_ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-http_ntlm.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-http_ntlm.Tpo -c -o libcurlu_la-http_ntlm.lo `test -f 'http_ntlm.c' || echo '$(srcdir)/'`http_ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-http_ntlm.Tpo $(DEPDIR)/libcurlu_la-http_ntlm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http_ntlm.c' object='libcurlu_la-http_ntlm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-http_ntlm.lo `test -f 'http_ntlm.c' || echo '$(srcdir)/'`http_ntlm.c
+
+libcurlu_la-curl_ntlm_wb.lo: curl_ntlm_wb.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_ntlm_wb.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_ntlm_wb.Tpo -c -o libcurlu_la-curl_ntlm_wb.lo `test -f 'curl_ntlm_wb.c' || echo '$(srcdir)/'`curl_ntlm_wb.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_ntlm_wb.Tpo $(DEPDIR)/libcurlu_la-curl_ntlm_wb.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_ntlm_wb.c' object='libcurlu_la-curl_ntlm_wb.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_ntlm_wb.lo `test -f 'curl_ntlm_wb.c' || echo '$(srcdir)/'`curl_ntlm_wb.c
+
+libcurlu_la-curl_ntlm_core.lo: curl_ntlm_core.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_ntlm_core.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_ntlm_core.Tpo -c -o libcurlu_la-curl_ntlm_core.lo `test -f 'curl_ntlm_core.c' || echo '$(srcdir)/'`curl_ntlm_core.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_ntlm_core.Tpo $(DEPDIR)/libcurlu_la-curl_ntlm_core.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_ntlm_core.c' object='libcurlu_la-curl_ntlm_core.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_ntlm_core.lo `test -f 'curl_ntlm_core.c' || echo '$(srcdir)/'`curl_ntlm_core.c
+
+libcurlu_la-curl_sasl.lo: curl_sasl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_sasl.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_sasl.Tpo -c -o libcurlu_la-curl_sasl.lo `test -f 'curl_sasl.c' || echo '$(srcdir)/'`curl_sasl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_sasl.Tpo $(DEPDIR)/libcurlu_la-curl_sasl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_sasl.c' object='libcurlu_la-curl_sasl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_sasl.lo `test -f 'curl_sasl.c' || echo '$(srcdir)/'`curl_sasl.c
+
+libcurlu_la-rand.lo: rand.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-rand.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-rand.Tpo -c -o libcurlu_la-rand.lo `test -f 'rand.c' || echo '$(srcdir)/'`rand.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-rand.Tpo $(DEPDIR)/libcurlu_la-rand.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rand.c' object='libcurlu_la-rand.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-rand.lo `test -f 'rand.c' || echo '$(srcdir)/'`rand.c
+
+libcurlu_la-curl_multibyte.lo: curl_multibyte.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_multibyte.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_multibyte.Tpo -c -o libcurlu_la-curl_multibyte.lo `test -f 'curl_multibyte.c' || echo '$(srcdir)/'`curl_multibyte.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_multibyte.Tpo $(DEPDIR)/libcurlu_la-curl_multibyte.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_multibyte.c' object='libcurlu_la-curl_multibyte.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_multibyte.lo `test -f 'curl_multibyte.c' || echo '$(srcdir)/'`curl_multibyte.c
+
+libcurlu_la-hostcheck.lo: hostcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostcheck.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostcheck.Tpo -c -o libcurlu_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostcheck.Tpo $(DEPDIR)/libcurlu_la-hostcheck.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostcheck.c' object='libcurlu_la-hostcheck.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c
+
+libcurlu_la-conncache.lo: conncache.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-conncache.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-conncache.Tpo -c -o libcurlu_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-conncache.Tpo $(DEPDIR)/libcurlu_la-conncache.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='conncache.c' object='libcurlu_la-conncache.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c
+
+libcurlu_la-pipeline.lo: pipeline.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-pipeline.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-pipeline.Tpo -c -o libcurlu_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-pipeline.Tpo $(DEPDIR)/libcurlu_la-pipeline.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pipeline.c' object='libcurlu_la-pipeline.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
+
+libcurlu_la-dotdot.lo: dotdot.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-dotdot.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-dotdot.Tpo -c -o libcurlu_la-dotdot.lo `test -f 'dotdot.c' || echo '$(srcdir)/'`dotdot.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-dotdot.Tpo $(DEPDIR)/libcurlu_la-dotdot.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='dotdot.c' object='libcurlu_la-dotdot.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-dotdot.lo `test -f 'dotdot.c' || echo '$(srcdir)/'`dotdot.c
+
+libcurlu_la-x509asn1.lo: x509asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-x509asn1.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-x509asn1.Tpo -c -o libcurlu_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-x509asn1.Tpo $(DEPDIR)/libcurlu_la-x509asn1.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509asn1.c' object='libcurlu_la-x509asn1.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c
+
+libcurlu_la-http2.lo: http2.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-http2.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-http2.Tpo -c -o libcurlu_la-http2.lo `test -f 'http2.c' || echo '$(srcdir)/'`http2.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-http2.Tpo $(DEPDIR)/libcurlu_la-http2.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='http2.c' object='libcurlu_la-http2.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-http2.lo `test -f 'http2.c' || echo '$(srcdir)/'`http2.c
+
+libcurlu_la-smb.lo: smb.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-smb.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-smb.Tpo -c -o libcurlu_la-smb.lo `test -f 'smb.c' || echo '$(srcdir)/'`smb.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-smb.Tpo $(DEPDIR)/libcurlu_la-smb.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='smb.c' object='libcurlu_la-smb.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-smb.lo `test -f 'smb.c' || echo '$(srcdir)/'`smb.c
+
+libcurlu_la-curl_endian.lo: curl_endian.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_endian.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_endian.Tpo -c -o libcurlu_la-curl_endian.lo `test -f 'curl_endian.c' || echo '$(srcdir)/'`curl_endian.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_endian.Tpo $(DEPDIR)/libcurlu_la-curl_endian.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_endian.c' object='libcurlu_la-curl_endian.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_endian.lo `test -f 'curl_endian.c' || echo '$(srcdir)/'`curl_endian.c
+
+libcurlu_la-curl_des.lo: curl_des.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_des.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_des.Tpo -c -o libcurlu_la-curl_des.lo `test -f 'curl_des.c' || echo '$(srcdir)/'`curl_des.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_des.Tpo $(DEPDIR)/libcurlu_la-curl_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_des.c' object='libcurlu_la-curl_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_des.lo `test -f 'curl_des.c' || echo '$(srcdir)/'`curl_des.c
+
+libcurlu_la-system_win32.lo: system_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-system_win32.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-system_win32.Tpo -c -o libcurlu_la-system_win32.lo `test -f 'system_win32.c' || echo '$(srcdir)/'`system_win32.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-system_win32.Tpo $(DEPDIR)/libcurlu_la-system_win32.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='system_win32.c' object='libcurlu_la-system_win32.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-system_win32.lo `test -f 'system_win32.c' || echo '$(srcdir)/'`system_win32.c
+
+libcurlu_la-mime.lo: mime.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-mime.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-mime.Tpo -c -o libcurlu_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-mime.Tpo $(DEPDIR)/libcurlu_la-mime.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mime.c' object='libcurlu_la-mime.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-mime.lo `test -f 'mime.c' || echo '$(srcdir)/'`mime.c
+
+libcurlu_la-sha256.lo: sha256.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-sha256.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-sha256.Tpo -c -o libcurlu_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-sha256.Tpo $(DEPDIR)/libcurlu_la-sha256.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sha256.c' object='libcurlu_la-sha256.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-sha256.lo `test -f 'sha256.c' || echo '$(srcdir)/'`sha256.c
+
+libcurlu_la-setopt.lo: setopt.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-setopt.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-setopt.Tpo -c -o libcurlu_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-setopt.Tpo $(DEPDIR)/libcurlu_la-setopt.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='setopt.c' object='libcurlu_la-setopt.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-setopt.lo `test -f 'setopt.c' || echo '$(srcdir)/'`setopt.c
+
+vauth/libcurlu_la-vauth.lo: vauth/vauth.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-vauth.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo -c -o vauth/libcurlu_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-vauth.Tpo vauth/$(DEPDIR)/libcurlu_la-vauth.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/vauth.c' object='vauth/libcurlu_la-vauth.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-vauth.lo `test -f 'vauth/vauth.c' || echo '$(srcdir)/'`vauth/vauth.c
+
+vauth/libcurlu_la-cleartext.lo: vauth/cleartext.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-cleartext.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-cleartext.Tpo -c -o vauth/libcurlu_la-cleartext.lo `test -f 'vauth/cleartext.c' || echo '$(srcdir)/'`vauth/cleartext.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-cleartext.Tpo vauth/$(DEPDIR)/libcurlu_la-cleartext.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/cleartext.c' object='vauth/libcurlu_la-cleartext.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-cleartext.lo `test -f 'vauth/cleartext.c' || echo '$(srcdir)/'`vauth/cleartext.c
+
+vauth/libcurlu_la-cram.lo: vauth/cram.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-cram.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-cram.Tpo -c -o vauth/libcurlu_la-cram.lo `test -f 'vauth/cram.c' || echo '$(srcdir)/'`vauth/cram.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-cram.Tpo vauth/$(DEPDIR)/libcurlu_la-cram.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/cram.c' object='vauth/libcurlu_la-cram.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-cram.lo `test -f 'vauth/cram.c' || echo '$(srcdir)/'`vauth/cram.c
+
+vauth/libcurlu_la-digest.lo: vauth/digest.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-digest.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-digest.Tpo -c -o vauth/libcurlu_la-digest.lo `test -f 'vauth/digest.c' || echo '$(srcdir)/'`vauth/digest.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-digest.Tpo vauth/$(DEPDIR)/libcurlu_la-digest.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/digest.c' object='vauth/libcurlu_la-digest.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-digest.lo `test -f 'vauth/digest.c' || echo '$(srcdir)/'`vauth/digest.c
+
+vauth/libcurlu_la-digest_sspi.lo: vauth/digest_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-digest_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-digest_sspi.Tpo -c -o vauth/libcurlu_la-digest_sspi.lo `test -f 'vauth/digest_sspi.c' || echo '$(srcdir)/'`vauth/digest_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-digest_sspi.Tpo vauth/$(DEPDIR)/libcurlu_la-digest_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/digest_sspi.c' object='vauth/libcurlu_la-digest_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-digest_sspi.lo `test -f 'vauth/digest_sspi.c' || echo '$(srcdir)/'`vauth/digest_sspi.c
+
+vauth/libcurlu_la-krb5_gssapi.lo: vauth/krb5_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-krb5_gssapi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-krb5_gssapi.Tpo -c -o vauth/libcurlu_la-krb5_gssapi.lo `test -f 'vauth/krb5_gssapi.c' || echo '$(srcdir)/'`vauth/krb5_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-krb5_gssapi.Tpo vauth/$(DEPDIR)/libcurlu_la-krb5_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/krb5_gssapi.c' object='vauth/libcurlu_la-krb5_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-krb5_gssapi.lo `test -f 'vauth/krb5_gssapi.c' || echo '$(srcdir)/'`vauth/krb5_gssapi.c
+
+vauth/libcurlu_la-krb5_sspi.lo: vauth/krb5_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-krb5_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-krb5_sspi.Tpo -c -o vauth/libcurlu_la-krb5_sspi.lo `test -f 'vauth/krb5_sspi.c' || echo '$(srcdir)/'`vauth/krb5_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-krb5_sspi.Tpo vauth/$(DEPDIR)/libcurlu_la-krb5_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/krb5_sspi.c' object='vauth/libcurlu_la-krb5_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-krb5_sspi.lo `test -f 'vauth/krb5_sspi.c' || echo '$(srcdir)/'`vauth/krb5_sspi.c
+
+vauth/libcurlu_la-ntlm.lo: vauth/ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-ntlm.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-ntlm.Tpo -c -o vauth/libcurlu_la-ntlm.lo `test -f 'vauth/ntlm.c' || echo '$(srcdir)/'`vauth/ntlm.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-ntlm.Tpo vauth/$(DEPDIR)/libcurlu_la-ntlm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/ntlm.c' object='vauth/libcurlu_la-ntlm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-ntlm.lo `test -f 'vauth/ntlm.c' || echo '$(srcdir)/'`vauth/ntlm.c
+
+vauth/libcurlu_la-ntlm_sspi.lo: vauth/ntlm_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-ntlm_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-ntlm_sspi.Tpo -c -o vauth/libcurlu_la-ntlm_sspi.lo `test -f 'vauth/ntlm_sspi.c' || echo '$(srcdir)/'`vauth/ntlm_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-ntlm_sspi.Tpo vauth/$(DEPDIR)/libcurlu_la-ntlm_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/ntlm_sspi.c' object='vauth/libcurlu_la-ntlm_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-ntlm_sspi.lo `test -f 'vauth/ntlm_sspi.c' || echo '$(srcdir)/'`vauth/ntlm_sspi.c
+
+vauth/libcurlu_la-oauth2.lo: vauth/oauth2.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-oauth2.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-oauth2.Tpo -c -o vauth/libcurlu_la-oauth2.lo `test -f 'vauth/oauth2.c' || echo '$(srcdir)/'`vauth/oauth2.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-oauth2.Tpo vauth/$(DEPDIR)/libcurlu_la-oauth2.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/oauth2.c' object='vauth/libcurlu_la-oauth2.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-oauth2.lo `test -f 'vauth/oauth2.c' || echo '$(srcdir)/'`vauth/oauth2.c
+
+vauth/libcurlu_la-spnego_gssapi.lo: vauth/spnego_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-spnego_gssapi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Tpo -c -o vauth/libcurlu_la-spnego_gssapi.lo `test -f 'vauth/spnego_gssapi.c' || echo '$(srcdir)/'`vauth/spnego_gssapi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Tpo vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/spnego_gssapi.c' object='vauth/libcurlu_la-spnego_gssapi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-spnego_gssapi.lo `test -f 'vauth/spnego_gssapi.c' || echo '$(srcdir)/'`vauth/spnego_gssapi.c
+
+vauth/libcurlu_la-spnego_sspi.lo: vauth/spnego_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-spnego_sspi.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Tpo -c -o vauth/libcurlu_la-spnego_sspi.lo `test -f 'vauth/spnego_sspi.c' || echo '$(srcdir)/'`vauth/spnego_sspi.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Tpo vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vauth/spnego_sspi.c' object='vauth/libcurlu_la-spnego_sspi.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vauth/libcurlu_la-spnego_sspi.lo `test -f 'vauth/spnego_sspi.c' || echo '$(srcdir)/'`vauth/spnego_sspi.c
+
+vtls/libcurlu_la-openssl.lo: vtls/openssl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-openssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-openssl.Tpo -c -o vtls/libcurlu_la-openssl.lo `test -f 'vtls/openssl.c' || echo '$(srcdir)/'`vtls/openssl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-openssl.Tpo vtls/$(DEPDIR)/libcurlu_la-openssl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/openssl.c' object='vtls/libcurlu_la-openssl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-openssl.lo `test -f 'vtls/openssl.c' || echo '$(srcdir)/'`vtls/openssl.c
+
+vtls/libcurlu_la-gtls.lo: vtls/gtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-gtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-gtls.Tpo -c -o vtls/libcurlu_la-gtls.lo `test -f 'vtls/gtls.c' || echo '$(srcdir)/'`vtls/gtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-gtls.Tpo vtls/$(DEPDIR)/libcurlu_la-gtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/gtls.c' object='vtls/libcurlu_la-gtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-gtls.lo `test -f 'vtls/gtls.c' || echo '$(srcdir)/'`vtls/gtls.c
+
+vtls/libcurlu_la-vtls.lo: vtls/vtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-vtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-vtls.Tpo -c -o vtls/libcurlu_la-vtls.lo `test -f 'vtls/vtls.c' || echo '$(srcdir)/'`vtls/vtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-vtls.Tpo vtls/$(DEPDIR)/libcurlu_la-vtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/vtls.c' object='vtls/libcurlu_la-vtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-vtls.lo `test -f 'vtls/vtls.c' || echo '$(srcdir)/'`vtls/vtls.c
+
+vtls/libcurlu_la-nss.lo: vtls/nss.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-nss.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-nss.Tpo -c -o vtls/libcurlu_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-nss.Tpo vtls/$(DEPDIR)/libcurlu_la-nss.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/nss.c' object='vtls/libcurlu_la-nss.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c
+
+vtls/libcurlu_la-polarssl.lo: vtls/polarssl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-polarssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-polarssl.Tpo -c -o vtls/libcurlu_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-polarssl.Tpo vtls/$(DEPDIR)/libcurlu_la-polarssl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl.c' object='vtls/libcurlu_la-polarssl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-polarssl.lo `test -f 'vtls/polarssl.c' || echo '$(srcdir)/'`vtls/polarssl.c
+
+vtls/libcurlu_la-polarssl_threadlock.lo: vtls/polarssl_threadlock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-polarssl_threadlock.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Tpo -c -o vtls/libcurlu_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Tpo vtls/$(DEPDIR)/libcurlu_la-polarssl_threadlock.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/polarssl_threadlock.c' object='vtls/libcurlu_la-polarssl_threadlock.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-polarssl_threadlock.lo `test -f 'vtls/polarssl_threadlock.c' || echo '$(srcdir)/'`vtls/polarssl_threadlock.c
+
+vtls/libcurlu_la-axtls.lo: vtls/axtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-axtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-axtls.Tpo -c -o vtls/libcurlu_la-axtls.lo `test -f 'vtls/axtls.c' || echo '$(srcdir)/'`vtls/axtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-axtls.Tpo vtls/$(DEPDIR)/libcurlu_la-axtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/axtls.c' object='vtls/libcurlu_la-axtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-axtls.lo `test -f 'vtls/axtls.c' || echo '$(srcdir)/'`vtls/axtls.c
+
+vtls/libcurlu_la-cyassl.lo: vtls/cyassl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-cyassl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-cyassl.Tpo -c -o vtls/libcurlu_la-cyassl.lo `test -f 'vtls/cyassl.c' || echo '$(srcdir)/'`vtls/cyassl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-cyassl.Tpo vtls/$(DEPDIR)/libcurlu_la-cyassl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/cyassl.c' object='vtls/libcurlu_la-cyassl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-cyassl.lo `test -f 'vtls/cyassl.c' || echo '$(srcdir)/'`vtls/cyassl.c
+
+vtls/libcurlu_la-schannel.lo: vtls/schannel.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-schannel.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-schannel.Tpo -c -o vtls/libcurlu_la-schannel.lo `test -f 'vtls/schannel.c' || echo '$(srcdir)/'`vtls/schannel.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-schannel.Tpo vtls/$(DEPDIR)/libcurlu_la-schannel.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/schannel.c' object='vtls/libcurlu_la-schannel.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-schannel.lo `test -f 'vtls/schannel.c' || echo '$(srcdir)/'`vtls/schannel.c
+
+vtls/libcurlu_la-darwinssl.lo: vtls/darwinssl.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-darwinssl.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-darwinssl.Tpo -c -o vtls/libcurlu_la-darwinssl.lo `test -f 'vtls/darwinssl.c' || echo '$(srcdir)/'`vtls/darwinssl.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-darwinssl.Tpo vtls/$(DEPDIR)/libcurlu_la-darwinssl.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/darwinssl.c' object='vtls/libcurlu_la-darwinssl.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-darwinssl.lo `test -f 'vtls/darwinssl.c' || echo '$(srcdir)/'`vtls/darwinssl.c
+
+vtls/libcurlu_la-gskit.lo: vtls/gskit.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-gskit.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-gskit.Tpo -c -o vtls/libcurlu_la-gskit.lo `test -f 'vtls/gskit.c' || echo '$(srcdir)/'`vtls/gskit.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-gskit.Tpo vtls/$(DEPDIR)/libcurlu_la-gskit.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/gskit.c' object='vtls/libcurlu_la-gskit.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-gskit.lo `test -f 'vtls/gskit.c' || echo '$(srcdir)/'`vtls/gskit.c
+
+vtls/libcurlu_la-mbedtls.lo: vtls/mbedtls.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-mbedtls.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-mbedtls.Tpo -c -o vtls/libcurlu_la-mbedtls.lo `test -f 'vtls/mbedtls.c' || echo '$(srcdir)/'`vtls/mbedtls.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-mbedtls.Tpo vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/mbedtls.c' object='vtls/libcurlu_la-mbedtls.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-mbedtls.lo `test -f 'vtls/mbedtls.c' || echo '$(srcdir)/'`vtls/mbedtls.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+ -rm -rf vauth/.libs vauth/_libs
+ -rm -rf vtls/.libs vtls/_libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+@CURLDEBUG_FALSE@all-local:
+all-am: Makefile $(LTLIBRARIES) curl_config.h all-local
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f vauth/$(DEPDIR)/$(am__dirstamp)
+ -rm -f vauth/$(am__dirstamp)
+ -rm -f vtls/$(DEPDIR)/$(am__dirstamp)
+ -rm -f vtls/$(am__dirstamp)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ clean-noinstLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR) vauth/$(DEPDIR) vtls/$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-hdr distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR) vauth/$(DEPDIR) vtls/$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: all install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-am clean \
+ clean-generic clean-libLTLIBRARIES clean-libtool \
+ clean-noinstLTLIBRARIES cscopelist-am ctags ctags-am distclean \
+ distclean-compile distclean-generic distclean-hdr \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am uninstall-libLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+
+@CODE_COVERAGE_RULES@
+
+checksrc:
+ @PERL@ $(srcdir)/checksrc.pl -D$(srcdir) -W$(srcdir)/curl_config.h \
+ $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] $(srcdir)/vtls/*.[ch]
+
+# for debug builds, we scan the sources on all regular make invokes
+@CURLDEBUG_TRUE@all-local: checksrc
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/libs/libcurl/src/Makefile.inc b/libs/libcurl/src/Makefile.inc
new file mode 100644
index 0000000000..0a88b8eb80
--- /dev/null
+++ b/libs/libcurl/src/Makefile.inc
@@ -0,0 +1,81 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+LIB_VAUTH_CFILES = vauth/vauth.c vauth/cleartext.c vauth/cram.c \
+ vauth/digest.c vauth/digest_sspi.c vauth/krb5_gssapi.c \
+ vauth/krb5_sspi.c vauth/ntlm.c vauth/ntlm_sspi.c vauth/oauth2.c \
+ vauth/spnego_gssapi.c vauth/spnego_sspi.c
+
+LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h
+
+LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \
+ vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \
+ vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c \
+ vtls/mbedtls.c
+
+LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \
+ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \
+ vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h \
+ vtls/mbedtls.h
+
+LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
+ cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \
+ ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c \
+ getinfo.c transfer.c strcase.c easy.c security.c curl_fnmatch.c \
+ fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c \
+ strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c \
+ http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c \
+ strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c \
+ inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c \
+ ssh.c curl_addrinfo.c socks_gssapi.c socks_sspi.c \
+ curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c \
+ pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c \
+ openldap.c curl_gethostname.c gopher.c idn_win32.c \
+ http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \
+ http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \
+ curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \
+ x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \
+ mime.c sha256.c setopt.c
+
+LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
+ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \
+ speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h \
+ strcase.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h \
+ wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h \
+ hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h \
+ http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h \
+ inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h \
+ easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h \
+ socks.h ssh.h curl_base64.h curl_addrinfo.h curl_sspi.h \
+ slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h \
+ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \
+ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \
+ http_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \
+ curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \
+ curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \
+ x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \
+ curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h
+
+LIB_RCFILES = libcurl.rc
+
+CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES)
+HHEADERS = $(LIB_HFILES) $(LIB_VAUTH_HFILES) $(LIB_VTLS_HFILES)
diff --git a/libs/libcurl/src/Makefile.m32 b/libs/libcurl/src/Makefile.m32
new file mode 100644
index 0000000000..773187ad7f
--- /dev/null
+++ b/libs/libcurl/src/Makefile.m32
@@ -0,0 +1,387 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1999 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+###########################################################################
+#
+## Makefile for building libcurl.a with MingW (GCC-3.2 or later or LLVM/Clang)
+## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4),
+## brotli (1.0.1)
+##
+## Usage: mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
+## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
+##
+## Hint: you can also set environment vars to control the build, f.e.:
+## set ZLIB_PATH=c:/zlib-1.2.8
+## set ZLIB=1
+#
+###########################################################################
+
+# Edit the path below to point to the base of your Zlib sources.
+ifndef ZLIB_PATH
+ZLIB_PATH = ../../zlib-1.2.8
+endif
+# Edit the path below to point to the base of your Brotli sources.
+ifndef BROTLI_PATH
+BROTLI_PATH = ../../brotli-1.0.1
+endif
+# Edit the path below to point to the base of your OpenSSL package.
+ifndef OPENSSL_PATH
+OPENSSL_PATH = ../../openssl-1.0.2a
+endif
+# Edit the path below to point to the base of your LibSSH2 package.
+ifndef LIBSSH2_PATH
+LIBSSH2_PATH = ../../libssh2-1.5.0
+endif
+# Edit the path below to point to the base of your librtmp package.
+ifndef LIBRTMP_PATH
+LIBRTMP_PATH = ../../librtmp-2.4
+endif
+# Edit the path below to point to the base of your libidn2 package.
+ifndef LIBIDN2_PATH
+LIBIDN2_PATH = ../../libidn2-2.0.3
+endif
+# Edit the path below to point to the base of your MS IDN package.
+# Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
+# https://www.microsoft.com/en-us/download/details.aspx?id=734
+ifndef WINIDN_PATH
+WINIDN_PATH = ../../Microsoft IDN Mitigation APIs
+endif
+# Edit the path below to point to the base of your Novell LDAP NDK.
+ifndef LDAP_SDK
+LDAP_SDK = c:/novell/ndk/cldapsdk/win32
+endif
+# Edit the path below to point to the base of your nghttp2 package.
+ifndef NGHTTP2_PATH
+NGHTTP2_PATH = ../../nghttp2-1.0.0
+endif
+
+PROOT = ..
+
+# Edit the path below to point to the base of your c-ares package.
+ifndef LIBCARES_PATH
+LIBCARES_PATH = $(PROOT)/ares
+endif
+
+ifeq ($(CURL_CC),)
+CURL_CC := $(CROSSPREFIX)gcc
+endif
+ifeq ($(CURL_AR),)
+CURL_AR := $(CROSSPREFIX)ar
+endif
+ifeq ($(CURL_RANLIB),)
+CURL_RANLIB := $(CROSSPREFIX)ranlib
+endif
+
+CC = $(CURL_CC)
+CFLAGS = $(CURL_CFLAG_EXTRAS) -g -O2 -Wall -W
+CFLAGS += -fno-strict-aliasing
+# comment LDFLAGS below to keep debug info
+LDFLAGS = $(CURL_LDFLAG_EXTRAS) $(CURL_LDFLAG_EXTRAS_DLL) -s
+AR = $(CURL_AR)
+RANLIB = $(CURL_RANLIB)
+RC = $(CROSSPREFIX)windres
+RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF
+STRIP = $(CROSSPREFIX)strip -g
+
+# Set environment var ARCH to your architecture to override autodetection.
+ifndef ARCH
+ifeq ($(findstring x86_64,$(shell $(CC) -dumpmachine)),x86_64)
+ARCH = w64
+else
+ARCH = w32
+endif
+endif
+
+ifeq ($(ARCH),w64)
+CFLAGS += -m64 -D_AMD64_
+LDFLAGS += -m64
+RCFLAGS += -F pe-x86-64
+else
+CFLAGS += -m32
+LDFLAGS += -m32
+RCFLAGS += -F pe-i386
+endif
+
+# Platform-dependent helper tool macros
+ifeq ($(findstring /sh,$(SHELL)),/sh)
+DEL = rm -f $1
+RMDIR = rm -fr $1
+MKDIR = mkdir -p $1
+COPY = -cp -afv $1 $2
+#COPYR = -cp -afr $1/* $2
+COPYR = -rsync -aC $1/* $2
+TOUCH = touch $1
+CAT = cat
+ECHONL = echo ""
+DL = '
+else
+ifeq "$(OS)" "Windows_NT"
+DEL = -del 2>NUL /q /f $(subst /,\,$1)
+RMDIR = -rd 2>NUL /q /s $(subst /,\,$1)
+else
+DEL = -del 2>NUL $(subst /,\,$1)
+RMDIR = -deltree 2>NUL /y $(subst /,\,$1)
+endif
+MKDIR = -md 2>NUL $(subst /,\,$1)
+COPY = -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
+COPYR = -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
+TOUCH = copy 2>&1>NUL /b $(subst /,\,$1) +,,
+CAT = type
+ECHONL = $(ComSpec) /c echo.
+endif
+
+########################################################
+## Nothing more to do below this line!
+
+ifeq ($(findstring -dyn,$(CFG)),-dyn)
+DYN = 1
+endif
+ifeq ($(findstring -ares,$(CFG)),-ares)
+ARES = 1
+endif
+ifeq ($(findstring -sync,$(CFG)),-sync)
+SYNC = 1
+endif
+ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
+RTMP = 1
+SSL = 1
+ZLIB = 1
+endif
+ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
+SSH2 = 1
+SSL = 1
+ZLIB = 1
+endif
+ifeq ($(findstring -ssl,$(CFG)),-ssl)
+SSL = 1
+endif
+ifeq ($(findstring -srp,$(CFG)),-srp)
+SRP = 1
+endif
+ifeq ($(findstring -zlib,$(CFG)),-zlib)
+ZLIB = 1
+endif
+ifeq ($(findstring -brotli,$(CFG)),-brotli)
+BROTLI = 1
+endif
+ifeq ($(findstring -idn2,$(CFG)),-idn2)
+IDN2 = 1
+endif
+ifeq ($(findstring -winidn,$(CFG)),-winidn)
+WINIDN = 1
+endif
+ifeq ($(findstring -sspi,$(CFG)),-sspi)
+SSPI = 1
+endif
+ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
+LDAPS = 1
+endif
+ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
+IPV6 = 1
+endif
+ifeq ($(findstring -winssl,$(CFG)),-winssl)
+WINSSL = 1
+SSPI = 1
+endif
+ifeq ($(findstring -nghttp2,$(CFG)),-nghttp2)
+NGHTTP2 = 1
+endif
+
+INCLUDES = -I. -I../include
+CFLAGS += -DBUILDING_LIBCURL
+ifdef SSL
+ ifdef WINSSL
+ CFLAGS += -DCURL_WITH_MULTI_SSL
+ endif
+endif
+
+ifdef SYNC
+ CFLAGS += -DUSE_SYNC_DNS
+else
+ ifdef ARES
+ INCLUDES += -I"$(LIBCARES_PATH)"
+ CFLAGS += -DUSE_ARES -DCARES_STATICLIB
+ DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
+ libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
+ endif
+endif
+ifdef RTMP
+ INCLUDES += -I"$(LIBRTMP_PATH)"
+ CFLAGS += -DUSE_LIBRTMP
+ DLL_LIBS += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
+endif
+ifdef NGHTTP2
+ INCLUDES += -I"$(NGHTTP2_PATH)/include"
+ CFLAGS += -DUSE_NGHTTP2
+ DLL_LIBS += -L"$(NGHTTP2_PATH)/lib" -lnghttp2
+endif
+ifdef SSH2
+ INCLUDES += -I"$(LIBSSH2_PATH)/include" -I"$(LIBSSH2_PATH)/win32"
+ CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
+ DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2
+ ifdef WINSSL
+ ifndef DYN
+ DLL_LIBS += -lbcrypt -lcrypt32
+ endif
+ endif
+endif
+ifdef SSL
+ ifndef OPENSSL_INCLUDE
+ ifeq "$(wildcard $(OPENSSL_PATH)/outinc)" "$(OPENSSL_PATH)/outinc"
+ OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
+ endif
+ ifeq "$(wildcard $(OPENSSL_PATH)/include)" "$(OPENSSL_PATH)/include"
+ OPENSSL_INCLUDE = $(OPENSSL_PATH)/include
+ endif
+ endif
+ ifneq "$(wildcard $(OPENSSL_INCLUDE)/openssl/opensslv.h)" "$(OPENSSL_INCLUDE)/openssl/opensslv.h"
+ $(error Invalid path to OpenSSL package: $(OPENSSL_PATH))
+ endif
+ ifndef OPENSSL_LIBPATH
+ ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
+ OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
+ OPENSSL_LIBS = -leay32 -lssl32
+ endif
+ ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
+ OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
+ OPENSSL_LIBS = -lcrypto -lssl
+ endif
+ endif
+ ifndef DYN
+ OPENSSL_LIBS += -lgdi32 -lcrypt32
+ endif
+ INCLUDES += -I"$(OPENSSL_INCLUDE)"
+ CFLAGS += -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
+ -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5
+ DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
+ ifdef SRP
+ ifeq "$(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h)" "$(OPENSSL_INCLUDE)/openssl/srp.h"
+ CFLAGS += -DHAVE_OPENSSL_SRP -DUSE_TLS_SRP
+ endif
+ endif
+endif
+ifdef WINSSL
+ CFLAGS += -DUSE_SCHANNEL
+ DLL_LIBS += -lcrypt32
+endif
+ifdef ZLIB
+ INCLUDES += -I"$(ZLIB_PATH)"
+ CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H
+ DLL_LIBS += -L"$(ZLIB_PATH)" -lz
+endif
+ifdef BROTLI
+ INCLUDES += -I"$(BROTLI_PATH)/include"
+ CFLAGS += -DHAVE_BROTLI
+ DLL_LIBS += -L"$(BROTLI_PATH)/lib"
+ ifdef BROTLI_LIBS
+ DLL_LIBS += $(BROTLI_LIBS)
+ else
+ DLL_LIBS += -lbrotlidec
+ endif
+endif
+ifdef IDN2
+ INCLUDES += -I"$(LIBIDN2_PATH)/include"
+ CFLAGS += -DUSE_LIBIDN2
+ DLL_LIBS += -L"$(LIBIDN2_PATH)/lib" -lidn2
+else
+ifdef WINIDN
+ CFLAGS += -DUSE_WIN32_IDN
+ CFLAGS += -DWANT_IDN_PROTOTYPES
+ DLL_LIBS += -L"$(WINIDN_PATH)" -lnormaliz
+endif
+endif
+ifdef SSPI
+ CFLAGS += -DUSE_WINDOWS_SSPI
+endif
+ifdef SPNEGO
+ CFLAGS += -DHAVE_SPNEGO
+endif
+ifdef IPV6
+ CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
+endif
+ifdef LDAPS
+ CFLAGS += -DHAVE_LDAP_SSL
+endif
+ifdef USE_LDAP_NOVELL
+ INCLUDES += -I"$(LDAP_SDK)/inc"
+ CFLAGS += -DCURL_HAS_NOVELL_LDAPSDK
+ DLL_LIBS += -L"$(LDAP_SDK)/lib/mscvc" -lldapsdk -lldapssl -lldapx
+endif
+ifdef USE_LDAP_OPENLDAP
+ INCLUDES += -I"$(LDAP_SDK)/include"
+ CFLAGS += -DCURL_HAS_OPENLDAP_LDAPSDK
+ DLL_LIBS += -L"$(LDAP_SDK)/lib" -lldap -llber
+endif
+ifndef USE_LDAP_NOVELL
+ifndef USE_LDAP_OPENLDAP
+ DLL_LIBS += -lwldap32
+endif
+endif
+DLL_LIBS += -lws2_32
+
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include Makefile.inc
+
+ifeq ($(CURL_DLL_A_SUFFIX),)
+CURL_DLL_A_SUFFIX := dll
+endif
+
+libcurl_dll_LIBRARY = libcurl$(CURL_DLL_SUFFIX).dll
+libcurl_dll_a_LIBRARY = libcurl$(CURL_DLL_A_SUFFIX).a
+libcurl_a_LIBRARY = libcurl.a
+
+libcurl_a_OBJECTS := $(patsubst %.c,%.o,$(strip $(CSOURCES)))
+libcurl_a_DEPENDENCIES := $(strip $(CSOURCES) $(HHEADERS))
+
+RESOURCE = libcurl.res
+
+
+all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY)
+
+$(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
+ @$(call DEL, $@)
+ $(AR) cru $@ $(libcurl_a_OBJECTS)
+ $(RANLIB) $@
+ $(STRIP) $@
+
+# remove the last line above to keep debug info
+
+$(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENCIES)
+ @$(call DEL, $@)
+ $(CC) $(LDFLAGS) -shared -o $@ \
+ -Wl,--output-def,$(@:.dll=.def),--out-implib,$(libcurl_dll_a_LIBRARY) \
+ $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)
+
+%.o: %.c
+ $(CC) $(INCLUDES) $(CFLAGS) -c $< -o $@
+
+%.res: %.rc
+ $(RC) $(RCFLAGS) -i $< -o $@
+
+clean:
+ @$(call DEL, $(libcurl_a_OBJECTS) $(RESOURCE))
+
+distclean vclean: clean
+ @$(call DEL, $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_LIBRARY:.dll=.def) $(libcurl_dll_a_LIBRARY))
+
+$(LIBCARES_PATH)/libcares.a:
+ $(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32
diff --git a/libs/libcurl/src/Makefile.netware b/libs/libcurl/src/Makefile.netware
new file mode 100644
index 0000000000..a4ec4c8f38
--- /dev/null
+++ b/libs/libcurl/src/Makefile.netware
@@ -0,0 +1,761 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2004 - 2015, Guenter Knauf, <http://www.gknw.net/phpbb>.
+# Copyright (C) 2001 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+#################################################################
+#
+## Makefile for building libcurl.nlm (NetWare version - gnu make)
+##
+## Use: make -f Makefile.netware
+#
+#################################################################
+
+# Edit the path below to point to the base of your Novell NDK.
+ifndef NDKBASE
+NDKBASE = c:/novell
+endif
+
+# Edit the path below to point to the base of your Zlib sources.
+ifndef ZLIB_PATH
+ZLIB_PATH = ../../zlib-1.2.8
+endif
+
+# Edit the path below to point to the base of your OpenSSL package.
+ifndef OPENSSL_PATH
+OPENSSL_PATH = ../../openssl-1.0.2a
+endif
+
+# Edit the path below to point to the base of your LibSSH2 package.
+ifndef LIBSSH2_PATH
+LIBSSH2_PATH = ../../libssh2-1.5.0
+endif
+
+# Edit the path below to point to the base of your axTLS package.
+ifndef AXTLS_PATH
+AXTLS_PATH = ../../axTLS-1.2.7
+endif
+
+# Edit the path below to point to the base of your libidn package.
+ifndef LIBIDN_PATH
+LIBIDN_PATH = ../../libidn-1.18
+endif
+
+# Edit the path below to point to the base of your librtmp package.
+ifndef LIBRTMP_PATH
+LIBRTMP_PATH = ../../librtmp-2.3
+endif
+
+# Edit the path below to point to the base of your nghttp2 package.
+ifndef NGHTTP2_PATH
+NGHTTP2_PATH = ../../nghttp2-0.6.7
+endif
+
+# Edit the path below to point to the base of your fbopenssl package.
+ifndef FBOPENSSL_PATH
+FBOPENSSL_PATH = ../../fbopenssl-0.4
+endif
+
+# Edit the path below to point to the base of your c-ares package.
+ifndef LIBCARES_PATH
+LIBCARES_PATH = ../ares
+endif
+
+ifndef INSTDIR
+INSTDIR = ..$(DS)curl-$(LIBCURL_VERSION_STR)-bin-nw
+endif
+
+# Edit the vars below to change NLM target settings.
+TARGET = libcurl
+VERSION = $(LIBCURL_VERSION)
+COPYR = Copyright (C) $(LIBCURL_COPYRIGHT_STR)
+DESCR = curl libcurl $(LIBCURL_VERSION_STR) ($(LIBARCH)) - https://curl.haxx.se
+MTSAFE = YES
+STACK = 64000
+SCREEN = none
+EXPORTF = $(TARGET).imp
+EXPORTS = @$(EXPORTF)
+
+# Uncomment the next line to enable linking with POSIX semantics.
+# POSIXFL = 1
+
+# Edit the var below to point to your lib architecture.
+ifndef LIBARCH
+LIBARCH = LIBC
+endif
+
+# must be equal to NDEBUG or DEBUG, CURLDEBUG
+ifndef DB
+DB = NDEBUG
+endif
+# Optimization: -O<n> or debugging: -g
+ifeq ($(DB),NDEBUG)
+ OPT = -O2
+ OBJDIR = release
+else
+ OPT = -g
+ OBJDIR = debug
+endif
+
+# The following lines defines your compiler.
+ifdef CWFolder
+ METROWERKS = $(CWFolder)
+endif
+ifdef METROWERKS
+ # MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
+ MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
+ CC = mwccnlm
+else
+ CC = gcc
+endif
+PERL = perl
+# Here you can find a native Win32 binary of the original awk:
+# http://www.gknw.net/development/prgtools/awk-20100523.zip
+AWK = awk
+CP = cp -afv
+MKDIR = mkdir
+# RM = rm -f
+# If you want to mark the target as MTSAFE you will need a tool for
+# generating the xdc data for the linker; here's a minimal tool:
+# http://www.gknw.net/development/prgtools/mkxdc.zip
+MPKXDC = mkxdc
+
+# LIBARCH_U = $(shell $(AWK) 'BEGIN {print toupper(ARGV[1])}' $(LIBARCH))
+LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
+
+# Include the version info retrieved from curlver.h
+-include $(OBJDIR)/version.inc
+
+# Global flags for all compilers
+CFLAGS += $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc
+
+ifeq ($(CC),mwccnlm)
+LD = mwldnlm
+LDFLAGS = -nostdlib $(PRELUDE) $(OBJL) -o $@ -commandfile
+AR = mwldnlm
+ARFLAGS = -nostdlib -type library -o
+LIBEXT = lib
+#RANLIB =
+CFLAGS += -msgstyle gcc -gccinc -inline off -opt nointrinsics -proc 586
+CFLAGS += -relax_pointers
+#CFLAGS += -w on
+ifeq ($(LIBARCH),LIBC)
+ifeq ($(POSIXFL),1)
+ PRELUDE = $(NDK_LIBC)/imports/posixpre.o
+else
+ PRELUDE = $(NDK_LIBC)/imports/libcpre.o
+endif
+ CFLAGS += -align 4
+else
+ # PRELUDE = $(NDK_CLIB)/imports/clibpre.o
+ # to avoid the __init_* / __deinit_* whoes don't use prelude from NDK
+ PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
+ # CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
+ CFLAGS += -align 1
+endif
+else
+LD = nlmconv
+LDFLAGS = -T
+AR = ar
+ARFLAGS = -cq
+LIBEXT = a
+RANLIB = ranlib
+CFLAGS += -m32
+CFLAGS += -fno-builtin -fno-strict-aliasing
+ifeq ($(findstring gcc,$(CC)),gcc)
+CFLAGS += -fpcc-struct-return
+endif
+CFLAGS += -Wall # -pedantic
+ifeq ($(LIBARCH),LIBC)
+ifeq ($(POSIXFL),1)
+ PRELUDE = $(NDK_LIBC)/imports/posixpre.gcc.o
+else
+ PRELUDE = $(NDK_LIBC)/imports/libcpre.gcc.o
+endif
+else
+ PRELUDE = $(NDK_CLIB)/imports/clibpre.gcc.o
+ # to avoid the __init_* / __deinit_* whoes don't use prelude from NDK
+ # http://www.gknw.net/development/mk_nlm/gcc_pre.zip
+ # PRELUDE = $(NDK_ROOT)/pre/prelude.o
+ CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
+endif
+endif
+
+NDK_ROOT = $(NDKBASE)/ndk
+ifndef NDK_CLIB
+NDK_CLIB = $(NDK_ROOT)/nwsdk
+endif
+ifndef NDK_LIBC
+NDK_LIBC = $(NDK_ROOT)/libc
+endif
+ifndef NDK_LDAP
+NDK_LDAP = $(NDK_ROOT)/cldapsdk/netware
+endif
+CURL_INC = ../include
+CURL_LIB = ../lib
+
+INCLUDES = -I$(CURL_INC) -I$(CURL_LIB)
+
+ifeq ($(findstring -static,$(CFG)),-static)
+LINK_STATIC = 1
+endif
+ifeq ($(findstring -ares,$(CFG)),-ares)
+WITH_ARES = 1
+endif
+ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
+WITH_RTMP = 1
+WITH_SSL = 1
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
+WITH_SSH2 = 1
+WITH_SSL = 1
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -axtls,$(CFG)),-axtls)
+WITH_AXTLS = 1
+WITH_SSL =
+else
+ifeq ($(findstring -ssl,$(CFG)),-ssl)
+WITH_SSL = 1
+ifeq ($(findstring -srp,$(CFG)),-srp)
+ifeq "$(wildcard $(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h)" "$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h"
+WITH_SRP = 1
+endif
+endif
+endif
+endif
+ifeq ($(findstring -zlib,$(CFG)),-zlib)
+WITH_ZLIB = 1
+endif
+ifeq ($(findstring -idn,$(CFG)),-idn)
+WITH_IDN = 1
+endif
+ifeq ($(findstring -nghttp2,$(CFG)),-nghttp2)
+WITH_NGHTTP2 = 1
+endif
+ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
+ENABLE_IPV6 = 1
+endif
+
+ifdef WITH_ARES
+ INCLUDES += -I$(LIBCARES_PATH)
+ LDLIBS += $(LIBCARES_PATH)/libcares.$(LIBEXT)
+endif
+ifdef WITH_SSH2
+ INCLUDES += -I$(LIBSSH2_PATH)/include
+ifdef LINK_STATIC
+ LDLIBS += $(LIBSSH2_PATH)/nw/libssh2.$(LIBEXT)
+else
+ MODULES += libssh2.nlm
+ IMPORTS += @$(LIBSSH2_PATH)/nw/libssh2.imp
+endif
+endif
+ifdef WITH_RTMP
+ INCLUDES += -I$(LIBRTMP_PATH)
+ LDLIBS += $(LIBRTMP_PATH)/librtmp/librtmp.$(LIBEXT)
+endif
+ifdef WITH_SSL
+ INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)
+ LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
+ LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
+ IMPORTS += GetProcessSwitchCount RunningProcess
+ INSTDEP += ca-bundle.crt
+else
+ifdef WITH_AXTLS
+ INCLUDES += -I$(AXTLS_PATH)/inc
+ifdef LINK_STATIC
+ LDLIBS += $(AXTLS_PATH)/lib/libaxtls.$(LIBEXT)
+else
+ MODULES += libaxtls.nlm
+ IMPORTS += $(AXTLS_PATH)/lib/libaxtls.imp
+endif
+ INSTDEP += ca-bundle.crt
+endif
+endif
+ifdef WITH_ZLIB
+ INCLUDES += -I$(ZLIB_PATH)
+ifdef LINK_STATIC
+ LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
+else
+ MODULES += libz.nlm
+ IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
+endif
+endif
+ifdef WITH_IDN
+ INCLUDES += -I$(LIBIDN_PATH)/include
+ LDLIBS += $(LIBIDN_PATH)/lib/libidn.$(LIBEXT)
+endif
+ifdef WITH_NGHTTP2
+ INCLUDES += -I$(NGHTTP2_PATH)/include
+ LDLIBS += $(NGHTTP2_PATH)/lib/libnghttp2.$(LIBEXT)
+endif
+
+ifeq ($(LIBARCH),LIBC)
+ INCLUDES += -I$(NDK_LIBC)/include
+ # INCLUDES += -I$(NDK_LIBC)/include/nks
+ # INCLUDES += -I$(NDK_LIBC)/include/winsock
+ CFLAGS += -D_POSIX_SOURCE
+else
+ INCLUDES += -I$(NDK_CLIB)/include/nlm
+ # INCLUDES += -I$(NDK_CLIB)/include/nlm/obsolete
+ # INCLUDES += -I$(NDK_CLIB)/include
+endif
+ifndef DISABLE_LDAP
+ INCLUDES += -I$(NDK_LDAP)/$(LIBARCH_L)/inc
+endif
+CFLAGS += $(INCLUDES)
+
+ifeq ($(MTSAFE),YES)
+ XDCOPT = -n
+endif
+ifeq ($(MTSAFE),NO)
+ XDCOPT = -u
+endif
+ifdef XDCOPT
+ XDCDATA = $(OBJDIR)/$(TARGET).xdc
+endif
+
+ifeq ($(findstring /sh,$(SHELL)),/sh)
+DL = '
+DS = /
+PCT = %
+#-include $(NDKBASE)/nlmconv/ncpfs.inc
+else
+DS = \\
+PCT = %%
+endif
+
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include Makefile.inc
+
+OBJS := $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(notdir $(CSOURCES)))) $(OBJDIR)/nwos.o
+
+OBJL = $(OBJS) $(OBJDIR)/nwlib.o $(LDLIBS)
+
+vpath %.c . vauth vtls
+
+all: lib nlm
+
+nlm: prebuild $(TARGET).nlm
+
+lib: prebuild $(TARGET).$(LIBEXT)
+
+prebuild: $(OBJDIR) $(OBJDIR)/version.inc curl_config.h
+
+$(OBJDIR)/%.o: %.c
+# @echo Compiling $<
+ $(CC) $(CFLAGS) -c $< -o $@
+
+$(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR)
+ @echo Creating $@
+ @$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@
+
+install: $(INSTDIR) all $(INSTDEP)
+ @$(CP) $(TARGET).nlm $(INSTDIR)
+ @$(CP) $(TARGET).$(LIBEXT) $(INSTDIR)
+ @$(CP) ../CHANGES $(INSTDIR)
+ @$(CP) ../COPYING $(INSTDIR)
+ @$(CP) ../README $(INSTDIR)
+ @$(CP) ../RELEASE-NOTES $(INSTDIR)
+ifdef WITH_SSL
+ @-$(CP) ca-bundle.crt $(INSTDIR)/ca-bundle.crt
+endif
+
+clean:
+ -$(RM) curl_config.h
+ -$(RM) -r $(OBJDIR)
+
+distclean vclean: clean
+ -$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm $(TARGET).imp
+ -$(RM) certdata.txt ca-bundle.crt
+
+$(OBJDIR) $(INSTDIR):
+ @$(MKDIR) $@
+
+$(TARGET).$(LIBEXT): $(OBJS)
+ @echo Creating $@
+ @-$(RM) $@
+ @$(AR) $(ARFLAGS) $@ $^
+ifdef RANLIB
+ @$(RANLIB) $@
+endif
+
+$(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(EXPORTF) $(XDCDATA)
+ @echo Linking $@
+ @-$(RM) $@
+ @$(LD) $(LDFLAGS) $<
+
+$(OBJDIR)/%.xdc: Makefile.netware
+ @echo Creating $@
+ @$(MPKXDC) $(XDCOPT) $@
+
+$(OBJDIR)/%.def: Makefile.netware
+ @echo $(DL)# DEF file for linking with $(LD)$(DL) > $@
+ @echo $(DL)# Do not edit this file - it is created by make!$(DL) >> $@
+ @echo $(DL)# All your changes will be lost!!$(DL) >> $@
+ @echo $(DL)#$(DL) >> $@
+ @echo $(DL)copyright "$(COPYR)"$(DL) >> $@
+ @echo $(DL)description "$(DESCR)"$(DL) >> $@
+ @echo $(DL)version $(VERSION)$(DL) >> $@
+ifdef NLMTYPE
+ @echo $(DL)type $(NLMTYPE)$(DL) >> $@
+endif
+ifdef STACK
+ @echo $(DL)stack $(STACK)$(DL) >> $@
+endif
+ifdef SCREEN
+ @echo $(DL)screenname "$(SCREEN)"$(DL) >> $@
+else
+ @echo $(DL)screenname "DEFAULT"$(DL) >> $@
+endif
+ifneq ($(DB),NDEBUG)
+ @echo $(DL)debug$(DL) >> $@
+endif
+ @echo $(DL)threadname "$(TARGET)"$(DL) >> $@
+ifdef XDCDATA
+ @echo $(DL)xdcdata $(XDCDATA)$(DL) >> $@
+endif
+ @echo $(DL)flag_on 64$(DL) >> $@
+ifeq ($(LIBARCH),CLIB)
+ @echo $(DL)start _Prelude$(DL) >> $@
+ @echo $(DL)exit _Stop$(DL) >> $@
+ @echo $(DL)import @$(NDK_CLIB)/imports/clib.imp$(DL) >> $@
+ @echo $(DL)import @$(NDK_CLIB)/imports/threads.imp$(DL) >> $@
+ @echo $(DL)import @$(NDK_CLIB)/imports/nlmlib.imp$(DL) >> $@
+ @echo $(DL)import @$(NDK_CLIB)/imports/socklib.imp$(DL) >> $@
+ @echo $(DL)module clib$(DL) >> $@
+ifndef DISABLE_LDAP
+ @echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapsdk.imp$(DL) >> $@
+ @echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapssl.imp$(DL) >> $@
+# @echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@
+ @echo $(DL)module ldapsdk ldapssl$(DL) >> $@
+endif
+else
+ifeq ($(POSIXFL),1)
+ @echo $(DL)flag_on 4194304$(DL) >> $@
+endif
+ @echo $(DL)pseudopreemption$(DL) >> $@
+ifeq ($(findstring posixpre,$(PRELUDE)),posixpre)
+ @echo $(DL)start POSIX_Start$(DL) >> $@
+ @echo $(DL)exit POSIX_Stop$(DL) >> $@
+ @echo $(DL)check POSIX_CheckUnload$(DL) >> $@
+else
+ @echo $(DL)start _LibCPrelude$(DL) >> $@
+ @echo $(DL)exit _LibCPostlude$(DL) >> $@
+ @echo $(DL)check _LibCCheckUnload$(DL) >> $@
+endif
+ @echo $(DL)import @$(NDK_LIBC)/imports/libc.imp$(DL) >> $@
+ @echo $(DL)import @$(NDK_LIBC)/imports/netware.imp$(DL) >> $@
+ @echo $(DL)module libc$(DL) >> $@
+ifndef DISABLE_LDAP
+ @echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapsdk.imp$(DL) >> $@
+ @echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapssl.imp$(DL) >> $@
+# @echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapx.imp$(DL) >> $@
+ @echo $(DL)module lldapsdk lldapssl$(DL) >> $@
+endif
+endif
+ifdef MODULES
+ @echo $(DL)module $(MODULES)$(DL) >> $@
+endif
+ifdef EXPORTS
+ @echo $(DL)export $(EXPORTS)$(DL) >> $@
+endif
+ifdef IMPORTS
+ @echo $(DL)import $(IMPORTS)$(DL) >> $@
+endif
+ifeq ($(findstring nlmconv,$(LD)),nlmconv)
+ @echo $(DL)input $(PRELUDE)$(DL) >> $@
+ @echo $(DL)input $(OBJL)$(DL) >> $@
+#ifdef LDLIBS
+# @echo $(DL)input $(LDLIBS)$(DL) >> $@
+#endif
+ @echo $(DL)output $(TARGET).nlm$(DL) >> $@
+endif
+
+curl_config.h: Makefile.netware
+ @echo Creating $@
+ @echo $(DL)/* $@ for NetWare target.$(DL) > $@
+ @echo $(DL)** Do not edit this file - it is created by make!$(DL) >> $@
+ @echo $(DL)** All your changes will be lost!!$(DL) >> $@
+ @echo $(DL)*/$(DL) >> $@
+ @echo $(DL)#ifndef NETWARE$(DL) >> $@
+ @echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@
+ @echo $(DL)#endif$(DL) >> $@
+ @echo $(DL)#define VERSION "$(LIBCURL_VERSION_STR)"$(DL) >> $@
+ @echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.haxx.se/mail/"$(DL) >> $@
+ifeq ($(LIBARCH),CLIB)
+ @echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
+ @echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRICMP 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRNICMP 1$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG1 int$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG2 char$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG3 int$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG4 int$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG5 struct sockaddr$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG6 int$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_RETV int$(DL) >> $@
+ @echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
+ @echo $(DL)#define SIZEOF_SIZE_T 4$(DL) >> $@
+ @echo $(DL)#define pressanykey PressAnyKeyToContinue$(DL) >> $@
+else
+ @echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
+ @echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
+ @echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
+ @echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRTOLL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
+ @echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG1 int$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG2 void$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG3 size_t$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG4 int$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG5 struct sockaddr$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG6 size_t$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_RETV ssize_t$(DL) >> $@
+ @echo $(DL)#define RECVFROM_TYPE_ARG2_IS_VOID 1$(DL) >> $@
+ @echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
+ @echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
+ @echo $(DL)#define SIZEOF_OFF_T 8$(DL) >> $@
+ @echo $(DL)#define SIZEOF_SIZE_T 8$(DL) >> $@
+ @echo $(DL)#define _LARGEFILE 1$(DL) >> $@
+ifdef ENABLE_IPV6
+ @echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@
+ @echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
+ @echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
+ @echo $(DL)#define HAVE_FREEADDRINFO 1$(DL) >> $@
+ @echo $(DL)#define HAVE_GETADDRINFO 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
+ @echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
+endif
+endif
+ @echo $(DL)#define USE_MANUAL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_ERRNO_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
+ @echo $(DL)#define HAVE_GETHOSTBYNAME 1$(DL) >> $@
+ @echo $(DL)#define HAVE_GETPROTOBYNAME 1$(DL) >> $@
+ @echo $(DL)#define HAVE_GMTIME_R 1$(DL) >> $@
+ @echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
+ @echo $(DL)#define HAVE_IOCTL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_IOCTL_FIONBIO 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LOCALE_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LOCALTIME_R 1$(DL) >> $@
+ @echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_RECV 1$(DL) >> $@
+ @echo $(DL)#define HAVE_RECVFROM 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SELECT 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SEND 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SETJMP_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SETLOCALE 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SIGNAL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
+ @echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
+ @echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
+ @echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_WRITEV 1$(DL) >> $@
+ @echo $(DL)#define RETSIGTYPE void$(DL) >> $@
+ @echo $(DL)#define SIZEOF_INT 4$(DL) >> $@
+ @echo $(DL)#define SIZEOF_SHORT 2$(DL) >> $@
+ @echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
+ @echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
+ @echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
+ifdef DISABLE_LDAP
+ @echo $(DL)#define CURL_DISABLE_LDAP 1$(DL) >> $@
+else
+ @echo $(DL)#define CURL_HAS_NOVELL_LDAPSDK 1$(DL) >> $@
+ifndef DISABLE_LDAPS
+ @echo $(DL)#define HAVE_LDAP_SSL 1$(DL) >> $@
+endif
+ @echo $(DL)#define HAVE_LDAP_SSL_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LDAP_URL_PARSE 1$(DL) >> $@
+endif
+ifdef NW_WINSOCK
+ @echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
+else
+ @echo $(DL)#define USE_BSD_SOCKETS 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_TYPES_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_SOCKET_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_SYS_SOCKIO_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_NETDB_H 1$(DL) >> $@
+endif
+ifdef WITH_ARES
+ @echo $(DL)#define USE_ARES 1$(DL) >> $@
+endif
+ifdef WITH_ZLIB
+ @echo $(DL)#define HAVE_ZLIB_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LIBZ 1$(DL) >> $@
+endif
+ifdef WITH_SSL
+ @echo $(DL)#define USE_SSLEAY 1$(DL) >> $@
+ @echo $(DL)#define USE_OPENSSL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_OPENSSL_X509_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_OPENSSL_SSL_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_OPENSSL_RSA_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_OPENSSL_PEM_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_OPENSSL_ERR_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_OPENSSL_CRYPTO_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_OPENSSL_ENGINE_H 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LIBSSL 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LIBCRYPTO 1$(DL) >> $@
+ @echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@
+ifdef WITH_SRP
+ @echo $(DL)#define HAVE_SSLEAY_SRP 1$(DL) >> $@
+ @echo $(DL)#define USE_TLS_SRP 1$(DL) >> $@
+endif
+ifdef WITH_SPNEGO
+ @echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@
+endif
+else
+ifdef WITH_AXTLS
+ @echo $(DL)#define USE_AXTLS 1$(DL) >> $@
+endif
+endif
+ifdef WITH_SSH2
+ @echo $(DL)#define USE_LIBSSH2 1$(DL) >> $@
+ @echo $(DL)#define HAVE_LIBSSH2_H 1$(DL) >> $@
+endif
+ifdef WITH_IDN
+ @echo $(DL)#define HAVE_LIBIDN 1$(DL) >> $@
+ @echo $(DL)#define HAVE_TLD_H 1$(DL) >> $@
+endif
+ifdef WITH_RTMP
+ @echo $(DL)#define USE_LIBRTMP 1$(DL) >> $@
+endif
+ifdef WITH_NGHTTP2
+ @echo $(DL)#define USE_NGHTTP2 1$(DL) >> $@
+endif
+ @echo $(DL)#ifdef __GNUC__$(DL) >> $@
+ @echo $(DL)#define HAVE_VARIADIC_MACROS_GCC 1$(DL) >> $@
+ @echo $(DL)#else$(DL) >> $@
+ @echo $(DL)#define HAVE_VARIADIC_MACROS_C99 1$(DL) >> $@
+ @echo $(DL)#endif$(DL) >> $@
+ifdef CABUNDLE
+ @echo $(DL)#define CURL_CA_BUNDLE "$(CABUNDLE)"$(DL) >> $@
+else
+ @echo $(DL)#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")$(DL) >> $@
+endif
+
+$(EXPORTF): $(CURL_INC)/curl/curl.h $(CURL_INC)/curl/easy.h $(CURL_INC)/curl/multi.h $(CURL_INC)/curl/mprintf.h
+ @echo Creating $@
+ @$(AWK) -f ../packages/NetWare/get_exp.awk $^ > $@
+
+FORCE: ;
+
+info: $(OBJDIR)/version.inc
+ @echo Configured to build $(TARGET) with these options:
+ @echo libarchitecture: $(LIBARCH)
+ @echo curl version: $(LIBCURL_VERSION_STR)
+ @echo compiler/linker: $(CC) / $(LD)
+ifdef CABUNDLE
+ @echo ca-bundle path: $(CABUNDLE)
+endif
+ifdef WITH_SSL
+ @echo SSL support: enabled (OpenSSL)
+else
+ @echo SSL support: no
+endif
+ifdef WITH_SRP
+ @echo SRP support: enabled
+else
+ @echo SRP support: no
+endif
+ifdef WITH_SSH2
+ @echo SSH2 support: enabled (libssh2)
+else
+ @echo SSH2 support: no
+endif
+ifdef WITH_ZLIB
+ @echo zlib support: enabled
+else
+ @echo zlib support: no
+endif
+ifdef WITH_NGHTTP2
+ @echo http2 support: enabled
+else
+ @echo http2 support: no
+endif
+ifdef WITH_ARES
+ @echo c-ares support: enabled
+else
+ @echo c-ares support: no
+endif
+ifdef ENABLE_IPV6
+ @echo IPv6 support: enabled
+else
+ @echo IPv6 support: no
+endif
+
+$(LIBCARES_PATH)/libcares.$(LIBEXT):
+ $(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib
+
+ca-bundle.crt: mk-ca-bundle.pl
+ @echo Creating $@
+ @-$(PERL) $< -b -n $@
+
diff --git a/libs/libcurl/src/Makefile.vxworks b/libs/libcurl/src/Makefile.vxworks
new file mode 100644
index 0000000000..7ff197f033
--- /dev/null
+++ b/libs/libcurl/src/Makefile.vxworks
@@ -0,0 +1,177 @@
+#*****************************************************************************
+#
+#
+#Filename : Makefile.vxworks
+#Description: makefile to be used in order to compile libcurl for VxWoorks 6.3.
+#
+#How to use:
+# 1. Adjust environment variables at the file beginning
+# 2. Open the Command Prompt window and change directory ('cd')
+# into the 'lib' folder
+# 3. Add <CYGWIN>/bin folder to the PATH environment variable
+# For example type 'set PATH=C:/embedded/cygwin/bin;%PATH%'
+# 4. Build the library by typing 'make -f ./Makefile.vxworks'
+# As a result the libcurl.a should be created in the 'lib' folder.
+# To clean package use 'make -f ./Makefile.vxworks clean'
+#Requirements:
+# 1. WinXP machine
+# 2. Full CYGWIN installation (open source) with GNU make version
+# v3.78 or higher
+# 3. WindRiver Workbench with vxWorks 6.3 (commercial)
+#*****************************************************************************
+
+# ----------------------------------------------------------------------
+# Environment
+# ----------------------------------------------------------------------
+
+export WIND_HOME := C:/embedded/Workbench2.5.0.1
+export WIND_BASE := $(WIND_HOME)/vxworks-6.3
+export WIND_HOST_TYPE := x86-win32
+
+# BUILD_TYE:= <debug>|<release> (build with debugging info or optimized)
+BUILD_TYPE := debug
+USER_CFLAGS:=
+
+# directories where to seek for includes and libraries
+OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8zc-vxWorks6.3/include
+OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8zc-vxWorks6.3
+ZLIB_INC := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/zlib-1.2.8
+ZLIB_LIB := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
+ARES_INC :=
+ARES_LIB :=
+
+
+# ----------------------------------------------------------------------
+# Compiler
+# ----------------------------------------------------------------------
+
+CC := ccppc
+AR := arppc
+LINK := ccppc
+CFLAGS := -D__GNUC__ -D__ppc__ -msoft-float -fno-builtin -mcpu=604 -mlongcall -DCPU=PPC604 -D_GNU_TOOL -Wall -W -Winline $(USER_CFLAGS)
+LDFLAGS := -nostdlib -Wl,-i -Wl,-X
+INCLUDE_FLAG := -I
+C_DEBUGFLAG := -g
+C_OPTFLAG := -O2
+COMPILE_ONLY_FLAG := -c
+OBJ_EXTENSION := .o
+CC_OBJ_OUTPUT = -o $@
+ARFLAGS := -rc
+LIBS_FLAG := -l
+LIBS_DIRFLAG:= -L
+LD_DEBUGFLAG := $(C_DEBUGFLAG)
+EXECUTE_EXTENSION := .out
+TOOL_CHAIN_BIN := $(WIND_HOME)/gnu/3.4.4-vxworks-6.3/$(WIND_HOST_TYPE)/bin/
+
+# ----------------------------------------------------------------------
+
+# Add -DINET6 if the OS kernel image was built with IPv6 support
+# CFLAGS += -DINET6
+
+# Set up compiler and linker flags for debug or optimization
+ifeq ($(BUILD_TYPE), debug)
+CFLAGS += $(C_DEBUGFLAG)
+LDFLAGS += $(LD_DEBUGFLAG)
+else
+CFLAGS += $(C_OPTFLAG)
+endif
+
+# ----------------------------------------------------------------------
+
+# Main Makefile and possible sub-make files
+MAKEFILES := Makefile.vxworks
+
+# List of external include directories
+#-----
+# IMPORTANT: include OPENSSL directories before system
+# in order to prevent WindRiver OpenSSL to be used.
+#-----
+INCLUDE_DIRS := ../include $(OPENSSL_INC) $(ZLIB_INC) $(ARES_INC) $(WIND_BASE)/target/h $(WIND_BASE)/target/h/wrn/coreip
+
+# List of external libraries and their directories
+LIBS_LIST := .
+LIB_DIRS := .
+ifneq ($(OPENSSL_LIB), )
+LIBS_LIST += crypto ssl
+LIB_DIRS += $(OPENSSL_LIB)
+endif
+ifneq ($(ZLIB_LIB), )
+LIBS_LIST += z
+LIB_DIRS += $(ZLIB_LIB)
+endif
+ifneq ($(ARES_LIB), )
+LIBS_LIST += ares
+LIB_DIRS += $(ARES_LIB)
+endif
+
+# Add include and library directories and libraries
+CFLAGS += $(INCLUDE_DIRS:%=$(INCLUDE_FLAG)%)
+LDFLAGS += $(LIB_DIRS:%=$(LIBS_DIRFLAG)%)
+
+# List of targets to make for libs target
+LIBS_TARGET_LIST := libcurl.a
+
+# List of execuatble applications to make in addition to libs for all target
+EXE_TARGET_LIST :=
+
+# Support for echoing rules
+# If ECHORULES variable was set (for example, using 'make' command line)
+# some shell commands in the rules will be echoed
+ifneq ($(strip $(findstring $(ECHORULES), yes YES 1 true TRUE)),)
+_@_ :=
+else
+_@_ := @
+endif
+
+# Directory to hold compilation intermediate files
+TMP_DIR := tmp
+
+# Get sources and headers to be compiled
+include Makefile.inc
+
+# List of headers
+INCLUDE_FILES := $(HHEADERS)
+INCLUDE_FILES += $(shell find ../include -name \*.h)
+
+# List of sources
+OBJLIST := $(CSOURCES:%.c=$(TMP_DIR)/%$(OBJ_EXTENSION))
+
+
+# ----------------------------------------------------------------------
+
+#### default rule
+# It should be first rule in this file
+.PHONY: default
+default: libcurl.a
+
+#### Compiling C files
+$(TMP_DIR)/%$(OBJ_EXTENSION): %.c $(MAKEFILES)
+ @echo Compiling C file $< $(ECHO_STDOUT)
+ @[ -d $(@D) ] || mkdir -p $(@D)
+ $(_@_) $(TOOL_CHAIN_BIN)$(CC) $(COMPILE_ONLY_FLAG) $(CFLAGS) $< $(CC_OBJ_OUTPUT)
+
+#### Creating library
+$(LIBS_TARGET_LIST): $(INCLUDE_FILES) $(MAKEFILES) $(OBJLIST)
+ @echo Creating library $@ $(ECHO_STDOUT)
+ $(_@_) [ -d $(@D) ] || mkdir -p $(@D)
+ $(_@_) rm -f $@
+ $(_@_) $(TOOL_CHAIN_BIN)$(AR) $(ARFLAGS) $@ $(filter %$(OBJ_EXTENSION), $^)
+
+#### Creating application
+$(EXE_TARGET_LIST): $(INCLUDE_FILES) $(MAKEFILES) $(LIBS_TARGET_LIST)
+ @echo Creating application $@
+ @[ -d $(@D) ] || mkdir -p $(@D)
+ $(_@_) $(TOOL_CHAIN_BIN)$(LINK) $(CC_OBJ_OUTPUT) $($(@)_EXE_OBJ_LIST) $(LDFLAGS) $($(@)_EXE_LIBS_NEEDED:%=$(LIBS_FLAG)%) $(LIBS_LIST:%=$(LIBS_FLAG)%) $(USER_LIBS_LIST) $(USER_LIBS_LIST)
+
+#### Master Targets
+libs: $(LIBS_TARGET_LIST)
+ @echo All libs made.
+
+all: $(LIBS_TARGET_LIST) $(EXE_TARGET_LIST) $(INCLUDE_TARGET_LIST)
+ @echo All targets made.
+
+# Clean up
+.PHONY: clean
+clean:
+ $(_@_) rm -rf $(TMP_DIR)
+ @echo libcurl was cleaned.
diff --git a/libs/libcurl/src/README.ares b/libs/libcurl/src/README.ares
deleted file mode 100644
index 8c77937ebd..0000000000
--- a/libs/libcurl/src/README.ares
+++ /dev/null
@@ -1,69 +0,0 @@
- _ _ ____ _
- ___| | | | _ \| |
- / __| | | | |_) | |
- | (__| |_| | _ <| |___
- \___|\___/|_| \_\_____|
-
- How To Build libcurl to Use c-ares For Asynch Name Resolves
- ===========================================================
-
-c-ares:
- http://c-ares.haxx.se/
-
-NOTE
- The latest libcurl version requires c-ares 1.6.0 or later.
-
- Once upon the time libcurl built fine with the "original" ares. That is no
- longer true. You need to use c-ares.
-
-Build c-ares
-============
-
-1. unpack the c-ares archive
-2. cd c-ares-dir
-3. ./configure
-4. make
-5. make install
-
-Build libcurl to use c-ares in the curl source tree
-===================================================
-
-1. name or symlink the c-ares source directory 'ares' in the curl source
- directory
-2. ./configure --enable-ares
-
- Optionally, you can point out the c-ares install tree root with the the
- --enable-ares option.
-
-3. make
-
-Build libcurl to use an installed c-ares
-========================================
-
-1. ./configure --enable-ares=/path/to/ares/install
-2. make
-
-c-ares on win32
-===============
-(description brought by Dominick Meglio)
-
-First I compiled c-ares. I changed the default C runtime library to be the
-single-threaded rather than the multi-threaded (this seems to be required to
-prevent linking errors later on). Then I simply build the areslib project (the
-other projects adig/ahost seem to fail under MSVC).
-
-Next was libcurl. I opened lib/config-win32.h and I added a:
- #define USE_ARES 1
-
-Next thing I did was I added the path for the ares includes to the include
-path, and the libares.lib to the libraries.
-
-Lastly, I also changed libcurl to be single-threaded rather than
-multi-threaded, again this was to prevent some duplicate symbol errors. I'm
-not sure why I needed to change everything to single-threaded, but when I
-didn't I got redefinition errors for several CRT functions (malloc, stricmp,
-etc.)
-
-I would have modified the MSVC++ project files, but I only have VC.NET and it
-uses a different format than VC6.0 so I didn't want to go and change
-everything and remove VC6.0 support from libcurl.
diff --git a/libs/libcurl/src/README.curl_off_t b/libs/libcurl/src/README.curl_off_t
deleted file mode 100644
index 923b2774cd..0000000000
--- a/libs/libcurl/src/README.curl_off_t
+++ /dev/null
@@ -1,68 +0,0 @@
-
- curl_off_t explained
- ====================
-
-curl_off_t is a data type provided by the external libcurl include headers. It
-is the type meant to be used for the curl_easy_setopt() options that end with
-LARGE. The type is 64bit large on most modern platforms.
-
-Transition from < 7.19.0 to >= 7.19.0
--------------------------------------
-
-Applications that used libcurl before 7.19.0 that are rebuilt with a libcurl
-that is 7.19.0 or later may or may not have to worry about anything of
-this. We have made a significant effort to make the transition really seamless
-and transparent.
-
-You have have to take notice if you are in one of the following situations:
-
-o Your app is using or will after the transition use a libcurl that is built
- with LFS (large file support) disabled even though your system otherwise
- supports it.
-
-o Your app is using or will after the transition use a libcurl that doesn't
- support LFS at all, but your system and compiler support 64bit data types.
-
-In both these cases, the curl_off_t type will now (after the transition) be
-64bit where it previously was 32bit. This will cause a binary incompatibility
-that you MAY need to deal with.
-
-Benefits
---------
-
-This new way has several benefits:
-
-o Platforms without LFS support can still use libcurl to do >32 bit file
- transfers and range operations etc as long as they have >32 bit data-types
- supported.
-
-o Applications will no longer easily build with the curl_off_t size
- mismatched, which has been a very frequent (and annoying) problem with
- libcurl <= 7.18.2
-
-Historically
-------------
-
-Previously, before 7.19.0, the curl_off_t type would be rather strongly
-connected to the size of the system off_t type, where currently curl_off_t is
-independent of that.
-
-The strong connection to off_t made it troublesome for application authors
-since when they did mistakes, they could get curl_off_t type of different
-sizes in the app vs libcurl, and that caused strange effects that were hard to
-track and detect by users of libcurl.
-
-SONAME
-------
-
-We opted to not bump the soname for the library unconditionally, simply
-because soname bumping is causing a lot of grief and moaning all over the
-community so we try to keep that at minimum. Also, our selected design path
-should be 100% backwards compatible for the vast majority of all libcurl
-users.
-
-Enforce SONAME bump
--------------------
-
-If configure doesn't detect your case where a bump is necessary, re-run it
-with the --enable-soname-bump command line option!
diff --git a/libs/libcurl/src/README.curlx b/libs/libcurl/src/README.curlx
deleted file mode 100644
index 5375b0d1d3..0000000000
--- a/libs/libcurl/src/README.curlx
+++ /dev/null
@@ -1,61 +0,0 @@
- _ _ ____ _
- ___| | | | _ \| |
- / __| | | | |_) | |
- | (__| |_| | _ <| |___
- \___|\___/|_| \_\_____|
-
- Source Code Functions Apps Might Use
- ====================================
-
-The libcurl source code offers a few functions by source only. They are not
-part of the official libcurl API, but the source files might be useful for
-others so apps can optionally compile/build with these sources to gain
-additional functions.
-
-We provide them through a single header file for easy access for apps:
-"curlx.h"
-
- curlx_strtoofft()
-
- A macro that converts a string containing a number to a curl_off_t number.
- This might use the curlx_strtoll() function which is provided as source
- code in strtoofft.c. Note that the function is only provided if no
- strtoll() (or equivalent) function exist on your platform. If curl_off_t
- is only a 32 bit number on your platform, this macro uses strtol().
-
- curlx_tvnow()
-
- returns a struct timeval for the current time.
-
- curlx_tvdiff()
-
- returns the difference between two timeval structs, in number of
- milliseconds.
-
- curlx_tvdiff_secs()
-
- returns the same as curlx_tvdiff but with full usec resolution (as a
- double)
-
-FUTURE
-======
-
- Several functions will be removed from the public curl_ name space in a
- future libcurl release. They will then only become available as curlx_
- functions instead. To make the transition easier, we already today provide
- these functions with the curlx_ prefix to allow sources to get built properly
- with the new function names. The functions this concerns are:
-
- curlx_getenv
- curlx_strequal
- curlx_strnequal
- curlx_mvsnprintf
- curlx_msnprintf
- curlx_maprintf
- curlx_mvaprintf
- curlx_msprintf
- curlx_mprintf
- curlx_mfprintf
- curlx_mvsprintf
- curlx_mvprintf
- curlx_mvfprintf
diff --git a/libs/libcurl/src/README.encoding b/libs/libcurl/src/README.encoding
deleted file mode 100644
index 1012bb9eca..0000000000
--- a/libs/libcurl/src/README.encoding
+++ /dev/null
@@ -1,60 +0,0 @@
-
- Content Encoding Support for libcurl
-
-* About content encodings:
-
-HTTP/1.1 [RFC 2616] specifies that a client may request that a server encode
-its response. This is usually used to compress a response using one of a set
-of commonly available compression techniques. These schemes are `deflate' (the
-zlib algorithm), `gzip' and `compress' [sec 3.5, RFC 2616]. A client requests
-that the sever perform an encoding by including an Accept-Encoding header in
-the request document. The value of the header should be one of the recognized
-tokens `deflate', ... (there's a way to register new schemes/tokens, see sec
-3.5 of the spec). A server MAY honor the client's encoding request. When a
-response is encoded, the server includes a Content-Encoding header in the
-response. The value of the Content-Encoding header indicates which scheme was
-used to encode the data.
-
-A client may tell a server that it can understand several different encoding
-schemes. In this case the server may choose any one of those and use it to
-encode the response (indicating which one using the Content-Encoding header).
-It's also possible for a client to attach priorities to different schemes so
-that the server knows which it prefers. See sec 14.3 of RFC 2616 for more
-information on the Accept-Encoding header.
-
-* Current support for content encoding:
-
-Support for the 'deflate' and 'gzip' content encoding are supported by
-libcurl. Both regular and chunked transfers should work fine. The library
-zlib is required for this feature. 'deflate' support was added by James
-Gallagher, and support for the 'gzip' encoding was added by Dan Fandrich.
-
-* The libcurl interface:
-
-To cause libcurl to request a content encoding use:
-
- curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, <string>)
-
-where <string> is the intended value of the Accept-Encoding header.
-
-Currently, libcurl only understands how to process responses that use the
-"deflate" or "gzip" Content-Encoding, so the only values for
-CURLOPT_ACCEPT_ENCODING that will work (besides "identity," which does
-nothing) are "deflate" and "gzip" If a response is encoded using the
-"compress" or methods, libcurl will return an error indicating that the
-response could not be decoded. If <string> is NULL no Accept-Encoding header
-is generated. If <string> is a zero-length string, then an Accept-Encoding
-header containing all supported encodings will be generated.
-
-The CURLOPT_ACCEPT_ENCODING must be set to any non-NULL value for content to
-be automatically decoded. If it is not set and the server still sends encoded
-content (despite not having been asked), the data is returned in its raw form
-and the Content-Encoding type is not checked.
-
-* The curl interface:
-
-Use the --compressed option with curl to cause it to ask servers to compress
-responses using any format supported by curl.
-
-James Gallagher <jgallagher@gso.uri.edu>
-Dan Fandrich <dan@coneharvesters.com>
diff --git a/libs/libcurl/src/README.hostip b/libs/libcurl/src/README.hostip
deleted file mode 100644
index 2e30bc792d..0000000000
--- a/libs/libcurl/src/README.hostip
+++ /dev/null
@@ -1,35 +0,0 @@
- hostip.c explained
- ==================
-
- The main COMPILE-TIME DEFINES to keep in mind when reading the host*.c
- source file are these:
-
- CURLRES_IPV6 - this host has getaddrinfo() and family, and thus we use
- that. The host may not be able to resolve IPv6, but we don't really have to
- take that into account. Hosts that aren't IPv6-enabled have CURLRES_IPV4
- defined.
-
- CURLRES_ARES - is defined if libcurl is built to use c-ares for asynchronous
- name resolves. It cannot have ENABLE_IPV6 defined at the same time, as c-ares
- has no ipv6 support. This can be Windows or *nix.
-
- CURLRES_THREADED - is defined if libcurl is built to run under (native)
- Windows, and then the name resolve will be done in a new thread, and the
- supported asynch API will be the same as for ares-builds.
-
- If any of the two previous are defined, CURLRES_ASYNCH is defined too. If
- libcurl is not built to use an asynchronous resolver, CURLRES_SYNCH is
- defined.
-
- The host*.c sources files are split up like this:
-
- hostip.c - method-independent resolver functions and utility functions
- hostasyn.c - functions for asynchronous name resolves
- hostsyn.c - functions for synchronous name resolves
- hostares.c - functions for ares-using name resolves
- hostthre.c - functions for threaded name resolves
- hostip4.c - ipv4-specific functions
- hostip6.c - ipv6-specific functions
-
- The hostip.h is the single united header file for all this. It defines the
- CURLRES_* defines based on the config*.h and curl_setup.h defines.
diff --git a/libs/libcurl/src/README.httpauth b/libs/libcurl/src/README.httpauth
deleted file mode 100644
index 9605045107..0000000000
--- a/libs/libcurl/src/README.httpauth
+++ /dev/null
@@ -1,74 +0,0 @@
-
-1. PUT/POST without a known auth to use (possibly no auth required):
-
- (When explicitly set to use a multi-pass auth when doing a POST/PUT,
- libcurl should immediately go the Content-Length: 0 bytes route to avoid
- the first send all data phase, step 2. If told to use a single-pass auth,
- goto step 3.)
-
- Issue the proper PUT/POST request immediately, with the correct
- Content-Length and Expect: headers.
-
- If a 100 response is received or the wait for one times out, start sending
- the request-body.
-
- If a 401 (or 407 when talking through a proxy) is received, then:
-
- If we have "more than just a little" data left to send, close the
- connection. Exactly what "more than just a little" means will have to be
- determined. Possibly the current transfer speed should be taken into
- account as well.
-
- NOTE: if the size of the POST data is less than MAX_INITIAL_POST_SIZE (when
- CURLOPT_POSTFIELDS is used), libcurl will send everything in one single
- write() (all request-headers and request-body) and thus it will
- unconditionally send the full post data here.
-
-2. PUT/POST with multi-pass auth but not yet completely negotiated:
-
- Send a PUT/POST request, we know that it will be rejected and thus we claim
- Content-Length zero to avoid having to send the request-body. (This seems
- to be what IE does.)
-
-3. PUT/POST as the last step in the auth negotiation, that is when we have
- what we believe is a completed negotiation:
-
- Send a full and proper PUT/POST request (again) with the proper
- Content-Length and a following request-body.
-
- NOTE: this may very well be the second (or even third) time the whole or at
- least parts of the request body is sent to the server. Since the data may
- be provided to libcurl with a callback, we need a way to tell the app that
- the upload is to be restarted so that the callback will provide data from
- the start again. This requires an API method/mechanism that libcurl
- doesn't have today. See below.
-
-Data Rewind
-
- It will be troublesome for some apps to deal with a rewind like this in all
- circumstances. I'm thinking for example when using 'curl' to upload data
- from stdin. If libcurl ends up having to rewind the reading for a request
- to succeed, of course a lack of this callback or if it returns failure, will
- cause the request to fail completely.
-
- The new callback is set with CURLOPT_IOCTLFUNCTION (in an attempt to add a
- more generic function that might be used for other IO-related controls in
- the future):
-
- curlioerr curl_ioctl(CURL *handle, curliocmd cmd, void *clientp);
-
- And in the case where the read is to be rewinded, it would be called with a
- cmd named CURLIOCMD_RESTARTREAD. The callback would then return CURLIOE_OK,
- if things are fine, or CURLIOE_FAILRESTART if not.
-
-Backwards Compatibility
-
- The approach used until now, that issues a HEAD on the given URL to trigger
- the auth negotiation could still be supported and encouraged, but it would
- be up to the app to first fetch a URL with GET/HEAD to negotiate on, since
- then a following PUT/POST wouldn't need to negotiate authentication and
- thus avoid double-sending data.
-
- Optionally, we keep the current approach if some option is set
- (CURLOPT_HEADBEFOREAUTH or similar), since it seems to work fairly well for
- POST on most servers.
diff --git a/libs/libcurl/src/README.memoryleak b/libs/libcurl/src/README.memoryleak
deleted file mode 100644
index 166177794f..0000000000
--- a/libs/libcurl/src/README.memoryleak
+++ /dev/null
@@ -1,55 +0,0 @@
- _ _ ____ _
- ___| | | | _ \| |
- / __| | | | |_) | |
- | (__| |_| | _ <| |___
- \___|\___/|_| \_\_____|
-
- How To Track Down Suspected Memory Leaks in libcurl
- ===================================================
-
-Single-threaded
-
- Please note that this memory leak system is not adjusted to work in more
- than one thread. If you want/need to use it in a multi-threaded app. Please
- adjust accordingly.
-
-
-Build
-
- Rebuild libcurl with -DCURLDEBUG (usually, rerunning configure with
- --enable-debug fixes this). 'make clean' first, then 'make' so that all
- files actually are rebuilt properly. It will also make sense to build
- libcurl with the debug option (usually -g to the compiler) so that debugging
- it will be easier if you actually do find a leak in the library.
-
- This will create a library that has memory debugging enabled.
-
-Modify Your Application
-
- Add a line in your application code:
-
- curl_memdebug("dump");
-
- This will make the malloc debug system output a full trace of all resource
- using functions to the given file name. Make sure you rebuild your program
- and that you link with the same libcurl you built for this purpose as
- described above.
-
-Run Your Application
-
- Run your program as usual. Watch the specified memory trace file grow.
-
- Make your program exit and use the proper libcurl cleanup functions etc. So
- that all non-leaks are returned/freed properly.
-
-Analyze the Flow
-
- Use the tests/memanalyze.pl perl script to analyze the dump file:
-
- tests/memanalyze.pl dump
-
- This now outputs a report on what resources that were allocated but never
- freed etc. This report is very fine for posting to the list!
-
- If this doesn't produce any output, no leak was detected in libcurl. Then
- the leak is mostly likely to be in your code.
diff --git a/libs/libcurl/src/README.multi_socket b/libs/libcurl/src/README.multi_socket
deleted file mode 100644
index d91e1d9f27..0000000000
--- a/libs/libcurl/src/README.multi_socket
+++ /dev/null
@@ -1,53 +0,0 @@
-Implementation of the curl_multi_socket API
-
- The main ideas of the new API are simply:
-
- 1 - The application can use whatever event system it likes as it gets info
- from libcurl about what file descriptors libcurl waits for what action
- on. (The previous API returns fd_sets which is very select()-centric).
-
- 2 - When the application discovers action on a single socket, it calls
- libcurl and informs that there was action on this particular socket and
- libcurl can then act on that socket/transfer only and not care about
- any other transfers. (The previous API always had to scan through all
- the existing transfers.)
-
- The idea is that curl_multi_socket_action() calls a given callback with
- information about what socket to wait for what action on, and the callback
- only gets called if the status of that socket has changed.
-
- We also added a timer callback that makes libcurl call the application when
- the timeout value changes, and you set that with curl_multi_setopt() and the
- CURLMOPT_TIMERFUNCTION option. To get this to work, Internally, there's an
- added a struct to each easy handle in which we store an "expire time" (if
- any). The structs are then "splay sorted" so that we can add and remove
- times from the linked list and yet somewhat swiftly figure out both how long
- time there is until the next nearest timer expires and which timer (handle)
- we should take care of now. Of course, the upside of all this is that we get
- a curl_multi_timeout() that should also work with old-style applications
- that use curl_multi_perform().
-
- We created an internal "socket to easy handles" hash table that given
- a socket (file descriptor) return the easy handle that waits for action on
- that socket. This hash is made using the already existing hash code
- (previously only used for the DNS cache).
-
- To make libcurl able to report plain sockets in the socket callback, we had
- to re-organize the internals of the curl_multi_fdset() etc so that the
- conversion from sockets to fd_sets for that function is only done in the
- last step before the data is returned. I also had to extend c-ares to get a
- function that can return plain sockets, as that library too returned only
- fd_sets and that is no longer good enough. The changes done to c-ares are
- available in c-ares 1.3.1 and later.
-
- We have done a test runs with up to 9000 connections (with a single active
- one). The curl_multi_socket_action() invoke then takes less than 10
- microseconds in average (using the read-only-1-byte-at-a-time hack). We are
- now below the 60 microseconds "per socket action" goal (the extra 50 is the
- time libevent needs).
-
-Documentation
-
- http://curl.haxx.se/libcurl/c/curl_multi_socket_action.html
- http://curl.haxx.se/libcurl/c/curl_multi_timeout.html
- http://curl.haxx.se/libcurl/c/curl_multi_setopt.html
diff --git a/libs/libcurl/src/README.pingpong b/libs/libcurl/src/README.pingpong
deleted file mode 100644
index 69ba9aadbf..0000000000
--- a/libs/libcurl/src/README.pingpong
+++ /dev/null
@@ -1,30 +0,0 @@
-Date: December 5, 2009
-
-Pingpong
-========
-
- Pingpong is just my (Daniel's) jestful collective name on the protocols that
- share a very similar kind of back-and-forth procedure with command and
- responses to and from the server. FTP was previously the only protocol in
- that family that libcurl supported, but when POP3, IMAP and SMTP joined the
- team I moved some of the internals into a separate pingpong module to be
- easier to get used by all these protocols to reduce code duplication and ease
- code re-use between these protocols.
-
-FTP
-
- In 7.20.0 we converted code to use the new pingpong code from previously
- having been all "native" FTP code.
-
-POP3
-
- There's no support in the documented URL format to specify the exact mail to
- get, but we support that as the path specified in the URL.
-
-IMAP
-
-SMTP
-
- There's no official URL syntax defined for SMTP, but we use only the generic
- one and we provide two additional libcurl options to specify receivers and
- sender of the actual mail.
diff --git a/libs/libcurl/src/README.pipelining b/libs/libcurl/src/README.pipelining
deleted file mode 100644
index c7b462248a..0000000000
--- a/libs/libcurl/src/README.pipelining
+++ /dev/null
@@ -1,51 +0,0 @@
-HTTP Pipelining with libcurl
-============================
-
-Background
-
-Since pipelining implies that one or more requests are sent to a server before
-the previous response(s) have been received, we only support it for multi
-interface use.
-
-Considerations
-
-When using the multi interface, you create one easy handle for each transfer.
-Bascially any number of handles can be created, added and used with the multi
-interface - simultaneously. It is an interface designed to allow many
-simultaneous transfers while still using a single thread. Pipelining does not
-change any of these details.
-
-API
-
-We've added a new option to curl_multi_setopt() called CURLMOPT_PIPELINING
-that enables "attempted pipelining" and then all easy handles used on that
-handle will attempt to use an existing pipeline.
-
-Details
-
-- A pipeline is only created if a previous connection exists to the same IP
- address that the new request is being made to use.
-
-- Pipelines are only supported for HTTP(S) as no other currently supported
- protocol has features resemembling this, but we still name this feature
- plain 'pipelining' to possibly one day support it for other protocols as
- well.
-
-- HTTP Pipelining is for GET and HEAD requests only.
-
-- When a pipeline is in use, we must take precautions so that when used easy
- handles (i.e those who still wait for a response) are removed from the multi
- handle, we must deal with the outstanding response nicely.
-
-- Explicitly asking for pipelining handle X and handle Y won't be supported.
- It isn't easy for an app to do this association. The lib should probably
- still resolve the second one properly to make sure that they actually _can_
- be considered for pipelining. Also, asking for explicit pipelining on handle
- X may be tricky when handle X get a closed connection.
-
-- We need options to control max pipeline length, and probably how to behave
- if we reach that limit. As was discussed on the list, it can probably be
- made very complicated, so perhaps we can think of a way to pass all
- variables involved to a callback and let the application decide how to act
- in specific situations. Either way, these fancy options are only interesting
- to work on when everything is working and we have working apps to test with.
diff --git a/libs/libcurl/src/amigaos.c b/libs/libcurl/src/amigaos.c
index 34f95e9b5c..4f55b30e76 100644
--- a/libs/libcurl/src/amigaos.c
+++ b/libs/libcurl/src/amigaos.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -35,7 +35,7 @@ extern int errno, h_errno;
#include <stabs.h>
void __request(const char *msg);
#else
-# define __request( msg ) Printf( msg "\n\a")
+# define __request(msg) Printf(msg "\n\a")
#endif
void Curl_amiga_cleanup()
@@ -57,7 +57,7 @@ bool Curl_amiga_init()
}
if(SocketBaseTags(SBTM_SETVAL(SBTC_ERRNOPTR(sizeof(errno))), (ULONG) &errno,
- SBTM_SETVAL(SBTC_LOGTAGPTR), (ULONG) "cURL",
+ SBTM_SETVAL(SBTC_LOGTAGPTR), (ULONG) "curl",
TAG_DONE)) {
__request("SocketBaseTags ERROR");
return FALSE;
@@ -71,7 +71,7 @@ bool Curl_amiga_init()
}
#ifdef __libnix__
-ADD2EXIT(Curl_amiga_cleanup,-50);
+ADD2EXIT(Curl_amiga_cleanup, -50);
#endif
#endif /* __AMIGA__ && ! __ixemul__ */
diff --git a/libs/libcurl/src/amigaos.h b/libs/libcurl/src/amigaos.h
index 76578be868..02bee16107 100644
--- a/libs/libcurl/src/amigaos.h
+++ b/libs/libcurl/src/amigaos.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/arpa_telnet.h b/libs/libcurl/src/arpa_telnet.h
index 098d9a92f7..ec238729dd 100644
--- a/libs/libcurl/src/arpa_telnet.h
+++ b/libs/libcurl/src/arpa_telnet.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/asyn-ares.c b/libs/libcurl/src/asyn-ares.c
index 0ef36cbbe2..38ede999ce 100644
--- a/libs/libcurl/src/asyn-ares.c
+++ b/libs/libcurl/src/asyn-ares.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,14 @@
#include "curl_setup.h"
+/***********************************************************************
+ * Only for ares-enabled builds
+ * And only for functions that fulfill the asynch resolver backend API
+ * as defined in asyn.h, nothing else belongs in this file!
+ **********************************************************************/
+
+#ifdef CURLRES_ARES
+
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
@@ -48,14 +56,6 @@
#define in_addr_t unsigned long
#endif
-/***********************************************************************
- * Only for ares-enabled builds
- * And only for functions that fulfill the asynch resolver backend API
- * as defined in asyn.h, nothing else belongs in this file!
- **********************************************************************/
-
-#ifdef CURLRES_ARES
-
#include "urldata.h"
#include "sendf.h"
#include "hostip.h"
@@ -69,9 +69,6 @@
#include "select.h"
#include "progress.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
# if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
(defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
# define CARES_STATICLIB
@@ -85,8 +82,9 @@
#define HAVE_CARES_CALLBACK_TIMEOUTS 1
#endif
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
struct ResolverResults {
@@ -166,19 +164,19 @@ void Curl_resolver_cleanup(void *resolver)
int Curl_resolver_duphandle(void **to, void *from)
{
/* Clone the ares channel for the new handle */
- if(ARES_SUCCESS != ares_dup((ares_channel*)to,(ares_channel)from))
+ if(ARES_SUCCESS != ares_dup((ares_channel*)to, (ares_channel)from))
return CURLE_FAILED_INIT;
return CURLE_OK;
}
-static void destroy_async_data (struct Curl_async *async);
+static void destroy_async_data(struct Curl_async *async);
/*
* Cancel all possibly still on-going resolves for this connection.
*/
void Curl_resolver_cancel(struct connectdata *conn)
{
- if(conn && conn->data && conn->data->state.resolver)
+ if(conn->data && conn->data->state.resolver)
ares_cancel((ares_channel)conn->data->state.resolver);
destroy_async_data(&conn->async);
}
@@ -186,10 +184,9 @@ void Curl_resolver_cancel(struct connectdata *conn)
/*
* destroy_async_data() cleans up async resolver data.
*/
-static void destroy_async_data (struct Curl_async *async)
+static void destroy_async_data(struct Curl_async *async)
{
- if(async->hostname)
- free(async->hostname);
+ free(async->hostname);
if(async->os_specific) {
struct ResolverResults *res = (struct ResolverResults *)async->os_specific;
@@ -235,7 +232,7 @@ int Curl_resolver_getsock(struct connectdata *conn,
milli = (timeout->tv_sec * 1000) + (timeout->tv_usec/1000);
if(milli == 0)
milli += 10;
- Curl_expire(conn->data, milli);
+ Curl_expire(conn->data, milli, EXPIRE_ASYNC_NAME);
return max;
}
@@ -252,7 +249,7 @@ int Curl_resolver_getsock(struct connectdata *conn,
static int waitperform(struct connectdata *conn, int timeout_ms)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
int nfds;
int bitmask;
ares_socket_t socks[ARES_GETSOCK_MAXNUM];
@@ -263,7 +260,7 @@ static int waitperform(struct connectdata *conn, int timeout_ms)
bitmask = ares_getsock((ares_channel)data->state.resolver, socks,
ARES_GETSOCK_MAXNUM);
- for(i=0; i < ARES_GETSOCK_MAXNUM; i++) {
+ for(i = 0; i < ARES_GETSOCK_MAXNUM; i++) {
pfd[i].events = 0;
pfd[i].revents = 0;
if(ARES_GETSOCK_READABLE(bitmask, i)) {
@@ -292,7 +289,7 @@ static int waitperform(struct connectdata *conn, int timeout_ms)
ARES_SOCKET_BAD);
else {
/* move through the descriptors and ask for processing on them */
- for(i=0; i < num; i++)
+ for(i = 0; i < num; i++)
ares_process_fd((ares_channel)data->state.resolver,
pfd[i].revents & (POLLRDNORM|POLLIN)?
pfd[i].fd:ARES_SOCKET_BAD,
@@ -312,10 +309,10 @@ static int waitperform(struct connectdata *conn, int timeout_ms)
CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
struct Curl_dns_entry **dns)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ResolverResults *res = (struct ResolverResults *)
conn->async.os_specific;
- CURLcode rc = CURLE_OK;
+ CURLcode result = CURLE_OK;
*dns = NULL;
@@ -329,7 +326,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
if(!conn->async.dns) {
failf(data, "Could not resolve: %s (%s)",
conn->async.hostname, ares_strerror(conn->async.status));
- rc = conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
+ result = conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
CURLE_COULDNT_RESOLVE_HOST;
}
else
@@ -338,7 +335,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
destroy_async_data(&conn->async);
}
- return rc;
+ return result;
}
/*
@@ -355,20 +352,27 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
struct Curl_dns_entry **entry)
{
- CURLcode rc=CURLE_OK;
- struct SessionHandle *data = conn->data;
- long timeout;
- struct timeval now = Curl_tvnow();
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ timediff_t timeout;
+ struct curltime now = Curl_now();
struct Curl_dns_entry *temp_entry;
+ if(entry)
+ *entry = NULL; /* clear on entry */
+
timeout = Curl_timeleft(data, &now, TRUE);
+ if(timeout < 0) {
+ /* already expired! */
+ connclose(conn, "Timed out before name resolve started");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
if(!timeout)
timeout = CURL_TIMEOUT_RESOLVE * 1000; /* default name resolve timeout */
/* Wait for the name resolve query to complete. */
- for(;;) {
+ while(!result) {
struct timeval *tvp, tv, store;
- long timediff;
int itimeout;
int timeout_ms;
@@ -388,42 +392,44 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
timeout_ms = 1000;
waitperform(conn, timeout_ms);
- Curl_resolver_is_resolved(conn,&temp_entry);
+ result = Curl_resolver_is_resolved(conn, &temp_entry);
- if(conn->async.done)
+ if(result || conn->async.done)
break;
- if(Curl_pgrsUpdate(conn)) {
- rc = CURLE_ABORTED_BY_CALLBACK;
- timeout = -1; /* trigger the cancel below */
- }
+ if(Curl_pgrsUpdate(conn))
+ result = CURLE_ABORTED_BY_CALLBACK;
else {
- struct timeval now2 = Curl_tvnow();
- timediff = Curl_tvdiff(now2, now); /* spent time */
- timeout -= timediff?timediff:1; /* always deduct at least 1 */
+ struct curltime now2 = Curl_now();
+ timediff_t timediff = Curl_timediff(now2, now); /* spent time */
+ if(timediff <= 0)
+ timeout -= 1; /* always deduct at least 1 */
+ else if(timediff > timeout)
+ timeout = -1;
+ else
+ timeout -= (long)timediff;
now = now2; /* for next loop */
}
- if(timeout < 0) {
- /* our timeout, so we cancel the ares operation */
- ares_cancel((ares_channel)data->state.resolver);
- break;
- }
+ if(timeout < 0)
+ result = CURLE_OPERATION_TIMEDOUT;
}
+ if(result)
+ /* failure, so we cancel the ares operation */
+ ares_cancel((ares_channel)data->state.resolver);
/* Operation complete, if the lookup was successful we now have the entry
in the cache. */
-
if(entry)
*entry = conn->async.dns;
- if(rc)
+ if(result)
/* close the connection, since we can't return failure here without
cleaning up this connection properly.
TODO: remove this action from here, it is not a name resolver decision.
*/
- conn->bits.close = TRUE;
+ connclose(conn, "c-ares resolve failed");
- return rc;
+ return result;
}
/* Connects results to the list */
@@ -495,7 +501,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
int *waitp)
{
char *bufp;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct in_addr in;
int family = PF_INET;
#ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
@@ -536,15 +542,15 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
bufp = strdup(hostname);
if(bufp) {
struct ResolverResults *res = NULL;
- Curl_safefree(conn->async.hostname);
+ free(conn->async.hostname);
conn->async.hostname = bufp;
conn->async.port = port;
conn->async.done = FALSE; /* not done */
conn->async.status = 0; /* clear */
conn->async.dns = NULL; /* clear */
- res = calloc(sizeof(struct ResolverResults),1);
+ res = calloc(sizeof(struct ResolverResults), 1);
if(!res) {
- Curl_safefree(conn->async.hostname);
+ free(conn->async.hostname);
conn->async.hostname = NULL;
return NULL;
}
@@ -586,7 +592,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
return NULL; /* no struct yet */
}
-CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+CURLcode Curl_set_dns_servers(struct Curl_easy *data,
char *servers)
{
CURLcode result = CURLE_NOT_BUILT_IN;
@@ -624,7 +630,7 @@ CURLcode Curl_set_dns_servers(struct SessionHandle *data,
return result;
}
-CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+CURLcode Curl_set_dns_interface(struct Curl_easy *data,
const char *interf)
{
#if (ARES_VERSION >= 0x010704)
@@ -641,14 +647,14 @@ CURLcode Curl_set_dns_interface(struct SessionHandle *data,
#endif
}
-CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip4(struct Curl_easy *data,
const char *local_ip4)
{
#if (ARES_VERSION >= 0x010704)
- uint32_t a4;
+ struct in_addr a4;
if((!local_ip4) || (local_ip4[0] == 0)) {
- a4 = 0; /* disabled: do not bind to a specific address */
+ a4.s_addr = 0; /* disabled: do not bind to a specific address */
}
else {
if(Curl_inet_pton(AF_INET, local_ip4, &a4) != 1) {
@@ -656,7 +662,7 @@ CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
}
}
- ares_set_local_ip4((ares_channel)data->state.resolver, ntohl(a4));
+ ares_set_local_ip4((ares_channel)data->state.resolver, ntohl(a4.s_addr));
return CURLE_OK;
#else /* c-ares version too old! */
@@ -666,10 +672,10 @@ CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
#endif
}
-CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip6(struct Curl_easy *data,
const char *local_ip6)
{
-#if (ARES_VERSION >= 0x010704)
+#if (ARES_VERSION >= 0x010704) && defined(ENABLE_IPV6)
unsigned char a6[INET6_ADDRSTRLEN];
if((!local_ip6) || (local_ip6[0] == 0)) {
diff --git a/libs/libcurl/src/asyn-thread.c b/libs/libcurl/src/asyn-thread.c
index 4882c37203..1ac3fc809f 100644
--- a/libs/libcurl/src/asyn-thread.c
+++ b/libs/libcurl/src/asyn-thread.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,11 @@
#include "curl_setup.h"
+/***********************************************************************
+ * Only for threaded name resolves builds
+ **********************************************************************/
+#ifdef CURLRES_THREADED
+
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
@@ -68,19 +73,12 @@
#include "inet_pton.h"
#include "inet_ntop.h"
#include "curl_threads.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "connect.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
-/***********************************************************************
- * Only for threaded name resolves builds
- **********************************************************************/
-#ifdef CURLRES_THREADED
-
/*
* Curl_resolver_global_init()
* Called from curl_global_init() to initialize global resolver environment.
@@ -157,20 +155,21 @@ struct thread_sync_data {
curl_mutex_t * mtx;
int done;
- char * hostname; /* hostname to resolve, Curl_async.hostname
- duplicate */
+ char *hostname; /* hostname to resolve, Curl_async.hostname
+ duplicate */
int port;
int sock_error;
Curl_addrinfo *res;
#ifdef HAVE_GETADDRINFO
struct addrinfo hints;
#endif
+ struct thread_data *td; /* for thread-self cleanup */
};
struct thread_data {
curl_thread_t thread_hnd;
unsigned int poll_interval;
- long interval_end;
+ time_t interval_end;
struct thread_sync_data tsd;
};
@@ -190,26 +189,32 @@ void destroy_thread_sync_data(struct thread_sync_data * tsd)
free(tsd->mtx);
}
- if(tsd->hostname)
- free(tsd->hostname);
+ free(tsd->hostname);
if(tsd->res)
Curl_freeaddrinfo(tsd->res);
- memset(tsd,0,sizeof(*tsd));
+ memset(tsd, 0, sizeof(*tsd));
}
/* Initialize resolver thread synchronization data */
static
-int init_thread_sync_data(struct thread_sync_data * tsd,
- const char * hostname,
+int init_thread_sync_data(struct thread_data * td,
+ const char *hostname,
int port,
const struct addrinfo *hints)
{
+ struct thread_sync_data *tsd = &td->tsd;
+
memset(tsd, 0, sizeof(*tsd));
+ tsd->td = td;
tsd->port = port;
-#ifdef CURLRES_IPV6
+ /* Treat the request as done until the thread actually starts so any early
+ * cleanup gets done properly.
+ */
+ tsd->done = 1;
+#ifdef HAVE_GETADDRINFO
DEBUGASSERT(hints);
tsd->hints = *hints;
#else
@@ -262,9 +267,10 @@ static int getaddrinfo_complete(struct connectdata *conn)
* For builds without ARES, but with ENABLE_IPV6, create a resolver thread
* and wait on it.
*/
-static unsigned int CURL_STDCALL getaddrinfo_thread (void *arg)
+static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg)
{
struct thread_sync_data *tsd = (struct thread_sync_data*)arg;
+ struct thread_data *td = tsd->td;
char service[12];
int rc;
@@ -277,10 +283,21 @@ static unsigned int CURL_STDCALL getaddrinfo_thread (void *arg)
if(tsd->sock_error == 0)
tsd->sock_error = RESOLVER_ENOMEM;
}
+ else {
+ Curl_addrinfo_set_port(tsd->res, tsd->port);
+ }
Curl_mutex_acquire(tsd->mtx);
- tsd->done = 1;
- Curl_mutex_release(tsd->mtx);
+ if(tsd->done) {
+ /* too late, gotta clean up the mess */
+ Curl_mutex_release(tsd->mtx);
+ destroy_thread_sync_data(tsd);
+ free(td);
+ }
+ else {
+ tsd->done = 1;
+ Curl_mutex_release(tsd->mtx);
+ }
return 0;
}
@@ -290,9 +307,10 @@ static unsigned int CURL_STDCALL getaddrinfo_thread (void *arg)
/*
* gethostbyname_thread() resolves a name and then exits.
*/
-static unsigned int CURL_STDCALL gethostbyname_thread (void *arg)
+static unsigned int CURL_STDCALL gethostbyname_thread(void *arg)
{
struct thread_sync_data *tsd = (struct thread_sync_data *)arg;
+ struct thread_data *td = tsd->td;
tsd->res = Curl_ipv4_resolve_r(tsd->hostname, tsd->port);
@@ -303,8 +321,16 @@ static unsigned int CURL_STDCALL gethostbyname_thread (void *arg)
}
Curl_mutex_acquire(tsd->mtx);
- tsd->done = 1;
- Curl_mutex_release(tsd->mtx);
+ if(tsd->done) {
+ /* too late, gotta clean up the mess */
+ Curl_mutex_release(tsd->mtx);
+ destroy_thread_sync_data(tsd);
+ free(td);
+ }
+ else {
+ tsd->done = 1;
+ Curl_mutex_release(tsd->mtx);
+ }
return 0;
}
@@ -314,23 +340,37 @@ static unsigned int CURL_STDCALL gethostbyname_thread (void *arg)
/*
* destroy_async_data() cleans up async resolver data and thread handle.
*/
-static void destroy_async_data (struct Curl_async *async)
+static void destroy_async_data(struct Curl_async *async)
{
- if(async->hostname)
- free(async->hostname);
-
if(async->os_specific) {
struct thread_data *td = (struct thread_data*) async->os_specific;
+ int done;
+
+ /*
+ * if the thread is still blocking in the resolve syscall, detach it and
+ * let the thread do the cleanup...
+ */
+ Curl_mutex_acquire(td->tsd.mtx);
+ done = td->tsd.done;
+ td->tsd.done = 1;
+ Curl_mutex_release(td->tsd.mtx);
+
+ if(!done) {
+ Curl_thread_destroy(td->thread_hnd);
+ }
+ else {
+ if(td->thread_hnd != curl_thread_t_null)
+ Curl_thread_join(&td->thread_hnd);
- if(td->thread_hnd != curl_thread_t_null)
- Curl_thread_join(&td->thread_hnd);
-
- destroy_thread_sync_data(&td->tsd);
+ destroy_thread_sync_data(&td->tsd);
- free(async->os_specific);
+ free(async->os_specific);
+ }
}
- async->hostname = NULL;
async->os_specific = NULL;
+
+ free(async->hostname);
+ async->hostname = NULL;
}
/*
@@ -339,16 +379,16 @@ static void destroy_async_data (struct Curl_async *async)
*
* Returns FALSE in case of failure, otherwise TRUE.
*/
-static bool init_resolve_thread (struct connectdata *conn,
- const char *hostname, int port,
- const struct addrinfo *hints)
+static bool init_resolve_thread(struct connectdata *conn,
+ const char *hostname, int port,
+ const struct addrinfo *hints)
{
struct thread_data *td = calloc(1, sizeof(struct thread_data));
- int err = RESOLVER_ENOMEM;
+ int err = ENOMEM;
- conn->async.os_specific = (void*) td;
+ conn->async.os_specific = (void *)td;
if(!td)
- goto err_exit;
+ goto errno_exit;
conn->async.port = port;
conn->async.done = FALSE;
@@ -356,14 +396,20 @@ static bool init_resolve_thread (struct connectdata *conn,
conn->async.dns = NULL;
td->thread_hnd = curl_thread_t_null;
- if(!init_thread_sync_data(&td->tsd, hostname, port, hints))
- goto err_exit;
+ if(!init_thread_sync_data(td, hostname, port, hints)) {
+ conn->async.os_specific = NULL;
+ free(td);
+ goto errno_exit;
+ }
- Curl_safefree(conn->async.hostname);
+ free(conn->async.hostname);
conn->async.hostname = strdup(hostname);
if(!conn->async.hostname)
goto err_exit;
+ /* The thread will set this to 1 when complete. */
+ td->tsd.done = 0;
+
#ifdef HAVE_GETADDRINFO
td->thread_hnd = Curl_thread_create(getaddrinfo_thread, &td->tsd);
#else
@@ -371,9 +417,9 @@ static bool init_resolve_thread (struct connectdata *conn,
#endif
if(!td->thread_hnd) {
-#ifndef _WIN32_WCE
+ /* The thread never started, so mark it as done here for proper cleanup. */
+ td->tsd.done = 1;
err = errno;
-#endif
goto err_exit;
}
@@ -382,8 +428,8 @@ static bool init_resolve_thread (struct connectdata *conn,
err_exit:
destroy_async_data(&conn->async);
- SET_ERRNO(err);
-
+ errno_exit:
+ errno = err;
return FALSE;
}
@@ -395,19 +441,21 @@ static bool init_resolve_thread (struct connectdata *conn,
static CURLcode resolver_error(struct connectdata *conn)
{
const char *host_or_proxy;
- CURLcode rc;
+ CURLcode result;
+
if(conn->bits.httpproxy) {
host_or_proxy = "proxy";
- rc = CURLE_COULDNT_RESOLVE_PROXY;
+ result = CURLE_COULDNT_RESOLVE_PROXY;
}
else {
host_or_proxy = "host";
- rc = CURLE_COULDNT_RESOLVE_HOST;
+ result = CURLE_COULDNT_RESOLVE_HOST;
}
failf(conn->data, "Could not resolve %s: %s", host_or_proxy,
conn->async.hostname);
- return rc;
+
+ return result;
}
/*
@@ -424,13 +472,13 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
struct Curl_dns_entry **entry)
{
struct thread_data *td = (struct thread_data*) conn->async.os_specific;
- CURLcode rc = CURLE_OK;
+ CURLcode result = CURLE_OK;
DEBUGASSERT(conn && td);
/* wait for the thread to resolve the name */
if(Curl_thread_join(&td->thread_hnd))
- rc = getaddrinfo_complete(conn);
+ result = getaddrinfo_complete(conn);
else
DEBUGASSERT(0);
@@ -441,14 +489,14 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
if(!conn->async.dns)
/* a name was not resolved, report error */
- rc = resolver_error(conn);
+ result = resolver_error(conn);
destroy_async_data(&conn->async);
if(!conn->async.dns)
- conn->bits.close = TRUE;
+ connclose(conn, "asynch resolve failed");
- return (rc);
+ return result;
}
/*
@@ -459,7 +507,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
struct Curl_dns_entry **entry)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct thread_data *td = (struct thread_data*) conn->async.os_specific;
int done = 0;
@@ -478,16 +526,17 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
getaddrinfo_complete(conn);
if(!conn->async.dns) {
- CURLcode rc = resolver_error(conn);
+ CURLcode result = resolver_error(conn);
destroy_async_data(&conn->async);
- return rc;
+ return result;
}
destroy_async_data(&conn->async);
*entry = conn->async.dns;
}
else {
/* poll for name lookup done with exponential backoff up to 250ms */
- long elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
+ timediff_t elapsed = Curl_timediff(Curl_now(),
+ data->progress.t_startsingle);
if(elapsed < 0)
elapsed = 0;
@@ -502,7 +551,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
td->poll_interval = 250;
td->interval_end = elapsed + td->poll_interval;
- Curl_expire(conn->data, td->poll_interval);
+ Curl_expire(conn->data, td->poll_interval, EXPIRE_ASYNC_NAME);
}
return CURLE_OK;
@@ -556,28 +605,33 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
int *waitp)
{
struct addrinfo hints;
- struct in_addr in;
Curl_addrinfo *res;
int error;
char sbuf[12];
int pf = PF_INET;
-#ifdef CURLRES_IPV6
- struct in6_addr in6;
-#endif /* CURLRES_IPV6 */
*waitp = 0; /* default to synchronous response */
- /* First check if this is an IPv4 address string */
- if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
- /* This is a dotted IP address 123.123.123.123-style */
- return Curl_ip2addr(AF_INET, &in, hostname, port);
-
+#ifndef USE_RESOLVE_ON_IPS
+ {
+ struct in_addr in;
+ /* First check if this is an IPv4 address string */
+ if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
+ /* This is a dotted IP address 123.123.123.123-style */
+ return Curl_ip2addr(AF_INET, &in, hostname, port);
+ }
#ifdef CURLRES_IPV6
- /* check if this is an IPv6 address string */
- if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0)
- /* This is an IPv6 address literal */
- return Curl_ip2addr(AF_INET6, &in6, hostname, port);
+ {
+ struct in6_addr in6;
+ /* check if this is an IPv6 address string */
+ if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0)
+ /* This is an IPv6 address literal */
+ return Curl_ip2addr(AF_INET6, &in6, hostname, port);
+ }
+#endif /* CURLRES_IPV6 */
+#endif /* !USE_RESOLVE_ON_IPS */
+#ifdef CURLRES_IPV6
/*
* Check if a limited name resolve has been requested.
*/
@@ -594,9 +648,8 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
}
if((pf != PF_INET) && !Curl_ipv6works())
- /* the stack seems to be a non-ipv6 one */
+ /* The stack seems to be a non-IPv6 one */
pf = PF_INET;
-
#endif /* CURLRES_IPV6 */
memset(&hints, 0, sizeof(hints));
@@ -613,7 +666,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
/* fall-back to blocking version */
infof(conn->data, "init_resolve_thread() failed for %s; %s\n",
- hostname, Curl_strerror(conn, ERRNO));
+ hostname, Curl_strerror(conn, errno));
error = Curl_getaddrinfo_ex(hostname, sbuf, &hints, &res);
if(error) {
@@ -621,12 +674,16 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
hostname, port, Curl_strerror(conn, SOCKERRNO));
return NULL;
}
+ else {
+ Curl_addrinfo_set_port(res, port);
+ }
+
return res;
}
#endif /* !HAVE_GETADDRINFO */
-CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+CURLcode Curl_set_dns_servers(struct Curl_easy *data,
char *servers)
{
(void)data;
@@ -635,7 +692,7 @@ CURLcode Curl_set_dns_servers(struct SessionHandle *data,
}
-CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+CURLcode Curl_set_dns_interface(struct Curl_easy *data,
const char *interf)
{
(void)data;
@@ -643,7 +700,7 @@ CURLcode Curl_set_dns_interface(struct SessionHandle *data,
return CURLE_NOT_BUILT_IN;
}
-CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip4(struct Curl_easy *data,
const char *local_ip4)
{
(void)data;
@@ -651,7 +708,7 @@ CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
return CURLE_NOT_BUILT_IN;
}
-CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip6(struct Curl_easy *data,
const char *local_ip6)
{
(void)data;
diff --git a/libs/libcurl/src/asyn.h b/libs/libcurl/src/asyn.h
index 1b681ea122..3adc3664a2 100644
--- a/libs/libcurl/src/asyn.h
+++ b/libs/libcurl/src/asyn.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -27,7 +27,7 @@
struct addrinfo;
struct hostent;
-struct SessionHandle;
+struct Curl_easy;
struct connectdata;
struct Curl_dns_entry;
diff --git a/libs/libcurl/src/axtls.h b/libs/libcurl/src/axtls.h
deleted file mode 100644
index db91365976..0000000000
--- a/libs/libcurl/src/axtls.h
+++ /dev/null
@@ -1,68 +0,0 @@
-#ifndef HEADER_CURL_AXTLS_H
-#define HEADER_CURL_AXTLS_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2010, DirecTV
- * contact: Eric Hu <ehu@directv.com>
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#ifdef USE_AXTLS
-#include "curl/curl.h"
-#include "urldata.h"
-
-int Curl_axtls_init(void);
-int Curl_axtls_cleanup(void);
-CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex);
-CURLcode Curl_axtls_connect_nonblocking(
- struct connectdata *conn,
- int sockindex,
- bool *done);
-
-/* tell axTLS to close down all open information regarding connections (and
- thus session ID caching etc) */
-void Curl_axtls_close_all(struct SessionHandle *data);
-
- /* close a SSL connection */
-void Curl_axtls_close(struct connectdata *conn, int sockindex);
-
-void Curl_axtls_session_free(void *ptr);
-size_t Curl_axtls_version(char *buffer, size_t size);
-int Curl_axtls_shutdown(struct connectdata *conn, int sockindex);
-int Curl_axtls_check_cxn(struct connectdata *conn);
-
-/* API setup for axTLS */
-#define curlssl_init Curl_axtls_init
-#define curlssl_cleanup Curl_axtls_cleanup
-#define curlssl_connect Curl_axtls_connect
-#define curlssl_connect_nonblocking Curl_axtls_connect_nonblocking
-#define curlssl_session_free(x) Curl_axtls_session_free(x)
-#define curlssl_close_all Curl_axtls_close_all
-#define curlssl_close Curl_axtls_close
-#define curlssl_shutdown(x,y) Curl_axtls_shutdown(x,y)
-#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
-#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
-#define curlssl_version Curl_axtls_version
-#define curlssl_check_cxn(x) Curl_axtls_check_cxn(x)
-#define curlssl_data_pending(x,y) (x=x, y=y, 0)
-
-#endif /* USE_AXTLS */
-#endif /* HEADER_CURL_AXTLS_H */
-
diff --git a/libs/libcurl/src/base64.c b/libs/libcurl/src/base64.c
index 3f3f0f9b8b..204a2273d1 100644
--- a/libs/libcurl/src/base64.c
+++ b/libs/libcurl/src/base64.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,46 +23,64 @@
/* Base64 encoding/decoding */
#include "curl_setup.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "urldata.h" /* for the SessionHandle definition */
+#include "urldata.h" /* for the Curl_easy definition */
#include "warnless.h"
#include "curl_base64.h"
-#include "curl_memory.h"
#include "non-ascii.h"
-/* include memdebug.h last */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
/* ---- Base64 Encoding/Decoding Table --- */
-static const char table64[]=
+static const char base64[]=
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-static void decodeQuantum(unsigned char *dest, const char *src)
+/* The Base 64 encoding with an URL and filename safe alphabet, RFC 4648
+ section 5 */
+static const char base64url[]=
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+
+static size_t decodeQuantum(unsigned char *dest, const char *src)
{
+ size_t padding = 0;
const char *s, *p;
- unsigned long i, v, x = 0;
+ unsigned long i, x = 0;
for(i = 0, s = src; i < 4; i++, s++) {
- v = 0;
- p = table64;
- while(*p && (*p != *s)) {
- v++;
- p++;
- }
- if(*p == *s)
- x = (x << 6) + v;
- else if(*s == '=')
+ unsigned long v = 0;
+
+ if(*s == '=') {
x = (x << 6);
+ padding++;
+ }
+ else {
+ p = base64;
+
+ while(*p && (*p != *s)) {
+ v++;
+ p++;
+ }
+
+ if(*p == *s)
+ x = (x << 6) + v;
+ else
+ return 0;
+ }
}
- dest[2] = curlx_ultouc(x & 0xFFUL);
+ if(padding < 1)
+ dest[2] = curlx_ultouc(x & 0xFFUL);
+
x >>= 8;
- dest[1] = curlx_ultouc(x & 0xFFUL);
+ if(padding < 2)
+ dest[1] = curlx_ultouc(x & 0xFFUL);
+
x >>= 8;
dest[0] = curlx_ultouc(x & 0xFFUL);
+
+ return 3 - padding;
}
/*
@@ -82,84 +100,80 @@ static void decodeQuantum(unsigned char *dest, const char *src)
CURLcode Curl_base64_decode(const char *src,
unsigned char **outptr, size_t *outlen)
{
+ size_t srclen = 0;
size_t length = 0;
- size_t equalsTerm = 0;
+ size_t padding = 0;
size_t i;
size_t numQuantums;
- unsigned char lastQuantum[3];
size_t rawlen = 0;
+ unsigned char *pos;
unsigned char *newstr;
*outptr = NULL;
*outlen = 0;
+ srclen = strlen(src);
+
+ /* Check the length of the input string is valid */
+ if(!srclen || srclen % 4)
+ return CURLE_BAD_CONTENT_ENCODING;
+ /* Find the position of any = padding characters */
while((src[length] != '=') && src[length])
length++;
+
/* A maximum of two = padding characters is allowed */
if(src[length] == '=') {
- equalsTerm++;
- if(src[length+equalsTerm] == '=')
- equalsTerm++;
+ padding++;
+ if(src[length + 1] == '=')
+ padding++;
}
- numQuantums = (length + equalsTerm) / 4;
- /* Don't allocate a buffer if the decoded length is 0 */
- if(numQuantums == 0)
- return CURLE_OK;
+ /* Check the = padding characters weren't part way through the input */
+ if(length + padding != srclen)
+ return CURLE_BAD_CONTENT_ENCODING;
- rawlen = (numQuantums * 3) - equalsTerm;
+ /* Calculate the number of quantums */
+ numQuantums = srclen / 4;
- /* The buffer must be large enough to make room for the last quantum
- (which may be partially thrown out) and the zero terminator. */
- newstr = malloc(rawlen+4);
+ /* Calculate the size of the decoded string */
+ rawlen = (numQuantums * 3) - padding;
+
+ /* Allocate our buffer including room for a zero terminator */
+ newstr = malloc(rawlen + 1);
if(!newstr)
return CURLE_OUT_OF_MEMORY;
- *outptr = newstr;
+ pos = newstr;
- /* Decode all but the last quantum (which may not decode to a
- multiple of 3 bytes) */
- for(i = 0; i < numQuantums - 1; i++) {
- decodeQuantum(newstr, src);
- newstr += 3; src += 4;
- }
+ /* Decode the quantums */
+ for(i = 0; i < numQuantums; i++) {
+ size_t result = decodeQuantum(pos, src);
+ if(!result) {
+ free(newstr);
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
- /* This final decode may actually read slightly past the end of the buffer
- if the input string is missing pad bytes. This will almost always be
- harmless. */
- decodeQuantum(lastQuantum, src);
- for(i = 0; i < 3 - equalsTerm; i++)
- newstr[i] = lastQuantum[i];
+ pos += result;
+ src += 4;
+ }
- newstr[i] = '\0'; /* zero terminate */
+ /* Zero terminate */
+ *pos = '\0';
- *outlen = rawlen; /* return size of decoded data */
+ /* Return the decoded data */
+ *outptr = newstr;
+ *outlen = rawlen;
return CURLE_OK;
}
-/*
- * Curl_base64_encode()
- *
- * Given a pointer to an input buffer and an input size, encode it and
- * return a pointer in *outptr to a newly allocated memory area holding
- * encoded data. Size of encoded data is returned in variable pointed by
- * outlen.
- *
- * Input length of 0 indicates input buffer holds a NUL-terminated string.
- *
- * Returns CURLE_OK on success, otherwise specific error code. Function
- * output shall not be considered valid unless CURLE_OK is returned.
- *
- * When encoded data length is 0, returns NULL in *outptr.
- *
- * @unittest: 1302
- */
-CURLcode Curl_base64_encode(struct SessionHandle *data,
- const char *inputbuff, size_t insize,
- char **outptr, size_t *outlen)
+static CURLcode base64_encode(const char *table64,
+ struct Curl_easy *data,
+ const char *inputbuff, size_t insize,
+ char **outptr, size_t *outlen)
{
- CURLcode error;
+ CURLcode result;
unsigned char ibuf[3];
unsigned char obuf[4];
int i;
@@ -173,11 +187,16 @@ CURLcode Curl_base64_encode(struct SessionHandle *data,
*outptr = NULL;
*outlen = 0;
- if(0 == insize)
+ if(!insize)
insize = strlen(indata);
- base64data = output = malloc(insize*4/3+4);
- if(NULL == output)
+#if SIZEOF_SIZE_T == 4
+ if(insize > UINT_MAX/4)
+ return CURLE_OUT_OF_MEMORY;
+#endif
+
+ base64data = output = malloc(insize * 4 / 3 + 4);
+ if(!output)
return CURLE_OUT_OF_MEMORY;
/*
@@ -185,10 +204,10 @@ CURLcode Curl_base64_encode(struct SessionHandle *data,
* not the host encoding. And we can't change the actual input
* so we copy it to a buffer, translate it, and use that instead.
*/
- error = Curl_convert_clone(data, indata, insize, &convbuf);
- if(error) {
+ result = Curl_convert_clone(data, indata, insize, &convbuf);
+ if(result) {
free(output);
- return error;
+ return result;
}
if(convbuf)
@@ -219,30 +238,83 @@ CURLcode Curl_base64_encode(struct SessionHandle *data,
table64[obuf[0]],
table64[obuf[1]]);
break;
+
case 2: /* two bytes read */
snprintf(output, 5, "%c%c%c=",
table64[obuf[0]],
table64[obuf[1]],
table64[obuf[2]]);
break;
+
default:
snprintf(output, 5, "%c%c%c%c",
table64[obuf[0]],
table64[obuf[1]],
table64[obuf[2]],
- table64[obuf[3]] );
+ table64[obuf[3]]);
break;
}
output += 4;
}
+
+ /* Zero terminate */
*output = '\0';
- *outptr = base64data; /* return pointer to new data, allocated memory */
- if(convbuf)
- free(convbuf);
+ /* Return the pointer to the new data (allocated memory) */
+ *outptr = base64data;
+
+ free(convbuf);
- *outlen = strlen(base64data); /* return the length of the new data */
+ /* Return the length of the new data */
+ *outlen = strlen(base64data);
return CURLE_OK;
}
-/* ---- End of Base64 Encoding ---- */
+
+/*
+ * Curl_base64_encode()
+ *
+ * Given a pointer to an input buffer and an input size, encode it and
+ * return a pointer in *outptr to a newly allocated memory area holding
+ * encoded data. Size of encoded data is returned in variable pointed by
+ * outlen.
+ *
+ * Input length of 0 indicates input buffer holds a NUL-terminated string.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When encoded data length is 0, returns NULL in *outptr.
+ *
+ * @unittest: 1302
+ */
+CURLcode Curl_base64_encode(struct Curl_easy *data,
+ const char *inputbuff, size_t insize,
+ char **outptr, size_t *outlen)
+{
+ return base64_encode(base64, data, inputbuff, insize, outptr, outlen);
+}
+
+/*
+ * Curl_base64url_encode()
+ *
+ * Given a pointer to an input buffer and an input size, encode it and
+ * return a pointer in *outptr to a newly allocated memory area holding
+ * encoded data. Size of encoded data is returned in variable pointed by
+ * outlen.
+ *
+ * Input length of 0 indicates input buffer holds a NUL-terminated string.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When encoded data length is 0, returns NULL in *outptr.
+ *
+ * @unittest: 1302
+ */
+CURLcode Curl_base64url_encode(struct Curl_easy *data,
+ const char *inputbuff, size_t insize,
+ char **outptr, size_t *outlen)
+{
+ return base64_encode(base64url, data, inputbuff, insize, outptr, outlen);
+}
diff --git a/libs/libcurl/src/bundles.c b/libs/libcurl/src/bundles.c
deleted file mode 100644
index aadf02656c..0000000000
--- a/libs/libcurl/src/bundles.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#include <curl/curl.h>
-
-#include "urldata.h"
-#include "url.h"
-#include "progress.h"
-#include "multiif.h"
-#include "bundles.h"
-#include "sendf.h"
-#include "rawstr.h"
-
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-static void conn_llist_dtor(void *user, void *element)
-{
- struct connectdata *data = element;
- (void)user;
-
- data->bundle = NULL;
-}
-
-CURLcode Curl_bundle_create(struct SessionHandle *data,
- struct connectbundle **cb_ptr)
-{
- (void)data;
- DEBUGASSERT(*cb_ptr == NULL);
- *cb_ptr = malloc(sizeof(struct connectbundle));
- if(!*cb_ptr)
- return CURLE_OUT_OF_MEMORY;
-
- (*cb_ptr)->num_connections = 0;
- (*cb_ptr)->server_supports_pipelining = FALSE;
-
- (*cb_ptr)->conn_list = Curl_llist_alloc((curl_llist_dtor) conn_llist_dtor);
- if(!(*cb_ptr)->conn_list) {
- Curl_safefree(*cb_ptr);
- return CURLE_OUT_OF_MEMORY;
- }
- return CURLE_OK;
-}
-
-void Curl_bundle_destroy(struct connectbundle *cb_ptr)
-{
- if(!cb_ptr)
- return;
-
- if(cb_ptr->conn_list) {
- Curl_llist_destroy(cb_ptr->conn_list, NULL);
- cb_ptr->conn_list = NULL;
- }
- Curl_safefree(cb_ptr);
-}
-
-/* Add a connection to a bundle */
-CURLcode Curl_bundle_add_conn(struct connectbundle *cb_ptr,
- struct connectdata *conn)
-{
- if(!Curl_llist_insert_next(cb_ptr->conn_list, cb_ptr->conn_list->tail, conn))
- return CURLE_OUT_OF_MEMORY;
-
- conn->bundle = cb_ptr;
-
- cb_ptr->num_connections++;
- return CURLE_OK;
-}
-
-/* Remove a connection from a bundle */
-int Curl_bundle_remove_conn(struct connectbundle *cb_ptr,
- struct connectdata *conn)
-{
- struct curl_llist_element *curr;
-
- curr = cb_ptr->conn_list->head;
- while(curr) {
- if(curr->ptr == conn) {
- Curl_llist_remove(cb_ptr->conn_list, curr, NULL);
- cb_ptr->num_connections--;
- conn->bundle = NULL;
- return 1; /* we removed a handle */
- }
- curr = curr->next;
- }
- return 0;
-}
diff --git a/libs/libcurl/src/bundles.h b/libs/libcurl/src/bundles.h
deleted file mode 100644
index 3816c40655..0000000000
--- a/libs/libcurl/src/bundles.h
+++ /dev/null
@@ -1,45 +0,0 @@
-#ifndef HEADER_CURL_BUNDLES_H
-#define HEADER_CURL_BUNDLES_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-struct connectbundle {
- bool server_supports_pipelining; /* TRUE if server supports pipelining,
- set after first response */
- size_t num_connections; /* Number of connections in the bundle */
- struct curl_llist *conn_list; /* The connectdata members of the bundle */
-};
-
-CURLcode Curl_bundle_create(struct SessionHandle *data,
- struct connectbundle **cb_ptr);
-
-void Curl_bundle_destroy(struct connectbundle *cb_ptr);
-
-CURLcode Curl_bundle_add_conn(struct connectbundle *cb_ptr,
- struct connectdata *conn);
-
-int Curl_bundle_remove_conn(struct connectbundle *cb_ptr,
- struct connectdata *conn);
-
-
-#endif /* HEADER_CURL_BUNDLES_H */
-
diff --git a/libs/libcurl/src/checksrc.pl b/libs/libcurl/src/checksrc.pl
index 9f5058ddb5..c1f74bebf3 100644
--- a/libs/libcurl/src/checksrc.pl
+++ b/libs/libcurl/src/checksrc.pl
@@ -6,11 +6,11 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2011 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
@@ -26,14 +26,90 @@ my $indent = 2;
my $warnings;
my $errors;
+my $supressed; # whitelisted problems
my $file;
my $dir=".";
my $wlist;
+my $windows_os = $^O eq 'MSWin32' || $^O eq 'msys' || $^O eq 'cygwin';
+my $verbose;
+my %whitelist;
+
+my %warnings = (
+ 'LONGLINE' => "Line longer than $max_column",
+ 'TABS' => 'TAB characters not allowed',
+ 'TRAILINGSPACE' => 'Trailing white space on the line',
+ 'CPPCOMMENTS' => '// comment detected',
+ 'SPACEBEFOREPAREN' => 'space before an open parenthesis',
+ 'SPACEAFTERPAREN' => 'space after open parenthesis',
+ 'SPACEBEFORECLOSE' => 'space before a close parenthesis',
+ 'SPACEBEFORECOMMA' => 'space before a comma',
+ 'RETURNNOSPACE' => 'return without space',
+ 'COMMANOSPACE' => 'comma without following space',
+ 'BRACEELSE' => '} else on the same line',
+ 'PARENBRACE' => '){ without sufficient space',
+ 'SPACESEMILCOLON' => 'space before semicolon',
+ 'BANNEDFUNC' => 'a banned function was used',
+ 'FOPENMODE' => 'fopen needs a macro for the mode string',
+ 'BRACEPOS' => 'wrong position for an open brace',
+ 'INDENTATION' => 'wrong start column for code',
+ 'COPYRIGHT' => 'file missing a copyright statement',
+ 'BADCOMMAND' => 'bad !checksrc! instruction',
+ 'UNUSEDIGNORE' => 'a warning ignore was not used',
+ 'OPENCOMMENT' => 'file ended with a /* comment still "open"',
+ 'ASTERISKSPACE' => 'pointer declared with space after asterisk',
+ 'ASTERISKNOSPACE' => 'pointer declared without space before asterisk',
+ 'ASSIGNWITHINCONDITION' => 'assignment within conditional expression',
+ 'EQUALSNOSPACE' => 'equals sign without following space',
+ 'NOSPACEEQUALS' => 'equals sign without preceeding space',
+ 'SEMINOSPACE' => 'semicolon without following space',
+ 'MULTISPACE' => 'multiple spaces used when not suitable',
+ );
+
+sub readwhitelist {
+ open(W, "<$dir/checksrc.whitelist");
+ my @all=<W>;
+ for(@all) {
+ $windows_os ? $_ =~ s/\r?\n$// : chomp;
+ $whitelist{$_}=1;
+ }
+ close(W);
+}
sub checkwarn {
- my ($num, $col, $file, $line, $msg, $error) = @_;
+ my ($name, $num, $col, $file, $line, $msg, $error) = @_;
my $w=$error?"error":"warning";
+ my $nowarn=0;
+
+ #if(!$warnings{$name}) {
+ # print STDERR "Dev! there's no description for $name!\n";
+ #}
+
+ # checksrc.whitelist
+ if($whitelist{$line}) {
+ $nowarn = 1;
+ }
+ # !checksrc! controlled
+ elsif($ignore{$name}) {
+ $ignore{$name}--;
+ $ignore_used{$name}++;
+ $nowarn = 1;
+ if(!$ignore{$name}) {
+ # reached zero, enable again
+ enable_warn($name, $line, $file, $l);
+ }
+ }
+
+ if($nowarn) {
+ $supressed++;
+ if($w) {
+ $swarnings++;
+ }
+ else {
+ $serrors++;
+ }
+ return;
+ }
if($w) {
$warnings++;
@@ -43,7 +119,7 @@ sub checkwarn {
}
$col++;
- print "$file:$num:$col: $w: $msg\n";
+ print "$file:$num:$col: $w: $msg ($name)\n";
print " $line\n";
if($col < 80) {
@@ -66,6 +142,10 @@ while(1) {
$file = shift @ARGV;
next;
}
+ elsif($file =~ /^(-h|--help)/) {
+ undef $file;
+ last;
+ }
last;
}
@@ -74,10 +154,17 @@ if(!$file) {
print "checksrc.pl [option] <file1> [file2] ...\n";
print " Options:\n";
print " -D[DIR] Directory to prepend file names\n";
+ print " -h Show help output\n";
print " -W[file] Whitelist the given file - ignore all its flaws\n";
+ print "\nDetects and warns for these problems:\n";
+ for(sort keys %warnings) {
+ printf (" %-18s: %s\n", $_, $warnings{$_});
+ }
exit;
}
+readwhitelist();
+
do {
if("$wlist" !~ / $file /) {
my $fullname = $file;
@@ -88,6 +175,84 @@ do {
} while($file);
+sub checksrc_clear {
+ undef %ignore;
+ undef %ignore_set;
+ undef @ignore_line;
+}
+
+sub checksrc_endoffile {
+ my ($file) = @_;
+ for(keys %ignore_set) {
+ if($ignore_set{$_} && !$ignore_used{$_}) {
+ checkwarn("UNUSEDIGNORE", $ignore_set{$_},
+ length($_)+11, $file,
+ $ignore_line[$ignore_set{$_}],
+ "Unused ignore: $_");
+ }
+ }
+}
+
+sub enable_warn {
+ my ($what, $line, $file, $l) = @_;
+
+ # switch it back on, but warn if not triggered!
+ if(!$ignore_used{$what}) {
+ checkwarn("UNUSEDIGNORE",
+ $line, length($what) + 11, $file, $l,
+ "No warning was inhibited!");
+ }
+ $ignore_set{$what}=0;
+ $ignore_used{$what}=0;
+ $ignore{$what}=0;
+}
+sub checksrc {
+ my ($cmd, $line, $file, $l) = @_;
+ if($cmd =~ / *([^ ]*) *(.*)/) {
+ my ($enable, $what) = ($1, $2);
+ $what =~ s: *\*/$::; # cut off end of C comment
+ # print "ENABLE $enable WHAT $what\n";
+ if($enable eq "disable") {
+ my ($warn, $scope)=($1, $2);
+ if($what =~ /([^ ]*) +(.*)/) {
+ ($warn, $scope)=($1, $2);
+ }
+ else {
+ $warn = $what;
+ $scope = 1;
+ }
+ # print "IGNORE $warn for SCOPE $scope\n";
+ if($scope eq "all") {
+ $scope=999999;
+ }
+
+ if($ignore_set{$warn}) {
+ checkwarn("BADCOMMAND",
+ $line, 0, $file, $l,
+ "$warn already disabled from line $ignore_set{$warn}");
+ }
+ else {
+ $ignore{$warn}=$scope;
+ $ignore_set{$warn}=$line;
+ $ignore_line[$line]=$l;
+ }
+ }
+ elsif($enable eq "enable") {
+ enable_warn($what, $line, $file, $l);
+ }
+ else {
+ checkwarn("BADCOMMAND",
+ $line, 0, $file, $l,
+ "Illegal !checksrc! command");
+ }
+ }
+}
+
+sub nostrings {
+ my ($str) = @_;
+ $str =~ s/\".*\"//g;
+ return $str;
+}
sub scanfile {
my ($file) = @_;
@@ -97,13 +262,22 @@ sub scanfile {
my $l;
open(R, "<$file") || die "failed to open $file";
+ my $incomment=0;
my $copyright=0;
+ checksrc_clear(); # for file based ignores
while(<R>) {
- chomp;
+ $windows_os ? $_ =~ s/\r?\n$// : chomp;
my $l = $_;
+ my $ol = $l; # keep the unmodified line for error reporting
my $column = 0;
+ # check for !checksrc! commands
+ if($l =~ /\!checksrc\! (.*)/) {
+ my $cmd = $1;
+ checksrc($cmd, $line, $file, $l)
+ }
+
# check for a copyright statement
if(!$copyright && ($l =~ /copyright .* \d\d\d\d/i)) {
$copyright=1;
@@ -111,53 +285,205 @@ sub scanfile {
# detect long lines
if(length($l) > $max_column) {
- checkwarn($line, length($l), $file, $l, "Longer than $max_column columns");
+ checkwarn("LONGLINE", $line, length($l), $file, $l,
+ "Longer than $max_column columns");
}
# detect TAB characters
if($l =~ /^(.*)\t/) {
- checkwarn($line, length($1), $file, $l, "Contains TAB character", 1);
+ checkwarn("TABS",
+ $line, length($1), $file, $l, "Contains TAB character", 1);
}
# detect trailing white space
if($l =~ /^(.*)[ \t]+\z/) {
- checkwarn($line, length($1), $file, $l, "Trailing whitespace");
+ checkwarn("TRAILINGSPACE",
+ $line, length($1), $file, $l, "Trailing whitespace");
+ }
+
+ # ------------------------------------------------------------
+ # Above this marker, the checks were done on lines *including*
+ # comments
+ # ------------------------------------------------------------
+
+ # strip off C89 comments
+
+ comment:
+ if(!$incomment) {
+ if($l =~ s/\/\*.*\*\// /g) {
+ # full /* comments */ were removed!
+ }
+ if($l =~ s/\/\*.*//) {
+ # start of /* comment was removed
+ $incomment = 1;
+ }
+ }
+ else {
+ if($l =~ s/.*\*\///) {
+ # end of comment */ was removed
+ $incomment = 0;
+ goto comment;
+ }
+ else {
+ # still within a comment
+ $l="";
+ }
}
- # check spaces after for/if/while
- if($l =~ /^(.*)(for|if|while) \(/) {
+ # ------------------------------------------------------------
+ # Below this marker, the checks were done on lines *without*
+ # comments
+ # ------------------------------------------------------------
+
+ # crude attempt to detect // comments without too many false
+ # positives
+ if($l =~ /^([^"\*]*)[^:"]\/\//) {
+ checkwarn("CPPCOMMENTS",
+ $line, length($1), $file, $l, "\/\/ comment");
+ }
+
+ my $nostr = nostrings($l);
+ # check spaces after for/if/while/function call
+ if($nostr =~ /^(.*)(for|if|while| ([a-zA-Z0-9_]+)) \((.)/) {
if($1 =~ / *\#/) {
# this is a #if, treat it differently
}
+ elsif($3 eq "return") {
+ # return must have a space
+ }
+ elsif($3 eq "case") {
+ # case must have a space
+ }
+ elsif($4 eq "*") {
+ # (* beginning makes the space OK!
+ }
+ elsif($1 =~ / *typedef/) {
+ # typedefs can use space-paren
+ }
else {
- checkwarn($line, length($1)+length($2), $file, $l,
+ checkwarn("SPACEBEFOREPAREN", $line, length($1)+length($2), $file, $l,
"$2 with space");
}
}
- # check spaces after open paren after for/if/while
- if($l =~ /^(.*)(for|if|while)\( /) {
+ if($nostr =~ /^((.*)(if) *\()(.*)\)/) {
+ my $pos = length($1);
+ if($4 =~ / = /) {
+ checkwarn("ASSIGNWITHINCONDITION",
+ $line, $pos+1, $file, $l,
+ "assignment within conditional expression");
+ }
+ }
+ # check spaces after open parentheses
+ if($l =~ /^(.*[a-z])\( /i) {
+ checkwarn("SPACEAFTERPAREN",
+ $line, length($1)+1, $file, $l,
+ "space after open parenthesis");
+ }
+
+ # check spaces before close parentheses, unless it was a space or a
+ # close parenthesis!
+ if($l =~ /(.*[^\) ]) \)/) {
+ checkwarn("SPACEBEFORECLOSE",
+ $line, length($1)+1, $file, $l,
+ "space before close parenthesis");
+ }
+
+ # check spaces before comma!
+ if($l =~ /(.*[^ ]) ,/) {
+ checkwarn("SPACEBEFORECOMMA",
+ $line, length($1)+1, $file, $l,
+ "space before comma");
+ }
+
+ # check for "return(" without space
+ if($l =~ /^(.*)return\(/) {
if($1 =~ / *\#/) {
# this is a #if, treat it differently
}
else {
- checkwarn($line, length($1)+length($2)+1, $file, $l,
- "$2 with space first in condition");
+ checkwarn("RETURNNOSPACE", $line, length($1)+6, $file, $l,
+ "return without space before paren");
+ }
+ }
+
+ # check for comma without space
+ if($l =~ /^(.*),[^ \n]/) {
+ my $pref=$1;
+ my $ign=0;
+ if($pref =~ / *\#/) {
+ # this is a #if, treat it differently
+ $ign=1;
+ }
+ elsif($pref =~ /\/\*/) {
+ # this is a comment
+ $ign=1;
+ }
+ elsif($pref =~ /[\"\']/) {
+ $ign = 1;
+ # There is a quote here, figure out whether the comma is
+ # within a string or '' or not.
+ if($pref =~ /\"/) {
+ # withing a string
+ }
+ elsif($pref =~ /\'$/) {
+ # a single letter
+ }
+ else {
+ $ign = 0;
+ }
+ }
+ if(!$ign) {
+ checkwarn("COMMANOSPACE", $line, length($pref)+1, $file, $l,
+ "comma without following space");
}
}
# check for "} else"
if($l =~ /^(.*)\} *else/) {
- checkwarn($line, length($1), $file, $l, "else after closing brace on same line");
+ checkwarn("BRACEELSE",
+ $line, length($1), $file, $l, "else after closing brace on same line");
}
# check for "){"
if($l =~ /^(.*)\)\{/) {
- checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
+ checkwarn("PARENBRACE",
+ $line, length($1)+1, $file, $l, "missing space after close paren");
+ }
+
+ # check for space before the semicolon last in a line
+ if($l =~ /^(.*[^ ].*) ;$/) {
+ checkwarn("SPACESEMILCOLON",
+ $line, length($1), $file, $ol, "space before last semicolon");
+ }
+
+ # scan for use of banned functions
+ if($l =~ /^(.*\W)
+ (gets|
+ strtok|
+ v?sprintf|
+ (str|_mbs|_tcs|_wcs)n?cat|
+ LoadLibrary(Ex)?(A|W)?)
+ \s*\(
+ /x) {
+ checkwarn("BANNEDFUNC",
+ $line, length($1), $file, $ol,
+ "use of $2 is banned");
+ }
+
+ # scan for use of non-binary fopen without the macro
+ if($l =~ /^(.*\W)fopen\s*\([^,]*, *\"([^"]*)/) {
+ my $mode = $2;
+ if($mode !~ /b/) {
+ checkwarn("FOPENMODE",
+ $line, length($1), $file, $ol,
+ "use of non-binary fopen without FOPEN_* macro: $mode");
+ }
}
# check for open brace first on line but not first column
# only alert if previous line ended with a close paren and wasn't a cpp
# line
if((($prevl =~ /\)\z/) && ($prevl !~ /^ *#/)) && ($l =~ /^( +)\{/)) {
- checkwarn($line, length($1), $file, $l, "badly placed open brace");
+ checkwarn("BRACEPOS",
+ $line, length($1), $file, $ol, "badly placed open brace");
}
# if the previous line starts with if/while/for AND ends with an open
@@ -172,27 +498,108 @@ sub scanfile {
my $expect = $first+$indent;
if($expect != $second) {
my $diff = $second - $first;
- checkwarn($line, length($1), $file, $l,
+ checkwarn("INDENTATION", $line, length($1), $file, $ol,
"not indented $indent steps, uses $diff)");
}
}
}
+ # check for 'char * name'
+ if(($l =~ /(^.*(char|int|long|void|curl_slist|CURL|CURLM|CURLMsg|curl_httppost) *(\*+)) (\w+)/) && ($4 ne "const")) {
+ checkwarn("ASTERISKNOSPACE",
+ $line, length($1), $file, $ol,
+ "no space after declarative asterisk");
+ }
+ # check for 'char*'
+ if(($l =~ /(^.*(char|int|long|void|curl_slist|CURL|CURLM|CURLMsg|curl_httppost|sockaddr_in|FILE)\*)/)) {
+ checkwarn("ASTERISKNOSPACE",
+ $line, length($1)-1, $file, $ol,
+ "no space before asterisk");
+ }
+
+ # check for 'void func() {', but avoid false positives by requiring
+ # both an open and closed parentheses before the open brace
+ if($l =~ /^((\w).*)\{\z/) {
+ my $k = $1;
+ $k =~ s/const *//;
+ $k =~ s/static *//;
+ if($k =~ /\(.*\)/) {
+ checkwarn("BRACEPOS",
+ $line, length($l)-1, $file, $ol,
+ "wrongly placed open brace");
+ }
+ }
+
+ # check for equals sign without spaces next to it
+ if($nostr =~ /(.*)\=[a-z0-9]/i) {
+ checkwarn("EQUALSNOSPACE",
+ $line, length($1)+1, $file, $ol,
+ "no space after equals sign");
+ }
+ # check for equals sign without spaces before it
+ elsif($nostr =~ /(.*)[a-z0-9]\=/i) {
+ checkwarn("NOSPACEEQUALS",
+ $line, length($1)+1, $file, $ol,
+ "no space before equals sign");
+ }
+
+ # check for plus signs without spaces next to it
+ if($nostr =~ /(.*)[^+]\+[a-z0-9]/i) {
+ checkwarn("PLUSNOSPACE",
+ $line, length($1)+1, $file, $ol,
+ "no space after plus sign");
+ }
+ # check for plus sign without spaces before it
+ elsif($nostr =~ /(.*)[a-z0-9]\+[^+]/i) {
+ checkwarn("NOSPACEPLUS",
+ $line, length($1)+1, $file, $ol,
+ "no space before plus sign");
+ }
+
+ # check for semicolons without space next to it
+ if($nostr =~ /(.*)\;[a-z0-9]/i) {
+ checkwarn("SEMINOSPACE",
+ $line, length($1)+1, $file, $ol,
+ "no space after semilcolon");
+ }
+
+ # check for more than one consecutive space before open brace or
+ # question mark. Skip lines containing strings since they make it hard
+ # due to artificially getting multiple spaces
+ if(($l eq $nostr) &&
+ $nostr =~ /^(.*(\S)) + [{?]/i) {
+ checkwarn("MULTISPACE",
+ $line, length($1)+1, $file, $ol,
+ "multiple space");
+ print STDERR "L: $l\n";
+ print STDERR "nostr: $nostr\n";
+ }
+
$line++;
- $prevl = $l;
+ $prevl = $ol;
}
if(!$copyright) {
- checkwarn(1, 0, $file, "", "Missing copyright statement", 1);
+ checkwarn("COPYRIGHT", 1, 0, $file, "", "Missing copyright statement", 1);
}
+ if($incomment) {
+ checkwarn("OPENCOMMENT", 1, 0, $file, "", "Missing closing comment", 1);
+ }
+
+ checksrc_endoffile($file);
close(R);
}
-if($errors || $warnings) {
+if($errors || $warnings || $verbose) {
printf "checksrc: %d errors and %d warnings\n", $errors, $warnings;
+ if($supressed) {
+ printf "checksrc: %d errors and %d warnings suppressed\n",
+ $serrors,
+ $swarnings;
+ }
exit 5; # return failure
}
diff --git a/libs/libcurl/src/config-amigaos.h b/libs/libcurl/src/config-amigaos.h
index 76d8877556..31cfc3afc2 100644
--- a/libs/libcurl/src/config-amigaos.h
+++ b/libs/libcurl/src/config-amigaos.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -93,13 +93,12 @@
#define USE_MANUAL 1
#define USE_OPENSSL 1
-#define USE_SSLEAY 1
#define CURL_DISABLE_LDAP 1
#define OS "AmigaOS"
#define PACKAGE "curl"
-#define PACKAGE_BUGREPORT "curl-bug@haxx.se"
+#define PACKAGE_BUGREPORT "a suitable mailing list: https://curl.haxx.se/mail/"
#define PACKAGE_NAME "curl"
#define PACKAGE_STRING "curl -"
#define PACKAGE_TARNAME "curl"
diff --git a/libs/libcurl/src/config-dos.h b/libs/libcurl/src/config-dos.h
index cce5e81065..eec7af9888 100644
--- a/libs/libcurl/src/config-dos.h
+++ b/libs/libcurl/src/config-dos.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -40,8 +40,10 @@
#define PACKAGE "curl"
#define HAVE_ARPA_INET_H 1
+#define HAVE_ASSERT_H 1
#define HAVE_ERRNO_H 1
#define HAVE_FCNTL_H 1
+#define HAVE_FREEADDRINFO 1
#define HAVE_GETADDRINFO 1
#define HAVE_GETNAMEINFO 1
#define HAVE_GETPROTOBYNAME 1
@@ -69,7 +71,6 @@
#define HAVE_SETMODE 1
#define HAVE_SIGNAL 1
#define HAVE_SOCKET 1
-#define HAVE_SPNEGO 1
#define HAVE_STRDUP 1
#define HAVE_STRICMP 1
#define HAVE_STRTOLL 1
@@ -86,9 +87,11 @@
#define RETSIGTYPE void
#define SIZEOF_INT 4
+#define SIZEOF_LONG 4
#define SIZEOF_LONG_DOUBLE 16
#define SIZEOF_SHORT 2
#define SIZEOF_SIZE_T 4
+#define SIZEOF_CURL_OFF_T 4
#define STDC_HEADERS 1
#define TIME_WITH_SYS_TIME 1
@@ -133,12 +136,11 @@
#define HAVE_LIBZ 1
#endif
-/* USE_SSLEAY on cmd-line */
-#ifdef USE_SSLEAY
+/* USE_OPENSSL on cmd-line */
+#ifdef USE_OPENSSL
#define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
#define HAVE_OPENSSL_ENGINE_H 1
#define OPENSSL_NO_KRB5 1
- #define USE_OPENSSL 1
#endif
/* to disable LDAP */
@@ -164,11 +166,6 @@
#define HAVE_TERMIOS_H 1
#define HAVE_VARIADIC_MACROS_GCC 1
- /* Because djgpp <= 2.03 doesn't have snprintf() etc. */
- #if (DJGPP_MINOR < 4)
- #define _MPRINTF_REPLACE
- #endif
-
#elif defined(__WATCOMC__)
#define HAVE_STRCASECMP 1
diff --git a/libs/libcurl/src/config-mac.h b/libs/libcurl/src/config-mac.h
index d89c38515a..3c12bdfacc 100644
--- a/libs/libcurl/src/config-mac.h
+++ b/libs/libcurl/src/config-mac.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -70,7 +70,6 @@
#define HAVE_SIG_ATOMIC_T 1
#ifdef MACOS_SSL_SUPPORT
-# define USE_SSLEAY 1
# define USE_OPENSSL 1
#endif
diff --git a/libs/libcurl/src/config-os400.h b/libs/libcurl/src/config-os400.h
index a290fe43d7..7844444feb 100644
--- a/libs/libcurl/src/config-os400.h
+++ b/libs/libcurl/src/config-os400.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -175,6 +175,15 @@
/* Define if you have GSS API. */
#define HAVE_GSSAPI
+/* Define if you have the GNU gssapi libraries */
+#undef HAVE_GSSGNU
+
+/* Define if you have the Heimdal gssapi libraries */
+#define HAVE_GSSHEIMDAL
+
+/* Define if you have the MIT gssapi libraries */
+#undef HAVE_GSSMIT
+
/* Define if you have the `ucb' library (-lucb). */
#undef HAVE_LIBUCB
@@ -394,8 +403,14 @@
/* The size of `short', as computed by sizeof. */
#define SIZEOF_SHORT 2
+/* The size of `long', as computed by sizeof. */
+#define SIZEOF_LONG 4
+
/* The size of `size_t', as computed by sizeof. */
-#define SIZEOF_SIZE_T 8
+#define SIZEOF_SIZE_T 4
+
+/* The size of `curl_off_t', as computed by sizeof. */
+#define SIZEOF_CURL_OFF_T 8
/* Whether long long constants must be suffixed by LL. */
@@ -528,11 +543,14 @@
/* Define to the function return type for send. */
#define SEND_TYPE_RETV int
-/* Define to use the QsoSSL package. */
-#define USE_QSOSSL
-
/* Define to use the GSKit package. */
-#undef USE_GSKIT
+#define USE_GSKIT
+
+/* Define to use the OS/400 crypto library. */
+#define USE_OS400CRYPTO
+
+/* Define to use Unix sockets. */
+#define USE_UNIX_SOCKETS
/* Use the system keyring as the default CA bundle. */
#define CURL_CA_BUNDLE "/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB"
diff --git a/libs/libcurl/src/config-riscos.h b/libs/libcurl/src/config-riscos.h
index e400577895..0379524fb3 100644
--- a/libs/libcurl/src/config-riscos.h
+++ b/libs/libcurl/src/config-riscos.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/config-symbian.h b/libs/libcurl/src/config-symbian.h
index 17d92b0619..92983d2421 100644
--- a/libs/libcurl/src/config-symbian.h
+++ b/libs/libcurl/src/config-symbian.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -69,7 +69,7 @@
/* #undef CURL_EXTERN_SYMBOL */
/* Use Windows LDAP implementation */
-/* #undef CURL_LDAP_WIN */
+/* #undef USE_WIN32_LDAP */
/* your Entropy Gathering Daemon socket pathname */
/* #undef EGD_SOCKET */
@@ -260,7 +260,8 @@
/* Define to 1 if you have the IoctlSocket camel case function. */
/* #undef HAVE_IOCTLSOCKET_CAMEL */
-/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function. */
+/* Define to 1 if you have a working IoctlSocket camel case FIONBIO
+ function. */
/* #undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO */
/* Define to 1 if you have the <io.h> header file. */
@@ -480,9 +481,6 @@
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
-/* Define this if you have the SPNEGO library fbopenssl */
-/* #undef HAVE_SPNEGO */
-
/* Define to 1 if you have the `SSL_get_shutdown' function. */
/*#define HAVE_SSL_GET_SHUTDOWN 1*/
@@ -659,7 +657,8 @@
/*#define PACKAGE "curl"*/
/* Define to the address where bug reports for this package should be sent. */
-/*#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"*/
+/*#define PACKAGE_BUGREPORT \
+ "a suitable curl mailing list => https://curl.haxx.se/mail/"*/
/* Define to the full name of this package. */
/*#define PACKAGE_NAME "curl"*/
@@ -677,7 +676,7 @@
/*#define RANDOM_FILE "/dev/urandom"*/
#define RECV_TYPE_ARG1 int
-#define RECV_TYPE_ARG2 void*
+#define RECV_TYPE_ARG2 void *
#define RECV_TYPE_ARG3 size_t
#define RECV_TYPE_ARG4 int
#define RECV_TYPE_RETV ssize_t
@@ -693,7 +692,7 @@
#define SEND_TYPE_ARG1 int
#define SEND_QUAL_ARG2 const
-#define SEND_TYPE_ARG2 void*
+#define SEND_TYPE_ARG2 void *
#define SEND_TYPE_ARG3 size_t
#define SEND_TYPE_ARG4 int
#define SEND_TYPE_RETV ssize_t
@@ -809,10 +808,4 @@
#define HAVE_ZLIB_H 1
#endif
-/* Enable appropriate definitions only when OpenSSL support is enabled */
-#ifdef USE_SSLEAY
-/* if OpenSSL is in use */
-#define USE_OPENSSL
-#endif
-
#endif /* HEADER_CURL_CONFIG_SYMBIAN_H */
diff --git a/libs/libcurl/src/config-tpf.h b/libs/libcurl/src/config-tpf.h
index ddb8f778c2..d1eb3d9062 100644
--- a/libs/libcurl/src/config-tpf.h
+++ b/libs/libcurl/src/config-tpf.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -246,7 +246,8 @@
/* Define to 1 if you have the IoctlSocket camel case function. */
/* #undef HAVE_IOCTLSOCKET_CAMEL */
-/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function. */
+/* Define to 1 if you have a working IoctlSocket camel case FIONBIO
+ function. */
/* #undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO */
/* Define to 1 if you have the <io.h> header file. */
@@ -436,9 +437,6 @@
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
-/* Define this if you have the SPNEGO library fbopenssl */
-/* #undef HAVE_SPNEGO */
-
/* Define to 1 if you have the <ssl.h> header file. */
/* #undef HAVE_SSL_H */
#define HAVE_SSL_H 1
@@ -581,7 +579,8 @@
#define PACKAGE "curl"
/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"
+#define PACKAGE_BUGREPORT \
+ "a suitable curl mailing list => https://curl.haxx.se/mail/"
/* Define to the full name of this package. */
#define PACKAGE_NAME "curl"
@@ -619,6 +618,9 @@
/* The size of `short', as computed by sizeof. */
#define SIZEOF_SHORT 2
+/* Define to the size of `long', as computed by sizeof. */
+#define SIZEOF_LONG 8
+
/* The size of `size_t', as computed by sizeof. */
#define SIZEOF_SIZE_T 8
@@ -647,7 +649,7 @@
/* #undef USE_OPENSSL */
/* if SSL is enabled */
-/* #undef USE_SSLEAY */
+/* #undef USE_OPENSSL */
/* to enable SSPI support */
/* #undef USE_WINDOWS_SSPI */
diff --git a/libs/libcurl/src/config-vxworks.h b/libs/libcurl/src/config-vxworks.h
index c94534afb8..780a4a225f 100644
--- a/libs/libcurl/src/config-vxworks.h
+++ b/libs/libcurl/src/config-vxworks.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -75,7 +75,7 @@
/* #undef CURL_EXTERN_SYMBOL */
/* Use Windows LDAP implementation */
-/* #undef CURL_LDAP_WIN */
+/* #undef USE_WIN32_LDAP */
/* your Entropy Gathering Daemon socket pathname */
/* #undef EGD_SOCKET */
@@ -547,9 +547,6 @@
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
-/* Define this if you have the SPNEGO library fbopenssl */
-/* #undef HAVE_SPNEGO */
-
/* Define to 1 if you have the `SSL_get_shutdown' function. */
#define HAVE_SSL_GET_SHUTDOWN 1
@@ -886,9 +883,6 @@
/* if OpenSSL is in use */
#define USE_OPENSSL 1
-/* if SSL is enabled */
-#define USE_SSLEAY 1
-
/* Define to 1 if you are building a Windows target without large file
support. */
/* #undef USE_WIN32_LARGE_FILES */
diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h
index 59ba4e538f..309f701a94 100644
--- a/libs/libcurl/src/config-win32.h
+++ b/libs/libcurl/src/config-win32.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -53,6 +53,11 @@
#define HAVE_GETOPT_H 1
#endif
+/* Define to 1 if you have the <inttypes.h> header file. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1800)
+#define HAVE_INTTYPES_H 1
+#endif
+
/* Define if you have the <io.h> header file. */
#define HAVE_IO_H 1
@@ -87,6 +92,11 @@
/* Define if you have the <ssl.h> header file. */
/* #define HAVE_SSL_H 1 */
+/* Define to 1 if you have the <stdbool.h> header file. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1800)
+#define HAVE_STDBOOL_H 1
+#endif
+
/* Define if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
@@ -160,6 +170,11 @@
/* Define if you can safely include both <sys/time.h> and <time.h>. */
/* #define TIME_WITH_SYS_TIME 1 */
+/* Define to 1 if bool is an available type. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1800)
+#define HAVE_BOOL_T 1
+#endif
+
/* ---------------------------------------------------------------- */
/* FUNCTIONS */
/* ---------------------------------------------------------------- */
@@ -250,7 +265,8 @@
#define HAVE_STRSTR 1
/* Define if you have the strtoll function. */
-#if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__POCC__)
+#if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__POCC__) || \
+ (defined(_MSC_VER) && (_MSC_VER >= 1800))
#define HAVE_STRTOLL 1
#endif
@@ -383,6 +399,9 @@
/* Define to the size of `short', as computed by sizeof. */
#define SIZEOF_SHORT 2
+/* Define to the size of `long', as computed by sizeof. */
+#define SIZEOF_LONG 4
+
/* Define to the size of `size_t', as computed by sizeof. */
#if defined(_WIN64)
# define SIZEOF_SIZE_T 8
@@ -390,6 +409,9 @@
# define SIZEOF_SIZE_T 4
#endif
+/* Define to the size of `curl_off_t', as computed by sizeof. */
+#define SIZEOF_CURL_OFF_T 8
+
/* ---------------------------------------------------------------- */
/* BSD-style lwIP TCP/IP stack SPECIFIC */
/* ---------------------------------------------------------------- */
@@ -465,7 +487,9 @@
#endif
/* Define if the compiler supports the 'long long' data type. */
-#if defined(__MINGW32__) || defined(__WATCOMC__)
+#if defined(__MINGW32__) || defined(__WATCOMC__) || \
+ (defined(_MSC_VER) && (_MSC_VER >= 1310)) || \
+ (defined(__BORLANDC__) && (__BORLANDC__ >= 0x561))
#define HAVE_LONGLONG 1
#endif
@@ -475,7 +499,7 @@
#define _CRT_NONSTDC_NO_DEPRECATE 1
#endif
-/* VS2005 and later dafault size for time_t is 64-bit, unless
+/* VS2005 and later default size for time_t is 64-bit, unless
_USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
#if defined(_MSC_VER) && (_MSC_VER >= 1400)
# ifndef _USE_32BIT_TIME_T
@@ -485,26 +509,39 @@
# endif
#endif
-/* Officially, Microsoft's Windows SDK versions 6.X do not support Windows
- 2000 as a supported build target. VS2008 default installations provide
- an embedded Windows SDK v6.0A along with the claim that Windows 2000 is
- a valid build target for VS2008. Popular belief is that binaries built
- with VS2008 using Windows SDK versions 6.X and Windows 2000 as a build
- target are functional. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1500)
+/* Define some minimum and default build targets for Visual Studio */
+#if defined(_MSC_VER)
+ /* Officially, Microsoft's Windows SDK versions 6.X does not support Windows
+ 2000 as a supported build target. VS2008 default installations provides
+ an embedded Windows SDK v6.0A along with the claim that Windows 2000 is a
+ valid build target for VS2008. Popular belief is that binaries built with
+ VS2008 using Windows SDK versions v6.X and Windows 2000 as a build target
+ are functional. */
# define VS2008_MIN_TARGET 0x0500
-#endif
-/* When no build target is specified VS2008 default build target is Windows
- Vista, which leaves out even Winsows XP. If no build target has been given
- for VS2008 we will target the minimum Officially supported build target,
- which happens to be Windows XP. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1500)
-# define VS2008_DEF_TARGET 0x0501
+ /* The minimum build target for VS2012 is Vista unless Update 1 is installed
+ and the v110_xp toolset is chosen. */
+# if defined(_USING_V110_SDK71_)
+# define VS2012_MIN_TARGET 0x0501
+# else
+# define VS2012_MIN_TARGET 0x0600
+# endif
+
+ /* VS2008 default build target is Windows Vista. We override default target
+ to be Windows XP. */
+# define VS2008_DEF_TARGET 0x0501
+
+ /* VS2012 default build target is Windows Vista unless Update 1 is installed
+ and the v110_xp toolset is chosen. */
+# if defined(_USING_V110_SDK71_)
+# define VS2012_DEF_TARGET 0x0501
+# else
+# define VS2012_DEF_TARGET 0x0600
+# endif
#endif
/* VS2008 default target settings and minimum build target check. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1500)
+#if defined(_MSC_VER) && (_MSC_VER >= 1500) && (_MSC_VER <= 1600)
# ifndef _WIN32_WINNT
# define _WIN32_WINNT VS2008_DEF_TARGET
# endif
@@ -516,6 +553,24 @@
# endif
#endif
+/* VS2012 default target settings and minimum build target check. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1700)
+# ifndef _WIN32_WINNT
+# define _WIN32_WINNT VS2012_DEF_TARGET
+# endif
+# ifndef WINVER
+# define WINVER VS2012_DEF_TARGET
+# endif
+# if (_WIN32_WINNT < VS2012_MIN_TARGET) || (WINVER < VS2012_MIN_TARGET)
+# if defined(_USING_V110_SDK71_)
+# error VS2012 does not support Windows build targets prior to Windows XP
+# else
+# error VS2012 does not support Windows build targets prior to Windows \
+Vista
+# endif
+# endif
+#endif
+
/* When no build target is specified Pelles C 5.00 and later default build
target is Windows Vista. We override default target to be Windows 2000. */
#if defined(__POCC__) && (__POCC__ >= 500)
@@ -572,7 +627,8 @@
/* Define if struct sockaddr_in6 has the sin6_scope_id member. */
#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
-#if HAVE_WINSOCK2_H && defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0600)
+#if defined(HAVE_WINSOCK2_H) && defined(_WIN32_WINNT) && \
+ (_WIN32_WINNT >= 0x0600)
#define HAVE_STRUCT_POLLFD 1
#endif
@@ -630,28 +686,31 @@
/* ---------------------------------------------------------------- */
#if defined(CURL_HAS_NOVELL_LDAPSDK) || defined(CURL_HAS_MOZILLA_LDAPSDK)
-#undef CURL_LDAP_WIN
+#undef USE_WIN32_LDAP
#define HAVE_LDAP_SSL_H 1
#define HAVE_LDAP_URL_PARSE 1
#elif defined(CURL_HAS_OPENLDAP_LDAPSDK)
-#undef CURL_LDAP_WIN
+#undef USE_WIN32_LDAP
#define HAVE_LDAP_URL_PARSE 1
#else
#undef HAVE_LDAP_URL_PARSE
-#define CURL_LDAP_WIN 1
+#define USE_WIN32_LDAP 1
#endif
-#if defined(__WATCOMC__) && defined(CURL_LDAP_WIN)
+#if defined(__WATCOMC__) && defined(USE_WIN32_LDAP)
#if __WATCOMC__ < 1280
#define WINBERAPI __declspec(cdecl)
#define WINLDAPAPI __declspec(cdecl)
#endif
#endif
-#if defined(__POCC__) && defined(CURL_LDAP_WIN)
+#if defined(__POCC__) && defined(USE_WIN32_LDAP)
# define CURL_DISABLE_LDAP 1
#endif
+/* Define to use the Windows crypto library. */
+#define USE_WIN32_CRYPTO
+
/* ---------------------------------------------------------------- */
/* ADDITIONAL DEFINITIONS */
/* ---------------------------------------------------------------- */
@@ -674,7 +733,7 @@
/* If you want to build curl with the built-in manual */
#define USE_MANUAL 1
-#if defined(__POCC__) || (USE_IPV6)
+#if defined(__POCC__) || defined(USE_IPV6)
# define ENABLE_IPV6 1
#endif
diff --git a/libs/libcurl/src/config-win32ce.h b/libs/libcurl/src/config-win32ce.h
index a8ab0d34e2..28a15f2a1b 100644
--- a/libs/libcurl/src/config-win32ce.h
+++ b/libs/libcurl/src/config-win32ce.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -346,6 +346,9 @@
/* The size of `short', as computed by sizeof. */
#define SIZEOF_SHORT 2
+/* Define to the size of `long', as computed by sizeof. */
+#define SIZEOF_LONG 4
+
/* The size of `size_t', as computed by sizeof. */
#if defined(_WIN64)
# define SIZEOF_SIZE_T 8
@@ -379,7 +382,7 @@
#define _CRT_NONSTDC_NO_DEPRECATE 1
#endif
-/* VS2005 and later dafault size for time_t is 64-bit, unless */
+/* VS2005 and later default size for time_t is 64-bit, unless */
/* _USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
#if defined(_MSC_VER) && (_MSC_VER >= 1400)
# ifndef _USE_32BIT_TIME_T
@@ -409,7 +412,7 @@
/* LDAP SUPPORT */
/* ---------------------------------------------------------------- */
-#define CURL_LDAP_WIN 1
+#define USE_WIN32_LDAP 1
#undef HAVE_LDAP_URL_PARSE
/* ---------------------------------------------------------------- */
@@ -443,6 +446,6 @@
#define ENOMEM 2
#define EAGAIN 3
-extern int stat(const char *path,struct stat *buffer );
+extern int stat(const char *path, struct stat *buffer);
#endif /* HEADER_CURL_CONFIG_WIN32CE_H */
diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c
index 48271f7510..f8ef2e88b5 100644
--- a/libs/libcurl/src/conncache.c
+++ b/libs/libcurl/src/conncache.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -30,67 +30,163 @@
#include "progress.h"
#include "multiif.h"
#include "sendf.h"
-#include "rawstr.h"
-#include "bundles.h"
#include "conncache.h"
+#include "share.h"
+#include "sigpipe.h"
+#include "connect.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
-static void free_bundle_hash_entry(void *freethis)
+#define CONN_LOCK(x) if((x)->share) \
+ Curl_share_lock((x), CURL_LOCK_DATA_CONNECT, CURL_LOCK_ACCESS_SINGLE)
+#define CONN_UNLOCK(x) if((x)->share) \
+ Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT)
+
+
+static void conn_llist_dtor(void *user, void *element)
{
- struct connectbundle *b = (struct connectbundle *) freethis;
+ struct connectdata *data = element;
+ (void)user;
- Curl_bundle_destroy(b);
+ data->bundle = NULL;
}
-struct conncache *Curl_conncache_init(int size)
+static CURLcode bundle_create(struct Curl_easy *data,
+ struct connectbundle **cb_ptr)
{
- struct conncache *connc;
+ (void)data;
+ DEBUGASSERT(*cb_ptr == NULL);
+ *cb_ptr = malloc(sizeof(struct connectbundle));
+ if(!*cb_ptr)
+ return CURLE_OUT_OF_MEMORY;
- connc = calloc(1, sizeof(struct conncache));
- if(!connc)
- return NULL;
+ (*cb_ptr)->num_connections = 0;
+ (*cb_ptr)->multiuse = BUNDLE_UNKNOWN;
- connc->hash = Curl_hash_alloc(size, Curl_hash_str,
- Curl_str_key_compare, free_bundle_hash_entry);
+ Curl_llist_init(&(*cb_ptr)->conn_list, (curl_llist_dtor) conn_llist_dtor);
+ return CURLE_OK;
+}
- if(!connc->hash) {
- free(connc);
- return NULL;
- }
+static void bundle_destroy(struct connectbundle *cb_ptr)
+{
+ if(!cb_ptr)
+ return;
- return connc;
+ Curl_llist_destroy(&cb_ptr->conn_list, NULL);
+
+ free(cb_ptr);
}
-void Curl_conncache_destroy(struct conncache *connc)
+/* Add a connection to a bundle */
+static CURLcode bundle_add_conn(struct connectbundle *cb_ptr,
+ struct connectdata *conn)
{
- if(connc) {
- Curl_hash_destroy(connc->hash);
- connc->hash = NULL;
- free(connc);
+ Curl_llist_insert_next(&cb_ptr->conn_list, cb_ptr->conn_list.tail, conn,
+ &conn->bundle_node);
+ conn->bundle = cb_ptr;
+ cb_ptr->num_connections++;
+ return CURLE_OK;
+}
+
+/* Remove a connection from a bundle */
+static int bundle_remove_conn(struct connectbundle *cb_ptr,
+ struct connectdata *conn)
+{
+ struct curl_llist_element *curr;
+
+ curr = cb_ptr->conn_list.head;
+ while(curr) {
+ if(curr->ptr == conn) {
+ Curl_llist_remove(&cb_ptr->conn_list, curr, NULL);
+ cb_ptr->num_connections--;
+ conn->bundle = NULL;
+ return 1; /* we removed a handle */
+ }
+ curr = curr->next;
}
+ return 0;
}
-struct connectbundle *Curl_conncache_find_bundle(struct conncache *connc,
- char *hostname)
+static void free_bundle_hash_entry(void *freethis)
{
- struct connectbundle *bundle = NULL;
+ struct connectbundle *b = (struct connectbundle *) freethis;
+ bundle_destroy(b);
+}
+
+int Curl_conncache_init(struct conncache *connc, int size)
+{
+ int rc;
+
+ /* allocate a new easy handle to use when closing cached connections */
+ connc->closure_handle = curl_easy_init();
+ if(!connc->closure_handle)
+ return 1; /* bad */
+
+ rc = Curl_hash_init(&connc->hash, size, Curl_hash_str,
+ Curl_str_key_compare, free_bundle_hash_entry);
+ if(rc) {
+ Curl_close(connc->closure_handle);
+ connc->closure_handle = NULL;
+ }
+ else
+ connc->closure_handle->state.conn_cache = connc;
+
+ return rc;
+}
+
+void Curl_conncache_destroy(struct conncache *connc)
+{
if(connc)
- bundle = Curl_hash_pick(connc->hash, hostname, strlen(hostname)+1);
+ Curl_hash_destroy(&connc->hash);
+}
+
+/* creates a key to find a bundle for this connection */
+static void hashkey(struct connectdata *conn, char *buf,
+ size_t len) /* something like 128 is fine */
+{
+ const char *hostname;
+
+ if(conn->bits.socksproxy)
+ hostname = conn->socks_proxy.host.name;
+ else if(conn->bits.httpproxy)
+ hostname = conn->http_proxy.host.name;
+ else if(conn->bits.conn_to_host)
+ hostname = conn->conn_to_host.name;
+ else
+ hostname = conn->host.name;
+
+ DEBUGASSERT(len > 32);
+
+ /* put the number first so that the hostname gets cut off if too long */
+ snprintf(buf, len, "%ld%s", conn->port, hostname);
+}
+
+/* Look up the bundle with all the connections to the same host this
+ connectdata struct is setup to use. */
+struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn,
+ struct conncache *connc)
+{
+ struct connectbundle *bundle = NULL;
+ if(connc) {
+ char key[128];
+ hashkey(conn, key, sizeof(key));
+ CONN_LOCK(conn->data);
+ bundle = Curl_hash_pick(&connc->hash, key, strlen(key));
+ CONN_UNLOCK(conn->data);
+ }
return bundle;
}
static bool conncache_add_bundle(struct conncache *connc,
- char *hostname,
+ char *key,
struct connectbundle *bundle)
{
- void *p;
-
- p = Curl_hash_add(connc->hash, hostname, strlen(hostname)+1, bundle);
+ void *p = Curl_hash_add(&connc->hash, key, strlen(key), bundle);
return p?TRUE:FALSE;
}
@@ -104,14 +200,14 @@ static void conncache_remove_bundle(struct conncache *connc,
if(!connc)
return;
- Curl_hash_start_iterate(connc->hash, &iter);
+ Curl_hash_start_iterate(&connc->hash, &iter);
he = Curl_hash_next_element(&iter);
while(he) {
if(he->ptr == bundle) {
/* The bundle is destroyed by the hash destructor function,
free_bundle_hash_entry() */
- Curl_hash_delete(connc->hash, he->key, he->key_len);
+ Curl_hash_delete(&connc->hash, he->key, he->key_len);
return;
}
@@ -125,32 +221,46 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
CURLcode result;
struct connectbundle *bundle;
struct connectbundle *new_bundle = NULL;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
- bundle = Curl_conncache_find_bundle(data->state.conn_cache,
- conn->host.name);
+ bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache);
if(!bundle) {
- result = Curl_bundle_create(data, &new_bundle);
- if(result != CURLE_OK)
+ int rc;
+ char key[128];
+
+ result = bundle_create(data, &new_bundle);
+ if(result)
return result;
- if(!conncache_add_bundle(data->state.conn_cache,
- conn->host.name, new_bundle)) {
- Curl_bundle_destroy(new_bundle);
+ hashkey(conn, key, sizeof(key));
+ CONN_LOCK(data);
+ rc = conncache_add_bundle(data->state.conn_cache, key, new_bundle);
+ CONN_UNLOCK(data);
+
+ if(!rc) {
+ bundle_destroy(new_bundle);
return CURLE_OUT_OF_MEMORY;
}
bundle = new_bundle;
}
- result = Curl_bundle_add_conn(bundle, conn);
- if(result != CURLE_OK) {
+ CONN_LOCK(data);
+ result = bundle_add_conn(bundle, conn);
+ if(result) {
if(new_bundle)
conncache_remove_bundle(data->state.conn_cache, new_bundle);
+ CONN_UNLOCK(data);
return result;
}
+ CONN_UNLOCK(data);
+ conn->connection_id = connc->next_connection_id++;
connc->num_connections++;
+ DEBUGF(infof(conn->data, "Added connection %ld. "
+ "The cache now contains %" CURL_FORMAT_CURL_OFF_TU " members\n",
+ conn->connection_id, (curl_off_t) connc->num_connections));
+
return CURLE_OK;
}
@@ -162,14 +272,18 @@ void Curl_conncache_remove_conn(struct conncache *connc,
/* The bundle pointer can be NULL, since this function can be called
due to a failed connection attempt, before being added to a bundle */
if(bundle) {
- Curl_bundle_remove_conn(bundle, conn);
- if(bundle->num_connections == 0) {
+ CONN_LOCK(conn->data);
+ bundle_remove_conn(bundle, conn);
+ if(bundle->num_connections == 0)
conncache_remove_bundle(connc, bundle);
- }
- connc->num_connections--;
+ CONN_UNLOCK(conn->data);
+ if(connc) {
+ connc->num_connections--;
- DEBUGF(infof(conn->data, "The cache now contains %d members\n",
- connc->num_connections));
+ DEBUGF(infof(conn->data, "The cache now contains %"
+ CURL_FORMAT_CURL_OFF_TU " members\n",
+ (curl_off_t) connc->num_connections));
+ }
}
}
@@ -179,7 +293,8 @@ void Curl_conncache_remove_conn(struct conncache *connc,
Return 0 from func() to continue the loop, return 1 to abort it.
*/
-void Curl_conncache_foreach(struct conncache *connc,
+void Curl_conncache_foreach(struct Curl_easy *data,
+ struct conncache *connc,
void *param,
int (*func)(struct connectdata *conn, void *param))
{
@@ -190,47 +305,53 @@ void Curl_conncache_foreach(struct conncache *connc,
if(!connc)
return;
- Curl_hash_start_iterate(connc->hash, &iter);
+ CONN_LOCK(data);
+ Curl_hash_start_iterate(&connc->hash, &iter);
he = Curl_hash_next_element(&iter);
while(he) {
struct connectbundle *bundle;
- struct connectdata *conn;
bundle = he->ptr;
+ he = Curl_hash_next_element(&iter);
- curr = bundle->conn_list->head;
+ curr = bundle->conn_list.head;
while(curr) {
/* Yes, we need to update curr before calling func(), because func()
might decide to remove the connection */
- conn = curr->ptr;
+ struct connectdata *conn = curr->ptr;
curr = curr->next;
- if(1 == func(conn, param))
+ if(1 == func(conn, param)) {
+ CONN_UNLOCK(data);
return;
+ }
}
-
- he = Curl_hash_next_element(&iter);
}
+ CONN_UNLOCK(data);
}
/* Return the first connection found in the cache. Used when closing all
- connections */
+ connections.
+
+ NOTE: no locking is done here as this is presumably only done when cleaning
+ up a cache!
+*/
struct connectdata *
Curl_conncache_find_first_connection(struct conncache *connc)
{
struct curl_hash_iterator iter;
- struct curl_llist_element *curr;
struct curl_hash_element *he;
struct connectbundle *bundle;
- Curl_hash_start_iterate(connc->hash, &iter);
+ Curl_hash_start_iterate(&connc->hash, &iter);
he = Curl_hash_next_element(&iter);
while(he) {
+ struct curl_llist_element *curr;
bundle = he->ptr;
- curr = bundle->conn_list->head;
+ curr = bundle->conn_list.head;
if(curr) {
return curr->ptr;
}
@@ -241,6 +362,90 @@ Curl_conncache_find_first_connection(struct conncache *connc)
return NULL;
}
+/*
+ * This function finds the connection in the connection
+ * cache that has been unused for the longest time.
+ *
+ * Returns the pointer to the oldest idle connection, or NULL if none was
+ * found.
+ */
+struct connectdata *
+Curl_conncache_oldest_idle(struct Curl_easy *data)
+{
+ struct conncache *bc = data->state.conn_cache;
+ struct curl_hash_iterator iter;
+ struct curl_llist_element *curr;
+ struct curl_hash_element *he;
+ timediff_t highscore =- 1;
+ timediff_t score;
+ struct curltime now;
+ struct connectdata *conn_candidate = NULL;
+ struct connectbundle *bundle;
+
+ now = Curl_now();
+
+ CONN_LOCK(data);
+ Curl_hash_start_iterate(&bc->hash, &iter);
+
+ he = Curl_hash_next_element(&iter);
+ while(he) {
+ struct connectdata *conn;
+
+ bundle = he->ptr;
+
+ curr = bundle->conn_list.head;
+ while(curr) {
+ conn = curr->ptr;
+
+ if(!conn->inuse) {
+ /* Set higher score for the age passed since the connection was used */
+ score = Curl_timediff(now, conn->now);
+
+ if(score > highscore) {
+ highscore = score;
+ conn_candidate = conn;
+ }
+ }
+ curr = curr->next;
+ }
+
+ he = Curl_hash_next_element(&iter);
+ }
+ CONN_UNLOCK(data);
+
+ return conn_candidate;
+}
+
+void Curl_conncache_close_all_connections(struct conncache *connc)
+{
+ struct connectdata *conn;
+
+ conn = Curl_conncache_find_first_connection(connc);
+ while(conn) {
+ SIGPIPE_VARIABLE(pipe_st);
+ conn->data = connc->closure_handle;
+
+ sigpipe_ignore(conn->data, &pipe_st);
+ conn->data->easy_conn = NULL; /* clear the easy handle's connection
+ pointer */
+ /* This will remove the connection from the cache */
+ connclose(conn, "kill all");
+ (void)Curl_disconnect(conn, FALSE);
+ sigpipe_restore(&pipe_st);
+
+ conn = Curl_conncache_find_first_connection(connc);
+ }
+
+ if(connc->closure_handle) {
+ SIGPIPE_VARIABLE(pipe_st);
+ sigpipe_ignore(connc->closure_handle, &pipe_st);
+
+ Curl_hostcache_clean(connc->closure_handle,
+ connc->closure_handle->dns.hostcache);
+ Curl_close(connc->closure_handle);
+ sigpipe_restore(&pipe_st);
+ }
+}
#if 0
/* Useful for debugging the connection cache */
diff --git a/libs/libcurl/src/conncache.h b/libs/libcurl/src/conncache.h
index f5e41f187b..0d97a6cefd 100644
--- a/libs/libcurl/src/conncache.h
+++ b/libs/libcurl/src/conncache.h
@@ -7,11 +7,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012, 2013, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) 2015 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,16 +24,32 @@
***************************************************************************/
struct conncache {
- struct curl_hash *hash;
+ struct curl_hash hash;
size_t num_connections;
+ long next_connection_id;
+ struct curltime last_cleanup;
+ /* handle used for closing cached connections */
+ struct Curl_easy *closure_handle;
};
-struct conncache *Curl_conncache_init(int size);
+#define BUNDLE_NO_MULTIUSE -1
+#define BUNDLE_UNKNOWN 0 /* initial value */
+#define BUNDLE_PIPELINING 1
+#define BUNDLE_MULTIPLEX 2
+struct connectbundle {
+ int multiuse; /* supports multi-use */
+ size_t num_connections; /* Number of connections in the bundle */
+ struct curl_llist conn_list; /* The connectdata members of the bundle */
+};
+
+/* returns 1 on error, 0 is fine */
+int Curl_conncache_init(struct conncache *, int size);
void Curl_conncache_destroy(struct conncache *connc);
-struct connectbundle *Curl_conncache_find_bundle(struct conncache *connc,
- char *hostname);
+/* return the correct bundle, to a host or a proxy */
+struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn,
+ struct conncache *connc);
CURLcode Curl_conncache_add_conn(struct conncache *connc,
struct connectdata *conn);
@@ -40,7 +57,8 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
void Curl_conncache_remove_conn(struct conncache *connc,
struct connectdata *conn);
-void Curl_conncache_foreach(struct conncache *connc,
+void Curl_conncache_foreach(struct Curl_easy *data,
+ struct conncache *connc,
void *param,
int (*func)(struct connectdata *conn,
void *param));
@@ -48,6 +66,9 @@ void Curl_conncache_foreach(struct conncache *connc,
struct connectdata *
Curl_conncache_find_first_connection(struct conncache *connc);
+struct connectdata *
+Curl_conncache_oldest_idle(struct Curl_easy *data);
+void Curl_conncache_close_all_connections(struct conncache *connc);
void Curl_conncache_print(struct conncache *connc);
#endif /* HEADER_CURL_CONNCACHE_H */
diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c
index 2b5719d123..3edb71eb72 100644
--- a/libs/libcurl/src/connect.c
+++ b/libs/libcurl/src/connect.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -28,8 +28,10 @@
#ifdef HAVE_SYS_UN_H
#include <sys/un.h> /* for sockaddr_un */
#endif
-#ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h> /* for TCP_NODELAY */
+#ifdef HAVE_LINUX_TCP_H
+#include <linux/tcp.h>
+#elif defined(HAVE_NETINET_TCP_H)
+#include <netinet/tcp.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
#include <sys/ioctl.h>
@@ -56,28 +58,27 @@
#include <inet.h>
#endif
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "urldata.h"
#include "sendf.h"
#include "if2ip.h"
#include "strerror.h"
#include "connect.h"
-#include "curl_memory.h"
#include "select.h"
#include "url.h" /* for Curl_safefree() */
#include "multiif.h"
#include "sockaddr.h" /* required for Curl_sockaddr_storage */
#include "inet_ntop.h"
#include "inet_pton.h"
-#include "sslgen.h" /* for Curl_ssl_check_cxn() */
+#include "vtls/vtls.h" /* for Curl_ssl_check_cxn() */
#include "progress.h"
#include "warnless.h"
#include "conncache.h"
#include "multihandle.h"
+#include "system_win32.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#ifdef __SYMBIAN32__
@@ -94,7 +95,7 @@ static bool verifyconnect(curl_socket_t sockfd, int *error);
#define KEEPALIVE_FACTOR(x)
#endif
-#if defined(HAVE_WINSOCK_H) && !defined(SIO_KEEPALIVE_VALS)
+#if defined(HAVE_WINSOCK2_H) && !defined(SIO_KEEPALIVE_VALS)
#define SIO_KEEPALIVE_VALS _WSAIOW(IOC_VENDOR,4)
struct tcp_keepalive {
@@ -105,7 +106,7 @@ struct tcp_keepalive {
#endif
static void
-tcpkeepalive(struct SessionHandle *data,
+tcpkeepalive(struct Curl_easy *data,
curl_socket_t sockfd)
{
int optval = data->set.tcp_keepalive?1:0;
@@ -164,8 +165,7 @@ tcpkeepalive(struct SessionHandle *data,
static CURLcode
singleipconnect(struct connectdata *conn,
const Curl_addrinfo *ai, /* start connecting to this */
- curl_socket_t *sock,
- bool *connected);
+ curl_socket_t *sock);
/*
* Curl_timeleft() returns the amount of milliseconds left allowed for the
@@ -181,13 +181,13 @@ singleipconnect(struct connectdata *conn,
*
* @unittest: 1303
*/
-long Curl_timeleft(struct SessionHandle *data,
- struct timeval *nowp,
- bool duringconnect)
+timediff_t Curl_timeleft(struct Curl_easy *data,
+ struct curltime *nowp,
+ bool duringconnect)
{
int timeout_set = 0;
- long timeout_ms = duringconnect?DEFAULT_CONNECT_TIMEOUT:0;
- struct timeval now;
+ timediff_t timeout_ms = duringconnect?DEFAULT_CONNECT_TIMEOUT:0;
+ struct curltime now;
/* if a timeout is set, use the most restrictive one */
@@ -196,7 +196,7 @@ long Curl_timeleft(struct SessionHandle *data,
if(duringconnect && (data->set.connecttimeout > 0))
timeout_set |= 2;
- switch (timeout_set) {
+ switch(timeout_set) {
case 1:
timeout_ms = data->set.timeout;
break;
@@ -220,12 +220,17 @@ long Curl_timeleft(struct SessionHandle *data,
}
if(!nowp) {
- now = Curl_tvnow();
+ now = Curl_now();
nowp = &now;
}
/* subtract elapsed time */
- timeout_ms -= Curl_tvdiff(*nowp, data->progress.t_startsingle);
+ if(duringconnect)
+ /* since this most recent connect started */
+ timeout_ms -= Curl_timediff(*nowp, data->progress.t_startsingle);
+ else
+ /* since the entire operation started */
+ timeout_ms -= Curl_timediff(*nowp, data->progress.t_startop);
if(!timeout_ms)
/* avoid returning 0 as that means no timeout! */
return -1;
@@ -233,49 +238,10 @@ long Curl_timeleft(struct SessionHandle *data,
return timeout_ms;
}
-/*
- * checkconnect() checks for a TCP connect on the given socket.
- * It returns:
- */
-
-enum chkconn_t {
- CHKCONN_SELECT_ERROR = -1,
- CHKCONN_CONNECTED = 0,
- CHKCONN_IDLE = 1,
- CHKCONN_FDSET_ERROR = 2
-};
-
-static enum chkconn_t
-checkconnect(curl_socket_t sockfd)
-{
- int rc;
-#ifdef mpeix
- /* Call this function once now, and ignore the results. We do this to
- "clear" the error state on the socket so that we can later read it
- reliably. This is reported necessary on the MPE/iX operating system. */
- (void)verifyconnect(sockfd, NULL);
-#endif
-
- rc = Curl_socket_ready(CURL_SOCKET_BAD, sockfd, 0);
-
- if(-1 == rc)
- /* error, no connect here, try next */
- return CHKCONN_SELECT_ERROR;
-
- else if(rc & CURL_CSELECT_ERR)
- /* error condition caught */
- return CHKCONN_FDSET_ERROR;
-
- else if(rc)
- return CHKCONN_CONNECTED;
-
- return CHKCONN_IDLE;
-}
-
static CURLcode bindlocal(struct connectdata *conn,
- curl_socket_t sockfd, int af)
+ curl_socket_t sockfd, int af, unsigned int scope)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct Curl_sockaddr_storage sa;
struct sockaddr *sock = (struct sockaddr *)&sa; /* bind to this address */
@@ -285,19 +251,13 @@ static CURLcode bindlocal(struct connectdata *conn,
struct sockaddr_in6 *si6 = (struct sockaddr_in6 *)&sa;
#endif
- struct Curl_dns_entry *h=NULL;
+ struct Curl_dns_entry *h = NULL;
unsigned short port = data->set.localport; /* use this port number, 0 for
"random" */
/* how many port numbers to try to bind to, increasing one at a time */
int portnum = data->set.localportrange;
const char *dev = data->set.str[STRING_DEVICE];
int error;
- char myhost[256] = "";
- int done = 0; /* -1 for error, 1 for address found */
- bool is_interface = FALSE;
- bool is_host = FALSE;
- static const char *if_prefix = "if!";
- static const char *host_prefix = "host!";
/*************************************************************
* Select device to bind socket to
@@ -309,6 +269,13 @@ static CURLcode bindlocal(struct connectdata *conn,
memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
if(dev && (strlen(dev)<255) ) {
+ char myhost[256] = "";
+ int done = 0; /* -1 for error, 1 for address found */
+ bool is_interface = FALSE;
+ bool is_host = FALSE;
+ static const char *if_prefix = "if!";
+ static const char *host_prefix = "host!";
+
if(strncmp(if_prefix, dev, strlen(if_prefix)) == 0) {
dev += strlen(if_prefix);
is_interface = TRUE;
@@ -320,7 +287,36 @@ static CURLcode bindlocal(struct connectdata *conn,
/* interface */
if(!is_host) {
- switch(Curl_if2ip(af, conn->scope, dev, myhost, sizeof(myhost))) {
+#ifdef SO_BINDTODEVICE
+ /* I am not sure any other OSs than Linux that provide this feature,
+ * and at the least I cannot test. --Ben
+ *
+ * This feature allows one to tightly bind the local socket to a
+ * particular interface. This will force even requests to other
+ * local interfaces to go out the external interface.
+ *
+ *
+ * Only bind to the interface when specified as interface, not just
+ * as a hostname or ip address.
+ *
+ * interface might be a VRF, eg: vrf-blue, which means it cannot be
+ * converted to an IP address and would fail Curl_if2ip. Simply try
+ * to use it straight away.
+ */
+ if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+ dev, (curl_socklen_t)strlen(dev) + 1) == 0) {
+ /* This is typically "errno 1, error: Operation not permitted" if
+ * you're not running as root or another suitable privileged
+ * user.
+ * If it succeeds it means the parameter was a valid interface and
+ * not an IP address. Return immediately.
+ */
+ return CURLE_OK;
+ }
+#endif
+
+ switch(Curl_if2ip(af, scope, conn->scope_id, dev,
+ myhost, sizeof(myhost))) {
case IF2IP_NOT_FOUND:
if(is_interface) {
/* Do not fall back to treating it as a host name */
@@ -339,30 +335,6 @@ static CURLcode bindlocal(struct connectdata *conn,
infof(data, "Local Interface %s is ip %s using address family %i\n",
dev, myhost, af);
done = 1;
-
-#ifdef SO_BINDTODEVICE
- /* I am not sure any other OSs than Linux that provide this feature,
- * and at the least I cannot test. --Ben
- *
- * This feature allows one to tightly bind the local socket to a
- * particular interface. This will force even requests to other
- * local interfaces to go out the external interface.
- *
- *
- * Only bind to the interface when specified as interface, not just
- * as a hostname or ip address.
- */
- if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
- dev, (curl_socklen_t)strlen(dev)+1) != 0) {
- error = SOCKERRNO;
- infof(data, "SO_BINDTODEVICE %s failed with errno %d: %s;"
- " will do regular bind\n",
- dev, error, Curl_strerror(conn, error));
- /* This is typically "errno 1, error: Operation not permitted" if
- you're not running as root or another suitable privileged
- user */
- }
-#endif
break;
}
}
@@ -409,7 +381,7 @@ static CURLcode bindlocal(struct connectdata *conn,
if(done > 0) {
#ifdef ENABLE_IPV6
- /* ipv6 address */
+ /* IPv6 address */
if(af == AF_INET6) {
#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
char *scope_ptr = strchr(myhost, '%');
@@ -432,7 +404,7 @@ static CURLcode bindlocal(struct connectdata *conn,
}
else
#endif
- /* ipv4 address */
+ /* IPv4 address */
if((af == AF_INET) &&
(Curl_inet_pton(AF_INET, myhost, &si4->sin_addr) > 0)) {
si4->sin_family = AF_INET;
@@ -442,6 +414,10 @@ static CURLcode bindlocal(struct connectdata *conn,
}
if(done < 1) {
+ /* errorbuf is set false so failf will overwrite any message already in
+ the error buffer, so the user receives this error message instead of a
+ generic resolve error. */
+ data->state.errorbuf = FALSE;
failf(data, "Couldn't bind to '%s'", dev);
return CURLE_INTERFACE_FAILED;
}
@@ -573,42 +549,60 @@ static bool verifyconnect(curl_socket_t sockfd, int *error)
more address exists or error */
static CURLcode trynextip(struct connectdata *conn,
int sockindex,
- bool *connected)
+ int tempindex)
{
- curl_socket_t sockfd;
- Curl_addrinfo *ai;
+ const int other = tempindex ^ 1;
+ CURLcode result = CURLE_COULDNT_CONNECT;
/* First clean up after the failed socket.
Don't close it yet to ensure that the next IP's socket gets a different
file descriptor, which can prevent bugs when the curl_multi_socket_action
interface is used with certain select() replacements such as kqueue. */
- curl_socket_t fd_to_close = conn->sock[sockindex];
- conn->sock[sockindex] = CURL_SOCKET_BAD;
- *connected = FALSE;
+ curl_socket_t fd_to_close = conn->tempsock[tempindex];
+ conn->tempsock[tempindex] = CURL_SOCKET_BAD;
- if(sockindex != FIRSTSOCKET) {
- Curl_closesocket(conn, fd_to_close);
- return CURLE_COULDNT_CONNECT; /* no next */
- }
+ if(sockindex == FIRSTSOCKET) {
+ Curl_addrinfo *ai = NULL;
+ int family = AF_UNSPEC;
- /* try the next address */
- ai = conn->ip_addr->ai_next;
-
- while(ai) {
- CURLcode res = singleipconnect(conn, ai, &sockfd, connected);
- if(res)
- return res;
- if(sockfd != CURL_SOCKET_BAD) {
- /* store the new socket descriptor */
- conn->sock[sockindex] = sockfd;
- conn->ip_addr = ai;
- Curl_closesocket(conn, fd_to_close);
- return CURLE_OK;
+ if(conn->tempaddr[tempindex]) {
+ /* find next address in the same protocol family */
+ family = conn->tempaddr[tempindex]->ai_family;
+ ai = conn->tempaddr[tempindex]->ai_next;
+ }
+#ifdef ENABLE_IPV6
+ else if(conn->tempaddr[0]) {
+ /* happy eyeballs - try the other protocol family */
+ int firstfamily = conn->tempaddr[0]->ai_family;
+ family = (firstfamily == AF_INET) ? AF_INET6 : AF_INET;
+ ai = conn->tempaddr[0]->ai_next;
+ }
+#endif
+
+ while(ai) {
+ if(conn->tempaddr[other]) {
+ /* we can safely skip addresses of the other protocol family */
+ while(ai && ai->ai_family != family)
+ ai = ai->ai_next;
+ }
+
+ if(ai) {
+ result = singleipconnect(conn, ai, &conn->tempsock[tempindex]);
+ if(result == CURLE_COULDNT_CONNECT) {
+ ai = ai->ai_next;
+ continue;
+ }
+
+ conn->tempaddr[tempindex] = ai;
+ }
+ break;
}
- ai = ai->ai_next;
}
- Curl_closesocket(conn, fd_to_close);
- return CURLE_COULDNT_CONNECT;
+
+ if(fd_to_close != CURL_SOCKET_BAD)
+ Curl_closesocket(conn, fd_to_close);
+
+ return result;
}
/* Copies connection info into the session handle to make it available
@@ -617,26 +611,29 @@ void Curl_persistconninfo(struct connectdata *conn)
{
memcpy(conn->data->info.conn_primary_ip, conn->primary_ip, MAX_IPADR_LEN);
memcpy(conn->data->info.conn_local_ip, conn->local_ip, MAX_IPADR_LEN);
+ conn->data->info.conn_scheme = conn->handler->scheme;
+ conn->data->info.conn_protocol = conn->handler->protocol;
conn->data->info.conn_primary_port = conn->primary_port;
conn->data->info.conn_local_port = conn->local_port;
}
-/* retrieves ip address and port from a sockaddr structure */
-static bool getaddressinfo(struct sockaddr* sa, char* addr,
- long* port)
+/* retrieves ip address and port from a sockaddr structure.
+ note it calls Curl_inet_ntop which sets errno on fail, not SOCKERRNO. */
+static bool getaddressinfo(struct sockaddr *sa, char *addr,
+ long *port)
{
unsigned short us_port;
- struct sockaddr_in* si = NULL;
+ struct sockaddr_in *si = NULL;
#ifdef ENABLE_IPV6
- struct sockaddr_in6* si6 = NULL;
+ struct sockaddr_in6 *si6 = NULL;
#endif
#if defined(HAVE_SYS_UN_H) && defined(AF_UNIX)
- struct sockaddr_un* su = NULL;
+ struct sockaddr_un *su = NULL;
#endif
- switch (sa->sa_family) {
+ switch(sa->sa_family) {
case AF_INET:
- si = (struct sockaddr_in*) sa;
+ si = (struct sockaddr_in *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si->sin_addr,
addr, MAX_IPADR_LEN)) {
us_port = ntohs(si->sin_port);
@@ -646,7 +643,7 @@ static bool getaddressinfo(struct sockaddr* sa, char* addr,
break;
#ifdef ENABLE_IPV6
case AF_INET6:
- si6 = (struct sockaddr_in6*)sa;
+ si6 = (struct sockaddr_in6 *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr,
addr, MAX_IPADR_LEN)) {
us_port = ntohs(si6->sin6_port);
@@ -668,7 +665,7 @@ static bool getaddressinfo(struct sockaddr* sa, char* addr,
addr[0] = '\0';
*port = 0;
-
+ errno = EAFNOSUPPORT;
return FALSE;
}
@@ -676,25 +673,28 @@ static bool getaddressinfo(struct sockaddr* sa, char* addr,
connection */
void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
{
- int error;
curl_socklen_t len;
struct Curl_sockaddr_storage ssrem;
struct Curl_sockaddr_storage ssloc;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
- if(!conn->bits.reuse) {
+ if(conn->socktype == SOCK_DGRAM)
+ /* there's no connection! */
+ return;
+ if(!conn->bits.reuse && !conn->bits.tcp_fastopen) {
len = sizeof(struct Curl_sockaddr_storage);
if(getpeername(sockfd, (struct sockaddr*) &ssrem, &len)) {
- error = SOCKERRNO;
+ int error = SOCKERRNO;
failf(data, "getpeername() failed with errno %d: %s",
error, Curl_strerror(conn, error));
return;
}
len = sizeof(struct Curl_sockaddr_storage);
+ memset(&ssloc, 0, sizeof(ssloc));
if(getsockname(sockfd, (struct sockaddr*) &ssloc, &len)) {
- error = SOCKERRNO;
+ int error = SOCKERRNO;
failf(data, "getsockname() failed with errno %d: %s",
error, Curl_strerror(conn, error));
return;
@@ -702,17 +702,16 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
if(!getaddressinfo((struct sockaddr*)&ssrem,
conn->primary_ip, &conn->primary_port)) {
- error = ERRNO;
failf(data, "ssrem inet_ntop() failed with errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
return;
}
+ memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
if(!getaddressinfo((struct sockaddr*)&ssloc,
conn->local_ip, &conn->local_port)) {
- error = ERRNO;
failf(data, "ssloc inet_ntop() failed with errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
return;
}
@@ -730,13 +729,13 @@ CURLcode Curl_is_connected(struct connectdata *conn,
int sockindex,
bool *connected)
{
- struct SessionHandle *data = conn->data;
- CURLcode code = CURLE_OK;
- curl_socket_t sockfd = conn->sock[sockindex];
- long allow = DEFAULT_CONNECT_TIMEOUT;
+ struct Curl_easy *data = conn->data;
+ CURLcode result = CURLE_OK;
+ timediff_t allow;
int error = 0;
- struct timeval now;
- enum chkconn_t chk;
+ struct curltime now;
+ int rc;
+ int i;
DEBUGASSERT(sockindex >= FIRSTSOCKET && sockindex <= SECONDARYSOCKET);
@@ -748,7 +747,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
return CURLE_OK;
}
- now = Curl_tvnow();
+ now = Curl_now();
/* figure out how long time we have left to connect */
allow = Curl_timeleft(data, &now, TRUE);
@@ -759,93 +758,139 @@ CURLcode Curl_is_connected(struct connectdata *conn,
return CURLE_OPERATION_TIMEDOUT;
}
- /* check socket for connect */
- chk = checkconnect(sockfd);
- if(CHKCONN_IDLE == chk) {
- if(curlx_tvdiff(now, conn->connecttime) >= conn->timeoutms_per_addr) {
- infof(data, "After %ldms connect time, move on!\n",
- conn->timeoutms_per_addr);
- goto next;
- }
+ for(i = 0; i<2; i++) {
+ const int other = i ^ 1;
+ if(conn->tempsock[i] == CURL_SOCKET_BAD)
+ continue;
- /* not an error, but also no connection yet */
- return code;
- }
+#ifdef mpeix
+ /* Call this function once now, and ignore the results. We do this to
+ "clear" the error state on the socket so that we can later read it
+ reliably. This is reported necessary on the MPE/iX operating system. */
+ (void)verifyconnect(conn->tempsock[i], NULL);
+#endif
- if(CHKCONN_CONNECTED == chk) {
- if(verifyconnect(sockfd, &error)) {
- /* we are connected with TCP, awesome! */
+ /* check socket for connect */
+ rc = SOCKET_WRITABLE(conn->tempsock[i], 0);
- /* see if we need to do any proxy magic first once we connected */
- code = Curl_connected_proxy(conn);
- if(code)
- return code;
+ if(rc == 0) { /* no connection yet */
+ error = 0;
+ if(Curl_timediff(now, conn->connecttime) >= conn->timeoutms_per_addr) {
+ infof(data, "After %ldms connect time, move on!\n",
+ conn->timeoutms_per_addr);
+ error = ETIMEDOUT;
+ }
- conn->bits.tcpconnect[sockindex] = TRUE;
+ /* should we try another protocol family? */
+ if(i == 0 && conn->tempaddr[1] == NULL &&
+ Curl_timediff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) {
+ trynextip(conn, sockindex, 1);
+ }
+ }
+ else if(rc == CURL_CSELECT_OUT || conn->bits.tcp_fastopen) {
+ if(verifyconnect(conn->tempsock[i], &error)) {
+ /* we are connected with TCP, awesome! */
+
+ /* use this socket from now on */
+ conn->sock[sockindex] = conn->tempsock[i];
+ conn->ip_addr = conn->tempaddr[i];
+ conn->tempsock[i] = CURL_SOCKET_BAD;
+#ifdef ENABLE_IPV6
+ conn->bits.ipv6 = (conn->ip_addr->ai_family == AF_INET6)?TRUE:FALSE;
+#endif
- *connected = TRUE;
- if(sockindex == FIRSTSOCKET)
- Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
- Curl_verboseconnect(conn);
- Curl_updateconninfo(conn, sockfd);
+ /* close the other socket, if open */
+ if(conn->tempsock[other] != CURL_SOCKET_BAD) {
+ Curl_closesocket(conn, conn->tempsock[other]);
+ conn->tempsock[other] = CURL_SOCKET_BAD;
+ }
- return CURLE_OK;
+ /* see if we need to do any proxy magic first once we connected */
+ result = Curl_connected_proxy(conn, sockindex);
+ if(result)
+ return result;
+
+ conn->bits.tcpconnect[sockindex] = TRUE;
+
+ *connected = TRUE;
+ if(sockindex == FIRSTSOCKET)
+ Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
+ Curl_updateconninfo(conn, conn->sock[sockindex]);
+ Curl_verboseconnect(conn);
+
+ return CURLE_OK;
+ }
+ infof(data, "Connection failed\n");
}
- /* nope, not connected for real */
- }
- else {
- /* nope, not connected */
- if(CHKCONN_FDSET_ERROR == chk) {
- (void)verifyconnect(sockfd, &error);
- infof(data, "%s\n",Curl_strerror(conn, error));
+ else if(rc & CURL_CSELECT_ERR)
+ (void)verifyconnect(conn->tempsock[i], &error);
+
+ /*
+ * The connection failed here, we should attempt to connect to the "next
+ * address" for the given host. But first remember the latest error.
+ */
+ if(error) {
+ data->state.os_errno = error;
+ SET_SOCKERRNO(error);
+ if(conn->tempaddr[i]) {
+ CURLcode status;
+ char ipaddress[MAX_IPADR_LEN];
+ Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN);
+ infof(data, "connect to %s port %ld failed: %s\n",
+ ipaddress, conn->port, Curl_strerror(conn, error));
+
+ conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ?
+ allow : allow / 2;
+
+ status = trynextip(conn, sockindex, i);
+ if(status != CURLE_COULDNT_CONNECT
+ || conn->tempsock[other] == CURL_SOCKET_BAD)
+ /* the last attempt failed and no other sockets remain open */
+ result = status;
+ }
}
- else
- infof(data, "Connection failed\n");
}
- /*
- * The connection failed here, we should attempt to connect to the "next
- * address" for the given host. But first remember the latest error.
- */
- if(error) {
- data->state.os_errno = error;
- SET_SOCKERRNO(error);
- }
- next:
+ if(result) {
+ /* no more addresses to try */
- conn->timeoutms_per_addr = conn->ip_addr->ai_next == NULL ?
- allow : allow / 2;
- code = trynextip(conn, sockindex, connected);
+ const char *hostname;
- if(code) {
- error = SOCKERRNO;
- data->state.os_errno = error;
- failf(data, "Failed connect to %s:%ld; %s",
- conn->host.name, conn->port, Curl_strerror(conn, error));
+ /* if the first address family runs out of addresses to try before
+ the happy eyeball timeout, go ahead and try the next family now */
+ if(conn->tempaddr[1] == NULL) {
+ result = trynextip(conn, sockindex, 1);
+ if(!result)
+ return result;
+ }
+
+ if(conn->bits.socksproxy)
+ hostname = conn->socks_proxy.host.name;
+ else if(conn->bits.httpproxy)
+ hostname = conn->http_proxy.host.name;
+ else if(conn->bits.conn_to_host)
+ hostname = conn->conn_to_host.name;
+ else
+ hostname = conn->host.name;
+
+ failf(data, "Failed to connect to %s port %ld: %s",
+ hostname, conn->port, Curl_strerror(conn, error));
}
- return code;
+ return result;
}
-static void tcpnodelay(struct connectdata *conn,
- curl_socket_t sockfd)
+void Curl_tcpnodelay(struct connectdata *conn, curl_socket_t sockfd)
{
-#ifdef TCP_NODELAY
- struct SessionHandle *data= conn->data;
- curl_socklen_t onoff = (curl_socklen_t) data->set.tcp_nodelay;
+#if defined(TCP_NODELAY)
+#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ struct Curl_easy *data = conn->data;
+#endif
+ curl_socklen_t onoff = (curl_socklen_t) 1;
int level = IPPROTO_TCP;
-#if 0
- /* The use of getprotobyname() is disabled since it isn't thread-safe on
- numerous systems. On these getprotobyname_r() should be used instead, but
- that exists in at least one 4 arg version and one 5 arg version, and
- since the proto number rarely changes anyway we now just use the hard
- coded number. The "proper" fix would need a configure check for the
- correct function much in the same style the gethostbyname_r versions are
- detected. */
- struct protoent *pe = getprotobyname("tcp");
- if(pe)
- level = pe->p_proto;
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) conn;
#endif
if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff,
@@ -853,7 +898,7 @@ static void tcpnodelay(struct connectdata *conn,
infof(data, "Could not set TCP_NODELAY: %s\n",
Curl_strerror(conn, SOCKERRNO));
else
- infof(data,"TCP_NODELAY set\n");
+ infof(data, "TCP_NODELAY set\n");
#else
(void)conn;
(void)sockfd;
@@ -868,7 +913,7 @@ static void tcpnodelay(struct connectdata *conn,
static void nosigpipe(struct connectdata *conn,
curl_socket_t sockfd)
{
- struct SessionHandle *data= conn->data;
+ struct Curl_easy *data = conn->data;
int onoff = 1;
if(setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&onoff,
sizeof(onoff)) < 0)
@@ -883,7 +928,7 @@ static void nosigpipe(struct connectdata *conn,
/* When you run a program that uses the Windows Sockets API, you may
experience slow performance when you copy data to a TCP server.
- http://support.microsoft.com/kb/823764
+ https://support.microsoft.com/kb/823764
Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
Buffer Size
@@ -902,18 +947,16 @@ void Curl_sndbufset(curl_socket_t sockfd)
int curval = 0;
int curlen = sizeof(curval);
- OSVERSIONINFO osver;
static int detectOsState = DETECT_OS_NONE;
if(detectOsState == DETECT_OS_NONE) {
- memset(&osver, 0, sizeof(osver));
- osver.dwOSVersionInfoSize = sizeof(osver);
- detectOsState = DETECT_OS_PREVISTA;
- if(GetVersionEx(&osver)) {
- if(osver.dwMajorVersion >= 6)
- detectOsState = DETECT_OS_VISTA_OR_LATER;
- }
+ if(Curl_verify_windows_version(6, 0, PLATFORM_WINNT,
+ VERSION_GREATER_THAN_EQUAL))
+ detectOsState = DETECT_OS_VISTA_OR_LATER;
+ else
+ detectOsState = DETECT_OS_PREVISTA;
}
+
if(detectOsState == DETECT_OS_VISTA_OR_LATER)
return;
@@ -925,7 +968,6 @@ void Curl_sndbufset(curl_socket_t sockfd)
}
#endif
-
/*
* singleipconnect()
*
@@ -935,25 +977,28 @@ void Curl_sndbufset(curl_socket_t sockfd)
* singleipconnect() connects to the given IP only, and it may return without
* having connected.
*/
-static CURLcode
-singleipconnect(struct connectdata *conn,
- const Curl_addrinfo *ai,
- curl_socket_t *sockp,
- bool *connected)
+static CURLcode singleipconnect(struct connectdata *conn,
+ const Curl_addrinfo *ai,
+ curl_socket_t *sockp)
{
struct Curl_sockaddr_ex addr;
- int rc;
+ int rc = -1;
int error = 0;
bool isconnected = FALSE;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_socket_t sockfd;
- CURLcode res = CURLE_OK;
+ CURLcode result;
+ char ipaddress[MAX_IPADR_LEN];
+ long port;
+ bool is_tcp;
+#ifdef TCP_FASTOPEN_CONNECT
+ int optval = 1;
+#endif
*sockp = CURL_SOCKET_BAD;
- *connected = FALSE; /* default is not connected */
- res = Curl_socket(conn, ai, &addr, &sockfd);
- if(res)
+ result = Curl_socket(conn, ai, &addr, &sockfd);
+ if(result)
/* Failed to create the socket, but still return OK since we signal the
lack of socket as well. This allows the parent function to keep looping
over alternative addresses/socket families etc. */
@@ -961,27 +1006,29 @@ singleipconnect(struct connectdata *conn,
/* store remote address and port used in this connection attempt */
if(!getaddressinfo((struct sockaddr*)&addr.sa_addr,
- conn->primary_ip, &conn->primary_port)) {
+ ipaddress, &port)) {
/* malformed address or bug in inet_ntop, try next address */
- error = ERRNO;
failf(data, "sa_addr inet_ntop() failed with errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
Curl_closesocket(conn, sockfd);
return CURLE_OK;
}
- memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
- infof(data, " Trying %s...\n", conn->ip_addr_str);
-
- Curl_persistconninfo(conn);
+ infof(data, " Trying %s...\n", ipaddress);
- if(data->set.tcp_nodelay)
- tcpnodelay(conn, sockfd);
+#ifdef ENABLE_IPV6
+ is_tcp = (addr.family == AF_INET || addr.family == AF_INET6) &&
+ addr.socktype == SOCK_STREAM;
+#else
+ is_tcp = (addr.family == AF_INET) && addr.socktype == SOCK_STREAM;
+#endif
+ if(is_tcp && data->set.tcp_nodelay)
+ Curl_tcpnodelay(conn, sockfd);
nosigpipe(conn, sockfd);
Curl_sndbufset(sockfd);
- if(data->set.tcp_keepalive)
+ if(is_tcp && data->set.tcp_keepalive)
tcpkeepalive(data, sockfd);
if(data->set.fsockopt) {
@@ -999,27 +1046,76 @@ singleipconnect(struct connectdata *conn,
}
/* possibly bind the local end to an IP, interface or port */
- res = bindlocal(conn, sockfd, addr.family);
- if(res) {
- Curl_closesocket(conn, sockfd); /* close socket and bail out */
- if(res == CURLE_UNSUPPORTED_PROTOCOL) {
- /* The address family is not supported on this interface.
- We can continue trying addresses */
- return CURLE_OK;
+ if(addr.family == AF_INET
+#ifdef ENABLE_IPV6
+ || addr.family == AF_INET6
+#endif
+ ) {
+ result = bindlocal(conn, sockfd, addr.family,
+ Curl_ipv6_scope((struct sockaddr*)&addr.sa_addr));
+ if(result) {
+ Curl_closesocket(conn, sockfd); /* close socket and bail out */
+ if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+ /* The address family is not supported on this interface.
+ We can continue trying addresses */
+ return CURLE_COULDNT_CONNECT;
+ }
+ return result;
}
- return res;
}
/* set socket non-blocking */
- curlx_nonblock(sockfd, TRUE);
+ (void)curlx_nonblock(sockfd, TRUE);
- conn->connecttime = Curl_tvnow();
+ conn->connecttime = Curl_now();
if(conn->num_addr > 1)
- Curl_expire(data, conn->timeoutms_per_addr);
+ Curl_expire(data, conn->timeoutms_per_addr, EXPIRE_DNS_PER_NAME);
/* Connect TCP sockets, bind UDP */
if(!isconnected && (conn->socktype == SOCK_STREAM)) {
- rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+ if(conn->bits.tcp_fastopen) {
+#if defined(CONNECT_DATA_IDEMPOTENT) /* Darwin */
+# if defined(HAVE_BUILTIN_AVAILABLE)
+ /* while connectx function is available since macOS 10.11 / iOS 9,
+ it did not have the interface declared correctly until
+ Xcode 9 / macOS SDK 10.13 */
+ if(__builtin_available(macOS 10.11, iOS 9.0, tvOS 9.0, watchOS 2.0, *)) {
+ sa_endpoints_t endpoints;
+ endpoints.sae_srcif = 0;
+ endpoints.sae_srcaddr = NULL;
+ endpoints.sae_srcaddrlen = 0;
+ endpoints.sae_dstaddr = &addr.sa_addr;
+ endpoints.sae_dstaddrlen = addr.addrlen;
+
+ rc = connectx(sockfd, &endpoints, SAE_ASSOCID_ANY,
+ CONNECT_RESUME_ON_READ_WRITE | CONNECT_DATA_IDEMPOTENT,
+ NULL, 0, NULL, NULL);
+ }
+ else {
+ rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+ }
+# else
+ rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+# endif /* HAVE_BUILTIN_AVAILABLE */
+#elif defined(TCP_FASTOPEN_CONNECT) /* Linux >= 4.11 */
+ if(setsockopt(sockfd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT,
+ (void *)&optval, sizeof(optval)) < 0)
+ infof(data, "Failed to enable TCP Fast Open on fd %d\n", sockfd);
+ else
+ infof(data, "TCP_FASTOPEN_CONNECT set\n");
+
+ rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+#elif defined(MSG_FASTOPEN) /* old Linux */
+ if(conn->given->flags & PROTOPT_SSL)
+ rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+ else
+ rc = 0; /* Do nothing */
+#endif
+ }
+ else {
+ rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
+ }
+
if(-1 == rc)
error = SOCKERRNO;
}
@@ -1028,12 +1124,8 @@ singleipconnect(struct connectdata *conn,
return CURLE_OK;
}
-#ifdef ENABLE_IPV6
- conn->bits.ipv6 = (addr.family == AF_INET6)?TRUE:FALSE;
-#endif
-
if(-1 == rc) {
- switch (error) {
+ switch(error) {
case EINPROGRESS:
case EWOULDBLOCK:
#if defined(EAGAIN)
@@ -1045,25 +1137,25 @@ singleipconnect(struct connectdata *conn,
case EAGAIN:
#endif
#endif
- *sockp = sockfd;
- return CURLE_OK;
+ result = CURLE_OK;
+ break;
default:
/* unknown error, fallthrough and try another address! */
- failf(data, "Failed to connect to %s: %s",
- conn->ip_addr_str, Curl_strerror(conn,error));
+ infof(data, "Immediate connect fail for %s: %s\n",
+ ipaddress, Curl_strerror(conn, error));
data->state.os_errno = error;
/* connect failed */
Curl_closesocket(conn, sockfd);
-
- break;
+ result = CURLE_COULDNT_CONNECT;
}
}
- else
+
+ if(!result)
*sockp = sockfd;
- return CURLE_OK;
+ return result;
}
/*
@@ -1073,29 +1165,13 @@ singleipconnect(struct connectdata *conn,
*/
CURLcode Curl_connecthost(struct connectdata *conn, /* context */
- const struct Curl_dns_entry *remotehost,
- curl_socket_t *sockconn, /* the connected socket */
- Curl_addrinfo **addr, /* the one we used */
- bool *connected) /* really connected? */
+ const struct Curl_dns_entry *remotehost)
{
- struct SessionHandle *data = conn->data;
- curl_socket_t sockfd = CURL_SOCKET_BAD;
- Curl_addrinfo *ai;
- Curl_addrinfo *curr_addr;
+ struct Curl_easy *data = conn->data;
+ struct curltime before = Curl_now();
+ CURLcode result = CURLE_COULDNT_CONNECT;
- struct timeval after;
- struct timeval before = Curl_tvnow();
-
- /*************************************************************
- * Figure out what maximum time we have left
- *************************************************************/
- long timeout_ms;
-
- DEBUGASSERT(sockconn);
- *connected = FALSE; /* default to not connected */
-
- /* get the timeout left */
- timeout_ms = Curl_timeleft(data, &before, TRUE);
+ timediff_t timeout_ms = Curl_timeleft(data, &before, TRUE);
if(timeout_ms < 0) {
/* a precaution, no need to continue if time already is up */
@@ -1104,59 +1180,31 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */
}
conn->num_addr = Curl_num_addresses(remotehost->addr);
-
- ai = remotehost->addr;
-
- /* Below is the loop that attempts to connect to all IP-addresses we
- * know for the given host. One by one until one IP succeeds.
- */
-
- /*
- * Connecting with a Curl_addrinfo chain
- */
- for(curr_addr = ai; curr_addr; curr_addr = curr_addr->ai_next) {
- CURLcode res;
-
- /* Max time for the next address */
- conn->timeoutms_per_addr = curr_addr->ai_next == NULL ?
- timeout_ms : timeout_ms / 2;
-
- /* start connecting to the IP curr_addr points to */
- res = singleipconnect(conn, curr_addr,
- &sockfd, connected);
- if(res)
- return res;
-
- if(sockfd != CURL_SOCKET_BAD)
+ conn->tempaddr[0] = remotehost->addr;
+ conn->tempaddr[1] = NULL;
+ conn->tempsock[0] = CURL_SOCKET_BAD;
+ conn->tempsock[1] = CURL_SOCKET_BAD;
+
+ /* Max time for the next connection attempt */
+ conn->timeoutms_per_addr =
+ conn->tempaddr[0]->ai_next == NULL ? timeout_ms : timeout_ms / 2;
+
+ /* start connecting to first IP */
+ while(conn->tempaddr[0]) {
+ result = singleipconnect(conn, conn->tempaddr[0], &(conn->tempsock[0]));
+ if(!result)
break;
-
- /* get a new timeout for next attempt */
- after = Curl_tvnow();
- timeout_ms -= Curl_tvdiff(after, before);
- if(timeout_ms < 0) {
- failf(data, "connect() timed out!");
- return CURLE_OPERATION_TIMEDOUT;
- }
- before = after;
- } /* end of connect-to-each-address loop */
-
- *sockconn = sockfd; /* the socket descriptor we've connected */
-
- if(sockfd == CURL_SOCKET_BAD) {
- /* no good connect was made */
- failf(data, "couldn't connect to %s at %s:%ld",
- conn->bits.proxy?"proxy":"host",
- conn->bits.proxy?conn->proxy.name:conn->host.name, conn->port);
- return CURLE_COULDNT_CONNECT;
+ conn->tempaddr[0] = conn->tempaddr[0]->ai_next;
}
- /* leave the socket in non-blocking mode */
-
- /* store the address we use */
- if(addr)
- *addr = curr_addr;
+ if(conn->tempsock[0] == CURL_SOCKET_BAD) {
+ if(!result)
+ result = CURLE_COULDNT_CONNECT;
+ return result;
+ }
data->info.numconnects++; /* to track the number of connections made */
+ Curl_expire(conn->data, HAPPY_EYEBALLS_TIMEOUT, EXPIRE_HAPPY_EYEBALLS);
return CURLE_OK;
}
@@ -1178,26 +1226,31 @@ static int conn_is_conn(struct connectdata *conn, void *param)
/*
* Used to extract socket and connectdata struct for the most recent
- * transfer on the given SessionHandle.
+ * transfer on the given Curl_easy.
*
* The returned socket will be CURL_SOCKET_BAD in case of failure!
*/
-curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
+curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
struct connectdata **connp)
{
curl_socket_t sockfd;
DEBUGASSERT(data);
- /* this only works for an easy handle that has been used for
- curl_easy_perform()! */
- if(data->state.lastconnect && data->multi_easy) {
+ /* this works for an easy handle:
+ * - that has been used for curl_easy_perform()
+ * - that is associated with a multi handle, and whose connection
+ * was detached with CURLOPT_CONNECT_ONLY
+ */
+ if(data->state.lastconnect && (data->multi_easy || data->multi)) {
struct connectdata *c = data->state.lastconnect;
struct connfind find;
find.tofind = data->state.lastconnect;
find.found = FALSE;
- Curl_conncache_foreach(data->multi_easy->conn_cache, &find, conn_is_conn);
+ Curl_conncache_foreach(data, data->multi_easy?
+ &data->multi_easy->conn_cache:
+ &data->multi->conn_cache, &find, conn_is_conn);
if(!find.found) {
data->state.lastconnect = NULL;
@@ -1208,24 +1261,6 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
/* only store this if the caller cares for it */
*connp = c;
sockfd = c->sock[FIRSTSOCKET];
- /* we have a socket connected, let's determine if the server shut down */
- /* determine if ssl */
- if(c->ssl[FIRSTSOCKET].use) {
- /* use the SSL context */
- if(!Curl_ssl_check_cxn(c))
- return CURL_SOCKET_BAD; /* FIN received */
- }
-/* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
-#ifdef MSG_PEEK
- else {
- /* use the socket */
- char buf;
- if(recv((RECV_TYPE_ARG1)c->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
- (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
- return CURL_SOCKET_BAD; /* FIN received */
- }
- }
-#endif
}
else
return CURL_SOCKET_BAD;
@@ -1234,6 +1269,33 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
}
/*
+ * Check if a connection seems to be alive.
+ */
+bool Curl_connalive(struct connectdata *conn)
+{
+ /* First determine if ssl */
+ if(conn->ssl[FIRSTSOCKET].use) {
+ /* use the SSL context */
+ if(!Curl_ssl_check_cxn(conn))
+ return false; /* FIN received */
+ }
+/* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
+#ifdef MSG_PEEK
+ else if(conn->sock[FIRSTSOCKET] == CURL_SOCKET_BAD)
+ return false;
+ else {
+ /* use the socket */
+ char buf;
+ if(recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
+ (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
+ return false; /* FIN received */
+ }
+ }
+#endif
+ return true;
+}
+
+/*
* Close a socket.
*
* 'conn' can be NULL, beware!
@@ -1248,15 +1310,18 @@ int Curl_closesocket(struct connectdata *conn,
accept, then we MUST NOT call the callback but clear the accepted
status */
conn->sock_accepted[SECONDARYSOCKET] = FALSE;
- else
+ else {
+ Curl_multi_closed(conn, sock);
return conn->fclosesocket(conn->closesocket_client, sock);
+ }
}
- sclose(sock);
if(conn)
/* tell the multi-socket code about this */
Curl_multi_closed(conn, sock);
+ sclose(sock);
+
return 0;
}
@@ -1274,7 +1339,7 @@ CURLcode Curl_socket(struct connectdata *conn,
struct Curl_sockaddr_ex *addr,
curl_socket_t *sockfd)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct Curl_sockaddr_ex dummy;
if(!addr)
@@ -1291,7 +1356,7 @@ CURLcode Curl_socket(struct connectdata *conn,
addr->family = ai->ai_family;
addr->socktype = conn->socktype;
- addr->protocol = conn->socktype==SOCK_DGRAM?IPPROTO_UDP:ai->ai_protocol;
+ addr->protocol = conn->socktype == SOCK_DGRAM?IPPROTO_UDP:ai->ai_protocol;
addr->addrlen = ai->ai_addrlen;
if(addr->addrlen > sizeof(struct Curl_sockaddr_storage))
@@ -1320,12 +1385,49 @@ CURLcode Curl_socket(struct connectdata *conn,
return CURLE_COULDNT_CONNECT;
#if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
- if(conn->scope && (addr->family == AF_INET6)) {
+ if(conn->scope_id && (addr->family == AF_INET6)) {
struct sockaddr_in6 * const sa6 = (void *)&addr->sa_addr;
- sa6->sin6_scope_id = conn->scope;
+ sa6->sin6_scope_id = conn->scope_id;
}
#endif
return CURLE_OK;
}
+
+/*
+ * Curl_conncontrol() marks streams or connection for closure.
+ */
+void Curl_conncontrol(struct connectdata *conn,
+ int ctrl /* see defines in header */
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ , const char *reason
+#endif
+ )
+{
+ /* close if a connection, or a stream that isn't multiplexed */
+ bool closeit = (ctrl == CONNCTRL_CONNECTION) ||
+ ((ctrl == CONNCTRL_STREAM) && !(conn->handler->flags & PROTOPT_STREAM));
+ if((ctrl == CONNCTRL_STREAM) &&
+ (conn->handler->flags & PROTOPT_STREAM))
+ DEBUGF(infof(conn->data, "Kill stream: %s\n", reason));
+ else if(closeit != conn->bits.close) {
+ DEBUGF(infof(conn->data, "Marked for [%s]: %s\n",
+ closeit?"closure":"keep alive", reason));
+ conn->bits.close = closeit; /* the only place in the source code that
+ should assign this bit */
+ }
+}
+
+/* Data received can be cached at various levels, so check them all here. */
+bool Curl_conn_data_pending(struct connectdata *conn, int sockindex)
+{
+ int readable;
+
+ if(Curl_ssl_data_pending(conn, sockindex) ||
+ Curl_recv_has_postponed_data(conn, sockindex))
+ return true;
+
+ readable = SOCKET_READABLE(conn->sock[sockindex], 0);
+ return (readable > 0 && (readable & CURL_CSELECT_IN));
+}
diff --git a/libs/libcurl/src/connect.h b/libs/libcurl/src/connect.h
index ab98002894..3974486364 100644
--- a/libs/libcurl/src/connect.h
+++ b/libs/libcurl/src/connect.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,40 +25,44 @@
#include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */
#include "sockaddr.h"
+#include "timeval.h"
CURLcode Curl_is_connected(struct connectdata *conn,
int sockindex,
bool *connected);
CURLcode Curl_connecthost(struct connectdata *conn,
- const struct Curl_dns_entry *host, /* connect to
- this */
- curl_socket_t *sockconn, /* not set if error */
- Curl_addrinfo **addr, /* the one we used */
- bool *connected); /* truly connected? */
+ const struct Curl_dns_entry *host);
/* generic function that returns how much time there's left to run, according
to the timeouts set */
-long Curl_timeleft(struct SessionHandle *data,
- struct timeval *nowp,
- bool duringconnect);
+timediff_t Curl_timeleft(struct Curl_easy *data,
+ struct curltime *nowp,
+ bool duringconnect);
#define DEFAULT_CONNECT_TIMEOUT 300000 /* milliseconds == five minutes */
+#define HAPPY_EYEBALLS_TIMEOUT 200 /* milliseconds to wait between
+ IPv4/IPv6 connection attempts */
/*
* Used to extract socket and connectdata struct for the most recent
- * transfer on the given SessionHandle.
+ * transfer on the given Curl_easy.
*
* The returned socket will be CURL_SOCKET_BAD in case of failure!
*/
-curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
+curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
struct connectdata **connp);
+/*
+ * Check if a connection seems to be alive.
+ */
+bool Curl_connalive(struct connectdata *conn);
+
#ifdef USE_WINSOCK
/* When you run a program that uses the Windows Sockets API, you may
experience slow performance when you copy data to a TCP server.
- http://support.microsoft.com/kb/823764
+ https://support.microsoft.com/kb/823764
Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
Buffer Size
@@ -104,4 +108,41 @@ CURLcode Curl_socket(struct connectdata *conn,
struct Curl_sockaddr_ex *addr,
curl_socket_t *sockfd);
+void Curl_tcpnodelay(struct connectdata *conn, curl_socket_t sockfd);
+
+/*
+ * Curl_conncontrol() marks the end of a connection/stream. The 'closeit'
+ * argument specifies if it is the end of a connection or a stream.
+ *
+ * For stream-based protocols (such as HTTP/2), a stream close will not cause
+ * a connection close. Other protocols will close the connection for both
+ * cases.
+ *
+ * It sets the bit.close bit to TRUE (with an explanation for debug builds),
+ * when the connection will close.
+ */
+
+#define CONNCTRL_KEEP 0 /* undo a marked closure */
+#define CONNCTRL_CONNECTION 1
+#define CONNCTRL_STREAM 2
+
+void Curl_conncontrol(struct connectdata *conn,
+ int closeit
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ , const char *reason
+#endif
+ );
+
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+#define streamclose(x,y) Curl_conncontrol(x, CONNCTRL_STREAM, y)
+#define connclose(x,y) Curl_conncontrol(x, CONNCTRL_CONNECTION, y)
+#define connkeep(x,y) Curl_conncontrol(x, CONNCTRL_KEEP, y)
+#else /* if !DEBUGBUILD || CURL_DISABLE_VERBOSE_STRINGS */
+#define streamclose(x,y) Curl_conncontrol(x, CONNCTRL_STREAM)
+#define connclose(x,y) Curl_conncontrol(x, CONNCTRL_CONNECTION)
+#define connkeep(x,y) Curl_conncontrol(x, CONNCTRL_KEEP)
+#endif
+
+bool Curl_conn_data_pending(struct connectdata *conn, int sockindex);
+
#endif /* HEADER_CURL_CONNECT_H */
diff --git a/libs/libcurl/src/content_encoding.c b/libs/libcurl/src/content_encoding.c
index c68e6e5f52..3d061375c5 100644
--- a/libs/libcurl/src/content_encoding.c
+++ b/libs/libcurl/src/content_encoding.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,22 +22,43 @@
#include "curl_setup.h"
-#ifdef HAVE_LIBZ
-
#include "urldata.h"
#include <curl/curl.h>
+#include <stddef.h>
+
+#ifdef HAVE_ZLIB_H
+#include <zlib.h>
+#ifdef __SYMBIAN32__
+/* zlib pollutes the namespace with this definition */
+#undef WIN32
+#endif
+#endif
+
+#ifdef HAVE_BROTLI
+#include <brotli/decode.h>
+#endif
+
#include "sendf.h"
+#include "http.h"
#include "content_encoding.h"
+#include "strdup.h"
+#include "strcase.h"
#include "curl_memory.h"
-
#include "memdebug.h"
+#define CONTENT_ENCODING_DEFAULT "identity"
+
+#ifndef CURL_DISABLE_HTTP
+
+#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
+
+
+#ifdef HAVE_LIBZ
+
/* Comment this out if zlib is always going to be at least ver. 1.2.0.4
(doing so will reduce code size slightly). */
#define OLD_ZLIB_SUPPORT 1
-#define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */
-
#define GZIP_MAGIC_0 0x1f
#define GZIP_MAGIC_1 0x8b
@@ -49,6 +70,21 @@
#define COMMENT 0x10 /* bit 4 set: file comment present */
#define RESERVED 0xE0 /* bits 5..7: reserved */
+typedef enum {
+ ZLIB_UNINIT, /* uninitialized */
+ ZLIB_INIT, /* initialized */
+ ZLIB_GZIP_HEADER, /* reading gzip header */
+ ZLIB_GZIP_INFLATING, /* inflating gzip stream */
+ ZLIB_INIT_GZIP /* initialized in transparent gzip mode */
+} zlibInitState;
+
+/* Writer parameters. */
+typedef struct {
+ zlibInitState zlib_init; /* zlib init state */
+ z_stream z; /* State structure for zlib. */
+} zlib_params;
+
+
static voidpf
zalloc_cb(voidpf opaque, unsigned int items, unsigned int size)
{
@@ -67,31 +103,39 @@ zfree_cb(voidpf opaque, voidpf ptr)
static CURLcode
process_zlib_error(struct connectdata *conn, z_stream *z)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(z->msg)
- failf (data, "Error while processing content unencoding: %s",
- z->msg);
+ failf(data, "Error while processing content unencoding: %s",
+ z->msg);
else
- failf (data, "Error while processing content unencoding: "
- "Unknown failure within decompression software.");
+ failf(data, "Error while processing content unencoding: "
+ "Unknown failure within decompression software.");
return CURLE_BAD_CONTENT_ENCODING;
}
static CURLcode
-exit_zlib(z_stream *z, zlibInitState *zlib_init, CURLcode result)
+exit_zlib(struct connectdata *conn,
+ z_stream *z, zlibInitState *zlib_init, CURLcode result)
{
- inflateEnd(z);
- *zlib_init = ZLIB_UNINIT;
+ if(*zlib_init == ZLIB_GZIP_HEADER)
+ Curl_safefree(z->next_in);
+
+ if(*zlib_init != ZLIB_UNINIT) {
+ if(inflateEnd(z) != Z_OK && result == CURLE_OK)
+ result = process_zlib_error(conn, z);
+ *zlib_init = ZLIB_UNINIT;
+ }
+
return result;
}
static CURLcode
-inflate_stream(struct connectdata *conn,
- struct SingleRequest *k)
+inflate_stream(struct connectdata *conn, contenc_writer *writer)
{
+ zlib_params *zp = (zlib_params *) &writer->params;
int allow_restart = 1;
- z_stream *z = &k->z; /* zlib state structure */
+ z_stream *z = &zp->z; /* zlib state structure */
uInt nread = z->avail_in;
Bytef *orig_in = z->next_in;
int status; /* zlib status */
@@ -102,45 +146,42 @@ inflate_stream(struct connectdata *conn,
large to hold on the stack */
decomp = malloc(DSIZ);
if(decomp == NULL) {
- return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY);
+ return exit_zlib(conn, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY);
}
/* because the buffer size is fixed, iteratively decompress and transfer to
the client via client_write. */
for(;;) {
+ if(z->avail_in == 0) {
+ free(decomp);
+ return result;
+ }
+
/* (re)set buffer for decompressed output for every iteration */
- z->next_out = (Bytef *)decomp;
+ z->next_out = (Bytef *) decomp;
z->avail_out = DSIZ;
status = inflate(z, Z_SYNC_FLUSH);
if(status == Z_OK || status == Z_STREAM_END) {
allow_restart = 0;
- if((DSIZ - z->avail_out) && (!k->ignorebody)) {
- result = Curl_client_write(conn, CLIENTWRITE_BODY, decomp,
+ result = Curl_unencode_write(conn, writer->downstream, decomp,
DSIZ - z->avail_out);
- /* if !CURLE_OK, clean up, return */
- if(result) {
- free(decomp);
- return exit_zlib(z, &k->zlib_init, result);
- }
+ /* if !CURLE_OK, clean up, return */
+ if(result) {
+ free(decomp);
+ return exit_zlib(conn, z, &zp->zlib_init, result);
}
/* Done? clean up, return */
if(status == Z_STREAM_END) {
free(decomp);
- if(inflateEnd(z) == Z_OK)
- return exit_zlib(z, &k->zlib_init, result);
- else
- return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z));
+ return exit_zlib(conn, z, &zp->zlib_init, result);
}
/* Done with these bytes, exit */
/* status is always Z_OK at this point! */
- if(z->avail_in == 0) {
- free(decomp);
- return result;
- }
+ continue;
}
else if(allow_restart && status == Z_DATA_ERROR) {
/* some servers seem to not generate zlib headers, so this is an attempt
@@ -149,7 +190,8 @@ inflate_stream(struct connectdata *conn,
(void) inflateEnd(z); /* don't care about the return code */
if(inflateInit2(z, -MAX_WBITS) != Z_OK) {
free(decomp);
- return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z));
+ zp->zlib_init = ZLIB_UNINIT; /* inflateEnd() already called. */
+ return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z));
}
z->next_in = orig_in;
z->avail_in = nread;
@@ -158,36 +200,97 @@ inflate_stream(struct connectdata *conn,
}
else { /* Error; exit loop, handle below */
free(decomp);
- return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z));
+ return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z));
}
}
- /* Will never get here */
+ /* UNREACHED */
}
-CURLcode
-Curl_unencode_deflate_write(struct connectdata *conn,
- struct SingleRequest *k,
- ssize_t nread)
+
+/* Deflate handler. */
+static CURLcode deflate_init_writer(struct connectdata *conn,
+ contenc_writer *writer)
{
- z_stream *z = &k->z; /* zlib state structure */
+ zlib_params *zp = (zlib_params *) &writer->params;
+ z_stream *z = &zp->z; /* zlib state structure */
- /* Initialize zlib? */
- if(k->zlib_init == ZLIB_UNINIT) {
- memset(z, 0, sizeof(z_stream));
- z->zalloc = (alloc_func)zalloc_cb;
- z->zfree = (free_func)zfree_cb;
+ if(!writer->downstream)
+ return CURLE_WRITE_ERROR;
- if(inflateInit(z) != Z_OK)
- return process_zlib_error(conn, z);
- k->zlib_init = ZLIB_INIT;
- }
+ /* Initialize zlib */
+ z->zalloc = (alloc_func) zalloc_cb;
+ z->zfree = (free_func) zfree_cb;
+
+ if(inflateInit(z) != Z_OK)
+ return process_zlib_error(conn, z);
+ zp->zlib_init = ZLIB_INIT;
+ return CURLE_OK;
+}
+
+static CURLcode deflate_unencode_write(struct connectdata *conn,
+ contenc_writer *writer,
+ const char *buf, size_t nbytes)
+{
+ zlib_params *zp = (zlib_params *) &writer->params;
+ z_stream *z = &zp->z; /* zlib state structure */
/* Set the compressed input when this function is called */
- z->next_in = (Bytef *)k->str;
- z->avail_in = (uInt)nread;
+ z->next_in = (Bytef *) buf;
+ z->avail_in = (uInt) nbytes;
/* Now uncompress the data */
- return inflate_stream(conn, k);
+ return inflate_stream(conn, writer);
+}
+
+static void deflate_close_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ zlib_params *zp = (zlib_params *) &writer->params;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+ exit_zlib(conn, z, &zp->zlib_init, CURLE_OK);
+}
+
+static const content_encoding deflate_encoding = {
+ "deflate",
+ NULL,
+ deflate_init_writer,
+ deflate_unencode_write,
+ deflate_close_writer,
+ sizeof(zlib_params)
+};
+
+
+/* Gzip handler. */
+static CURLcode gzip_init_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ zlib_params *zp = (zlib_params *) &writer->params;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+ if(!writer->downstream)
+ return CURLE_WRITE_ERROR;
+
+ /* Initialize zlib */
+ z->zalloc = (alloc_func) zalloc_cb;
+ z->zfree = (free_func) zfree_cb;
+
+ if(strcmp(zlibVersion(), "1.2.0.4") >= 0) {
+ /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */
+ if(inflateInit2(z, MAX_WBITS + 32) != Z_OK) {
+ return process_zlib_error(conn, z);
+ }
+ zp->zlib_init = ZLIB_INIT_GZIP; /* Transparent gzip decompress state */
+ }
+ else {
+ /* we must parse the gzip header ourselves */
+ if(inflateInit2(z, -MAX_WBITS) != Z_OK) {
+ return process_zlib_error(conn, z);
+ }
+ zp->zlib_init = ZLIB_INIT; /* Initial call state */
+ }
+
+ return CURLE_OK;
}
#ifdef OLD_ZLIB_SUPPORT
@@ -228,7 +331,7 @@ static enum {
extra_len = (data[1] << 8) | data[0];
- if(len < (extra_len+2))
+ if(len < (extra_len + 2))
return GZIP_UNDERFLOW;
len -= (extra_len + 2);
@@ -274,47 +377,25 @@ static enum {
}
#endif
-CURLcode
-Curl_unencode_gzip_write(struct connectdata *conn,
- struct SingleRequest *k,
- ssize_t nread)
+static CURLcode gzip_unencode_write(struct connectdata *conn,
+ contenc_writer *writer,
+ const char *buf, size_t nbytes)
{
- z_stream *z = &k->z; /* zlib state structure */
-
- /* Initialize zlib? */
- if(k->zlib_init == ZLIB_UNINIT) {
- memset(z, 0, sizeof(z_stream));
- z->zalloc = (alloc_func)zalloc_cb;
- z->zfree = (free_func)zfree_cb;
-
- if(strcmp(zlibVersion(), "1.2.0.4") >= 0) {
- /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */
- if(inflateInit2(z, MAX_WBITS+32) != Z_OK) {
- return process_zlib_error(conn, z);
- }
- k->zlib_init = ZLIB_INIT_GZIP; /* Transparent gzip decompress state */
- }
- else {
- /* we must parse the gzip header ourselves */
- if(inflateInit2(z, -MAX_WBITS) != Z_OK) {
- return process_zlib_error(conn, z);
- }
- k->zlib_init = ZLIB_INIT; /* Initial call state */
- }
- }
+ zlib_params *zp = (zlib_params *) &writer->params;
+ z_stream *z = &zp->z; /* zlib state structure */
- if(k->zlib_init == ZLIB_INIT_GZIP) {
+ if(zp->zlib_init == ZLIB_INIT_GZIP) {
/* Let zlib handle the gzip decompression entirely */
- z->next_in = (Bytef *)k->str;
- z->avail_in = (uInt)nread;
+ z->next_in = (Bytef *) buf;
+ z->avail_in = (uInt) nbytes;
/* Now uncompress the data */
- return inflate_stream(conn, k);
+ return inflate_stream(conn, writer);
}
#ifndef OLD_ZLIB_SUPPORT
/* Support for old zlib versions is compiled away and we are running with
an old version, so return an error. */
- return exit_zlib(z, &k->zlib_init, CURLE_FUNCTION_NOT_FOUND);
+ return exit_zlib(conn, z, &zp->zlib_init, CURLE_WRITE_ERROR);
#else
/* This next mess is to get around the potential case where there isn't
@@ -327,18 +408,18 @@ Curl_unencode_gzip_write(struct connectdata *conn,
* can handle the gzip header themselves.
*/
- switch (k->zlib_init) {
+ switch(zp->zlib_init) {
/* Skip over gzip header? */
case ZLIB_INIT:
{
/* Initial call state */
ssize_t hlen;
- switch (check_gzip_header((unsigned char *)k->str, nread, &hlen)) {
+ switch(check_gzip_header((unsigned char *) buf, nbytes, &hlen)) {
case GZIP_OK:
- z->next_in = (Bytef *)k->str + hlen;
- z->avail_in = (uInt)(nread - hlen);
- k->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */
+ z->next_in = (Bytef *) buf + hlen;
+ z->avail_in = (uInt) (nbytes - hlen);
+ zp->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */
break;
case GZIP_UNDERFLOW:
@@ -349,19 +430,19 @@ Curl_unencode_gzip_write(struct connectdata *conn,
* the first place, and it's even more unlikely for a transfer to fail
* immediately afterwards, it should seldom be a problem.
*/
- z->avail_in = (uInt)nread;
+ z->avail_in = (uInt) nbytes;
z->next_in = malloc(z->avail_in);
if(z->next_in == NULL) {
- return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY);
+ return exit_zlib(conn, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY);
}
- memcpy(z->next_in, k->str, z->avail_in);
- k->zlib_init = ZLIB_GZIP_HEADER; /* Need more gzip header data state */
+ memcpy(z->next_in, buf, z->avail_in);
+ zp->zlib_init = ZLIB_GZIP_HEADER; /* Need more gzip header data state */
/* We don't have any data to inflate yet */
return CURLE_OK;
case GZIP_BAD:
default:
- return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z));
+ return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z));
}
}
@@ -371,25 +452,22 @@ Curl_unencode_gzip_write(struct connectdata *conn,
{
/* Need more gzip header data state */
ssize_t hlen;
- unsigned char *oldblock = z->next_in;
-
- z->avail_in += (uInt)nread;
- z->next_in = realloc(z->next_in, z->avail_in);
+ z->avail_in += (uInt) nbytes;
+ z->next_in = Curl_saferealloc(z->next_in, z->avail_in);
if(z->next_in == NULL) {
- free(oldblock);
- return exit_zlib(z, &k->zlib_init, CURLE_OUT_OF_MEMORY);
+ return exit_zlib(conn, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY);
}
/* Append the new block of data to the previous one */
- memcpy(z->next_in + z->avail_in - nread, k->str, nread);
+ memcpy(z->next_in + z->avail_in - nbytes, buf, nbytes);
- switch (check_gzip_header(z->next_in, z->avail_in, &hlen)) {
+ switch(check_gzip_header(z->next_in, z->avail_in, &hlen)) {
case GZIP_OK:
/* This is the zlib stream data */
free(z->next_in);
/* Don't point into the malloced block since we just freed it */
- z->next_in = (Bytef *)k->str + hlen + nread - z->avail_in;
- z->avail_in = (uInt)(z->avail_in - hlen);
- k->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */
+ z->next_in = (Bytef *) buf + hlen + nbytes - z->avail_in;
+ z->avail_in = (uInt) (z->avail_in - hlen);
+ zp->zlib_init = ZLIB_GZIP_INFLATING; /* Inflating stream state */
break;
case GZIP_UNDERFLOW:
@@ -398,8 +476,7 @@ Curl_unencode_gzip_write(struct connectdata *conn,
case GZIP_BAD:
default:
- free(z->next_in);
- return exit_zlib(z, &k->zlib_init, process_zlib_error(conn, z));
+ return exit_zlib(conn, z, &zp->zlib_init, process_zlib_error(conn, z));
}
}
@@ -408,8 +485,8 @@ Curl_unencode_gzip_write(struct connectdata *conn,
case ZLIB_GZIP_INFLATING:
default:
/* Inflating stream state */
- z->next_in = (Bytef *)k->str;
- z->avail_in = (uInt)nread;
+ z->next_in = (Bytef *) buf;
+ z->avail_in = (uInt) nbytes;
break;
}
@@ -419,17 +496,465 @@ Curl_unencode_gzip_write(struct connectdata *conn,
}
/* We've parsed the header, now uncompress the data */
- return inflate_stream(conn, k);
+ return inflate_stream(conn, writer);
#endif
}
+static void gzip_close_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ zlib_params *zp = (zlib_params *) &writer->params;
+ z_stream *z = &zp->z; /* zlib state structure */
+
+ exit_zlib(conn, z, &zp->zlib_init, CURLE_OK);
+}
+
+static const content_encoding gzip_encoding = {
+ "gzip",
+ "x-gzip",
+ gzip_init_writer,
+ gzip_unencode_write,
+ gzip_close_writer,
+ sizeof(zlib_params)
+};
+
+#endif /* HAVE_LIBZ */
+
+
+#ifdef HAVE_BROTLI
+
+/* Writer parameters. */
+typedef struct {
+ BrotliDecoderState *br; /* State structure for brotli. */
+} brotli_params;
+
+
+static CURLcode brotli_map_error(BrotliDecoderErrorCode be)
+{
+ switch(be) {
+ case BROTLI_DECODER_ERROR_FORMAT_EXUBERANT_NIBBLE:
+ case BROTLI_DECODER_ERROR_FORMAT_EXUBERANT_META_NIBBLE:
+ case BROTLI_DECODER_ERROR_FORMAT_SIMPLE_HUFFMAN_ALPHABET:
+ case BROTLI_DECODER_ERROR_FORMAT_SIMPLE_HUFFMAN_SAME:
+ case BROTLI_DECODER_ERROR_FORMAT_CL_SPACE:
+ case BROTLI_DECODER_ERROR_FORMAT_HUFFMAN_SPACE:
+ case BROTLI_DECODER_ERROR_FORMAT_CONTEXT_MAP_REPEAT:
+ case BROTLI_DECODER_ERROR_FORMAT_BLOCK_LENGTH_1:
+ case BROTLI_DECODER_ERROR_FORMAT_BLOCK_LENGTH_2:
+ case BROTLI_DECODER_ERROR_FORMAT_TRANSFORM:
+ case BROTLI_DECODER_ERROR_FORMAT_DICTIONARY:
+ case BROTLI_DECODER_ERROR_FORMAT_WINDOW_BITS:
+ case BROTLI_DECODER_ERROR_FORMAT_PADDING_1:
+ case BROTLI_DECODER_ERROR_FORMAT_PADDING_2:
+ case BROTLI_DECODER_ERROR_COMPOUND_DICTIONARY:
+ case BROTLI_DECODER_ERROR_DICTIONARY_NOT_SET:
+ case BROTLI_DECODER_ERROR_INVALID_ARGUMENTS:
+ return CURLE_BAD_CONTENT_ENCODING;
+ case BROTLI_DECODER_ERROR_ALLOC_CONTEXT_MODES:
+ case BROTLI_DECODER_ERROR_ALLOC_TREE_GROUPS:
+ case BROTLI_DECODER_ERROR_ALLOC_CONTEXT_MAP:
+ case BROTLI_DECODER_ERROR_ALLOC_RING_BUFFER_1:
+ case BROTLI_DECODER_ERROR_ALLOC_RING_BUFFER_2:
+ case BROTLI_DECODER_ERROR_ALLOC_BLOCK_TYPE_TREES:
+ return CURLE_OUT_OF_MEMORY;
+ default:
+ break;
+ }
+ return CURLE_WRITE_ERROR;
+}
+
+static CURLcode brotli_init_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ brotli_params *bp = (brotli_params *) &writer->params;
+
+ (void) conn;
+
+ if(!writer->downstream)
+ return CURLE_WRITE_ERROR;
+
+ bp->br = BrotliDecoderCreateInstance(NULL, NULL, NULL);
+ return bp->br? CURLE_OK: CURLE_OUT_OF_MEMORY;
+}
+
+static CURLcode brotli_unencode_write(struct connectdata *conn,
+ contenc_writer *writer,
+ const char *buf, size_t nbytes)
+{
+ brotli_params *bp = (brotli_params *) &writer->params;
+ const uint8_t *src = (const uint8_t *) buf;
+ char *decomp;
+ uint8_t *dst;
+ size_t dstleft;
+ CURLcode result = CURLE_OK;
+
+ if(!bp->br)
+ return CURLE_WRITE_ERROR; /* Stream already ended. */
+
+ decomp = malloc(DSIZ);
+ if(!decomp)
+ return CURLE_OUT_OF_MEMORY;
+
+ while(nbytes && result == CURLE_OK) {
+ BrotliDecoderResult r;
+
+ dst = (uint8_t *) decomp;
+ dstleft = DSIZ;
+ r = BrotliDecoderDecompressStream(bp->br,
+ &nbytes, &src, &dstleft, &dst, NULL);
+ result = Curl_unencode_write(conn, writer->downstream,
+ decomp, DSIZ - dstleft);
+ if(result)
+ break;
+ switch(r) {
+ case BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT:
+ case BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT:
+ break;
+ case BROTLI_DECODER_RESULT_SUCCESS:
+ BrotliDecoderDestroyInstance(bp->br);
+ bp->br = NULL;
+ if(nbytes)
+ result = CURLE_WRITE_ERROR;
+ break;
+ default:
+ result = brotli_map_error(BrotliDecoderGetErrorCode(bp->br));
+ break;
+ }
+ }
+ free(decomp);
+ return result;
+}
+
+static void brotli_close_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ brotli_params *bp = (brotli_params *) &writer->params;
+
+ (void) conn;
+
+ if(bp->br) {
+ BrotliDecoderDestroyInstance(bp->br);
+ bp->br = NULL;
+ }
+}
+
+static const content_encoding brotli_encoding = {
+ "br",
+ NULL,
+ brotli_init_writer,
+ brotli_unencode_write,
+ brotli_close_writer,
+ sizeof(brotli_params)
+};
+#endif
+
+
+/* Identity handler. */
+static CURLcode identity_init_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ (void) conn;
+ return writer->downstream? CURLE_OK: CURLE_WRITE_ERROR;
+}
+
+static CURLcode identity_unencode_write(struct connectdata *conn,
+ contenc_writer *writer,
+ const char *buf, size_t nbytes)
+{
+ return Curl_unencode_write(conn, writer->downstream, buf, nbytes);
+}
+
+static void identity_close_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ (void) conn;
+ (void) writer;
+}
+
+static const content_encoding identity_encoding = {
+ "identity",
+ NULL,
+ identity_init_writer,
+ identity_unencode_write,
+ identity_close_writer,
+ 0
+};
+
+
+/* supported content encodings table. */
+static const content_encoding * const encodings[] = {
+ &identity_encoding,
+#ifdef HAVE_LIBZ
+ &deflate_encoding,
+ &gzip_encoding,
+#endif
+#ifdef HAVE_BROTLI
+ &brotli_encoding,
+#endif
+ NULL
+};
+
+
+/* Return a list of comma-separated names of supported encodings. */
+char *Curl_all_content_encodings(void)
+{
+ size_t len = 0;
+ const content_encoding * const *cep;
+ const content_encoding *ce;
+ char *ace;
+ char *p;
+
+ for(cep = encodings; *cep; cep++) {
+ ce = *cep;
+ if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT))
+ len += strlen(ce->name) + 2;
+ }
+
+ if(!len)
+ return strdup(CONTENT_ENCODING_DEFAULT);
+
+ ace = malloc(len);
+ if(ace) {
+ p = ace;
+ for(cep = encodings; *cep; cep++) {
+ ce = *cep;
+ if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) {
+ strcpy(p, ce->name);
+ p += strlen(p);
+ *p++ = ',';
+ *p++ = ' ';
+ }
+ }
+ p[-2] = '\0';
+ }
+
+ return ace;
+}
+
+
+/* Real client writer: no downstream. */
+static CURLcode client_init_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ (void) conn;
+ return writer->downstream? CURLE_WRITE_ERROR: CURLE_OK;
+}
+
+static CURLcode client_unencode_write(struct connectdata *conn,
+ contenc_writer *writer,
+ const char *buf, size_t nbytes)
+{
+ struct Curl_easy *data = conn->data;
+ struct SingleRequest *k = &data->req;
+
+ (void) writer;
+
+ if(!nbytes || k->ignorebody)
+ return CURLE_OK;
+
+ return Curl_client_write(conn, CLIENTWRITE_BODY, (char *) buf, nbytes);
+}
+
+static void client_close_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ (void) conn;
+ (void) writer;
+}
+
+static const content_encoding client_encoding = {
+ NULL,
+ NULL,
+ client_init_writer,
+ client_unencode_write,
+ client_close_writer,
+ 0
+};
+
+
+/* Deferred error dummy writer. */
+static CURLcode error_init_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ (void) conn;
+ return writer->downstream? CURLE_OK: CURLE_WRITE_ERROR;
+}
+
+static CURLcode error_unencode_write(struct connectdata *conn,
+ contenc_writer *writer,
+ const char *buf, size_t nbytes)
+{
+ char *all = Curl_all_content_encodings();
+
+ (void) writer;
+ (void) buf;
+ (void) nbytes;
+
+ if(!all)
+ return CURLE_OUT_OF_MEMORY;
+ failf(conn->data, "Unrecognized content encoding type. "
+ "libcurl understands %s content encodings.", all);
+ free(all);
+ return CURLE_BAD_CONTENT_ENCODING;
+}
+
+static void error_close_writer(struct connectdata *conn,
+ contenc_writer *writer)
+{
+ (void) conn;
+ (void) writer;
+}
+
+static const content_encoding error_encoding = {
+ NULL,
+ NULL,
+ error_init_writer,
+ error_unencode_write,
+ error_close_writer,
+ 0
+};
+
+/* Create an unencoding writer stage using the given handler. */
+static contenc_writer *new_unencoding_writer(struct connectdata *conn,
+ const content_encoding *handler,
+ contenc_writer *downstream)
+{
+ size_t sz = offsetof(contenc_writer, params) + handler->paramsize;
+ contenc_writer *writer = (contenc_writer *) malloc(sz);
+
+ if(writer) {
+ memset(writer, 0, sz);
+ writer->handler = handler;
+ writer->downstream = downstream;
+ if(handler->init_writer(conn, writer)) {
+ free(writer);
+ writer = NULL;
+ }
+ }
+
+ return writer;
+}
+
+/* Write data using an unencoding writer stack. */
+CURLcode Curl_unencode_write(struct connectdata *conn, contenc_writer *writer,
+ const char *buf, size_t nbytes)
+{
+ if(!nbytes)
+ return CURLE_OK;
+ return writer->handler->unencode_write(conn, writer, buf, nbytes);
+}
+
+/* Close and clean-up the connection's writer stack. */
void Curl_unencode_cleanup(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SingleRequest *k = &data->req;
- z_stream *z = &k->z;
- if(k->zlib_init != ZLIB_UNINIT)
- (void) exit_zlib(z, &k->zlib_init, CURLE_OK);
+ contenc_writer *writer = k->writer_stack;
+
+ while(writer) {
+ k->writer_stack = writer->downstream;
+ writer->handler->close_writer(conn, writer);
+ free(writer);
+ writer = k->writer_stack;
+ }
}
-#endif /* HAVE_LIBZ */
+/* Find the content encoding by name. */
+static const content_encoding *find_encoding(const char *name, size_t len)
+{
+ const content_encoding * const *cep;
+ const content_encoding *ce;
+
+ for(cep = encodings; *cep; cep++) {
+ ce = *cep;
+ if((strncasecompare(name, ce->name, len) && !ce->name[len]) ||
+ (ce->alias && strncasecompare(name, ce->alias, len) && !ce->alias[len]))
+ return ce;
+ }
+ return NULL;
+}
+
+/* Set-up the unencoding stack from the Content-Encoding header value.
+ * See RFC 7231 section 3.1.2.2. */
+CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
+ const char *enclist, int maybechunked)
+{
+ struct Curl_easy *data = conn->data;
+ struct SingleRequest *k = &data->req;
+
+ do {
+ const char *name;
+ size_t namelen;
+
+ /* Parse a single encoding name. */
+ while(ISSPACE(*enclist) || *enclist == ',')
+ enclist++;
+
+ name = enclist;
+
+ for(namelen = 0; *enclist && *enclist != ','; enclist++)
+ if(!ISSPACE(*enclist))
+ namelen = enclist - name + 1;
+
+ /* Special case: chunked encoding is handled at the reader level. */
+ if(maybechunked && namelen == 7 && strncasecompare(name, "chunked", 7)) {
+ k->chunk = TRUE; /* chunks coming our way. */
+ Curl_httpchunk_init(conn); /* init our chunky engine. */
+ }
+ else if(namelen) {
+ const content_encoding *encoding = find_encoding(name, namelen);
+ contenc_writer *writer;
+
+ if(!k->writer_stack) {
+ k->writer_stack = new_unencoding_writer(conn, &client_encoding, NULL);
+
+ if(!k->writer_stack)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!encoding)
+ encoding = &error_encoding; /* Defer error at stack use. */
+
+ /* Stack the unencoding stage. */
+ writer = new_unencoding_writer(conn, encoding, k->writer_stack);
+ if(!writer)
+ return CURLE_OUT_OF_MEMORY;
+ k->writer_stack = writer;
+ }
+ } while(*enclist);
+
+ return CURLE_OK;
+}
+
+#else
+/* Stubs for builds without HTTP. */
+CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
+ const char *enclist, int maybechunked)
+{
+ (void) conn;
+ (void) enclist;
+ (void) maybechunked;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode Curl_unencode_write(struct connectdata *conn, contenc_writer *writer,
+ const char *buf, size_t nbytes)
+{
+ (void) conn;
+ (void) writer;
+ (void) buf;
+ (void) nbytes;
+ return CURLE_NOT_BUILT_IN;
+}
+
+void Curl_unencode_cleanup(struct connectdata *conn)
+{
+ (void) conn;
+}
+
+char *Curl_all_content_encodings(void)
+{
+ return strdup(CONTENT_ENCODING_DEFAULT); /* Satisfy caller. */
+}
+
+#endif /* CURL_DISABLE_HTTP */
diff --git a/libs/libcurl/src/content_encoding.h b/libs/libcurl/src/content_encoding.h
index 501f6c8ceb..4cd52be622 100644
--- a/libs/libcurl/src/content_encoding.h
+++ b/libs/libcurl/src/content_encoding.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,26 +23,33 @@
***************************************************************************/
#include "curl_setup.h"
-/*
- * Comma-separated list all supported Content-Encodings ('identity' is implied)
- */
-#ifdef HAVE_LIBZ
-#define ALL_CONTENT_ENCODINGS "deflate, gzip"
-/* force a cleanup */
-void Curl_unencode_cleanup(struct connectdata *conn);
-#else
-#define ALL_CONTENT_ENCODINGS "identity"
-#define Curl_unencode_cleanup(x) Curl_nop_stmt
-#endif
+/* Decoding writer. */
+typedef struct contenc_writer_s contenc_writer;
+typedef struct content_encoding_s content_encoding;
+
+struct contenc_writer_s {
+ const content_encoding *handler; /* Encoding handler. */
+ contenc_writer *downstream; /* Downstream writer. */
+ void *params; /* Encoding-specific storage (variable length). */
+};
-CURLcode Curl_unencode_deflate_write(struct connectdata *conn,
- struct SingleRequest *req,
- ssize_t nread);
+/* Content encoding writer. */
+struct content_encoding_s {
+ const char *name; /* Encoding name. */
+ const char *alias; /* Encoding name alias. */
+ CURLcode (*init_writer)(struct connectdata *conn, contenc_writer *writer);
+ CURLcode (*unencode_write)(struct connectdata *conn, contenc_writer *writer,
+ const char *buf, size_t nbytes);
+ void (*close_writer)(struct connectdata *conn, contenc_writer *writer);
+ size_t paramsize;
+};
-CURLcode
-Curl_unencode_gzip_write(struct connectdata *conn,
- struct SingleRequest *k,
- ssize_t nread);
+CURLcode Curl_build_unencoding_stack(struct connectdata *conn,
+ const char *enclist, int maybechunked);
+CURLcode Curl_unencode_write(struct connectdata *conn, contenc_writer *writer,
+ const char *buf, size_t nbytes);
+void Curl_unencode_cleanup(struct connectdata *conn);
+char *Curl_all_content_encodings(void);
#endif /* HEADER_CURL_CONTENT_ENCODING_H */
diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c
index 9deeb1ac49..c7afc7ae34 100644
--- a/libs/libcurl/src/cookie.c
+++ b/libs/libcurl/src/cookie.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,14 +26,17 @@
RECEIVING COOKIE INFORMATION
============================
-struct CookieInfo *cookie_init(char *file);
+struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
+ const char *file, struct CookieInfo *inc, bool newsession);
Inits a cookie struct to store data in a local file. This is always
called before any cookies are set.
-int cookies_set(struct CookieInfo *cookie, char *cookie_line);
+struct Cookie *Curl_cookie_add(struct Curl_easy *data,
+ struct CookieInfo *c, bool httpheader, char *lineptr,
+ const char *domain, const char *path);
- The 'cookie_line' parameter is a full "Set-cookie:" line as
+ The 'lineptr' parameter is a full "Set-cookie:" line as
received from a server.
The function need to replace previously stored lines that this new
@@ -47,8 +50,8 @@ int cookies_set(struct CookieInfo *cookie, char *cookie_line);
SENDING COOKIE INFORMATION
==========================
-struct Cookies *cookie_getlist(struct CookieInfo *cookie,
- char *host, char *path, bool secure);
+struct Cookies *Curl_cookie_getlist(struct CookieInfo *cookie,
+ char *host, char *path, bool secure);
For a given host and path, return a linked list of cookies that
the client should send to the server if used now. The secure
@@ -81,43 +84,36 @@ Example set of cookies:
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
-#define _MPRINTF_REPLACE
-#include <curl/mprintf.h>
+#ifdef USE_LIBPSL
+# include <libpsl.h>
+#endif
#include "urldata.h"
#include "cookie.h"
-#include "strequal.h"
#include "strtok.h"
#include "sendf.h"
#include "slist.h"
-#include "curl_memory.h"
#include "share.h"
#include "strtoofft.h"
-#include "rawstr.h"
+#include "strcase.h"
#include "curl_memrchr.h"
+#include "inet_pton.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
static void freecookie(struct Cookie *co)
{
- if(co->expirestr)
- free(co->expirestr);
- if(co->domain)
- free(co->domain);
- if(co->path)
- free(co->path);
- if(co->spath)
- free(co->spath);
- if(co->name)
- free(co->name);
- if(co->value)
- free(co->value);
- if(co->maxage)
- free(co->maxage);
- if(co->version)
- free(co->version);
-
+ free(co->expirestr);
+ free(co->domain);
+ free(co->path);
+ free(co->spath);
+ free(co->name);
+ free(co->value);
+ free(co->maxage);
+ free(co->version);
free(co);
}
@@ -129,7 +125,7 @@ static bool tailmatch(const char *cooke_domain, const char *hostname)
if(hostname_len < cookie_domain_len)
return FALSE;
- if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len))
+ if(!strcasecompare(cooke_domain, hostname + hostname_len-cookie_domain_len))
return FALSE;
/* A lead char of cookie_domain is not '.'.
@@ -150,12 +146,12 @@ static bool tailmatch(const char *cooke_domain, const char *hostname)
* matching cookie path and url path
* RFC6265 5.1.4 Paths and Path-Match
*/
-static bool pathmatch(const char* cookie_path, const char* request_uri)
+static bool pathmatch(const char *cookie_path, const char *request_uri)
{
size_t cookie_path_len;
size_t uri_path_len;
- char* uri_path = NULL;
- char* pos;
+ char *uri_path = NULL;
+ char *pos;
bool ret = FALSE;
/* cookie_path must not have last '/' separator. ex: /sample */
@@ -232,11 +228,14 @@ static char *sanitize_cookie_path(const char *cookie_path)
return NULL;
/* some stupid site sends path attribute with '"'. */
+ len = strlen(new_path);
if(new_path[0] == '\"') {
- memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path));
+ memmove((void *)new_path, (const void *)(new_path + 1), len);
+ len--;
}
- if(new_path[strlen(new_path) - 1] == '\"') {
- new_path[strlen(new_path) - 1] = 0x0;
+ if(len && (new_path[len - 1] == '\"')) {
+ new_path[len - 1] = 0x0;
+ len--;
}
/* RFC6265 5.2.4 The Path Attribute */
@@ -248,8 +247,7 @@ static char *sanitize_cookie_path(const char *cookie_path)
}
/* convert /hoge/ to /hoge */
- len = strlen(new_path);
- if(1 < len && new_path[len - 1] == '/') {
+ if(len && new_path[len - 1] == '/') {
new_path[len - 1] = 0x0;
}
@@ -258,17 +256,26 @@ static char *sanitize_cookie_path(const char *cookie_path)
/*
* Load cookies from all given cookie files (CURLOPT_COOKIEFILE).
+ *
+ * NOTE: OOM or cookie parsing failures are ignored.
*/
-void Curl_cookie_loadfiles(struct SessionHandle *data)
+void Curl_cookie_loadfiles(struct Curl_easy *data)
{
struct curl_slist *list = data->change.cookielist;
if(list) {
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
while(list) {
- data->cookies = Curl_cookie_init(data,
- list->data,
- data->cookies,
- data->set.cookiesession);
+ struct CookieInfo *newcookies = Curl_cookie_init(data,
+ list->data,
+ data->cookies,
+ data->set.cookiesession);
+ if(!newcookies)
+ /* Failure may be due to OOM or a bad cookie; both are ignored
+ * but only the first should be
+ */
+ infof(data, "ignoring failed cookie_init for %s\n", list->data);
+ else
+ data->cookies = newcookies;
list = list->next;
}
curl_slist_free_all(data->change.cookielist); /* clean up list */
@@ -285,8 +292,7 @@ void Curl_cookie_loadfiles(struct SessionHandle *data)
*/
static void strstore(char **str, const char *newstr)
{
- if(*str)
- free(*str);
+ free(*str);
*str = strdup(newstr);
}
@@ -302,8 +308,8 @@ static void remove_expired(struct CookieInfo *cookies)
pv = NULL;
while(co) {
nx = co->next;
- if((co->expirestr || co->maxage) && co->expires < now) {
- if(co == cookies->cookies) {
+ if(co->expires && co->expires < now) {
+ if(!pv) {
cookies->cookies = co->next;
}
else {
@@ -319,6 +325,28 @@ static void remove_expired(struct CookieInfo *cookies)
}
}
+/*
+ * Return true if the given string is an IP(v4|v6) address.
+ */
+static bool isip(const char *domain)
+{
+ struct in_addr addr;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr6;
+#endif
+
+ if(Curl_inet_pton(AF_INET, domain, &addr)
+#ifdef ENABLE_IPV6
+ || Curl_inet_pton(AF_INET6, domain, &addr6)
+#endif
+ ) {
+ /* domain name given as IP address */
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
/****************************************************************************
*
* Curl_cookie_add()
@@ -328,10 +356,12 @@ static void remove_expired(struct CookieInfo *cookies)
* Be aware that sometimes we get an IP-only host name, and that might also be
* a numerical IPv6 address.
*
+ * Returns NULL on out of memory or invalid cookie. This is suboptimal,
+ * as they should be treated separately.
***************************************************************************/
struct Cookie *
-Curl_cookie_add(struct SessionHandle *data,
+Curl_cookie_add(struct Curl_easy *data,
/* The 'data' pointer here may be NULL at times, and thus
must only be used very carefully for things that can deal
with data being NULL. Such as infof() and similar */
@@ -345,13 +375,16 @@ Curl_cookie_add(struct SessionHandle *data,
unless set */
{
struct Cookie *clist;
- char name[MAX_NAME];
struct Cookie *co;
- struct Cookie *lastc=NULL;
+ struct Cookie *lastc = NULL;
time_t now = time(NULL);
bool replace_old = FALSE;
bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */
+#ifdef USE_LIBPSL
+ const psl_ctx_t *psl;
+#endif
+
#ifdef CURL_DISABLE_VERBOSE_STRINGS
(void)data;
#endif
@@ -363,17 +396,19 @@ Curl_cookie_add(struct SessionHandle *data,
if(httpheader) {
/* This line was read off a HTTP-header */
+ char name[MAX_NAME];
+ char what[MAX_NAME];
const char *ptr;
const char *semiptr;
- char *what;
- what = malloc(MAX_COOKIE_LINE);
- if(!what) {
+ size_t linelength = strlen(lineptr);
+ if(linelength > MAX_COOKIE_LINE) {
+ /* discard overly long lines at once */
free(co);
return NULL;
}
- semiptr=strchr(lineptr, ';'); /* first, find a semicolon */
+ semiptr = strchr(lineptr, ';'); /* first, find a semicolon */
while(*lineptr && ISBLANK(*lineptr))
lineptr++;
@@ -381,9 +416,9 @@ Curl_cookie_add(struct SessionHandle *data,
ptr = lineptr;
do {
/* we have a <what>=<this> pair or a stand-alone word here */
- name[0]=what[0]=0; /* init the buffers */
- if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%"
- MAX_COOKIE_LINE_TXT "[^;\r\n]",
+ name[0] = what[0] = 0; /* init the buffers */
+ if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n=] =%"
+ MAX_NAME_TXT "[^;\r\n]",
name, what)) {
/* Use strstore() below to properly deal with received cookie
headers that have the same string property set more than once,
@@ -391,34 +426,66 @@ Curl_cookie_add(struct SessionHandle *data,
const char *whatptr;
bool done = FALSE;
bool sep;
- size_t len=strlen(what);
- const char *endofn = &ptr[ strlen(name) ];
-
- /* skip trailing spaces in name */
- while(*endofn && ISBLANK(*endofn))
- endofn++;
+ size_t len = strlen(what);
+ size_t nlen = strlen(name);
+ const char *endofn = &ptr[ nlen ];
+
+ infof(data, "cookie size: name/val %d + %d bytes\n",
+ nlen, len);
+
+ if(nlen >= (MAX_NAME-1) || len >= (MAX_NAME-1) ||
+ ((nlen + len) > MAX_NAME)) {
+ /* too long individual name or contents, or too long combination of
+ name + contents. Chrome and Firefox support 4095 or 4096 bytes
+ combo. */
+ freecookie(co);
+ infof(data, "oversized cookie dropped, name/val %d + %d bytes\n",
+ nlen, len);
+ return NULL;
+ }
/* name ends with a '=' ? */
sep = (*endofn == '=')?TRUE:FALSE;
+ if(nlen) {
+ endofn--; /* move to the last character */
+ if(ISBLANK(*endofn)) {
+ /* skip trailing spaces in name */
+ while(*endofn && ISBLANK(*endofn) && nlen) {
+ endofn--;
+ nlen--;
+ }
+ name[nlen] = 0; /* new end of name */
+ }
+ }
+
/* Strip off trailing whitespace from the 'what' */
while(len && ISBLANK(what[len-1])) {
- what[len-1]=0;
+ what[len-1] = 0;
len--;
}
/* Skip leading whitespace from the 'what' */
- whatptr=what;
+ whatptr = what;
while(*whatptr && ISBLANK(*whatptr))
whatptr++;
- if(!len) {
+ if(!co->name && sep) {
+ /* The very first name/value pair is the actual cookie name */
+ co->name = strdup(name);
+ co->value = strdup(whatptr);
+ if(!co->name || !co->value) {
+ badcookie = TRUE;
+ break;
+ }
+ }
+ else if(!len) {
/* this was a "<name>=" with no content, and we must allow
'secure' and 'httponly' specified this weirdly */
done = TRUE;
- if(Curl_raw_equal("secure", name))
+ if(strcasecompare("secure", name))
co->secure = TRUE;
- else if(Curl_raw_equal("httponly", name))
+ else if(strcasecompare("httponly", name))
co->httponly = TRUE;
else if(sep)
/* there was a '=' so we're not done parsing this field */
@@ -426,55 +493,74 @@ Curl_cookie_add(struct SessionHandle *data,
}
if(done)
;
- else if(Curl_raw_equal("path", name)) {
+ else if(strcasecompare("path", name)) {
strstore(&co->path, whatptr);
if(!co->path) {
badcookie = TRUE; /* out of memory bad */
break;
}
+ free(co->spath); /* if this is set again */
co->spath = sanitize_cookie_path(co->path);
if(!co->spath) {
badcookie = TRUE; /* out of memory bad */
break;
}
}
- else if(Curl_raw_equal("domain", name)) {
+ else if(strcasecompare("domain", name)) {
+ bool is_ip;
+
/* Now, we make sure that our host is within the given domain,
or the given domain is not valid and thus cannot be set. */
if('.' == whatptr[0])
whatptr++; /* ignore preceding dot */
- if(!domain || tailmatch(whatptr, domain)) {
- const char *tailptr=whatptr;
- if(tailptr[0] == '.')
- tailptr++;
- strstore(&co->domain, tailptr); /* don't prefix w/dots
- internally */
+#ifndef USE_LIBPSL
+ /*
+ * Without PSL we don't know when the incoming cookie is set on a
+ * TLD or otherwise "protected" suffix. To reduce risk, we require a
+ * dot OR the exact host name being "localhost".
+ */
+ {
+ const char *dotp;
+ /* check for more dots */
+ dotp = strchr(whatptr, '.');
+ if(!dotp && !strcasecompare("localhost", whatptr))
+ domain = ":";
+ }
+#endif
+
+ is_ip = isip(domain ? domain : whatptr);
+
+ if(!domain
+ || (is_ip && !strcmp(whatptr, domain))
+ || (!is_ip && tailmatch(whatptr, domain))) {
+ strstore(&co->domain, whatptr);
if(!co->domain) {
badcookie = TRUE;
break;
}
- co->tailmatch=TRUE; /* we always do that if the domain name was
- given */
+ if(!is_ip)
+ co->tailmatch = TRUE; /* we always do that if the domain name was
+ given */
}
else {
/* we did not get a tailmatch and then the attempted set domain
is not a domain to which the current host belongs. Mark as
bad. */
- badcookie=TRUE;
+ badcookie = TRUE;
infof(data, "skipped cookie with bad tailmatch domain: %s\n",
whatptr);
}
}
- else if(Curl_raw_equal("version", name)) {
+ else if(strcasecompare("version", name)) {
strstore(&co->version, whatptr);
if(!co->version) {
badcookie = TRUE;
break;
}
}
- else if(Curl_raw_equal("max-age", name)) {
+ else if(strcasecompare("max-age", name)) {
/* Defined in RFC2109:
Optional. The Max-Age attribute defines the lifetime of the
@@ -489,35 +575,13 @@ Curl_cookie_add(struct SessionHandle *data,
badcookie = TRUE;
break;
}
- co->expires =
- strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
- + (long)now;
}
- else if(Curl_raw_equal("expires", name)) {
+ else if(strcasecompare("expires", name)) {
strstore(&co->expirestr, whatptr);
if(!co->expirestr) {
badcookie = TRUE;
break;
}
- /* Note that if the date couldn't get parsed for whatever reason,
- the cookie will be treated as a session cookie */
- co->expires = curl_getdate(what, &now);
-
- /* Session cookies have expires set to 0 so if we get that back
- from the date parser let's add a second to make it a
- non-session cookie */
- if(co->expires == 0)
- co->expires = 1;
- else if(co->expires < 0)
- co->expires = 0;
- }
- else if(!co->name) {
- co->name = strdup(name);
- co->value = strdup(whatptr);
- if(!co->name || !co->value) {
- badcookie = TRUE;
- break;
- }
}
/*
else this is the second (or more) name we don't know
@@ -533,21 +597,51 @@ Curl_cookie_add(struct SessionHandle *data,
continue;
}
- ptr=semiptr+1;
+ ptr = semiptr + 1;
while(*ptr && ISBLANK(*ptr))
ptr++;
- semiptr=strchr(ptr, ';'); /* now, find the next semicolon */
+ semiptr = strchr(ptr, ';'); /* now, find the next semicolon */
if(!semiptr && *ptr)
/* There are no more semicolons, but there's a final name=value pair
coming up */
- semiptr=strchr(ptr, '\0');
+ semiptr = strchr(ptr, '\0');
} while(semiptr);
+ if(co->maxage) {
+ CURLofft offt;
+ offt = curlx_strtoofft((*co->maxage == '\"')?
+ &co->maxage[1]:&co->maxage[0], NULL, 10,
+ &co->expires);
+ if(offt == CURL_OFFT_FLOW)
+ /* overflow, used max value */
+ co->expires = CURL_OFF_T_MAX;
+ else if(!offt) {
+ if(CURL_OFF_T_MAX - now < co->expires)
+ /* would overflow */
+ co->expires = CURL_OFF_T_MAX;
+ else
+ co->expires += now;
+ }
+ }
+ else if(co->expirestr) {
+ /* Note that if the date couldn't get parsed for whatever reason,
+ the cookie will be treated as a session cookie */
+ co->expires = curl_getdate(co->expirestr, NULL);
+
+ /* Session cookies have expires set to 0 so if we get that back
+ from the date parser let's add a second to make it a
+ non-session cookie */
+ if(co->expires == 0)
+ co->expires = 1;
+ else if(co->expires < 0)
+ co->expires = 0;
+ }
+
if(!badcookie && !co->domain) {
if(domain) {
/* no domain was given in the header line, set the default */
- co->domain=strdup(domain);
+ co->domain = strdup(domain);
if(!co->domain)
badcookie = TRUE;
}
@@ -567,11 +661,11 @@ Curl_cookie_add(struct SessionHandle *data,
else
endslash = memrchr(path, '/', (size_t)(queryp - path));
if(endslash) {
- size_t pathlen = (size_t)(endslash-path+1); /* include ending slash */
- co->path=malloc(pathlen+1); /* one extra for the zero byte */
+ size_t pathlen = (size_t)(endslash-path + 1); /* include end slash */
+ co->path = malloc(pathlen + 1); /* one extra for the zero byte */
if(co->path) {
memcpy(co->path, path, pathlen);
- co->path[pathlen]=0; /* zero terminate */
+ co->path[pathlen] = 0; /* zero terminate */
co->spath = sanitize_cookie_path(co->path);
if(!co->spath)
badcookie = TRUE; /* out of memory bad */
@@ -581,8 +675,6 @@ Curl_cookie_add(struct SessionHandle *data,
}
}
- free(what);
-
if(badcookie || !co->name) {
/* we didn't get a cookie name or a bad one,
this is an illegal line, bail out */
@@ -596,7 +688,7 @@ Curl_cookie_add(struct SessionHandle *data,
reading the odd netscape cookies-file format here */
char *ptr;
char *firstptr;
- char *tok_buf=NULL;
+ char *tok_buf = NULL;
int fields;
/* IE introduced HTTP-only cookies to prevent XSS attacks. Cookies
@@ -617,19 +709,19 @@ Curl_cookie_add(struct SessionHandle *data,
return NULL;
}
/* strip off the possible end-of-line characters */
- ptr=strchr(lineptr, '\r');
+ ptr = strchr(lineptr, '\r');
if(ptr)
- *ptr=0; /* clear it */
- ptr=strchr(lineptr, '\n');
+ *ptr = 0; /* clear it */
+ ptr = strchr(lineptr, '\n');
if(ptr)
- *ptr=0; /* clear it */
+ *ptr = 0; /* clear it */
- firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */
+ firstptr = strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */
/* Now loop through the fields and init the struct we already have
allocated */
- for(ptr=firstptr, fields=0; ptr && !badcookie;
- ptr=strtok_r(NULL, "\t", &tok_buf), fields++) {
+ for(ptr = firstptr, fields = 0; ptr && !badcookie;
+ ptr = strtok_r(NULL, "\t", &tok_buf), fields++) {
switch(fields) {
case 0:
if(ptr[0]=='.') /* skip preceding dots */
@@ -649,7 +741,7 @@ Curl_cookie_add(struct SessionHandle *data,
As far as I can see, it is set to true when the cookie says
.domain.com and to false when the domain is complete www.domain.com
*/
- co->tailmatch = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
+ co->tailmatch = strcasecompare(ptr, "TRUE")?TRUE:FALSE;
break;
case 2:
/* It turns out, that sometimes the file format allows the path
@@ -678,10 +770,11 @@ Curl_cookie_add(struct SessionHandle *data,
fields++; /* add a field and fall down to secure */
/* FALLTHROUGH */
case 3:
- co->secure = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
+ co->secure = strcasecompare(ptr, "TRUE")?TRUE:FALSE;
break;
case 4:
- co->expires = curlx_strtoofft(ptr, NULL, 10);
+ if(curlx_strtoofft(ptr, NULL, 10, &co->expires))
+ badcookie = TRUE;
break;
case 5:
co->name = strdup(ptr);
@@ -731,16 +824,32 @@ Curl_cookie_add(struct SessionHandle *data,
/* at first, remove expired cookies */
remove_expired(c);
+#ifdef USE_LIBPSL
+ /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
+ This needs a libpsl compiled with builtin data. */
+ if(domain && co->domain && !isip(co->domain)) {
+ psl = psl_builtin();
+ if(psl && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
+ infof(data,
+ "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
+ co->name, domain, co->domain);
+ freecookie(co);
+ return NULL;
+ }
+ }
+#endif
+
clist = c->cookies;
replace_old = FALSE;
while(clist) {
- if(Curl_raw_equal(clist->name, co->name)) {
+ if(strcasecompare(clist->name, co->name)) {
/* the names are identical */
if(clist->domain && co->domain) {
- if(Curl_raw_equal(clist->domain, co->domain))
+ if(strcasecompare(clist->domain, co->domain) &&
+ (clist->tailmatch == co->tailmatch))
/* The domains are identical */
- replace_old=TRUE;
+ replace_old = TRUE;
}
else if(!clist->domain && !co->domain)
replace_old = TRUE;
@@ -749,7 +858,7 @@ Curl_cookie_add(struct SessionHandle *data,
/* the domains were identical */
if(clist->spath && co->spath) {
- if(Curl_raw_equal(clist->spath, co->spath)) {
+ if(strcasecompare(clist->spath, co->spath)) {
replace_old = TRUE;
}
else
@@ -778,21 +887,13 @@ Curl_cookie_add(struct SessionHandle *data,
/* then free all the old pointers */
free(clist->name);
- if(clist->value)
- free(clist->value);
- if(clist->domain)
- free(clist->domain);
- if(clist->path)
- free(clist->path);
- if(clist->spath)
- free(clist->spath);
- if(clist->expirestr)
- free(clist->expirestr);
-
- if(clist->version)
- free(clist->version);
- if(clist->maxage)
- free(clist->maxage);
+ free(clist->value);
+ free(clist->domain);
+ free(clist->path);
+ free(clist->spath);
+ free(clist->expirestr);
+ free(clist->version);
+ free(clist->maxage);
*clist = *co; /* then store all the new data */
@@ -815,7 +916,7 @@ Curl_cookie_add(struct SessionHandle *data,
if(c->running)
/* Only show this when NOT reading the cookies from a file */
infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, "
- "expire %" FORMAT_OFF_T "\n",
+ "expire %" CURL_FORMAT_CURL_OFF_T "\n",
replace_old?"Replaced":"Added", co->name, co->value,
co->domain, co->path, co->expires);
@@ -831,6 +932,34 @@ Curl_cookie_add(struct SessionHandle *data,
return co;
}
+/*
+ * get_line() makes sure to only return complete whole lines that fit in 'len'
+ * bytes and end with a newline.
+ */
+static char *get_line(char *buf, int len, FILE *input)
+{
+ bool partial = FALSE;
+ while(1) {
+ char *b = fgets(buf, len, input);
+ if(b) {
+ size_t rlen = strlen(b);
+ if(rlen && (b[rlen-1] == '\n')) {
+ if(partial) {
+ partial = FALSE;
+ continue;
+ }
+ return b;
+ }
+ /* read a partial, discard the next piece that ends with newline */
+ partial = TRUE;
+ }
+ else
+ break;
+ }
+ return NULL;
+}
+
+
/*****************************************************************************
*
* Curl_cookie_init()
@@ -840,15 +969,17 @@ Curl_cookie_add(struct SessionHandle *data,
*
* If 'newsession' is TRUE, discard all "session cookies" on read from file.
*
+ * Returns NULL on out of memory. Invalid cookies are ignored.
****************************************************************************/
-struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
+struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
const char *file,
struct CookieInfo *inc,
bool newsession)
{
struct CookieInfo *c;
- FILE *fp;
- bool fromfile=TRUE;
+ FILE *fp = NULL;
+ bool fromfile = TRUE;
+ char *line = NULL;
if(NULL == inc) {
/* we didn't get a struct, create one */
@@ -856,6 +987,8 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
if(!c)
return NULL; /* failed to get memory */
c->filename = strdup(file?file:"none"); /* copy the name just in case */
+ if(!c->filename)
+ goto fail; /* failed to get memory */
}
else {
/* we got an already existing one, use that */
@@ -863,16 +996,16 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
}
c->running = FALSE; /* this is not running, this is init */
- if(file && strequal(file, "-")) {
+ if(file && !strcmp(file, "-")) {
fp = stdin;
- fromfile=FALSE;
+ fromfile = FALSE;
}
else if(file && !*file) {
/* points to a "" string */
fp = NULL;
}
else
- fp = file?fopen(file, "r"):NULL;
+ fp = file?fopen(file, FOPEN_READTEXT):NULL;
c->newsession = newsession; /* new session? */
@@ -880,25 +1013,26 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
char *lineptr;
bool headerline;
- char *line = malloc(MAX_COOKIE_LINE);
- if(line) {
- while(fgets(line, MAX_COOKIE_LINE, fp)) {
- if(checkprefix("Set-Cookie:", line)) {
- /* This is a cookie line, get it! */
- lineptr=&line[11];
- headerline=TRUE;
- }
- else {
- lineptr=line;
- headerline=FALSE;
- }
- while(*lineptr && ISBLANK(*lineptr))
- lineptr++;
-
- Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL);
+ line = malloc(MAX_COOKIE_LINE);
+ if(!line)
+ goto fail;
+ while(get_line(line, MAX_COOKIE_LINE, fp)) {
+ if(checkprefix("Set-Cookie:", line)) {
+ /* This is a cookie line, get it! */
+ lineptr = &line[11];
+ headerline = TRUE;
+ }
+ else {
+ lineptr = line;
+ headerline = FALSE;
}
- free(line); /* free the line buffer */
+ while(*lineptr && ISBLANK(*lineptr))
+ lineptr++;
+
+ Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL);
}
+ free(line); /* free the line buffer */
+
if(fromfile)
fclose(fp);
}
@@ -906,6 +1040,16 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
c->running = TRUE; /* now, we're running */
return c;
+
+fail:
+ free(line);
+ if(!inc)
+ /* Only clean up if we allocated it here, as the original could still be in
+ * use by a share handle */
+ Curl_cookie_cleanup(c);
+ if(fromfile && fp)
+ fclose(fp);
+ return NULL; /* out of memory */
}
/* sort this so that the longest path gets before the shorter path */
@@ -937,6 +1081,40 @@ static int cookie_sort(const void *p1, const void *p2)
return 0;
}
+#define CLONE(field) \
+ do { \
+ if(src->field) { \
+ d->field = strdup(src->field); \
+ if(!d->field) \
+ goto fail; \
+ } \
+ } while(0)
+
+static struct Cookie *dup_cookie(struct Cookie *src)
+{
+ struct Cookie *d = calloc(sizeof(struct Cookie), 1);
+ if(d) {
+ CLONE(expirestr);
+ CLONE(domain);
+ CLONE(path);
+ CLONE(spath);
+ CLONE(name);
+ CLONE(value);
+ CLONE(maxage);
+ CLONE(version);
+ d->expires = src->expires;
+ d->tailmatch = src->tailmatch;
+ d->secure = src->secure;
+ d->livecookie = src->livecookie;
+ d->httponly = src->httponly;
+ }
+ return d;
+
+ fail:
+ freecookie(d);
+ return NULL;
+}
+
/*****************************************************************************
*
* Curl_cookie_getlist()
@@ -956,8 +1134,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
struct Cookie *newco;
struct Cookie *co;
time_t now = time(NULL);
- struct Cookie *mainco=NULL;
+ struct Cookie *mainco = NULL;
size_t matches = 0;
+ bool is_ip;
if(!c || !c->cookies)
return NULL; /* no cookie struct or no cookies in the struct */
@@ -965,6 +1144,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
/* at first, remove expired cookies */
remove_expired(c);
+ /* check if host is an IP(v4|v6) address */
+ is_ip = isip(host);
+
co = c->cookies;
while(co) {
@@ -976,8 +1158,8 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
/* now check if the domain is correct */
if(!co->domain ||
- (co->tailmatch && tailmatch(co->domain, host)) ||
- (!co->tailmatch && Curl_raw_equal(host, co->domain)) ) {
+ (co->tailmatch && !is_ip && tailmatch(co->domain, host)) ||
+ ((!co->tailmatch || is_ip) && strcasecompare(host, co->domain)) ) {
/* the right part of the host matches the domain stuff in the
cookie data */
@@ -988,11 +1170,8 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
/* and now, we know this is a match and we should create an
entry for the return-linked-list */
- newco = malloc(sizeof(struct Cookie));
+ newco = dup_cookie(co);
if(newco) {
- /* first, copy the whole source cookie: */
- memcpy(newco, co, sizeof(struct Cookie));
-
/* then modify our next */
newco->next = mainco;
@@ -1004,12 +1183,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
else {
fail:
/* failure, clear up the allocated chain and return NULL */
- while(mainco) {
- co = mainco->next;
- free(mainco);
- mainco = co;
- }
-
+ Curl_cookie_freelist(mainco);
return NULL;
}
}
@@ -1032,7 +1206,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
co = mainco;
- for(i=0; co; co = co->next)
+ for(i = 0; co; co = co->next)
array[i++] = co;
/* now sort the cookie pointers in path length order */
@@ -1041,8 +1215,8 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
/* remake the linked list order according to the new order */
mainco = array[0]; /* start here */
- for(i=0; i<matches-1; i++)
- array[i]->next = array[i+1];
+ for(i = 0; i<matches-1; i++)
+ array[i]->next = array[i + 1];
array[matches-1]->next = NULL; /* terminate the list */
free(array); /* remove the temporary data again */
@@ -1061,7 +1235,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
void Curl_cookie_clearall(struct CookieInfo *cookies)
{
if(cookies) {
- Curl_cookie_freelist(cookies->cookies, TRUE);
+ Curl_cookie_freelist(cookies->cookies);
cookies->cookies = NULL;
cookies->numcookies = 0;
}
@@ -1073,24 +1247,15 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
*
* Free a list of cookies previously returned by Curl_cookie_getlist();
*
- * The 'cookiestoo' argument tells this function whether to just free the
- * list or actually also free all cookies within the list as well.
- *
****************************************************************************/
-void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
+void Curl_cookie_freelist(struct Cookie *co)
{
struct Cookie *next;
- if(co) {
- while(co) {
- next = co->next;
- if(cookiestoo)
- freecookie(co);
- else
- free(co); /* we only free the struct since the "members" are all just
- pointed out in the main cookie list! */
- co = next;
- }
+ while(co) {
+ next = co->next;
+ freecookie(co);
+ co = next;
}
}
@@ -1137,23 +1302,14 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
*
* Curl_cookie_cleanup()
*
- * Free a "cookie object" previous created with cookie_init().
+ * Free a "cookie object" previous created with Curl_cookie_init().
*
****************************************************************************/
void Curl_cookie_cleanup(struct CookieInfo *c)
{
- struct Cookie *co;
- struct Cookie *next;
if(c) {
- if(c->filename)
- free(c->filename);
- co = c->cookies;
-
- while(co) {
- next = co->next;
- freecookie(co);
- co = next;
- }
+ free(c->filename);
+ Curl_cookie_freelist(c->cookies);
free(c); /* free the base struct as well */
}
}
@@ -1172,7 +1328,7 @@ static char *get_netscape_format(const struct Cookie *co)
"%s\t" /* tailmatch */
"%s\t" /* path */
"%s\t" /* secure */
- "%" FORMAT_OFF_T "\t" /* expires */
+ "%" CURL_FORMAT_CURL_OFF_T "\t" /* expires */
"%s\t" /* name */
"%s", /* value */
co->httponly?"#HttpOnly_":"",
@@ -1200,7 +1356,8 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
{
struct Cookie *co;
FILE *out;
- bool use_stdout=FALSE;
+ bool use_stdout = FALSE;
+ char *format_ptr;
if((NULL == c) || (0 == c->numcookies))
/* If there are no known cookies, we don't write or even create any
@@ -1210,38 +1367,34 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
/* at first, remove expired cookies */
remove_expired(c);
- if(strequal("-", dumphere)) {
+ if(!strcmp("-", dumphere)) {
/* use stdout */
out = stdout;
- use_stdout=TRUE;
+ use_stdout = TRUE;
}
else {
- out = fopen(dumphere, "w");
+ out = fopen(dumphere, FOPEN_WRITETEXT);
if(!out)
return 1; /* failure */
}
- if(c) {
- char *format_ptr;
-
- fputs("# Netscape HTTP Cookie File\n"
- "# http://curl.haxx.se/docs/http-cookies.html\n"
- "# This file was generated by libcurl! Edit at your own risk.\n\n",
- out);
- co = c->cookies;
-
- while(co) {
- format_ptr = get_netscape_format(co);
- if(format_ptr == NULL) {
- fprintf(out, "#\n# Fatal libcurl error\n");
- if(!use_stdout)
- fclose(out);
- return 1;
- }
- fprintf(out, "%s\n", format_ptr);
- free(format_ptr);
- co=co->next;
+ fputs("# Netscape HTTP Cookie File\n"
+ "# https://curl.haxx.se/docs/http-cookies.html\n"
+ "# This file was generated by libcurl! Edit at your own risk.\n\n",
+ out);
+
+ for(co = c->cookies; co; co = co->next) {
+ if(!co->domain)
+ continue;
+ format_ptr = get_netscape_format(co);
+ if(format_ptr == NULL) {
+ fprintf(out, "#\n# Fatal libcurl error\n");
+ if(!use_stdout)
+ fclose(out);
+ return 1;
}
+ fprintf(out, "%s\n", format_ptr);
+ free(format_ptr);
}
if(!use_stdout)
@@ -1250,7 +1403,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
return 0;
}
-struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
+static struct curl_slist *cookie_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
struct curl_slist *beg;
@@ -1261,10 +1414,9 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
(data->cookies->numcookies == 0))
return NULL;
- c = data->cookies->cookies;
-
- while(c) {
- /* fill the list with _all_ the cookies we know */
+ for(c = data->cookies->cookies; c; c = c->next) {
+ if(!c->domain)
+ continue;
line = get_netscape_format(c);
if(!line) {
curl_slist_free_all(list);
@@ -1277,13 +1429,21 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
return NULL;
}
list = beg;
- c = c->next;
}
return list;
}
-void Curl_flush_cookies(struct SessionHandle *data, int cleanup)
+struct curl_slist *Curl_cookie_list(struct Curl_easy *data)
+{
+ struct curl_slist *list;
+ Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+ list = cookie_list(data);
+ Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+ return list;
+}
+
+void Curl_flush_cookies(struct Curl_easy *data, int cleanup)
{
if(data->set.str[STRING_COOKIEJAR]) {
if(data->change.cookielist) {
diff --git a/libs/libcurl/src/cookie.h b/libs/libcurl/src/cookie.h
index bd890827c7..cb50b71c6a 100644
--- a/libs/libcurl/src/cookie.h
+++ b/libs/libcurl/src/cookie.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -62,27 +62,30 @@ struct CookieInfo {
that comprise the cookie non-terminal in the syntax description of the
Set-Cookie header)"
+ We allow max 5000 bytes cookie header. Max 4095 bytes length per cookie
+ name and value. Name + value may not exceed 4096 bytes.
+
*/
#define MAX_COOKIE_LINE 5000
#define MAX_COOKIE_LINE_TXT "4999"
-/* This is the maximum length of a cookie name we deal with: */
-#define MAX_NAME 1024
-#define MAX_NAME_TXT "1023"
+/* This is the maximum length of a cookie name or content we deal with: */
+#define MAX_NAME 4096
+#define MAX_NAME_TXT "4095"
-struct SessionHandle;
+struct Curl_easy;
/*
* Add a cookie to the internal list of cookies. The domain and path arguments
* are only used if the header boolean is TRUE.
*/
-struct Cookie *Curl_cookie_add(struct SessionHandle *data,
+struct Cookie *Curl_cookie_add(struct Curl_easy *data,
struct CookieInfo *, bool header, char *lineptr,
const char *domain, const char *path);
struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
const char *, bool);
-void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
+void Curl_cookie_freelist(struct Cookie *cookies);
void Curl_cookie_clearall(struct CookieInfo *cookies);
void Curl_cookie_clearsess(struct CookieInfo *cookies);
@@ -93,12 +96,12 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies);
#define Curl_cookie_cleanup(x) Curl_nop_stmt
#define Curl_flush_cookies(x,y) Curl_nop_stmt
#else
-void Curl_flush_cookies(struct SessionHandle *data, int cleanup);
+void Curl_flush_cookies(struct Curl_easy *data, int cleanup);
void Curl_cookie_cleanup(struct CookieInfo *);
-struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
+struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
const char *, struct CookieInfo *, bool);
-struct curl_slist *Curl_cookie_list(struct SessionHandle *data);
-void Curl_cookie_loadfiles(struct SessionHandle *data);
+struct curl_slist *Curl_cookie_list(struct Curl_easy *data);
+void Curl_cookie_loadfiles(struct Curl_easy *data);
#endif
#endif /* HEADER_CURL_COOKIE_H */
diff --git a/libs/libcurl/src/curl_addrinfo.c b/libs/libcurl/src/curl_addrinfo.c
index 10652c642c..6eb28bbcb6 100644
--- a/libs/libcurl/src/curl_addrinfo.c
+++ b/libs/libcurl/src/curl_addrinfo.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -33,6 +33,9 @@
#ifdef HAVE_ARPA_INET_H
# include <arpa/inet.h>
#endif
+#ifdef HAVE_SYS_UN_H
+# include <sys/un.h>
+#endif
#ifdef __VMS
# include <in.h>
@@ -44,18 +47,16 @@
# define in_addr_t unsigned long
#endif
+#include <stddef.h>
+
#include "curl_addrinfo.h"
#include "inet_pton.h"
#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
-
/*
* Curl_freeaddrinfo()
*
@@ -80,13 +81,8 @@ Curl_freeaddrinfo(Curl_addrinfo *cahead)
Curl_addrinfo *ca;
for(ca = cahead; ca != NULL; ca = canext) {
-
- if(ca->ai_addr)
- free(ca->ai_addr);
-
- if(ca->ai_canonname)
- free(ca->ai_canonname);
-
+ free(ca->ai_addr);
+ free(ca->ai_canonname);
canext = ca->ai_next;
free(ca);
@@ -152,7 +148,8 @@ Curl_getaddrinfo_ex(const char *nodename,
if((size_t)ai->ai_addrlen < ss_size)
continue;
- if((ca = malloc(sizeof(Curl_addrinfo))) == NULL) {
+ ca = malloc(sizeof(Curl_addrinfo));
+ if(!ca) {
error = EAI_MEMORY;
break;
}
@@ -169,7 +166,8 @@ Curl_getaddrinfo_ex(const char *nodename,
ca->ai_canonname = NULL;
ca->ai_next = NULL;
- if((ca->ai_addr = malloc(ss_size)) == NULL) {
+ ca->ai_addr = malloc(ss_size);
+ if(!ca->ai_addr) {
error = EAI_MEMORY;
free(ca);
break;
@@ -177,7 +175,8 @@ Curl_getaddrinfo_ex(const char *nodename,
memcpy(ca->ai_addr, ai->ai_addr, ss_size);
if(ai->ai_canonname != NULL) {
- if((ca->ai_canonname = strdup(ai->ai_canonname)) == NULL) {
+ ca->ai_canonname = strdup(ai->ai_canonname);
+ if(!ca->ai_canonname) {
error = EAI_MEMORY;
free(ca->ai_addr);
free(ca);
@@ -287,26 +286,29 @@ Curl_he2ai(const struct hostent *he, int port)
DEBUGASSERT((he->h_name != NULL) && (he->h_addr_list != NULL));
- for(i=0; (curr = he->h_addr_list[i]) != NULL; i++) {
+ for(i = 0; (curr = he->h_addr_list[i]) != NULL; i++) {
size_t ss_size;
#ifdef ENABLE_IPV6
if(he->h_addrtype == AF_INET6)
- ss_size = sizeof (struct sockaddr_in6);
+ ss_size = sizeof(struct sockaddr_in6);
else
#endif
- ss_size = sizeof (struct sockaddr_in);
+ ss_size = sizeof(struct sockaddr_in);
- if((ai = calloc(1, sizeof(Curl_addrinfo))) == NULL) {
+ ai = calloc(1, sizeof(Curl_addrinfo));
+ if(!ai) {
result = CURLE_OUT_OF_MEMORY;
break;
}
- if((ai->ai_canonname = strdup(he->h_name)) == NULL) {
+ ai->ai_canonname = strdup(he->h_name);
+ if(!ai->ai_canonname) {
result = CURLE_OUT_OF_MEMORY;
free(ai);
break;
}
- if((ai->ai_addr = calloc(1, ss_size)) == NULL) {
+ ai->ai_addr = calloc(1, ss_size);
+ if(!ai->ai_addr) {
result = CURLE_OUT_OF_MEMORY;
free(ai->ai_canonname);
free(ai);
@@ -331,7 +333,7 @@ Curl_he2ai(const struct hostent *he, int port)
/* leave the rest of the struct filled with zero */
- switch (ai->ai_family) {
+ switch(ai->ai_family) {
case AF_INET:
addr = (void *)ai->ai_addr; /* storage area for this info */
@@ -354,7 +356,7 @@ Curl_he2ai(const struct hostent *he, int port)
prevai = ai;
}
- if(result != CURLE_OK) {
+ if(result) {
Curl_freeaddrinfo(firstai);
firstai = NULL;
}
@@ -467,7 +469,7 @@ Curl_addrinfo *Curl_str2addr(char *address, int port)
/* This is a dotted IP address 123.123.123.123-style */
return Curl_ip2addr(AF_INET, &in, address, port);
#ifdef ENABLE_IPV6
- else {
+ {
struct in6_addr in6;
if(Curl_inet_pton(AF_INET6, address, &in6) > 0)
/* This is a dotted IPv6 address ::1-style */
@@ -477,6 +479,56 @@ Curl_addrinfo *Curl_str2addr(char *address, int port)
return NULL; /* bad input format */
}
+#ifdef USE_UNIX_SOCKETS
+/**
+ * Given a path to a Unix domain socket, return a newly allocated Curl_addrinfo
+ * struct initialized with this path.
+ * Set '*longpath' to TRUE if the error is a too long path.
+ */
+Curl_addrinfo *Curl_unix2addr(const char *path, bool *longpath, bool abstract)
+{
+ Curl_addrinfo *ai;
+ struct sockaddr_un *sa_un;
+ size_t path_len;
+
+ *longpath = FALSE;
+
+ ai = calloc(1, sizeof(Curl_addrinfo));
+ if(!ai)
+ return NULL;
+ ai->ai_addr = calloc(1, sizeof(struct sockaddr_un));
+ if(!ai->ai_addr) {
+ free(ai);
+ return NULL;
+ }
+
+ sa_un = (void *) ai->ai_addr;
+ sa_un->sun_family = AF_UNIX;
+
+ /* sun_path must be able to store the NUL-terminated path */
+ path_len = strlen(path) + 1;
+ if(path_len > sizeof(sa_un->sun_path)) {
+ free(ai->ai_addr);
+ free(ai);
+ *longpath = TRUE;
+ return NULL;
+ }
+
+ ai->ai_family = AF_UNIX;
+ ai->ai_socktype = SOCK_STREAM; /* assume reliable transport for HTTP */
+ ai->ai_addrlen = (curl_socklen_t)
+ ((offsetof(struct sockaddr_un, sun_path) + path_len) & 0x7FFFFFFF);
+
+ /* Abstract Unix domain socket have NULL prefix instead of suffix */
+ if(abstract)
+ memcpy(sa_un->sun_path + 1, path, path_len - 1);
+ else
+ memcpy(sa_un->sun_path, path, path_len); /* copy NUL byte */
+
+ return ai;
+}
+#endif
+
#if defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO)
/*
* curl_dofreeaddrinfo()
@@ -490,7 +542,11 @@ void
curl_dofreeaddrinfo(struct addrinfo *freethis,
int line, const char *source)
{
+#ifdef USE_LWIPSOCK
+ lwip_freeaddrinfo(freethis);
+#else
(freeaddrinfo)(freethis);
+#endif
curl_memlog("ADDR %s:%d freeaddrinfo(%p)\n",
source, line, (void *)freethis);
}
@@ -513,7 +569,11 @@ curl_dogetaddrinfo(const char *hostname,
struct addrinfo **result,
int line, const char *source)
{
- int res=(getaddrinfo)(hostname, service, hints, result);
+#ifdef USE_LWIPSOCK
+ int res = lwip_getaddrinfo(hostname, service, hints, result);
+#else
+ int res = (getaddrinfo)(hostname, service, hints, result);
+#endif
if(0 == res)
/* success */
curl_memlog("ADDR %s:%d getaddrinfo() = %p\n",
@@ -525,3 +585,32 @@ curl_dogetaddrinfo(const char *hostname,
}
#endif /* defined(CURLDEBUG) && defined(HAVE_GETADDRINFO) */
+#if defined(HAVE_GETADDRINFO) && defined(USE_RESOLVE_ON_IPS)
+/*
+ * Work-arounds the sin6_port is always zero bug on iOS 9.3.2 and Mac OS X
+ * 10.11.5.
+ */
+void Curl_addrinfo_set_port(Curl_addrinfo *addrinfo, int port)
+{
+ Curl_addrinfo *ca;
+ struct sockaddr_in *addr;
+#ifdef ENABLE_IPV6
+ struct sockaddr_in6 *addr6;
+#endif
+ for(ca = addrinfo; ca != NULL; ca = ca->ai_next) {
+ switch(ca->ai_family) {
+ case AF_INET:
+ addr = (void *)ca->ai_addr; /* storage area for this info */
+ addr->sin_port = htons((unsigned short)port);
+ break;
+
+#ifdef ENABLE_IPV6
+ case AF_INET6:
+ addr6 = (void *)ca->ai_addr; /* storage area for this info */
+ addr6->sin6_port = htons((unsigned short)port);
+ break;
+#endif
+ }
+ }
+}
+#endif
diff --git a/libs/libcurl/src/curl_addrinfo.h b/libs/libcurl/src/curl_addrinfo.h
index 6d2b753eb3..8f6f3d1064 100644
--- a/libs/libcurl/src/curl_addrinfo.h
+++ b/libs/libcurl/src/curl_addrinfo.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -79,7 +79,12 @@ Curl_ip2addr(int af, const void *inaddr, const char *hostname, int port);
Curl_addrinfo *Curl_str2addr(char *dotted, int port);
-#if defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO)
+#ifdef USE_UNIX_SOCKETS
+Curl_addrinfo *Curl_unix2addr(const char *path, bool *longpath, bool abstract);
+#endif
+
+#if defined(CURLDEBUG) && defined(HAVE_GETADDRINFO) && \
+ defined(HAVE_FREEADDRINFO)
void
curl_dofreeaddrinfo(struct addrinfo *freethis,
int line, const char *source);
@@ -94,4 +99,12 @@ curl_dogetaddrinfo(const char *hostname,
int line, const char *source);
#endif
+#ifdef HAVE_GETADDRINFO
+#ifdef USE_RESOLVE_ON_IPS
+void Curl_addrinfo_set_port(Curl_addrinfo *addrinfo, int port);
+#else
+#define Curl_addrinfo_set_port(x,y)
+#endif
+#endif
+
#endif /* HEADER_CURL_ADDRINFO_H */
diff --git a/libs/libcurl/src/curl_base64.h b/libs/libcurl/src/curl_base64.h
index 6e200d2ec4..7e9fc26062 100644
--- a/libs/libcurl/src/curl_base64.h
+++ b/libs/libcurl/src/curl_base64.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,9 +22,12 @@
*
***************************************************************************/
-CURLcode Curl_base64_encode(struct SessionHandle *data,
+CURLcode Curl_base64_encode(struct Curl_easy *data,
const char *inputbuff, size_t insize,
char **outptr, size_t *outlen);
+CURLcode Curl_base64url_encode(struct Curl_easy *data,
+ const char *inputbuff, size_t insize,
+ char **outptr, size_t *outlen);
CURLcode Curl_base64_decode(const char *src,
unsigned char **outptr, size_t *outlen);
diff --git a/libs/libcurl/src/curl_config.h.cmake b/libs/libcurl/src/curl_config.h.cmake
new file mode 100644
index 0000000000..e4d14c784b
--- /dev/null
+++ b/libs/libcurl/src/curl_config.h.cmake
@@ -0,0 +1,1005 @@
+/* lib/curl_config.h.in. Generated somehow by cmake. */
+
+/* when building libcurl itself */
+#cmakedefine BUILDING_LIBCURL 1
+
+/* Location of default ca bundle */
+#cmakedefine CURL_CA_BUNDLE "${CURL_CA_BUNDLE}"
+
+/* define "1" to use built-in ca store of TLS backend */
+#cmakedefine CURL_CA_FALLBACK 1
+
+/* Location of default ca path */
+#cmakedefine CURL_CA_PATH "${CURL_CA_PATH}"
+
+/* to disable cookies support */
+#cmakedefine CURL_DISABLE_COOKIES 1
+
+/* to disable cryptographic authentication */
+#cmakedefine CURL_DISABLE_CRYPTO_AUTH 1
+
+/* to disable DICT */
+#cmakedefine CURL_DISABLE_DICT 1
+
+/* to disable FILE */
+#cmakedefine CURL_DISABLE_FILE 1
+
+/* to disable FTP */
+#cmakedefine CURL_DISABLE_FTP 1
+
+/* to disable GOPHER */
+#cmakedefine CURL_DISABLE_GOPHER 1
+
+/* to disable IMAP */
+#cmakedefine CURL_DISABLE_IMAP 1
+
+/* to disable HTTP */
+#cmakedefine CURL_DISABLE_HTTP 1
+
+/* to disable LDAP */
+#cmakedefine CURL_DISABLE_LDAP 1
+
+/* to disable LDAPS */
+#cmakedefine CURL_DISABLE_LDAPS 1
+
+/* to disable POP3 */
+#cmakedefine CURL_DISABLE_POP3 1
+
+/* to disable proxies */
+#cmakedefine CURL_DISABLE_PROXY 1
+
+/* to disable RTSP */
+#cmakedefine CURL_DISABLE_RTSP 1
+
+/* to disable SMB */
+#cmakedefine CURL_DISABLE_SMB 1
+
+/* to disable SMTP */
+#cmakedefine CURL_DISABLE_SMTP 1
+
+/* to disable TELNET */
+#cmakedefine CURL_DISABLE_TELNET 1
+
+/* to disable TFTP */
+#cmakedefine CURL_DISABLE_TFTP 1
+
+/* to disable verbose strings */
+#cmakedefine CURL_DISABLE_VERBOSE_STRINGS 1
+
+/* to make a symbol visible */
+#cmakedefine CURL_EXTERN_SYMBOL ${CURL_EXTERN_SYMBOL}
+/* Ensure using CURL_EXTERN_SYMBOL is possible */
+#ifndef CURL_EXTERN_SYMBOL
+#define CURL_EXTERN_SYMBOL
+#endif
+
+/* Use Windows LDAP implementation */
+#cmakedefine USE_WIN32_LDAP 1
+
+/* when not building a shared library */
+#cmakedefine CURL_STATICLIB 1
+
+/* your Entropy Gathering Daemon socket pathname */
+#cmakedefine EGD_SOCKET ${EGD_SOCKET}
+
+/* Define if you want to enable IPv6 support */
+#cmakedefine ENABLE_IPV6 1
+
+/* Define to the type qualifier of arg 1 for getnameinfo. */
+#cmakedefine GETNAMEINFO_QUAL_ARG1 ${GETNAMEINFO_QUAL_ARG1}
+
+/* Define to the type of arg 1 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG1 ${GETNAMEINFO_TYPE_ARG1}
+
+/* Define to the type of arg 2 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG2 ${GETNAMEINFO_TYPE_ARG2}
+
+/* Define to the type of args 4 and 6 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG46 ${GETNAMEINFO_TYPE_ARG46}
+
+/* Define to the type of arg 7 for getnameinfo. */
+#cmakedefine GETNAMEINFO_TYPE_ARG7 ${GETNAMEINFO_TYPE_ARG7}
+
+/* Specifies the number of arguments to getservbyport_r */
+#cmakedefine GETSERVBYPORT_R_ARGS ${GETSERVBYPORT_R_ARGS}
+
+/* Specifies the size of the buffer to pass to getservbyport_r */
+#cmakedefine GETSERVBYPORT_R_BUFSIZE ${GETSERVBYPORT_R_BUFSIZE}
+
+/* Define to 1 if you have the alarm function. */
+#cmakedefine HAVE_ALARM 1
+
+/* Define to 1 if you have the <alloca.h> header file. */
+#cmakedefine HAVE_ALLOCA_H 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#cmakedefine HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the <arpa/tftp.h> header file. */
+#cmakedefine HAVE_ARPA_TFTP_H 1
+
+/* Define to 1 if you have the <assert.h> header file. */
+#cmakedefine HAVE_ASSERT_H 1
+
+/* Define to 1 if you have the `basename' function. */
+#cmakedefine HAVE_BASENAME 1
+
+/* Define to 1 if bool is an available type. */
+#cmakedefine HAVE_BOOL_T 1
+
+/* Define to 1 if you have the clock_gettime function and monotonic timer. */
+#cmakedefine HAVE_CLOCK_GETTIME_MONOTONIC 1
+
+/* Define to 1 if you have the `closesocket' function. */
+#cmakedefine HAVE_CLOSESOCKET 1
+
+/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
+#cmakedefine HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
+
+/* Define to 1 if you have the <crypto.h> header file. */
+#cmakedefine HAVE_CRYPTO_H 1
+
+/* Define to 1 if you have the <des.h> header file. */
+#cmakedefine HAVE_DES_H 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#cmakedefine HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
+#cmakedefine HAVE_ENGINE_LOAD_BUILTIN_ENGINES 1
+
+/* Define to 1 if you have the <errno.h> header file. */
+#cmakedefine HAVE_ERRNO_H 1
+
+/* Define to 1 if you have the <err.h> header file. */
+#cmakedefine HAVE_ERR_H 1
+
+/* Define to 1 if you have the fcntl function. */
+#cmakedefine HAVE_FCNTL 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#cmakedefine HAVE_FCNTL_H 1
+
+/* Define to 1 if you have a working fcntl O_NONBLOCK function. */
+#cmakedefine HAVE_FCNTL_O_NONBLOCK 1
+
+/* Define to 1 if you have the fdopen function. */
+#cmakedefine HAVE_FDOPEN 1
+
+/* Define to 1 if you have the `fork' function. */
+#cmakedefine HAVE_FORK 1
+
+/* Define to 1 if you have the freeaddrinfo function. */
+#cmakedefine HAVE_FREEADDRINFO 1
+
+/* Define to 1 if you have the freeifaddrs function. */
+#cmakedefine HAVE_FREEIFADDRS 1
+
+/* Define to 1 if you have the ftruncate function. */
+#cmakedefine HAVE_FTRUNCATE 1
+
+/* Define to 1 if you have a working getaddrinfo function. */
+#cmakedefine HAVE_GETADDRINFO 1
+
+/* Define to 1 if you have the `geteuid' function. */
+#cmakedefine HAVE_GETEUID 1
+
+/* Define to 1 if you have the gethostbyaddr function. */
+#cmakedefine HAVE_GETHOSTBYADDR 1
+
+/* Define to 1 if you have the gethostbyaddr_r function. */
+#cmakedefine HAVE_GETHOSTBYADDR_R 1
+
+/* gethostbyaddr_r() takes 5 args */
+#cmakedefine HAVE_GETHOSTBYADDR_R_5 1
+
+/* gethostbyaddr_r() takes 7 args */
+#cmakedefine HAVE_GETHOSTBYADDR_R_7 1
+
+/* gethostbyaddr_r() takes 8 args */
+#cmakedefine HAVE_GETHOSTBYADDR_R_8 1
+
+/* Define to 1 if you have the gethostbyname function. */
+#cmakedefine HAVE_GETHOSTBYNAME 1
+
+/* Define to 1 if you have the gethostbyname_r function. */
+#cmakedefine HAVE_GETHOSTBYNAME_R 1
+
+/* gethostbyname_r() takes 3 args */
+#cmakedefine HAVE_GETHOSTBYNAME_R_3 1
+
+/* gethostbyname_r() takes 5 args */
+#cmakedefine HAVE_GETHOSTBYNAME_R_5 1
+
+/* gethostbyname_r() takes 6 args */
+#cmakedefine HAVE_GETHOSTBYNAME_R_6 1
+
+/* Define to 1 if you have the gethostname function. */
+#cmakedefine HAVE_GETHOSTNAME 1
+
+/* Define to 1 if you have a working getifaddrs function. */
+#cmakedefine HAVE_GETIFADDRS 1
+
+/* Define to 1 if you have the getnameinfo function. */
+#cmakedefine HAVE_GETNAMEINFO 1
+
+/* Define to 1 if you have the `getpass_r' function. */
+#cmakedefine HAVE_GETPASS_R 1
+
+/* Define to 1 if you have the `getppid' function. */
+#cmakedefine HAVE_GETPPID 1
+
+/* Define to 1 if you have the `getprotobyname' function. */
+#cmakedefine HAVE_GETPROTOBYNAME 1
+
+/* Define to 1 if you have the `getpwuid' function. */
+#cmakedefine HAVE_GETPWUID 1
+
+/* Define to 1 if you have the `getrlimit' function. */
+#cmakedefine HAVE_GETRLIMIT 1
+
+/* Define to 1 if you have the getservbyport_r function. */
+#cmakedefine HAVE_GETSERVBYPORT_R 1
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#cmakedefine HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have a working glibc-style strerror_r function. */
+#cmakedefine HAVE_GLIBC_STRERROR_R 1
+
+/* Define to 1 if you have a working gmtime_r function. */
+#cmakedefine HAVE_GMTIME_R 1
+
+/* if you have the gssapi libraries */
+#cmakedefine HAVE_GSSAPI 1
+
+/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
+#cmakedefine HAVE_GSSAPI_GSSAPI_GENERIC_H 1
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+#cmakedefine HAVE_GSSAPI_GSSAPI_H 1
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#cmakedefine HAVE_GSSAPI_GSSAPI_KRB5_H 1
+
+/* if you have the GNU gssapi libraries */
+#cmakedefine HAVE_GSSGNU 1
+
+/* if you have the Heimdal gssapi libraries */
+#cmakedefine HAVE_GSSHEIMDAL 1
+
+/* if you have the MIT gssapi libraries */
+#cmakedefine HAVE_GSSMIT 1
+
+/* Define to 1 if you have the `idna_strerror' function. */
+#cmakedefine HAVE_IDNA_STRERROR 1
+
+/* Define to 1 if you have the `idn_free' function. */
+#cmakedefine HAVE_IDN_FREE 1
+
+/* Define to 1 if you have the <idn-free.h> header file. */
+#cmakedefine HAVE_IDN_FREE_H 1
+
+/* Define to 1 if you have the <ifaddrs.h> header file. */
+#cmakedefine HAVE_IFADDRS_H 1
+
+/* Define to 1 if you have the `inet_addr' function. */
+#cmakedefine HAVE_INET_ADDR 1
+
+/* Define to 1 if you have the inet_ntoa_r function. */
+#cmakedefine HAVE_INET_NTOA_R 1
+
+/* inet_ntoa_r() takes 2 args */
+#cmakedefine HAVE_INET_NTOA_R_2 1
+
+/* inet_ntoa_r() takes 3 args */
+#cmakedefine HAVE_INET_NTOA_R_3 1
+
+/* Define to 1 if you have a IPv6 capable working inet_ntop function. */
+#cmakedefine HAVE_INET_NTOP 1
+
+/* Define to 1 if you have a IPv6 capable working inet_pton function. */
+#cmakedefine HAVE_INET_PTON 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#cmakedefine HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the ioctl function. */
+#cmakedefine HAVE_IOCTL 1
+
+/* Define to 1 if you have the ioctlsocket function. */
+#cmakedefine HAVE_IOCTLSOCKET 1
+
+/* Define to 1 if you have the IoctlSocket camel case function. */
+#cmakedefine HAVE_IOCTLSOCKET_CAMEL 1
+
+/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function.
+ */
+#cmakedefine HAVE_IOCTLSOCKET_CAMEL_FIONBIO 1
+
+/* Define to 1 if you have a working ioctlsocket FIONBIO function. */
+#cmakedefine HAVE_IOCTLSOCKET_FIONBIO 1
+
+/* Define to 1 if you have a working ioctl FIONBIO function. */
+#cmakedefine HAVE_IOCTL_FIONBIO 1
+
+/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */
+#cmakedefine HAVE_IOCTL_SIOCGIFADDR 1
+
+/* Define to 1 if you have the <io.h> header file. */
+#cmakedefine HAVE_IO_H 1
+
+/* if you have the Kerberos4 libraries (including -ldes) */
+#cmakedefine HAVE_KRB4 1
+
+/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
+#cmakedefine HAVE_KRB_GET_OUR_IP_FOR_REALM 1
+
+/* Define to 1 if you have the <krb.h> header file. */
+#cmakedefine HAVE_KRB_H 1
+
+/* Define to 1 if you have the lber.h header file. */
+#cmakedefine HAVE_LBER_H 1
+
+/* Define to 1 if you have the ldapssl.h header file. */
+#cmakedefine HAVE_LDAPSSL_H 1
+
+/* Define to 1 if you have the ldap.h header file. */
+#cmakedefine HAVE_LDAP_H 1
+
+/* Use LDAPS implementation */
+#cmakedefine HAVE_LDAP_SSL 1
+
+/* Define to 1 if you have the ldap_ssl.h header file. */
+#cmakedefine HAVE_LDAP_SSL_H 1
+
+/* Define to 1 if you have the `ldap_url_parse' function. */
+#cmakedefine HAVE_LDAP_URL_PARSE 1
+
+/* Define to 1 if you have the <libgen.h> header file. */
+#cmakedefine HAVE_LIBGEN_H 1
+
+/* Define to 1 if you have the `idn' library (-lidn). */
+#cmakedefine HAVE_LIBIDN 1
+
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#cmakedefine HAVE_LIBRESOLV 1
+
+/* Define to 1 if you have the `resolve' library (-lresolve). */
+#cmakedefine HAVE_LIBRESOLVE 1
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#cmakedefine HAVE_LIBSOCKET 1
+
+/* Define to 1 if you have the `ssh2' library (-lssh2). */
+#cmakedefine HAVE_LIBSSH2 1
+
+/* Define to 1 if libssh2 provides `libssh2_version'. */
+#cmakedefine HAVE_LIBSSH2_VERSION 1
+
+/* Define to 1 if libssh2 provides `libssh2_init'. */
+#cmakedefine HAVE_LIBSSH2_INIT 1
+
+/* Define to 1 if libssh2 provides `libssh2_exit'. */
+#cmakedefine HAVE_LIBSSH2_EXIT 1
+
+/* Define to 1 if libssh2 provides `libssh2_scp_send64'. */
+#cmakedefine HAVE_LIBSSH2_SCP_SEND64 1
+
+/* Define to 1 if libssh2 provides `libssh2_session_handshake'. */
+#cmakedefine HAVE_LIBSSH2_SESSION_HANDSHAKE 1
+
+/* Define to 1 if you have the <libssh2.h> header file. */
+#cmakedefine HAVE_LIBSSH2_H 1
+
+/* Define to 1 if you have the `ssl' library (-lssl). */
+#cmakedefine HAVE_LIBSSL 1
+
+/* if zlib is available */
+#cmakedefine HAVE_LIBZ 1
+
+/* Define to 1 if you have the <limits.h> header file. */
+#cmakedefine HAVE_LIMITS_H 1
+
+/* if your compiler supports LL */
+#cmakedefine HAVE_LL 1
+
+/* Define to 1 if you have the <locale.h> header file. */
+#cmakedefine HAVE_LOCALE_H 1
+
+/* Define to 1 if you have a working localtime_r function. */
+#cmakedefine HAVE_LOCALTIME_R 1
+
+/* Define to 1 if the compiler supports the 'long long' data type. */
+#cmakedefine HAVE_LONGLONG 1
+
+/* Define to 1 if you have the malloc.h header file. */
+#cmakedefine HAVE_MALLOC_H 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#cmakedefine HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the MSG_NOSIGNAL flag. */
+#cmakedefine HAVE_MSG_NOSIGNAL 1
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#cmakedefine HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#cmakedefine HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#cmakedefine HAVE_NETINET_TCP_H 1
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#cmakedefine HAVE_NET_IF_H 1
+
+/* Define to 1 if NI_WITHSCOPEID exists and works. */
+#cmakedefine HAVE_NI_WITHSCOPEID 1
+
+/* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE */
+#cmakedefine HAVE_OLD_GSSMIT 1
+
+/* Define to 1 if you have the <openssl/crypto.h> header file. */
+#cmakedefine HAVE_OPENSSL_CRYPTO_H 1
+
+/* Define to 1 if you have the <openssl/engine.h> header file. */
+#cmakedefine HAVE_OPENSSL_ENGINE_H 1
+
+/* Define to 1 if you have the <openssl/err.h> header file. */
+#cmakedefine HAVE_OPENSSL_ERR_H 1
+
+/* Define to 1 if you have the <openssl/pem.h> header file. */
+#cmakedefine HAVE_OPENSSL_PEM_H 1
+
+/* Define to 1 if you have the <openssl/pkcs12.h> header file. */
+#cmakedefine HAVE_OPENSSL_PKCS12_H 1
+
+/* Define to 1 if you have the <openssl/rsa.h> header file. */
+#cmakedefine HAVE_OPENSSL_RSA_H 1
+
+/* Define to 1 if you have the <openssl/ssl.h> header file. */
+#cmakedefine HAVE_OPENSSL_SSL_H 1
+
+/* Define to 1 if you have the <openssl/x509.h> header file. */
+#cmakedefine HAVE_OPENSSL_X509_H 1
+
+/* Define to 1 if you have the <pem.h> header file. */
+#cmakedefine HAVE_PEM_H 1
+
+/* Define to 1 if you have the `perror' function. */
+#cmakedefine HAVE_PERROR 1
+
+/* Define to 1 if you have the `pipe' function. */
+#cmakedefine HAVE_PIPE 1
+
+/* Define to 1 if you have a working poll function. */
+#cmakedefine HAVE_POLL 1
+
+/* If you have a fine poll */
+#cmakedefine HAVE_POLL_FINE 1
+
+/* Define to 1 if you have the <poll.h> header file. */
+#cmakedefine HAVE_POLL_H 1
+
+/* Define to 1 if you have a working POSIX-style strerror_r function. */
+#cmakedefine HAVE_POSIX_STRERROR_R 1
+
+/* Define to 1 if you have the <pthread.h> header file */
+#cmakedefine HAVE_PTHREAD_H 1
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#cmakedefine HAVE_PWD_H 1
+
+/* Define to 1 if you have the `RAND_egd' function. */
+#cmakedefine HAVE_RAND_EGD 1
+
+/* Define to 1 if you have the `RAND_screen' function. */
+#cmakedefine HAVE_RAND_SCREEN 1
+
+/* Define to 1 if you have the `RAND_status' function. */
+#cmakedefine HAVE_RAND_STATUS 1
+
+/* Define to 1 if you have the recv function. */
+#cmakedefine HAVE_RECV 1
+
+/* Define to 1 if you have the recvfrom function. */
+#cmakedefine HAVE_RECVFROM 1
+
+/* Define to 1 if you have the <rsa.h> header file. */
+#cmakedefine HAVE_RSA_H 1
+
+/* Define to 1 if you have the select function. */
+#cmakedefine HAVE_SELECT 1
+
+/* Define to 1 if you have the send function. */
+#cmakedefine HAVE_SEND 1
+
+/* Define to 1 if you have the 'fsetxattr' function. */
+#cmakedefine HAVE_FSETXATTR 1
+
+/* fsetxattr() takes 5 args */
+#cmakedefine HAVE_FSETXATTR_5 1
+
+/* fsetxattr() takes 6 args */
+#cmakedefine HAVE_FSETXATTR_6 1
+
+/* Define to 1 if you have the <setjmp.h> header file. */
+#cmakedefine HAVE_SETJMP_H 1
+
+/* Define to 1 if you have the `setlocale' function. */
+#cmakedefine HAVE_SETLOCALE 1
+
+/* Define to 1 if you have the `setmode' function. */
+#cmakedefine HAVE_SETMODE 1
+
+/* Define to 1 if you have the `setrlimit' function. */
+#cmakedefine HAVE_SETRLIMIT 1
+
+/* Define to 1 if you have the setsockopt function. */
+#cmakedefine HAVE_SETSOCKOPT 1
+
+/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */
+#cmakedefine HAVE_SETSOCKOPT_SO_NONBLOCK 1
+
+/* Define to 1 if you have the <sgtty.h> header file. */
+#cmakedefine HAVE_SGTTY_H 1
+
+/* Define to 1 if you have the sigaction function. */
+#cmakedefine HAVE_SIGACTION 1
+
+/* Define to 1 if you have the siginterrupt function. */
+#cmakedefine HAVE_SIGINTERRUPT 1
+
+/* Define to 1 if you have the signal function. */
+#cmakedefine HAVE_SIGNAL 1
+
+/* Define to 1 if you have the <signal.h> header file. */
+#cmakedefine HAVE_SIGNAL_H 1
+
+/* Define to 1 if you have the sigsetjmp function or macro. */
+#cmakedefine HAVE_SIGSETJMP 1
+
+/* Define to 1 if sig_atomic_t is an available typedef. */
+#cmakedefine HAVE_SIG_ATOMIC_T 1
+
+/* Define to 1 if sig_atomic_t is already defined as volatile. */
+#cmakedefine HAVE_SIG_ATOMIC_T_VOLATILE 1
+
+/* Define to 1 if struct sockaddr_in6 has the sin6_scope_id member */
+#cmakedefine HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+
+/* Define to 1 if you have the `socket' function. */
+#cmakedefine HAVE_SOCKET 1
+
+/* Define to 1 if you have the `SSL_get_shutdown' function. */
+#cmakedefine HAVE_SSL_GET_SHUTDOWN 1
+
+/* Define to 1 if you have the <ssl.h> header file. */
+#cmakedefine HAVE_SSL_H 1
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#cmakedefine HAVE_STDBOOL_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#cmakedefine HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#cmakedefine HAVE_STDIO_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#cmakedefine HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the strcasecmp function. */
+#cmakedefine HAVE_STRCASECMP 1
+
+/* Define to 1 if you have the strcasestr function. */
+#cmakedefine HAVE_STRCASESTR 1
+
+/* Define to 1 if you have the strcmpi function. */
+#cmakedefine HAVE_STRCMPI 1
+
+/* Define to 1 if you have the strdup function. */
+#cmakedefine HAVE_STRDUP 1
+
+/* Define to 1 if you have the strerror_r function. */
+#cmakedefine HAVE_STRERROR_R 1
+
+/* Define to 1 if you have the stricmp function. */
+#cmakedefine HAVE_STRICMP 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#cmakedefine HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#cmakedefine HAVE_STRING_H 1
+
+/* Define to 1 if you have the strlcat function. */
+#cmakedefine HAVE_STRLCAT 1
+
+/* Define to 1 if you have the `strlcpy' function. */
+#cmakedefine HAVE_STRLCPY 1
+
+/* Define to 1 if you have the strncasecmp function. */
+#cmakedefine HAVE_STRNCASECMP 1
+
+/* Define to 1 if you have the strncmpi function. */
+#cmakedefine HAVE_STRNCMPI 1
+
+/* Define to 1 if you have the strnicmp function. */
+#cmakedefine HAVE_STRNICMP 1
+
+/* Define to 1 if you have the <stropts.h> header file. */
+#cmakedefine HAVE_STROPTS_H 1
+
+/* Define to 1 if you have the strstr function. */
+#cmakedefine HAVE_STRSTR 1
+
+/* Define to 1 if you have the strtok_r function. */
+#cmakedefine HAVE_STRTOK_R 1
+
+/* Define to 1 if you have the strtoll function. */
+#cmakedefine HAVE_STRTOLL 1
+
+/* if struct sockaddr_storage is defined */
+#cmakedefine HAVE_STRUCT_SOCKADDR_STORAGE 1
+
+/* Define to 1 if you have the timeval struct. */
+#cmakedefine HAVE_STRUCT_TIMEVAL 1
+
+/* Define to 1 if you have the <sys/filio.h> header file. */
+#cmakedefine HAVE_SYS_FILIO_H 1
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#cmakedefine HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#cmakedefine HAVE_SYS_PARAM_H 1
+
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#cmakedefine HAVE_SYS_POLL_H 1
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#cmakedefine HAVE_SYS_RESOURCE_H 1
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#cmakedefine HAVE_SYS_SELECT_H 1
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#cmakedefine HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#cmakedefine HAVE_SYS_SOCKIO_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#cmakedefine HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#cmakedefine HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#cmakedefine HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#cmakedefine HAVE_SYS_UIO_H 1
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#cmakedefine HAVE_SYS_UN_H 1
+
+/* Define to 1 if you have the <sys/utime.h> header file. */
+#cmakedefine HAVE_SYS_UTIME_H 1
+
+/* Define to 1 if you have the <termios.h> header file. */
+#cmakedefine HAVE_TERMIOS_H 1
+
+/* Define to 1 if you have the <termio.h> header file. */
+#cmakedefine HAVE_TERMIO_H 1
+
+/* Define to 1 if you have the <time.h> header file. */
+#cmakedefine HAVE_TIME_H 1
+
+/* Define to 1 if you have the <tld.h> header file. */
+#cmakedefine HAVE_TLD_H 1
+
+/* Define to 1 if you have the `tld_strerror' function. */
+#cmakedefine HAVE_TLD_STRERROR 1
+
+/* Define to 1 if you have the `uname' function. */
+#cmakedefine HAVE_UNAME 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#cmakedefine HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `utime' function. */
+#cmakedefine HAVE_UTIME 1
+
+/* Define to 1 if you have the <utime.h> header file. */
+#cmakedefine HAVE_UTIME_H 1
+
+/* Define to 1 if compiler supports C99 variadic macro style. */
+#cmakedefine HAVE_VARIADIC_MACROS_C99 1
+
+/* Define to 1 if compiler supports old gcc variadic macro style. */
+#cmakedefine HAVE_VARIADIC_MACROS_GCC 1
+
+/* Define to 1 if you have the winber.h header file. */
+#cmakedefine HAVE_WINBER_H 1
+
+/* Define to 1 if you have the windows.h header file. */
+#cmakedefine HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the winldap.h header file. */
+#cmakedefine HAVE_WINLDAP_H 1
+
+/* Define to 1 if you have the winsock2.h header file. */
+#cmakedefine HAVE_WINSOCK2_H 1
+
+/* Define to 1 if you have the winsock.h header file. */
+#cmakedefine HAVE_WINSOCK_H 1
+
+/* Define this symbol if your OS supports changing the contents of argv */
+#cmakedefine HAVE_WRITABLE_ARGV 1
+
+/* Define to 1 if you have the writev function. */
+#cmakedefine HAVE_WRITEV 1
+
+/* Define to 1 if you have the ws2tcpip.h header file. */
+#cmakedefine HAVE_WS2TCPIP_H 1
+
+/* Define to 1 if you have the <x509.h> header file. */
+#cmakedefine HAVE_X509_H 1
+
+/* Define if you have the <process.h> header file. */
+#cmakedefine HAVE_PROCESS_H 1
+
+/* if you have the zlib.h header file */
+#cmakedefine HAVE_ZLIB_H 1
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#cmakedefine LT_OBJDIR ${LT_OBJDIR}
+
+/* If you lack a fine basename() prototype */
+#cmakedefine NEED_BASENAME_PROTO 1
+
+/* Define to 1 if you need the lber.h header file even with ldap.h */
+#cmakedefine NEED_LBER_H 1
+
+/* Define to 1 if you need the malloc.h header file even with stdlib.h */
+#cmakedefine NEED_MALLOC_H 1
+
+/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */
+#cmakedefine NEED_REENTRANT 1
+
+/* cpu-machine-OS */
+#cmakedefine OS ${OS}
+
+/* Name of package */
+#cmakedefine PACKAGE ${PACKAGE}
+
+/* Define to the address where bug reports for this package should be sent. */
+#cmakedefine PACKAGE_BUGREPORT ${PACKAGE_BUGREPORT}
+
+/* Define to the full name of this package. */
+#cmakedefine PACKAGE_NAME ${PACKAGE_NAME}
+
+/* Define to the full name and version of this package. */
+#cmakedefine PACKAGE_STRING ${PACKAGE_STRING}
+
+/* Define to the one symbol short name of this package. */
+#cmakedefine PACKAGE_TARNAME ${PACKAGE_TARNAME}
+
+/* Define to the version of this package. */
+#cmakedefine PACKAGE_VERSION ${PACKAGE_VERSION}
+
+/* a suitable file to read random data from */
+#cmakedefine RANDOM_FILE "${RANDOM_FILE}"
+
+/* Define to the type of arg 1 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG1 ${RECVFROM_TYPE_ARG1}
+
+/* Define to the type pointed by arg 2 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG2 ${RECVFROM_TYPE_ARG2}
+
+/* Define to 1 if the type pointed by arg 2 for recvfrom is void. */
+#cmakedefine RECVFROM_TYPE_ARG2_IS_VOID 1
+
+/* Define to the type of arg 3 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG3 ${RECVFROM_TYPE_ARG3}
+
+/* Define to the type of arg 4 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG4 ${RECVFROM_TYPE_ARG4}
+
+/* Define to the type pointed by arg 5 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG5 ${RECVFROM_TYPE_ARG5}
+
+/* Define to 1 if the type pointed by arg 5 for recvfrom is void. */
+#cmakedefine RECVFROM_TYPE_ARG5_IS_VOID 1
+
+/* Define to the type pointed by arg 6 for recvfrom. */
+#cmakedefine RECVFROM_TYPE_ARG6 ${RECVFROM_TYPE_ARG6}
+
+/* Define to 1 if the type pointed by arg 6 for recvfrom is void. */
+#cmakedefine RECVFROM_TYPE_ARG6_IS_VOID 1
+
+/* Define to the function return type for recvfrom. */
+#cmakedefine RECVFROM_TYPE_RETV ${RECVFROM_TYPE_RETV}
+
+/* Define to the type of arg 1 for recv. */
+#cmakedefine RECV_TYPE_ARG1 ${RECV_TYPE_ARG1}
+
+/* Define to the type of arg 2 for recv. */
+#cmakedefine RECV_TYPE_ARG2 ${RECV_TYPE_ARG2}
+
+/* Define to the type of arg 3 for recv. */
+#cmakedefine RECV_TYPE_ARG3 ${RECV_TYPE_ARG3}
+
+/* Define to the type of arg 4 for recv. */
+#cmakedefine RECV_TYPE_ARG4 ${RECV_TYPE_ARG4}
+
+/* Define to the function return type for recv. */
+#cmakedefine RECV_TYPE_RETV ${RECV_TYPE_RETV}
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#cmakedefine RETSIGTYPE ${RETSIGTYPE}
+
+/* Define to the type qualifier of arg 5 for select. */
+#cmakedefine SELECT_QUAL_ARG5 ${SELECT_QUAL_ARG5}
+
+/* Define to the type of arg 1 for select. */
+#cmakedefine SELECT_TYPE_ARG1 ${SELECT_TYPE_ARG1}
+
+/* Define to the type of args 2, 3 and 4 for select. */
+#cmakedefine SELECT_TYPE_ARG234 ${SELECT_TYPE_ARG234}
+
+/* Define to the type of arg 5 for select. */
+#cmakedefine SELECT_TYPE_ARG5 ${SELECT_TYPE_ARG5}
+
+/* Define to the function return type for select. */
+#cmakedefine SELECT_TYPE_RETV ${SELECT_TYPE_RETV}
+
+/* Define to the type qualifier of arg 2 for send. */
+#cmakedefine SEND_QUAL_ARG2 ${SEND_QUAL_ARG2}
+
+/* Define to the type of arg 1 for send. */
+#cmakedefine SEND_TYPE_ARG1 ${SEND_TYPE_ARG1}
+
+/* Define to the type of arg 2 for send. */
+#cmakedefine SEND_TYPE_ARG2 ${SEND_TYPE_ARG2}
+
+/* Define to the type of arg 3 for send. */
+#cmakedefine SEND_TYPE_ARG3 ${SEND_TYPE_ARG3}
+
+/* Define to the type of arg 4 for send. */
+#cmakedefine SEND_TYPE_ARG4 ${SEND_TYPE_ARG4}
+
+/* Define to the function return type for send. */
+#cmakedefine SEND_TYPE_RETV ${SEND_TYPE_RETV}
+
+/* The size of `int', as computed by sizeof. */
+#cmakedefine SIZEOF_INT ${SIZEOF_INT}
+
+/* The size of `short', as computed by sizeof. */
+#cmakedefine SIZEOF_SHORT ${SIZEOF_SHORT}
+
+/* The size of `long', as computed by sizeof. */
+#cmakedefine SIZEOF_LONG ${SIZEOF_LONG}
+
+/* The size of `off_t', as computed by sizeof. */
+#cmakedefine SIZEOF_OFF_T ${SIZEOF_OFF_T}
+
+/* The size of `curl_off_t', as computed by sizeof. */
+#cmakedefine SIZEOF_CURL_OFF_T ${SIZEOF_CURL_OFF_T}
+
+/* The size of `size_t', as computed by sizeof. */
+#cmakedefine SIZEOF_SIZE_T ${SIZEOF_SIZE_T}
+
+/* The size of `time_t', as computed by sizeof. */
+#cmakedefine SIZEOF_TIME_T ${SIZEOF_TIME_T}
+
+/* The size of `void*', as computed by sizeof. */
+#cmakedefine SIZEOF_VOIDP ${SIZEOF_VOIDP}
+
+/* Define to 1 if you have the ANSI C header files. */
+#cmakedefine STDC_HEADERS 1
+
+/* Define to the type of arg 3 for strerror_r. */
+#cmakedefine STRERROR_R_TYPE_ARG3 ${STRERROR_R_TYPE_ARG3}
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#cmakedefine TIME_WITH_SYS_TIME 1
+
+/* Define if you want to enable c-ares support */
+#cmakedefine USE_ARES 1
+
+/* Define if you want to enable POSIX threaded DNS lookup */
+#cmakedefine USE_THREADS_POSIX 1
+
+/* Define if you want to enable WIN32 threaded DNS lookup */
+#cmakedefine USE_THREADS_WIN32 1
+
+/* Define to disable non-blocking sockets. */
+#cmakedefine USE_BLOCKING_SOCKETS 1
+
+/* if GnuTLS is enabled */
+#cmakedefine USE_GNUTLS 1
+
+/* if PolarSSL is enabled */
+#cmakedefine USE_POLARSSL 1
+
+/* if DarwinSSL is enabled */
+#cmakedefine USE_DARWINSSL 1
+
+/* if mbedTLS is enabled */
+#cmakedefine USE_MBEDTLS 1
+
+/* if libSSH2 is in use */
+#cmakedefine USE_LIBSSH2 1
+
+/* If you want to build curl with the built-in manual */
+#cmakedefine USE_MANUAL 1
+
+/* if NSS is enabled */
+#cmakedefine USE_NSS 1
+
+/* if you want to use OpenLDAP code instead of legacy ldap implementation */
+#cmakedefine USE_OPENLDAP 1
+
+/* if OpenSSL is in use */
+#cmakedefine USE_OPENSSL 1
+
+/* to enable NGHTTP2 */
+#cmakedefine USE_NGHTTP2 1
+
+/* if Unix domain sockets are enabled */
+#cmakedefine USE_UNIX_SOCKETS
+
+/* Define to 1 if you are building a Windows target with large file support. */
+#cmakedefine USE_WIN32_LARGE_FILES 1
+
+/* to enable SSPI support */
+#cmakedefine USE_WINDOWS_SSPI 1
+
+/* to enable Windows SSL */
+#cmakedefine USE_SCHANNEL 1
+
+/* Define to 1 if using yaSSL in OpenSSL compatibility mode. */
+#cmakedefine USE_YASSLEMUL 1
+
+/* Version number of package */
+#cmakedefine VERSION ${VERSION}
+
+/* Define to 1 if OS is AIX. */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#cmakedefine _FILE_OFFSET_BITS ${_FILE_OFFSET_BITS}
+
+/* Define for large files, on AIX-style hosts. */
+#cmakedefine _LARGE_FILES ${_LARGE_FILES}
+
+/* define this if you need it to compile thread-safe code */
+#cmakedefine _THREAD_SAFE ${_THREAD_SAFE}
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#cmakedefine const ${const}
+
+/* Type to use in place of in_addr_t when system does not provide it. */
+#cmakedefine in_addr_t ${in_addr_t}
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#cmakedefine size_t ${size_t}
+
+/* the signed version of size_t */
+#cmakedefine ssize_t ${ssize_t}
+
+/* Define to 1 if you have the mach_absolute_time function. */
+#cmakedefine HAVE_MACH_ABSOLUTE_TIME 1
diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in
new file mode 100644
index 0000000000..3a3368b9b7
--- /dev/null
+++ b/libs/libcurl/src/curl_config.h.in
@@ -0,0 +1,1042 @@
+/* lib/curl_config.h.in. Generated from configure.ac by autoheader. */
+
+/* Location of default ca bundle */
+#undef CURL_CA_BUNDLE
+
+/* define "1" to use built in CA store of SSL library */
+#undef CURL_CA_FALLBACK
+
+/* Location of default ca path */
+#undef CURL_CA_PATH
+
+/* Default SSL backend */
+#undef CURL_DEFAULT_SSL_BACKEND
+
+/* to disable cookies support */
+#undef CURL_DISABLE_COOKIES
+
+/* to disable cryptographic authentication */
+#undef CURL_DISABLE_CRYPTO_AUTH
+
+/* to disable DICT */
+#undef CURL_DISABLE_DICT
+
+/* to disable FILE */
+#undef CURL_DISABLE_FILE
+
+/* to disable FTP */
+#undef CURL_DISABLE_FTP
+
+/* to disable Gopher */
+#undef CURL_DISABLE_GOPHER
+
+/* to disable HTTP */
+#undef CURL_DISABLE_HTTP
+
+/* to disable IMAP */
+#undef CURL_DISABLE_IMAP
+
+/* to disable LDAP */
+#undef CURL_DISABLE_LDAP
+
+/* to disable LDAPS */
+#undef CURL_DISABLE_LDAPS
+
+/* to disable --libcurl C code generation option */
+#undef CURL_DISABLE_LIBCURL_OPTION
+
+/* to disable POP3 */
+#undef CURL_DISABLE_POP3
+
+/* to disable proxies */
+#undef CURL_DISABLE_PROXY
+
+/* to disable RTSP */
+#undef CURL_DISABLE_RTSP
+
+/* to disable SMB/CIFS */
+#undef CURL_DISABLE_SMB
+
+/* to disable SMTP */
+#undef CURL_DISABLE_SMTP
+
+/* to disable TELNET */
+#undef CURL_DISABLE_TELNET
+
+/* to disable TFTP */
+#undef CURL_DISABLE_TFTP
+
+/* to disable TLS-SRP authentication */
+#undef CURL_DISABLE_TLS_SRP
+
+/* to disable verbose strings */
+#undef CURL_DISABLE_VERBOSE_STRINGS
+
+/* Definition to make a library symbol externally visible. */
+#undef CURL_EXTERN_SYMBOL
+
+/* built with multiple SSL backends */
+#undef CURL_WITH_MULTI_SSL
+
+/* your Entropy Gathering Daemon socket pathname */
+#undef EGD_SOCKET
+
+/* Define if you want to enable IPv6 support */
+#undef ENABLE_IPV6
+
+/* Define to the type of arg 2 for gethostname. */
+#undef GETHOSTNAME_TYPE_ARG2
+
+/* Define to the type qualifier of arg 1 for getnameinfo. */
+#undef GETNAMEINFO_QUAL_ARG1
+
+/* Define to the type of arg 1 for getnameinfo. */
+#undef GETNAMEINFO_TYPE_ARG1
+
+/* Define to the type of arg 2 for getnameinfo. */
+#undef GETNAMEINFO_TYPE_ARG2
+
+/* Define to the type of args 4 and 6 for getnameinfo. */
+#undef GETNAMEINFO_TYPE_ARG46
+
+/* Define to the type of arg 7 for getnameinfo. */
+#undef GETNAMEINFO_TYPE_ARG7
+
+/* Specifies the number of arguments to getservbyport_r */
+#undef GETSERVBYPORT_R_ARGS
+
+/* Specifies the size of the buffer to pass to getservbyport_r */
+#undef GETSERVBYPORT_R_BUFSIZE
+
+/* Define to 1 if you have the alarm function. */
+#undef HAVE_ALARM
+
+/* Define to 1 if you have the <alloca.h> header file. */
+#undef HAVE_ALLOCA_H
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <arpa/tftp.h> header file. */
+#undef HAVE_ARPA_TFTP_H
+
+/* Define to 1 if you have the <assert.h> header file. */
+#undef HAVE_ASSERT_H
+
+/* Define to 1 if you have the basename function. */
+#undef HAVE_BASENAME
+
+/* Define to 1 if bool is an available type. */
+#undef HAVE_BOOL_T
+
+/* Define to 1 if using BoringSSL. */
+#undef HAVE_BORINGSSL
+
+/* if BROTLI is in use */
+#undef HAVE_BROTLI
+
+/* Define to 1 if you have the <brotli/decode.h> header file. */
+#undef HAVE_BROTLI_DECODE_H
+
+/* Define to 1 if you have the __builtin_available function. */
+#undef HAVE_BUILTIN_AVAILABLE
+
+/* Define to 1 if you have the clock_gettime function and monotonic timer. */
+#undef HAVE_CLOCK_GETTIME_MONOTONIC
+
+/* Define to 1 if you have the closesocket function. */
+#undef HAVE_CLOSESOCKET
+
+/* Define to 1 if you have the CloseSocket camel case function. */
+#undef HAVE_CLOSESOCKET_CAMEL
+
+/* Define to 1 if you have the connect function. */
+#undef HAVE_CONNECT
+
+/* Define to 1 if you have the <crypto.h> header file. */
+#undef HAVE_CRYPTO_H
+
+/* Define to 1 if you have the `CyaSSL_CTX_UseSupportedCurve' function. */
+#undef HAVE_CYASSL_CTX_USESUPPORTEDCURVE
+
+/* Define to 1 if you have the <cyassl/error-ssl.h> header file. */
+#undef HAVE_CYASSL_ERROR_SSL_H
+
+/* Define to 1 if you have the `CyaSSL_get_peer_certificate' function. */
+#undef HAVE_CYASSL_GET_PEER_CERTIFICATE
+
+/* Define to 1 if you have the <cyassl/options.h> header file. */
+#undef HAVE_CYASSL_OPTIONS_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the `ENGINE_cleanup' function. */
+#undef HAVE_ENGINE_CLEANUP
+
+/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
+#undef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+
+/* Define to 1 if you have the <errno.h> header file. */
+#undef HAVE_ERRNO_H
+
+/* Define to 1 if you have the <err.h> header file. */
+#undef HAVE_ERR_H
+
+/* Define to 1 if you have the fcntl function. */
+#undef HAVE_FCNTL
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if you have a working fcntl O_NONBLOCK function. */
+#undef HAVE_FCNTL_O_NONBLOCK
+
+/* Define to 1 if you have the fdopen function. */
+#undef HAVE_FDOPEN
+
+/* Define to 1 if you have the freeaddrinfo function. */
+#undef HAVE_FREEADDRINFO
+
+/* Define to 1 if you have the freeifaddrs function. */
+#undef HAVE_FREEIFADDRS
+
+/* Define to 1 if you have the fsetxattr function. */
+#undef HAVE_FSETXATTR
+
+/* fsetxattr() takes 5 args */
+#undef HAVE_FSETXATTR_5
+
+/* fsetxattr() takes 6 args */
+#undef HAVE_FSETXATTR_6
+
+/* Define to 1 if you have the ftruncate function. */
+#undef HAVE_FTRUNCATE
+
+/* Define to 1 if you have the gai_strerror function. */
+#undef HAVE_GAI_STRERROR
+
+/* Define to 1 if you have a working getaddrinfo function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if the getaddrinfo function is threadsafe. */
+#undef HAVE_GETADDRINFO_THREADSAFE
+
+/* Define to 1 if you have the `geteuid' function. */
+#undef HAVE_GETEUID
+
+/* Define to 1 if you have the gethostbyaddr function. */
+#undef HAVE_GETHOSTBYADDR
+
+/* Define to 1 if you have the gethostbyaddr_r function. */
+#undef HAVE_GETHOSTBYADDR_R
+
+/* gethostbyaddr_r() takes 5 args */
+#undef HAVE_GETHOSTBYADDR_R_5
+
+/* gethostbyaddr_r() takes 7 args */
+#undef HAVE_GETHOSTBYADDR_R_7
+
+/* gethostbyaddr_r() takes 8 args */
+#undef HAVE_GETHOSTBYADDR_R_8
+
+/* Define to 1 if you have the gethostbyname function. */
+#undef HAVE_GETHOSTBYNAME
+
+/* Define to 1 if you have the gethostbyname_r function. */
+#undef HAVE_GETHOSTBYNAME_R
+
+/* gethostbyname_r() takes 3 args */
+#undef HAVE_GETHOSTBYNAME_R_3
+
+/* gethostbyname_r() takes 5 args */
+#undef HAVE_GETHOSTBYNAME_R_5
+
+/* gethostbyname_r() takes 6 args */
+#undef HAVE_GETHOSTBYNAME_R_6
+
+/* Define to 1 if you have the gethostname function. */
+#undef HAVE_GETHOSTNAME
+
+/* Define to 1 if you have a working getifaddrs function. */
+#undef HAVE_GETIFADDRS
+
+/* Define to 1 if you have the getnameinfo function. */
+#undef HAVE_GETNAMEINFO
+
+/* Define to 1 if you have the `getpass_r' function. */
+#undef HAVE_GETPASS_R
+
+/* Define to 1 if you have the `getppid' function. */
+#undef HAVE_GETPPID
+
+/* Define to 1 if you have the `getpwuid' function. */
+#undef HAVE_GETPWUID
+
+/* Define to 1 if you have the `getpwuid_r' function. */
+#undef HAVE_GETPWUID_R
+
+/* Define to 1 if you have the `getrlimit' function. */
+#undef HAVE_GETRLIMIT
+
+/* Define to 1 if you have the getservbyport_r function. */
+#undef HAVE_GETSERVBYPORT_R
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have a working glibc-style strerror_r function. */
+#undef HAVE_GLIBC_STRERROR_R
+
+/* Define to 1 if you have a working gmtime_r function. */
+#undef HAVE_GMTIME_R
+
+/* Define to 1 if you have the `gnutls_alpn_set_protocols' function. */
+#undef HAVE_GNUTLS_ALPN_SET_PROTOCOLS
+
+/* Define to 1 if you have the `gnutls_certificate_set_x509_key_file2'
+ function. */
+#undef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
+
+/* Define to 1 if you have the `gnutls_ocsp_req_init' function. */
+#undef HAVE_GNUTLS_OCSP_REQ_INIT
+
+/* if you have the function gnutls_srp_verifier */
+#undef HAVE_GNUTLS_SRP
+
+/* if you have GSS-API libraries */
+#undef HAVE_GSSAPI
+
+/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_H
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
+/* if you have GNU GSS */
+#undef HAVE_GSSGNU
+
+/* if you have Heimdal */
+#undef HAVE_GSSHEIMDAL
+
+/* if you have MIT Kerberos */
+#undef HAVE_GSSMIT
+
+/* Define to 1 if you have the <idn2.h> header file. */
+#undef HAVE_IDN2_H
+
+/* Define to 1 if you have the <ifaddrs.h> header file. */
+#undef HAVE_IFADDRS_H
+
+/* Define to 1 if you have the `if_nametoindex' function. */
+#undef HAVE_IF_NAMETOINDEX
+
+/* Define to 1 if you have the inet_ntoa_r function. */
+#undef HAVE_INET_NTOA_R
+
+/* inet_ntoa_r() takes 2 args */
+#undef HAVE_INET_NTOA_R_2
+
+/* inet_ntoa_r() takes 3 args */
+#undef HAVE_INET_NTOA_R_3
+
+/* Define to 1 if you have a IPv6 capable working inet_ntop function. */
+#undef HAVE_INET_NTOP
+
+/* Define to 1 if you have a IPv6 capable working inet_pton function. */
+#undef HAVE_INET_PTON
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the ioctl function. */
+#undef HAVE_IOCTL
+
+/* Define to 1 if you have the ioctlsocket function. */
+#undef HAVE_IOCTLSOCKET
+
+/* Define to 1 if you have the IoctlSocket camel case function. */
+#undef HAVE_IOCTLSOCKET_CAMEL
+
+/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function.
+ */
+#undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO
+
+/* Define to 1 if you have a working ioctlsocket FIONBIO function. */
+#undef HAVE_IOCTLSOCKET_FIONBIO
+
+/* Define to 1 if you have a working ioctl FIONBIO function. */
+#undef HAVE_IOCTL_FIONBIO
+
+/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */
+#undef HAVE_IOCTL_SIOCGIFADDR
+
+/* Define to 1 if you have the <io.h> header file. */
+#undef HAVE_IO_H
+
+/* Define to 1 if you have the lber.h header file. */
+#undef HAVE_LBER_H
+
+/* Define to 1 if you have the ldapssl.h header file. */
+#undef HAVE_LDAPSSL_H
+
+/* Define to 1 if you have the ldap.h header file. */
+#undef HAVE_LDAP_H
+
+/* Define to 1 if you have the `ldap_init_fd' function. */
+#undef HAVE_LDAP_INIT_FD
+
+/* Use LDAPS implementation */
+#undef HAVE_LDAP_SSL
+
+/* Define to 1 if you have the ldap_ssl.h header file. */
+#undef HAVE_LDAP_SSL_H
+
+/* Define to 1 if you have the `ldap_url_parse' function. */
+#undef HAVE_LDAP_URL_PARSE
+
+/* Define to 1 if you have the `brotlidec' library (-lbrotlidec). */
+#undef HAVE_LIBBROTLIDEC
+
+/* Define to 1 if you have the <libgen.h> header file. */
+#undef HAVE_LIBGEN_H
+
+/* Define to 1 if you have the `idn2' library (-lidn2). */
+#undef HAVE_LIBIDN2
+
+/* Define to 1 if using libressl. */
+#undef HAVE_LIBRESSL
+
+/* Define to 1 if you have the <librtmp/rtmp.h> header file. */
+#undef HAVE_LIBRTMP_RTMP_H
+
+/* Define to 1 if you have the `ssh2' library (-lssh2). */
+#undef HAVE_LIBSSH2
+
+/* Define to 1 if you have the <libssh2.h> header file. */
+#undef HAVE_LIBSSH2_H
+
+/* Define to 1 if you have the `ssl' library (-lssl). */
+#undef HAVE_LIBSSL
+
+/* if zlib is available */
+#undef HAVE_LIBZ
+
+/* Define to 1 if you have the <limits.h> header file. */
+#undef HAVE_LIMITS_H
+
+/* Define to 1 if you have the <linux/tcp.h> header file. */
+#undef HAVE_LINUX_TCP_H
+
+/* if your compiler supports LL */
+#undef HAVE_LL
+
+/* Define to 1 if you have the <locale.h> header file. */
+#undef HAVE_LOCALE_H
+
+/* Define to 1 if you have a working localtime_r function. */
+#undef HAVE_LOCALTIME_R
+
+/* Define to 1 if the compiler supports the 'long long' data type. */
+#undef HAVE_LONGLONG
+
+/* Define to 1 if you have the `mach_absolute_time' function. */
+#undef HAVE_MACH_ABSOLUTE_TIME
+
+/* Define to 1 if you have the malloc.h header file. */
+#undef HAVE_MALLOC_H
+
+/* Define to 1 if you have the memory.h header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the memrchr function or macro. */
+#undef HAVE_MEMRCHR
+
+/* Define to 1 if you have the MSG_NOSIGNAL flag. */
+#undef HAVE_MSG_NOSIGNAL
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#undef HAVE_NETINET_TCP_H
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#undef HAVE_NET_IF_H
+
+/* Define to 1 if you have the <nghttp2/nghttp2.h> header file. */
+#undef HAVE_NGHTTP2_NGHTTP2_H
+
+/* Define to 1 if NI_WITHSCOPEID exists and works. */
+#undef HAVE_NI_WITHSCOPEID
+
+/* if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE
+ */
+#undef HAVE_OLD_GSSMIT
+
+/* Define to 1 if you have the <openssl/crypto.h> header file. */
+#undef HAVE_OPENSSL_CRYPTO_H
+
+/* Define to 1 if you have the <openssl/engine.h> header file. */
+#undef HAVE_OPENSSL_ENGINE_H
+
+/* Define to 1 if you have the <openssl/err.h> header file. */
+#undef HAVE_OPENSSL_ERR_H
+
+/* Define to 1 if you have the <openssl/pem.h> header file. */
+#undef HAVE_OPENSSL_PEM_H
+
+/* Define to 1 if you have the <openssl/rsa.h> header file. */
+#undef HAVE_OPENSSL_RSA_H
+
+/* if you have the function SRP_Calc_client_key */
+#undef HAVE_OPENSSL_SRP
+
+/* Define to 1 if you have the <openssl/ssl.h> header file. */
+#undef HAVE_OPENSSL_SSL_H
+
+/* Define to 1 if you have the <openssl/x509.h> header file. */
+#undef HAVE_OPENSSL_X509_H
+
+/* Define to 1 if you have the <pem.h> header file. */
+#undef HAVE_PEM_H
+
+/* Define to 1 if you have the `pipe' function. */
+#undef HAVE_PIPE
+
+/* Define to 1 if you have a working poll function. */
+#undef HAVE_POLL
+
+/* If you have a fine poll */
+#undef HAVE_POLL_FINE
+
+/* Define to 1 if you have the <poll.h> header file. */
+#undef HAVE_POLL_H
+
+/* Define to 1 if you have a working POSIX-style strerror_r function. */
+#undef HAVE_POSIX_STRERROR_R
+
+/* if you have <pthread.h> */
+#undef HAVE_PTHREAD_H
+
+/* Define to 1 if you have the <pwd.h> header file. */
+#undef HAVE_PWD_H
+
+/* Define to 1 if you have the `RAND_egd' function. */
+#undef HAVE_RAND_EGD
+
+/* Define to 1 if you have the recv function. */
+#undef HAVE_RECV
+
+/* Define to 1 if you have the <rsa.h> header file. */
+#undef HAVE_RSA_H
+
+/* Define to 1 if you have the select function. */
+#undef HAVE_SELECT
+
+/* Define to 1 if you have the send function. */
+#undef HAVE_SEND
+
+/* Define to 1 if you have the <setjmp.h> header file. */
+#undef HAVE_SETJMP_H
+
+/* Define to 1 if you have the `setlocale' function. */
+#undef HAVE_SETLOCALE
+
+/* Define to 1 if you have the `setmode' function. */
+#undef HAVE_SETMODE
+
+/* Define to 1 if you have the `setrlimit' function. */
+#undef HAVE_SETRLIMIT
+
+/* Define to 1 if you have the setsockopt function. */
+#undef HAVE_SETSOCKOPT
+
+/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */
+#undef HAVE_SETSOCKOPT_SO_NONBLOCK
+
+/* Define to 1 if you have the <sgtty.h> header file. */
+#undef HAVE_SGTTY_H
+
+/* Define to 1 if you have the sigaction function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if you have the siginterrupt function. */
+#undef HAVE_SIGINTERRUPT
+
+/* Define to 1 if you have the signal function. */
+#undef HAVE_SIGNAL
+
+/* Define to 1 if you have the <signal.h> header file. */
+#undef HAVE_SIGNAL_H
+
+/* Define to 1 if you have the sigsetjmp function or macro. */
+#undef HAVE_SIGSETJMP
+
+/* Define to 1 if sig_atomic_t is an available typedef. */
+#undef HAVE_SIG_ATOMIC_T
+
+/* Define to 1 if sig_atomic_t is already defined as volatile. */
+#undef HAVE_SIG_ATOMIC_T_VOLATILE
+
+/* Define to 1 if struct sockaddr_in6 has the sin6_scope_id member */
+#undef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+
+/* Define to 1 if you have the socket function. */
+#undef HAVE_SOCKET
+
+/* Define to 1 if you have the socketpair function. */
+#undef HAVE_SOCKETPAIR
+
+/* Define to 1 if you have the <socket.h> header file. */
+#undef HAVE_SOCKET_H
+
+/* Define to 1 if you have the `SSLv2_client_method' function. */
+#undef HAVE_SSLV2_CLIENT_METHOD
+
+/* Define to 1 if you have the `SSL_get_shutdown' function. */
+#undef HAVE_SSL_GET_SHUTDOWN
+
+/* Define to 1 if you have the <ssl.h> header file. */
+#undef HAVE_SSL_H
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#undef HAVE_STDIO_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the strcasecmp function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the strcmpi function. */
+#undef HAVE_STRCMPI
+
+/* Define to 1 if you have the strdup function. */
+#undef HAVE_STRDUP
+
+/* Define to 1 if you have the strerror_r function. */
+#undef HAVE_STRERROR_R
+
+/* Define to 1 if you have the stricmp function. */
+#undef HAVE_STRICMP
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the strncasecmp function. */
+#undef HAVE_STRNCASECMP
+
+/* Define to 1 if you have the strncmpi function. */
+#undef HAVE_STRNCMPI
+
+/* Define to 1 if you have the strnicmp function. */
+#undef HAVE_STRNICMP
+
+/* Define to 1 if you have the <stropts.h> header file. */
+#undef HAVE_STROPTS_H
+
+/* Define to 1 if you have the strstr function. */
+#undef HAVE_STRSTR
+
+/* Define to 1 if you have the strtok_r function. */
+#undef HAVE_STRTOK_R
+
+/* Define to 1 if you have the strtoll function. */
+#undef HAVE_STRTOLL
+
+/* if struct sockaddr_storage is defined */
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* Define to 1 if you have the timeval struct. */
+#undef HAVE_STRUCT_TIMEVAL
+
+/* Define to 1 if you have the <sys/filio.h> header file. */
+#undef HAVE_SYS_FILIO_H
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#undef HAVE_SYS_POLL_H
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#undef HAVE_SYS_RESOURCE_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#undef HAVE_SYS_UN_H
+
+/* Define to 1 if you have the <sys/utime.h> header file. */
+#undef HAVE_SYS_UTIME_H
+
+/* Define to 1 if you have the <sys/wait.h> header file. */
+#undef HAVE_SYS_WAIT_H
+
+/* Define to 1 if you have the <sys/xattr.h> header file. */
+#undef HAVE_SYS_XATTR_H
+
+/* Define to 1 if you have the <termios.h> header file. */
+#undef HAVE_TERMIOS_H
+
+/* Define to 1 if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
+/* Define to 1 if you have the <time.h> header file. */
+#undef HAVE_TIME_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `utime' function. */
+#undef HAVE_UTIME
+
+/* Define to 1 if you have the `utimes' function. */
+#undef HAVE_UTIMES
+
+/* Define to 1 if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* Define to 1 if compiler supports C99 variadic macro style. */
+#undef HAVE_VARIADIC_MACROS_C99
+
+/* Define to 1 if compiler supports old gcc variadic macro style. */
+#undef HAVE_VARIADIC_MACROS_GCC
+
+/* Define to 1 if you have the winber.h header file. */
+#undef HAVE_WINBER_H
+
+/* Define to 1 if you have the windows.h header file. */
+#undef HAVE_WINDOWS_H
+
+/* Define to 1 if you have the winldap.h header file. */
+#undef HAVE_WINLDAP_H
+
+/* Define to 1 if you have the winsock2.h header file. */
+#undef HAVE_WINSOCK2_H
+
+/* Define to 1 if you have the winsock.h header file. */
+#undef HAVE_WINSOCK_H
+
+/* Define to 1 if you have the `wolfSSLv3_client_method' function. */
+#undef HAVE_WOLFSSLV3_CLIENT_METHOD
+
+/* Define to 1 if you have the `wolfSSL_CTX_UseSupportedCurve' function. */
+#undef HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE
+
+/* Define to 1 if you have the `wolfSSL_get_peer_certificate' function. */
+#undef HAVE_WOLFSSL_GET_PEER_CERTIFICATE
+
+/* Define to 1 if you have the `wolfSSL_UseALPN' function. */
+#undef HAVE_WOLFSSL_USEALPN
+
+/* Define this symbol if your OS supports changing the contents of argv */
+#undef HAVE_WRITABLE_ARGV
+
+/* Define to 1 if you have the writev function. */
+#undef HAVE_WRITEV
+
+/* Define to 1 if you have the ws2tcpip.h header file. */
+#undef HAVE_WS2TCPIP_H
+
+/* Define to 1 if you have the <x509.h> header file. */
+#undef HAVE_X509_H
+
+/* if you have the zlib.h header file */
+#undef HAVE_ZLIB_H
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#undef LT_OBJDIR
+
+/* Define to 1 if you need the lber.h header file even with ldap.h */
+#undef NEED_LBER_H
+
+/* Define to 1 if you need the malloc.h header file even with stdlib.h */
+#undef NEED_MALLOC_H
+
+/* Define to 1 if you need the memory.h header file even with stdlib.h */
+#undef NEED_MEMORY_H
+
+/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */
+#undef NEED_REENTRANT
+
+/* Define to 1 if _THREAD_SAFE preprocessor symbol must be defined. */
+#undef NEED_THREAD_SAFE
+
+/* Define to enable NTLM delegation to winbind's ntlm_auth helper. */
+#undef NTLM_WB_ENABLED
+
+/* Define absolute filename for winbind's ntlm_auth helper. */
+#undef NTLM_WB_FILE
+
+/* cpu-machine-OS */
+#undef OS
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* a suitable file to read random data from */
+#undef RANDOM_FILE
+
+/* Define to the type of arg 1 for recv. */
+#undef RECV_TYPE_ARG1
+
+/* Define to the type of arg 2 for recv. */
+#undef RECV_TYPE_ARG2
+
+/* Define to the type of arg 3 for recv. */
+#undef RECV_TYPE_ARG3
+
+/* Define to the type of arg 4 for recv. */
+#undef RECV_TYPE_ARG4
+
+/* Define to the function return type for recv. */
+#undef RECV_TYPE_RETV
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* Define to the type qualifier of arg 5 for select. */
+#undef SELECT_QUAL_ARG5
+
+/* Define to the type of arg 1 for select. */
+#undef SELECT_TYPE_ARG1
+
+/* Define to the type of args 2, 3 and 4 for select. */
+#undef SELECT_TYPE_ARG234
+
+/* Define to the type of arg 5 for select. */
+#undef SELECT_TYPE_ARG5
+
+/* Define to the function return type for select. */
+#undef SELECT_TYPE_RETV
+
+/* Define to the type qualifier of arg 2 for send. */
+#undef SEND_QUAL_ARG2
+
+/* Define to the type of arg 1 for send. */
+#undef SEND_TYPE_ARG1
+
+/* Define to the type of arg 2 for send. */
+#undef SEND_TYPE_ARG2
+
+/* Define to the type of arg 3 for send. */
+#undef SEND_TYPE_ARG3
+
+/* Define to the type of arg 4 for send. */
+#undef SEND_TYPE_ARG4
+
+/* Define to the function return type for send. */
+#undef SEND_TYPE_RETV
+
+/* The size of `curl_off_t', as computed by sizeof. */
+#undef SIZEOF_CURL_OFF_T
+
+/* The size of `int', as computed by sizeof. */
+#undef SIZEOF_INT
+
+/* The size of `long', as computed by sizeof. */
+#undef SIZEOF_LONG
+
+/* The size of `long long', as computed by sizeof. */
+#undef SIZEOF_LONG_LONG
+
+/* The size of `off_t', as computed by sizeof. */
+#undef SIZEOF_OFF_T
+
+/* The size of `short', as computed by sizeof. */
+#undef SIZEOF_SHORT
+
+/* The size of `size_t', as computed by sizeof. */
+#undef SIZEOF_SIZE_T
+
+/* The size of `time_t', as computed by sizeof. */
+#undef SIZEOF_TIME_T
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to the type of arg 3 for strerror_r. */
+#undef STRERROR_R_TYPE_ARG3
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to enable c-ares support */
+#undef USE_ARES
+
+/* if axTLS is enabled */
+#undef USE_AXTLS
+
+/* if CyaSSL/WolfSSL is enabled */
+#undef USE_CYASSL
+
+/* to enable Apple OS native SSL/TLS support */
+#undef USE_DARWINSSL
+
+/* if GnuTLS is enabled */
+#undef USE_GNUTLS
+
+/* if GnuTLS uses nettle as crypto backend */
+#undef USE_GNUTLS_NETTLE
+
+/* PSL support enabled */
+#undef USE_LIBPSL
+
+/* if librtmp is in use */
+#undef USE_LIBRTMP
+
+/* if libSSH2 is in use */
+#undef USE_LIBSSH2
+
+/* If you want to build curl with the built-in manual */
+#undef USE_MANUAL
+
+/* if mbedTLS is enabled */
+#undef USE_MBEDTLS
+
+/* Define to enable metalink support */
+#undef USE_METALINK
+
+/* if nghttp2 is in use */
+#undef USE_NGHTTP2
+
+/* if NSS is enabled */
+#undef USE_NSS
+
+/* Use OpenLDAP-specific code */
+#undef USE_OPENLDAP
+
+/* if OpenSSL is in use */
+#undef USE_OPENSSL
+
+/* if PolarSSL is enabled */
+#undef USE_POLARSSL
+
+/* to enable Windows native SSL/TLS support */
+#undef USE_SCHANNEL
+
+/* if you want POSIX threaded DNS lookup */
+#undef USE_THREADS_POSIX
+
+/* if you want Win32 threaded DNS lookup */
+#undef USE_THREADS_WIN32
+
+/* Use TLS-SRP authentication */
+#undef USE_TLS_SRP
+
+/* Use Unix domain sockets */
+#undef USE_UNIX_SOCKETS
+
+/* Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz). */
+#undef USE_WIN32_IDN
+
+/* Define to 1 if you are building a Windows target with large file support.
+ */
+#undef USE_WIN32_LARGE_FILES
+
+/* Use Windows LDAP implementation */
+#undef USE_WIN32_LDAP
+
+/* Define to 1 if you are building a Windows target without large file
+ support. */
+#undef USE_WIN32_SMALL_FILES
+
+/* to enable SSPI support */
+#undef USE_WINDOWS_SSPI
+
+/* Version number of package */
+#undef VERSION
+
+/* Define to 1 to provide own prototypes. */
+#undef WANT_IDN_PROTOTYPES
+
+/* Define to 1 if OS is AIX. */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+
+/* Enable large inode numbers on Mac OS X 10.5. */
+#ifndef _DARWIN_USE_64_BIT_INODE
+# define _DARWIN_USE_64_BIT_INODE 1
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Type to use in place of in_addr_t when system does not provide it. */
+#undef in_addr_t
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* the signed version of size_t */
+#undef ssize_t
diff --git a/libs/libcurl/src/curl_darwinssl.h b/libs/libcurl/src/curl_darwinssl.h
deleted file mode 100644
index 432d3d7ce4..0000000000
--- a/libs/libcurl/src/curl_darwinssl.h
+++ /dev/null
@@ -1,78 +0,0 @@
-#ifndef HEADER_CURL_DARWINSSL_H
-#define HEADER_CURL_DARWINSSL_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2012 - 2013, Nick Zitzmann, <nickzman@gmail.com>.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-#ifdef USE_DARWINSSL
-
-CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex);
-
-CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-
-/* this function doesn't actually do anything */
-void Curl_darwinssl_close_all(struct SessionHandle *data);
-
-/* close a SSL connection */
-void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
-
-void Curl_darwinssl_session_free(void *ptr);
-size_t Curl_darwinssl_version(char *buffer, size_t size);
-int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
-int Curl_darwinssl_check_cxn(struct connectdata *conn);
-bool Curl_darwinssl_data_pending(const struct connectdata *conn,
- int connindex);
-
-void Curl_darwinssl_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length);
-void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len);
-
-/* this backend provides these functions: */
-#define have_curlssl_random 1
-#define have_curlssl_md5sum 1
-
-/* API setup for SecureTransport */
-#define curlssl_init() (1)
-#define curlssl_cleanup() Curl_nop_stmt
-#define curlssl_connect Curl_darwinssl_connect
-#define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking
-#define curlssl_session_free(x) Curl_darwinssl_session_free(x)
-#define curlssl_close_all Curl_darwinssl_close_all
-#define curlssl_close Curl_darwinssl_close
-#define curlssl_shutdown(x,y) 0
-#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
-#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
-#define curlssl_version Curl_darwinssl_version
-#define curlssl_check_cxn Curl_darwinssl_check_cxn
-#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)
-#define curlssl_random(x,y,z) Curl_darwinssl_random(x,y,z)
-#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)
-
-#endif /* USE_DARWINSSL */
-#endif /* HEADER_CURL_DARWINSSL_H */
diff --git a/libs/libcurl/src/curl_des.c b/libs/libcurl/src/curl_des.c
new file mode 100644
index 0000000000..b123a00f01
--- /dev/null
+++ b/libs/libcurl/src/curl_des.c
@@ -0,0 +1,63 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2015, Steve Holme, <steve_holme@hotmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_OPENSSL)
+
+#include "curl_des.h"
+
+/*
+ * Curl_des_set_odd_parity()
+ *
+ * This is used to apply odd parity to the given byte array. It is typically
+ * used by when a cryptography engines doesn't have it's own version.
+ *
+ * The function is a port of the Java based oddParity() function over at:
+ *
+ * https://davenport.sourceforge.io/ntlm.html
+ *
+ * Parameters:
+ *
+ * bytes [in/out] - The data whose parity bits are to be adjusted for
+ * odd parity.
+ * len [out] - The length of the data.
+ */
+void Curl_des_set_odd_parity(unsigned char *bytes, size_t len)
+{
+ size_t i;
+
+ for(i = 0; i < len; i++) {
+ unsigned char b = bytes[i];
+
+ bool needs_parity = (((b >> 7) ^ (b >> 6) ^ (b >> 5) ^
+ (b >> 4) ^ (b >> 3) ^ (b >> 2) ^
+ (b >> 1)) & 0x01) == 0;
+
+ if(needs_parity)
+ bytes[i] |= 0x01;
+ else
+ bytes[i] &= 0xfe;
+ }
+}
+
+#endif /* USE_NTLM && !USE_OPENSSL */
diff --git a/libs/libcurl/src/curl_des.h b/libs/libcurl/src/curl_des.h
new file mode 100644
index 0000000000..129060ff7d
--- /dev/null
+++ b/libs/libcurl/src/curl_des.h
@@ -0,0 +1,34 @@
+#ifndef HEADER_CURL_DES_H
+#define HEADER_CURL_DES_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2015, Steve Holme, <steve_holme@hotmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_OPENSSL)
+
+/* Applies odd parity to the given byte array */
+void Curl_des_set_odd_parity(unsigned char *bytes, size_t length);
+
+#endif /* USE_NTLM && !USE_OPENSSL */
+
+#endif /* HEADER_CURL_DES_H */
diff --git a/libs/libcurl/src/curl_endian.c b/libs/libcurl/src/curl_endian.c
new file mode 100644
index 0000000000..c25db4956e
--- /dev/null
+++ b/libs/libcurl/src/curl_endian.c
@@ -0,0 +1,124 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "curl_endian.h"
+
+/*
+ * Curl_read16_le()
+ *
+ * This function converts a 16-bit integer from the little endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf [in] - A pointer to a 2 byte buffer.
+ *
+ * Returns the integer.
+ */
+unsigned short Curl_read16_le(const unsigned char *buf)
+{
+ return (unsigned short)(((unsigned short)buf[0]) |
+ ((unsigned short)buf[1] << 8));
+}
+
+/*
+ * Curl_read32_le()
+ *
+ * This function converts a 32-bit integer from the little endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf [in] - A pointer to a 4 byte buffer.
+ *
+ * Returns the integer.
+ */
+unsigned int Curl_read32_le(const unsigned char *buf)
+{
+ return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
+ ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
+}
+
+/*
+ * Curl_read16_be()
+ *
+ * This function converts a 16-bit integer from the big endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf [in] - A pointer to a 2 byte buffer.
+ *
+ * Returns the integer.
+ */
+unsigned short Curl_read16_be(const unsigned char *buf)
+{
+ return (unsigned short)(((unsigned short)buf[0] << 8) |
+ ((unsigned short)buf[1]));
+}
+
+/*
+ * Curl_write32_le()
+ *
+ * This function converts a 32-bit integer from the native endian format,
+ * to little endian format ready for sending down the wire.
+ *
+ * Parameters:
+ *
+ * value [in] - The 32-bit integer value.
+ * buffer [in] - A pointer to the output buffer.
+ */
+void Curl_write32_le(const int value, unsigned char *buffer)
+{
+ buffer[0] = (char)(value & 0x000000FF);
+ buffer[1] = (char)((value & 0x0000FF00) >> 8);
+ buffer[2] = (char)((value & 0x00FF0000) >> 16);
+ buffer[3] = (char)((value & 0xFF000000) >> 24);
+}
+
+#if (CURL_SIZEOF_CURL_OFF_T > 4)
+/*
+ * Curl_write64_le()
+ *
+ * This function converts a 64-bit integer from the native endian format,
+ * to little endian format ready for sending down the wire.
+ *
+ * Parameters:
+ *
+ * value [in] - The 64-bit integer value.
+ * buffer [in] - A pointer to the output buffer.
+ */
+#if defined(HAVE_LONGLONG)
+void Curl_write64_le(const long long value, unsigned char *buffer)
+#else
+void Curl_write64_le(const __int64 value, unsigned char *buffer)
+#endif
+{
+ Curl_write32_le((int)value, buffer);
+ Curl_write32_le((int)(value >> 32), buffer + 4);
+}
+#endif /* CURL_SIZEOF_CURL_OFF_T > 4 */
diff --git a/libs/libcurl/src/curl_endian.h b/libs/libcurl/src/curl_endian.h
new file mode 100644
index 0000000000..4f345a6a22
--- /dev/null
+++ b/libs/libcurl/src/curl_endian.h
@@ -0,0 +1,46 @@
+#ifndef HEADER_CURL_ENDIAN_H
+#define HEADER_CURL_ENDIAN_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* Converts a 16-bit integer from little endian */
+unsigned short Curl_read16_le(const unsigned char *buf);
+
+/* Converts a 32-bit integer from little endian */
+unsigned int Curl_read32_le(const unsigned char *buf);
+
+/* Converts a 16-bit integer from big endian */
+unsigned short Curl_read16_be(const unsigned char *buf);
+
+/* Converts a 32-bit integer to little endian */
+void Curl_write32_le(const int value, unsigned char *buffer);
+
+#if (CURL_SIZEOF_CURL_OFF_T > 4)
+/* Converts a 64-bit integer to little endian */
+#if defined(HAVE_LONGLONG)
+void Curl_write64_le(const long long value, unsigned char *buffer);
+#else
+void Curl_write64_le(const __int64 value, unsigned char *buffer);
+#endif
+#endif
+
+#endif /* HEADER_CURL_ENDIAN_H */
diff --git a/libs/libcurl/src/curl_fnmatch.c b/libs/libcurl/src/curl_fnmatch.c
index 63f67b9aa2..8a1e106c45 100644
--- a/libs/libcurl/src/curl_fnmatch.c
+++ b/libs/libcurl/src/curl_fnmatch.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,12 +22,11 @@
#include "curl_setup.h"
-#include "curl_fnmatch.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include <curl/curl.h>
+#include "curl_fnmatch.h"
#include "curl_memory.h"
+
/* The last #include file should be: */
#include "memdebug.h"
@@ -134,6 +133,9 @@ static int setcharset(unsigned char **p, unsigned char *charset)
unsigned char c;
for(;;) {
c = **p;
+ if(!c)
+ return SETCHARSET_FAIL;
+
switch(state) {
case CURLFNM_SCHS_DEFAULT:
if(ISALNUM(c)) { /* ASCII value */
@@ -146,14 +148,13 @@ static int setcharset(unsigned char **p, unsigned char *charset)
else if(c == ']') {
if(something_found)
return SETCHARSET_OK;
- else
- something_found = TRUE;
+ something_found = TRUE;
state = CURLFNM_SCHS_RIGHTBR;
charset[c] = 1;
(*p)++;
}
else if(c == '[') {
- char c2 = *((*p)+1);
+ char c2 = *((*p) + 1);
if(c2 == ':') { /* there has to be a keyword */
(*p) += 2;
if(parsekeyword(p, charset)) {
@@ -198,9 +199,6 @@ static int setcharset(unsigned char **p, unsigned char *charset)
else
return SETCHARSET_FAIL;
}
- else if(c == '\0') {
- return SETCHARSET_FAIL;
- }
else {
charset[c] = 1;
(*p)++;
@@ -237,11 +235,6 @@ static int setcharset(unsigned char **p, unsigned char *charset)
return SETCHARSET_FAIL;
break;
case CURLFNM_SCHS_MAYRANGE2:
- if(c == '\\') {
- c = *(++(*p));
- if(!ISPRINT(c))
- return SETCHARSET_FAIL;
- }
if(c == ']') {
return SETCHARSET_OK;
}
@@ -255,7 +248,7 @@ static int setcharset(unsigned char **p, unsigned char *charset)
else
return SETCHARSET_FAIL;
}
- if(c >= rangestart) {
+ else if(c >= rangestart) {
if((ISLOWER(c) && ISLOWER(rangestart)) ||
(ISDIGIT(c) && ISDIGIT(rangestart)) ||
(ISUPPER(c) && ISUPPER(rangestart))) {
@@ -269,6 +262,8 @@ static int setcharset(unsigned char **p, unsigned char *charset)
else
return SETCHARSET_FAIL;
}
+ else
+ return SETCHARSET_FAIL;
break;
case CURLFNM_SCHS_RIGHTBR:
if(c == '[') {
@@ -279,9 +274,6 @@ static int setcharset(unsigned char **p, unsigned char *charset)
else if(c == ']') {
return SETCHARSET_OK;
}
- else if(c == '\0') {
- return SETCHARSET_FAIL;
- }
else if(ISPRINT(c)) {
charset[c] = 1;
(*p)++;
@@ -321,9 +313,9 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
switch(state) {
case CURLFNM_LOOP_DEFAULT:
if(*p == '*') {
- while(*(p+1) == '*') /* eliminate multiple stars */
+ while(*(p + 1) == '*') /* eliminate multiple stars */
p++;
- if(*s == '\0' && *(p+1) == '\0')
+ if(*s == '\0' && *(p + 1) == '\0')
return CURL_FNMATCH_MATCH;
rc = loop(p + 1, s); /* *.txt matches .txt <=> .txt matches .txt */
if(rc == CURL_FNMATCH_MATCH)
@@ -346,15 +338,14 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
else if(*p == '\0') {
if(*s == '\0')
return CURL_FNMATCH_MATCH;
- else
- return CURL_FNMATCH_NOMATCH;
+ return CURL_FNMATCH_NOMATCH;
}
else if(*p == '\\') {
state = CURLFNM_LOOP_BACKSLASH;
p++;
}
else if(*p == '[') {
- unsigned char *pp = p+1; /* cannot handle with pointer to register */
+ unsigned char *pp = p + 1; /* cannot handle with pointer to register */
if(setcharset(&pp, charset)) {
int found = FALSE;
if(charset[(unsigned int)*s])
@@ -384,7 +375,7 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
found = !found;
if(found) {
- p = pp+1;
+ p = pp + 1;
s++;
memset(charset, 0, CURLFNM_CHSET_SIZE);
}
diff --git a/libs/libcurl/src/curl_fnmatch.h b/libs/libcurl/src/curl_fnmatch.h
index 6335d03123..69ffe392fd 100644
--- a/libs/libcurl/src/curl_fnmatch.h
+++ b/libs/libcurl/src/curl_fnmatch.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/curl_gethostname.c b/libs/libcurl/src/curl_gethostname.c
index ded1e6f948..8337c72e81 100644
--- a/libs/libcurl/src/curl_gethostname.c
+++ b/libs/libcurl/src/curl_gethostname.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -48,8 +48,8 @@
* For libcurl static library release builds no overriding takes place.
*/
-int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen) {
-
+int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen)
+{
#ifndef HAVE_GETHOSTNAME
/* Allow compilation and return failure when unavailable */
@@ -59,7 +59,7 @@ int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen) {
#else
int err;
- char* dot;
+ char *dot;
#ifdef DEBUGBUILD
diff --git a/libs/libcurl/src/curl_gethostname.h b/libs/libcurl/src/curl_gethostname.h
index 48740f62af..07517c5359 100644
--- a/libs/libcurl/src/curl_gethostname.h
+++ b/libs/libcurl/src/curl_gethostname.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/curl_gssapi.c b/libs/libcurl/src/curl_gssapi.c
index fabbe35985..83f3fa0c43 100644
--- a/libs/libcurl/src/curl_gssapi.c
+++ b/libs/libcurl/src/curl_gssapi.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2011 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -27,17 +27,27 @@
#include "curl_gssapi.h"
#include "sendf.h"
+static char spnego_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
+gss_OID_desc Curl_spnego_mech_oid = { 6, &spnego_oid_bytes };
+static char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
+gss_OID_desc Curl_krb5_mech_oid = { 9, &krb5_oid_bytes };
+
OM_uint32 Curl_gss_init_sec_context(
- struct SessionHandle *data,
- OM_uint32 * minor_status,
- gss_ctx_id_t * context,
+ struct Curl_easy *data,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
gss_name_t target_name,
+ gss_OID mech_type,
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
- OM_uint32 * ret_flags)
+ const bool mutual_auth,
+ OM_uint32 *ret_flags)
{
- OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+ OM_uint32 req_flags = GSS_C_REPLAY_FLAG;
+
+ if(mutual_auth)
+ req_flags |= GSS_C_MUTUAL_FLAG;
if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
#ifdef GSS_C_DELEG_POLICY_FLAG
@@ -55,7 +65,7 @@ OM_uint32 Curl_gss_init_sec_context(
GSS_C_NO_CREDENTIAL, /* cred_handle */
context,
target_name,
- GSS_C_NO_OID, /* mech_type */
+ mech_type,
req_flags,
0, /* time_req */
input_chan_bindings,
@@ -66,4 +76,56 @@ OM_uint32 Curl_gss_init_sec_context(
NULL /* time_rec */);
}
+#define GSS_LOG_BUFFER_LEN 1024
+static size_t display_gss_error(OM_uint32 status, int type,
+ char *buf, size_t len) {
+ OM_uint32 maj_stat;
+ OM_uint32 min_stat;
+ OM_uint32 msg_ctx = 0;
+ gss_buffer_desc status_string;
+
+ do {
+ maj_stat = gss_display_status(&min_stat,
+ status,
+ type,
+ GSS_C_NO_OID,
+ &msg_ctx,
+ &status_string);
+ if(GSS_LOG_BUFFER_LEN > len + status_string.length + 3) {
+ len += snprintf(buf + len, GSS_LOG_BUFFER_LEN - len,
+ "%.*s. ", (int)status_string.length,
+ (char *)status_string.value);
+ }
+ gss_release_buffer(&min_stat, &status_string);
+ } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
+
+ return len;
+}
+
+/*
+ * Curl_gss_log_error()
+ *
+ * This is used to log a GSS-API error status.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * prefix [in] - The prefix of the log message.
+ * major [in] - The major status code.
+ * minor [in] - The minor status code.
+ */
+void Curl_gss_log_error(struct Curl_easy *data, const char *prefix,
+ OM_uint32 major, OM_uint32 minor)
+{
+ char buf[GSS_LOG_BUFFER_LEN];
+ size_t len = 0;
+
+ if(major != GSS_S_FAILURE)
+ len = display_gss_error(major, GSS_C_GSS_CODE, buf, len);
+
+ display_gss_error(minor, GSS_C_MECH_CODE, buf, len);
+
+ infof(data, "%s%s\n", prefix, buf);
+}
+
#endif /* HAVE_GSSAPI */
diff --git a/libs/libcurl/src/curl_gssapi.h b/libs/libcurl/src/curl_gssapi.h
index ed33b51a2d..9700a28174 100644
--- a/libs/libcurl/src/curl_gssapi.h
+++ b/libs/libcurl/src/curl_gssapi.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2011 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -39,18 +39,36 @@
# include <gssapi.h>
#endif
+extern gss_OID_desc Curl_spnego_mech_oid;
+extern gss_OID_desc Curl_krb5_mech_oid;
-/* Common method for using gss api */
-
+/* Common method for using GSS-API */
OM_uint32 Curl_gss_init_sec_context(
- struct SessionHandle *data,
- OM_uint32 * minor_status,
- gss_ctx_id_t * context,
+ struct Curl_easy *data,
+ OM_uint32 *minor_status,
+ gss_ctx_id_t *context,
gss_name_t target_name,
+ gss_OID mech_type,
gss_channel_bindings_t input_chan_bindings,
gss_buffer_t input_token,
gss_buffer_t output_token,
- OM_uint32 * ret_flags);
+ const bool mutual_auth,
+ OM_uint32 *ret_flags);
+
+/* Helper to log a GSS-API error status */
+void Curl_gss_log_error(struct Curl_easy *data, const char *prefix,
+ OM_uint32 major, OM_uint32 minor);
+
+/* Provide some definitions missing in old headers */
+#ifdef HAVE_OLD_GSSMIT
+#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#define NCOMPAT 1
+#endif
+
+/* Define our privacy and integrity protection values */
+#define GSSAUTH_P_NONE 1
+#define GSSAUTH_P_INTEGRITY 2
+#define GSSAUTH_P_PRIVACY 4
#endif /* HAVE_GSSAPI */
diff --git a/libs/libcurl/src/curl_hmac.h b/libs/libcurl/src/curl_hmac.h
index 9b65c8c2a1..756dc9e4cd 100644
--- a/libs/libcurl/src/curl_hmac.h
+++ b/libs/libcurl/src/curl_hmac.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,11 +24,11 @@
#ifndef CURL_DISABLE_CRYPTO_AUTH
-typedef void (* HMAC_hinit_func)(void * context);
-typedef void (* HMAC_hupdate_func)(void * context,
- const unsigned char * data,
+typedef void (* HMAC_hinit_func)(void *context);
+typedef void (* HMAC_hupdate_func)(void *context,
+ const unsigned char *data,
unsigned int len);
-typedef void (* HMAC_hfinal_func)(unsigned char * result, void * context);
+typedef void (* HMAC_hfinal_func)(unsigned char *result, void *context);
/* Per-hash function HMAC parameters. */
@@ -46,21 +46,21 @@ typedef struct {
/* HMAC computation context. */
typedef struct {
- const HMAC_params * hmac_hash; /* Hash function definition. */
- void * hmac_hashctxt1; /* Hash function context 1. */
- void * hmac_hashctxt2; /* Hash function context 2. */
+ const HMAC_params *hmac_hash; /* Hash function definition. */
+ void *hmac_hashctxt1; /* Hash function context 1. */
+ void *hmac_hashctxt2; /* Hash function context 2. */
} HMAC_context;
/* Prototypes. */
-HMAC_context * Curl_HMAC_init(const HMAC_params * hashparams,
- const unsigned char * key,
+HMAC_context * Curl_HMAC_init(const HMAC_params *hashparams,
+ const unsigned char *key,
unsigned int keylen);
-int Curl_HMAC_update(HMAC_context * context,
- const unsigned char * data,
+int Curl_HMAC_update(HMAC_context *context,
+ const unsigned char *data,
unsigned int len);
-int Curl_HMAC_final(HMAC_context * context, unsigned char * result);
+int Curl_HMAC_final(HMAC_context *context, unsigned char *result);
#endif
diff --git a/libs/libcurl/src/curl_ldap.h b/libs/libcurl/src/curl_ldap.h
index 93fb4b07af..27d03810fb 100644
--- a/libs/libcurl/src/curl_ldap.h
+++ b/libs/libcurl/src/curl_ldap.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/curl_md4.h b/libs/libcurl/src/curl_md4.h
index b0be9cf6cf..e0690416dd 100644
--- a/libs/libcurl/src/curl_md4.h
+++ b/libs/libcurl/src/curl_md4.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,10 +24,12 @@
#include "curl_setup.h"
-/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
- * a local implementation of it */
-#ifdef USE_NSS
+#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \
+ (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))
+
void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len);
-#endif /* USE_NSS */
+
+#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||
+ (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */
#endif /* HEADER_CURL_MD4_H */
diff --git a/libs/libcurl/src/curl_md5.h b/libs/libcurl/src/curl_md5.h
index 9c0e0b5eee..5f70c96346 100644
--- a/libs/libcurl/src/curl_md5.h
+++ b/libs/libcurl/src/curl_md5.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/curl_memory.h b/libs/libcurl/src/curl_memory.h
index adc45cd639..fccf46879a 100644
--- a/libs/libcurl/src/curl_memory.h
+++ b/libs/libcurl/src/curl_memory.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -28,6 +28,9 @@
* File curl_memory.h must be included by _all_ *.c source files
* that use memory related functions strdup, malloc, calloc, realloc
* or free, and given source file is used to build libcurl library.
+ * It should be included immediately before memdebug.h as the last files
+ * included to avoid undesired interaction with other memory function
+ * headers in dependent libraries.
*
* There is nearly no exception to above rule. All libcurl source
* files in 'lib' subdirectory as well as those living deep inside
@@ -67,7 +70,7 @@
*
* Programs and libraries in 'tests' subdirectories have specific
* purposes and needs, and as such each one will use whatever fits
- * best, depending additionally wether it links with libcurl or not.
+ * best, depending additionally whether it links with libcurl or not.
*
* Caveat emptor. Proper curlx_* separation is a work in progress
* the same as CURLX_NO_MEMORY_CALLBACKS usage, some adjustments may
@@ -80,7 +83,20 @@
#ifndef CURLX_NO_MEMORY_CALLBACKS
-#include <curl/curl.h> /* for the callback typedefs */
+#ifndef CURL_DID_MEMORY_FUNC_TYPEDEFS /* only if not already done */
+/*
+ * The following memory function replacement typedef's are COPIED from
+ * curl/curl.h and MUST match the originals. We copy them to avoid having to
+ * include curl/curl.h here. We avoid that include since it includes stdio.h
+ * and other headers that may get messed up with defines done here.
+ */
+typedef void *(*curl_malloc_callback)(size_t size);
+typedef void (*curl_free_callback)(void *ptr);
+typedef void *(*curl_realloc_callback)(void *ptr, size_t size);
+typedef char *(*curl_strdup_callback)(const char *str);
+typedef void *(*curl_calloc_callback)(size_t nmemb, size_t size);
+#define CURL_DID_MEMORY_FUNC_TYPEDEFS
+#endif
extern curl_malloc_callback Curl_cmalloc;
extern curl_free_callback Curl_cfree;
@@ -119,11 +135,11 @@ extern curl_wcsdup_callback Curl_cwcsdup;
# define wcsdup(ptr) Curl_cwcsdup(ptr)
# undef _wcsdup
# define _wcsdup(ptr) Curl_cwcsdup(ptr)
-# undef wcsdup
-# define wcsdup(ptr) Curl_cwcsdup(ptr)
+# undef _tcsdup
+# define _tcsdup(ptr) Curl_cwcsdup(ptr)
# else
-# undef wcsdup
-# define wcsdup(ptr) Curl_cstrdup(ptr)
+# undef _tcsdup
+# define _tcsdup(ptr) Curl_cstrdup(ptr)
# endif
#endif
diff --git a/libs/libcurl/src/curl_memrchr.c b/libs/libcurl/src/curl_memrchr.c
index a71c2bb4ae..c521497b21 100644
--- a/libs/libcurl/src/curl_memrchr.c
+++ b/libs/libcurl/src/curl_memrchr.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,12 +22,11 @@
#include "curl_setup.h"
-#include "curl_memrchr.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include <curl/curl.h>
+#include "curl_memrchr.h"
#include "curl_memory.h"
+
/* The last #include file should be: */
#include "memdebug.h"
diff --git a/libs/libcurl/src/curl_memrchr.h b/libs/libcurl/src/curl_memrchr.h
index 324c73a7b8..747509c45a 100644
--- a/libs/libcurl/src/curl_memrchr.h
+++ b/libs/libcurl/src/curl_memrchr.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/curl_multibyte.c b/libs/libcurl/src/curl_multibyte.c
index 6c02239eb0..e78bb5002e 100644
--- a/libs/libcurl/src/curl_multibyte.c
+++ b/libs/libcurl/src/curl_multibyte.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,18 +22,18 @@
#include "curl_setup.h"
-#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+#include <curl/curl.h>
+
+#if defined(USE_WIN32_IDN) || ((defined(USE_WINDOWS_SSPI) || \
+ defined(USE_WIN32_LDAP)) && defined(UNICODE))
/*
* MultiByte conversions using Windows kernel32 library.
*/
#include "curl_multibyte.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
+
/* The last #include file should be: */
#include "memdebug.h"
@@ -49,7 +49,8 @@ wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8)
if(str_w) {
if(MultiByteToWideChar(CP_UTF8, 0, str_utf8, -1, str_w,
str_w_len) == 0) {
- Curl_safefree(str_w);
+ free(str_w);
+ return NULL;
}
}
}
@@ -70,7 +71,8 @@ char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
if(str_utf8) {
if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len,
NULL, FALSE) == 0) {
- Curl_safefree(str_utf8);
+ free(str_utf8);
+ return NULL;
}
}
}
@@ -79,4 +81,4 @@ char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
return str_utf8;
}
-#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
+#endif /* USE_WIN32_IDN || ((USE_WINDOWS_SSPI || USE_WIN32_LDAP) && UNICODE) */
diff --git a/libs/libcurl/src/curl_multibyte.h b/libs/libcurl/src/curl_multibyte.h
index 7ee5eae126..615f5c086c 100644
--- a/libs/libcurl/src/curl_multibyte.h
+++ b/libs/libcurl/src/curl_multibyte.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,7 +23,8 @@
***************************************************************************/
#include "curl_setup.h"
-#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+#if defined(USE_WIN32_IDN) || ((defined(USE_WINDOWS_SSPI) || \
+ defined(USE_WIN32_LDAP)) && defined(UNICODE))
/*
* MultiByte conversions using Windows kernel32 library.
@@ -32,10 +33,11 @@
wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8);
char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w);
-#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
+#endif /* USE_WIN32_IDN || ((USE_WINDOWS_SSPI || USE_WIN32_LDAP) && UNICODE) */
-#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI)
+#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI) || \
+ defined(USE_WIN32_LDAP)
/*
* Macros Curl_convert_UTF8_to_tchar(), Curl_convert_tchar_to_UTF8()
@@ -85,6 +87,6 @@ typedef union {
#endif /* UNICODE */
-#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI */
+#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI || USE_WIN32_LDAP */
#endif /* HEADER_CURL_MULTIBYTE_H */
diff --git a/libs/libcurl/src/curl_ntlm_core.c b/libs/libcurl/src/curl_ntlm_core.c
index 79aeb08b3f..e8962769ca 100644
--- a/libs/libcurl/src/curl_ntlm_core.c
+++ b/libs/libcurl/src/curl_ntlm_core.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,16 +22,37 @@
#include "curl_setup.h"
-#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+#if defined(USE_NTLM)
/*
* NTLM details:
*
- * http://davenport.sourceforge.net/ntlm.html
- * http://www.innovation.ch/java/ntlm.html
+ * https://davenport.sourceforge.io/ntlm.html
+ * https://www.innovation.ch/java/ntlm.html
*/
-#ifdef USE_SSLEAY
+/* Please keep the SSL backend-specific #if branches in this order:
+
+ 1. USE_OPENSSL
+ 2. USE_GNUTLS_NETTLE
+ 3. USE_GNUTLS
+ 4. USE_NSS
+ 5. USE_MBEDTLS
+ 6. USE_DARWINSSL
+ 7. USE_OS400CRYPTO
+ 8. USE_WIN32_CRYPTO
+
+ This ensures that:
+ - the same SSL branch gets activated throughout this source
+ file even if multiple backends are enabled at the same time.
+ - OpenSSL and NSS have higher priority than Windows Crypt, due
+ to issues with the latter supporting NTLM2Session responses
+ in NTLM type-3 messages.
+ */
+
+#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
+
+#ifdef USE_OPENSSL
# ifdef USE_OPENSSL
# include <openssl/des.h>
@@ -82,37 +103,51 @@
# include "curl_md4.h"
# define MD5_DIGEST_LENGTH MD5_LENGTH
+#elif defined(USE_MBEDTLS)
+
+# include <mbedtls/des.h>
+# include <mbedtls/md4.h>
+# if !defined(MBEDTLS_MD4_C)
+# include "curl_md4.h"
+# endif
+
#elif defined(USE_DARWINSSL)
# include <CommonCrypto/CommonCryptor.h>
# include <CommonCrypto/CommonDigest.h>
+#elif defined(USE_OS400CRYPTO)
+# include "cipher.mih" /* mih/cipher */
+# include "curl_md4.h"
+#elif defined(USE_WIN32_CRYPTO)
+# include <wincrypt.h>
#else
# error "Can't compile NTLM support without a crypto library."
#endif
#include "urldata.h"
#include "non-ascii.h"
-#include "rawstr.h"
-#include "curl_memory.h"
+#include "strcase.h"
#include "curl_ntlm_core.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+#include "curl_md5.h"
+#include "curl_hmac.h"
+#include "warnless.h"
+#include "curl_endian.h"
+#include "curl_des.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
-#ifdef USE_SSLEAY
+#define NTLM_HMAC_MD5_LEN (16)
+#define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00"
+#define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4)
+
/*
- * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
- * key schedule ks is also set.
- */
-static void setup_des_key(const unsigned char *key_56,
- DES_key_schedule DESKEYARG(ks))
+* Turns a 56-bit key into being 64-bit wide.
+*/
+static void extend_key_56_to_64(const unsigned char *key_56, char *key)
{
- DES_cblock key;
-
key[0] = key_56[0];
key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
@@ -121,36 +156,43 @@ static void setup_des_key(const unsigned char *key_56,
key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
-
- DES_set_odd_parity(&key);
- DES_set_key(&key, ks);
}
-#else /* defined(USE_SSLEAY) */
-
+#ifdef USE_OPENSSL
/*
- * Turns a 56 bit key into the 64 bit, odd parity key. Used by GnuTLS and NSS.
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
+ * key schedule ks is also set.
*/
-static void extend_key_56_to_64(const unsigned char *key_56, char *key)
+static void setup_des_key(const unsigned char *key_56,
+ DES_key_schedule DESKEYARG(ks))
{
- key[0] = key_56[0];
- key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
- key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
- key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
- key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
- key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
- key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
- key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
+ DES_cblock key;
+
+ /* Expand the 56-bit key to 64-bits */
+ extend_key_56_to_64(key_56, (char *) &key);
+
+ /* Set the key parity to odd */
+ DES_set_odd_parity(&key);
+
+ /* Set the key */
+ DES_set_key(&key, ks);
}
-#if defined(USE_GNUTLS_NETTLE)
+#elif defined(USE_GNUTLS_NETTLE)
static void setup_des_key(const unsigned char *key_56,
struct des_ctx *des)
{
char key[8];
+
+ /* Expand the 56-bit key to 64-bits */
extend_key_56_to_64(key_56, key);
- des_set_key(des, (const uint8_t*)key);
+
+ /* Set the key parity to odd */
+ Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
+
+ /* Set the key */
+ des_set_key(des, (const uint8_t *) key);
}
#elif defined(USE_GNUTLS)
@@ -162,8 +204,15 @@ static void setup_des_key(const unsigned char *key_56,
gcry_cipher_hd_t *des)
{
char key[8];
+
+ /* Expand the 56-bit key to 64-bits */
extend_key_56_to_64(key_56, key);
- gcry_cipher_setkey(*des, key, 8);
+
+ /* Set the key parity to odd */
+ Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
+
+ /* Set the key */
+ gcry_cipher_setkey(*des, key, sizeof(key));
}
#elif defined(USE_NSS)
@@ -191,16 +240,21 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out,
if(!slot)
return FALSE;
- /* expand the 56 bit key to 64 bit and wrap by NSS */
+ /* Expand the 56-bit key to 64-bits */
extend_key_56_to_64(key_56, key);
+
+ /* Set the key parity to odd */
+ Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
+
+ /* Import the key */
key_item.data = (unsigned char *)key;
- key_item.len = /* hard-wired */ 8;
+ key_item.len = sizeof(key);
symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT,
&key_item, NULL);
if(!symkey)
goto fail;
- /* create DES encryption context */
+ /* Create the DES encryption context */
param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL);
if(!param)
goto fail;
@@ -208,7 +262,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out,
if(!ctx)
goto fail;
- /* perform the encryption */
+ /* Perform the encryption */
if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8,
(unsigned char *)in, /* inbuflen */ 8)
&& SECSuccess == PK11_Finalize(ctx))
@@ -226,6 +280,26 @@ fail:
return rv;
}
+#elif defined(USE_MBEDTLS)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+ const unsigned char *key_56)
+{
+ mbedtls_des_context ctx;
+ char key[8];
+
+ /* Expand the 56-bit key to 64-bits */
+ extend_key_56_to_64(key_56, key);
+
+ /* Set the key parity to odd */
+ mbedtls_des_key_set_parity((unsigned char *) key);
+
+ /* Perform the encryption */
+ mbedtls_des_init(&ctx);
+ mbedtls_des_setkey_enc(&ctx, (unsigned char *) key);
+ return mbedtls_des_crypt_ecb(&ctx, in, out) == 0;
+}
+
#elif defined(USE_DARWINSSL)
static bool encrypt_des(const unsigned char *in, unsigned char *out,
@@ -235,16 +309,95 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out,
size_t out_len;
CCCryptorStatus err;
+ /* Expand the 56-bit key to 64-bits */
extend_key_56_to_64(key_56, key);
+
+ /* Set the key parity to odd */
+ Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
+
+ /* Perform the encryption */
err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out,
8 /* outbuflen */, &out_len);
+
return err == kCCSuccess;
}
-#endif /* defined(USE_DARWINSSL) */
+#elif defined(USE_OS400CRYPTO)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+ const unsigned char *key_56)
+{
+ char key[8];
+ _CIPHER_Control_T ctl;
+
+ /* Setup the cipher control structure */
+ ctl.Func_ID = ENCRYPT_ONLY;
+ ctl.Data_Len = sizeof(key);
+
+ /* Expand the 56-bit key to 64-bits */
+ extend_key_56_to_64(key_56, ctl.Crypto_Key);
+
+ /* Set the key parity to odd */
+ Curl_des_set_odd_parity((unsigned char *) ctl.Crypto_Key, ctl.Data_Len);
+
+ /* Perform the encryption */
+ _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in);
+
+ return TRUE;
+}
+
+#elif defined(USE_WIN32_CRYPTO)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+ const unsigned char *key_56)
+{
+ HCRYPTPROV hprov;
+ HCRYPTKEY hkey;
+ struct {
+ BLOBHEADER hdr;
+ unsigned int len;
+ char key[8];
+ } blob;
+ DWORD len = 8;
+
+ /* Acquire the crypto provider */
+ if(!CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT))
+ return FALSE;
+
+ /* Setup the key blob structure */
+ memset(&blob, 0, sizeof(blob));
+ blob.hdr.bType = PLAINTEXTKEYBLOB;
+ blob.hdr.bVersion = 2;
+ blob.hdr.aiKeyAlg = CALG_DES;
+ blob.len = sizeof(blob.key);
+
+ /* Expand the 56-bit key to 64-bits */
+ extend_key_56_to_64(key_56, blob.key);
+
+ /* Set the key parity to odd */
+ Curl_des_set_odd_parity((unsigned char *) blob.key, sizeof(blob.key));
+
+ /* Import the key */
+ if(!CryptImportKey(hprov, (BYTE *) &blob, sizeof(blob), 0, 0, &hkey)) {
+ CryptReleaseContext(hprov, 0);
+
+ return FALSE;
+ }
-#endif /* defined(USE_SSLEAY) */
+ memcpy(out, in, 8);
+
+ /* Perform the encryption */
+ CryptEncrypt(hkey, 0, FALSE, 0, out, &len, len);
+
+ CryptDestroyKey(hkey);
+ CryptReleaseContext(hprov, 0);
+
+ return TRUE;
+}
+
+#endif /* defined(USE_WIN32_CRYPTO) */
/*
* takes a 21 byte array and treats it as 3 56-bit DES keys. The
@@ -255,7 +408,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
const unsigned char *plaintext,
unsigned char *results)
{
-#ifdef USE_SSLEAY
+#ifdef USE_OPENSSL
DES_key_schedule ks;
setup_des_key(keys, DESKEY(ks));
@@ -294,7 +447,8 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
setup_des_key(keys + 14, &des);
gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
gcry_cipher_close(des);
-#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \
+ || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(plaintext, results, keys);
encrypt_des(plaintext, results + 8, keys + 7);
encrypt_des(plaintext, results + 16, keys + 14);
@@ -304,11 +458,11 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
/*
* Set up lanmanager hashed password
*/
-void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
- const char *password,
- unsigned char *lmbuffer /* 21 bytes */)
+CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
+ const char *password,
+ unsigned char *lmbuffer /* 21 bytes */)
{
- CURLcode res;
+ CURLcode result;
unsigned char pw[14];
static const unsigned char magic[] = {
0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
@@ -322,14 +476,14 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
* The LanManager hashed password needs to be created using the
* password in the network encoding not the host encoding.
*/
- res = Curl_convert_to_network(data, (char *)pw, 14);
- if(res)
- return;
+ result = Curl_convert_to_network(data, (char *)pw, 14);
+ if(result)
+ return result;
{
/* Create LanManager hashed password. */
-#ifdef USE_SSLEAY
+#ifdef USE_OPENSSL
DES_key_schedule ks;
setup_des_key(pw, DESKEY(ks));
@@ -357,16 +511,19 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
setup_des_key(pw + 7, &des);
gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
gcry_cipher_close(des);
-#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_DARWINSSL) \
+ || defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(magic, lmbuffer, pw);
encrypt_des(magic, lmbuffer + 8, pw + 7);
#endif
memset(lmbuffer + 16, 0, 21 - 16);
}
+
+ return CURLE_OK;
}
-#if USE_NTRESPONSES
+#ifdef USE_NTRESPONSES
static void ascii_to_unicode_le(unsigned char *dest, const char *src,
size_t srclen)
{
@@ -377,15 +534,30 @@ static void ascii_to_unicode_le(unsigned char *dest, const char *src,
}
}
+#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI)
+
+static void ascii_uppercase_to_unicode_le(unsigned char *dest,
+ const char *src, size_t srclen)
+{
+ size_t i;
+ for(i = 0; i < srclen; i++) {
+ dest[2 * i] = (unsigned char)(Curl_raw_toupper(src[i]));
+ dest[2 * i + 1] = '\0';
+ }
+}
+
+#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
+
/*
* Set up nt hashed passwords
+ * @unittest: 1600
*/
-CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
const char *password,
unsigned char *ntbuffer /* 21 bytes */)
{
size_t len = strlen(password);
- unsigned char *pw = malloc(len * 2);
+ unsigned char *pw = len ? malloc(len * 2) : strdup("");
CURLcode result;
if(!pw)
return CURLE_OUT_OF_MEMORY;
@@ -402,7 +574,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
{
/* Create NT hashed password. */
-#ifdef USE_SSLEAY
+#ifdef USE_OPENSSL
MD4_CTX MD4pw;
MD4_Init(&MD4pw);
MD4_Update(&MD4pw, pw, 2 * len);
@@ -416,12 +588,33 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
gcry_md_hd_t MD4pw;
gcry_md_open(&MD4pw, GCRY_MD_MD4, 0);
gcry_md_write(MD4pw, pw, 2 * len);
- memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
+ memcpy(ntbuffer, gcry_md_read(MD4pw, 0), MD4_DIGEST_LENGTH);
gcry_md_close(MD4pw);
#elif defined(USE_NSS)
Curl_md4it(ntbuffer, pw, 2 * len);
+#elif defined(USE_MBEDTLS)
+#if defined(MBEDTLS_MD4_C)
+ mbedtls_md4(pw, 2 * len, ntbuffer);
+#else
+ Curl_md4it(ntbuffer, pw, 2 * len);
+#endif
#elif defined(USE_DARWINSSL)
(void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer);
+#elif defined(USE_OS400CRYPTO)
+ Curl_md4it(ntbuffer, pw, 2 * len);
+#elif defined(USE_WIN32_CRYPTO)
+ HCRYPTPROV hprov;
+ if(CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT)) {
+ HCRYPTHASH hhash;
+ if(CryptCreateHash(hprov, CALG_MD4, 0, 0, &hhash)) {
+ DWORD length = 16;
+ CryptHashData(hhash, pw, (unsigned int)len * 2, 0);
+ CryptGetHashParam(hhash, HP_HASHVAL, ntbuffer, &length, 0);
+ CryptDestroyHash(hhash);
+ }
+ CryptReleaseContext(hprov, 0);
+ }
#endif
memset(ntbuffer + 16, 0, 21 - 16);
@@ -431,6 +624,214 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
return CURLE_OK;
}
+
+#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI)
+
+/* This returns the HMAC MD5 digest */
+CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
+ const unsigned char *data, unsigned int datalen,
+ unsigned char *output)
+{
+ HMAC_context *ctxt = Curl_HMAC_init(Curl_HMAC_MD5, key, keylen);
+
+ if(!ctxt)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Update the digest with the given challenge */
+ Curl_HMAC_update(ctxt, data, datalen);
+
+ /* Finalise the digest */
+ Curl_HMAC_final(ctxt, output);
+
+ return CURLE_OK;
+}
+
+#ifndef SIZE_T_MAX
+/* some limits.h headers have this defined, some don't */
+#if defined(SIZEOF_SIZE_T) && (SIZEOF_SIZE_T > 4)
+#define SIZE_T_MAX 18446744073709551615U
+#else
+#define SIZE_T_MAX 4294967295U
+#endif
+#endif
+
+/* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
+ * (uppercase UserName + Domain) as the data
+ */
+CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
+ const char *domain, size_t domlen,
+ unsigned char *ntlmhash,
+ unsigned char *ntlmv2hash)
+{
+ /* Unicode representation */
+ size_t identity_len;
+ unsigned char *identity;
+ CURLcode result = CURLE_OK;
+
+ /* we do the length checks below separately to avoid integer overflow risk
+ on extreme data lengths */
+ if((userlen > SIZE_T_MAX/2) ||
+ (domlen > SIZE_T_MAX/2) ||
+ ((userlen + domlen) > SIZE_T_MAX/2))
+ return CURLE_OUT_OF_MEMORY;
+
+ identity_len = (userlen + domlen) * 2;
+ identity = malloc(identity_len);
+
+ if(!identity)
+ return CURLE_OUT_OF_MEMORY;
+
+ ascii_uppercase_to_unicode_le(identity, user, userlen);
+ ascii_to_unicode_le(identity + (userlen << 1), domain, domlen);
+
+ result = Curl_hmac_md5(ntlmhash, 16, identity, curlx_uztoui(identity_len),
+ ntlmv2hash);
+
+ free(identity);
+
+ return result;
+}
+
+/*
+ * Curl_ntlm_core_mk_ntlmv2_resp()
+ *
+ * This creates the NTLMv2 response as set in the ntlm type-3 message.
+ *
+ * Parameters:
+ *
+ * ntlmv2hash [in] - The ntlmv2 hash (16 bytes)
+ * challenge_client [in] - The client nonce (8 bytes)
+ * ntlm [in] - The ntlm data struct being used to read TargetInfo
+ and Server challenge received in the type-2 message
+ * ntresp [out] - The address where a pointer to newly allocated
+ * memory holding the NTLMv2 response.
+ * ntresp_len [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
+ unsigned char *challenge_client,
+ struct ntlmdata *ntlm,
+ unsigned char **ntresp,
+ unsigned int *ntresp_len)
+{
+/* NTLMv2 response structure :
+------------------------------------------------------------------------------
+0 HMAC MD5 16 bytes
+------BLOB--------------------------------------------------------------------
+16 Signature 0x01010000
+20 Reserved long (0x00000000)
+24 Timestamp LE, 64-bit signed value representing the number of
+ tenths of a microsecond since January 1, 1601.
+32 Client Nonce 8 bytes
+40 Unknown 4 bytes
+44 Target Info N bytes (from the type-2 message)
+44+N Unknown 4 bytes
+------------------------------------------------------------------------------
+*/
+
+ unsigned int len = 0;
+ unsigned char *ptr = NULL;
+ unsigned char hmac_output[NTLM_HMAC_MD5_LEN];
+ curl_off_t tw;
+
+ CURLcode result = CURLE_OK;
+
+#if CURL_SIZEOF_CURL_OFF_T < 8
+#error "this section needs 64bit support to work"
+#endif
+
+ /* Calculate the timestamp */
+#ifdef DEBUGBUILD
+ char *force_timestamp = getenv("CURL_FORCETIME");
+ if(force_timestamp)
+ tw = CURL_OFF_T_C(11644473600) * 10000000;
+ else
+#endif
+ tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000;
+
+ /* Calculate the response len */
+ len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;
+
+ /* Allocate the response */
+ ptr = malloc(len);
+ if(!ptr)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(ptr, 0, len);
+
+ /* Create the BLOB structure */
+ snprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN,
+ "%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */
+ "%c%c%c%c", /* Reserved = 0 */
+ NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1],
+ NTLMv2_BLOB_SIGNATURE[2], NTLMv2_BLOB_SIGNATURE[3],
+ 0, 0, 0, 0);
+
+ Curl_write64_le(tw, ptr + 24);
+ memcpy(ptr + 32, challenge_client, 8);
+ memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
+
+ /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */
+ memcpy(ptr + 8, &ntlm->nonce[0], 8);
+ result = Curl_hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8,
+ NTLMv2_BLOB_LEN + 8, hmac_output);
+ if(result) {
+ free(ptr);
+ return result;
+ }
+
+ /* Concatenate the HMAC MD5 output with the BLOB */
+ memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN);
+
+ /* Return the response */
+ *ntresp = ptr;
+ *ntresp_len = len;
+
+ return result;
+}
+
+/*
+ * Curl_ntlm_core_mk_lmv2_resp()
+ *
+ * This creates the LMv2 response as used in the ntlm type-3 message.
+ *
+ * Parameters:
+ *
+ * ntlmv2hash [in] - The ntlmv2 hash (16 bytes)
+ * challenge_client [in] - The client nonce (8 bytes)
+ * challenge_client [in] - The server challenge (8 bytes)
+ * lmresp [out] - The LMv2 response (24 bytes)
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
+ unsigned char *challenge_client,
+ unsigned char *challenge_server,
+ unsigned char *lmresp)
+{
+ unsigned char data[16];
+ unsigned char hmac_output[16];
+ CURLcode result = CURLE_OK;
+
+ memcpy(&data[0], challenge_server, 8);
+ memcpy(&data[8], challenge_client, 8);
+
+ result = Curl_hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output);
+ if(result)
+ return result;
+
+ /* Concatenate the HMAC MD5 output with the client nonce */
+ memcpy(lmresp, hmac_output, 16);
+ memcpy(lmresp + 16, challenge_client, 8);
+
+ return result;
+}
+
+#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
+
#endif /* USE_NTRESPONSES */
-#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
+#endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */
+
+#endif /* USE_NTLM */
diff --git a/libs/libcurl/src/curl_ntlm_core.h b/libs/libcurl/src/curl_ntlm_core.h
index 9aa126bb26..07ef5deae9 100644
--- a/libs/libcurl/src/curl_ntlm_core.h
+++ b/libs/libcurl/src/curl_ntlm_core.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,45 +24,84 @@
#include "curl_setup.h"
-#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
-
-#ifdef USE_SSLEAY
-# if !defined(OPENSSL_VERSION_NUMBER) && \
- !defined(HEADER_SSL_H) && !defined(HEADER_MD5_H)
-# error "curl_ntlm_core.h shall not be included before OpenSSL headers."
-# endif
-# ifdef OPENSSL_NO_MD4
-# define USE_NTRESPONSES 0
-# define USE_NTLM2SESSION 0
-# endif
+#if defined(USE_NTLM)
+
+/* If NSS is the first available SSL backend (see order in curl_ntlm_core.c)
+ then it must be initialized to be used by NTLM. */
+#if !defined(USE_OPENSSL) && \
+ !defined(USE_GNUTLS_NETTLE) && \
+ !defined(USE_GNUTLS) && \
+ defined(USE_NSS)
+#define NTLM_NEEDS_NSS_INIT
#endif
-/*
- * Define USE_NTRESPONSES to 1 in order to make the type-3 message include
- * the NT response message. Define USE_NTLM2SESSION to 1 in order to make
- * the type-3 message include the NTLM2Session response message, requires
- * USE_NTRESPONSES defined to 1.
- */
+#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
+
+#ifdef USE_OPENSSL
+# include <openssl/ssl.h>
+#endif
+
+/* Define USE_NTRESPONSES in order to make the type-3 message include
+ * the NT response message. */
+#if !defined(USE_OPENSSL) || !defined(OPENSSL_NO_MD4)
+#define USE_NTRESPONSES
+#endif
-#ifndef USE_NTRESPONSES
-# define USE_NTRESPONSES 1
-# define USE_NTLM2SESSION 1
+/* Define USE_NTLM2SESSION in order to make the type-3 message include the
+ NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a
+ Crypto engine that we have curl_ssl_md5sum() for. */
+#if defined(USE_NTRESPONSES) && !defined(USE_WIN32_CRYPTO)
+#define USE_NTLM2SESSION
+#endif
+
+/* Define USE_NTLM_V2 in order to allow the type-3 message to include the
+ LMv2 and NTLMv2 response messages, requires USE_NTRESPONSES defined to 1
+ and support for 64-bit integers. */
+#if defined(USE_NTRESPONSES) && (CURL_SIZEOF_CURL_OFF_T > 4)
+#define USE_NTLM_V2
#endif
void Curl_ntlm_core_lm_resp(const unsigned char *keys,
const unsigned char *plaintext,
unsigned char *results);
-void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
- const char *password,
- unsigned char *lmbuffer /* 21 bytes */);
+CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
+ const char *password,
+ unsigned char *lmbuffer /* 21 bytes */);
-#if USE_NTRESPONSES
-CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+#ifdef USE_NTRESPONSES
+CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
const char *password,
unsigned char *ntbuffer /* 21 bytes */);
-#endif
-#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
+#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI)
+
+CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
+ const unsigned char *data, unsigned int datalen,
+ unsigned char *output);
+
+CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
+ const char *domain, size_t domlen,
+ unsigned char *ntlmhash,
+ unsigned char *ntlmv2hash);
+
+CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
+ unsigned char *challenge_client,
+ struct ntlmdata *ntlm,
+ unsigned char **ntresp,
+ unsigned int *ntresp_len);
+
+CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
+ unsigned char *challenge_client,
+ unsigned char *challenge_server,
+ unsigned char *lmresp);
+
+#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
+
+#endif /* USE_NTRESPONSES */
+
+#endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */
+
+#endif /* USE_NTLM */
#endif /* HEADER_CURL_NTLM_CORE_H */
diff --git a/libs/libcurl/src/curl_ntlm_wb.c b/libs/libcurl/src/curl_ntlm_wb.c
index b1c20e1b3b..03f47a3a52 100644
--- a/libs/libcurl/src/curl_ntlm_wb.c
+++ b/libs/libcurl/src/curl_ntlm_wb.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,13 +22,14 @@
#include "curl_setup.h"
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
+ defined(NTLM_WB_ENABLED)
/*
* NTLM details:
*
- * http://davenport.sourceforge.net/ntlm.html
- * http://www.innovation.ch/java/ntlm.html
+ * https://davenport.sourceforge.io/ntlm.html
+ * https://www.innovation.ch/java/ntlm.html
*/
#define DEBUG_ME 0
@@ -39,19 +40,22 @@
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
#include "urldata.h"
#include "sendf.h"
#include "select.h"
+#include "vauth/ntlm.h"
+#include "curl_ntlm_core.h"
#include "curl_ntlm_wb.h"
#include "url.h"
#include "strerror.h"
+#include "strdup.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
#include "memdebug.h"
#if DEBUG_ME
@@ -102,9 +106,9 @@ void Curl_ntlm_wb_cleanup(struct connectdata *conn)
conn->ntlm_auth_hlpr_pid = 0;
}
- Curl_safefree(conn->challenge_header);
+ free(conn->challenge_header);
conn->challenge_header = NULL;
- Curl_safefree(conn->response_header);
+ free(conn->response_header);
conn->response_header = NULL;
}
@@ -116,7 +120,10 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
char *slash, *domain = NULL;
const char *ntlm_auth = NULL;
char *ntlm_auth_alloc = NULL;
- int error;
+#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID)
+ struct passwd pw, *pw_res;
+ char pwbuf[1024];
+#endif
/* Return if communication with ntlm_auth already set up */
if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD ||
@@ -124,9 +131,34 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
return CURLE_OK;
username = userp;
+ /* The real ntlm_auth really doesn't like being invoked with an
+ empty username. It won't make inferences for itself, and expects
+ the client to do so (mostly because it's really designed for
+ servers like squid to use for auth, and client support is an
+ afterthought for it). So try hard to provide a suitable username
+ if we don't already have one. But if we can't, provide the
+ empty one anyway. Perhaps they have an implementation of the
+ ntlm_auth helper which *doesn't* need it so we might as well try */
+ if(!username || !username[0]) {
+ username = getenv("NTLMUSER");
+ if(!username || !username[0])
+ username = getenv("LOGNAME");
+ if(!username || !username[0])
+ username = getenv("USER");
+#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID)
+ if((!username || !username[0]) &&
+ !getpwuid_r(geteuid(), &pw, pwbuf, sizeof(pwbuf), &pw_res) &&
+ pw_res) {
+ username = pw.pw_name;
+ }
+#endif
+ if(!username || !username[0])
+ username = userp;
+ }
slash = strpbrk(username, "\\/");
if(slash) {
- if((domain = strdup(username)) == NULL)
+ domain = strdup(username);
+ if(!domain)
return CURLE_OUT_OF_MEMORY;
slash = domain + (slash - username);
*slash = '\0';
@@ -146,26 +178,23 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
ntlm_auth = NTLM_WB_FILE;
if(access(ntlm_auth, X_OK) != 0) {
- error = ERRNO;
failf(conn->data, "Could not access ntlm_auth: %s errno %d: %s",
- ntlm_auth, error, Curl_strerror(conn, error));
+ ntlm_auth, errno, Curl_strerror(conn, errno));
goto done;
}
if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) {
- error = ERRNO;
failf(conn->data, "Could not open socket pair. errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
goto done;
}
child_pid = fork();
if(child_pid == -1) {
- error = ERRNO;
sclose(sockfds[0]);
sclose(sockfds[1]);
failf(conn->data, "Could not fork. errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
goto done;
}
else if(!child_pid) {
@@ -176,16 +205,14 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
/* Don't use sclose in the child since it fools the socket leak detector */
sclose_nolog(sockfds[0]);
if(dup2(sockfds[1], STDIN_FILENO) == -1) {
- error = ERRNO;
failf(conn->data, "Could not redirect child stdin. errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
exit(1);
}
if(dup2(sockfds[1], STDOUT_FILENO) == -1) {
- error = ERRNO;
failf(conn->data, "Could not redirect child stdout. errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
exit(1);
}
@@ -203,33 +230,33 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
"--username", username,
NULL);
- error = ERRNO;
sclose_nolog(sockfds[1]);
failf(conn->data, "Could not execl(). errno %d: %s",
- error, Curl_strerror(conn, error));
+ errno, Curl_strerror(conn, errno));
exit(1);
}
sclose(sockfds[1]);
conn->ntlm_auth_hlpr_socket = sockfds[0];
conn->ntlm_auth_hlpr_pid = child_pid;
- Curl_safefree(domain);
- Curl_safefree(ntlm_auth_alloc);
+ free(domain);
+ free(ntlm_auth_alloc);
return CURLE_OK;
done:
- Curl_safefree(domain);
- Curl_safefree(ntlm_auth_alloc);
+ free(domain);
+ free(ntlm_auth_alloc);
return CURLE_REMOTE_ACCESS_DENIED;
}
static CURLcode ntlm_wb_response(struct connectdata *conn,
const char *input, curlntlm state)
{
- ssize_t size;
- char buf[200]; /* enough, type 1, 3 message length is less then 200 */
- char *tmpbuf = buf;
- size_t len_in = strlen(input), len_out = sizeof(buf);
+ char *buf = malloc(NTLM_BUFSIZE);
+ size_t len_in = strlen(input), len_out = 0;
+
+ if(!buf)
+ return CURLE_OUT_OF_MEMORY;
while(len_in > 0) {
ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
@@ -244,8 +271,11 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
len_in -= written;
}
/* Read one line */
- while(len_out > 0) {
- size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out);
+ while(1) {
+ ssize_t size;
+ char *newbuf;
+
+ size = sread(conn->ntlm_auth_hlpr_socket, buf + len_out, NTLM_BUFSIZE);
if(size == -1) {
if(errno == EINTR)
continue;
@@ -253,22 +283,26 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
}
else if(size == 0)
goto done;
- else if(tmpbuf[size - 1] == '\n') {
- tmpbuf[size - 1] = '\0';
- goto wrfinish;
+
+ len_out += size;
+ if(buf[len_out - 1] == '\n') {
+ buf[len_out - 1] = '\0';
+ break;
}
- tmpbuf += size;
- len_out -= size;
+ newbuf = Curl_saferealloc(buf, len_out + NTLM_BUFSIZE);
+ if(!newbuf)
+ return CURLE_OUT_OF_MEMORY;
+
+ buf = newbuf;
}
- goto done;
-wrfinish:
+
/* Samba/winbind installed but not configured */
if(state == NTLMSTATE_TYPE1 &&
- size == 3 &&
+ len_out == 3 &&
buf[0] == 'P' && buf[1] == 'W')
- return CURLE_REMOTE_ACCESS_DENIED;
+ goto done;
/* invalid response */
- if(size < 4)
+ if(len_out < 4)
goto done;
if(state == NTLMSTATE_TYPE1 &&
(buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
@@ -278,9 +312,11 @@ wrfinish:
(buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
goto done;
- conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3);
+ conn->response_header = aprintf("NTLM %.*s", len_out - 4, buf + 3);
+ free(buf);
return CURLE_OK;
done:
+ free(buf);
return CURLE_REMOTE_ACCESS_DENIED;
}
@@ -308,7 +344,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
- userp = conn->proxyuser;
+ userp = conn->http_proxy.user;
ntlm = &conn->proxyntlm;
authp = &conn->data->state.authproxy;
}
@@ -322,7 +358,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
/* not set means empty */
if(!userp)
- userp="";
+ userp = "";
switch(ntlm->state) {
case NTLMSTATE_TYPE1:
@@ -331,8 +367,8 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
* by delegating the NTLM challenge/response protocal to a helper
* in ntlm_auth.
* http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
- * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
- * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
+ * https://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
+ * https://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
* Preprocessor symbol 'NTLM_WB_ENABLED' is defined when this
* feature is enabled and 'NTLM_WB_FILE' symbol holds absolute
* filename of ntlm_auth helper.
@@ -347,16 +383,16 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(res)
return res;
- Curl_safefree(*allocuserpwd);
+ free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: %s\r\n",
proxy ? "Proxy-" : "",
conn->response_header);
DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
- Curl_safefree(conn->response_header);
+ free(conn->response_header);
conn->response_header = NULL;
break;
case NTLMSTATE_TYPE2:
- input = aprintf("TT %s", conn->challenge_header);
+ input = aprintf("TT %s\n", conn->challenge_header);
if(!input)
return CURLE_OUT_OF_MEMORY;
res = ntlm_wb_response(conn, input, ntlm->state);
@@ -365,7 +401,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(res)
return res;
- Curl_safefree(*allocuserpwd);
+ free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: %s\r\n",
proxy ? "Proxy-" : "",
conn->response_header);
@@ -377,10 +413,8 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
- if(*allocuserpwd) {
- free(*allocuserpwd);
- *allocuserpwd=NULL;
- }
+ free(*allocuserpwd);
+ *allocuserpwd = NULL;
authp->done = TRUE;
break;
}
@@ -388,4 +422,4 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
return CURLE_OK;
}
-#endif /* USE_NTLM && NTLM_WB_ENABLED */
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */
diff --git a/libs/libcurl/src/curl_ntlm_wb.h b/libs/libcurl/src/curl_ntlm_wb.h
index db6bc16b73..aba3d469c3 100644
--- a/libs/libcurl/src/curl_ntlm_wb.h
+++ b/libs/libcurl/src/curl_ntlm_wb.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,7 +24,8 @@
#include "curl_setup.h"
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
+ defined(NTLM_WB_ENABLED)
/* this is for creating ntlm header output by delegating challenge/response
to Samba's winbind daemon helper ntlm_auth */
@@ -32,6 +33,6 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
void Curl_ntlm_wb_cleanup(struct connectdata *conn);
-#endif /* USE_NTLM && NTLM_WB_ENABLED */
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */
#endif /* HEADER_CURL_NTLM_WB_H */
diff --git a/libs/libcurl/src/curl_printf.h b/libs/libcurl/src/curl_printf.h
new file mode 100644
index 0000000000..49857cdb0d
--- /dev/null
+++ b/libs/libcurl/src/curl_printf.h
@@ -0,0 +1,56 @@
+#ifndef HEADER_CURL_PRINTF_H
+#define HEADER_CURL_PRINTF_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * This header should be included by ALL code in libcurl that uses any
+ * *rintf() functions.
+ */
+
+#include <curl/mprintf.h>
+
+# undef printf
+# undef fprintf
+# undef snprintf
+# undef vprintf
+# undef vfprintf
+# undef vsnprintf
+# undef aprintf
+# undef vaprintf
+# define printf curl_mprintf
+# define fprintf curl_mfprintf
+# define snprintf curl_msnprintf
+# define vprintf curl_mvprintf
+# define vfprintf curl_mvfprintf
+# define vsnprintf curl_mvsnprintf
+# define aprintf curl_maprintf
+# define vaprintf curl_mvaprintf
+
+/* We define away the sprintf functions unconditonally since we don't want
+ internal code to be using them, intentionally or by mistake!*/
+# undef sprintf
+# undef vsprintf
+# define sprintf sprintf_was_used
+# define vsprintf vsprintf_was_used
+
+#endif /* HEADER_CURL_PRINTF_H */
diff --git a/libs/libcurl/src/curl_rtmp.c b/libs/libcurl/src/curl_rtmp.c
index 45da35ca01..97430647bf 100644
--- a/libs/libcurl/src/curl_rtmp.c
+++ b/libs/libcurl/src/curl_rtmp.c
@@ -5,11 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
+ * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2010, Howard Chu, <hyc@highlandsun.com>
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,6 +25,7 @@
#ifdef USE_LIBRTMP
+#include "curl_rtmp.h"
#include "urldata.h"
#include "nonblock.h" /* for curlx_nonblock */
#include "progress.h" /* for Curl_pgrsSetUploadSize */
@@ -31,10 +33,6 @@
#include "warnless.h"
#include <curl/curl.h>
#include <librtmp/rtmp.h>
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -48,7 +46,7 @@
#define DEF_BUFTIME (2*60*60*1000) /* 2 hours */
-static CURLcode rtmp_setup(struct connectdata *conn);
+static CURLcode rtmp_setup_connection(struct connectdata *conn);
static CURLcode rtmp_do(struct connectdata *conn, bool *done);
static CURLcode rtmp_done(struct connectdata *conn, CURLcode, bool premature);
static CURLcode rtmp_connect(struct connectdata *conn, bool *done);
@@ -58,12 +56,12 @@ static Curl_recv rtmp_recv;
static Curl_send rtmp_send;
/*
- * RTMP protocol handler.h, based on http://rtmpdump.mplayerhq.hu
+ * RTMP protocol handler.h, based on https://rtmpdump.mplayerhq.hu
*/
const struct Curl_handler Curl_handler_rtmp = {
"RTMP", /* scheme */
- rtmp_setup, /* setup_connection */
+ rtmp_setup_connection, /* setup_connection */
rtmp_do, /* do_it */
rtmp_done, /* done */
ZERO_NULL, /* do_more */
@@ -76,6 +74,7 @@ const struct Curl_handler Curl_handler_rtmp = {
ZERO_NULL, /* perform_getsock */
rtmp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_RTMP, /* defport */
CURLPROTO_RTMP, /* protocol */
PROTOPT_NONE /* flags*/
@@ -83,7 +82,7 @@ const struct Curl_handler Curl_handler_rtmp = {
const struct Curl_handler Curl_handler_rtmpt = {
"RTMPT", /* scheme */
- rtmp_setup, /* setup_connection */
+ rtmp_setup_connection, /* setup_connection */
rtmp_do, /* do_it */
rtmp_done, /* done */
ZERO_NULL, /* do_more */
@@ -96,6 +95,7 @@ const struct Curl_handler Curl_handler_rtmpt = {
ZERO_NULL, /* perform_getsock */
rtmp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_RTMPT, /* defport */
CURLPROTO_RTMPT, /* protocol */
PROTOPT_NONE /* flags*/
@@ -103,7 +103,7 @@ const struct Curl_handler Curl_handler_rtmpt = {
const struct Curl_handler Curl_handler_rtmpe = {
"RTMPE", /* scheme */
- rtmp_setup, /* setup_connection */
+ rtmp_setup_connection, /* setup_connection */
rtmp_do, /* do_it */
rtmp_done, /* done */
ZERO_NULL, /* do_more */
@@ -116,6 +116,7 @@ const struct Curl_handler Curl_handler_rtmpe = {
ZERO_NULL, /* perform_getsock */
rtmp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_RTMP, /* defport */
CURLPROTO_RTMPE, /* protocol */
PROTOPT_NONE /* flags*/
@@ -123,7 +124,7 @@ const struct Curl_handler Curl_handler_rtmpe = {
const struct Curl_handler Curl_handler_rtmpte = {
"RTMPTE", /* scheme */
- rtmp_setup, /* setup_connection */
+ rtmp_setup_connection, /* setup_connection */
rtmp_do, /* do_it */
rtmp_done, /* done */
ZERO_NULL, /* do_more */
@@ -136,6 +137,7 @@ const struct Curl_handler Curl_handler_rtmpte = {
ZERO_NULL, /* perform_getsock */
rtmp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_RTMPT, /* defport */
CURLPROTO_RTMPTE, /* protocol */
PROTOPT_NONE /* flags*/
@@ -143,7 +145,7 @@ const struct Curl_handler Curl_handler_rtmpte = {
const struct Curl_handler Curl_handler_rtmps = {
"RTMPS", /* scheme */
- rtmp_setup, /* setup_connection */
+ rtmp_setup_connection, /* setup_connection */
rtmp_do, /* do_it */
rtmp_done, /* done */
ZERO_NULL, /* do_more */
@@ -156,6 +158,7 @@ const struct Curl_handler Curl_handler_rtmps = {
ZERO_NULL, /* perform_getsock */
rtmp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_RTMPS, /* defport */
CURLPROTO_RTMPS, /* protocol */
PROTOPT_NONE /* flags*/
@@ -163,7 +166,7 @@ const struct Curl_handler Curl_handler_rtmps = {
const struct Curl_handler Curl_handler_rtmpts = {
"RTMPTS", /* scheme */
- rtmp_setup, /* setup_connection */
+ rtmp_setup_connection, /* setup_connection */
rtmp_do, /* do_it */
rtmp_done, /* done */
ZERO_NULL, /* do_more */
@@ -176,15 +179,15 @@ const struct Curl_handler Curl_handler_rtmpts = {
ZERO_NULL, /* perform_getsock */
rtmp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_RTMPS, /* defport */
CURLPROTO_RTMPTS, /* protocol */
PROTOPT_NONE /* flags*/
};
-static CURLcode rtmp_setup(struct connectdata *conn)
+static CURLcode rtmp_setup_connection(struct connectdata *conn)
{
RTMP *r = RTMP_Alloc();
-
if(!r)
return CURLE_OUT_OF_MEMORY;
@@ -201,9 +204,9 @@ static CURLcode rtmp_setup(struct connectdata *conn)
static CURLcode rtmp_connect(struct connectdata *conn, bool *done)
{
RTMP *r = conn->proto.generic;
- SET_RCVTIMEO(tv,10);
+ SET_RCVTIMEO(tv, 10);
- r->m_sb.sb_socket = conn->sock[FIRSTSOCKET];
+ r->m_sb.sb_socket = (int)conn->sock[FIRSTSOCKET];
/* We have to know if it's a write before we send the
* connect request packet
@@ -216,7 +219,7 @@ static CURLcode rtmp_connect(struct connectdata *conn, bool *done)
!(r->Link.protocol & RTMP_FEATURE_HTTP))
r->Link.lFlags |= RTMP_LF_BUFX;
- curlx_nonblock(r->m_sb.sb_socket, FALSE);
+ (void)curlx_nonblock(r->m_sb.sb_socket, FALSE);
setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
(char *)&tv, sizeof(tv));
@@ -240,7 +243,7 @@ static CURLcode rtmp_do(struct connectdata *conn, bool *done)
return CURLE_FAILED_INIT;
if(conn->data->set.upload) {
- Curl_pgrsSetUploadSize(conn->data, conn->data->set.infilesize);
+ Curl_pgrsSetUploadSize(conn->data, conn->data->state.infilesize);
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
}
else
diff --git a/libs/libcurl/src/curl_rtmp.h b/libs/libcurl/src/curl_rtmp.h
index 4a9e9e60c2..3306e22005 100644
--- a/libs/libcurl/src/curl_rtmp.h
+++ b/libs/libcurl/src/curl_rtmp.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/curl_sasl.c b/libs/libcurl/src/curl_sasl.c
index b3ffc66156..550433d674 100644
--- a/libs/libcurl/src/curl_sasl.c
+++ b/libs/libcurl/src/curl_sasl.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -19,10 +19,13 @@
* KIND, either express or implied.
*
* RFC2195 CRAM-MD5 authentication
+ * RFC2617 Basic and Digest Access Authentication
* RFC2831 DIGEST-MD5 authentication
* RFC4422 Simple Authentication and Security Layer (SASL)
* RFC4616 PLAIN authentication
* RFC6749 OAuth 2.0 Authorization Framework
+ * RFC7628 A Set of SASL Mechanisms for OAuth
+ * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
***************************************************************************/
@@ -33,507 +36,593 @@
#include "curl_base64.h"
#include "curl_md5.h"
-#include "sslgen.h"
+#include "vauth/vauth.h"
+#include "vtls/vtls.h"
#include "curl_hmac.h"
-#include "curl_ntlm_msgs.h"
#include "curl_sasl.h"
#include "warnless.h"
+#include "strtok.h"
+#include "sendf.h"
+#include "non-ascii.h" /* included for Curl_convert_... prototypes */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
#include "memdebug.h"
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-/* Retrieves the value for a corresponding key from the challenge string
- * returns TRUE if the key could be found, FALSE if it does not exists
- */
-static bool sasl_digest_get_key_value(const unsigned char *chlg,
- const char *key,
- char *value,
- size_t max_val_len,
- char end_char)
-{
- char *find_pos;
- size_t i;
-
- find_pos = strstr((const char *) chlg, key);
- if(!find_pos)
- return FALSE;
-
- find_pos += strlen(key);
-
- for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
- value[i] = *find_pos++;
- value[i] = '\0';
-
- return TRUE;
-}
-#endif
+/* Supported mechanisms */
+static const struct {
+ const char *name; /* Name */
+ size_t len; /* Name length */
+ unsigned int bit; /* Flag bit */
+} mechtable[] = {
+ { "LOGIN", 5, SASL_MECH_LOGIN },
+ { "PLAIN", 5, SASL_MECH_PLAIN },
+ { "CRAM-MD5", 8, SASL_MECH_CRAM_MD5 },
+ { "DIGEST-MD5", 10, SASL_MECH_DIGEST_MD5 },
+ { "GSSAPI", 6, SASL_MECH_GSSAPI },
+ { "EXTERNAL", 8, SASL_MECH_EXTERNAL },
+ { "NTLM", 4, SASL_MECH_NTLM },
+ { "XOAUTH2", 7, SASL_MECH_XOAUTH2 },
+ { "OAUTHBEARER", 11, SASL_MECH_OAUTHBEARER },
+ { ZERO_NULL, 0, 0 }
+};
/*
- * Curl_sasl_create_plain_message()
+ * Curl_sasl_cleanup()
*
- * This is used to generate an already encoded PLAIN message ready
- * for sending to the recipient.
+ * This is used to cleanup any libraries or curl modules used by the sasl
+ * functions.
*
* Parameters:
*
- * data [in] - The session handle.
- * userp [in] - The user name.
- * passdwp [in] - The user's password.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
- *
- * Returns CURLE_OK on success.
+ * conn [in] - The connection data.
+ * authused [in] - The authentication mechanism used.
*/
-CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
- const char *userp,
- const char *passwdp,
- char **outptr, size_t *outlen)
+void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
{
- CURLcode result;
- char *plainauth;
- size_t ulen;
- size_t plen;
-
- ulen = strlen(userp);
- plen = strlen(passwdp);
-
- plainauth = malloc(2 * ulen + plen + 2);
- if(!plainauth) {
- *outlen = 0;
- *outptr = NULL;
- return CURLE_OUT_OF_MEMORY;
+#if defined(USE_KERBEROS5)
+ /* Cleanup the gssapi structure */
+ if(authused == SASL_MECH_GSSAPI) {
+ Curl_auth_gssapi_cleanup(&conn->krb5);
}
+#endif
- /* Calculate the reply */
- memcpy(plainauth, userp, ulen);
- plainauth[ulen] = '\0';
- memcpy(plainauth + ulen + 1, userp, ulen);
- plainauth[2 * ulen + 1] = '\0';
- memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
-
- /* Base64 encode the reply */
- result = Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
- outlen);
- Curl_safefree(plainauth);
- return result;
+#if defined(USE_NTLM)
+ /* Cleanup the NTLM structure */
+ if(authused == SASL_MECH_NTLM) {
+ Curl_auth_ntlm_cleanup(&conn->ntlm);
+ }
+#endif
+
+#if !defined(USE_KERBEROS5) && !defined(USE_NTLM)
+ /* Reserved for future use */
+ (void)conn;
+ (void)authused;
+#endif
}
/*
- * Curl_sasl_create_login_message()
+ * Curl_sasl_decode_mech()
*
- * This is used to generate an already encoded LOGIN message containing the
- * user name or password ready for sending to the recipient.
+ * Convert a SASL mechanism name into a token.
*
* Parameters:
*
- * data [in] - The session handle.
- * valuep [in] - The user name or user's password.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
+ * ptr [in] - The mechanism string.
+ * maxlen [in] - Maximum mechanism string length.
+ * len [out] - If not NULL, effective name length.
*
- * Returns CURLE_OK on success.
+ * Returns the SASL mechanism token or 0 if no match.
*/
-CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
- const char *valuep, char **outptr,
- size_t *outlen)
+unsigned int Curl_sasl_decode_mech(const char *ptr, size_t maxlen, size_t *len)
{
- size_t vlen = strlen(valuep);
-
- if(!vlen) {
- /* Calculate an empty reply */
- *outptr = strdup("=");
- if(*outptr) {
- *outlen = (size_t) 1;
- return CURLE_OK;
- }
+ unsigned int i;
+ char c;
+
+ for(i = 0; mechtable[i].name; i++) {
+ if(maxlen >= mechtable[i].len &&
+ !memcmp(ptr, mechtable[i].name, mechtable[i].len)) {
+ if(len)
+ *len = mechtable[i].len;
+
+ if(maxlen == mechtable[i].len)
+ return mechtable[i].bit;
- *outlen = 0;
- return CURLE_OUT_OF_MEMORY;
+ c = ptr[mechtable[i].len];
+ if(!ISUPPER(c) && !ISDIGIT(c) && c != '-' && c != '_')
+ return mechtable[i].bit;
+ }
}
- /* Base64 encode the value */
- return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
+ return 0;
}
-#ifndef CURL_DISABLE_CRYPTO_AUTH
/*
- * Curl_sasl_create_cram_md5_message()
- *
- * This is used to generate an already encoded CRAM-MD5 response message ready
- * for sending to the recipient.
- *
- * Parameters:
+ * Curl_sasl_parse_url_auth_option()
*
- * data [in] - The session handle.
- * chlg64 [in] - Pointer to the base64 encoded challenge buffer.
- * userp [in] - The user name.
- * passdwp [in] - The user's password.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
- *
- * Returns CURLE_OK on success.
+ * Parse the URL login options.
*/
-CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
- const char *chlg64,
- const char *userp,
- const char *passwdp,
- char **outptr, size_t *outlen)
+CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
+ const char *value, size_t len)
{
CURLcode result = CURLE_OK;
- size_t chlg64len = strlen(chlg64);
- unsigned char *chlg = (unsigned char *) NULL;
- size_t chlglen = 0;
- HMAC_context *ctxt;
- unsigned char digest[MD5_DIGEST_LEN];
- char *response;
+ unsigned int mechbit;
+ size_t mechlen;
- /* Decode the challenge if necessary */
- if(chlg64len && *chlg64 != '=') {
- result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(!len)
+ return CURLE_URL_MALFORMAT;
- if(result)
- return result;
+ if(sasl->resetprefs) {
+ sasl->resetprefs = FALSE;
+ sasl->prefmech = SASL_AUTH_NONE;
}
- /* Compute the digest using the password as the key */
- ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
- (const unsigned char *) passwdp,
- curlx_uztoui(strlen(passwdp)));
-
- if(!ctxt) {
- Curl_safefree(chlg);
- return CURLE_OUT_OF_MEMORY;
+ if(!strncmp(value, "*", len))
+ sasl->prefmech = SASL_AUTH_DEFAULT;
+ else {
+ mechbit = Curl_sasl_decode_mech(value, len, &mechlen);
+ if(mechbit && mechlen == len)
+ sasl->prefmech |= mechbit;
+ else
+ result = CURLE_URL_MALFORMAT;
}
- /* Update the digest with the given challenge */
- if(chlglen > 0)
- Curl_HMAC_update(ctxt, chlg, curlx_uztoui(chlglen));
-
- Curl_safefree(chlg);
-
- /* Finalise the digest */
- Curl_HMAC_final(ctxt, digest);
-
- /* Prepare the response */
- response = aprintf(
- "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
- userp, digest[0], digest[1], digest[2], digest[3], digest[4],
- digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
- digest[11], digest[12], digest[13], digest[14], digest[15]);
- if(!response)
- return CURLE_OUT_OF_MEMORY;
-
- /* Base64 encode the reply */
- result = Curl_base64_encode(data, response, 0, outptr, outlen);
-
- Curl_safefree(response);
return result;
}
/*
- * Curl_sasl_create_digest_md5_message()
- *
- * This is used to generate an already encoded DIGEST-MD5 response message
- * ready for sending to the recipient.
+ * Curl_sasl_init()
*
- * Parameters:
- *
- * data [in] - The session handle.
- * chlg64 [in] - Pointer to the base64 encoded challenge buffer.
- * userp [in] - The user name.
- * passdwp [in] - The user's password.
- * service [in] - The service type such as www, smtp or pop
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
- *
- * Returns CURLE_OK on success.
+ * Initializes the SASL structure.
*/
-CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
- const char *chlg64,
- const char *userp,
- const char *passwdp,
- const char *service,
- char **outptr, size_t *outlen)
+void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params)
{
- static const char table16[] = "0123456789abcdef";
-
- CURLcode result = CURLE_OK;
- unsigned char *chlg = (unsigned char *) NULL;
- size_t chlglen = 0;
- size_t i;
- MD5_context *ctxt;
- unsigned char digest[MD5_DIGEST_LEN];
- char HA1_hex[2 * MD5_DIGEST_LEN + 1];
- char HA2_hex[2 * MD5_DIGEST_LEN + 1];
- char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
-
- char nonce[64];
- char realm[128];
- char alg[64];
- char nonceCount[] = "00000001";
- char cnonce[] = "12345678"; /* will be changed */
- char method[] = "AUTHENTICATE";
- char qop[] = "auth";
- char uri[128];
- char response[512];
-
- result = Curl_base64_decode(chlg64, &chlg, &chlglen);
-
- if(result)
- return result;
-
- if(!chlg)
- return CURLE_LOGIN_DENIED;
-
- /* Retrieve nonce string from the challenge */
- if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce,
- sizeof(nonce), '\"')) {
- Curl_safefree(chlg);
- return CURLE_LOGIN_DENIED;
- }
-
- /* Retrieve realm string from the challenge */
- if(!sasl_digest_get_key_value(chlg, "realm=\"", realm,
- sizeof(realm), '\"')) {
- /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
- strcpy(realm, "");
- }
-
- /* Retrieve algorithm string from the challenge */
- if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) {
- Curl_safefree(chlg);
- return CURLE_LOGIN_DENIED;
- }
-
- Curl_safefree(chlg);
-
- /* We do not support other algorithms */
- if(strcmp(alg, "md5-sess") != 0)
- return CURLE_LOGIN_DENIED;
-
- /* Generate 64 bits of random data */
- for(i = 0; i < 8; i++)
- cnonce[i] = table16[Curl_rand(data)%16];
-
- /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
- ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
- if(!ctxt)
- return CURLE_OUT_OF_MEMORY;
-
- Curl_MD5_update(ctxt, (const unsigned char *) userp,
- curlx_uztoui(strlen(userp)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) realm,
- curlx_uztoui(strlen(realm)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
- curlx_uztoui(strlen(passwdp)));
- Curl_MD5_final(ctxt, digest);
-
- ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
- if(!ctxt)
- return CURLE_OUT_OF_MEMORY;
-
- Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) nonce,
- curlx_uztoui(strlen(nonce)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
- curlx_uztoui(strlen(cnonce)));
- Curl_MD5_final(ctxt, digest);
-
- /* Convert calculated 16 octet hex into 32 bytes string */
- for(i = 0; i < MD5_DIGEST_LEN; i++)
- snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
-
- /* Prepare the URL string */
- snprintf(uri, sizeof(uri), "%s/%s", service, realm);
-
- /* Calculate H(A2) */
- ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
- if(!ctxt)
- return CURLE_OUT_OF_MEMORY;
-
- Curl_MD5_update(ctxt, (const unsigned char *) method,
- curlx_uztoui(strlen(method)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) uri,
- curlx_uztoui(strlen(uri)));
- Curl_MD5_final(ctxt, digest);
-
- for(i = 0; i < MD5_DIGEST_LEN; i++)
- snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
-
- /* Now calculate the response hash */
- ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
- if(!ctxt)
- return CURLE_OUT_OF_MEMORY;
-
- Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) nonce,
- curlx_uztoui(strlen(nonce)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
-
- Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
- curlx_uztoui(strlen(nonceCount)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
- curlx_uztoui(strlen(cnonce)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
- Curl_MD5_update(ctxt, (const unsigned char *) qop,
- curlx_uztoui(strlen(qop)));
- Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
-
- Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
- Curl_MD5_final(ctxt, digest);
-
- for(i = 0; i < MD5_DIGEST_LEN; i++)
- snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
-
- snprintf(response, sizeof(response),
- "username=\"%s\",realm=\"%s\",nonce=\"%s\","
- "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
- userp, realm, nonce,
- cnonce, nonceCount, uri, resp_hash_hex);
-
- /* Base64 encode the reply */
- return Curl_base64_encode(data, response, 0, outptr, outlen);
+ sasl->params = params; /* Set protocol dependent parameters */
+ sasl->state = SASL_STOP; /* Not yet running */
+ sasl->authmechs = SASL_AUTH_NONE; /* No known authentication mechanism yet */
+ sasl->prefmech = SASL_AUTH_DEFAULT; /* Prefer all mechanisms */
+ sasl->authused = SASL_AUTH_NONE; /* No the authentication mechanism used */
+ sasl->resetprefs = TRUE; /* Reset prefmech upon AUTH parsing. */
+ sasl->mutual_auth = FALSE; /* No mutual authentication (GSSAPI only) */
+ sasl->force_ir = FALSE; /* Respect external option */
}
-#endif
-#ifdef USE_NTLM
/*
- * Curl_sasl_create_ntlm_type1_message()
- *
- * This is used to generate an already encoded NTLM type-1 message ready for
- * sending to the recipient.
- *
- * Note: This is a simple wrapper of the NTLM function which means that any
- * SASL based protocols don't have to include the NTLM functions directly.
+ * state()
*
- * Parameters:
- *
- * userp [in] - The user name in the format User or Domain\User.
- * passdwp [in] - The user's password.
- * ntlm [in/out] - The ntlm data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
- *
- * Returns CURLE_OK on success.
+ * This is the ONLY way to change SASL state!
*/
-CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr, size_t *outlen)
+static void state(struct SASL *sasl, struct connectdata *conn,
+ saslstate newstate)
{
- return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr,
- outlen);
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ /* for debug purposes */
+ static const char * const names[]={
+ "STOP",
+ "PLAIN",
+ "LOGIN",
+ "LOGIN_PASSWD",
+ "EXTERNAL",
+ "CRAMMD5",
+ "DIGESTMD5",
+ "DIGESTMD5_RESP",
+ "NTLM",
+ "NTLM_TYPE2MSG",
+ "GSSAPI",
+ "GSSAPI_TOKEN",
+ "GSSAPI_NO_DATA",
+ "OAUTH2",
+ "OAUTH2_RESP",
+ "CANCEL",
+ "FINAL",
+ /* LAST */
+ };
+
+ if(sasl->state != newstate)
+ infof(conn->data, "SASL %p state change from %s to %s\n",
+ (void *)sasl, names[sasl->state], names[newstate]);
+#else
+ (void) conn;
+#endif
+
+ sasl->state = newstate;
}
/*
- * Curl_sasl_create_ntlm_type3_message()
- *
- * This is used to generate an already encoded NTLM type-3 message ready for
- * sending to the recipient.
- *
- * Parameters:
+ * Curl_sasl_can_authenticate()
*
- * data [in] - Pointer to session handle.
- * header [in] - Pointer to the base64 encoded type-2 message buffer.
- * userp [in] - The user name in the format User or Domain\User.
- * passdwp [in] - The user's password.
- * ntlm [in/out] - The ntlm data struct being used and modified.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
- *
- * Returns CURLE_OK on success.
+ * Check if we have enough auth data and capabilities to authenticate.
*/
-CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
- const char *header,
- const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr, size_t *outlen)
+bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn)
{
- CURLcode result = Curl_ntlm_decode_type2_message(data, header, ntlm);
+ /* Have credentials been provided? */
+ if(conn->bits.user_passwd)
+ return TRUE;
- if(!result)
- result = Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm,
- outptr, outlen);
+ /* EXTERNAL can authenticate without a user name and/or password */
+ if(sasl->authmechs & sasl->prefmech & SASL_MECH_EXTERNAL)
+ return TRUE;
- return result;
+ return FALSE;
}
-#endif /* USE_NTLM */
/*
- * Curl_sasl_create_xoauth2_message()
- *
- * This is used to generate an already encoded XOAUTH2 message ready
- * for sending to the recipient.
- *
- * Parameters:
+ * Curl_sasl_start()
*
- * data [in] - The session handle.
- * user [in] - The user name.
- * bearer [in] - The XOAUTH Bearer token.
- * outptr [in/out] - The address where a pointer to newly allocated memory
- * holding the result will be stored upon completion.
- * outlen [out] - The length of the output message.
- *
- * Returns CURLE_OK on success.
+ * Calculate the required login details for SASL authentication.
*/
-CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
- const char *user,
- const char *bearer,
- char **outptr, size_t *outlen)
+CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
+ bool force_ir, saslprogress *progress)
{
- char *xoauth;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ unsigned int enabledmechs;
+ const char *mech = NULL;
+ char *resp = NULL;
+ size_t len = 0;
+ saslstate state1 = SASL_STOP;
+ saslstate state2 = SASL_FINAL;
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+#if defined(USE_KERBEROS5)
+ const char *service = data->set.str[STRING_SERVICE_NAME] ?
+ data->set.str[STRING_SERVICE_NAME] :
+ sasl->params->service;
+#endif
- xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
+ sasl->force_ir = force_ir; /* Latch for future use */
+ sasl->authused = 0; /* No mechanism used yet */
+ enabledmechs = sasl->authmechs & sasl->prefmech;
+ *progress = SASL_IDLE;
+
+ /* Calculate the supported authentication mechanism, by decreasing order of
+ security, as well as the initial response where appropriate */
+ if((enabledmechs & SASL_MECH_EXTERNAL) && !conn->passwd[0]) {
+ mech = SASL_MECH_STRING_EXTERNAL;
+ state1 = SASL_EXTERNAL;
+ sasl->authused = SASL_MECH_EXTERNAL;
+
+ if(force_ir || data->set.sasl_ir)
+ result = Curl_auth_create_external_message(data, conn->user, &resp,
+ &len);
+ }
+ else if(conn->bits.user_passwd) {
+#if defined(USE_KERBEROS5)
+ if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported() &&
+ Curl_auth_user_contains_domain(conn->user)) {
+ sasl->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
+ mech = SASL_MECH_STRING_GSSAPI;
+ state1 = SASL_GSSAPI;
+ state2 = SASL_GSSAPI_TOKEN;
+ sasl->authused = SASL_MECH_GSSAPI;
+
+ if(force_ir || data->set.sasl_ir)
+ result = Curl_auth_create_gssapi_user_message(data, conn->user,
+ conn->passwd,
+ service,
+ data->easy_conn->
+ host.name,
+ sasl->mutual_auth,
+ NULL, &conn->krb5,
+ &resp, &len);
+ }
+ else
+#endif
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ if((enabledmechs & SASL_MECH_DIGEST_MD5) &&
+ Curl_auth_is_digest_supported()) {
+ mech = SASL_MECH_STRING_DIGEST_MD5;
+ state1 = SASL_DIGESTMD5;
+ sasl->authused = SASL_MECH_DIGEST_MD5;
+ }
+ else if(enabledmechs & SASL_MECH_CRAM_MD5) {
+ mech = SASL_MECH_STRING_CRAM_MD5;
+ state1 = SASL_CRAMMD5;
+ sasl->authused = SASL_MECH_CRAM_MD5;
+ }
+ else
+#endif
+#ifdef USE_NTLM
+ if((enabledmechs & SASL_MECH_NTLM) && Curl_auth_is_ntlm_supported()) {
+ mech = SASL_MECH_STRING_NTLM;
+ state1 = SASL_NTLM;
+ state2 = SASL_NTLM_TYPE2MSG;
+ sasl->authused = SASL_MECH_NTLM;
+
+ if(force_ir || data->set.sasl_ir)
+ result = Curl_auth_create_ntlm_type1_message(data,
+ conn->user, conn->passwd,
+ &conn->ntlm, &resp, &len);
+ }
+ else
+#endif
+ if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
+ mech = SASL_MECH_STRING_OAUTHBEARER;
+ state1 = SASL_OAUTH2;
+ state2 = SASL_OAUTH2_RESP;
+ sasl->authused = SASL_MECH_OAUTHBEARER;
+
+ if(force_ir || data->set.sasl_ir)
+ result = Curl_auth_create_oauth_bearer_message(data, conn->user,
+ hostname,
+ port,
+ conn->oauth_bearer,
+ &resp, &len);
+ }
+ else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
+ mech = SASL_MECH_STRING_XOAUTH2;
+ state1 = SASL_OAUTH2;
+ sasl->authused = SASL_MECH_XOAUTH2;
+
+ if(force_ir || data->set.sasl_ir)
+ result = Curl_auth_create_oauth_bearer_message(data, conn->user,
+ NULL, 0,
+ conn->oauth_bearer,
+ &resp, &len);
+ }
+ else if(enabledmechs & SASL_MECH_LOGIN) {
+ mech = SASL_MECH_STRING_LOGIN;
+ state1 = SASL_LOGIN;
+ state2 = SASL_LOGIN_PASSWD;
+ sasl->authused = SASL_MECH_LOGIN;
+
+ if(force_ir || data->set.sasl_ir)
+ result = Curl_auth_create_login_message(data, conn->user, &resp, &len);
+ }
+ else if(enabledmechs & SASL_MECH_PLAIN) {
+ mech = SASL_MECH_STRING_PLAIN;
+ state1 = SASL_PLAIN;
+ sasl->authused = SASL_MECH_PLAIN;
+
+ if(force_ir || data->set.sasl_ir)
+ result = Curl_auth_create_plain_message(data, conn->user, conn->passwd,
+ &resp, &len);
+ }
+ }
+
+ if(!result && mech) {
+ if(resp && sasl->params->maxirlen &&
+ strlen(mech) + len > sasl->params->maxirlen) {
+ free(resp);
+ resp = NULL;
+ }
+
+ result = sasl->params->sendauth(conn, mech, resp);
+ if(!result) {
+ *progress = SASL_INPROGRESS;
+ state(sasl, conn, resp ? state2 : state1);
+ }
+ }
- if(!xoauth)
- return CURLE_OUT_OF_MEMORY;
+ free(resp);
- /* Base64 encode the reply */
- return Curl_base64_encode(data, xoauth, strlen(xoauth), outptr,
- outlen);
+ return result;
}
/*
- * Curl_sasl_cleanup()
+ * Curl_sasl_continue()
*
- * This is used to cleanup any libraries or curl modules used by the sasl
- * functions.
- *
- * Parameters:
- *
- * conn [in] - Pointer to the connection data.
- * authused [in] - The authentication mechanism used.
+ * Continue the authentication.
*/
-void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
+CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
+ int code, saslprogress *progress)
{
-#ifdef USE_NTLM
- /* Cleanup the ntlm structure */
- if(authused == SASL_MECH_NTLM) {
- Curl_ntlm_sspi_cleanup(&conn->ntlm);
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ saslstate newstate = SASL_FINAL;
+ char *resp = NULL;
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+ char *chlg = NULL;
+ size_t chlglen = 0;
+#endif
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5)
+ const char *service = data->set.str[STRING_SERVICE_NAME] ?
+ data->set.str[STRING_SERVICE_NAME] :
+ sasl->params->service;
+#endif
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
+ defined(USE_NTLM)
+ char *serverdata;
+#endif
+ size_t len = 0;
+
+ *progress = SASL_INPROGRESS;
+
+ if(sasl->state == SASL_FINAL) {
+ if(code != sasl->params->finalcode)
+ result = CURLE_LOGIN_DENIED;
+ *progress = SASL_DONE;
+ state(sasl, conn, SASL_STOP);
+ return result;
}
- (void)conn;
-#else
- /* Reserved for future use */
- (void)conn;
- (void)authused;
+
+ if(sasl->state != SASL_CANCEL && sasl->state != SASL_OAUTH2_RESP &&
+ code != sasl->params->contcode) {
+ *progress = SASL_DONE;
+ state(sasl, conn, SASL_STOP);
+ return CURLE_LOGIN_DENIED;
+ }
+
+ switch(sasl->state) {
+ case SASL_STOP:
+ *progress = SASL_DONE;
+ return result;
+ case SASL_PLAIN:
+ result = Curl_auth_create_plain_message(data, conn->user, conn->passwd,
+ &resp,
+ &len);
+ break;
+ case SASL_LOGIN:
+ result = Curl_auth_create_login_message(data, conn->user, &resp, &len);
+ newstate = SASL_LOGIN_PASSWD;
+ break;
+ case SASL_LOGIN_PASSWD:
+ result = Curl_auth_create_login_message(data, conn->passwd, &resp, &len);
+ break;
+ case SASL_EXTERNAL:
+ result = Curl_auth_create_external_message(data, conn->user, &resp, &len);
+ break;
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ case SASL_CRAMMD5:
+ sasl->params->getmessage(data->state.buffer, &serverdata);
+ result = Curl_auth_decode_cram_md5_message(serverdata, &chlg, &chlglen);
+ if(!result)
+ result = Curl_auth_create_cram_md5_message(data, chlg, conn->user,
+ conn->passwd, &resp, &len);
+ free(chlg);
+ break;
+ case SASL_DIGESTMD5:
+ sasl->params->getmessage(data->state.buffer, &serverdata);
+ result = Curl_auth_create_digest_md5_message(data, serverdata,
+ conn->user, conn->passwd,
+ service,
+ &resp, &len);
+ newstate = SASL_DIGESTMD5_RESP;
+ break;
+ case SASL_DIGESTMD5_RESP:
+ resp = strdup("");
+ if(!resp)
+ result = CURLE_OUT_OF_MEMORY;
+ break;
#endif
+
+#ifdef USE_NTLM
+ case SASL_NTLM:
+ /* Create the type-1 message */
+ result = Curl_auth_create_ntlm_type1_message(data,
+ conn->user, conn->passwd,
+ &conn->ntlm, &resp, &len);
+ newstate = SASL_NTLM_TYPE2MSG;
+ break;
+ case SASL_NTLM_TYPE2MSG:
+ /* Decode the type-2 message */
+ sasl->params->getmessage(data->state.buffer, &serverdata);
+ result = Curl_auth_decode_ntlm_type2_message(data, serverdata,
+ &conn->ntlm);
+ if(!result)
+ result = Curl_auth_create_ntlm_type3_message(data, conn->user,
+ conn->passwd, &conn->ntlm,
+ &resp, &len);
+ break;
+#endif
+
+#if defined(USE_KERBEROS5)
+ case SASL_GSSAPI:
+ result = Curl_auth_create_gssapi_user_message(data, conn->user,
+ conn->passwd,
+ service,
+ data->easy_conn->host.name,
+ sasl->mutual_auth, NULL,
+ &conn->krb5,
+ &resp, &len);
+ newstate = SASL_GSSAPI_TOKEN;
+ break;
+ case SASL_GSSAPI_TOKEN:
+ sasl->params->getmessage(data->state.buffer, &serverdata);
+ if(sasl->mutual_auth) {
+ /* Decode the user token challenge and create the optional response
+ message */
+ result = Curl_auth_create_gssapi_user_message(data, NULL, NULL,
+ NULL, NULL,
+ sasl->mutual_auth,
+ serverdata, &conn->krb5,
+ &resp, &len);
+ newstate = SASL_GSSAPI_NO_DATA;
+ }
+ else
+ /* Decode the security challenge and create the response message */
+ result = Curl_auth_create_gssapi_security_message(data, serverdata,
+ &conn->krb5,
+ &resp, &len);
+ break;
+ case SASL_GSSAPI_NO_DATA:
+ sasl->params->getmessage(data->state.buffer, &serverdata);
+ /* Decode the security challenge and create the response message */
+ result = Curl_auth_create_gssapi_security_message(data, serverdata,
+ &conn->krb5,
+ &resp, &len);
+ break;
+#endif
+
+ case SASL_OAUTH2:
+ /* Create the authorisation message */
+ if(sasl->authused == SASL_MECH_OAUTHBEARER) {
+ result = Curl_auth_create_oauth_bearer_message(data, conn->user,
+ hostname,
+ port,
+ conn->oauth_bearer,
+ &resp, &len);
+
+ /* Failures maybe sent by the server as continuations for OAUTHBEARER */
+ newstate = SASL_OAUTH2_RESP;
+ }
+ else
+ result = Curl_auth_create_oauth_bearer_message(data, conn->user,
+ NULL, 0,
+ conn->oauth_bearer,
+ &resp, &len);
+ break;
+
+ case SASL_OAUTH2_RESP:
+ /* The continuation is optional so check the response code */
+ if(code == sasl->params->finalcode) {
+ /* Final response was received so we are done */
+ *progress = SASL_DONE;
+ state(sasl, conn, SASL_STOP);
+ return result;
+ }
+ else if(code == sasl->params->contcode) {
+ /* Acknowledge the continuation by sending a 0x01 response base64
+ encoded */
+ resp = strdup("AQ==");
+ if(!resp)
+ result = CURLE_OUT_OF_MEMORY;
+ break;
+ }
+ else {
+ *progress = SASL_DONE;
+ state(sasl, conn, SASL_STOP);
+ return CURLE_LOGIN_DENIED;
+ }
+
+ case SASL_CANCEL:
+ /* Remove the offending mechanism from the supported list */
+ sasl->authmechs ^= sasl->authused;
+
+ /* Start an alternative SASL authentication */
+ result = Curl_sasl_start(sasl, conn, sasl->force_ir, progress);
+ newstate = sasl->state; /* Use state from Curl_sasl_start() */
+ break;
+ default:
+ failf(data, "Unsupported SASL authentication mechanism");
+ result = CURLE_UNSUPPORTED_PROTOCOL; /* Should not happen */
+ break;
+ }
+
+ switch(result) {
+ case CURLE_BAD_CONTENT_ENCODING:
+ /* Cancel dialog */
+ result = sasl->params->sendcont(conn, "*");
+ newstate = SASL_CANCEL;
+ break;
+ case CURLE_OK:
+ if(resp)
+ result = sasl->params->sendcont(conn, resp);
+ break;
+ default:
+ newstate = SASL_STOP; /* Stop on error */
+ *progress = SASL_DONE;
+ break;
+ }
+
+ free(resp);
+
+ state(sasl, conn, newstate);
+
+ return result;
}
diff --git a/libs/libcurl/src/curl_sasl.h b/libs/libcurl/src/curl_sasl.h
index 2b6a5a26aa..7647a48be4 100644
--- a/libs/libcurl/src/curl_sasl.h
+++ b/libs/libcurl/src/curl_sasl.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,11 +22,10 @@
*
***************************************************************************/
-#include "pingpong.h"
+#include <curl/curl.h>
-/* Authentication mechanism values */
-#define SASL_AUTH_NONE 0
-#define SASL_AUTH_ANY ~0U
+struct Curl_easy;
+struct connectdata;
/* Authentication mechanism flags */
#define SASL_MECH_LOGIN (1 << 0)
@@ -37,79 +36,108 @@
#define SASL_MECH_EXTERNAL (1 << 5)
#define SASL_MECH_NTLM (1 << 6)
#define SASL_MECH_XOAUTH2 (1 << 7)
+#define SASL_MECH_OAUTHBEARER (1 << 8)
+
+/* Authentication mechanism values */
+#define SASL_AUTH_NONE 0
+#define SASL_AUTH_ANY ~0U
+#define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
/* Authentication mechanism strings */
-#define SASL_MECH_STRING_LOGIN "LOGIN"
-#define SASL_MECH_STRING_PLAIN "PLAIN"
-#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
-#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
-#define SASL_MECH_STRING_GSSAPI "GSSAPI"
-#define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
-#define SASL_MECH_STRING_NTLM "NTLM"
-#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
+#define SASL_MECH_STRING_LOGIN "LOGIN"
+#define SASL_MECH_STRING_PLAIN "PLAIN"
+#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
+#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
+#define SASL_MECH_STRING_GSSAPI "GSSAPI"
+#define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
+#define SASL_MECH_STRING_NTLM "NTLM"
+#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
+#define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER"
+
+/* SASL machine states */
+typedef enum {
+ SASL_STOP,
+ SASL_PLAIN,
+ SASL_LOGIN,
+ SASL_LOGIN_PASSWD,
+ SASL_EXTERNAL,
+ SASL_CRAMMD5,
+ SASL_DIGESTMD5,
+ SASL_DIGESTMD5_RESP,
+ SASL_NTLM,
+ SASL_NTLM_TYPE2MSG,
+ SASL_GSSAPI,
+ SASL_GSSAPI_TOKEN,
+ SASL_GSSAPI_NO_DATA,
+ SASL_OAUTH2,
+ SASL_OAUTH2_RESP,
+ SASL_CANCEL,
+ SASL_FINAL
+} saslstate;
+
+/* Progress indicator */
+typedef enum {
+ SASL_IDLE,
+ SASL_INPROGRESS,
+ SASL_DONE
+} saslprogress;
+
+/* Protocol dependent SASL parameters */
+struct SASLproto {
+ const char *service; /* The service name */
+ int contcode; /* Code to receive when continuation is expected */
+ int finalcode; /* Code to receive upon authentication success */
+ size_t maxirlen; /* Maximum initial response length */
+ CURLcode (*sendauth)(struct connectdata *conn,
+ const char *mech, const char *ir);
+ /* Send authentication command */
+ CURLcode (*sendcont)(struct connectdata *conn, const char *contauth);
+ /* Send authentication continuation */
+ void (*getmessage)(char *buffer, char **outptr);
+ /* Get SASL response message */
+};
+
+/* Per-connection parameters */
+struct SASL {
+ const struct SASLproto *params; /* Protocol dependent parameters */
+ saslstate state; /* Current machine state */
+ unsigned int authmechs; /* Accepted authentication mechanisms */
+ unsigned int prefmech; /* Preferred authentication mechanism */
+ unsigned int authused; /* Auth mechanism used for the connection */
+ bool resetprefs; /* For URL auth option parsing. */
+ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */
+ bool force_ir; /* Protocol always supports initial response */
+};
/* This is used to test whether the line starts with the given mechanism */
#define sasl_mech_equal(line, wordlen, mech) \
(wordlen == (sizeof(mech) - 1) / sizeof(char) && \
!memcmp(line, mech, wordlen))
-/* This is used to generate a base64 encoded PLAIN authentication message */
-CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
- const char *userp,
- const char *passwdp,
- char **outptr, size_t *outlen);
-
-/* This is used to generate a base64 encoded LOGIN authentication message
- containing either the user name or password details */
-CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
- const char *valuep, char **outptr,
- size_t *outlen);
-
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-/* This is used to generate a base64 encoded CRAM-MD5 response message */
-CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
- const char *chlg64,
- const char *user,
- const char *passwdp,
- char **outptr, size_t *outlen);
-
-/* This is used to generate a base64 encoded DIGEST-MD5 response message */
-CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
- const char *chlg64,
- const char *user,
- const char *passwdp,
- const char *service,
- char **outptr, size_t *outlen);
-#endif
-
-#ifdef USE_NTLM
-/* This is used to generate a base64 encoded NTLM type-1 message */
-CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr,
- size_t *outlen);
-
-/* This is used to decode an incoming NTLM type-2 message and generate a
- base64 encoded type-3 response */
-CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
- const char *header,
- const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr, size_t *outlen);
-
-#endif /* USE_NTLM */
-
-/* This is used to generate a base64 encoded XOAUTH2 authentication message
- containing the user name and bearer token */
-CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
- const char *user,
- const char *bearer,
- char **outptr, size_t *outlen);
-
/* This is used to cleanup any libraries or curl modules used by the sasl
functions */
void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
+/* Convert a mechanism name to a token */
+unsigned int Curl_sasl_decode_mech(const char *ptr,
+ size_t maxlen, size_t *len);
+
+/* Parse the URL login options */
+CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
+ const char *value, size_t len);
+
+/* Initializes an SASL structure */
+void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params);
+
+/* Check if we have enough auth data and capabilities to authenticate */
+bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn);
+
+/* Calculate the required login details for SASL authentication */
+CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
+ bool force_ir, saslprogress *progress);
+
+/* Continue an SASL authentication */
+CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
+ int code, saslprogress *progress);
+
#endif /* HEADER_CURL_SASL_H */
diff --git a/libs/libcurl/src/curl_schannel.c b/libs/libcurl/src/curl_schannel.c
deleted file mode 100644
index d39cb8371e..0000000000
--- a/libs/libcurl/src/curl_schannel.c
+++ /dev/null
@@ -1,1308 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2012 - 2013, Marc Hoersken, <info@marc-hoersken.de>
- * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/*
- * Source file for all SChannel-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- *
- */
-
-/*
- * Based upon the PolarSSL implementation in polarssl.c and polarssl.h:
- * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- *
- * Based upon the CyaSSL implementation in cyassl.c and cyassl.h:
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * Thanks for code and inspiration!
- */
-
-/*
- * TODO list for TLS/SSL implementation:
- * - implement client certificate authentication
- * - implement custom server certificate validation
- * - implement cipher/algorithm option
- *
- * Related articles on MSDN:
- * - Getting a Certificate for Schannel
- * http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
- * - Specifying Schannel Ciphers and Cipher Strengths
- * http://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
- */
-
-#include "curl_setup.h"
-
-#ifdef USE_SCHANNEL
-
-#ifndef USE_WINDOWS_SSPI
-# error "Can't compile SCHANNEL support without SSPI."
-#endif
-
-#include "curl_sspi.h"
-#include "curl_schannel.h"
-#include "sslgen.h"
-#include "sendf.h"
-#include "connect.h" /* for the connect timeout */
-#include "strerror.h"
-#include "select.h" /* for the socket readyness */
-#include "inet_pton.h" /* for IP addr SNI check */
-#include "curl_multibyte.h"
-#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* Uncomment to force verbose output
- * #define infof(x, y, ...) printf(y, __VA_ARGS__)
- * #define failf(x, y, ...) printf(y, __VA_ARGS__)
- */
-
-static Curl_recv schannel_recv;
-static Curl_send schannel_send;
-
-#ifdef _WIN32_WCE
-static CURLcode verify_certificate(struct connectdata *conn, int sockindex);
-#endif
-
-static void InitSecBuffer(SecBuffer *buffer, unsigned long BufType,
- void *BufDataPtr, unsigned long BufByteSize)
-{
- buffer->cbBuffer = BufByteSize;
- buffer->BufferType = BufType;
- buffer->pvBuffer = BufDataPtr;
-}
-
-static void InitSecBufferDesc(SecBufferDesc *desc, SecBuffer *BufArr,
- unsigned long NumArrElem)
-{
- desc->ulVersion = SECBUFFER_VERSION;
- desc->pBuffers = BufArr;
- desc->cBuffers = NumArrElem;
-}
-
-static CURLcode
-schannel_connect_step1(struct connectdata *conn, int sockindex)
-{
- ssize_t written = -1;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- SecBuffer outbuf;
- SecBufferDesc outbuf_desc;
- SCHANNEL_CRED schannel_cred;
- SECURITY_STATUS sspi_status = SEC_E_OK;
- struct curl_schannel_cred *old_cred = NULL;
- struct in_addr addr;
-#ifdef ENABLE_IPV6
- struct in6_addr addr6;
-#endif
- wchar_t *host_name;
- CURLcode code;
-
- infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
- conn->host.name, conn->remote_port);
-
- /* check for an existing re-usable credential handle */
- if(!Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL)) {
- connssl->cred = old_cred;
- infof(data, "schannel: re-using existing credential handle\n");
- }
- else {
- /* setup Schannel API options */
- memset(&schannel_cred, 0, sizeof(schannel_cred));
- schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
-
- if(data->set.ssl.verifypeer) {
-#ifdef _WIN32_WCE
- /* certificate validation on CE doesn't seem to work right; we'll
- do it following a more manual process. */
- schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
- SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
- SCH_CRED_IGNORE_REVOCATION_OFFLINE;
-#else
- schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
- SCH_CRED_REVOCATION_CHECK_CHAIN;
-#endif
- infof(data, "schannel: checking server certificate revocation\n");
- }
- else {
- schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
- SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
- SCH_CRED_IGNORE_REVOCATION_OFFLINE;
- infof(data, "schannel: disable server certificate revocation checks\n");
- }
-
- if(Curl_inet_pton(AF_INET, conn->host.name, &addr)
-#ifdef ENABLE_IPV6
- || Curl_inet_pton(AF_INET6, conn->host.name, &addr6)
-#endif
- ) {
- schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
- infof(data, "schannel: using IP address, SNI is being disabled by "
- "disabling the servername check against the "
- "subject names in server certificates.\n");
- }
-
- if(!data->set.ssl.verifyhost) {
- schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
- infof(data, "schannel: verifyhost setting prevents Schannel from "
- "comparing the supplied target name with the subject "
- "names in server certificates. Also disables SNI.\n");
- }
-
- switch(data->set.ssl.version) {
- case CURL_SSLVERSION_TLSv1:
- schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
- SP_PROT_TLS1_1_CLIENT |
- SP_PROT_TLS1_2_CLIENT;
- break;
- case CURL_SSLVERSION_SSLv3:
- schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
- break;
- case CURL_SSLVERSION_SSLv2:
- schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
- break;
- }
-
- /* allocate memory for the re-usable credential handle */
- connssl->cred = malloc(sizeof(struct curl_schannel_cred));
- if(!connssl->cred) {
- failf(data, "schannel: unable to allocate memory");
- return CURLE_OUT_OF_MEMORY;
- }
- memset(connssl->cred, 0, sizeof(struct curl_schannel_cred));
-
- /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx */
- sspi_status = s_pSecFn->AcquireCredentialsHandle(NULL, (wchar_t *)UNISP_NAME,
- SECPKG_CRED_OUTBOUND, NULL, &schannel_cred, NULL, NULL,
- &connssl->cred->cred_handle, &connssl->cred->time_stamp);
-
- if(sspi_status != SEC_E_OK) {
- if(sspi_status == SEC_E_WRONG_PRINCIPAL)
- failf(data, "schannel: SNI or certificate check failed: %s",
- Curl_sspi_strerror(conn, sspi_status));
- else
- failf(data, "schannel: AcquireCredentialsHandle failed: %s",
- Curl_sspi_strerror(conn, sspi_status));
- Curl_safefree(connssl->cred);
- return CURLE_SSL_CONNECT_ERROR;
- }
- }
-
- /* setup output buffer */
- InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
- InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
-
- /* setup request flags */
- connssl->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
- ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
- ISC_REQ_STREAM;
-
- /* allocate memory for the security context handle */
- connssl->ctxt = malloc(sizeof(struct curl_schannel_ctxt));
- if(!connssl->ctxt) {
- failf(data, "schannel: unable to allocate memory");
- return CURLE_OUT_OF_MEMORY;
- }
- memset(connssl->ctxt, 0, sizeof(struct curl_schannel_ctxt));
-
- host_name = Curl_convert_UTF8_to_tchar(conn->host.name);
- if(!host_name)
- return CURLE_OUT_OF_MEMORY;
-
- /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */
-
- sspi_status = s_pSecFn->InitializeSecurityContext(
- &connssl->cred->cred_handle, NULL, host_name,
- connssl->req_flags, 0, 0, NULL, 0, &connssl->ctxt->ctxt_handle,
- &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
-
- Curl_unicodefree(host_name);
-
- if(sspi_status != SEC_I_CONTINUE_NEEDED) {
- if(sspi_status == SEC_E_WRONG_PRINCIPAL)
- failf(data, "schannel: SNI or certificate check failed: %s",
- Curl_sspi_strerror(conn, sspi_status));
- else
- failf(data, "schannel: initial InitializeSecurityContext failed: %s",
- Curl_sspi_strerror(conn, sspi_status));
- Curl_safefree(connssl->ctxt);
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- infof(data, "schannel: sending initial handshake data: "
- "sending %lu bytes...\n", outbuf.cbBuffer);
-
- /* send initial handshake data which is now stored in output buffer */
- code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
- outbuf.cbBuffer, &written);
- s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
- if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {
- failf(data, "schannel: failed to send initial handshake data: "
- "sent %zd of %lu bytes", written, outbuf.cbBuffer);
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- infof(data, "schannel: sent initial handshake data: "
- "sent %zd bytes\n", written);
-
- /* continue to second handshake step */
- connssl->connecting_state = ssl_connect_2;
-
- return CURLE_OK;
-}
-
-static CURLcode
-schannel_connect_step2(struct connectdata *conn, int sockindex)
-{
- int i;
- ssize_t nread = -1, written = -1;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- SecBuffer outbuf[2];
- SecBufferDesc outbuf_desc;
- SecBuffer inbuf[2];
- SecBufferDesc inbuf_desc;
- SECURITY_STATUS sspi_status = SEC_E_OK;
- wchar_t *host_name;
- CURLcode code;
- bool doread;
-
- doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE;
-
- infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)\n",
- conn->host.name, conn->remote_port);
-
- /* buffer to store previously received and encrypted data */
- if(connssl->encdata_buffer == NULL) {
- connssl->encdata_offset = 0;
- connssl->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
- connssl->encdata_buffer = malloc(connssl->encdata_length);
- if(connssl->encdata_buffer == NULL) {
- failf(data, "schannel: unable to allocate memory");
- return CURLE_OUT_OF_MEMORY;
- }
- }
-
- /* if we need a bigger buffer to read a full message, increase buffer now */
- if(connssl->encdata_length - connssl->encdata_offset <
- CURL_SCHANNEL_BUFFER_FREE_SIZE) {
- /* increase internal encrypted data buffer */
- connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
- connssl->encdata_buffer = realloc(connssl->encdata_buffer,
- connssl->encdata_length);
-
- if(connssl->encdata_buffer == NULL) {
- failf(data, "schannel: unable to re-allocate memory");
- return CURLE_OUT_OF_MEMORY;
- }
- }
-
- for(;;) {
- if(doread) {
- /* read encrypted handshake data from socket */
- code = Curl_read_plain(conn->sock[sockindex],
- (char *) (connssl->encdata_buffer + connssl->encdata_offset),
- connssl->encdata_length - connssl->encdata_offset,
- &nread);
- if(code == CURLE_AGAIN) {
- if(connssl->connecting_state != ssl_connect_2_writing)
- connssl->connecting_state = ssl_connect_2_reading;
- infof(data, "schannel: failed to receive handshake, "
- "need more data\n");
- return CURLE_OK;
- }
- else if((code != CURLE_OK) || (nread == 0)) {
- failf(data, "schannel: failed to receive handshake, "
- "SSL/TLS connection failed");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* increase encrypted data buffer offset */
- connssl->encdata_offset += nread;
- }
-
- infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
- connssl->encdata_offset, connssl->encdata_length);
-
- /* setup input buffers */
- InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(connssl->encdata_offset),
- curlx_uztoul(connssl->encdata_offset));
- InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
- InitSecBufferDesc(&inbuf_desc, inbuf, 2);
-
- /* setup output buffers */
- InitSecBuffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0);
- InitSecBuffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0);
- InitSecBufferDesc(&outbuf_desc, outbuf, 2);
-
- if(inbuf[0].pvBuffer == NULL) {
- failf(data, "schannel: unable to allocate memory");
- return CURLE_OUT_OF_MEMORY;
- }
-
- /* copy received handshake data into input buffer */
- memcpy(inbuf[0].pvBuffer, connssl->encdata_buffer,
- connssl->encdata_offset);
-
- host_name = Curl_convert_UTF8_to_tchar(conn->host.name);
- if(!host_name)
- return CURLE_OUT_OF_MEMORY;
-
- /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx */
-
- sspi_status = s_pSecFn->InitializeSecurityContext(
- &connssl->cred->cred_handle, &connssl->ctxt->ctxt_handle,
- host_name, connssl->req_flags, 0, 0, &inbuf_desc, 0, NULL,
- &outbuf_desc, &connssl->ret_flags, &connssl->ctxt->time_stamp);
-
- Curl_unicodefree(host_name);
-
- /* free buffer for received handshake data */
- Curl_safefree(inbuf[0].pvBuffer);
-
- /* check if the handshake was incomplete */
- if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {
- connssl->connecting_state = ssl_connect_2_reading;
- infof(data, "schannel: received incomplete message, need more data\n");
- return CURLE_OK;
- }
-
- /* check if the handshake needs to be continued */
- if(sspi_status == SEC_I_CONTINUE_NEEDED || sspi_status == SEC_E_OK) {
- for(i = 0; i < 2; i++) {
- /* search for handshake tokens that need to be send */
- if(outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
- infof(data, "schannel: sending next handshake data: "
- "sending %lu bytes...\n", outbuf[i].cbBuffer);
-
- /* send handshake token to server */
- code = Curl_write_plain(conn, conn->sock[sockindex],
- outbuf[i].pvBuffer, outbuf[i].cbBuffer,
- &written);
- if((code != CURLE_OK) || (outbuf[i].cbBuffer != (size_t)written)) {
- failf(data, "schannel: failed to send next handshake data: "
- "sent %zd of %lu bytes", written, outbuf[i].cbBuffer);
- return CURLE_SSL_CONNECT_ERROR;
- }
- }
-
- /* free obsolete buffer */
- if(outbuf[i].pvBuffer != NULL) {
- s_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer);
- }
- }
- }
- else {
- if(sspi_status == SEC_E_WRONG_PRINCIPAL)
- failf(data, "schannel: SNI or certificate check failed: %s",
- Curl_sspi_strerror(conn, sspi_status));
- else
- failf(data, "schannel: next InitializeSecurityContext failed: %s",
- Curl_sspi_strerror(conn, sspi_status));
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* check if there was additional remaining encrypted data */
- if(inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
- infof(data, "schannel: encrypted data length: %lu\n", inbuf[1].cbBuffer);
- /*
- There are two cases where we could be getting extra data here:
- 1) If we're renegotiating a connection and the handshake is already
- complete (from the server perspective), it can encrypted app data
- (not handshake data) in an extra buffer at this point.
- 2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a
- connection and this extra data is part of the handshake.
- We should process the data immediately; waiting for the socket to
- be ready may fail since the server is done sending handshake data.
- */
- /* check if the remaining data is less than the total amount
- and therefore begins after the already processed data */
- if(connssl->encdata_offset > inbuf[1].cbBuffer) {
- memmove(connssl->encdata_buffer,
- (connssl->encdata_buffer + connssl->encdata_offset) -
- inbuf[1].cbBuffer, inbuf[1].cbBuffer);
- connssl->encdata_offset = inbuf[1].cbBuffer;
- if(sspi_status == SEC_I_CONTINUE_NEEDED) {
- doread = FALSE;
- continue;
- }
- }
- }
- else {
- connssl->encdata_offset = 0;
- }
- break;
- }
-
- /* check if the handshake needs to be continued */
- if(sspi_status == SEC_I_CONTINUE_NEEDED) {
- connssl->connecting_state = ssl_connect_2_reading;
- return CURLE_OK;
- }
-
- /* check if the handshake is complete */
- if(sspi_status == SEC_E_OK) {
- connssl->connecting_state = ssl_connect_3;
- infof(data, "schannel: SSL/TLS handshake complete\n");
- }
-
-#ifdef _WIN32_WCE
- /* Windows CE doesn't do any server certificate validation.
- We have to do it manually. */
- if(data->set.ssl.verifypeer)
- return verify_certificate(conn, sockindex);
-#endif
-
- return CURLE_OK;
-}
-
-static CURLcode
-schannel_connect_step3(struct connectdata *conn, int sockindex)
-{
- CURLcode retcode = CURLE_OK;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct curl_schannel_cred *old_cred = NULL;
- int incache;
-
- DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
-
- infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)\n",
- conn->host.name, conn->remote_port);
-
- /* check if the required context attributes are met */
- if(connssl->ret_flags != connssl->req_flags) {
- if(!(connssl->ret_flags & ISC_RET_SEQUENCE_DETECT))
- failf(data, "schannel: failed to setup sequence detection");
- if(!(connssl->ret_flags & ISC_RET_REPLAY_DETECT))
- failf(data, "schannel: failed to setup replay detection");
- if(!(connssl->ret_flags & ISC_RET_CONFIDENTIALITY))
- failf(data, "schannel: failed to setup confidentiality");
- if(!(connssl->ret_flags & ISC_RET_ALLOCATED_MEMORY))
- failf(data, "schannel: failed to setup memory allocation");
- if(!(connssl->ret_flags & ISC_RET_STREAM))
- failf(data, "schannel: failed to setup stream orientation");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* increment the reference counter of the credential/session handle */
- if(connssl->cred && connssl->ctxt) {
- connssl->cred->refcount++;
- infof(data, "schannel: incremented credential handle refcount = %d\n",
- connssl->cred->refcount);
- }
-
- /* save the current session data for possible re-use */
- incache = !(Curl_ssl_getsessionid(conn, (void**)&old_cred, NULL));
- if(incache) {
- if(old_cred != connssl->cred) {
- infof(data, "schannel: old credential handle is stale, removing\n");
- Curl_ssl_delsessionid(conn, (void*)old_cred);
- incache = FALSE;
- }
- }
- if(!incache) {
- retcode = Curl_ssl_addsessionid(conn, (void*)connssl->cred,
- sizeof(struct curl_schannel_cred));
- if(retcode) {
- failf(data, "schannel: failed to store credential handle");
- return retcode;
- }
- else {
- connssl->cred->cached = TRUE;
- infof(data, "schannel: stored credential handle in session cache\n");
- }
- }
-
- connssl->connecting_state = ssl_connect_done;
-
- return CURLE_OK;
-}
-
-static CURLcode
-schannel_connect_common(struct connectdata *conn, int sockindex,
- bool nonblocking, bool *done)
-{
- CURLcode retcode;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- curl_socket_t sockfd = conn->sock[sockindex];
- long timeout_ms;
- int what;
-
- /* check if the connection has already been established */
- if(ssl_connection_complete == connssl->state) {
- *done = TRUE;
- return CURLE_OK;
- }
-
- if(ssl_connect_1 == connssl->connecting_state) {
- /* check out how much more time we're allowed */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL/TLS connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- retcode = schannel_connect_step1(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- while(ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state) {
-
- /* check out how much more time we're allowed */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL/TLS connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- /* if ssl is expecting something, check if it's available. */
- if(connssl->connecting_state == ssl_connect_2_reading
- || connssl->connecting_state == ssl_connect_2_writing) {
-
- curl_socket_t writefd = ssl_connect_2_writing ==
- connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
- curl_socket_t readfd = ssl_connect_2_reading ==
- connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
-
- what = Curl_socket_ready(readfd, writefd, nonblocking ? 0 : timeout_ms);
- if(what < 0) {
- /* fatal error */
- failf(data, "select/poll on SSL/TLS socket, errno: %d", SOCKERRNO);
- return CURLE_SSL_CONNECT_ERROR;
- }
- else if(0 == what) {
- if(nonblocking) {
- *done = FALSE;
- return CURLE_OK;
- }
- else {
- /* timeout */
- failf(data, "SSL/TLS connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
- }
- /* socket is readable or writable */
- }
-
- /* Run transaction, and return to the caller if it failed or if
- * this connection is part of a multi handle and this loop would
- * execute again. This permits the owner of a multi handle to
- * abort a connection attempt before step2 has completed while
- * ensuring that a client using select() or epoll() will always
- * have a valid fdset to wait on.
- */
- retcode = schannel_connect_step2(conn, sockindex);
- if(retcode || (nonblocking &&
- (ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state)))
- return retcode;
-
- } /* repeat step2 until all transactions are done. */
-
- if(ssl_connect_3 == connssl->connecting_state) {
- retcode = schannel_connect_step3(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- if(ssl_connect_done == connssl->connecting_state) {
- connssl->state = ssl_connection_complete;
- conn->recv[sockindex] = schannel_recv;
- conn->send[sockindex] = schannel_send;
- *done = TRUE;
- }
- else
- *done = FALSE;
-
- /* reset our connection state machine */
- connssl->connecting_state = ssl_connect_1;
-
- return CURLE_OK;
-}
-
-static ssize_t
-schannel_send(struct connectdata *conn, int sockindex,
- const void *buf, size_t len, CURLcode *err)
-{
- ssize_t written = -1;
- size_t data_len = 0;
- unsigned char *data = NULL;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- SecBuffer outbuf[4];
- SecBufferDesc outbuf_desc;
- SECURITY_STATUS sspi_status = SEC_E_OK;
- CURLcode code;
-
- /* check if the maximum stream sizes were queried */
- if(connssl->stream_sizes.cbMaximumMessage == 0) {
- sspi_status = s_pSecFn->QueryContextAttributes(
- &connssl->ctxt->ctxt_handle,
- SECPKG_ATTR_STREAM_SIZES,
- &connssl->stream_sizes);
- if(sspi_status != SEC_E_OK) {
- *err = CURLE_SEND_ERROR;
- return -1;
- }
- }
-
- /* check if the buffer is longer than the maximum message length */
- if(len > connssl->stream_sizes.cbMaximumMessage) {
- *err = CURLE_SEND_ERROR;
- return -1;
- }
-
- /* calculate the complete message length and allocate a buffer for it */
- data_len = connssl->stream_sizes.cbHeader + len +
- connssl->stream_sizes.cbTrailer;
- data = (unsigned char*) malloc(data_len);
- if(data == NULL) {
- *err = CURLE_OUT_OF_MEMORY;
- return -1;
- }
-
- /* setup output buffers (header, data, trailer, empty) */
- InitSecBuffer(&outbuf[0], SECBUFFER_STREAM_HEADER,
- data, connssl->stream_sizes.cbHeader);
- InitSecBuffer(&outbuf[1], SECBUFFER_DATA,
- data + connssl->stream_sizes.cbHeader, curlx_uztoul(len));
- InitSecBuffer(&outbuf[2], SECBUFFER_STREAM_TRAILER,
- data + connssl->stream_sizes.cbHeader + len,
- connssl->stream_sizes.cbTrailer);
- InitSecBuffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0);
- InitSecBufferDesc(&outbuf_desc, outbuf, 4);
-
- /* copy data into output buffer */
- memcpy(outbuf[1].pvBuffer, buf, len);
-
- /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */
- sspi_status = s_pSecFn->EncryptMessage(&connssl->ctxt->ctxt_handle, 0,
- &outbuf_desc, 0);
-
- /* check if the message was encrypted */
- if(sspi_status == SEC_E_OK) {
- written = 0;
-
- /* send the encrypted message including header, data and trailer */
- len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
-
- /*
- It's important to send the full message which includes the header,
- encrypted payload, and trailer. Until the client receives all the
- data a coherent message has not been delivered and the client
- can't read any of it.
-
- If we wanted to buffer the unwritten encrypted bytes, we would
- tell the client that all data it has requested to be sent has been
- sent. The unwritten encrypted bytes would be the first bytes to
- send on the next invocation.
- Here's the catch with this - if we tell the client that all the
- bytes have been sent, will the client call this method again to
- send the buffered data? Looking at who calls this function, it
- seems the answer is NO.
- */
-
- /* send entire message or fail */
- while(len > (size_t)written) {
- ssize_t this_write;
- long timeleft;
- int what;
-
- this_write = 0;
-
- timeleft = Curl_timeleft(conn->data, NULL, TRUE);
- if(timeleft < 0) {
- /* we already got the timeout */
- failf(conn->data, "schannel: timed out sending data "
- "(bytes sent: %zd)", written);
- *err = CURLE_OPERATION_TIMEDOUT;
- written = -1;
- break;
- }
-
- what = Curl_socket_ready(CURL_SOCKET_BAD, conn->sock[sockindex],
- timeleft);
- if(what < 0) {
- /* fatal error */
- failf(conn->data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- *err = CURLE_SEND_ERROR;
- written = -1;
- break;
- }
- else if(0 == what) {
- failf(conn->data, "schannel: timed out sending data "
- "(bytes sent: %zd)", written);
- *err = CURLE_OPERATION_TIMEDOUT;
- written = -1;
- break;
- }
- /* socket is writable */
-
- code = Curl_write_plain(conn, conn->sock[sockindex], data + written,
- len - written, &this_write);
- if(code == CURLE_AGAIN)
- continue;
- else if(code != CURLE_OK) {
- *err = code;
- written = -1;
- break;
- }
-
- written += this_write;
- }
- }
- else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) {
- *err = CURLE_OUT_OF_MEMORY;
- }
- else{
- *err = CURLE_SEND_ERROR;
- }
-
- Curl_safefree(data);
-
- if(len == (size_t)written)
- /* Encrypted message including header, data and trailer entirely sent.
- The return value is the number of unencrypted bytes that were sent. */
- written = outbuf[1].cbBuffer;
-
- return written;
-}
-
-static ssize_t
-schannel_recv(struct connectdata *conn, int sockindex,
- char *buf, size_t len, CURLcode *err)
-{
- size_t size = 0;
- ssize_t nread = 0, ret = -1;
- CURLcode retcode;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- bool done = FALSE;
- SecBuffer inbuf[4];
- SecBufferDesc inbuf_desc;
- SECURITY_STATUS sspi_status = SEC_E_OK;
-
- infof(data, "schannel: client wants to read %zu bytes\n", len);
- *err = CURLE_OK;
-
- /* buffer to store previously received and decrypted data */
- if(connssl->decdata_buffer == NULL) {
- connssl->decdata_offset = 0;
- connssl->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
- connssl->decdata_buffer = malloc(connssl->decdata_length);
- if(connssl->decdata_buffer == NULL) {
- failf(data, "schannel: unable to allocate memory");
- *err = CURLE_OUT_OF_MEMORY;
- return -1;
- }
- }
-
- /* increase buffer in order to fit the requested amount of data */
- while(connssl->encdata_length - connssl->encdata_offset <
- CURL_SCHANNEL_BUFFER_FREE_SIZE || connssl->encdata_length < len) {
- /* increase internal encrypted data buffer */
- connssl->encdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
- connssl->encdata_buffer = realloc(connssl->encdata_buffer,
- connssl->encdata_length);
-
- if(connssl->encdata_buffer == NULL) {
- failf(data, "schannel: unable to re-allocate memory");
- *err = CURLE_OUT_OF_MEMORY;
- return -1;
- }
- }
-
- /* read encrypted data from socket */
- infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
- connssl->encdata_offset, connssl->encdata_length);
- size = connssl->encdata_length - connssl->encdata_offset;
- if(size > 0) {
- *err = Curl_read_plain(conn->sock[sockindex],
- (char *) (connssl->encdata_buffer + connssl->encdata_offset),
- size, &nread);
- /* check for received data */
- if(*err != CURLE_OK)
- ret = -1;
- else {
- if(nread > 0)
- /* increase encrypted data buffer offset */
- connssl->encdata_offset += nread;
- ret = nread;
- }
- infof(data, "schannel: encrypted data got %zd\n", ret);
- }
-
- infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
- connssl->encdata_offset, connssl->encdata_length);
-
- /* check if we still have some data in our buffers */
- while(connssl->encdata_offset > 0 && sspi_status == SEC_E_OK &&
- connssl->decdata_offset < len) {
- /* prepare data buffer for DecryptMessage call */
- InitSecBuffer(&inbuf[0], SECBUFFER_DATA, connssl->encdata_buffer,
- curlx_uztoul(connssl->encdata_offset));
-
- /* we need 3 more empty input buffers for possible output */
- InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
- InitSecBuffer(&inbuf[2], SECBUFFER_EMPTY, NULL, 0);
- InitSecBuffer(&inbuf[3], SECBUFFER_EMPTY, NULL, 0);
-
- InitSecBufferDesc(&inbuf_desc, inbuf, 4);
-
- /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx */
- sspi_status = s_pSecFn->DecryptMessage(&connssl->ctxt->ctxt_handle,
- &inbuf_desc, 0, NULL);
-
- /* check if we need more data */
- if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {
- infof(data, "schannel: failed to decrypt data, need more data\n");
- *err = CURLE_AGAIN;
- return -1;
- }
-
- /* check if everything went fine (server may want to renegotiate
- context) */
- if(sspi_status == SEC_E_OK || sspi_status == SEC_I_RENEGOTIATE ||
- sspi_status == SEC_I_CONTEXT_EXPIRED) {
- /* check for successfully decrypted data */
- if(inbuf[1].BufferType == SECBUFFER_DATA) {
- infof(data, "schannel: decrypted data length: %lu\n",
- inbuf[1].cbBuffer);
-
- /* increase buffer in order to fit the received amount of data */
- size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_FREE_SIZE ?
- inbuf[1].cbBuffer : CURL_SCHANNEL_BUFFER_FREE_SIZE;
- while(connssl->decdata_length - connssl->decdata_offset < size ||
- connssl->decdata_length < len) {
- /* increase internal decrypted data buffer */
- connssl->decdata_length *= CURL_SCHANNEL_BUFFER_STEP_FACTOR;
- connssl->decdata_buffer = realloc(connssl->decdata_buffer,
- connssl->decdata_length);
-
- if(connssl->decdata_buffer == NULL) {
- failf(data, "schannel: unable to re-allocate memory");
- *err = CURLE_OUT_OF_MEMORY;
- return -1;
- }
- }
-
- /* copy decrypted data to internal buffer */
- size = inbuf[1].cbBuffer;
- if(size > 0) {
- memcpy(connssl->decdata_buffer + connssl->decdata_offset,
- inbuf[1].pvBuffer, size);
- connssl->decdata_offset += size;
- }
-
- infof(data, "schannel: decrypted data added: %zu\n", size);
- infof(data, "schannel: decrypted data cached: offset %zu length %zu\n",
- connssl->decdata_offset, connssl->decdata_length);
- }
-
- /* check for remaining encrypted data */
- if(inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
- infof(data, "schannel: encrypted data length: %lu\n",
- inbuf[3].cbBuffer);
-
- /* check if the remaining data is less than the total amount
- * and therefore begins after the already processed data
- */
- if(connssl->encdata_offset > inbuf[3].cbBuffer) {
- /* move remaining encrypted data forward to the beginning of
- buffer */
- memmove(connssl->encdata_buffer,
- (connssl->encdata_buffer + connssl->encdata_offset) -
- inbuf[3].cbBuffer, inbuf[3].cbBuffer);
- connssl->encdata_offset = inbuf[3].cbBuffer;
- }
-
- infof(data, "schannel: encrypted data cached: offset %zu length %zu\n",
- connssl->encdata_offset, connssl->encdata_length);
- }
- else{
- /* reset encrypted buffer offset, because there is no data remaining */
- connssl->encdata_offset = 0;
- }
- }
-
- /* check if server wants to renegotiate the connection context */
- if(sspi_status == SEC_I_RENEGOTIATE) {
- infof(data, "schannel: remote party requests SSL/TLS renegotiation\n");
-
- /* begin renegotiation */
- infof(data, "schannel: renegotiating SSL/TLS connection\n");
- connssl->state = ssl_connection_negotiating;
- connssl->connecting_state = ssl_connect_2_writing;
- retcode = schannel_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- *err = retcode;
- else {
- infof(data, "schannel: SSL/TLS connection renegotiated\n");
- /* now retry receiving data */
- return schannel_recv(conn, sockindex, buf, len, err);
- }
- }
- }
-
- infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n",
- connssl->decdata_offset, connssl->decdata_length);
-
- /* copy requested decrypted data to supplied buffer */
- size = len < connssl->decdata_offset ? len : connssl->decdata_offset;
- if(size > 0) {
- memcpy(buf, connssl->decdata_buffer, size);
- ret = size;
-
- /* move remaining decrypted data forward to the beginning of buffer */
- memmove(connssl->decdata_buffer, connssl->decdata_buffer + size,
- connssl->decdata_offset - size);
- connssl->decdata_offset -= size;
-
- infof(data, "schannel: decrypted data returned %zd\n", size);
- infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n",
- connssl->decdata_offset, connssl->decdata_length);
- }
-
- /* check if the server closed the connection */
- if(ret <= 0 && ( /* special check for Windows 2000 Professional */
- sspi_status == SEC_I_CONTEXT_EXPIRED || (sspi_status == SEC_E_OK &&
- connssl->encdata_offset > 0 && connssl->encdata_buffer[0] == 0x15))) {
- infof(data, "schannel: server closed the connection\n");
- *err = CURLE_OK;
- return 0;
- }
-
- /* check if something went wrong and we need to return an error */
- if(ret < 0 && sspi_status != SEC_E_OK) {
- infof(data, "schannel: failed to read data from server: %s\n",
- Curl_sspi_strerror(conn, sspi_status));
- *err = CURLE_RECV_ERROR;
- return -1;
- }
-
- return ret;
-}
-
-CURLcode
-Curl_schannel_connect_nonblocking(struct connectdata *conn, int sockindex,
- bool *done)
-{
- return schannel_connect_common(conn, sockindex, TRUE, done);
-}
-
-CURLcode
-Curl_schannel_connect(struct connectdata *conn, int sockindex)
-{
- CURLcode retcode;
- bool done = FALSE;
-
- retcode = schannel_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- return retcode;
-
- DEBUGASSERT(done);
-
- return CURLE_OK;
-}
-
-bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex)
-{
- const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- if(connssl->use) /* SSL/TLS is in use */
- return (connssl->encdata_offset > 0 ||
- connssl->decdata_offset > 0 ) ? TRUE : FALSE;
- else
- return FALSE;
-}
-
-void Curl_schannel_close(struct connectdata *conn, int sockindex)
-{
- if(conn->ssl[sockindex].use)
- /* if the SSL/TLS channel hasn't been shut down yet, do that now. */
- Curl_ssl_shutdown(conn, sockindex);
-}
-
-int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
-{
- /* See http://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx
- * Shutting Down an Schannel Connection
- */
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n",
- conn->host.name, conn->remote_port);
-
- if(connssl->cred && connssl->ctxt) {
- SecBufferDesc BuffDesc;
- SecBuffer Buffer;
- SECURITY_STATUS sspi_status;
- SecBuffer outbuf;
- SecBufferDesc outbuf_desc;
- CURLcode code;
- wchar_t *host_name;
- DWORD dwshut = SCHANNEL_SHUTDOWN;
-
- InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut));
- InitSecBufferDesc(&BuffDesc, &Buffer, 1);
-
- sspi_status = s_pSecFn->ApplyControlToken(&connssl->ctxt->ctxt_handle,
- &BuffDesc);
-
- if(sspi_status != SEC_E_OK)
- failf(data, "schannel: ApplyControlToken failure: %s",
- Curl_sspi_strerror(conn, sspi_status));
-
- host_name = Curl_convert_UTF8_to_tchar(conn->host.name);
- if(!host_name)
- return CURLE_OUT_OF_MEMORY;
-
- /* setup output buffer */
- InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
- InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
-
- sspi_status = s_pSecFn->InitializeSecurityContext(
- &connssl->cred->cred_handle,
- &connssl->ctxt->ctxt_handle,
- host_name,
- connssl->req_flags,
- 0,
- 0,
- NULL,
- 0,
- &connssl->ctxt->ctxt_handle,
- &outbuf_desc,
- &connssl->ret_flags,
- &connssl->ctxt->time_stamp);
-
- Curl_unicodefree(host_name);
-
- if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) {
- /* send close message which is in output buffer */
- ssize_t written;
- code = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
- outbuf.cbBuffer, &written);
-
- s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
- if((code != CURLE_OK) || (outbuf.cbBuffer != (size_t)written)) {
- infof(data, "schannel: failed to send close msg: %s"
- " (bytes written: %zd)\n", curl_easy_strerror(code), written);
- }
- }
-
- /* free SSPI Schannel API security context handle */
- if(connssl->ctxt) {
- infof(data, "schannel: clear security context handle\n");
- s_pSecFn->DeleteSecurityContext(&connssl->ctxt->ctxt_handle);
- Curl_safefree(connssl->ctxt);
- }
-
- /* free SSPI Schannel API credential handle */
- if(connssl->cred) {
- /* decrement the reference counter of the credential/session handle */
- if(connssl->cred->refcount > 0) {
- connssl->cred->refcount--;
- infof(data, "schannel: decremented credential handle refcount = %d\n",
- connssl->cred->refcount);
- }
-
- /* if the handle was not cached and the refcount is zero */
- if(!connssl->cred->cached && connssl->cred->refcount == 0) {
- infof(data, "schannel: clear credential handle\n");
- s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
- Curl_safefree(connssl->cred);
- }
- }
- }
-
- /* free internal buffer for received encrypted data */
- if(connssl->encdata_buffer != NULL) {
- Curl_safefree(connssl->encdata_buffer);
- connssl->encdata_length = 0;
- connssl->encdata_offset = 0;
- }
-
- /* free internal buffer for received decrypted data */
- if(connssl->decdata_buffer != NULL) {
- Curl_safefree(connssl->decdata_buffer);
- connssl->decdata_length = 0;
- connssl->decdata_offset = 0;
- }
-
- return CURLE_OK;
-}
-
-void Curl_schannel_session_free(void *ptr)
-{
- struct curl_schannel_cred *cred = ptr;
-
- if(cred && cred->cached && cred->refcount == 0) {
- s_pSecFn->FreeCredentialsHandle(&cred->cred_handle);
- Curl_safefree(cred);
- }
-}
-
-int Curl_schannel_init(void)
-{
- return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0);
-}
-
-void Curl_schannel_cleanup(void)
-{
- Curl_sspi_global_cleanup();
-}
-
-size_t Curl_schannel_version(char *buffer, size_t size)
-{
- size = snprintf(buffer, size, "WinSSL");
-
- return size;
-}
-
-#ifdef _WIN32_WCE
-static CURLcode verify_certificate(struct connectdata *conn, int sockindex)
-{
- SECURITY_STATUS status;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- CURLcode result = CURLE_OK;
- CERT_CONTEXT *pCertContextServer = NULL;
- const CERT_CHAIN_CONTEXT *pChainContext = NULL;
-
- status = s_pSecFn->QueryContextAttributes(&connssl->ctxt->ctxt_handle,
- SECPKG_ATTR_REMOTE_CERT_CONTEXT,
- &pCertContextServer);
-
- if((status != SEC_E_OK) || (pCertContextServer == NULL)) {
- failf(data, "schannel: Failed to read remote certificate context: %s",
- Curl_sspi_strerror(conn, status));
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
-
- if(result == CURLE_OK) {
- CERT_CHAIN_PARA ChainPara;
- memset(&ChainPara, 0, sizeof(ChainPara));
- ChainPara.cbSize = sizeof(ChainPara);
-
- if(!CertGetCertificateChain(NULL,
- pCertContextServer,
- NULL,
- pCertContextServer->hCertStore,
- &ChainPara,
- 0,
- NULL,
- &pChainContext)) {
- failf(data, "schannel: CertGetCertificateChain failed: %s",
- Curl_sspi_strerror(conn, GetLastError()));
- pChainContext = NULL;
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
-
- if(result == CURLE_OK) {
- CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0];
- DWORD dwTrustErrorMask = ~(DWORD)(CERT_TRUST_IS_NOT_TIME_NESTED|
- CERT_TRUST_REVOCATION_STATUS_UNKNOWN);
- dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus;
- if(dwTrustErrorMask) {
- if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN)
- failf(data, "schannel: CertGetCertificateChain trust error"
- " CERT_TRUST_IS_PARTIAL_CHAIN");
- if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT)
- failf(data, "schannel: CertGetCertificateChain trust error"
- " CERT_TRUST_IS_UNTRUSTED_ROOT");
- if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID)
- failf(data, "schannel: CertGetCertificateChain trust error"
- " CERT_TRUST_IS_NOT_TIME_VALID");
- failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x",
- dwTrustErrorMask);
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
- }
- }
-
- if(result == CURLE_OK) {
- if(data->set.ssl.verifyhost) {
- wchar_t cert_hostname_buff[128];
- xcharp_u hostname;
- xcharp_u cert_hostname;
- DWORD len;
-
- cert_hostname.const_tchar_ptr = cert_hostname_buff;
- hostname.tchar_ptr = Curl_convert_UTF8_to_tchar(conn->host.name);
-
- len = CertGetNameString(pCertContextServer,
- CERT_NAME_DNS_TYPE,
- 0,
- NULL,
- cert_hostname.tchar_ptr,
- 128);
- if(len > 0 && *cert_hostname.tchar_ptr == '*') {
- /* this is a wildcard cert. try matching the last len - 1 chars */
- int hostname_len = strlen(conn->host.name);
- cert_hostname.tchar_ptr++;
- if(wcsicmp(cert_hostname.const_tchar_ptr,
- hostname.const_tchar_ptr + hostname_len - len + 2) != 0)
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
- else if(len == 0 || wcsicmp(hostname.const_tchar_ptr,
- cert_hostname.const_tchar_ptr) != 0) {
- result = CURLE_PEER_FAILED_VERIFICATION;
- }
- if(result == CURLE_PEER_FAILED_VERIFICATION) {
- char *_cert_hostname;
- _cert_hostname = Curl_convert_tchar_to_UTF8(cert_hostname.tchar_ptr);
- failf(data, "schannel: CertGetNameString() certificate hostname "
- "(%s) did not match connection (%s)",
- _cert_hostname, conn->host.name);
- Curl_unicodefree(_cert_hostname);
- }
- Curl_unicodefree(hostname.tchar_ptr);
- }
- }
-
- if(pChainContext)
- CertFreeCertificateChain(pChainContext);
-
- if(pCertContextServer)
- CertFreeCertificateContext(pCertContextServer);
-
- return result;
-}
-#endif /* _WIN32_WCE */
-
-#endif /* USE_SCHANNEL */
diff --git a/libs/libcurl/src/curl_schannel.h b/libs/libcurl/src/curl_schannel.h
deleted file mode 100644
index b82c734a0a..0000000000
--- a/libs/libcurl/src/curl_schannel.h
+++ /dev/null
@@ -1,132 +0,0 @@
-#ifndef HEADER_CURL_SCHANNEL_H
-#define HEADER_CURL_SCHANNEL_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-#ifdef USE_SCHANNEL
-
-#include "urldata.h"
-
-#ifndef UNISP_NAME_A
-#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
-#endif
-
-#ifndef UNISP_NAME_W
-#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
-#endif
-
-#ifndef UNISP_NAME
-#ifdef UNICODE
-#define UNISP_NAME UNISP_NAME_W
-#else
-#define UNISP_NAME UNISP_NAME_A
-#endif
-#endif
-
-#ifndef SP_PROT_SSL2_CLIENT
-#define SP_PROT_SSL2_CLIENT 0x00000008
-#endif
-
-#ifndef SP_PROT_SSL3_CLIENT
-#define SP_PROT_SSL3_CLIENT 0x00000008
-#endif
-
-#ifndef SP_PROT_TLS1_CLIENT
-#define SP_PROT_TLS1_CLIENT 0x00000080
-#endif
-
-#ifndef SP_PROT_TLS1_0_CLIENT
-#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
-#endif
-
-#ifndef SP_PROT_TLS1_1_CLIENT
-#define SP_PROT_TLS1_1_CLIENT 0x00000200
-#endif
-
-#ifndef SP_PROT_TLS1_2_CLIENT
-#define SP_PROT_TLS1_2_CLIENT 0x00000800
-#endif
-
-#ifndef SECBUFFER_ALERT
-#define SECBUFFER_ALERT 17
-#endif
-
-#ifndef ISC_RET_REPLAY_DETECT
-#define ISC_RET_REPLAY_DETECT 0x00000004
-#endif
-
-#ifndef ISC_RET_SEQUENCE_DETECT
-#define ISC_RET_SEQUENCE_DETECT 0x00000008
-#endif
-
-#ifndef ISC_RET_CONFIDENTIALITY
-#define ISC_RET_CONFIDENTIALITY 0x00000010
-#endif
-
-#ifndef ISC_RET_ALLOCATED_MEMORY
-#define ISC_RET_ALLOCATED_MEMORY 0x00000100
-#endif
-
-#ifndef ISC_RET_STREAM
-#define ISC_RET_STREAM 0x00008000
-#endif
-
-
-#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096
-#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024
-#define CURL_SCHANNEL_BUFFER_STEP_FACTOR 2
-
-
-CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex);
-
-CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-
-bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex);
-void Curl_schannel_close(struct connectdata *conn, int sockindex);
-int Curl_schannel_shutdown(struct connectdata *conn, int sockindex);
-void Curl_schannel_session_free(void *ptr);
-
-int Curl_schannel_init(void);
-void Curl_schannel_cleanup(void);
-size_t Curl_schannel_version(char *buffer, size_t size);
-
-/* API setup for Schannel */
-#define curlssl_init Curl_schannel_init
-#define curlssl_cleanup Curl_schannel_cleanup
-#define curlssl_connect Curl_schannel_connect
-#define curlssl_connect_nonblocking Curl_schannel_connect_nonblocking
-#define curlssl_session_free Curl_schannel_session_free
-#define curlssl_close_all(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_close Curl_schannel_close
-#define curlssl_shutdown Curl_schannel_shutdown
-#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
-#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
-#define curlssl_version Curl_schannel_version
-#define curlssl_check_cxn(x) (x=x, -1)
-#define curlssl_data_pending Curl_schannel_data_pending
-#endif /* USE_SCHANNEL */
-#endif /* HEADER_CURL_SCHANNEL_H */
diff --git a/libs/libcurl/src/curl_sec.h b/libs/libcurl/src/curl_sec.h
index 82151e9c78..7bdde269b1 100644
--- a/libs/libcurl/src/curl_sec.h
+++ b/libs/libcurl/src/curl_sec.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -30,8 +30,8 @@ struct Curl_sec_client_mech {
void (*end)(void *);
int (*check_prot)(void *, int);
int (*overhead)(void *, int, int);
- int (*encode)(void *, const void*, int, int, void**, struct connectdata *);
- int (*decode)(void *, void*, int, int, struct connectdata *);
+ int (*encode)(void *, const void *, int, int, void **);
+ int (*decode)(void *, void *, int, int, struct connectdata *);
};
#define AUTH_OK 0
@@ -39,11 +39,11 @@ struct Curl_sec_client_mech {
#define AUTH_ERROR 2
#ifdef HAVE_GSSAPI
-int Curl_sec_read_msg (struct connectdata *conn, char *,
- enum protection_level);
-void Curl_sec_end (struct connectdata *);
-CURLcode Curl_sec_login (struct connectdata *);
-int Curl_sec_request_prot (struct connectdata *conn, const char *level);
+int Curl_sec_read_msg(struct connectdata *conn, char *,
+ enum protection_level);
+void Curl_sec_end(struct connectdata *);
+CURLcode Curl_sec_login(struct connectdata *);
+int Curl_sec_request_prot(struct connectdata *conn, const char *level);
extern struct Curl_sec_client_mech Curl_krb5_client_mech;
#endif
diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h
index 424a4915b8..72b6de98eb 100644
--- a/libs/libcurl/src/curl_setup.h
+++ b/libs/libcurl/src/curl_setup.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,13 @@
*
***************************************************************************/
+#define USE_SSLEAY
+#define USE_OPENSSL
+
+#if defined(BUILDING_LIBCURL) && !defined(CURL_NO_OLDIES)
+#define CURL_NO_OLDIES
+#endif
+
/*
* Define WIN32 when build target is Win32 API
*/
@@ -31,15 +38,65 @@
#define WIN32
#endif
+#ifdef WIN32
+/*
+ * Don't include unneeded stuff in Windows headers to avoid compiler
+ * warnings and macro clashes.
+ * Make sure to define this macro before including any Windows headers.
+ */
+# ifndef WIN32_LEAN_AND_MEAN
+# define WIN32_LEAN_AND_MEAN
+# endif
+#endif
+
/*
* Include configuration script results or hand-crafted
* configuration file for platforms which lack config tool.
*/
-#include "config-win32.h"
+#ifdef HAVE_CONFIG_H
-#define USE_SSLEAY
-#define USE_OPENSSL
+#include "curl_config.h"
+
+#else /* HAVE_CONFIG_H */
+
+#ifdef _WIN32_WCE
+# include "config-win32ce.h"
+#else
+# ifdef WIN32
+# include "config-win32.h"
+# endif
+#endif
+
+#if defined(macintosh) && defined(__MRC__)
+# include "config-mac.h"
+#endif
+
+#ifdef __riscos__
+# include "config-riscos.h"
+#endif
+
+#ifdef __AMIGA__
+# include "config-amigaos.h"
+#endif
+
+#ifdef __SYMBIAN32__
+# include "config-symbian.h"
+#endif
+
+#ifdef __OS400__
+# include "config-os400.h"
+#endif
+
+#ifdef TPF
+# include "config-tpf.h"
+#endif
+
+#ifdef __VXWORKS__
+# include "config-vxworks.h"
+#endif
+
+#endif /* HAVE_CONFIG_H */
/* ================================================================ */
/* Definition of preprocessor macros/symbols which modify compiler */
@@ -73,55 +130,21 @@
# endif
#endif
+/* Solaris needs this to get a POSIX-conformant getpwuid_r */
+#if defined(sun) || defined(__sun)
+# ifndef _POSIX_PTHREAD_SEMANTICS
+# define _POSIX_PTHREAD_SEMANTICS 1
+# endif
+#endif
+
/* ================================================================ */
/* If you need to include a system header file for your platform, */
/* please, do it beyond the point further indicated in this file. */
/* ================================================================ */
-/*
- * libcurl's external interface definitions are also used internally,
- * and might also include required system header files to define them.
- */
+#include <curl/curl.h>
-#include <curl/curlbuild.h>
-
-/*
- * Compile time sanity checks must also be done when building the library.
- */
-
-#include <curl/curlrules.h>
-
-/*
- * Ensure that no one is using the old SIZEOF_CURL_OFF_T macro
- */
-
-#ifdef SIZEOF_CURL_OFF_T
-# error "SIZEOF_CURL_OFF_T shall not be defined!"
- Error Compilation_aborted_SIZEOF_CURL_OFF_T_shall_not_be_defined
-#endif
-
-/*
- * Set up internal curl_off_t formatting string directives for
- * exclusive use with libcurl's internal *printf functions.
- */
-
-#ifdef FORMAT_OFF_T
-# error "FORMAT_OFF_T shall not be defined before this point!"
- Error Compilation_aborted_FORMAT_OFF_T_already_defined
-#endif
-
-#ifdef FORMAT_OFF_TU
-# error "FORMAT_OFF_TU shall not be defined before this point!"
- Error Compilation_aborted_FORMAT_OFF_TU_already_defined
-#endif
-
-#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
-# define FORMAT_OFF_T "lld"
-# define FORMAT_OFF_TU "llu"
-#else
-# define FORMAT_OFF_T "ld"
-# define FORMAT_OFF_TU "lu"
-#endif
+#define CURL_SIZEOF_CURL_OFF_T SIZEOF_CURL_OFF_T
/*
* Disable other protocols when http is the only one desired.
@@ -158,15 +181,12 @@
# ifndef CURL_DISABLE_SMTP
# define CURL_DISABLE_SMTP
# endif
-# ifndef CURL_DISABLE_RTSP
-# define CURL_DISABLE_RTSP
-# endif
-# ifndef CURL_DISABLE_RTMP
-# define CURL_DISABLE_RTMP
-# endif
# ifndef CURL_DISABLE_GOPHER
# define CURL_DISABLE_GOPHER
# endif
+# ifndef CURL_DISABLE_SMB
+# define CURL_DISABLE_SMB
+# endif
#endif
/*
@@ -179,7 +199,7 @@
/* ================================================================ */
/* No system header file shall be included in this file before this */
-/* point. The only allowed ones are those included from curlbuild.h */
+/* point. The only allowed ones are those included from curl/system.h */
/* ================================================================ */
/*
@@ -199,6 +219,15 @@
#endif
/*
+ * Use getaddrinfo to resolve the IPv4 address literal. If the current network
+ * interface doesn’t support IPv4, but supports IPv6, NAT64, and DNS64,
+ * performing this task will result in a synthesized IPv6 address.
+ */
+#ifdef __APPLE__
+#define USE_RESOLVE_ON_IPS 1
+#endif
+
+/*
* Include header files for windows builds before redefining anything.
* Use this preprocessor block only to include or exclude windows.h,
* winsock2.h, ws2tcpip.h or winsock.h. Any other windows thing belongs
@@ -216,14 +245,11 @@
# if defined(_UNICODE) && !defined(UNICODE)
# define UNICODE
# endif
-# ifndef WIN32_LEAN_AND_MEAN
-# define WIN32_LEAN_AND_MEAN
-# endif
# include <windows.h>
# ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
# ifdef HAVE_WS2TCPIP_H
-# include <ws2tcpip.h>
+# include <ws2tcpip.h>
# endif
# else
# ifdef HAVE_WINSOCK_H
@@ -435,8 +461,8 @@
# ifdef __minix
/* Minix 3 versions up to at least 3.1.3 are missing these prototypes */
- extern char * strtok_r(char *s, const char *delim, char **last);
- extern struct tm * gmtime_r(const time_t * const timep, struct tm *tmp);
+ extern char *strtok_r(char *s, const char *delim, char **last);
+ extern struct tm *gmtime_r(const time_t * const timep, struct tm *tmp);
# endif
# define DIR_CHAR "/"
@@ -450,7 +476,7 @@
# endif
# ifndef fileno /* sunos 4 have this as a macro! */
- int fileno( FILE *stream);
+ int fileno(FILE *stream);
# endif
#endif /* WIN32 */
@@ -458,9 +484,10 @@
/*
* msvc 6.0 requires PSDK in order to have INET6_ADDRSTRLEN
* defined in ws2tcpip.h as well as to provide IPv6 support.
+ * Does not apply if lwIP is used.
*/
-#if defined(_MSC_VER) && !defined(__POCC__)
+#if defined(_MSC_VER) && !defined(__POCC__) && !defined(USE_LWIPSOCK)
# if !defined(HAVE_WS2TCPIP_H) || \
((_MSC_VER < 1300) && !defined(INET6_ADDRSTRLEN))
# undef HAVE_GETADDRINFO_THREADSAFE
@@ -504,6 +531,7 @@
# define CURLRES_ARES
/* now undef the stock libc functions just to avoid them being used */
# undef HAVE_GETADDRINFO
+# undef HAVE_FREEADDRINFO
# undef HAVE_GETHOSTBYNAME
#elif defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
# define CURLRES_ASYNCH
@@ -565,10 +593,13 @@ int netware_init(void);
#endif
#endif
-#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H)
-/* The lib was present and the tld.h header (which is missing in libidn 0.3.X
- but we only work with libidn 0.4.1 or later) */
-#define USE_LIBIDN
+#if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H) && !defined(USE_WIN32_IDN)
+/* The lib and header are present */
+#define USE_LIBIDN2
+#endif
+
+#if defined(USE_LIBIDN2) && defined(USE_WIN32_IDN)
+#error "Both libidn2 and WinIDN are enabled, choose one."
#endif
#ifndef SIZEOF_TIME_T
@@ -578,28 +609,44 @@ int netware_init(void);
#define LIBIDN_REQUIRED_VERSION "0.4.1"
-#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || \
- defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || \
+#if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \
+ defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_MBEDTLS) || \
defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL) || defined(USE_GSKIT)
#define USE_SSL /* SSL support has been enabled */
#endif
-#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
-#define USE_HTTP_NEGOTIATE
+/* Single point where USE_SPNEGO definition might be defined */
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
+ (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
+#define USE_SPNEGO
#endif
-/* Single point where USE_NTLM definition might be done */
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM)
-#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
- defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL)
+/* Single point where USE_KERBEROS5 definition might be defined */
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
+ (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
+#define USE_KERBEROS5
+#endif
+
+/* Single point where USE_NTLM definition might be defined */
+#if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH)
+#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \
+ defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL) || \
+ defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \
+ defined(USE_MBEDTLS)
+
#define USE_NTLM
+
+# if defined(USE_MBEDTLS)
+/* Get definition of MBEDTLS_MD4_C */
+# include <mbedtls/md4.h>
+# endif
+
#endif
#endif
-/* non-configure builds may define CURL_WANTS_CA_BUNDLE_ENV */
-#if defined(CURL_WANTS_CA_BUNDLE_ENV) && !defined(CURL_CA_BUNDLE)
-#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")
+#ifdef CURL_WANTS_CA_BUNDLE_ENV
+#error "No longer supported. Set CURLOPT_CAINFO at runtime instead."
#endif
/*
@@ -611,8 +658,10 @@ int netware_init(void);
#if defined(__GNUC__) && ((__GNUC__ >= 3) || \
((__GNUC__ == 2) && defined(__GNUC_MINOR__) && (__GNUC_MINOR__ >= 7)))
# define UNUSED_PARAM __attribute__((__unused__))
+# define WARN_UNUSED_RESULT __attribute__((warn_unused_result))
#else
# define UNUSED_PARAM /*NOTHING*/
+# define WARN_UNUSED_RESULT
#endif
/*
@@ -635,7 +684,7 @@ int netware_init(void);
* Ensure that Winsock and lwIP TCP/IP stacks are not mixed.
*/
-#if defined(__LWIP_OPT_H__)
+#if defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)
# if defined(SOCKET) || \
defined(USE_WINSOCK) || \
defined(HAVE_WINSOCK_H) || \
@@ -665,4 +714,53 @@ int netware_init(void);
#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
#endif
+/* In Windows the default file mode is text but an application can override it.
+Therefore we specify it explicitly. https://github.com/curl/curl/pull/258
+*/
+#if defined(WIN32) || defined(MSDOS)
+#define FOPEN_READTEXT "rt"
+#define FOPEN_WRITETEXT "wt"
+#define FOPEN_APPENDTEXT "at"
+#elif defined(__CYGWIN__)
+/* Cygwin has specific behavior we need to address when WIN32 is not defined.
+https://cygwin.com/cygwin-ug-net/using-textbinary.html
+For write we want our output to have line endings of LF and be compatible with
+other Cygwin utilities. For read we want to handle input that may have line
+endings either CRLF or LF so 't' is appropriate.
+*/
+#define FOPEN_READTEXT "rt"
+#define FOPEN_WRITETEXT "w"
+#define FOPEN_APPENDTEXT "a"
+#else
+#define FOPEN_READTEXT "r"
+#define FOPEN_WRITETEXT "w"
+#define FOPEN_APPENDTEXT "a"
+#endif
+
+/* WinSock destroys recv() buffer when send() failed.
+ * Enabled automatically for Windows and for Cygwin as Cygwin sockets are
+ * wrappers for WinSock sockets. https://github.com/curl/curl/issues/657
+ * Define DONT_USE_RECV_BEFORE_SEND_WORKAROUND to force disable workaround.
+ */
+#if !defined(DONT_USE_RECV_BEFORE_SEND_WORKAROUND)
+# if defined(WIN32) || defined(__CYGWIN__)
+# define USE_RECV_BEFORE_SEND_WORKAROUND
+# endif
+#else /* DONT_USE_RECV_BEFORE_SEND_WORKAROUNDS */
+# ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+# undef USE_RECV_BEFORE_SEND_WORKAROUND
+# endif
+#endif /* DONT_USE_RECV_BEFORE_SEND_WORKAROUNDS */
+
+/* Detect Windows App environment which has a restricted access
+ * to the Win32 APIs. */
+# if (defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0602)) || \
+ defined(WINAPI_FAMILY)
+# include <winapifamily.h>
+# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+ !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+# define CURL_WINDOWS_APP
+# endif
+# endif
+
#endif /* HEADER_CURL_SETUP_H */
diff --git a/libs/libcurl/src/curl_setup_once.h b/libs/libcurl/src/curl_setup_once.h
index 69d6d47902..a5b542c6ee 100644
--- a/libs/libcurl/src/curl_setup_once.h
+++ b/libs/libcurl/src/curl_setup_once.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -196,7 +196,7 @@ struct timeval {
/* */
#else
#define swrite(x,y,z) (ssize_t)send((SEND_TYPE_ARG1)(x), \
- (SEND_TYPE_ARG2)(y), \
+ (SEND_QUAL_ARG2 SEND_TYPE_ARG2)(y), \
(SEND_TYPE_ARG3)(z), \
(SEND_TYPE_ARG4)(SEND_4TH_ARG))
#endif
@@ -436,20 +436,6 @@ typedef int sig_atomic_t;
/*
- * Macro ERRNO / SET_ERRNO() returns / sets the NOT *socket-related* errno
- * (or equivalent) on this platform to hide platform details to code using it.
- */
-
-#if defined(WIN32) && !defined(USE_LWIPSOCK)
-#define ERRNO ((int)GetLastError())
-#define SET_ERRNO(x) (SetLastError((DWORD)(x)))
-#else
-#define ERRNO (errno)
-#define SET_ERRNO(x) (errno = (x))
-#endif
-
-
-/*
* Portable error number symbolic names defined to Winsock error codes.
*/
diff --git a/libs/libcurl/src/curl_sha256.h b/libs/libcurl/src/curl_sha256.h
new file mode 100644
index 0000000000..6db4b04dbb
--- /dev/null
+++ b/libs/libcurl/src/curl_sha256.h
@@ -0,0 +1,32 @@
+#ifndef HEADER_CURL_SHA256_H
+#define HEADER_CURL_SHA256_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2010, Florin Petriuc, <petriuc.florin@gmail.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+
+void Curl_sha256it(unsigned char *outbuffer,
+ const unsigned char *input);
+
+#endif
+
+#endif /* HEADER_CURL_SHA256_H */
diff --git a/libs/libcurl/src/curl_sspi.c b/libs/libcurl/src/curl_sspi.c
index e747d86b1d..11a7120a9f 100644
--- a/libs/libcurl/src/curl_sspi.c
+++ b/libs/libcurl/src/curl_sspi.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,14 +25,13 @@
#ifdef USE_WINDOWS_SSPI
#include <curl/curl.h>
-
#include "curl_sspi.h"
+#include "curl_multibyte.h"
+#include "system_win32.h"
+#include "warnless.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last #include files should be: */
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/* We use our own typedef here since some headers might lack these */
@@ -65,31 +64,28 @@ PSecurityFunctionTable s_pSecFn = NULL;
*
* Once this function has been executed, Windows SSPI functions can be
* called through the Security Service Provider Interface dispatch table.
+ *
+ * Parameters:
+ *
+ * None.
+ *
+ * Returns CURLE_OK on success.
*/
CURLcode Curl_sspi_global_init(void)
{
- OSVERSIONINFO osver;
INITSECURITYINTERFACE_FN pInitSecurityInterface;
/* If security interface is not yet initialized try to do this */
if(!s_hSecDll) {
-
- /* Find out Windows version */
- memset(&osver, 0, sizeof(osver));
- osver.dwOSVersionInfoSize = sizeof(osver);
- if(!GetVersionEx(&osver))
- return CURLE_FAILED_INIT;
-
/* Security Service Provider Interface (SSPI) functions are located in
* security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
* have both these DLLs (security.dll forwards calls to secur32.dll) */
/* Load SSPI dll into the address space of the calling process */
- if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
- && osver.dwMajorVersion == 4)
- s_hSecDll = LoadLibrary(TEXT("security.dll"));
+ if(Curl_verify_windows_version(4, 0, PLATFORM_WINNT, VERSION_EQUAL))
+ s_hSecDll = Curl_load_library(TEXT("security.dll"));
else
- s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
+ s_hSecDll = Curl_load_library(TEXT("secur32.dll"));
if(!s_hSecDll)
return CURLE_FAILED_INIT;
@@ -112,8 +108,11 @@ CURLcode Curl_sspi_global_init(void)
* Curl_sspi_global_cleanup()
*
* This deinitializes the Security Service Provider Interface from libcurl.
+ *
+ * Parameters:
+ *
+ * None.
*/
-
void Curl_sspi_global_cleanup(void)
{
if(s_hSecDll) {
@@ -123,4 +122,114 @@ void Curl_sspi_global_cleanup(void)
}
}
+/*
+ * Curl_create_sspi_identity()
+ *
+ * This is used to populate a SSPI identity structure based on the supplied
+ * username and password.
+ *
+ * Parameters:
+ *
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * identity [in/out] - The identity structure.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
+ SEC_WINNT_AUTH_IDENTITY *identity)
+{
+ xcharp_u useranddomain;
+ xcharp_u user, dup_user;
+ xcharp_u domain, dup_domain;
+ xcharp_u passwd, dup_passwd;
+ size_t domlen = 0;
+
+ domain.const_tchar_ptr = TEXT("");
+
+ /* Initialize the identity */
+ memset(identity, 0, sizeof(*identity));
+
+ useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
+ if(!useranddomain.tchar_ptr)
+ return CURLE_OUT_OF_MEMORY;
+
+ user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
+ if(!user.const_tchar_ptr)
+ user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
+
+ if(user.tchar_ptr) {
+ domain.tchar_ptr = useranddomain.tchar_ptr;
+ domlen = user.tchar_ptr - useranddomain.tchar_ptr;
+ user.tchar_ptr++;
+ }
+ else {
+ user.tchar_ptr = useranddomain.tchar_ptr;
+ domain.const_tchar_ptr = TEXT("");
+ domlen = 0;
+ }
+
+ /* Setup the identity's user and length */
+ dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
+ if(!dup_user.tchar_ptr) {
+ Curl_unicodefree(useranddomain.tchar_ptr);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ identity->User = dup_user.tbyte_ptr;
+ identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
+ dup_user.tchar_ptr = NULL;
+
+ /* Setup the identity's domain and length */
+ dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
+ if(!dup_domain.tchar_ptr) {
+ Curl_unicodefree(useranddomain.tchar_ptr);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
+ *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
+ identity->Domain = dup_domain.tbyte_ptr;
+ identity->DomainLength = curlx_uztoul(domlen);
+ dup_domain.tchar_ptr = NULL;
+
+ Curl_unicodefree(useranddomain.tchar_ptr);
+
+ /* Setup the identity's password and length */
+ passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
+ if(!passwd.tchar_ptr)
+ return CURLE_OUT_OF_MEMORY;
+ dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
+ if(!dup_passwd.tchar_ptr) {
+ Curl_unicodefree(passwd.tchar_ptr);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ identity->Password = dup_passwd.tbyte_ptr;
+ identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
+ dup_passwd.tchar_ptr = NULL;
+
+ Curl_unicodefree(passwd.tchar_ptr);
+
+ /* Setup the identity's flags */
+ identity->Flags = SECFLAG_WINNT_AUTH_IDENTITY;
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_sspi_free_identity()
+ *
+ * This is used to free the contents of a SSPI identifier structure.
+ *
+ * Parameters:
+ *
+ * identity [in/out] - The identity structure.
+ */
+void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity)
+{
+ if(identity) {
+ Curl_safefree(identity->User);
+ Curl_safefree(identity->Password);
+ Curl_safefree(identity->Domain);
+ }
+}
+
#endif /* USE_WINDOWS_SSPI */
diff --git a/libs/libcurl/src/curl_sspi.h b/libs/libcurl/src/curl_sspi.h
index d525828564..2bbf9477bb 100644
--- a/libs/libcurl/src/curl_sspi.h
+++ b/libs/libcurl/src/curl_sspi.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -43,251 +43,308 @@
CURLcode Curl_sspi_global_init(void);
void Curl_sspi_global_cleanup(void);
-/* Forward-declaration of global variables defined in curl_sspi.c */
+/* This is used to populate the domain in a SSPI identity structure */
+CURLcode Curl_override_sspi_http_realm(const char *chlg,
+ SEC_WINNT_AUTH_IDENTITY *identity);
+
+/* This is used to generate an SSPI identity structure */
+CURLcode Curl_create_sspi_identity(const char *userp, const char *passwdp,
+ SEC_WINNT_AUTH_IDENTITY *identity);
+
+/* This is used to free an SSPI identity structure */
+void Curl_sspi_free_identity(SEC_WINNT_AUTH_IDENTITY *identity);
+/* Forward-declaration of global variables defined in curl_sspi.c */
extern HMODULE s_hSecDll;
extern PSecurityFunctionTable s_pSecFn;
/* Provide some definitions missing in old headers */
+#define SP_NAME_DIGEST "WDigest"
+#define SP_NAME_NTLM "NTLM"
+#define SP_NAME_NEGOTIATE "Negotiate"
+#define SP_NAME_KERBEROS "Kerberos"
+
+#ifndef ISC_REQ_USE_HTTP_STYLE
+#define ISC_REQ_USE_HTTP_STYLE 0x01000000
+#endif
+
+#ifndef ISC_RET_REPLAY_DETECT
+#define ISC_RET_REPLAY_DETECT 0x00000004
+#endif
+
+#ifndef ISC_RET_SEQUENCE_DETECT
+#define ISC_RET_SEQUENCE_DETECT 0x00000008
+#endif
+
+#ifndef ISC_RET_CONFIDENTIALITY
+#define ISC_RET_CONFIDENTIALITY 0x00000010
+#endif
+
+#ifndef ISC_RET_ALLOCATED_MEMORY
+#define ISC_RET_ALLOCATED_MEMORY 0x00000100
+#endif
+
+#ifndef ISC_RET_STREAM
+#define ISC_RET_STREAM 0x00008000
+#endif
#ifndef SEC_E_INSUFFICIENT_MEMORY
-# define SEC_E_INSUFFICIENT_MEMORY ((HRESULT)0x80090300L)
+# define SEC_E_INSUFFICIENT_MEMORY ((HRESULT)0x80090300L)
#endif
#ifndef SEC_E_INVALID_HANDLE
-# define SEC_E_INVALID_HANDLE ((HRESULT)0x80090301L)
+# define SEC_E_INVALID_HANDLE ((HRESULT)0x80090301L)
#endif
#ifndef SEC_E_UNSUPPORTED_FUNCTION
-# define SEC_E_UNSUPPORTED_FUNCTION ((HRESULT)0x80090302L)
+# define SEC_E_UNSUPPORTED_FUNCTION ((HRESULT)0x80090302L)
#endif
#ifndef SEC_E_TARGET_UNKNOWN
-# define SEC_E_TARGET_UNKNOWN ((HRESULT)0x80090303L)
+# define SEC_E_TARGET_UNKNOWN ((HRESULT)0x80090303L)
#endif
#ifndef SEC_E_INTERNAL_ERROR
-# define SEC_E_INTERNAL_ERROR ((HRESULT)0x80090304L)
+# define SEC_E_INTERNAL_ERROR ((HRESULT)0x80090304L)
#endif
#ifndef SEC_E_SECPKG_NOT_FOUND
-# define SEC_E_SECPKG_NOT_FOUND ((HRESULT)0x80090305L)
+# define SEC_E_SECPKG_NOT_FOUND ((HRESULT)0x80090305L)
#endif
#ifndef SEC_E_NOT_OWNER
-# define SEC_E_NOT_OWNER ((HRESULT)0x80090306L)
+# define SEC_E_NOT_OWNER ((HRESULT)0x80090306L)
#endif
#ifndef SEC_E_CANNOT_INSTALL
-# define SEC_E_CANNOT_INSTALL ((HRESULT)0x80090307L)
+# define SEC_E_CANNOT_INSTALL ((HRESULT)0x80090307L)
#endif
#ifndef SEC_E_INVALID_TOKEN
-# define SEC_E_INVALID_TOKEN ((HRESULT)0x80090308L)
+# define SEC_E_INVALID_TOKEN ((HRESULT)0x80090308L)
#endif
#ifndef SEC_E_CANNOT_PACK
-# define SEC_E_CANNOT_PACK ((HRESULT)0x80090309L)
+# define SEC_E_CANNOT_PACK ((HRESULT)0x80090309L)
#endif
#ifndef SEC_E_QOP_NOT_SUPPORTED
-# define SEC_E_QOP_NOT_SUPPORTED ((HRESULT)0x8009030AL)
+# define SEC_E_QOP_NOT_SUPPORTED ((HRESULT)0x8009030AL)
#endif
#ifndef SEC_E_NO_IMPERSONATION
-# define SEC_E_NO_IMPERSONATION ((HRESULT)0x8009030BL)
+# define SEC_E_NO_IMPERSONATION ((HRESULT)0x8009030BL)
#endif
#ifndef SEC_E_LOGON_DENIED
-# define SEC_E_LOGON_DENIED ((HRESULT)0x8009030CL)
+# define SEC_E_LOGON_DENIED ((HRESULT)0x8009030CL)
#endif
#ifndef SEC_E_UNKNOWN_CREDENTIALS
-# define SEC_E_UNKNOWN_CREDENTIALS ((HRESULT)0x8009030DL)
+# define SEC_E_UNKNOWN_CREDENTIALS ((HRESULT)0x8009030DL)
#endif
#ifndef SEC_E_NO_CREDENTIALS
-# define SEC_E_NO_CREDENTIALS ((HRESULT)0x8009030EL)
+# define SEC_E_NO_CREDENTIALS ((HRESULT)0x8009030EL)
#endif
#ifndef SEC_E_MESSAGE_ALTERED
-# define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL)
+# define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL)
#endif
#ifndef SEC_E_OUT_OF_SEQUENCE
-# define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L)
+# define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L)
#endif
#ifndef SEC_E_NO_AUTHENTICATING_AUTHORITY
-# define SEC_E_NO_AUTHENTICATING_AUTHORITY ((HRESULT)0x80090311L)
+# define SEC_E_NO_AUTHENTICATING_AUTHORITY ((HRESULT)0x80090311L)
#endif
#ifndef SEC_E_BAD_PKGID
-# define SEC_E_BAD_PKGID ((HRESULT)0x80090316L)
+# define SEC_E_BAD_PKGID ((HRESULT)0x80090316L)
#endif
#ifndef SEC_E_CONTEXT_EXPIRED
-# define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L)
+# define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L)
#endif
#ifndef SEC_E_INCOMPLETE_MESSAGE
-# define SEC_E_INCOMPLETE_MESSAGE ((HRESULT)0x80090318L)
+# define SEC_E_INCOMPLETE_MESSAGE ((HRESULT)0x80090318L)
#endif
#ifndef SEC_E_INCOMPLETE_CREDENTIALS
-# define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L)
+# define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L)
#endif
#ifndef SEC_E_BUFFER_TOO_SMALL
-# define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L)
+# define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L)
#endif
#ifndef SEC_E_WRONG_PRINCIPAL
-# define SEC_E_WRONG_PRINCIPAL ((HRESULT)0x80090322L)
+# define SEC_E_WRONG_PRINCIPAL ((HRESULT)0x80090322L)
#endif
#ifndef SEC_E_TIME_SKEW
-# define SEC_E_TIME_SKEW ((HRESULT)0x80090324L)
+# define SEC_E_TIME_SKEW ((HRESULT)0x80090324L)
#endif
#ifndef SEC_E_UNTRUSTED_ROOT
-# define SEC_E_UNTRUSTED_ROOT ((HRESULT)0x80090325L)
+# define SEC_E_UNTRUSTED_ROOT ((HRESULT)0x80090325L)
#endif
#ifndef SEC_E_ILLEGAL_MESSAGE
-# define SEC_E_ILLEGAL_MESSAGE ((HRESULT)0x80090326L)
+# define SEC_E_ILLEGAL_MESSAGE ((HRESULT)0x80090326L)
#endif
#ifndef SEC_E_CERT_UNKNOWN
-# define SEC_E_CERT_UNKNOWN ((HRESULT)0x80090327L)
+# define SEC_E_CERT_UNKNOWN ((HRESULT)0x80090327L)
#endif
#ifndef SEC_E_CERT_EXPIRED
-# define SEC_E_CERT_EXPIRED ((HRESULT)0x80090328L)
+# define SEC_E_CERT_EXPIRED ((HRESULT)0x80090328L)
#endif
#ifndef SEC_E_ENCRYPT_FAILURE
-# define SEC_E_ENCRYPT_FAILURE ((HRESULT)0x80090329L)
+# define SEC_E_ENCRYPT_FAILURE ((HRESULT)0x80090329L)
#endif
#ifndef SEC_E_DECRYPT_FAILURE
-# define SEC_E_DECRYPT_FAILURE ((HRESULT)0x80090330L)
+# define SEC_E_DECRYPT_FAILURE ((HRESULT)0x80090330L)
#endif
#ifndef SEC_E_ALGORITHM_MISMATCH
-# define SEC_E_ALGORITHM_MISMATCH ((HRESULT)0x80090331L)
+# define SEC_E_ALGORITHM_MISMATCH ((HRESULT)0x80090331L)
#endif
#ifndef SEC_E_SECURITY_QOS_FAILED
-# define SEC_E_SECURITY_QOS_FAILED ((HRESULT)0x80090332L)
+# define SEC_E_SECURITY_QOS_FAILED ((HRESULT)0x80090332L)
#endif
#ifndef SEC_E_UNFINISHED_CONTEXT_DELETED
-# define SEC_E_UNFINISHED_CONTEXT_DELETED ((HRESULT)0x80090333L)
+# define SEC_E_UNFINISHED_CONTEXT_DELETED ((HRESULT)0x80090333L)
#endif
#ifndef SEC_E_NO_TGT_REPLY
-# define SEC_E_NO_TGT_REPLY ((HRESULT)0x80090334L)
+# define SEC_E_NO_TGT_REPLY ((HRESULT)0x80090334L)
#endif
#ifndef SEC_E_NO_IP_ADDRESSES
-# define SEC_E_NO_IP_ADDRESSES ((HRESULT)0x80090335L)
+# define SEC_E_NO_IP_ADDRESSES ((HRESULT)0x80090335L)
#endif
#ifndef SEC_E_WRONG_CREDENTIAL_HANDLE
-# define SEC_E_WRONG_CREDENTIAL_HANDLE ((HRESULT)0x80090336L)
+# define SEC_E_WRONG_CREDENTIAL_HANDLE ((HRESULT)0x80090336L)
#endif
#ifndef SEC_E_CRYPTO_SYSTEM_INVALID
-# define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L)
+# define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L)
#endif
#ifndef SEC_E_MAX_REFERRALS_EXCEEDED
-# define SEC_E_MAX_REFERRALS_EXCEEDED ((HRESULT)0x80090338L)
+# define SEC_E_MAX_REFERRALS_EXCEEDED ((HRESULT)0x80090338L)
#endif
#ifndef SEC_E_MUST_BE_KDC
-# define SEC_E_MUST_BE_KDC ((HRESULT)0x80090339L)
+# define SEC_E_MUST_BE_KDC ((HRESULT)0x80090339L)
#endif
#ifndef SEC_E_STRONG_CRYPTO_NOT_SUPPORTED
-# define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED ((HRESULT)0x8009033AL)
+# define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED ((HRESULT)0x8009033AL)
#endif
#ifndef SEC_E_TOO_MANY_PRINCIPALS
-# define SEC_E_TOO_MANY_PRINCIPALS ((HRESULT)0x8009033BL)
+# define SEC_E_TOO_MANY_PRINCIPALS ((HRESULT)0x8009033BL)
#endif
#ifndef SEC_E_NO_PA_DATA
-# define SEC_E_NO_PA_DATA ((HRESULT)0x8009033CL)
+# define SEC_E_NO_PA_DATA ((HRESULT)0x8009033CL)
#endif
#ifndef SEC_E_PKINIT_NAME_MISMATCH
-# define SEC_E_PKINIT_NAME_MISMATCH ((HRESULT)0x8009033DL)
+# define SEC_E_PKINIT_NAME_MISMATCH ((HRESULT)0x8009033DL)
#endif
#ifndef SEC_E_SMARTCARD_LOGON_REQUIRED
-# define SEC_E_SMARTCARD_LOGON_REQUIRED ((HRESULT)0x8009033EL)
+# define SEC_E_SMARTCARD_LOGON_REQUIRED ((HRESULT)0x8009033EL)
#endif
#ifndef SEC_E_SHUTDOWN_IN_PROGRESS
-# define SEC_E_SHUTDOWN_IN_PROGRESS ((HRESULT)0x8009033FL)
+# define SEC_E_SHUTDOWN_IN_PROGRESS ((HRESULT)0x8009033FL)
#endif
#ifndef SEC_E_KDC_INVALID_REQUEST
-# define SEC_E_KDC_INVALID_REQUEST ((HRESULT)0x80090340L)
+# define SEC_E_KDC_INVALID_REQUEST ((HRESULT)0x80090340L)
#endif
#ifndef SEC_E_KDC_UNABLE_TO_REFER
-# define SEC_E_KDC_UNABLE_TO_REFER ((HRESULT)0x80090341L)
+# define SEC_E_KDC_UNABLE_TO_REFER ((HRESULT)0x80090341L)
#endif
#ifndef SEC_E_KDC_UNKNOWN_ETYPE
-# define SEC_E_KDC_UNKNOWN_ETYPE ((HRESULT)0x80090342L)
+# define SEC_E_KDC_UNKNOWN_ETYPE ((HRESULT)0x80090342L)
#endif
#ifndef SEC_E_UNSUPPORTED_PREAUTH
-# define SEC_E_UNSUPPORTED_PREAUTH ((HRESULT)0x80090343L)
+# define SEC_E_UNSUPPORTED_PREAUTH ((HRESULT)0x80090343L)
#endif
#ifndef SEC_E_DELEGATION_REQUIRED
-# define SEC_E_DELEGATION_REQUIRED ((HRESULT)0x80090345L)
+# define SEC_E_DELEGATION_REQUIRED ((HRESULT)0x80090345L)
#endif
#ifndef SEC_E_BAD_BINDINGS
-# define SEC_E_BAD_BINDINGS ((HRESULT)0x80090346L)
+# define SEC_E_BAD_BINDINGS ((HRESULT)0x80090346L)
#endif
#ifndef SEC_E_MULTIPLE_ACCOUNTS
-# define SEC_E_MULTIPLE_ACCOUNTS ((HRESULT)0x80090347L)
+# define SEC_E_MULTIPLE_ACCOUNTS ((HRESULT)0x80090347L)
#endif
#ifndef SEC_E_NO_KERB_KEY
-# define SEC_E_NO_KERB_KEY ((HRESULT)0x80090348L)
+# define SEC_E_NO_KERB_KEY ((HRESULT)0x80090348L)
#endif
#ifndef SEC_E_CERT_WRONG_USAGE
-# define SEC_E_CERT_WRONG_USAGE ((HRESULT)0x80090349L)
+# define SEC_E_CERT_WRONG_USAGE ((HRESULT)0x80090349L)
#endif
#ifndef SEC_E_DOWNGRADE_DETECTED
-# define SEC_E_DOWNGRADE_DETECTED ((HRESULT)0x80090350L)
+# define SEC_E_DOWNGRADE_DETECTED ((HRESULT)0x80090350L)
#endif
#ifndef SEC_E_SMARTCARD_CERT_REVOKED
-# define SEC_E_SMARTCARD_CERT_REVOKED ((HRESULT)0x80090351L)
+# define SEC_E_SMARTCARD_CERT_REVOKED ((HRESULT)0x80090351L)
#endif
#ifndef SEC_E_ISSUING_CA_UNTRUSTED
-# define SEC_E_ISSUING_CA_UNTRUSTED ((HRESULT)0x80090352L)
+# define SEC_E_ISSUING_CA_UNTRUSTED ((HRESULT)0x80090352L)
#endif
#ifndef SEC_E_REVOCATION_OFFLINE_C
-# define SEC_E_REVOCATION_OFFLINE_C ((HRESULT)0x80090353L)
+# define SEC_E_REVOCATION_OFFLINE_C ((HRESULT)0x80090353L)
#endif
#ifndef SEC_E_PKINIT_CLIENT_FAILURE
-# define SEC_E_PKINIT_CLIENT_FAILURE ((HRESULT)0x80090354L)
+# define SEC_E_PKINIT_CLIENT_FAILURE ((HRESULT)0x80090354L)
#endif
#ifndef SEC_E_SMARTCARD_CERT_EXPIRED
-# define SEC_E_SMARTCARD_CERT_EXPIRED ((HRESULT)0x80090355L)
+# define SEC_E_SMARTCARD_CERT_EXPIRED ((HRESULT)0x80090355L)
#endif
#ifndef SEC_E_NO_S4U_PROT_SUPPORT
-# define SEC_E_NO_S4U_PROT_SUPPORT ((HRESULT)0x80090356L)
+# define SEC_E_NO_S4U_PROT_SUPPORT ((HRESULT)0x80090356L)
#endif
#ifndef SEC_E_CROSSREALM_DELEGATION_FAILURE
-# define SEC_E_CROSSREALM_DELEGATION_FAILURE ((HRESULT)0x80090357L)
+# define SEC_E_CROSSREALM_DELEGATION_FAILURE ((HRESULT)0x80090357L)
#endif
#ifndef SEC_E_REVOCATION_OFFLINE_KDC
-# define SEC_E_REVOCATION_OFFLINE_KDC ((HRESULT)0x80090358L)
+# define SEC_E_REVOCATION_OFFLINE_KDC ((HRESULT)0x80090358L)
#endif
#ifndef SEC_E_ISSUING_CA_UNTRUSTED_KDC
-# define SEC_E_ISSUING_CA_UNTRUSTED_KDC ((HRESULT)0x80090359L)
+# define SEC_E_ISSUING_CA_UNTRUSTED_KDC ((HRESULT)0x80090359L)
#endif
#ifndef SEC_E_KDC_CERT_EXPIRED
-# define SEC_E_KDC_CERT_EXPIRED ((HRESULT)0x8009035AL)
+# define SEC_E_KDC_CERT_EXPIRED ((HRESULT)0x8009035AL)
#endif
#ifndef SEC_E_KDC_CERT_REVOKED
-# define SEC_E_KDC_CERT_REVOKED ((HRESULT)0x8009035BL)
+# define SEC_E_KDC_CERT_REVOKED ((HRESULT)0x8009035BL)
#endif
#ifndef SEC_E_INVALID_PARAMETER
-# define SEC_E_INVALID_PARAMETER ((HRESULT)0x8009035DL)
+# define SEC_E_INVALID_PARAMETER ((HRESULT)0x8009035DL)
#endif
#ifndef SEC_E_DELEGATION_POLICY
-# define SEC_E_DELEGATION_POLICY ((HRESULT)0x8009035EL)
+# define SEC_E_DELEGATION_POLICY ((HRESULT)0x8009035EL)
#endif
#ifndef SEC_E_POLICY_NLTM_ONLY
-# define SEC_E_POLICY_NLTM_ONLY ((HRESULT)0x8009035FL)
+# define SEC_E_POLICY_NLTM_ONLY ((HRESULT)0x8009035FL)
#endif
#ifndef SEC_I_CONTINUE_NEEDED
-# define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L)
+# define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L)
#endif
#ifndef SEC_I_COMPLETE_NEEDED
-# define SEC_I_COMPLETE_NEEDED ((HRESULT)0x00090313L)
+# define SEC_I_COMPLETE_NEEDED ((HRESULT)0x00090313L)
#endif
#ifndef SEC_I_COMPLETE_AND_CONTINUE
-# define SEC_I_COMPLETE_AND_CONTINUE ((HRESULT)0x00090314L)
+# define SEC_I_COMPLETE_AND_CONTINUE ((HRESULT)0x00090314L)
#endif
#ifndef SEC_I_LOCAL_LOGON
-# define SEC_I_LOCAL_LOGON ((HRESULT)0x00090315L)
+# define SEC_I_LOCAL_LOGON ((HRESULT)0x00090315L)
#endif
#ifndef SEC_I_CONTEXT_EXPIRED
-# define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L)
+# define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L)
#endif
#ifndef SEC_I_INCOMPLETE_CREDENTIALS
-# define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L)
+# define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L)
#endif
#ifndef SEC_I_RENEGOTIATE
-# define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L)
+# define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L)
#endif
#ifndef SEC_I_NO_LSA_CONTEXT
-# define SEC_I_NO_LSA_CONTEXT ((HRESULT)0x00090323L)
+# define SEC_I_NO_LSA_CONTEXT ((HRESULT)0x00090323L)
#endif
#ifndef SEC_I_SIGNATURE_NEEDED
-# define SEC_I_SIGNATURE_NEEDED ((HRESULT)0x0009035CL)
+# define SEC_I_SIGNATURE_NEEDED ((HRESULT)0x0009035CL)
+#endif
+
+#ifndef CRYPT_E_REVOKED
+# define CRYPT_E_REVOKED ((HRESULT)0x80092010L)
#endif
+#ifdef UNICODE
+# define SECFLAG_WINNT_AUTH_IDENTITY \
+ (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
+#else
+# define SECFLAG_WINNT_AUTH_IDENTITY \
+ (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
+#endif
+
+/*
+ * Definitions required from ntsecapi.h are directly provided below this point
+ * to avoid including ntsecapi.h due to a conflict with OpenSSL's safestack.h
+ */
+#define KERB_WRAP_NO_ENCRYPT 0x80000001
+
#endif /* USE_WINDOWS_SSPI */
+
#endif /* HEADER_CURL_SSPI_H */
diff --git a/libs/libcurl/src/curl_threads.c b/libs/libcurl/src/curl_threads.c
index c9e91f63ab..c1624a9136 100644
--- a/libs/libcurl/src/curl_threads.c
+++ b/libs/libcurl/src/curl_threads.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,8 @@
#include "curl_setup.h"
+#include <curl/curl.h>
+
#if defined(USE_THREADS_POSIX)
# ifdef HAVE_PTHREAD_H
# include <pthread.h>
@@ -33,10 +35,6 @@
#endif
#include "curl_threads.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -61,34 +59,40 @@ static void *curl_thread_create_thunk(void *arg)
return 0;
}
-curl_thread_t Curl_thread_create(unsigned int (*func) (void*), void *arg)
+curl_thread_t Curl_thread_create(unsigned int (*func) (void *), void *arg)
{
- curl_thread_t t;
+ curl_thread_t t = malloc(sizeof(pthread_t));
struct curl_actual_call *ac = malloc(sizeof(struct curl_actual_call));
- if(!ac)
- return curl_thread_t_null;
+ if(!(ac && t))
+ goto err;
ac->func = func;
ac->arg = arg;
- if(pthread_create(&t, NULL, curl_thread_create_thunk, ac) != 0) {
- free(ac);
- return curl_thread_t_null;
- }
+ if(pthread_create(t, NULL, curl_thread_create_thunk, ac) != 0)
+ goto err;
return t;
+
+err:
+ free(t);
+ free(ac);
+ return curl_thread_t_null;
}
void Curl_thread_destroy(curl_thread_t hnd)
{
- if(hnd != curl_thread_t_null)
- pthread_detach(hnd);
+ if(hnd != curl_thread_t_null) {
+ pthread_detach(*hnd);
+ free(hnd);
+ }
}
int Curl_thread_join(curl_thread_t *hnd)
{
- int ret = (pthread_join(*hnd, NULL) == 0);
+ int ret = (pthread_join(**hnd, NULL) == 0);
+ free(*hnd);
*hnd = curl_thread_t_null;
return ret;
@@ -96,18 +100,26 @@ int Curl_thread_join(curl_thread_t *hnd)
#elif defined(USE_THREADS_WIN32)
-curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void*),
+/* !checksrc! disable SPACEBEFOREPAREN 1 */
+curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void *),
void *arg)
{
+ curl_thread_t t;
#ifdef _WIN32_WCE
- return CreateThread(NULL, 0, func, arg, 0, NULL);
+ t = CreateThread(NULL, 0, func, arg, 0, NULL);
#else
- curl_thread_t t;
t = (curl_thread_t)_beginthreadex(NULL, 0, func, arg, 0, NULL);
- if((t == 0) || (t == (curl_thread_t)-1L))
+#endif
+ if((t == 0) || (t == LongToHandle(-1L))) {
+#ifdef _WIN32_WCE
+ DWORD gle = GetLastError();
+ errno = ((gle == ERROR_ACCESS_DENIED ||
+ gle == ERROR_NOT_ENOUGH_MEMORY) ?
+ EACCES : EINVAL);
+#endif
return curl_thread_t_null;
+ }
return t;
-#endif
}
void Curl_thread_destroy(curl_thread_t hnd)
@@ -117,7 +129,12 @@ void Curl_thread_destroy(curl_thread_t hnd)
int Curl_thread_join(curl_thread_t *hnd)
{
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_VISTA) || \
+ (_WIN32_WINNT < _WIN32_WINNT_VISTA)
int ret = (WaitForSingleObject(*hnd, INFINITE) == WAIT_OBJECT_0);
+#else
+ int ret = (WaitForSingleObjectEx(*hnd, INFINITE, FALSE) == WAIT_OBJECT_0);
+#endif
Curl_thread_destroy(*hnd);
diff --git a/libs/libcurl/src/curl_threads.h b/libs/libcurl/src/curl_threads.h
index d9cec6b294..9e0d14a30d 100644
--- a/libs/libcurl/src/curl_threads.h
+++ b/libs/libcurl/src/curl_threads.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,8 +26,8 @@
#if defined(USE_THREADS_POSIX)
# define CURL_STDCALL
# define curl_mutex_t pthread_mutex_t
-# define curl_thread_t pthread_t
-# define curl_thread_t_null (pthread_t)0
+# define curl_thread_t pthread_t *
+# define curl_thread_t_null (pthread_t *)0
# define Curl_mutex_init(m) pthread_mutex_init(m, NULL)
# define Curl_mutex_acquire(m) pthread_mutex_lock(m)
# define Curl_mutex_release(m) pthread_mutex_unlock(m)
@@ -37,7 +37,12 @@
# define curl_mutex_t CRITICAL_SECTION
# define curl_thread_t HANDLE
# define curl_thread_t_null (HANDLE)0
-# define Curl_mutex_init(m) InitializeCriticalSection(m)
+# if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_VISTA) || \
+ (_WIN32_WINNT < _WIN32_WINNT_VISTA)
+# define Curl_mutex_init(m) InitializeCriticalSection(m)
+# else
+# define Curl_mutex_init(m) InitializeCriticalSectionEx(m, 0, 1)
+# endif
# define Curl_mutex_acquire(m) EnterCriticalSection(m)
# define Curl_mutex_release(m) LeaveCriticalSection(m)
# define Curl_mutex_destroy(m) DeleteCriticalSection(m)
@@ -45,7 +50,8 @@
#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
-curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void*),
+/* !checksrc! disable SPACEBEFOREPAREN 1 */
+curl_thread_t Curl_thread_create(unsigned int (CURL_STDCALL *func) (void *),
void *arg);
void Curl_thread_destroy(curl_thread_t hnd);
diff --git a/libs/libcurl/src/curlx.h b/libs/libcurl/src/curlx.h
index 9dc90a004b..6e418266b1 100644
--- a/libs/libcurl/src/curlx.h
+++ b/libs/libcurl/src/curlx.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -34,24 +34,14 @@
functions while they still are offered publicly. They will be made library-
private one day */
-#include "strequal.h"
-/* "strequal.h" provides the strequal protos */
+#include "strcase.h"
+/* "strcase.h" provides the strcasecompare protos */
#include "strtoofft.h"
/* "strtoofft.h" provides this function: curlx_strtoofft(), returns a
curl_off_t number from a given string.
*/
-#include "timeval.h"
-/*
- "timeval.h" sets up a 'struct timeval' even for platforms that otherwise
- don't have one and has protos for these functions:
-
- curlx_tvnow()
- curlx_tvdiff()
- curlx_tvdiff_secs()
-*/
-
#include "nonblock.h"
/* "nonblock.h" provides curlx_nonblock() */
@@ -67,15 +57,12 @@
be removed from a future libcurl official API:
curlx_getenv
curlx_mprintf (and its variations)
- curlx_strequal
- curlx_strnequal
+ curlx_strcasecompare
+ curlx_strncasecompare
*/
#define curlx_getenv curl_getenv
-#define curlx_strequal curl_strequal
-#define curlx_strnequal curl_strnequal
-#define curlx_raw_equal Curl_raw_equal
#define curlx_mvsnprintf curl_mvsnprintf
#define curlx_msnprintf curl_msnprintf
#define curlx_maprintf curl_maprintf
@@ -90,8 +77,7 @@
#ifdef ENABLE_CURLX_PRINTF
/* If this define is set, we define all "standard" printf() functions to use
the curlx_* version instead. It makes the source code transparent and
- easier to understand/patch. Undefine them first in case _MPRINTF_REPLACE
- is set. */
+ easier to understand/patch. Undefine them first. */
# undef printf
# undef fprintf
# undef sprintf
diff --git a/libs/libcurl/src/cyassl.c b/libs/libcurl/src/cyassl.c
deleted file mode 100644
index 7c78464d8a..0000000000
--- a/libs/libcurl/src/cyassl.c
+++ /dev/null
@@ -1,611 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/*
- * Source file for all CyaSSL-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- *
- */
-
-#include "curl_setup.h"
-
-#ifdef USE_CYASSL
-
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "inet_pton.h"
-#include "cyassl.h"
-#include "sslgen.h"
-#include "parsedate.h"
-#include "connect.h" /* for the connect timeout */
-#include "select.h"
-#include "rawstr.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-#include <cyassl/ssl.h>
-#include <cyassl/error.h>
-
-
-static Curl_recv cyassl_recv;
-static Curl_send cyassl_send;
-
-
-static int do_file_type(const char *type)
-{
- if(!type || !type[0])
- return SSL_FILETYPE_PEM;
- if(Curl_raw_equal(type, "PEM"))
- return SSL_FILETYPE_PEM;
- if(Curl_raw_equal(type, "DER"))
- return SSL_FILETYPE_ASN1;
- return -1;
-}
-
-/*
- * This function loads all the client/CA certificates and CRLs. Setup the TLS
- * layer and do all necessary magic.
- */
-static CURLcode
-cyassl_connect_step1(struct connectdata *conn,
- int sockindex)
-{
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data* conssl = &conn->ssl[sockindex];
- SSL_METHOD* req_method = NULL;
- void* ssl_sessionid = NULL;
- curl_socket_t sockfd = conn->sock[sockindex];
-
- if(conssl->state == ssl_connection_complete)
- return CURLE_OK;
-
- /* CyaSSL doesn't support SSLv2 */
- if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
- failf(data, "CyaSSL does not support SSLv2");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* check to see if we've been told to use an explicit SSL/TLS version */
- switch(data->set.ssl.version) {
- case CURL_SSLVERSION_DEFAULT:
- /* we try to figure out version */
- req_method = SSLv23_client_method();
- break;
- case CURL_SSLVERSION_TLSv1:
- req_method = TLSv1_client_method();
- break;
- case CURL_SSLVERSION_SSLv3:
- req_method = SSLv3_client_method();
- break;
- default:
- req_method = TLSv1_client_method();
- }
-
- if(!req_method) {
- failf(data, "SSL: couldn't create a method!");
- return CURLE_OUT_OF_MEMORY;
- }
-
- if(conssl->ctx)
- SSL_CTX_free(conssl->ctx);
- conssl->ctx = SSL_CTX_new(req_method);
-
- if(!conssl->ctx) {
- failf(data, "SSL: couldn't create a context!");
- return CURLE_OUT_OF_MEMORY;
- }
-
-#ifndef NO_FILESYSTEM
- /* load trusted cacert */
- if(data->set.str[STRING_SSL_CAFILE]) {
- if(!SSL_CTX_load_verify_locations(conssl->ctx,
- data->set.str[STRING_SSL_CAFILE],
- data->set.str[STRING_SSL_CAPATH])) {
- if(data->set.ssl.verifypeer) {
- /* Fail if we insiste on successfully verifying the server. */
- failf(data,"error setting certificate verify locations:\n"
- " CAfile: %s\n CApath: %s",
- data->set.str[STRING_SSL_CAFILE]?
- data->set.str[STRING_SSL_CAFILE]: "none",
- data->set.str[STRING_SSL_CAPATH]?
- data->set.str[STRING_SSL_CAPATH] : "none");
- return CURLE_SSL_CACERT_BADFILE;
- }
- else {
- /* Just continue with a warning if no strict certificate
- verification is required. */
- infof(data, "error setting certificate verify locations,"
- " continuing anyway:\n");
- }
- }
- else {
- /* Everything is fine. */
- infof(data, "successfully set certificate verify locations:\n");
- }
- infof(data,
- " CAfile: %s\n"
- " CApath: %s\n",
- data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
- "none",
- data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
- "none");
- }
-
- /* Load the client certificate, and private key */
- if(data->set.str[STRING_CERT] && data->set.str[STRING_KEY]) {
- int file_type = do_file_type(data->set.str[STRING_CERT_TYPE]);
-
- if(SSL_CTX_use_certificate_file(conssl->ctx, data->set.str[STRING_CERT],
- file_type) != 1) {
- failf(data, "unable to use client certificate (no key or wrong pass"
- " phrase?)");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- file_type = do_file_type(data->set.str[STRING_KEY_TYPE]);
- if(SSL_CTX_use_PrivateKey_file(conssl->ctx, data->set.str[STRING_KEY],
- file_type) != 1) {
- failf(data, "unable to set private key");
- return CURLE_SSL_CONNECT_ERROR;
- }
- }
-#else
- if(CyaSSL_no_filesystem_verify(conssl->ctx)!= SSL_SUCCESS) {
- return CURLE_SSL_CONNECT_ERROR;
- }
-#endif /* NO_FILESYSTEM */
-
- /* SSL always tries to verify the peer, this only says whether it should
- * fail to connect if the verification fails, or if it should continue
- * anyway. In the latter case the result of the verification is checked with
- * SSL_get_verify_result() below. */
- SSL_CTX_set_verify(conssl->ctx,
- data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
- NULL);
-
- /* Let's make an SSL structure */
- if(conssl->handle)
- SSL_free(conssl->handle);
- conssl->handle = SSL_new(conssl->ctx);
- if(!conssl->handle) {
- failf(data, "SSL: couldn't create a context (handle)!");
- return CURLE_OUT_OF_MEMORY;
- }
-
- /* Check if there's a cached ID we can/should use here! */
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
- /* we got a session id, use it! */
- if(!SSL_set_session(conssl->handle, ssl_sessionid)) {
- failf(data, "SSL: SSL_set_session failed: %s",
- ERR_error_string(SSL_get_error(conssl->handle, 0),NULL));
- return CURLE_SSL_CONNECT_ERROR;
- }
- /* Informational message */
- infof (data, "SSL re-using session ID\n");
- }
-
- /* pass the raw socket into the SSL layer */
- if(!SSL_set_fd(conssl->handle, (int)sockfd)) {
- failf(data, "SSL: SSL_set_fd failed");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- conssl->connecting_state = ssl_connect_2;
- return CURLE_OK;
-}
-
-
-static CURLcode
-cyassl_connect_step2(struct connectdata *conn,
- int sockindex)
-{
- int ret = -1;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data* conssl = &conn->ssl[sockindex];
-
- infof(data, "CyaSSL: Connecting to %s:%d\n",
- conn->host.name, conn->remote_port);
-
- conn->recv[sockindex] = cyassl_recv;
- conn->send[sockindex] = cyassl_send;
-
- /* Enable RFC2818 checks */
- if(data->set.ssl.verifyhost) {
- ret = CyaSSL_check_domain_name(conssl->handle, conn->host.name);
- if(ret == SSL_FAILURE)
- return CURLE_OUT_OF_MEMORY;
- }
-
- ret = SSL_connect(conssl->handle);
- if(ret != 1) {
- char error_buffer[80];
- int detail = SSL_get_error(conssl->handle, ret);
-
- if(SSL_ERROR_WANT_READ == detail) {
- conssl->connecting_state = ssl_connect_2_reading;
- return CURLE_OK;
- }
- else if(SSL_ERROR_WANT_WRITE == detail) {
- conssl->connecting_state = ssl_connect_2_writing;
- return CURLE_OK;
- }
- /* There is no easy way to override only the CN matching.
- * This will enable the override of both mismatching SubjectAltNames
- * as also mismatching CN fields */
- else if(DOMAIN_NAME_MISMATCH == detail) {
-#if 1
- failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
- conn->host.dispname);
- return CURLE_PEER_FAILED_VERIFICATION;
-#else
- /* When the CyaSSL_check_domain_name() is used and you desire to continue
- * on a DOMAIN_NAME_MISMATCH, i.e. 'data->set.ssl.verifyhost == 0',
- * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
- * way to do this is currently to switch the CyaSSL_check_domain_name()
- * in and out based on the 'data->set.ssl.verifyhost' value. */
- if(data->set.ssl.verifyhost) {
- failf(data,
- "\tsubject alt name(s) or common name do not match \"%s\"\n",
- conn->host.dispname);
- return CURLE_PEER_FAILED_VERIFICATION;
- }
- else {
- infof(data,
- "\tsubject alt name(s) and/or common name do not match \"%s\"\n",
- conn->host.dispname);
- return CURLE_OK;
- }
-#endif
- }
- else {
- failf(data, "SSL_connect failed with error %d: %s", detail,
- ERR_error_string(detail, error_buffer));
- return CURLE_SSL_CONNECT_ERROR;
- }
- }
-
- conssl->connecting_state = ssl_connect_3;
- infof(data, "SSL connected\n");
-
- return CURLE_OK;
-}
-
-
-static CURLcode
-cyassl_connect_step3(struct connectdata *conn,
- int sockindex)
-{
- CURLcode retcode = CURLE_OK;
- void *old_ssl_sessionid=NULL;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- int incache;
- SSL_SESSION *our_ssl_sessionid;
-
- DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
-
- our_ssl_sessionid = SSL_get_session(connssl->handle);
-
- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
- if(incache) {
- if(old_ssl_sessionid != our_ssl_sessionid) {
- infof(data, "old SSL session ID is stale, removing\n");
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
- incache = FALSE;
- }
- }
- if(!incache) {
- retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
- 0 /* unknown size */);
- if(retcode) {
- failf(data, "failed to store ssl session");
- return retcode;
- }
- }
-
- connssl->connecting_state = ssl_connect_done;
-
- return retcode;
-}
-
-
-static ssize_t cyassl_send(struct connectdata *conn,
- int sockindex,
- const void *mem,
- size_t len,
- CURLcode *curlcode)
-{
- char error_buffer[80];
- int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
- int rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
-
- if(rc < 0) {
- int err = SSL_get_error(conn->ssl[sockindex].handle, rc);
-
- switch(err) {
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- /* there's data pending, re-invoke SSL_write() */
- *curlcode = CURLE_AGAIN;
- return -1;
- default:
- failf(conn->data, "SSL write: %s, errno %d",
- ERR_error_string(err, error_buffer),
- SOCKERRNO);
- *curlcode = CURLE_SEND_ERROR;
- return -1;
- }
- }
- return rc;
-}
-
-void Curl_cyassl_close_all(struct SessionHandle *data)
-{
- (void)data;
-}
-
-void Curl_cyassl_close(struct connectdata *conn, int sockindex)
-{
- struct ssl_connect_data *conssl = &conn->ssl[sockindex];
-
- if(conssl->handle) {
- (void)SSL_shutdown(conssl->handle);
- SSL_free (conssl->handle);
- conssl->handle = NULL;
- }
- if(conssl->ctx) {
- SSL_CTX_free (conssl->ctx);
- conssl->ctx = NULL;
- }
-}
-
-static ssize_t cyassl_recv(struct connectdata *conn,
- int num,
- char *buf,
- size_t buffersize,
- CURLcode *curlcode)
-{
- char error_buffer[80];
- int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
- int nread = SSL_read(conn->ssl[num].handle, buf, buffsize);
-
- if(nread < 0) {
- int err = SSL_get_error(conn->ssl[num].handle, nread);
-
- switch(err) {
- case SSL_ERROR_ZERO_RETURN: /* no more data */
- break;
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- /* there's data pending, re-invoke SSL_read() */
- *curlcode = CURLE_AGAIN;
- return -1;
- default:
- failf(conn->data, "SSL read: %s, errno %d",
- ERR_error_string(err, error_buffer),
- SOCKERRNO);
- *curlcode = CURLE_RECV_ERROR;
- return -1;
- }
- }
- return nread;
-}
-
-
-void Curl_cyassl_session_free(void *ptr)
-{
- (void)ptr;
- /* CyaSSL reuses sessions on own, no free */
-}
-
-
-size_t Curl_cyassl_version(char *buffer, size_t size)
-{
-#ifdef CYASSL_VERSION
- return snprintf(buffer, size, "CyaSSL/%s", CYASSL_VERSION);
-#else
- return snprintf(buffer, size, "CyaSSL/%s", "<1.8.8");
-#endif
-}
-
-
-int Curl_cyassl_init(void)
-{
- if(CyaSSL_Init() == 0)
- return 1;
-
- return -1;
-}
-
-
-bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
-{
- if(conn->ssl[connindex].handle) /* SSL is in use */
- return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
- else
- return FALSE;
-}
-
-
-/*
- * This function is called to shut down the SSL layer but keep the
- * socket open (CCC - Clear Command Channel)
- */
-int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
-{
- int retval = 0;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- if(connssl->handle) {
- SSL_free (connssl->handle);
- connssl->handle = NULL;
- }
- return retval;
-}
-
-
-static CURLcode
-cyassl_connect_common(struct connectdata *conn,
- int sockindex,
- bool nonblocking,
- bool *done)
-{
- CURLcode retcode;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- curl_socket_t sockfd = conn->sock[sockindex];
- long timeout_ms;
- int what;
-
- /* check if the connection has already been established */
- if(ssl_connection_complete == connssl->state) {
- *done = TRUE;
- return CURLE_OK;
- }
-
- if(ssl_connect_1==connssl->connecting_state) {
- /* Find out how much more time we're allowed */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
- retcode = cyassl_connect_step1(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- while(ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state) {
-
- /* check allowed time left */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- /* if ssl is expecting something, check if it's available. */
- if(connssl->connecting_state == ssl_connect_2_reading
- || connssl->connecting_state == ssl_connect_2_writing) {
-
- curl_socket_t writefd = ssl_connect_2_writing==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
- curl_socket_t readfd = ssl_connect_2_reading==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
-
- what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
- if(what < 0) {
- /* fatal error */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- return CURLE_SSL_CONNECT_ERROR;
- }
- else if(0 == what) {
- if(nonblocking) {
- *done = FALSE;
- return CURLE_OK;
- }
- else {
- /* timeout */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
- }
- /* socket is readable or writable */
- }
-
- /* Run transaction, and return to the caller if it failed or if
- * this connection is part of a multi handle and this loop would
- * execute again. This permits the owner of a multi handle to
- * abort a connection attempt before step2 has completed while
- * ensuring that a client using select() or epoll() will always
- * have a valid fdset to wait on.
- */
- retcode = cyassl_connect_step2(conn, sockindex);
- if(retcode || (nonblocking &&
- (ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state)))
- return retcode;
-
- } /* repeat step2 until all transactions are done. */
-
- if(ssl_connect_3==connssl->connecting_state) {
- retcode = cyassl_connect_step3(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- if(ssl_connect_done==connssl->connecting_state) {
- connssl->state = ssl_connection_complete;
- conn->recv[sockindex] = cyassl_recv;
- conn->send[sockindex] = cyassl_send;
- *done = TRUE;
- }
- else
- *done = FALSE;
-
- /* Reset our connect state machine */
- connssl->connecting_state = ssl_connect_1;
-
- return CURLE_OK;
-}
-
-
-CURLcode
-Curl_cyassl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done)
-{
- return cyassl_connect_common(conn, sockindex, TRUE, done);
-}
-
-
-CURLcode
-Curl_cyassl_connect(struct connectdata *conn,
- int sockindex)
-{
- CURLcode retcode;
- bool done = FALSE;
-
- retcode = cyassl_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- return retcode;
-
- DEBUGASSERT(done);
-
- return CURLE_OK;
-}
-
-#endif
diff --git a/libs/libcurl/src/cyassl.h b/libs/libcurl/src/cyassl.h
deleted file mode 100644
index 7728a0cf57..0000000000
--- a/libs/libcurl/src/cyassl.h
+++ /dev/null
@@ -1,64 +0,0 @@
-#ifndef HEADER_CURL_CYASSL_H
-#define HEADER_CURL_CYASSL_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-#ifdef USE_CYASSL
-
-CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex);
-bool Curl_cyassl_data_pending(const struct connectdata* conn,int connindex);
-int Curl_cyassl_shutdown(struct connectdata* conn, int sockindex);
-
-/* tell CyaSSL to close down all open information regarding connections (and
- thus session ID caching etc) */
-void Curl_cyassl_close_all(struct SessionHandle *data);
-
- /* close a SSL connection */
-void Curl_cyassl_close(struct connectdata *conn, int sockindex);
-
-void Curl_cyassl_session_free(void *ptr);
-size_t Curl_cyassl_version(char *buffer, size_t size);
-int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex);
-int Curl_cyassl_init(void);
-CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-
-/* API setup for CyaSSL */
-#define curlssl_init Curl_cyassl_init
-#define curlssl_cleanup() Curl_nop_stmt
-#define curlssl_connect Curl_cyassl_connect
-#define curlssl_connect_nonblocking Curl_cyassl_connect_nonblocking
-#define curlssl_session_free(x) Curl_cyassl_session_free(x)
-#define curlssl_close_all Curl_cyassl_close_all
-#define curlssl_close Curl_cyassl_close
-#define curlssl_shutdown(x,y) Curl_cyassl_shutdown(x,y)
-#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
-#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
-#define curlssl_version Curl_cyassl_version
-#define curlssl_check_cxn(x) (x=x, -1)
-#define curlssl_data_pending(x,y) Curl_cyassl_data_pending(x,y)
-
-#endif /* USE_CYASSL */
-#endif /* HEADER_CURL_CYASSL_H */
diff --git a/libs/libcurl/src/dict.c b/libs/libcurl/src/dict.c
index f5c892197f..4fc85521d7 100644
--- a/libs/libcurl/src/dict.c
+++ b/libs/libcurl/src/dict.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -52,15 +52,10 @@
#include <curl/curl.h>
#include "transfer.h"
#include "sendf.h"
-
+#include "escape.h"
#include "progress.h"
-#include "strequal.h"
#include "dict.h"
-#include "rawstr.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "strcase.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -90,22 +85,23 @@ const struct Curl_handler Curl_handler_dict = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_DICT, /* defport */
CURLPROTO_DICT, /* protocol */
PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */
};
-static char *unescape_word(struct SessionHandle *data, const char *inputbuff)
+static char *unescape_word(struct Curl_easy *data, const char *inputbuff)
{
- char *newp;
+ char *newp = NULL;
char *dictp;
char *ptr;
- int len;
- char byte;
- int olen=0;
+ size_t len;
+ char ch;
+ int olen = 0;
- newp = curl_easy_unescape(data, inputbuff, 0, &len);
- if(!newp)
+ CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE);
+ if(!newp || result)
return NULL;
dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */
@@ -113,18 +109,17 @@ static char *unescape_word(struct SessionHandle *data, const char *inputbuff)
/* According to RFC2229 section 2.2, these letters need to be escaped with
\[letter] */
for(ptr = newp;
- (byte = *ptr) != 0;
+ (ch = *ptr) != 0;
ptr++) {
- if((byte <= 32) || (byte == 127) ||
- (byte == '\'') || (byte == '\"') || (byte == '\\')) {
+ if((ch <= 32) || (ch == 127) ||
+ (ch == '\'') || (ch == '\"') || (ch == '\\')) {
dictp[olen++] = '\\';
}
- dictp[olen++] = byte;
+ dictp[olen++] = ch;
}
- dictp[olen]=0;
-
- free(newp);
+ dictp[olen] = 0;
}
+ free(newp);
return dictp;
}
@@ -137,8 +132,8 @@ static CURLcode dict_do(struct connectdata *conn, bool *done)
char *strategy = NULL;
char *nthdef = NULL; /* This is not part of the protocol, but required
by RFC 2229 */
- CURLcode result=CURLE_OK;
- struct SessionHandle *data=conn->data;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
char *path = data->state.path;
@@ -150,9 +145,9 @@ static CURLcode dict_do(struct connectdata *conn, bool *done)
/* AUTH is missing */
}
- if(Curl_raw_nequal(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
- Curl_raw_nequal(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
- Curl_raw_nequal(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
+ if(strncasecompare(path, DICT_MATCH, sizeof(DICT_MATCH)-1) ||
+ strncasecompare(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) ||
+ strncasecompare(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) {
word = strchr(path, ':');
if(word) {
@@ -173,7 +168,7 @@ static CURLcode dict_do(struct connectdata *conn, bool *done)
if((word == NULL) || (*word == (char)0)) {
infof(data, "lookup word is missing\n");
- word=(char *)"default";
+ word = (char *)"default";
}
if((database == NULL) || (*database == (char)0)) {
database = (char *)"!";
@@ -208,9 +203,9 @@ static CURLcode dict_do(struct connectdata *conn, bool *done)
Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, bytecount,
-1, NULL); /* no upload */
}
- else if(Curl_raw_nequal(path, DICT_DEFINE, sizeof(DICT_DEFINE)-1) ||
- Curl_raw_nequal(path, DICT_DEFINE2, sizeof(DICT_DEFINE2)-1) ||
- Curl_raw_nequal(path, DICT_DEFINE3, sizeof(DICT_DEFINE3)-1)) {
+ else if(strncasecompare(path, DICT_DEFINE, sizeof(DICT_DEFINE)-1) ||
+ strncasecompare(path, DICT_DEFINE2, sizeof(DICT_DEFINE2)-1) ||
+ strncasecompare(path, DICT_DEFINE3, sizeof(DICT_DEFINE3)-1)) {
word = strchr(path, ':');
if(word) {
@@ -227,7 +222,7 @@ static CURLcode dict_do(struct connectdata *conn, bool *done)
if((word == NULL) || (*word == (char)0)) {
infof(data, "lookup word is missing\n");
- word=(char *)"default";
+ word = (char *)"default";
}
if((database == NULL) || (*database == (char)0)) {
database = (char *)"!";
diff --git a/libs/libcurl/src/dict.h b/libs/libcurl/src/dict.h
index 44fd9d49d5..12c0f3394d 100644
--- a/libs/libcurl/src/dict.h
+++ b/libs/libcurl/src/dict.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/dotdot.c b/libs/libcurl/src/dotdot.c
index 41b73bef41..cbb308d785 100644
--- a/libs/libcurl/src/dotdot.c
+++ b/libs/libcurl/src/dotdot.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,19 +22,22 @@
#include "curl_setup.h"
-#include "dotdot.h"
+#include <curl/curl.h>
+#include "dotdot.h"
#include "curl_memory.h"
+
/* The last #include file should be: */
#include "memdebug.h"
/*
* "Remove Dot Segments"
- * http://tools.ietf.org/html/rfc3986#section-5.2.4
+ * https://tools.ietf.org/html/rfc3986#section-5.2.4
*/
/*
* Curl_dedotdotify()
+ * @unittest: 1395
*
* This function gets a zero-terminated path with dot and dotdot sequences
* passed in and strips them off according to the rules in RFC 3986 section
@@ -47,12 +50,12 @@
*
* an allocated dedotdotified output string
*/
-char *Curl_dedotdotify(char *input)
+char *Curl_dedotdotify(const char *input)
{
size_t inlen = strlen(input);
char *clone;
size_t clen = inlen; /* the length of the cloned input */
- char *out = malloc(inlen+1);
+ char *out = malloc(inlen + 1);
char *outptr;
char *orgclone;
char *queryp;
@@ -68,6 +71,12 @@ char *Curl_dedotdotify(char *input)
orgclone = clone;
outptr = out;
+ if(!*clone) {
+ /* zero length string, return that */
+ free(out);
+ return clone;
+ }
+
/*
* To handle query-parts properly, we must find it and remove it during the
* dotdot-operation and then append it again at the end to the output
@@ -83,25 +92,25 @@ char *Curl_dedotdotify(char *input)
remove that prefix from the input buffer; otherwise, */
if(!strncmp("./", clone, 2)) {
- clone+=2;
- clen-=2;
+ clone += 2;
+ clen -= 2;
}
else if(!strncmp("../", clone, 3)) {
- clone+=3;
- clen-=3;
+ clone += 3;
+ clen -= 3;
}
/* B. if the input buffer begins with a prefix of "/./" or "/.", where
"." is a complete path segment, then replace that prefix with "/" in
the input buffer; otherwise, */
else if(!strncmp("/./", clone, 3)) {
- clone+=2;
- clen-=2;
+ clone += 2;
+ clen -= 2;
}
else if(!strcmp("/.", clone)) {
clone[1]='/';
clone++;
- clen-=1;
+ clen -= 1;
}
/* C. if the input buffer begins with a prefix of "/../" or "/..", where
@@ -110,8 +119,8 @@ char *Curl_dedotdotify(char *input)
any) from the output buffer; otherwise, */
else if(!strncmp("/../", clone, 4)) {
- clone+=3;
- clen-=3;
+ clone += 3;
+ clen -= 3;
/* remove the last segment from the output buffer */
while(outptr > out) {
outptr--;
@@ -122,8 +131,8 @@ char *Curl_dedotdotify(char *input)
}
else if(!strcmp("/..", clone)) {
clone[2]='/';
- clone+=2;
- clen-=2;
+ clone += 2;
+ clen -= 2;
/* remove the last segment from the output buffer */
while(outptr > out) {
outptr--;
@@ -137,7 +146,8 @@ char *Curl_dedotdotify(char *input)
that from the input buffer; otherwise, */
else if(!strcmp(".", clone) || !strcmp("..", clone)) {
- *clone=0;
+ *clone = 0;
+ *out = 0;
}
else {
@@ -162,7 +172,7 @@ char *Curl_dedotdotify(char *input)
from the correct index. */
size_t oindex = queryp - orgclone;
qlen = strlen(&input[oindex]);
- memcpy(outptr, &input[oindex], qlen+1); /* include the ending zero byte */
+ memcpy(outptr, &input[oindex], qlen + 1); /* include the end zero byte */
}
free(orgclone);
diff --git a/libs/libcurl/src/dotdot.h b/libs/libcurl/src/dotdot.h
index c3487c137b..fac8e6f2ad 100644
--- a/libs/libcurl/src/dotdot.h
+++ b/libs/libcurl/src/dotdot.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -21,5 +21,5 @@
* KIND, either express or implied.
*
***************************************************************************/
-char *Curl_dedotdotify(char *input);
+char *Curl_dedotdotify(const char *input);
#endif
diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c
index 1e718abcba..5917db36af 100644
--- a/libs/libcurl/src/easy.c
+++ b/libs/libcurl/src/easy.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -50,90 +50,35 @@
#include <sys/param.h>
#endif
-#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && defined(USE_OPENSSL)
-#define SIGPIPE_IGNORE 1
-#include <signal.h>
-#endif
-
-#include "strequal.h"
#include "urldata.h"
#include <curl/curl.h>
#include "transfer.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "url.h"
#include "getinfo.h"
#include "hostip.h"
#include "share.h"
#include "strdup.h"
-#include "curl_memory.h"
#include "progress.h"
#include "easyif.h"
#include "select.h"
#include "sendf.h" /* for failf function prototype */
-#include "curl_ntlm.h"
#include "connect.h" /* for Curl_getconnectinfo */
#include "slist.h"
#include "amigaos.h"
#include "non-ascii.h"
#include "warnless.h"
-#include "conncache.h"
#include "multiif.h"
+#include "sigpipe.h"
+#include "ssh.h"
+#include "setopt.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
-#ifdef SIGPIPE_IGNORE
-struct sigpipe_ignore {
- struct sigaction old_pipe_act;
- bool no_signal;
-};
-
-#define SIGPIPE_VARIABLE(x) struct sigpipe_ignore x
-
-/*
- * sigpipe_ignore() makes sure we ignore SIGPIPE while running libcurl
- * internals, and then sigpipe_restore() will restore the situation when we
- * return from libcurl again.
- */
-static void sigpipe_ignore(struct SessionHandle *data,
- struct sigpipe_ignore *ig)
-{
- /* get a local copy of no_signal because the SessionHandle might not be
- around when we restore */
- ig->no_signal = data->set.no_signal;
- if(!data->set.no_signal) {
- struct sigaction action;
- /* first, extract the existing situation */
- memset(&ig->old_pipe_act, 0, sizeof(struct sigaction));
- sigaction(SIGPIPE, NULL, &ig->old_pipe_act);
- action = ig->old_pipe_act;
- /* ignore this signal */
- action.sa_handler = SIG_IGN;
- sigaction(SIGPIPE, &action, NULL);
- }
-}
-
-/*
- * sigpipe_restore() puts back the outside world's opinion of signal handler
- * and SIGPIPE handling. It MUST only be called after a corresponding
- * sigpipe_ignore() was used.
- */
-static void sigpipe_restore(struct sigpipe_ignore *ig)
-{
- if(!ig->no_signal)
- /* restore the outside state */
- sigaction(SIGPIPE, &ig->old_pipe_act, NULL);
-}
-
-#else
-/* for systems without sigaction */
-#define sigpipe_ignore(x,y) Curl_nop_stmt
-#define sigpipe_restore(x) Curl_nop_stmt
-#define SIGPIPE_VARIABLE(x)
-#endif
+void Curl_version_init(void);
/* win32_cleanup() is for win32 socket cleanup functionality, the opposite
of win32_init() */
@@ -175,8 +120,8 @@ static CURLcode win32_init(void)
/* wVersionRequested in wVersion. wHighVersion contains the */
/* highest supported version. */
- if(LOBYTE( wsaData.wVersion ) != LOBYTE(wVersionRequested) ||
- HIBYTE( wsaData.wVersion ) != HIBYTE(wVersionRequested) ) {
+ if(LOBYTE(wsaData.wVersion) != LOBYTE(wVersionRequested) ||
+ HIBYTE(wsaData.wVersion) != HIBYTE(wVersionRequested) ) {
/* Tell the user that we couldn't find a useable */
/* winsock.dll. */
@@ -190,37 +135,15 @@ static CURLcode win32_init(void)
#ifdef USE_WINDOWS_SSPI
{
- CURLcode err = Curl_sspi_global_init();
- if(err != CURLE_OK)
- return err;
+ CURLcode result = Curl_sspi_global_init();
+ if(result)
+ return result;
}
#endif
return CURLE_OK;
}
-#ifdef USE_LIBIDN
-/*
- * Initialise use of IDNA library.
- * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for
- * idna_to_ascii_lz().
- */
-static void idna_init (void)
-{
-#ifdef WIN32
- char buf[60];
- UINT cp = GetACP();
-
- if(!getenv("CHARSET") && cp > 0) {
- snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp);
- putenv(buf);
- }
-#else
- /* to do? */
-#endif
-}
-#endif /* USE_LIBIDN */
-
/* true globals -- for curl_global_init() and curl_global_cleanup() */
static unsigned int initialized;
static long init_flags;
@@ -257,7 +180,7 @@ curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
#endif
#else
/*
- * Symbian OS doesn't support initialization to code in writeable static data.
+ * Symbian OS doesn't support initialization to code in writable static data.
* Initialization will occur in the curl_global_init() call.
*/
curl_malloc_callback Curl_cmalloc;
@@ -272,32 +195,33 @@ curl_calloc_callback Curl_ccalloc;
#endif
/**
- * curl_global_init() globally initializes cURL given a bitwise set of the
+ * curl_global_init() globally initializes curl given a bitwise set of the
* different features of what to initialize.
*/
-CURLcode curl_global_init(long flags)
+static CURLcode global_init(long flags, bool memoryfuncs)
{
if(initialized++)
return CURLE_OK;
- /* Setup the default memory functions here (again) */
- Curl_cmalloc = (curl_malloc_callback)malloc;
- Curl_cfree = (curl_free_callback)free;
- Curl_crealloc = (curl_realloc_callback)realloc;
- Curl_cstrdup = (curl_strdup_callback)system_strdup;
- Curl_ccalloc = (curl_calloc_callback)calloc;
+ if(memoryfuncs) {
+ /* Setup the default memory functions here (again) */
+ Curl_cmalloc = (curl_malloc_callback)malloc;
+ Curl_cfree = (curl_free_callback)free;
+ Curl_crealloc = (curl_realloc_callback)realloc;
+ Curl_cstrdup = (curl_strdup_callback)system_strdup;
+ Curl_ccalloc = (curl_calloc_callback)calloc;
#if defined(WIN32) && defined(UNICODE)
- Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
+ Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup;
#endif
+ }
- if(flags & CURL_GLOBAL_SSL)
- if(!Curl_ssl_init()) {
- DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
- return CURLE_FAILED_INIT;
- }
+ if(!Curl_ssl_init()) {
+ DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n"));
+ return CURLE_FAILED_INIT;
+ }
if(flags & CURL_GLOBAL_WIN32)
- if(win32_init() != CURLE_OK) {
+ if(win32_init()) {
DEBUGF(fprintf(stderr, "Error: win32_init failed\n"));
return CURLE_FAILED_INIT;
}
@@ -315,15 +239,13 @@ CURLcode curl_global_init(long flags)
}
#endif
-#ifdef USE_LIBIDN
- idna_init();
-#endif
-
- if(Curl_resolver_global_init() != CURLE_OK) {
+ if(Curl_resolver_global_init()) {
DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n"));
return CURLE_FAILED_INIT;
}
+ (void)Curl_ipv6works();
+
#if defined(USE_LIBSSH2) && defined(HAVE_LIBSSH2_INIT)
if(libssh2_init(0)) {
DEBUGF(fprintf(stderr, "Error: libssh2_init failed\n"));
@@ -334,44 +256,57 @@ CURLcode curl_global_init(long flags)
if(flags & CURL_GLOBAL_ACK_EINTR)
Curl_ack_eintr = 1;
- init_flags = flags;
+ init_flags = flags;
+
+ Curl_version_init();
return CURLE_OK;
}
+
+/**
+ * curl_global_init() globally initializes curl given a bitwise set of the
+ * different features of what to initialize.
+ */
+CURLcode curl_global_init(long flags)
+{
+ return global_init(flags, TRUE);
+}
+
/*
- * curl_global_init_mem() globally initializes cURL and also registers the
+ * curl_global_init_mem() globally initializes curl and also registers the
* user provided callback routines.
*/
CURLcode curl_global_init_mem(long flags, curl_malloc_callback m,
curl_free_callback f, curl_realloc_callback r,
curl_strdup_callback s, curl_calloc_callback c)
{
- CURLcode code = CURLE_OK;
-
/* Invalid input, return immediately */
if(!m || !f || !r || !s || !c)
return CURLE_FAILED_INIT;
- /* Already initialized, don't do it again */
- if(initialized)
+ if(initialized) {
+ /* Already initialized, don't do it again, but bump the variable anyway to
+ work like curl_global_init() and require the same amount of cleanup
+ calls. */
+ initialized++;
return CURLE_OK;
-
- /* Call the actual init function first */
- code = curl_global_init(flags);
- if(code == CURLE_OK) {
- Curl_cmalloc = m;
- Curl_cfree = f;
- Curl_cstrdup = s;
- Curl_crealloc = r;
- Curl_ccalloc = c;
}
- return code;
+ /* set memory functions before global_init() in case it wants memory
+ functions */
+ Curl_cmalloc = m;
+ Curl_cfree = f;
+ Curl_cstrdup = s;
+ Curl_crealloc = r;
+ Curl_ccalloc = c;
+
+ /* Call the actual init function, but without setting */
+ return global_init(flags, FALSE);
}
/**
- * curl_global_cleanup() globally cleanups cURL, uses the value of
+ * curl_global_cleanup() globally cleanups curl, uses the value of
* "init_flags" to determine what needs to be cleaned up and what doesn't.
*/
void curl_global_cleanup(void)
@@ -383,10 +318,7 @@ void curl_global_cleanup(void)
return;
Curl_global_host_cache_dtor();
-
- if(init_flags & CURL_GLOBAL_SSL)
- Curl_ssl_cleanup();
-
+ Curl_ssl_cleanup();
Curl_resolver_global_cleanup();
if(init_flags & CURL_GLOBAL_WIN32)
@@ -405,15 +337,15 @@ void curl_global_cleanup(void)
* curl_easy_init() is the external interface to alloc, setup and init an
* easy handle that is returned. If anything goes wrong, NULL is returned.
*/
-CURL *curl_easy_init(void)
+struct Curl_easy *curl_easy_init(void)
{
- CURLcode res;
- struct SessionHandle *data;
+ CURLcode result;
+ struct Curl_easy *data;
/* Make sure we inited the global SSL stuff */
if(!initialized) {
- res = curl_global_init(CURL_GLOBAL_DEFAULT);
- if(res) {
+ result = curl_global_init(CURL_GLOBAL_DEFAULT);
+ if(result) {
/* something in the global init failed, return nothing */
DEBUGF(fprintf(stderr, "Error: curl_global_init failed\n"));
return NULL;
@@ -421,8 +353,8 @@ CURL *curl_easy_init(void)
}
/* We use curl_open() with undefined URL so far */
- res = Curl_open(&data);
- if(res != CURLE_OK) {
+ result = Curl_open(&data);
+ if(result) {
DEBUGF(fprintf(stderr, "Error: Curl_open failed\n"));
return NULL;
}
@@ -430,29 +362,6 @@ CURL *curl_easy_init(void)
return data;
}
-/*
- * curl_easy_setopt() is the external interface for setting options on an
- * easy handle.
- */
-
-#undef curl_easy_setopt
-CURLcode curl_easy_setopt(CURL *curl, CURLoption tag, ...)
-{
- va_list arg;
- struct SessionHandle *data = curl;
- CURLcode ret;
-
- if(!curl)
- return CURLE_BAD_FUNCTION_ARGUMENT;
-
- va_start(arg, tag);
-
- ret = Curl_setopt(data, tag, arg);
-
- va_end(arg);
- return ret;
-}
-
#ifdef CURLDEBUG
struct socketmonitor {
@@ -474,7 +383,7 @@ struct events {
* updated.
*/
-static int events_timer(CURLM *multi, /* multi handle */
+static int events_timer(struct Curl_multi *multi, /* multi handle */
long timeout_ms, /* see above */
void *userp) /* private callback pointer */
{
@@ -499,7 +408,7 @@ static int events_timer(CURLM *multi, /* multi handle */
*/
static int poll2cselect(int pollmask)
{
- int omask=0;
+ int omask = 0;
if(pollmask & POLLIN)
omask |= CURL_CSELECT_IN;
if(pollmask & POLLOUT)
@@ -516,7 +425,7 @@ static int poll2cselect(int pollmask)
*/
static short socketcb2poll(int pollmask)
{
- short omask=0;
+ short omask = 0;
if(pollmask & CURL_POLL_IN)
omask |= POLLIN;
if(pollmask & CURL_POLL_OUT)
@@ -529,7 +438,7 @@ static short socketcb2poll(int pollmask)
* Callback that gets called with information about socket activity to
* monitor.
*/
-static int events_socket(CURL *easy, /* easy handle */
+static int events_socket(struct Curl_easy *easy, /* easy handle */
curl_socket_t s, /* socket */
int what, /* see above */
void *userp, /* private callback
@@ -539,7 +448,11 @@ static int events_socket(CURL *easy, /* easy handle */
{
struct events *ev = userp;
struct socketmonitor *m;
- struct socketmonitor *prev=NULL;
+ struct socketmonitor *prev = NULL;
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) easy;
+#endif
(void)socketp;
m = ev->list;
@@ -579,14 +492,18 @@ static int events_socket(CURL *easy, /* easy handle */
}
else {
m = malloc(sizeof(struct socketmonitor));
- m->next = ev->list;
- m->socket.fd = s;
- m->socket.events = socketcb2poll(what);
- m->socket.revents = 0;
- ev->list = m;
- infof(easy, "socket cb: socket %d ADDED as %s%s\n", s,
- what&CURL_POLL_IN?"IN":"",
- what&CURL_POLL_OUT?"OUT":"");
+ if(m) {
+ m->next = ev->list;
+ m->socket.fd = s;
+ m->socket.events = socketcb2poll(what);
+ m->socket.revents = 0;
+ ev->list = m;
+ infof(easy, "socket cb: socket %d ADDED as %s%s\n", s,
+ what&CURL_POLL_IN?"IN":"",
+ what&CURL_POLL_OUT?"OUT":"");
+ }
+ else
+ return CURLE_OUT_OF_MEMORY;
}
}
@@ -599,7 +516,7 @@ static int events_socket(CURL *easy, /* easy handle */
*
* Do the multi handle setups that only event-based transfers need.
*/
-static void events_setup(CURLM *multi, struct events *ev)
+static void events_setup(struct Curl_multi *multi, struct events *ev)
{
/* timer callback */
curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, events_timer);
@@ -619,22 +536,22 @@ static void events_setup(CURLM *multi, struct events *ev)
static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
{
bool done = FALSE;
- CURLMcode mcode;
- CURLcode rc = CURLE_OK;
+ CURLMcode mcode = CURLM_OK;
+ CURLcode result = CURLE_OK;
while(!done) {
CURLMsg *msg;
struct socketmonitor *m;
struct pollfd *f;
struct pollfd fds[4];
- int numfds=0;
+ int numfds = 0;
int pollrc;
int i;
- struct timeval before;
- struct timeval after;
+ struct curltime before;
+ struct curltime after;
/* populate the fds[] array */
- for(m = ev->list, f=&fds[0]; m; m = m->next) {
+ for(m = ev->list, f = &fds[0]; m; m = m->next) {
f->fd = m->socket.fd;
f->events = m->socket.events;
f->revents = 0;
@@ -644,19 +561,19 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
}
/* get the time stamp to use to figure out how long poll takes */
- before = curlx_tvnow();
+ before = Curl_now();
/* wait for activity or timeout */
pollrc = Curl_poll(fds, numfds, (int)ev->ms);
- after = curlx_tvnow();
+ after = Curl_now();
ev->msbump = FALSE; /* reset here */
if(0 == pollrc) {
/* timeout! */
ev->ms = 0;
- /* fprintf(stderr, "call curl_multi_socket_action( TIMEOUT )\n"); */
+ /* fprintf(stderr, "call curl_multi_socket_action(TIMEOUT)\n"); */
mcode = curl_multi_socket_action(multi, CURL_SOCKET_TIMEOUT, 0,
&ev->running_handles);
}
@@ -666,20 +583,29 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
if(fds[i].revents) {
/* socket activity, tell libcurl */
int act = poll2cselect(fds[i].revents); /* convert */
- infof(multi->easyp, "call curl_multi_socket_action( socket %d )\n",
+ infof(multi->easyp, "call curl_multi_socket_action(socket %d)\n",
fds[i].fd);
mcode = curl_multi_socket_action(multi, fds[i].fd, act,
&ev->running_handles);
}
}
- if(!ev->msbump)
+ if(!ev->msbump) {
/* If nothing updated the timeout, we decrease it by the spent time.
* If it was updated, it has the new timeout time stored already.
*/
- ev->ms += curlx_tvdiff(after, before);
-
+ timediff_t timediff = Curl_timediff(after, before);
+ if(timediff > 0) {
+ if(timediff > ev->ms)
+ ev->ms = 0;
+ else
+ ev->ms -= (long)timediff;
+ }
+ }
}
+ else
+ return CURLE_RECV_ERROR;
+
if(mcode)
return CURLE_URL_MALFORMAT; /* TODO: return a proper error! */
@@ -687,12 +613,12 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
second argument */
msg = curl_multi_info_read(multi, &pollrc);
if(msg) {
- rc = msg->data.result;
+ result = msg->data.result;
done = TRUE;
}
}
- return rc;
+ return result;
}
@@ -700,9 +626,11 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
*
* Runs a transfer in a blocking manner using the events-based API
*/
-static CURLcode easy_events(CURLM *multi)
+static CURLcode easy_events(struct Curl_multi *multi)
{
- struct events evs= {2, FALSE, 0, NULL, 0};
+ /* this struct is made static to allow it to be used after this function
+ returns and curl_multi_remove_handle() is called */
+ static struct events evs = {2, FALSE, 0, NULL, 0};
/* if running event-based, do some further multi inits */
events_setup(multi, &evs);
@@ -714,37 +642,33 @@ static CURLcode easy_events(CURLM *multi)
#define easy_events(x) CURLE_NOT_BUILT_IN
#endif
-static CURLcode easy_transfer(CURLM *multi)
+static CURLcode easy_transfer(struct Curl_multi *multi)
{
bool done = FALSE;
CURLMcode mcode = CURLM_OK;
- CURLcode code = CURLE_OK;
- struct timeval before;
+ CURLcode result = CURLE_OK;
+ struct curltime before;
int without_fds = 0; /* count number of consecutive returns from
curl_multi_wait() without any filedescriptors */
while(!done && !mcode) {
- int still_running;
- int ret;
+ int still_running = 0;
+ int rc;
- before = curlx_tvnow();
- mcode = curl_multi_wait(multi, NULL, 0, 1000, &ret);
+ before = Curl_now();
+ mcode = curl_multi_wait(multi, NULL, 0, 1000, &rc);
+
+ if(!mcode) {
+ if(!rc) {
+ struct curltime after = Curl_now();
- if(mcode == CURLM_OK) {
- if(ret == -1) {
- /* poll() failed not on EINTR, indicate a network problem */
- code = CURLE_RECV_ERROR;
- break;
- }
- else if(ret == 0) {
- struct timeval after = curlx_tvnow();
/* If it returns without any filedescriptor instantly, we need to
avoid busy-looping during periods where it has nothing particular
to wait for */
- if(curlx_tvdiff(after, before) <= 10) {
+ if(Curl_timediff(after, before) <= 10) {
without_fds++;
if(without_fds > 2) {
- int sleep_ms = without_fds < 10 ? (1 << (without_fds-1)): 1000;
+ int sleep_ms = without_fds < 10 ? (1 << (without_fds - 1)) : 1000;
Curl_wait_ms(sleep_ms);
}
}
@@ -760,16 +684,24 @@ static CURLcode easy_transfer(CURLM *multi)
}
/* only read 'still_running' if curl_multi_perform() return OK */
- if((mcode == CURLM_OK) && !still_running) {
- int rc;
+ if(!mcode && !still_running) {
CURLMsg *msg = curl_multi_info_read(multi, &rc);
if(msg) {
- code = msg->data.result;
+ result = msg->data.result;
done = TRUE;
}
}
}
- return code;
+
+ /* Make sure to return some kind of error if there was a multi problem */
+ if(mcode) {
+ result = (mcode == CURLM_OUT_OF_MEMORY) ? CURLE_OUT_OF_MEMORY :
+ /* The other multi errors should never happen, so return
+ something suitably generic */
+ CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+
+ return result;
}
@@ -790,18 +722,18 @@ static CURLcode easy_transfer(CURLM *multi)
* DEBUG: if 'events' is set TRUE, this function will use a replacement engine
* instead of curl_multi_perform() and use curl_multi_socket_action().
*/
-static CURLcode easy_perform(struct SessionHandle *data, bool events)
+static CURLcode easy_perform(struct Curl_easy *data, bool events)
{
- CURLM *multi;
+ struct Curl_multi *multi;
CURLMcode mcode;
- CURLcode code = CURLE_OK;
+ CURLcode result = CURLE_OK;
SIGPIPE_VARIABLE(pipe_st);
if(!data)
return CURLE_BAD_FUNCTION_ARGUMENT;
if(data->multi) {
- failf(data, "easy handled already used in multi handle");
+ failf(data, "easy handle already used in multi handle");
return CURLE_FAILED_INIT;
}
@@ -824,8 +756,7 @@ static CURLcode easy_perform(struct SessionHandle *data, bool events)
curl_multi_cleanup(multi);
if(mcode == CURLM_OUT_OF_MEMORY)
return CURLE_OUT_OF_MEMORY;
- else
- return CURLE_FAILED_INIT;
+ return CURLE_FAILED_INIT;
}
sigpipe_ignore(data, &pipe_st);
@@ -835,7 +766,7 @@ static CURLcode easy_perform(struct SessionHandle *data, bool events)
data->multi = multi;
/* run the transfer */
- code = events ? easy_events(multi) : easy_transfer(multi);
+ result = events ? easy_events(multi) : easy_transfer(multi);
/* ignoring the return code isn't nice, but atm we can't really handle
a failure here, room for future improvement! */
@@ -844,7 +775,7 @@ static CURLcode easy_perform(struct SessionHandle *data, bool events)
sigpipe_restore(&pipe_st);
/* The multi handle is kept alive, owned by the easy handle */
- return code;
+ return result;
}
@@ -852,9 +783,9 @@ static CURLcode easy_perform(struct SessionHandle *data, bool events)
* curl_easy_perform() is the external interface that performs a blocking
* transfer as previously setup.
*/
-CURLcode curl_easy_perform(CURL *easy)
+CURLcode curl_easy_perform(struct Curl_easy *data)
{
- return easy_perform(easy, FALSE);
+ return easy_perform(data, FALSE);
}
#ifdef CURLDEBUG
@@ -862,9 +793,9 @@ CURLcode curl_easy_perform(CURL *easy)
* curl_easy_perform_ev() is the external interface that performs a blocking
* transfer using the event-based API internally.
*/
-CURLcode curl_easy_perform_ev(CURL *easy)
+CURLcode curl_easy_perform_ev(struct Curl_easy *data)
{
- return easy_perform(easy, TRUE);
+ return easy_perform(data, TRUE);
}
#endif
@@ -873,9 +804,8 @@ CURLcode curl_easy_perform_ev(CURL *easy)
* curl_easy_cleanup() is the external interface to cleaning/freeing the given
* easy handle.
*/
-void curl_easy_cleanup(CURL *curl)
+void curl_easy_cleanup(struct Curl_easy *data)
{
- struct SessionHandle *data = (struct SessionHandle *)curl;
SIGPIPE_VARIABLE(pipe_st);
if(!data)
@@ -891,20 +821,53 @@ void curl_easy_cleanup(CURL *curl)
* information from a performed transfer and similar.
*/
#undef curl_easy_getinfo
-CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...)
+CURLcode curl_easy_getinfo(struct Curl_easy *data, CURLINFO info, ...)
{
va_list arg;
void *paramp;
- CURLcode ret;
- struct SessionHandle *data = (struct SessionHandle *)curl;
+ CURLcode result;
va_start(arg, info);
paramp = va_arg(arg, void *);
- ret = Curl_getinfo(data, info, paramp);
+ result = Curl_getinfo(data, info, paramp);
va_end(arg);
- return ret;
+ return result;
+}
+
+static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src)
+{
+ CURLcode result = CURLE_OK;
+ enum dupstring i;
+
+ /* Copy src->set into dst->set first, then deal with the strings
+ afterwards */
+ dst->set = src->set;
+
+ /* clear all string pointers first */
+ memset(dst->set.str, 0, STRING_LAST * sizeof(char *));
+
+ /* duplicate all strings */
+ for(i = (enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) {
+ result = Curl_setstropt(&dst->set.str[i], src->set.str[i]);
+ if(result)
+ return result;
+ }
+
+ /* duplicate memory areas pointed to */
+ i = STRING_COPYPOSTFIELDS;
+ if(src->set.postfieldsize && src->set.str[i]) {
+ /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */
+ dst->set.str[i] = Curl_memdup(src->set.str[i],
+ curlx_sotouz(src->set.postfieldsize));
+ if(!dst->set.str[i])
+ return CURLE_OUT_OF_MEMORY;
+ /* point to the new copy */
+ dst->set.postfields = dst->set.str[i];
+ }
+
+ return CURLE_OK;
}
/*
@@ -912,11 +875,9 @@ CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...)
* given input easy handle. The returned handle will be a new working handle
* with all options set exactly as the input source handle.
*/
-CURL *curl_easy_duphandle(CURL *incurl)
+struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
{
- struct SessionHandle *data=(struct SessionHandle *)incurl;
-
- struct SessionHandle *outcurl = calloc(1, sizeof(struct SessionHandle));
+ struct Curl_easy *outcurl = calloc(1, sizeof(struct Curl_easy));
if(NULL == outcurl)
goto fail;
@@ -925,13 +886,18 @@ CURL *curl_easy_duphandle(CURL *incurl)
* get setup on-demand in the code, as that would probably decrease
* the likeliness of us forgetting to init a buffer here in the future.
*/
+ outcurl->set.buffer_size = data->set.buffer_size;
+ outcurl->state.buffer = malloc(outcurl->set.buffer_size + 1);
+ if(!outcurl->state.buffer)
+ goto fail;
+
outcurl->state.headerbuff = malloc(HEADERSIZE);
if(!outcurl->state.headerbuff)
goto fail;
outcurl->state.headersize = HEADERSIZE;
/* copy all userdefined values */
- if(Curl_dupset(outcurl, data) != CURLE_OK)
+ if(dupset(outcurl, data))
goto fail;
/* the connection cache is setup on demand */
@@ -977,11 +943,13 @@ CURL *curl_easy_duphandle(CURL *incurl)
/* Clone the resolver handle, if present, for the new handle */
if(Curl_resolver_duphandle(&outcurl->state.resolver,
- data->state.resolver) != CURLE_OK)
+ data->state.resolver))
goto fail;
Curl_convert_setup(outcurl);
+ Curl_initinfo(outcurl);
+
outcurl->magic = CURLEASY_MAGIC_NUMBER;
/* we reach this point and thus we are OK */
@@ -993,6 +961,7 @@ CURL *curl_easy_duphandle(CURL *incurl)
if(outcurl) {
curl_slist_free_all(outcurl->change.cookielist);
outcurl->change.cookielist = NULL;
+ Curl_safefree(outcurl->state.buffer);
Curl_safefree(outcurl->state.headerbuff);
Curl_safefree(outcurl->change.url);
Curl_safefree(outcurl->change.referer);
@@ -1007,10 +976,8 @@ CURL *curl_easy_duphandle(CURL *incurl)
* curl_easy_reset() is an external interface that allows an app to re-
* initialize a session handle to the default values.
*/
-void curl_easy_reset(CURL *curl)
+void curl_easy_reset(struct Curl_easy *data)
{
- struct SessionHandle *data = (struct SessionHandle *)curl;
-
Curl_safefree(data->state.pathbuffer);
data->state.path = NULL;
@@ -1025,8 +992,15 @@ void curl_easy_reset(CURL *curl)
/* zero out Progress data: */
memset(&data->progress, 0, sizeof(struct Progress));
+ /* zero out PureInfo data: */
+ Curl_initinfo(data);
+
data->progress.flags |= PGRS_HIDE;
data->state.current_speed = -1; /* init to negative == impossible */
+
+ /* zero out authentication data: */
+ memset(&data->state.authhost, 0, sizeof(struct auth));
+ memset(&data->state.authproxy, 0, sizeof(struct auth));
}
/*
@@ -1039,9 +1013,8 @@ void curl_easy_reset(CURL *curl)
*
* Action is a bitmask consisting of CURLPAUSE_* bits in curl/curl.h
*/
-CURLcode curl_easy_pause(CURL *curl, int action)
+CURLcode curl_easy_pause(struct Curl_easy *data, int action)
{
- struct SessionHandle *data = (struct SessionHandle *)curl;
struct SingleRequest *k = &data->req;
CURLcode result = CURLE_OK;
@@ -1055,77 +1028,32 @@ CURLcode curl_easy_pause(CURL *curl, int action)
/* put it back in the keepon */
k->keepon = newstate;
- if(!(newstate & KEEP_RECV_PAUSE) && data->state.tempwrite) {
- /* we have a buffer for sending that we now seem to be able to deliver
- since the receive pausing is lifted! */
-
- /* get the pointer, type and length in local copies since the function may
- return PAUSE again and then we'll get a new copy allocted and stored in
- the tempwrite variables */
- char *tempwrite = data->state.tempwrite;
- char *freewrite = tempwrite; /* store this pointer to free it later */
- size_t tempsize = data->state.tempwritesize;
- int temptype = data->state.tempwritetype;
- size_t chunklen;
-
- /* clear tempwrite here just to make sure it gets cleared if there's no
- further use of it, and make sure we don't clear it after the function
- invoke as it may have been set to a new value by then */
- data->state.tempwrite = NULL;
-
- /* since the write callback API is define to never exceed
- CURL_MAX_WRITE_SIZE bytes in a single call, and since we may in fact
- have more data than that in our buffer here, we must loop sending the
- data in multiple calls until there's no data left or we get another
- pause returned.
-
- A tricky part is that the function we call will "buffer" the data
- itself when it pauses on a particular buffer, so we may need to do some
- extra trickery if we get a pause return here.
- */
- do {
- chunklen = (tempsize > CURL_MAX_WRITE_SIZE)?CURL_MAX_WRITE_SIZE:tempsize;
-
- result = Curl_client_write(data->easy_conn,
- temptype, tempwrite, chunklen);
- if(result)
- /* failures abort the loop at once */
- break;
-
- if(data->state.tempwrite && (tempsize - chunklen)) {
- /* Ouch, the reading is again paused and the block we send is now
- "cached". If this is the final chunk we can leave it like this, but
- if we have more chunks that are cached after this, we need to free
- the newly cached one and put back a version that is truly the entire
- contents that is saved for later
- */
- char *newptr;
-
- /* note that tempsize is still the size as before the callback was
- used, and thus the whole piece of data to keep */
- newptr = realloc(data->state.tempwrite, tempsize);
-
- if(!newptr) {
- free(data->state.tempwrite); /* free old area */
- data->state.tempwrite = NULL;
- result = CURLE_OUT_OF_MEMORY;
- /* tempwrite will be freed further down */
- break;
- }
- data->state.tempwrite = newptr; /* store new pointer */
- memcpy(newptr, tempwrite, tempsize);
- data->state.tempwritesize = tempsize; /* store new size */
- /* tempwrite will be freed further down */
- break; /* go back to pausing until further notice */
- }
- else {
- tempsize -= chunklen; /* left after the call above */
- tempwrite += chunklen; /* advance the pointer */
- }
-
- } while((result == CURLE_OK) && tempsize);
-
- free(freewrite); /* this is unconditionally no longer used */
+ if(!(newstate & KEEP_RECV_PAUSE) && data->state.tempcount) {
+ /* there are buffers for sending that can be delivered as the receive
+ pausing is lifted! */
+ unsigned int i;
+ unsigned int count = data->state.tempcount;
+ struct tempbuf writebuf[3]; /* there can only be three */
+
+ /* copy the structs to allow for immediate re-pausing */
+ for(i = 0; i < data->state.tempcount; i++) {
+ writebuf[i] = data->state.tempwrite[i];
+ data->state.tempwrite[i].buf = NULL;
+ }
+ data->state.tempcount = 0;
+
+ for(i = 0; i < count; i++) {
+ /* even if one function returns error, this loops through and frees all
+ buffers */
+ if(!result)
+ result = Curl_client_chop_write(data->easy_conn,
+ writebuf[i].type,
+ writebuf[i].buf,
+ writebuf[i].len);
+ free(writebuf[i].buf);
+ }
+ if(result)
+ return result;
}
/* if there's no error and we're not pausing both directions, we want
@@ -1133,13 +1061,13 @@ CURLcode curl_easy_pause(CURL *curl, int action)
if(!result &&
((newstate&(KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) !=
(KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) )
- Curl_expire(data, 1); /* get this handle going again */
+ Curl_expire(data, 0, EXPIRE_RUN_NOW); /* get this handle going again */
return result;
}
-static CURLcode easy_connection(struct SessionHandle *data,
+static CURLcode easy_connection(struct Curl_easy *data,
curl_socket_t *sfd,
struct connectdata **connp)
{
@@ -1167,23 +1095,23 @@ static CURLcode easy_connection(struct SessionHandle *data,
* curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
* Returns CURLE_OK on success, error code on error.
*/
-CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen, size_t *n)
+CURLcode curl_easy_recv(struct Curl_easy *data, void *buffer, size_t buflen,
+ size_t *n)
{
curl_socket_t sfd;
- CURLcode ret;
+ CURLcode result;
ssize_t n1;
struct connectdata *c;
- struct SessionHandle *data = (struct SessionHandle *)curl;
- ret = easy_connection(data, &sfd, &c);
- if(ret)
- return ret;
+ result = easy_connection(data, &sfd, &c);
+ if(result)
+ return result;
*n = 0;
- ret = Curl_read(c, sfd, buffer, buflen, &n1);
+ result = Curl_read(c, sfd, buffer, buflen, &n1);
- if(ret != CURLE_OK)
- return ret;
+ if(result)
+ return result;
*n = (size_t)n1;
@@ -1194,30 +1122,29 @@ CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen, size_t *n)
* Sends data over the connected socket. Use after successful
* curl_easy_perform() with CURLOPT_CONNECT_ONLY option.
*/
-CURLcode curl_easy_send(CURL *curl, const void *buffer, size_t buflen,
- size_t *n)
+CURLcode curl_easy_send(struct Curl_easy *data, const void *buffer,
+ size_t buflen, size_t *n)
{
curl_socket_t sfd;
- CURLcode ret;
+ CURLcode result;
ssize_t n1;
struct connectdata *c = NULL;
- struct SessionHandle *data = (struct SessionHandle *)curl;
- ret = easy_connection(data, &sfd, &c);
- if(ret)
- return ret;
+ result = easy_connection(data, &sfd, &c);
+ if(result)
+ return result;
*n = 0;
- ret = Curl_write(c, sfd, buffer, buflen, &n1);
+ result = Curl_write(c, sfd, buffer, buflen, &n1);
if(n1 == -1)
return CURLE_SEND_ERROR;
/* detect EAGAIN */
- if((CURLE_OK == ret) && (0 == n1))
+ if(!result && !n1)
return CURLE_AGAIN;
*n = (size_t)n1;
- return ret;
+ return result;
}
diff --git a/libs/libcurl/src/easyif.h b/libs/libcurl/src/easyif.h
index 043ff437d4..f6132cc70d 100644
--- a/libs/libcurl/src/easyif.h
+++ b/libs/libcurl/src/easyif.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,7 +26,7 @@
* Prototypes for library-wide functions provided by easy.c
*/
#ifdef CURLDEBUG
-CURL_EXTERN CURLcode curl_easy_perform_ev(CURL *easy);
+CURL_EXTERN CURLcode curl_easy_perform_ev(struct Curl_easy *easy);
#endif
#endif /* HEADER_CURL_EASYIF_H */
diff --git a/libs/libcurl/src/escape.c b/libs/libcurl/src/escape.c
index aa7db2c5b9..b7e2d32a6c 100644
--- a/libs/libcurl/src/escape.c
+++ b/libs/libcurl/src/escape.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -27,25 +27,23 @@
#include <curl/curl.h>
-#include "curl_memory.h"
#include "urldata.h"
#include "warnless.h"
#include "non-ascii.h"
#include "escape.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+#include "strdup.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
/* Portable character check (remember EBCDIC). Do not use isalnum() because
its behavior is altered by the current locale.
- See http://tools.ietf.org/html/rfc3986#section-2.3
+ See https://tools.ietf.org/html/rfc3986#section-2.3
*/
static bool Curl_isunreserved(unsigned char in)
{
- switch (in) {
+ switch(in) {
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
case 'a': case 'b': case 'c': case 'd': case 'e':
@@ -78,16 +76,23 @@ char *curl_unescape(const char *string, int length)
return curl_easy_unescape(NULL, string, length, NULL);
}
-char *curl_easy_escape(CURL *handle, const char *string, int inlength)
+char *curl_easy_escape(struct Curl_easy *data, const char *string,
+ int inlength)
{
- size_t alloc = (inlength?(size_t)inlength:strlen(string))+1;
+ size_t alloc;
char *ns;
char *testing_ptr = NULL;
unsigned char in; /* we need to treat the characters unsigned */
- size_t newlen = alloc;
- size_t strindex=0;
+ size_t newlen;
+ size_t strindex = 0;
size_t length;
- CURLcode res;
+ CURLcode result;
+
+ if(inlength < 0)
+ return NULL;
+
+ alloc = (inlength?(size_t)inlength:strlen(string)) + 1;
+ newlen = alloc;
ns = malloc(alloc);
if(!ns)
@@ -99,24 +104,20 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
if(Curl_isunreserved(in))
/* just copy this */
- ns[strindex++]=in;
+ ns[strindex++] = in;
else {
/* encode it */
newlen += 2; /* the size grows with two, since this'll become a %XX */
if(newlen > alloc) {
alloc *= 2;
- testing_ptr = realloc(ns, alloc);
- if(!testing_ptr) {
- free( ns );
+ testing_ptr = Curl_saferealloc(ns, alloc);
+ if(!testing_ptr)
return NULL;
- }
- else {
- ns = testing_ptr;
- }
+ ns = testing_ptr;
}
- res = Curl_convert_to_network(handle, &in, 1);
- if(res) {
+ result = Curl_convert_to_network(data, (char *)&in, 1);
+ if(result) {
/* Curl_convert_to_network calls failf if unsuccessful */
free(ns);
return NULL;
@@ -124,11 +125,11 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
snprintf(&ns[strindex], 4, "%%%02X", in);
- strindex+=3;
+ strindex += 3;
}
string++;
}
- ns[strindex]=0; /* terminate it */
+ ns[strindex] = 0; /* terminate it */
return ns;
}
@@ -142,17 +143,17 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
* *olen. If length == 0, the length is assumed to be strlen(string).
*
*/
-CURLcode Curl_urldecode(struct SessionHandle *data,
+CURLcode Curl_urldecode(struct Curl_easy *data,
const char *string, size_t length,
char **ostring, size_t *olen,
bool reject_ctrl)
{
- size_t alloc = (length?length:strlen(string))+1;
+ size_t alloc = (length?length:strlen(string)) + 1;
char *ns = malloc(alloc);
unsigned char in;
- size_t strindex=0;
+ size_t strindex = 0;
unsigned long hex;
- CURLcode res;
+ CURLcode result;
if(!ns)
return CURLE_OUT_OF_MEMORY;
@@ -172,16 +173,17 @@ CURLcode Curl_urldecode(struct SessionHandle *data,
in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */
- res = Curl_convert_from_network(data, &in, 1);
- if(res) {
+ result = Curl_convert_from_network(data, (char *)&in, 1);
+ if(result) {
/* Curl_convert_from_network calls failf if unsuccessful */
free(ns);
- return res;
+ return result;
}
- string+=2;
- alloc-=2;
+ string += 2;
+ alloc -= 2;
}
+
if(reject_ctrl && (in < 0x20)) {
free(ns);
return CURLE_URL_MALFORMAT;
@@ -190,15 +192,14 @@ CURLcode Curl_urldecode(struct SessionHandle *data,
ns[strindex++] = in;
string++;
}
- ns[strindex]=0; /* terminate it */
+ ns[strindex] = 0; /* terminate it */
if(olen)
/* store output size */
*olen = strindex;
- if(ostring)
- /* store output string */
- *ostring = ns;
+ /* store output string */
+ *ostring = ns;
return CURLE_OK;
}
@@ -209,18 +210,26 @@ CURLcode Curl_urldecode(struct SessionHandle *data,
* If length == 0, the length is assumed to be strlen(string).
* If olen == NULL, no output length is stored.
*/
-char *curl_easy_unescape(CURL *handle, const char *string, int length,
- int *olen)
+char *curl_easy_unescape(struct Curl_easy *data, const char *string,
+ int length, int *olen)
{
char *str = NULL;
- size_t inputlen = length;
- size_t outputlen;
- CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
- FALSE);
- if(res)
- return NULL;
- if(olen)
- *olen = curlx_uztosi(outputlen);
+ if(length >= 0) {
+ size_t inputlen = length;
+ size_t outputlen;
+ CURLcode res = Curl_urldecode(data, string, inputlen, &str, &outputlen,
+ FALSE);
+ if(res)
+ return NULL;
+
+ if(olen) {
+ if(outputlen <= (size_t) INT_MAX)
+ *olen = curlx_uztosi(outputlen);
+ else
+ /* too large to return in an int, fail! */
+ Curl_safefree(str);
+ }
+ }
return str;
}
@@ -229,6 +238,5 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
the library's memory system */
void curl_free(void *p)
{
- if(p)
- free(p);
+ free(p);
}
diff --git a/libs/libcurl/src/escape.h b/libs/libcurl/src/escape.h
index 731b13655f..638666f039 100644
--- a/libs/libcurl/src/escape.h
+++ b/libs/libcurl/src/escape.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,7 +24,7 @@
/* Escape and unescape URL encoding in strings. The functions return a new
* allocated string or NULL if an error occurred. */
-CURLcode Curl_urldecode(struct SessionHandle *data,
+CURLcode Curl_urldecode(struct Curl_easy *data,
const char *string, size_t length,
char **ostring, size_t *olen,
bool reject_crlf);
diff --git a/libs/libcurl/src/file.c b/libs/libcurl/src/file.c
index e658ada0aa..0bbc0e1800 100644
--- a/libs/libcurl/src/file.c
+++ b/libs/libcurl/src/file.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -59,14 +59,11 @@
#include "getinfo.h"
#include "transfer.h"
#include "url.h"
-#include "curl_memory.h"
#include "parsedate.h" /* for the week day and month names */
#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#if defined(WIN32) || defined(MSDOS) || defined(__EMX__) || \
@@ -111,6 +108,7 @@ const struct Curl_handler Curl_handler_file = {
ZERO_NULL, /* perform_getsock */
file_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
0, /* defport */
CURLPROTO_FILE, /* protocol */
PROTOPT_NONETWORK | PROTOPT_NOURLQUERY /* flags */
@@ -135,44 +133,50 @@ static CURLcode file_setup_connection(struct connectdata *conn)
static CURLcode file_range(struct connectdata *conn)
{
curl_off_t from, to;
- curl_off_t totalsize=-1;
+ curl_off_t totalsize = -1;
char *ptr;
char *ptr2;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(data->state.use_range && data->state.range) {
- from=curlx_strtoofft(data->state.range, &ptr, 0);
- while(*ptr && (ISSPACE(*ptr) || (*ptr=='-')))
+ CURLofft from_t;
+ CURLofft to_t;
+ from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from);
+ if(from_t == CURL_OFFT_FLOW)
+ return CURLE_RANGE_ERROR;
+ while(*ptr && (ISSPACE(*ptr) || (*ptr == '-')))
ptr++;
- to=curlx_strtoofft(ptr, &ptr2, 0);
- if(ptr == ptr2) {
- /* we didn't get any digit */
- to=-1;
- }
- if((-1 == to) && (from>=0)) {
+ to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
+ if(to_t == CURL_OFFT_FLOW)
+ return CURLE_RANGE_ERROR;
+ if((to_t == CURL_OFFT_INVAL) && !from_t) {
/* X - */
data->state.resume_from = from;
- DEBUGF(infof(data, "RANGE %" FORMAT_OFF_T " to end of file\n",
+ DEBUGF(infof(data, "RANGE %" CURL_FORMAT_CURL_OFF_T " to end of file\n",
from));
}
- else if(from < 0) {
+ else if((from_t == CURL_OFFT_INVAL) && !to_t) {
/* -Y */
- data->req.maxdownload = -from;
- data->state.resume_from = from;
- DEBUGF(infof(data, "RANGE the last %" FORMAT_OFF_T " bytes\n",
- -from));
+ data->req.maxdownload = to;
+ data->state.resume_from = -to;
+ DEBUGF(infof(data, "RANGE the last %" CURL_FORMAT_CURL_OFF_T " bytes\n",
+ to));
}
else {
/* X-Y */
totalsize = to-from;
- data->req.maxdownload = totalsize+1; /* include last byte */
+ if(totalsize == CURL_OFF_T_MAX)
+ /* this is too big to increase, so bail out */
+ return CURLE_RANGE_ERROR;
+ data->req.maxdownload = totalsize + 1; /* include last byte */
data->state.resume_from = from;
- DEBUGF(infof(data, "RANGE from %" FORMAT_OFF_T
- " getting %" FORMAT_OFF_T " bytes\n",
+ DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T
+ " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n",
from, data->req.maxdownload));
}
- DEBUGF(infof(data, "range-download from %" FORMAT_OFF_T
- " to %" FORMAT_OFF_T ", totally %" FORMAT_OFF_T " bytes\n",
+ DEBUGF(infof(data, "range-download from %" CURL_FORMAT_CURL_OFF_T
+ " to %" CURL_FORMAT_CURL_OFF_T ", totally %"
+ CURL_FORMAT_CURL_OFF_T " bytes\n",
from, to, data->req.maxdownload));
}
else
@@ -187,18 +191,20 @@ static CURLcode file_range(struct connectdata *conn)
*/
static CURLcode file_connect(struct connectdata *conn, bool *done)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
char *real_path;
struct FILEPROTO *file = data->req.protop;
int fd;
#ifdef DOS_FILESYSTEM
- int i;
+ size_t i;
char *actual_path;
#endif
+ size_t real_path_len;
- real_path = curl_easy_unescape(data, data->state.path, 0, NULL);
- if(!real_path)
- return CURLE_OUT_OF_MEMORY;
+ CURLcode result = Curl_urldecode(data, data->state.path, 0, &real_path,
+ &real_path_len, FALSE);
+ if(result)
+ return result;
#ifdef DOS_FILESYSTEM
/* If the first character is a slash, and there's
@@ -221,16 +227,27 @@ static CURLcode file_connect(struct connectdata *conn, bool *done)
(actual_path[2] == ':' || actual_path[2] == '|')) {
actual_path[2] = ':';
actual_path++;
+ real_path_len--;
}
/* change path separators from '/' to '\\' for DOS, Windows and OS/2 */
- for(i=0; actual_path[i] != '\0'; ++i)
+ for(i = 0; i < real_path_len; ++i)
if(actual_path[i] == '/')
actual_path[i] = '\\';
+ else if(!actual_path[i]) { /* binary zero */
+ Curl_safefree(real_path);
+ return CURLE_URL_MALFORMAT;
+ }
fd = open_readonly(actual_path, O_RDONLY|O_BINARY);
file->path = actual_path;
#else
+ if(memchr(real_path, 0, real_path_len)) {
+ /* binary zeroes indicate foul play */
+ Curl_safefree(real_path);
+ return CURLE_URL_MALFORMAT;
+ }
+
fd = open_readonly(real_path, O_RDONLY);
file->path = real_path;
#endif
@@ -294,22 +311,19 @@ static CURLcode file_upload(struct connectdata *conn)
const char *dir = strchr(file->path, DIRSEP);
int fd;
int mode;
- CURLcode res=CURLE_OK;
- struct SessionHandle *data = conn->data;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
char *buf = data->state.buffer;
size_t nread;
size_t nwrite;
curl_off_t bytecount = 0;
- struct timeval now = Curl_tvnow();
struct_stat file_stat;
- const char* buf2;
+ const char *buf2;
/*
* Since FILE: doesn't do the full init, we need to provide some extra
* assignments here.
*/
- conn->fread_func = data->set.fread_func;
- conn->fread_in = data->set.in;
conn->data->req.upload_fromhere = buf;
if(!dir)
@@ -335,9 +349,9 @@ static CURLcode file_upload(struct connectdata *conn)
return CURLE_WRITE_ERROR;
}
- if(-1 != data->set.infilesize)
+ if(-1 != data->state.infilesize)
/* known size of data to "upload" */
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
/* treat the negative resume offset value as the case of "-" */
if(data->state.resume_from < 0) {
@@ -346,14 +360,13 @@ static CURLcode file_upload(struct connectdata *conn)
failf(data, "Can't get the size of %s", file->path);
return CURLE_WRITE_ERROR;
}
- else
- data->state.resume_from = (curl_off_t)file_stat.st_size;
+ data->state.resume_from = (curl_off_t)file_stat.st_size;
}
- while(res == CURLE_OK) {
+ while(!result) {
int readcount;
- res = Curl_fillreadbuffer(conn, BUFSIZE, &readcount);
- if(res)
+ result = Curl_fillreadbuffer(conn, (int)data->set.buffer_size, &readcount);
+ if(result)
break;
if(readcount <= 0) /* fix questionable compare error. curlvms */
@@ -363,7 +376,7 @@ static CURLcode file_upload(struct connectdata *conn)
/*skip bytes before resume point*/
if(data->state.resume_from) {
- if((curl_off_t)nread <= data->state.resume_from ) {
+ if((curl_off_t)nread <= data->state.resume_from) {
data->state.resume_from -= nread;
nread = 0;
buf2 = buf;
@@ -380,7 +393,7 @@ static CURLcode file_upload(struct connectdata *conn)
/* write the data to the target */
nwrite = write(fd, buf2, nread);
if(nwrite != nread) {
- res = CURLE_SEND_ERROR;
+ result = CURLE_SEND_ERROR;
break;
}
@@ -389,16 +402,16 @@ static CURLcode file_upload(struct connectdata *conn)
Curl_pgrsSetUploadCounter(data, bytecount);
if(Curl_pgrsUpdate(conn))
- res = CURLE_ABORTED_BY_CALLBACK;
+ result = CURLE_ABORTED_BY_CALLBACK;
else
- res = Curl_speedcheck(data, now);
+ result = Curl_speedcheck(data, Curl_now());
}
- if(!res && Curl_pgrsUpdate(conn))
- res = CURLE_ABORTED_BY_CALLBACK;
+ if(!result && Curl_pgrsUpdate(conn))
+ result = CURLE_ABORTED_BY_CALLBACK;
close(fd);
- return res;
+ return result;
}
/*
@@ -416,18 +429,18 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
are supported. This means that files on remotely mounted directories
(via NFS, Samba, NT sharing) can be accessed through a file:// URL
*/
- CURLcode res = CURLE_OK;
+ CURLcode result = CURLE_OK;
struct_stat statbuf; /* struct_stat instead of struct stat just to allow the
Windows version to have a different struct without
having to redefine the simple word 'stat' */
- curl_off_t expected_size=0;
- bool fstated=FALSE;
+ curl_off_t expected_size = 0;
+ bool size_known;
+ bool fstated = FALSE;
ssize_t nread;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
char *buf = data->state.buffer;
curl_off_t bytecount = 0;
int fd;
- struct timeval now = Curl_tvnow();
struct FILEPROTO *file;
*done = TRUE; /* unconditionally */
@@ -463,10 +476,13 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
information. Which for FILE can't be much more than the file size and
date. */
if(data->set.opt_no_body && data->set.include_header && fstated) {
- CURLcode result;
- snprintf(buf, sizeof(data->state.buffer),
- "Content-Length: %" FORMAT_OFF_T "\r\n", expected_size);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+ time_t filetime;
+ struct tm buffer;
+ const struct tm *tm = &buffer;
+ char header[80];
+ snprintf(header, sizeof(header),
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", expected_size);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
if(result)
return result;
@@ -475,29 +491,24 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
if(result)
return result;
- if(fstated) {
- time_t filetime = (time_t)statbuf.st_mtime;
- struct tm buffer;
- const struct tm *tm = &buffer;
- result = Curl_gmtime(filetime, &buffer);
- if(result)
- return result;
-
- /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
- snprintf(buf, BUFSIZE-1,
- "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
- Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
- tm->tm_mday,
- Curl_month[tm->tm_mon],
- tm->tm_year + 1900,
- tm->tm_hour,
- tm->tm_min,
- tm->tm_sec);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
- }
- /* if we fstat()ed the file, set the file size to make it available post-
- transfer */
- if(fstated)
+ filetime = (time_t)statbuf.st_mtime;
+ result = Curl_gmtime(filetime, &buffer);
+ if(result)
+ return result;
+
+ /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
+ snprintf(header, sizeof(header),
+ "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+ Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+ tm->tm_mday,
+ Curl_month[tm->tm_mon],
+ tm->tm_year + 1900,
+ tm->tm_hour,
+ tm->tm_min,
+ tm->tm_sec);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
+ if(!result)
+ /* set the file size to make it available post transfer */
Curl_pgrsSetDownloadSize(data, expected_size);
return result;
}
@@ -512,8 +523,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
failf(data, "Can't get the size of file.");
return CURLE_READ_ERROR;
}
- else
- data->state.resume_from += (curl_off_t)statbuf.st_size;
+ data->state.resume_from += (curl_off_t)statbuf.st_size;
}
if(data->state.resume_from <= expected_size)
@@ -527,8 +537,10 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
if(data->req.maxdownload > 0)
expected_size = data->req.maxdownload;
- if(fstated && (expected_size == 0))
- return CURLE_OK;
+ if(!fstated || (expected_size == 0))
+ size_known = FALSE;
+ else
+ size_known = TRUE;
/* The following is a shortcut implementation of file reading
this is both more efficient than the former call to download() and
@@ -545,38 +557,44 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
Curl_pgrsTime(data, TIMER_STARTTRANSFER);
- while(res == CURLE_OK) {
+ while(!result) {
/* Don't fill a whole buffer if we want less than all data */
- size_t bytestoread =
- (expected_size < CURL_OFF_T_C(BUFSIZE) - CURL_OFF_T_C(1)) ?
- curlx_sotouz(expected_size) : BUFSIZE - 1;
+ size_t bytestoread;
+
+ if(size_known) {
+ bytestoread = (expected_size < data->set.buffer_size) ?
+ curlx_sotouz(expected_size) : (size_t)data->set.buffer_size;
+ }
+ else
+ bytestoread = data->set.buffer_size-1;
nread = read(fd, buf, bytestoread);
if(nread > 0)
buf[nread] = 0;
- if(nread <= 0 || expected_size == 0)
+ if(nread <= 0 || (size_known && (expected_size == 0)))
break;
bytecount += nread;
- expected_size -= nread;
+ if(size_known)
+ expected_size -= nread;
- res = Curl_client_write(conn, CLIENTWRITE_BODY, buf, nread);
- if(res)
- return res;
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, buf, nread);
+ if(result)
+ return result;
Curl_pgrsSetDownloadCounter(data, bytecount);
if(Curl_pgrsUpdate(conn))
- res = CURLE_ABORTED_BY_CALLBACK;
+ result = CURLE_ABORTED_BY_CALLBACK;
else
- res = Curl_speedcheck(data, now);
+ result = Curl_speedcheck(data, Curl_now());
}
if(Curl_pgrsUpdate(conn))
- res = CURLE_ABORTED_BY_CALLBACK;
+ result = CURLE_ABORTED_BY_CALLBACK;
- return res;
+ return result;
}
#endif
diff --git a/libs/libcurl/src/file.h b/libs/libcurl/src/file.h
index 997474bc75..c12ae0e09e 100644
--- a/libs/libcurl/src/file.h
+++ b/libs/libcurl/src/file.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/fileinfo.c b/libs/libcurl/src/fileinfo.c
index 8c8ee981a1..3872988474 100644
--- a/libs/libcurl/src/fileinfo.c
+++ b/libs/libcurl/src/fileinfo.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010-2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,31 +24,23 @@
#include "strdup.h"
#include "fileinfo.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
-struct curl_fileinfo *Curl_fileinfo_alloc(void)
+struct fileinfo *Curl_fileinfo_alloc(void)
{
- struct curl_fileinfo *tmp = malloc(sizeof(struct curl_fileinfo));
- if(!tmp)
- return NULL;
- memset(tmp, 0, sizeof(struct curl_fileinfo));
- return tmp;
+ return calloc(1, sizeof(struct fileinfo));
}
void Curl_fileinfo_dtor(void *user, void *element)
{
- struct curl_fileinfo *finfo = element;
+ struct fileinfo *finfo = element;
(void) user;
if(!finfo)
return;
- Curl_safefree(finfo->b_data);
+ Curl_safefree(finfo->info.b_data);
free(finfo);
}
diff --git a/libs/libcurl/src/fileinfo.h b/libs/libcurl/src/fileinfo.h
index b0e5e59e12..c5d0ee5b64 100644
--- a/libs/libcurl/src/fileinfo.h
+++ b/libs/libcurl/src/fileinfo.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010, 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,11 +23,15 @@
***************************************************************************/
#include <curl/curl.h>
+#include "llist.h"
-struct curl_fileinfo *Curl_fileinfo_alloc(void);
+struct fileinfo {
+ struct curl_fileinfo info;
+ struct curl_llist_element list;
+};
-void Curl_fileinfo_dtor(void *, void *);
+struct fileinfo *Curl_fileinfo_alloc(void);
-struct curl_fileinfo *Curl_fileinfo_dup(const struct curl_fileinfo *src);
+void Curl_fileinfo_dtor(void *, void *);
#endif /* HEADER_CURL_FILEINFO_H */
diff --git a/libs/libcurl/src/firefox-db2pem.sh b/libs/libcurl/src/firefox-db2pem.sh
new file mode 100644
index 0000000000..7d691ff6b9
--- /dev/null
+++ b/libs/libcurl/src/firefox-db2pem.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+# ***************************************************************************
+# * _ _ ____ _
+# * Project ___| | | | _ \| |
+# * / __| | | | |_) | |
+# * | (__| |_| | _ <| |___
+# * \___|\___/|_| \_\_____|
+# *
+# * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+# *
+# * This software is licensed as described in the file COPYING, which
+# * you should have received as part of this distribution. The terms
+# * are also available at https://curl.haxx.se/docs/copyright.html.
+# *
+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# * copies of the Software, and permit persons to whom the Software is
+# * furnished to do so, under the terms of the COPYING file.
+# *
+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# * KIND, either express or implied.
+# *
+# ***************************************************************************
+# This shell script creates a fresh ca-bundle.crt file for use with libcurl.
+# It extracts all ca certs it finds in the local Firefox database and converts
+# them all into PEM format.
+#
+db=`ls -1d $HOME/.mozilla/firefox/*default*`
+out=$1
+
+if test -z "$out"; then
+ out="ca-bundle.crt" # use a sensible default
+fi
+
+currentdate=`date`
+
+cat >$out <<EOF
+##
+## Bundle of CA Root Certificates
+##
+## Converted at: ${currentdate}
+## These were converted from the local Firefox directory by the db2pem script.
+##
+EOF
+
+
+certutil -L -h 'Builtin Object Token' -d $db | \
+grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \
+sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' -e 's/\(.*\)/"\1"/' | \
+sort | \
+while read nickname; \
+ do echo $nickname | sed -e "s/Builtin Object Token://g"; \
+eval certutil -d $db -L -n "$nickname" -a ; \
+done >> $out
+
diff --git a/libs/libcurl/src/formdata.c b/libs/libcurl/src/formdata.c
index f718a3e4e9..d0579c52fe 100644
--- a/libs/libcurl/src/formdata.c
+++ b/libs/libcurl/src/formdata.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,43 +24,38 @@
#include <curl/curl.h>
-#if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY)
+#ifndef CURL_DISABLE_HTTP
#if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME)
#include <libgen.h>
#endif
-#include "urldata.h" /* for struct SessionHandle */
+#include "urldata.h" /* for struct Curl_easy */
#include "formdata.h"
-#include "sslgen.h"
-#include "strequal.h"
-#include "curl_memory.h"
+#include "mime.h"
+#include "non-ascii.h"
+#include "vtls/vtls.h"
+#include "strcase.h"
#include "sendf.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+#include "strdup.h"
+#include "rand.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
-#endif /* !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY) */
-
-#ifndef CURL_DISABLE_HTTP
-
-#ifndef HAVE_BASENAME
-static char *Curl_basename(char *path);
-#define basename(x) Curl_basename((x))
-#endif
-
-static size_t readfromfile(struct Form *form, char *buffer, size_t size);
-static char *formboundary(struct SessionHandle *data);
/* What kind of Content-Type to use on un-specified files with unrecognized
extensions. */
#define HTTPPOST_CONTENTTYPE_DEFAULT "application/octet-stream"
-#define FORM_FILE_SEPARATOR ','
-#define FORM_TYPE_SEPARATOR ';'
+#define HTTPPOST_PTRNAME CURL_HTTPPOST_PTRNAME
+#define HTTPPOST_FILENAME CURL_HTTPPOST_FILENAME
+#define HTTPPOST_PTRCONTENTS CURL_HTTPPOST_PTRCONTENTS
+#define HTTPPOST_READFILE CURL_HTTPPOST_READFILE
+#define HTTPPOST_PTRBUFFER CURL_HTTPPOST_PTRBUFFER
+#define HTTPPOST_CALLBACK CURL_HTTPPOST_CALLBACK
+#define HTTPPOST_BUFFER CURL_HTTPPOST_BUFFER
/***************************************************************************
*
@@ -74,11 +69,11 @@ static char *formboundary(struct SessionHandle *data);
***************************************************************************/
static struct curl_httppost *
AddHttpPost(char *name, size_t namelength,
- char *value, size_t contentslength,
+ char *value, curl_off_t contentslength,
char *buffer, size_t bufferlength,
char *contenttype,
long flags,
- struct curl_slist* contentHeader,
+ struct curl_slist *contentHeader,
char *showfilename, char *userp,
struct curl_httppost *parent_post,
struct curl_httppost **httppost,
@@ -90,14 +85,14 @@ AddHttpPost(char *name, size_t namelength,
post->name = name;
post->namelength = (long)(name?(namelength?namelength:strlen(name)):0);
post->contents = value;
- post->contentslength = (long)contentslength;
+ post->contentlen = contentslength;
post->buffer = buffer;
post->bufferlength = (long)bufferlength;
post->contenttype = contenttype;
post->contentheader = contentHeader;
post->showfilename = showfilename;
- post->userp = userp,
- post->flags = flags;
+ post->userp = userp;
+ post->flags = flags | CURL_HTTPPOST_LARGE;
}
else
return NULL;
@@ -197,11 +192,11 @@ static const char *ContentTypeForFilename(const char *filename,
contenttype = HTTPPOST_CONTENTTYPE_DEFAULT;
if(filename) { /* in case a NULL was passed in */
- for(i=0; i<sizeof(ctts)/sizeof(ctts[0]); i++) {
+ for(i = 0; i<sizeof(ctts)/sizeof(ctts[0]); i++) {
if(strlen(filename) >= strlen(ctts[i].extension)) {
- if(strequal(filename +
- strlen(filename) - strlen(ctts[i].extension),
- ctts[i].extension)) {
+ if(strcasecompare(filename +
+ strlen(filename) - strlen(ctts[i].extension),
+ ctts[i].extension)) {
contenttype = ctts[i].type;
break;
}
@@ -214,46 +209,6 @@ static const char *ContentTypeForFilename(const char *filename,
/***************************************************************************
*
- * memdup()
- *
- * Copies the 'source' data to a newly allocated buffer buffer (that is
- * returned). Uses buffer_length if not null, else uses strlen to determine
- * the length of the buffer to be copied
- *
- * Returns the new pointer or NULL on failure.
- *
- ***************************************************************************/
-static char *memdup(const char *src, size_t buffer_length)
-{
- size_t length;
- bool add = FALSE;
- char *buffer;
-
- if(buffer_length)
- length = buffer_length;
- else if(src) {
- length = strlen(src);
- add = TRUE;
- }
- else
- /* no length and a NULL src pointer! */
- return strdup("");
-
- buffer = malloc(length+add);
- if(!buffer)
- return NULL; /* fail */
-
- memcpy(buffer, src, length);
-
- /* if length unknown do null termination */
- if(add)
- buffer[length] = '\0';
-
- return buffer;
-}
-
-/***************************************************************************
- *
* FormAdd()
*
* Stores a formpost parameter and builds the appropriate linked list.
@@ -312,7 +267,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
struct curl_httppost *post = NULL;
CURLformoption option;
struct curl_forms *forms = NULL;
- char *array_value=NULL; /* value read from an array */
+ char *array_value = NULL; /* value read from an array */
/* This is a state variable, that if TRUE means that we're parsing an
array that we got passed to us. If FALSE we're parsing the input
@@ -353,7 +308,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
break;
}
- switch (option) {
+ switch(option) {
case CURLFORM_ARRAY:
if(array_state)
/* we don't support an array from within an array */
@@ -379,6 +334,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
#else
current_form->flags |= HTTPPOST_PTRNAME; /* fall through */
#endif
+ /* FALLTHROUGH */
case CURLFORM_COPYNAME:
if(current_form->name)
return_value = CURL_FORMADD_OPTION_TWICE;
@@ -417,11 +373,14 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
}
break;
case CURLFORM_CONTENTSLENGTH:
- if(current_form->contentslength)
- return_value = CURL_FORMADD_OPTION_TWICE;
- else
- current_form->contentslength =
- array_state?(size_t)array_value:(size_t)va_arg(params, long);
+ current_form->contentslength =
+ array_state?(size_t)array_value:(size_t)va_arg(params, long);
+ break;
+
+ case CURLFORM_CONTENTLEN:
+ current_form->flags |= CURL_HTTPPOST_LARGE;
+ current_form->contentslength =
+ array_state?(curl_off_t)(size_t)array_value:va_arg(params, curl_off_t);
break;
/* Get contents from a given file name */
@@ -460,7 +419,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
else {
form = AddFormInfo(fname, NULL, current_form);
if(!form) {
- Curl_safefree(fname);
+ free(fname);
return_value = CURL_FORMADD_MEMORY;
}
else {
@@ -549,7 +508,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
else {
form = AddFormInfo(NULL, type, current_form);
if(!form) {
- Curl_safefree(type);
+ free(type);
return_value = CURL_FORMADD_MEMORY;
}
else {
@@ -582,9 +541,9 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
{
/* this "cast increases required alignment of target type" but
we consider it OK anyway */
- struct curl_slist* list = array_state?
- (struct curl_slist*)array_value:
- va_arg(params, struct curl_slist*);
+ struct curl_slist *list = array_state?
+ (struct curl_slist *)(void *)array_value:
+ va_arg(params, struct curl_slist *);
if(current_form->contentheader)
return_value = CURL_FORMADD_OPTION_TWICE;
@@ -663,62 +622,79 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
return_value = CURL_FORMADD_INCOMPLETE;
break;
}
- else {
- if(((form->flags & HTTPPOST_FILENAME) ||
- (form->flags & HTTPPOST_BUFFER)) &&
- !form->contenttype ) {
- char *f = form->flags & HTTPPOST_BUFFER?
- form->showfilename : form->value;
-
- /* our contenttype is missing */
- form->contenttype = strdup(ContentTypeForFilename(f, prevtype));
- if(!form->contenttype) {
- return_value = CURL_FORMADD_MEMORY;
- break;
- }
- form->contenttype_alloc = TRUE;
- }
- if(!(form->flags & HTTPPOST_PTRNAME) &&
- (form == first_form) ) {
- /* Note that there's small risk that form->name is NULL here if the
- app passed in a bad combo, so we better check for that first. */
- if(form->name)
- /* copy name (without strdup; possibly contains null characters) */
- form->name = memdup(form->name, form->namelength);
- if(!form->name) {
- return_value = CURL_FORMADD_MEMORY;
- break;
- }
- form->name_alloc = TRUE;
+ if(((form->flags & HTTPPOST_FILENAME) ||
+ (form->flags & HTTPPOST_BUFFER)) &&
+ !form->contenttype) {
+ char *f = form->flags & HTTPPOST_BUFFER?
+ form->showfilename : form->value;
+
+ /* our contenttype is missing */
+ form->contenttype = strdup(ContentTypeForFilename(f, prevtype));
+ if(!form->contenttype) {
+ return_value = CURL_FORMADD_MEMORY;
+ break;
}
- if(!(form->flags & (HTTPPOST_FILENAME | HTTPPOST_READFILE |
- HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER |
- HTTPPOST_CALLBACK)) ) {
- /* copy value (without strdup; possibly contains null characters) */
- form->value = memdup(form->value, form->contentslength);
- if(!form->value) {
- return_value = CURL_FORMADD_MEMORY;
+ form->contenttype_alloc = TRUE;
+ }
+ if(form->name && form->namelength) {
+ /* Name should not contain nul bytes. */
+ size_t i;
+ for(i = 0; i < form->namelength; i++)
+ if(!form->name[i]) {
+ return_value = CURL_FORMADD_NULL;
break;
}
- form->value_alloc = TRUE;
+ if(return_value != CURL_FORMADD_OK)
+ break;
+ }
+ if(!(form->flags & HTTPPOST_PTRNAME) &&
+ (form == first_form) ) {
+ /* Note that there's small risk that form->name is NULL here if the
+ app passed in a bad combo, so we better check for that first. */
+ if(form->name) {
+ /* copy name (without strdup; possibly not nul-terminated) */
+ form->name = Curl_memdup(form->name, form->namelength?
+ form->namelength:
+ strlen(form->name) + 1);
}
- post = AddHttpPost(form->name, form->namelength,
- form->value, form->contentslength,
- form->buffer, form->bufferlength,
- form->contenttype, form->flags,
- form->contentheader, form->showfilename,
- form->userp,
- post, httppost,
- last_post);
-
- if(!post) {
+ if(!form->name) {
return_value = CURL_FORMADD_MEMORY;
break;
}
+ form->name_alloc = TRUE;
+ }
+ if(!(form->flags & (HTTPPOST_FILENAME | HTTPPOST_READFILE |
+ HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER |
+ HTTPPOST_CALLBACK)) && form->value) {
+ /* copy value (without strdup; possibly contains null characters) */
+ size_t clen = (size_t) form->contentslength;
+ if(!clen)
+ clen = strlen(form->value) + 1;
+
+ form->value = Curl_memdup(form->value, clen);
- if(form->contenttype)
- prevtype = form->contenttype;
+ if(!form->value) {
+ return_value = CURL_FORMADD_MEMORY;
+ break;
+ }
+ form->value_alloc = TRUE;
}
+ post = AddHttpPost(form->name, form->namelength,
+ form->value, form->contentslength,
+ form->buffer, form->bufferlength,
+ form->contenttype, form->flags,
+ form->contentheader, form->showfilename,
+ form->userp,
+ post, httppost,
+ last_post);
+
+ if(!post) {
+ return_value = CURL_FORMADD_MEMORY;
+ break;
+ }
+
+ if(form->contenttype)
+ prevtype = form->contenttype;
}
if(CURL_FORMADD_OK != return_value) {
/* On error, free allocated fields for nodes of the FormInfo linked
@@ -751,7 +727,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
now by the httppost linked list */
while(first_form) {
FormInfo *ptr = first_form->more;
- Curl_safefree(first_form);
+ free(first_form);
first_form = ptr;
}
@@ -776,174 +752,6 @@ CURLFORMcode curl_formadd(struct curl_httppost **httppost,
return result;
}
-#ifdef __VMS
-#include <fabdef.h>
-/*
- * get_vms_file_size does what it takes to get the real size of the file
- *
- * For fixed files, find out the size of the EOF block and adjust.
- *
- * For all others, have to read the entire file in, discarding the contents.
- * Most posted text files will be small, and binary files like zlib archives
- * and CD/DVD images should be either a STREAM_LF format or a fixed format.
- *
- */
-curl_off_t VmsRealFileSize(const char * name,
- const struct_stat * stat_buf)
-{
- char buffer[8192];
- curl_off_t count;
- int ret_stat;
- FILE * file;
-
- file = fopen(name, "r");
- if(file == NULL)
- return 0;
-
- count = 0;
- ret_stat = 1;
- while(ret_stat > 0) {
- ret_stat = fread(buffer, 1, sizeof(buffer), file);
- if(ret_stat != 0)
- count += ret_stat;
- }
- fclose(file);
-
- return count;
-}
-
-/*
- *
- * VmsSpecialSize checks to see if the stat st_size can be trusted and
- * if not to call a routine to get the correct size.
- *
- */
-static curl_off_t VmsSpecialSize(const char * name,
- const struct_stat * stat_buf)
-{
- switch(stat_buf->st_fab_rfm) {
- case FAB$C_VAR:
- case FAB$C_VFC:
- return VmsRealFileSize(name, stat_buf);
- break;
- default:
- return stat_buf->st_size;
- }
-}
-
-#endif
-
-#ifndef __VMS
-#define filesize(name, stat_data) (stat_data.st_size)
-#else
- /* Getting the expected file size needs help on VMS */
-#define filesize(name, stat_data) VmsSpecialSize(name, &stat_data)
-#endif
-
-/*
- * AddFormData() adds a chunk of data to the FormData linked list.
- *
- * size is incremented by the chunk length, unless it is NULL
- */
-static CURLcode AddFormData(struct FormData **formp,
- enum formtype type,
- const void *line,
- size_t length,
- curl_off_t *size)
-{
- struct FormData *newform = malloc(sizeof(struct FormData));
- if(!newform)
- return CURLE_OUT_OF_MEMORY;
- newform->next = NULL;
-
- if(type <= FORM_CONTENT) {
- /* we make it easier for plain strings: */
- if(!length)
- length = strlen((char *)line);
-
- newform->line = malloc(length+1);
- if(!newform->line) {
- free(newform);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(newform->line, line, length);
- newform->length = length;
- newform->line[length]=0; /* zero terminate for easier debugging */
- }
- else
- /* For callbacks and files we don't have any actual data so we just keep a
- pointer to whatever this points to */
- newform->line = (char *)line;
-
- newform->type = type;
-
- if(*formp) {
- (*formp)->next = newform;
- *formp = newform;
- }
- else
- *formp = newform;
-
- if(size) {
- if(type != FORM_FILE)
- /* for static content as well as callback data we add the size given
- as input argument */
- *size += length;
- else {
- /* Since this is a file to be uploaded here, add the size of the actual
- file */
- if(!strequal("-", newform->line)) {
- struct_stat file;
- if(!stat(newform->line, &file) && !S_ISDIR(file.st_mode))
- *size += filesize(newform->line, file);
- else
- return CURLE_BAD_FUNCTION_ARGUMENT;
- }
- }
- }
- return CURLE_OK;
-}
-
-/*
- * AddFormDataf() adds printf()-style formatted data to the formdata chain.
- */
-
-static CURLcode AddFormDataf(struct FormData **formp,
- curl_off_t *size,
- const char *fmt, ...)
-{
- char s[4096];
- va_list ap;
- va_start(ap, fmt);
- vsnprintf(s, sizeof(s), fmt, ap);
- va_end(ap);
-
- return AddFormData(formp, FORM_DATA, s, 0, size);
-}
-
-/*
- * Curl_formclean() is used from http.c, this cleans a built FormData linked
- * list
- */
-void Curl_formclean(struct FormData **form_ptr)
-{
- struct FormData *next, *form;
-
- form = *form_ptr;
- if(!form)
- return;
-
- do {
- next=form->next; /* the following form line */
- if(form->type <= FORM_CONTENT)
- free(form->line); /* free the line */
- free(form); /* free the struct */
-
- } while((form = next) != NULL); /* continue */
-
- *form_ptr = NULL;
-}
-
/*
* curl_formget()
* Serialize a curl_httppost struct.
@@ -954,43 +762,35 @@ void Curl_formclean(struct FormData **form_ptr)
int curl_formget(struct curl_httppost *form, void *arg,
curl_formget_callback append)
{
- CURLcode rc;
- curl_off_t size;
- struct FormData *data, *ptr;
-
- rc = Curl_getformdata(NULL, &data, form, NULL, &size);
- if(rc != CURLE_OK)
- return (int)rc;
-
- for(ptr = data; ptr; ptr = ptr->next) {
- if((ptr->type == FORM_FILE) || (ptr->type == FORM_CALLBACK)) {
- char buffer[8192];
- size_t nread;
- struct Form temp;
-
- Curl_FormInit(&temp, ptr);
-
- do {
- nread = readfromfile(&temp, buffer, sizeof(buffer));
- if((nread == (size_t) -1) ||
- (nread > sizeof(buffer)) ||
- (nread != append(arg, buffer, nread))) {
- if(temp.fp)
- fclose(temp.fp);
- Curl_formclean(&data);
- return -1;
- }
- } while(nread);
- }
- else {
- if(ptr->length != append(arg, ptr->line, ptr->length)) {
- Curl_formclean(&data);
- return -1;
- }
+ CURLcode result;
+ curl_mimepart toppart;
+
+ Curl_mime_initpart(&toppart, NULL); /* default form is empty */
+ result = Curl_getformdata(NULL, &toppart, form, NULL);
+ if(!result)
+ result = Curl_mime_prepare_headers(&toppart, "multipart/form-data",
+ NULL, MIMESTRATEGY_FORM);
+
+ while(!result) {
+ char buffer[8192];
+ size_t nread = Curl_mime_read(buffer, 1, sizeof buffer, &toppart);
+
+ if(!nread)
+ break;
+
+ switch(nread) {
+ default:
+ if(append(arg, buffer, nread) != nread)
+ result = CURLE_READ_ERROR;
+ break;
+ case CURL_READFUNC_ABORT:
+ case CURL_READFUNC_PAUSE:
+ break;
}
}
- Curl_formclean(&data);
- return 0;
+
+ Curl_mime_cleanpart(&toppart);
+ return (int) result;
}
/*
@@ -1006,565 +806,171 @@ void curl_formfree(struct curl_httppost *form)
return;
do {
- next=form->next; /* the following form line */
+ next = form->next; /* the following form line */
/* recurse to sub-contents */
- if(form->more)
- curl_formfree(form->more);
+ curl_formfree(form->more);
- if(!(form->flags & HTTPPOST_PTRNAME) && form->name)
+ if(!(form->flags & HTTPPOST_PTRNAME))
free(form->name); /* free the name */
if(!(form->flags &
- (HTTPPOST_PTRCONTENTS|HTTPPOST_BUFFER|HTTPPOST_CALLBACK)) &&
- form->contents)
+ (HTTPPOST_PTRCONTENTS|HTTPPOST_BUFFER|HTTPPOST_CALLBACK))
+ )
free(form->contents); /* free the contents */
- if(form->contenttype)
- free(form->contenttype); /* free the content type */
- if(form->showfilename)
- free(form->showfilename); /* free the faked file name */
+ free(form->contenttype); /* free the content type */
+ free(form->showfilename); /* free the faked file name */
free(form); /* free the struct */
-
- } while((form = next) != NULL); /* continue */
+ form = next;
+ } while(form); /* continue */
}
-#ifndef HAVE_BASENAME
-/*
- (Quote from The Open Group Base Specifications Issue 6 IEEE Std 1003.1, 2004
- Edition)
-
- The basename() function shall take the pathname pointed to by path and
- return a pointer to the final component of the pathname, deleting any
- trailing '/' characters.
-
- If the string pointed to by path consists entirely of the '/' character,
- basename() shall return a pointer to the string "/". If the string pointed
- to by path is exactly "//", it is implementation-defined whether '/' or "//"
- is returned.
- If path is a null pointer or points to an empty string, basename() shall
- return a pointer to the string ".".
-
- The basename() function may modify the string pointed to by path, and may
- return a pointer to static storage that may then be overwritten by a
- subsequent call to basename().
-
- The basename() function need not be reentrant. A function that is not
- required to be reentrant is not required to be thread-safe.
-
-*/
-static char *Curl_basename(char *path)
+/* Set mime part name, taking care of non nul-terminated name string. */
+static CURLcode setname(curl_mimepart *part, const char *name, size_t len)
{
- /* Ignore all the details above for now and make a quick and simple
- implementaion here */
- char *s1;
- char *s2;
-
- s1=strrchr(path, '/');
- s2=strrchr(path, '\\');
+ char *zname;
+ CURLcode res;
- if(s1 && s2) {
- path = (s1 > s2? s1 : s2)+1;
- }
- else if(s1)
- path = s1 + 1;
- else if(s2)
- path = s2 + 1;
-
- return path;
-}
-#endif
-
-static char *strippath(const char *fullfile)
-{
- char *filename;
- char *base;
- filename = strdup(fullfile); /* duplicate since basename() may ruin the
- buffer it works on */
- if(!filename)
- return NULL;
- base = strdup(basename(filename));
-
- free(filename); /* free temporary buffer */
-
- return base; /* returns an allocated string or NULL ! */
-}
-
-static CURLcode formdata_add_filename(const struct curl_httppost *file,
- struct FormData **form,
- curl_off_t *size)
-{
- CURLcode result = CURLE_OK;
- char *filename = file->showfilename;
- char *filebasename = NULL;
- char *filename_escaped = NULL;
-
- if(!filename) {
- filebasename = strippath(file->contents);
- if(!filebasename)
- return CURLE_OUT_OF_MEMORY;
- filename = filebasename;
- }
-
- if(strchr(filename, '\\') || strchr(filename, '"')) {
- char *p0, *p1;
-
- /* filename need be escaped */
- filename_escaped = malloc(strlen(filename)*2+1);
- if(!filename_escaped)
- return CURLE_OUT_OF_MEMORY;
- p0 = filename_escaped;
- p1 = filename;
- while(*p1) {
- if(*p1 == '\\' || *p1 == '"')
- *p0++ = '\\';
- *p0++ = *p1++;
- }
- *p0 = '\0';
- filename = filename_escaped;
- }
- result = AddFormDataf(form, size,
- "; filename=\"%s\"",
- filename);
- Curl_safefree(filename_escaped);
- Curl_safefree(filebasename);
- return result;
+ if(!name || !len)
+ return curl_mime_name(part, name);
+ zname = malloc(len + 1);
+ if(!zname)
+ return CURLE_OUT_OF_MEMORY;
+ memcpy(zname, name, len);
+ zname[len] = '\0';
+ res = curl_mime_name(part, zname);
+ free(zname);
+ return res;
}
/*
- * Curl_getformdata() converts a linked list of "meta data" into a complete
- * (possibly huge) multipart formdata. The input list is in 'post', while the
- * output resulting linked lists gets stored in '*finalform'. *sizep will get
- * the total size of the whole POST.
- * A multipart/form_data content-type is built, unless a custom content-type
- * is passed in 'custom_content_type'.
+ * Curl_getformdata() converts a linked list of "meta data" into a mime
+ * structure. The input list is in 'post', while the output is stored in
+ * mime part at '*finalform'.
*
* This function will not do a failf() for the potential memory failures but
* should for all other errors it spots. Just note that this function MAY get
* a NULL pointer in the 'data' argument.
*/
-CURLcode Curl_getformdata(struct SessionHandle *data,
- struct FormData **finalform,
+CURLcode Curl_getformdata(struct Curl_easy *data,
+ curl_mimepart *finalform,
struct curl_httppost *post,
- const char *custom_content_type,
- curl_off_t *sizep)
+ curl_read_callback fread_func)
{
- struct FormData *form = NULL;
- struct FormData *firstform;
- struct curl_httppost *file;
CURLcode result = CURLE_OK;
+ curl_mime *form = NULL;
+ curl_mime *multipart;
+ curl_mimepart *part;
+ struct curl_httppost *file;
- curl_off_t size = 0; /* support potentially ENORMOUS formposts */
- char *boundary;
- char *fileboundary = NULL;
- struct curl_slist* curList;
-
- *finalform = NULL; /* default form is empty */
+ Curl_mime_cleanpart(finalform); /* default form is empty */
if(!post)
return result; /* no input => no output! */
- boundary = formboundary(data);
- if(!boundary)
- return CURLE_OUT_OF_MEMORY;
-
- /* Make the first line of the output */
- result = AddFormDataf(&form, NULL,
- "%s; boundary=%s\r\n",
- custom_content_type?custom_content_type:
- "Content-Type: multipart/form-data",
- boundary);
-
- if(result) {
- Curl_safefree(boundary);
- return result;
- }
- /* we DO NOT include that line in the total size of the POST, since it'll be
- part of the header! */
-
- firstform = form;
-
- do {
-
- if(size) {
- result = AddFormDataf(&form, &size, "\r\n");
- if(result)
- break;
- }
-
- /* boundary */
- result = AddFormDataf(&form, &size, "--%s\r\n", boundary);
- if(result)
- break;
-
- /* Maybe later this should be disabled when a custom_content_type is
- passed, since Content-Disposition is not meaningful for all multipart
- types.
- */
- result = AddFormDataf(&form, &size,
- "Content-Disposition: form-data; name=\"");
- if(result)
- break;
-
- result = AddFormData(&form, FORM_DATA, post->name, post->namelength,
- &size);
- if(result)
- break;
+ form = curl_mime_init(data);
+ if(!form)
+ result = CURLE_OUT_OF_MEMORY;
- result = AddFormDataf(&form, &size, "\"");
- if(result)
- break;
+ if(!result)
+ result = curl_mime_subparts(finalform, form);
+ /* Process each top part. */
+ for(; !result && post; post = post->next) {
+ /* If we have more than a file here, create a mime subpart and fill it. */
+ multipart = form;
if(post->more) {
- /* If used, this is a link to more file names, we must then do
- the magic to include several files with the same field name */
-
- Curl_safefree(fileboundary);
- fileboundary = formboundary(data);
- if(!fileboundary) {
+ part = curl_mime_addpart(form);
+ if(!part)
result = CURLE_OUT_OF_MEMORY;
- break;
+ if(!result)
+ result = setname(part, post->name, post->namelength);
+ if(!result) {
+ multipart = curl_mime_init(data);
+ if(!multipart)
+ result = CURLE_OUT_OF_MEMORY;
}
-
- result = AddFormDataf(&form, &size,
- "\r\nContent-Type: multipart/mixed,"
- " boundary=%s\r\n",
- fileboundary);
- if(result)
- break;
+ if(!result)
+ result = curl_mime_subparts(part, multipart);
}
- file = post;
-
- do {
-
- /* If 'showfilename' is set, that is a faked name passed on to us
- to use to in the formpost. If that is not set, the actually used
- local file name should be added. */
-
- if(post->more) {
- /* if multiple-file */
- result = AddFormDataf(&form, &size,
- "\r\n--%s\r\nContent-Disposition: "
- "attachment",
- fileboundary);
- if(result)
- break;
- result = formdata_add_filename(file, &form, &size);
- if(result)
- break;
- }
- else if(post->flags & (HTTPPOST_FILENAME|HTTPPOST_BUFFER|
- HTTPPOST_CALLBACK)) {
- /* it should be noted that for the HTTPPOST_FILENAME and
- HTTPPOST_CALLBACK cases the ->showfilename struct member is always
- assigned at this point */
- if(post->showfilename || (post->flags & HTTPPOST_FILENAME)) {
- result = formdata_add_filename(post, &form, &size);
- }
-
- if(result)
- break;
- }
-
- if(file->contenttype) {
- /* we have a specified type */
- result = AddFormDataf(&form, &size,
- "\r\nContent-Type: %s",
- file->contenttype);
- if(result)
- break;
- }
-
- curList = file->contentheader;
- while(curList) {
- /* Process the additional headers specified for this form */
- result = AddFormDataf( &form, &size, "\r\n%s", curList->data );
- if(result)
- break;
- curList = curList->next;
- }
- if(result)
- break;
-
- result = AddFormDataf(&form, &size, "\r\n\r\n");
- if(result)
- break;
+ /* Generate all the part contents. */
+ for(file = post; !result && file; file = file->more) {
+ /* Create the part. */
+ part = curl_mime_addpart(multipart);
+ if(!part)
+ result = CURLE_OUT_OF_MEMORY;
- if((post->flags & HTTPPOST_FILENAME) ||
- (post->flags & HTTPPOST_READFILE)) {
- /* we should include the contents from the specified file */
- FILE *fileread;
-
- fileread = strequal("-", file->contents)?
- stdin:fopen(file->contents, "rb"); /* binary read for win32 */
-
- /*
- * VMS: This only allows for stream files on VMS. Stream files are
- * OK, as are FIXED & VAR files WITHOUT implied CC For implied CC,
- * every record needs to have a \n appended & 1 added to SIZE
- */
-
- if(fileread) {
- if(fileread != stdin) {
- /* close the file */
- fclose(fileread);
- /* add the file name only - for later reading from this */
- result = AddFormData(&form, FORM_FILE, file->contents, 0, &size);
- }
- else {
- /* When uploading from stdin, we can't know the size of the file,
- * thus must read the full file as before. We *could* use chunked
- * transfer-encoding, but that only works for HTTP 1.1 and we
- * can't be sure we work with such a server.
- */
- size_t nread;
- char buffer[512];
- while((nread = fread(buffer, 1, sizeof(buffer), fileread)) != 0) {
- result = AddFormData(&form, FORM_CONTENT, buffer, nread, &size);
- if(result)
- break;
- }
+ /* Set the headers. */
+ if(!result)
+ result = curl_mime_headers(part, file->contentheader, 0);
+
+ /* Set the content type. */
+ if(!result && file->contenttype)
+ result = curl_mime_type(part, file->contenttype);
+
+ /* Set field name. */
+ if(!result && !post->more)
+ result = setname(part, post->name, post->namelength);
+
+ /* Process contents. */
+ if(!result) {
+ curl_off_t clen = post->contentslength;
+
+ if(post->flags & CURL_HTTPPOST_LARGE)
+ clen = post->contentlen;
+ if(!clen)
+ clen = -1;
+
+ if(post->flags & (HTTPPOST_FILENAME | HTTPPOST_READFILE)) {
+ if(!strcmp(file->contents, "-")) {
+ /* There are a few cases where the code below won't work; in
+ particular, freopen(stdin) by the caller is not guaranteed
+ to result as expected. This feature has been kept for backward
+ compatibility: use of "-" pseudo file name should be avoided. */
+ result = curl_mime_data_cb(part, (curl_off_t) -1,
+ (curl_read_callback) fread,
+ (curl_seek_callback) fseek,
+ NULL, (void *) stdin);
}
+ else
+ result = curl_mime_filedata(part, file->contents);
+ if(!result && (post->flags & HTTPPOST_READFILE))
+ result = curl_mime_filename(part, NULL);
}
+ else if(post->flags & HTTPPOST_BUFFER)
+ result = curl_mime_data(part, post->buffer,
+ post->bufferlength? post->bufferlength: -1);
+ else if(post->flags & HTTPPOST_CALLBACK)
+ /* the contents should be read with the callback and the size is set
+ with the contentslength */
+ result = curl_mime_data_cb(part, clen,
+ fread_func, NULL, NULL, post->userp);
else {
- if(data)
- failf(data, "couldn't open file \"%s\"", file->contents);
- *finalform = NULL;
- result = CURLE_READ_ERROR;
+ result = curl_mime_data(part, post->contents, (ssize_t) clen);
+#ifdef CURL_DOES_CONVERSIONS
+ /* Convert textual contents now. */
+ if(!result && data && part->datasize)
+ result = Curl_convert_to_network(data, part->data, part->datasize);
+#endif
}
}
- else if(post->flags & HTTPPOST_BUFFER)
- /* include contents of buffer */
- result = AddFormData(&form, FORM_CONTENT, post->buffer,
- post->bufferlength, &size);
- else if(post->flags & HTTPPOST_CALLBACK)
- /* the contents should be read with the callback and the size
- is set with the contentslength */
- result = AddFormData(&form, FORM_CALLBACK, post->userp,
- post->contentslength, &size);
- else
- /* include the contents we got */
- result = AddFormData(&form, FORM_CONTENT, post->contents,
- post->contentslength, &size);
- file = file->more;
- } while(file && !result); /* for each specified file for this field */
-
- if(result)
- break;
-
- if(post->more) {
- /* this was a multiple-file inclusion, make a termination file
- boundary: */
- result = AddFormDataf(&form, &size,
- "\r\n--%s--",
- fileboundary);
- if(result)
- break;
+ /* Set fake file name. */
+ if(!result && post->showfilename)
+ if(post->more || (post->flags & (HTTPPOST_FILENAME | HTTPPOST_BUFFER |
+ HTTPPOST_CALLBACK)))
+ result = curl_mime_filename(part, post->showfilename);
}
-
- } while((post = post->next) != NULL); /* for each field */
-
- /* end-boundary for everything */
- if(CURLE_OK == result)
- result = AddFormDataf(&form, &size,
- "\r\n--%s--\r\n",
- boundary);
-
- if(result) {
- Curl_formclean(&firstform);
- Curl_safefree(fileboundary);
- Curl_safefree(boundary);
- return result;
}
- *sizep = size;
-
- Curl_safefree(fileboundary);
- Curl_safefree(boundary);
-
- *finalform = firstform;
+ if(result)
+ Curl_mime_cleanpart(finalform);
return result;
}
-/*
- * Curl_FormInit() inits the struct 'form' points to with the 'formdata'
- * and resets the 'sent' counter.
- */
-int Curl_FormInit(struct Form *form, struct FormData *formdata )
-{
- if(!formdata)
- return 1; /* error */
-
- form->data = formdata;
- form->sent = 0;
- form->fp = NULL;
- form->fread_func = ZERO_NULL;
-
- return 0;
-}
-
-#ifndef __VMS
-# define fopen_read fopen
-#else
- /*
- * vmsfopenread
- *
- * For upload to work as expected on VMS, different optional
- * parameters must be added to the fopen command based on
- * record format of the file.
- *
- */
-# define fopen_read vmsfopenread
-static FILE * vmsfopenread(const char *file, const char *mode) {
- struct_stat statbuf;
- int result;
-
- result = stat(file, &statbuf);
-
- switch (statbuf.st_fab_rfm) {
- case FAB$C_VAR:
- case FAB$C_VFC:
- case FAB$C_STMCR:
- return fopen(file, "r");
- break;
- default:
- return fopen(file, "r", "rfm=stmlf", "ctx=stm");
- }
-}
-#endif
-
-/*
- * readfromfile()
- *
- * The read callback that this function may use can return a value larger than
- * 'size' (which then this function returns) that indicates a problem and it
- * must be properly dealt with
- */
-static size_t readfromfile(struct Form *form, char *buffer,
- size_t size)
-{
- size_t nread;
- bool callback = (form->data->type == FORM_CALLBACK)?TRUE:FALSE;
-
- if(callback) {
- if(form->fread_func == ZERO_NULL)
- return 0;
- else
- nread = form->fread_func(buffer, 1, size, form->data->line);
- }
- else {
- if(!form->fp) {
- /* this file hasn't yet been opened */
- form->fp = fopen_read(form->data->line, "rb"); /* b is for binary */
- if(!form->fp)
- return (size_t)-1; /* failure */
- }
- nread = fread(buffer, 1, size, form->fp);
- }
- if(!nread) {
- /* this is the last chunk from the file, move on */
- if(form->fp) {
- fclose(form->fp);
- form->fp = NULL;
- }
- form->data = form->data->next;
- }
-
- return nread;
-}
-
-/*
- * Curl_FormReader() is the fread() emulation function that will be used to
- * deliver the formdata to the transfer loop and then sent away to the peer.
- */
-size_t Curl_FormReader(char *buffer,
- size_t size,
- size_t nitems,
- FILE *mydata)
-{
- struct Form *form;
- size_t wantedsize;
- size_t gotsize = 0;
-
- form=(struct Form *)mydata;
-
- wantedsize = size * nitems;
-
- if(!form->data)
- return 0; /* nothing, error, empty */
-
- if((form->data->type == FORM_FILE) ||
- (form->data->type == FORM_CALLBACK)) {
- gotsize = readfromfile(form, buffer, wantedsize);
-
- if(gotsize)
- /* If positive or -1, return. If zero, continue! */
- return gotsize;
- }
- do {
-
- if((form->data->length - form->sent ) > wantedsize - gotsize) {
-
- memcpy(buffer + gotsize , form->data->line + form->sent,
- wantedsize - gotsize);
-
- form->sent += wantedsize-gotsize;
-
- return wantedsize;
- }
-
- memcpy(buffer+gotsize,
- form->data->line + form->sent,
- (form->data->length - form->sent) );
- gotsize += form->data->length - form->sent;
-
- form->sent = 0;
-
- form->data = form->data->next; /* advance */
-
- } while(form->data && (form->data->type < FORM_CALLBACK));
- /* If we got an empty line and we have more data, we proceed to the next
- line immediately to avoid returning zero before we've reached the end. */
-
- return gotsize;
-}
-
-/*
- * Curl_formpostheader() returns the first line of the formpost, the
- * request-header part (which is not part of the request-body like the rest of
- * the post).
- */
-char *Curl_formpostheader(void *formp, size_t *len)
-{
- char *header;
- struct Form *form=(struct Form *)formp;
-
- if(!form->data)
- return 0; /* nothing, ERROR! */
-
- header = form->data->line;
- *len = form->data->length;
-
- form->data = form->data->next; /* advance */
-
- return header;
-}
-
-/*
- * formboundary() creates a suitable boundary string and returns an allocated
- * one.
- */
-static char *formboundary(struct SessionHandle *data)
-{
- /* 24 dashes and 16 hexadecimal digits makes 64 bit (18446744073709551615)
- combinations */
- return aprintf("------------------------%08x%08x",
- Curl_rand(data), Curl_rand(data));
-}
-
#else /* CURL_DISABLE_HTTP */
CURLFORMcode curl_formadd(struct curl_httppost **httppost,
struct curl_httppost **last_post,
diff --git a/libs/libcurl/src/formdata.h b/libs/libcurl/src/formdata.h
index 22f504bb3d..1246c2bc8e 100644
--- a/libs/libcurl/src/formdata.h
+++ b/libs/libcurl/src/formdata.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,31 +22,6 @@
*
***************************************************************************/
-enum formtype {
- FORM_DATA, /* form metadata (convert to network encoding if necessary) */
- FORM_CONTENT, /* form content (never convert) */
- FORM_CALLBACK, /* 'line' points to the custom pointer we pass to the callback
- */
- FORM_FILE /* 'line' points to a file name we should read from
- to create the form data (never convert) */
-};
-
-/* plain and simple linked list with lines to send */
-struct FormData {
- struct FormData *next;
- enum formtype type;
- char *line;
- size_t length;
-};
-
-struct Form {
- struct FormData *data; /* current form line to send */
- size_t sent; /* number of bytes of the current line that has
- already been sent in a previous invoke */
- FILE *fp; /* file to read from */
- curl_read_callback fread_func; /* fread callback pointer */
-};
-
/* used by FormAdd for temporary storage */
typedef struct FormInfo {
char *name;
@@ -54,7 +29,7 @@ typedef struct FormInfo {
size_t namelength;
char *value;
bool value_alloc;
- size_t contentslength;
+ curl_off_t contentslength;
char *contenttype;
bool contenttype_alloc;
long flags;
@@ -64,35 +39,13 @@ typedef struct FormInfo {
file name will be used */
bool showfilename_alloc;
char *userp; /* pointer for the read callback */
- struct curl_slist* contentheader;
+ struct curl_slist *contentheader;
struct FormInfo *more;
} FormInfo;
-int Curl_FormInit(struct Form *form, struct FormData *formdata );
-
-CURLcode Curl_getformdata(struct SessionHandle *data,
- struct FormData **,
+CURLcode Curl_getformdata(struct Curl_easy *data,
+ curl_mimepart *,
struct curl_httppost *post,
- const char *custom_contenttype,
- curl_off_t *size);
-
-/* fread() emulation */
-size_t Curl_FormReader(char *buffer,
- size_t size,
- size_t nitems,
- FILE *mydata);
-
-/*
- * Curl_formpostheader() returns the first line of the formpost, the
- * request-header part (which is not part of the request-body like the rest of
- * the post).
- */
-char *Curl_formpostheader(void *formp, size_t *len);
-
-char *Curl_FormBoundary(void);
-
-void Curl_formclean(struct FormData **);
-
-CURLcode Curl_formconvert(struct SessionHandle *, struct FormData *);
+ curl_read_callback fread_func);
#endif /* HEADER_CURL_FORMDATA_H */
diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c
index e818af6c58..8042edf488 100644
--- a/libs/libcurl/src/ftp.c
+++ b/libs/libcurl/src/ftp.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -61,8 +61,8 @@
#include "ftplistparser.h"
#include "curl_sec.h"
#include "strtoofft.h"
-#include "strequal.h"
-#include "sslgen.h"
+#include "strcase.h"
+#include "vtls/vtls.h"
#include "connect.h"
#include "strerror.h"
#include "inet_ntop.h"
@@ -72,17 +72,14 @@
#include "sockaddr.h" /* required for Curl_sockaddr_storage */
#include "multiif.h"
#include "url.h"
-#include "rawstr.h"
+#include "strcase.h"
#include "speedcheck.h"
#include "warnless.h"
#include "http_proxy.h"
#include "non-ascii.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
#ifndef NI_MAXHOST
@@ -157,8 +154,9 @@ static CURLcode ftp_dophase_done(struct connectdata *conn,
bool connected);
/* easy-to-use macro: */
-#define PPSENDF(x,y,z) if((result = Curl_pp_sendf(x,y,z)) != CURLE_OK) \
- return result
+#define PPSENDF(x,y,z) result = Curl_pp_sendf(x,y,z); \
+ if(result) \
+ return result
/*
@@ -180,10 +178,12 @@ const struct Curl_handler Curl_handler_ftp = {
ZERO_NULL, /* perform_getsock */
ftp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_FTP, /* defport */
CURLPROTO_FTP, /* protocol */
- PROTOPT_DUAL | PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD
- | PROTOPT_NOURLQUERY /* flags */
+ PROTOPT_DUAL | PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD |
+ PROTOPT_NOURLQUERY | PROTOPT_PROXY_AS_HTTP |
+ PROTOPT_WILDCARD /* flags */
};
@@ -207,66 +207,22 @@ const struct Curl_handler Curl_handler_ftps = {
ZERO_NULL, /* perform_getsock */
ftp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_FTPS, /* defport */
- CURLPROTO_FTP | CURLPROTO_FTPS, /* protocol */
+ CURLPROTO_FTPS, /* protocol */
PROTOPT_SSL | PROTOPT_DUAL | PROTOPT_CLOSEACTION |
- PROTOPT_NEEDSPWD | PROTOPT_NOURLQUERY /* flags */
-};
-#endif
-
-#ifndef CURL_DISABLE_HTTP
-/*
- * HTTP-proxyed FTP protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_ftp_proxy = {
- "FTP", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_FTP, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
-};
-
-
-#ifdef USE_SSL
-/*
- * HTTP-proxyed FTPS protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_ftps_proxy = {
- "FTPS", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_FTPS, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
+ PROTOPT_NEEDSPWD | PROTOPT_NOURLQUERY | PROTOPT_WILDCARD /* flags */
};
#endif
-#endif
+static void close_secondarysocket(struct connectdata *conn)
+{
+ if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) {
+ Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
+ conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+ }
+ conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
+}
/*
* NOTE: back in the old days, we added code in the FTP code that made NOBODY
@@ -284,20 +240,18 @@ static void freedirs(struct ftp_conn *ftpc)
{
int i;
if(ftpc->dirs) {
- for(i=0; i < ftpc->dirdepth; i++) {
- if(ftpc->dirs[i]) {
- free(ftpc->dirs[i]);
- ftpc->dirs[i]=NULL;
- }
+ for(i = 0; i < ftpc->dirdepth; i++) {
+ free(ftpc->dirs[i]);
+ ftpc->dirs[i] = NULL;
}
free(ftpc->dirs);
ftpc->dirs = NULL;
ftpc->dirdepth = 0;
}
- if(ftpc->file) {
- free(ftpc->file);
- ftpc->file = NULL;
- }
+ Curl_safefree(ftpc->file);
+
+ /* no longer of any use */
+ Curl_safefree(ftpc->newhost);
}
/* Returns non-zero if the given string contains CR (\r) or LF (\n),
@@ -322,7 +276,7 @@ static bool isBadFtpString(const char *string)
*/
static CURLcode AcceptServerConnect(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_socket_t sock = conn->sock[SECONDARYSOCKET];
curl_socket_t s = CURL_SOCKET_BAD;
#ifdef ENABLE_IPV6
@@ -335,7 +289,7 @@ static CURLcode AcceptServerConnect(struct connectdata *conn)
if(0 == getsockname(sock, (struct sockaddr *) &add, &size)) {
size = sizeof(add);
- s=accept(sock, (struct sockaddr *) &add, &size);
+ s = accept(sock, (struct sockaddr *) &add, &size);
}
Curl_closesocket(conn, sock); /* close the first socket */
@@ -344,9 +298,12 @@ static CURLcode AcceptServerConnect(struct connectdata *conn)
return CURLE_FTP_PORT_FAILED;
}
infof(data, "Connection accepted from server\n");
+ /* when this happens within the DO state it is important that we mark us as
+ not needing DO_MORE anymore */
+ conn->bits.do_more = FALSE;
conn->sock[SECONDARYSOCKET] = s;
- curlx_nonblock(s, TRUE); /* enable non-blocking */
+ (void)curlx_nonblock(s, TRUE); /* enable non-blocking */
conn->sock_accepted[SECONDARYSOCKET] = TRUE;
if(data->set.fsockopt) {
@@ -358,8 +315,7 @@ static CURLcode AcceptServerConnect(struct connectdata *conn)
CURLSOCKTYPE_ACCEPT);
if(error) {
- Curl_closesocket(conn, s); /* close the socket and bail out */
- conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
+ close_secondarysocket(conn);
return CURLE_ABORTED_BY_CALLBACK;
}
}
@@ -377,16 +333,16 @@ static CURLcode AcceptServerConnect(struct connectdata *conn)
* Curl_pgrsTime(..., TIMER_STARTACCEPT);
*
*/
-static long ftp_timeleft_accept(struct SessionHandle *data)
+static timediff_t ftp_timeleft_accept(struct Curl_easy *data)
{
- long timeout_ms = DEFAULT_ACCEPT_TIMEOUT;
- long other;
- struct timeval now;
+ timediff_t timeout_ms = DEFAULT_ACCEPT_TIMEOUT;
+ timediff_t other;
+ struct curltime now;
if(data->set.accepttimeout > 0)
timeout_ms = data->set.accepttimeout;
- now = Curl_tvnow();
+ now = Curl_now();
/* check if the generic timeout possibly is set shorter */
other = Curl_timeleft(data, &now, FALSE);
@@ -396,7 +352,7 @@ static long ftp_timeleft_accept(struct SessionHandle *data)
timeout_ms = other;
else {
/* subtract elapsed time */
- timeout_ms -= Curl_tvdiff(now, data->progress.t_acceptdata);
+ timeout_ms -= Curl_timediff(now, data->progress.t_acceptdata);
if(!timeout_ms)
/* avoid returning 0 as that means no timeout! */
return -1;
@@ -417,13 +373,13 @@ static long ftp_timeleft_accept(struct SessionHandle *data)
*/
static CURLcode ReceivedServerConnect(struct connectdata *conn, bool *received)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_socket_t ctrl_sock = conn->sock[FIRSTSOCKET];
curl_socket_t data_sock = conn->sock[SECONDARYSOCKET];
struct ftp_conn *ftpc = &conn->proto.ftpc;
struct pingpong *pp = &ftpc->pp;
int result;
- long timeout_ms;
+ time_t timeout_ms;
ssize_t nread;
int ftpcode;
@@ -448,7 +404,7 @@ static CURLcode ReceivedServerConnect(struct connectdata *conn, bool *received)
result = Curl_socket_check(ctrl_sock, data_sock, CURL_SOCKET_BAD, 0);
/* see if the connection request is already here */
- switch (result) {
+ switch(result) {
case -1: /* error */
/* let's die here */
failf(data, "Error while waiting for server connect");
@@ -468,7 +424,7 @@ static CURLcode ReceivedServerConnect(struct connectdata *conn, bool *received)
if(ftpcode/100 > 3)
return CURLE_FTP_ACCEPT_FAILED;
- return CURLE_FTP_WEIRD_SERVER_REPLY;
+ return CURLE_WEIRD_SERVER_REPLY;
}
break;
@@ -488,11 +444,11 @@ static CURLcode ReceivedServerConnect(struct connectdata *conn, bool *received)
*/
static CURLcode InitiateTransfer(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct FTP *ftp = data->req.protop;
CURLcode result = CURLE_OK;
- if(conn->ssl[SECONDARYSOCKET].use) {
+ if(conn->bits.ftp_use_data_ssl) {
/* since we only have a plaintext TCP connection here, we must now
* do the TLS stuff */
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
@@ -502,12 +458,12 @@ static CURLcode InitiateTransfer(struct connectdata *conn)
}
if(conn->proto.ftpc.state_saved == FTP_STOR) {
- *(ftp->bytecountp)=0;
+ *(ftp->bytecountp) = 0;
/* When we know we're uploading a specified file, we can get the file
size prior to the actual upload. */
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
/* set the SO_SNDBUF for the secondary socket for those who need it */
Curl_sndbufset(conn->sock[SECONDARYSOCKET]);
@@ -539,9 +495,9 @@ static CURLcode InitiateTransfer(struct connectdata *conn)
*/
static CURLcode AllowServerConnect(struct connectdata *conn, bool *connected)
{
- struct SessionHandle *data = conn->data;
- long timeout_ms;
- CURLcode ret = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ time_t timeout_ms;
+ CURLcode result = CURLE_OK;
*connected = FALSE;
infof(data, "Preparing for accepting server on data port\n");
@@ -557,30 +513,28 @@ static CURLcode AllowServerConnect(struct connectdata *conn, bool *connected)
}
/* see if the connection request is already here */
- ret = ReceivedServerConnect(conn, connected);
- if(ret)
- return ret;
+ result = ReceivedServerConnect(conn, connected);
+ if(result)
+ return result;
if(*connected) {
- ret = AcceptServerConnect(conn);
- if(ret)
- return ret;
+ result = AcceptServerConnect(conn);
+ if(result)
+ return result;
- ret = InitiateTransfer(conn);
- if(ret)
- return ret;
+ result = InitiateTransfer(conn);
+ if(result)
+ return result;
}
else {
/* Add timeout to multi handle and break out of the loop */
- if(ret == CURLE_OK && *connected == FALSE) {
- if(data->set.accepttimeout > 0)
- Curl_expire(data, data->set.accepttimeout);
- else
- Curl_expire(data, DEFAULT_ACCEPT_TIMEOUT);
+ if(!result && *connected == FALSE) {
+ Curl_expire(data, data->set.accepttimeout > 0 ?
+ data->set.accepttimeout: DEFAULT_ACCEPT_TIMEOUT, 0);
}
}
- return ret;
+ return result;
}
/* macro to check for a three-digit ftp status code at the start of the
@@ -610,7 +564,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
size_t *size) /* size of the response */
{
struct connectdata *conn = pp->conn;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
#ifdef HAVE_GSSAPI
char * const buf = data->state.buffer;
#endif
@@ -639,7 +593,7 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
#endif
/* store the latest code for later retrieval */
- data->info.httpcode=code;
+ data->info.httpcode = code;
if(ftpcode)
*ftpcode = code;
@@ -680,15 +634,15 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
* line in a response or continue reading. */
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
- long timeout; /* timeout in milliseconds */
- long interval_ms;
- struct SessionHandle *data = conn->data;
+ time_t timeout; /* timeout in milliseconds */
+ time_t interval_ms;
+ struct Curl_easy *data = conn->data;
CURLcode result = CURLE_OK;
struct ftp_conn *ftpc = &conn->proto.ftpc;
struct pingpong *pp = &ftpc->pp;
size_t nread;
- int cache_skip=0;
- int value_to_be_ignored=0;
+ int cache_skip = 0;
+ int value_to_be_ignored = 0;
if(ftpcode)
*ftpcode = 0; /* 0 for errors */
@@ -696,13 +650,13 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
/* make the pointer point to something for the rest of this function */
ftpcode = &value_to_be_ignored;
- *nreadp=0;
+ *nreadp = 0;
while(!*ftpcode && !result) {
/* check and reset timeout value every lap */
timeout = Curl_pp_state_timeout(pp);
- if(timeout <=0 ) {
+ if(timeout <= 0) {
failf(data, "FTP response timeout");
return CURLE_OPERATION_TIMEDOUT; /* already too little time */
}
@@ -733,8 +687,8 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
* wait for more data anyway.
*/
}
- else {
- switch (Curl_socket_ready(sockfd, CURL_SOCKET_BAD, interval_ms)) {
+ else if(!Curl_conn_data_pending(conn, FIRSTSOCKET)) {
+ switch(SOCKET_READABLE(sockfd, interval_ms)) {
case -1: /* select() error, stop reading */
failf(data, "FTP response aborted due to select/poll error: %d",
SOCKERRNO);
@@ -760,7 +714,7 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
else
/* when we got data or there is no cache left, we reset the cache skip
counter */
- cache_skip=0;
+ cache_skip = 0;
*nreadp += nread;
@@ -821,12 +775,19 @@ static void _state(struct connectdata *conn,
)
{
struct ftp_conn *ftpc = &conn->proto.ftpc;
-#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+
+#if defined(DEBUGBUILD)
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) lineno;
+#else
if(ftpc->state != newstate)
infof(conn->data, "FTP %p (line %d) state change from %s to %s\n",
(void *)ftpc, lineno, ftp_state_names[ftpc->state],
ftp_state_names[newstate]);
#endif
+#endif
+
ftpc->state = newstate;
}
@@ -877,16 +838,32 @@ static int ftp_domore_getsock(struct connectdata *conn, curl_socket_t *socks,
*/
if(FTP_STOP == ftpc->state) {
+ int bits = GETSOCK_READSOCK(0);
+
/* if stopped and still in this state, then we're also waiting for a
connect on the secondary connection */
socks[0] = conn->sock[FIRSTSOCKET];
- socks[1] = conn->sock[SECONDARYSOCKET];
- return GETSOCK_READSOCK(FIRSTSOCKET) |
- GETSOCK_WRITESOCK(SECONDARYSOCKET);
+ if(!conn->data->set.ftp_use_port) {
+ int s;
+ int i;
+ /* PORT is used to tell the server to connect to us, and during that we
+ don't do happy eyeballs, but we do if we connect to the server */
+ for(s = 1, i = 0; i<2; i++) {
+ if(conn->tempsock[i] != CURL_SOCKET_BAD) {
+ socks[s] = conn->tempsock[i];
+ bits |= GETSOCK_WRITESOCK(s++);
+ }
+ }
+ }
+ else {
+ socks[1] = conn->sock[SECONDARYSOCKET];
+ bits |= GETSOCK_WRITESOCK(1) | GETSOCK_READSOCK(1);
+ }
+
+ return bits;
}
- else
- return Curl_pp_getsock(&conn->proto.ftpc.pp, socks, numsocks);
+ return Curl_pp_getsock(&conn->proto.ftpc.pp, socks, numsocks);
}
/* This is called after the FTP_QUOTE state is passed.
@@ -909,23 +886,26 @@ static CURLcode ftp_state_cwd(struct connectdata *conn)
/* count3 is set to allow a MKD to fail once. In the case when first CWD
fails and then MKD fails (due to another session raced it to create the
dir) this then allows for a second try to CWD to it */
- ftpc->count3 = (conn->data->set.ftp_create_missing_dirs==2)?1:0;
+ ftpc->count3 = (conn->data->set.ftp_create_missing_dirs == 2)?1:0;
- if(conn->bits.reuse && ftpc->entrypath) {
+ if((conn->data->set.ftp_filemethod == FTPFILE_NOCWD) && !ftpc->cwdcount)
+ /* No CWD necessary */
+ result = ftp_state_mdtm(conn);
+ else if(conn->bits.reuse && ftpc->entrypath) {
/* This is a re-used connection. Since we change directory to where the
transfer is taking place, we must first get back to the original dir
where we ended up after login: */
- ftpc->count1 = 0; /* we count this as the first path, then we add one
- for all upcoming ones in the ftp->dirs[] array */
+ ftpc->cwdcount = 0; /* we count this as the first path, then we add one
+ for all upcoming ones in the ftp->dirs[] array */
PPSENDF(&conn->proto.ftpc.pp, "CWD %s", ftpc->entrypath);
state(conn, FTP_CWD);
}
else {
if(ftpc->dirdepth) {
- ftpc->count1 = 1;
+ ftpc->cwdcount = 1;
/* issue the first CWD, the rest is sent when the CWD responses are
received... */
- PPSENDF(&conn->proto.ftpc.pp, "CWD %s", ftpc->dirs[ftpc->count1 -1]);
+ PPSENDF(&conn->proto.ftpc.pp, "CWD %s", ftpc->dirs[ftpc->cwdcount -1]);
state(conn, FTP_CWD);
}
else {
@@ -949,15 +929,15 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
{
CURLcode result = CURLE_OK;
struct ftp_conn *ftpc = &conn->proto.ftpc;
- struct SessionHandle *data=conn->data;
- curl_socket_t portsock= CURL_SOCKET_BAD;
+ struct Curl_easy *data = conn->data;
+ curl_socket_t portsock = CURL_SOCKET_BAD;
char myhost[256] = "";
struct Curl_sockaddr_storage ss;
Curl_addrinfo *res, *ai;
curl_socklen_t sslen;
char hbuf[NI_MAXHOST];
- struct sockaddr *sa=(struct sockaddr *)&ss;
+ struct sockaddr *sa = (struct sockaddr *)&ss;
struct sockaddr_in * const sa4 = (void *)sa;
#ifdef ENABLE_IPV6
struct sockaddr_in6 * const sa6 = (void *)sa;
@@ -968,7 +948,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
int error;
char *host = NULL;
char *string_ftpport = data->set.str[STRING_FTPPORT];
- struct Curl_dns_entry *h=NULL;
+ struct Curl_dns_entry *h = NULL;
unsigned short port_min = 0;
unsigned short port_max = 0;
unsigned short port;
@@ -996,7 +976,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
char *port_start = NULL;
char *port_sep = NULL;
- addr = calloc(addrlen+1, 1);
+ addr = calloc(addrlen + 1, 1);
if(!addr)
return CURLE_OUT_OF_MEMORY;
@@ -1004,7 +984,8 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
if(*string_ftpport == '[') {
/* [ipv6]:port(-range) */
ip_start = string_ftpport + 1;
- if((ip_end = strchr(string_ftpport, ']')) != NULL )
+ ip_end = strchr(string_ftpport, ']');
+ if(ip_end)
strncpy(addr, ip_start, ip_end - ip_start);
}
else
@@ -1012,30 +993,35 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
if(*string_ftpport == ':') {
/* :port */
ip_end = string_ftpport;
- }
- else if((ip_end = strchr(string_ftpport, ':')) != NULL) {
- /* either ipv6 or (ipv4|domain|interface):port(-range) */
-#ifdef ENABLE_IPV6
- if(Curl_inet_pton(AF_INET6, string_ftpport, sa6) == 1) {
- /* ipv6 */
- port_min = port_max = 0;
- strcpy(addr, string_ftpport);
- ip_end = NULL; /* this got no port ! */
}
- else
+ else {
+ ip_end = strchr(string_ftpport, ':');
+ if(ip_end) {
+ /* either ipv6 or (ipv4|domain|interface):port(-range) */
+#ifdef ENABLE_IPV6
+ if(Curl_inet_pton(AF_INET6, string_ftpport, sa6) == 1) {
+ /* ipv6 */
+ port_min = port_max = 0;
+ strcpy(addr, string_ftpport);
+ ip_end = NULL; /* this got no port ! */
+ }
+ else
#endif
- /* (ipv4|domain|interface):port(-range) */
- strncpy(addr, string_ftpport, ip_end - ip_start );
- }
- else
- /* ipv4|interface */
- strcpy(addr, string_ftpport);
+ /* (ipv4|domain|interface):port(-range) */
+ strncpy(addr, string_ftpport, ip_end - ip_start);
+ }
+ else
+ /* ipv4|interface */
+ strcpy(addr, string_ftpport);
+ }
/* parse the port */
if(ip_end != NULL) {
- if((port_start = strchr(ip_end, ':')) != NULL) {
- port_min = curlx_ultous(strtoul(port_start+1, NULL, 10));
- if((port_sep = strchr(port_start, '-')) != NULL) {
+ port_start = strchr(ip_end, ':');
+ if(port_start) {
+ port_min = curlx_ultous(strtoul(port_start + 1, NULL, 10));
+ port_sep = strchr(port_start, '-');
+ if(port_sep) {
port_max = curlx_ultous(strtoul(port_sep + 1, NULL, 10));
}
else
@@ -1045,18 +1031,19 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
/* correct errors like:
* :1234-1230
- * :-4711 , in this case port_min is (unsigned)-1,
+ * :-4711, in this case port_min is (unsigned)-1,
* therefore port_min > port_max for all cases
* but port_max = (unsigned)-1
*/
- if(port_min > port_max )
+ if(port_min > port_max)
port_min = port_max = 0;
if(*addr != '\0') {
/* attempt to get the address of the given interface name */
- switch(Curl_if2ip(conn->ip_addr->ai_family, conn->scope, addr,
- hbuf, sizeof(hbuf))) {
+ switch(Curl_if2ip(conn->ip_addr->ai_family,
+ Curl_ipv6_scope(conn->ip_addr->ai_addr),
+ conn->scope_id, addr, hbuf, sizeof(hbuf))) {
case IF2IP_NOT_FOUND:
/* not an interface, use the given string as host name instead */
host = addr;
@@ -1080,7 +1067,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
if(getsockname(conn->sock[FIRSTSOCKET], sa, &sslen)) {
failf(data, "getsockname() failed: %s",
Curl_strerror(conn, SOCKERRNO) );
- Curl_safefree(addr);
+ free(addr);
return CURLE_FTP_PORT_FAILED;
}
switch(sa->sa_family) {
@@ -1112,11 +1099,11 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
if(res == NULL) {
failf(data, "failed to resolve the address provided to PORT: %s", host);
- Curl_safefree(addr);
+ free(addr);
return CURLE_FTP_PORT_FAILED;
}
- Curl_safefree(addr);
+ free(addr);
host = NULL;
/* step 2, create a socket for the requested address */
@@ -1171,7 +1158,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
possibly_non_local = FALSE; /* don't try this again */
continue;
}
- else if(error != EADDRINUSE && error != EACCES) {
+ if(error != EADDRINUSE && error != EACCES) {
failf(data, "bind(port=%hu) failed: %s", port,
Curl_strerror(conn, error) );
Curl_closesocket(conn, portsock);
@@ -1229,10 +1216,10 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
continue;
if((PORT == fcmd) && sa->sa_family != AF_INET)
- /* PORT is ipv4 only */
+ /* PORT is IPv4 only */
continue;
- switch (sa->sa_family) {
+ switch(sa->sa_family) {
case AF_INET:
port = ntohs(sa4->sin_port);
break;
@@ -1269,14 +1256,14 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
}
break;
}
- else if(PORT == fcmd) {
+ if(PORT == fcmd) {
char *source = myhost;
char *dest = tmp;
/* translate x.x.x.x to x,x,x,x */
while(source && *source) {
if(*source == '.')
- *dest=',';
+ *dest = ',';
else
*dest = *source;
dest++;
@@ -1301,11 +1288,11 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
/* store which command was sent */
ftpc->count1 = fcmd;
+ close_secondarysocket(conn);
+
/* we set the secondary socket variable to this for now, it is only so that
the cleanup function will close it in case we fail before the true
secondary stuff is made */
- if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
- Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
conn->sock[SECONDARYSOCKET] = portsock;
/* this tcpconnect assignment below is a hackish work-around to make the
@@ -1371,7 +1358,7 @@ static CURLcode ftp_state_prepare_transfer(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct FTP *ftp = conn->data->req.protop;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(ftp->transfer != FTPTRANSFER_BODY) {
/* doesn't transfer any data */
@@ -1454,7 +1441,7 @@ static CURLcode ftp_state_size(struct connectdata *conn)
static CURLcode ftp_state_list(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* If this output is to be machine-parsed, the NLST command might be better
to use, since the LIST command output is not specified or standard in any
@@ -1470,49 +1457,43 @@ static CURLcode ftp_state_list(struct connectdata *conn)
The other ftp_filemethods will CWD into dir/dir/ first and
then just do LIST (in that case: nothing to do here)
*/
- char *cmd,*lstArg,*slashPos;
+ char *cmd, *lstArg, *slashPos;
+ const char *inpath = data->state.path;
lstArg = NULL;
if((data->set.ftp_filemethod == FTPFILE_NOCWD) &&
- data->state.path &&
- data->state.path[0] &&
- strchr(data->state.path,'/')) {
-
- lstArg = strdup(data->state.path);
- if(!lstArg)
- return CURLE_OUT_OF_MEMORY;
+ inpath && inpath[0] && strchr(inpath, '/')) {
+ size_t n = strlen(inpath);
/* Check if path does not end with /, as then we cut off the file part */
- if(lstArg[strlen(lstArg) - 1] != '/') {
-
+ if(inpath[n - 1] != '/') {
/* chop off the file part if format is dir/dir/file */
- slashPos = strrchr(lstArg,'/');
- if(slashPos)
- *(slashPos+1) = '\0';
+ slashPos = strrchr(inpath, '/');
+ n = slashPos - inpath;
}
+ result = Curl_urldecode(data, inpath, n, &lstArg, NULL, FALSE);
+ if(result)
+ return result;
}
- cmd = aprintf( "%s%s%s",
- data->set.str[STRING_CUSTOMREQUEST]?
- data->set.str[STRING_CUSTOMREQUEST]:
- (data->set.ftp_list_only?"NLST":"LIST"),
- lstArg? " ": "",
- lstArg? lstArg: "" );
+ cmd = aprintf("%s%s%s",
+ data->set.str[STRING_CUSTOMREQUEST]?
+ data->set.str[STRING_CUSTOMREQUEST]:
+ (data->set.ftp_list_only?"NLST":"LIST"),
+ lstArg? " ": "",
+ lstArg? lstArg: "");
if(!cmd) {
- if(lstArg)
- free(lstArg);
+ free(lstArg);
return CURLE_OUT_OF_MEMORY;
}
result = Curl_pp_sendf(&conn->proto.ftpc.pp, "%s", cmd);
- if(lstArg)
- free(lstArg);
-
+ free(lstArg);
free(cmd);
- if(result != CURLE_OK)
+ if(result)
return result;
state(conn, FTP_LIST);
@@ -1546,7 +1527,7 @@ static CURLcode ftp_state_type(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct FTP *ftp = conn->data->req.protop;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ftp_conn *ftpc = &conn->proto.ftpc;
/* If we have selected NOBODY and HEADER, it means that we only want file
@@ -1578,7 +1559,7 @@ static CURLcode ftp_state_type(struct connectdata *conn)
static CURLcode ftp_state_mdtm(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ftp_conn *ftpc = &conn->proto.ftpc;
/* Requested time of file or time-depended transfer? */
@@ -1603,7 +1584,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
{
CURLcode result = CURLE_OK;
struct FTP *ftp = conn->data->req.protop;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ftp_conn *ftpc = &conn->proto.ftpc;
int seekerr = CURL_SEEKFUNC_OK;
@@ -1622,7 +1603,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
/* 4. lower the infilesize counter */
/* => transfer as usual */
- if(data->state.resume_from < 0 ) {
+ if(data->state.resume_from < 0) {
/* Got no given size to start from, figure it out */
PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
state(conn, FTP_STOR_SIZE);
@@ -1639,37 +1620,36 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
}
if(seekerr != CURL_SEEKFUNC_OK) {
+ curl_off_t passed = 0;
if(seekerr != CURL_SEEKFUNC_CANTSEEK) {
failf(data, "Could not seek stream");
return CURLE_FTP_COULDNT_USE_REST;
}
/* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */
- else {
- curl_off_t passed=0;
- do {
- size_t readthisamountnow =
- (data->state.resume_from - passed > CURL_OFF_T_C(BUFSIZE)) ?
- BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
-
- size_t actuallyread =
- conn->fread_func(data->state.buffer, 1, readthisamountnow,
- conn->fread_in);
-
- passed += actuallyread;
- if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
- /* this checks for greater-than only to make sure that the
- CURL_READFUNC_ABORT return code still aborts */
- failf(data, "Failed to read data");
- return CURLE_FTP_COULDNT_USE_REST;
- }
- } while(passed < data->state.resume_from);
- }
+ do {
+ size_t readthisamountnow =
+ (data->state.resume_from - passed > data->set.buffer_size) ?
+ (size_t)data->set.buffer_size :
+ curlx_sotouz(data->state.resume_from - passed);
+
+ size_t actuallyread =
+ data->state.fread_func(data->state.buffer, 1, readthisamountnow,
+ data->state.in);
+
+ passed += actuallyread;
+ if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
+ /* this checks for greater-than only to make sure that the
+ CURL_READFUNC_ABORT return code still aborts */
+ failf(data, "Failed to read data");
+ return CURLE_FTP_COULDNT_USE_REST;
+ }
+ } while(passed < data->state.resume_from);
}
/* now, decrease the size of the read */
- if(data->set.infilesize>0) {
- data->set.infilesize -= data->state.resume_from;
+ if(data->state.infilesize>0) {
+ data->state.infilesize -= data->state.resume_from;
- if(data->set.infilesize <= 0) {
+ if(data->state.infilesize <= 0) {
infof(data, "File already completely uploaded\n");
/* no data to transfer */
@@ -1699,10 +1679,10 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
ftpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct FTP *ftp = data->req.protop;
struct ftp_conn *ftpc = &conn->proto.ftpc;
- bool quote=FALSE;
+ bool quote = FALSE;
struct curl_slist *item;
switch(instate) {
@@ -1722,7 +1702,7 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
/*
* This state uses:
* 'count1' to iterate over the commands to send
- * 'count2' to store wether to allow commands to fail
+ * 'count2' to store whether to allow commands to fail
*/
if(init)
@@ -1769,8 +1749,20 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
result = ftp_state_retr(conn, ftpc->known_filesize);
}
else {
- PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
- state(conn, FTP_RETR_SIZE);
+ if(data->set.ignorecl) {
+ /* This code is to support download of growing files. It prevents
+ the state machine from requesting the file size from the
+ server. With an unknown file size the download continues until
+ the server terminates it, otherwise the client stops if the
+ received byte count exceeds the reported file size. Set option
+ CURLOPT_IGNORE_CONTENT_LENGTH to 1 to enable this behavior.*/
+ PPSENDF(&ftpc->pp, "RETR %s", ftpc->file);
+ state(conn, FTP_RETR);
+ }
+ else {
+ PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
+ state(conn, FTP_RETR_SIZE);
+ }
}
}
break;
@@ -1790,6 +1782,13 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
static CURLcode ftp_epsv_disable(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
+
+ if(conn->bits.ipv6) {
+ /* We can't disable EPSV when doing IPv6, so this is instead a fail */
+ failf(conn->data, "Failed EPSV attempt, exiting\n");
+ return CURLE_WEIRD_SERVER_REPLY;
+ }
+
infof(conn->data, "Failed EPSV attempt. Disabling EPSV\n");
/* disable it for next transfer */
conn->bits.ftp_use_epsv = FALSE;
@@ -1802,24 +1801,32 @@ static CURLcode ftp_epsv_disable(struct connectdata *conn)
return result;
}
+
+static char *control_address(struct connectdata *conn)
+{
+ /* Returns the control connection IP address.
+ If a proxy tunnel is used, returns the original host name instead, because
+ the effective control connection address is the proxy address,
+ not the ftp host. */
+ if(conn->bits.tunnel_proxy || conn->bits.socksproxy)
+ return conn->host.name;
+
+ return conn->ip_addr_str;
+}
+
static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
int ftpcode)
{
struct ftp_conn *ftpc = &conn->proto.ftpc;
CURLcode result;
- struct SessionHandle *data=conn->data;
- Curl_addrinfo *conninfo;
- struct Curl_dns_entry *addr=NULL;
+ struct Curl_easy *data = conn->data;
+ struct Curl_dns_entry *addr = NULL;
int rc;
unsigned short connectport; /* the local port connect() should use! */
- unsigned short newport=0; /* remote port */
- bool connected;
+ char *str = &data->state.buffer[4]; /* start on the first letter */
- /* newhost must be able to hold a full IP-style address in ASCII, which
- in the IPv6 case means 5*8-1 = 39 letters */
-#define NEWHOST_BUFSIZE 48
- char newhost[NEWHOST_BUFSIZE];
- char *str=&data->state.buffer[4]; /* start on the first letter */
+ /* if we come here again, make sure the former name is cleared */
+ Curl_safefree(ftpc->newhost);
if((ftpc->count1 == 0) &&
(ftpcode == 229)) {
@@ -1829,20 +1836,20 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
unsigned int num;
char separator[4];
ptr++;
- if(5 == sscanf(ptr, "%c%c%c%u%c",
- &separator[0],
- &separator[1],
- &separator[2],
- &num,
- &separator[3])) {
+ if(5 == sscanf(ptr, "%c%c%c%u%c",
+ &separator[0],
+ &separator[1],
+ &separator[2],
+ &num,
+ &separator[3])) {
const char sep1 = separator[0];
int i;
/* The four separators should be identical, or else this is an oddly
formatted reply and we bail out immediately. */
- for(i=1; i<4; i++) {
+ for(i = 1; i<4; i++) {
if(separator[i] != sep1) {
- ptr=NULL; /* set to NULL to signal error */
+ ptr = NULL; /* set to NULL to signal error */
break;
}
}
@@ -1851,23 +1858,14 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
return CURLE_FTP_WEIRD_PASV_REPLY;
}
if(ptr) {
- newport = (unsigned short)(num & 0xffff);
-
- if(conn->bits.tunnel_proxy ||
- conn->proxytype == CURLPROXY_SOCKS5 ||
- conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
- conn->proxytype == CURLPROXY_SOCKS4 ||
- conn->proxytype == CURLPROXY_SOCKS4A)
- /* proxy tunnel -> use other host info because ip_addr_str is the
- proxy address not the ftp host */
- snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
- else
- /* use the same IP we are already connected to */
- snprintf(newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str);
+ ftpc->newport = (unsigned short)(num & 0xffff);
+ ftpc->newhost = strdup(control_address(conn));
+ if(!ftpc->newhost)
+ return CURLE_OUT_OF_MEMORY;
}
}
else
- ptr=NULL;
+ ptr = NULL;
}
if(!ptr) {
failf(data, "Weirdly formatted EPSV reply");
@@ -1877,8 +1875,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
else if((ftpc->count1 == 1) &&
(ftpcode == 227)) {
/* positive PASV response */
- int ip[4];
- int port[2];
+ unsigned int ip[4];
+ unsigned int port[2];
/*
* Scan for a sequence of six comma-separated numbers and use them as
@@ -1890,40 +1888,35 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
* "227 Entering passive mode. 127,0,0,1,4,51"
*/
while(*str) {
- if(6 == sscanf(str, "%d,%d,%d,%d,%d,%d",
- &ip[0], &ip[1], &ip[2], &ip[3],
- &port[0], &port[1]))
+ if(6 == sscanf(str, "%u,%u,%u,%u,%u,%u",
+ &ip[0], &ip[1], &ip[2], &ip[3],
+ &port[0], &port[1]))
break;
str++;
}
- if(!*str) {
+ if(!*str || (ip[0] > 255) || (ip[1] > 255) || (ip[2] > 255) ||
+ (ip[3] > 255) || (port[0] > 255) || (port[1] > 255) ) {
failf(data, "Couldn't interpret the 227-response");
return CURLE_FTP_WEIRD_227_FORMAT;
}
/* we got OK from server */
if(data->set.ftp_skip_ip) {
- /* told to ignore the remotely given IP but instead use the one we used
+ /* told to ignore the remotely given IP but instead use the host we used
for the control connection */
- infof(data, "Skips %d.%d.%d.%d for data connection, uses %s instead\n",
+ infof(data, "Skip %d.%d.%d.%d for data connection, re-use %s instead\n",
ip[0], ip[1], ip[2], ip[3],
- conn->ip_addr_str);
- if(conn->bits.tunnel_proxy ||
- conn->proxytype == CURLPROXY_SOCKS5 ||
- conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
- conn->proxytype == CURLPROXY_SOCKS4 ||
- conn->proxytype == CURLPROXY_SOCKS4A)
- /* proxy tunnel -> use other host info because ip_addr_str is the
- proxy address not the ftp host */
- snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
- else
- snprintf(newhost, sizeof(newhost), "%s", conn->ip_addr_str);
+ conn->host.name);
+ ftpc->newhost = strdup(control_address(conn));
}
else
- snprintf(newhost, sizeof(newhost),
- "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
- newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
+ ftpc->newhost = aprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
+
+ if(!ftpc->newhost)
+ return CURLE_OUT_OF_MEMORY;
+
+ ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
}
else if(ftpc->count1 == 0) {
/* EPSV failed, move on to PASV */
@@ -1940,7 +1933,9 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
* here. We don't want to rely on a former host lookup that might've
* expired now, instead we remake the lookup here and now!
*/
- rc = Curl_resolv(conn, conn->proxy.name, (int)conn->port, &addr);
+ const char * const host_name = conn->bits.socksproxy ?
+ conn->socks_proxy.host.name : conn->http_proxy.host.name;
+ rc = Curl_resolv(conn, host_name, (int)conn->port, &addr);
if(rc == CURLRESOLV_PENDING)
/* BLOCKING, ignores the return code but 'addr' will be NULL in
case of failure */
@@ -1950,123 +1945,55 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
(unsigned short)conn->port; /* we connect to the proxy's port */
if(!addr) {
- failf(data, "Can't resolve proxy host %s:%hu",
- conn->proxy.name, connectport);
- return CURLE_FTP_CANT_GET_HOST;
+ failf(data, "Can't resolve proxy host %s:%hu", host_name, connectport);
+ return CURLE_COULDNT_RESOLVE_PROXY;
}
}
else {
/* normal, direct, ftp connection */
- rc = Curl_resolv(conn, newhost, newport, &addr);
+ rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, &addr);
if(rc == CURLRESOLV_PENDING)
/* BLOCKING */
(void)Curl_resolver_wait_resolv(conn, &addr);
- connectport = newport; /* we connect to the remote port */
+ connectport = ftpc->newport; /* we connect to the remote port */
if(!addr) {
- failf(data, "Can't resolve new host %s:%hu", newhost, connectport);
+ failf(data, "Can't resolve new host %s:%hu", ftpc->newhost, connectport);
return CURLE_FTP_CANT_GET_HOST;
}
}
- result = Curl_connecthost(conn,
- addr,
- &conn->sock[SECONDARYSOCKET],
- &conninfo,
- &connected);
-
- Curl_resolv_unlock(data, addr); /* we're done using this address */
+ conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
+ result = Curl_connecthost(conn, addr);
if(result) {
+ Curl_resolv_unlock(data, addr); /* we're done using this address */
if(ftpc->count1 == 0 && ftpcode == 229)
return ftp_epsv_disable(conn);
return result;
}
- conn->bits.tcpconnect[SECONDARYSOCKET] = connected;
/*
* When this is used from the multi interface, this might've returned with
* the 'connected' set to FALSE and thus we are now awaiting a non-blocking
- * connect to connect and we should not be "hanging" here waiting.
+ * connect to connect.
*/
if(data->set.verbose)
/* this just dumps information about this second connection */
- ftp_pasv_verbose(conn, conninfo, newhost, connectport);
-
- switch(conn->proxytype) {
- /* FIX: this MUST wait for a proper connect first if 'connected' is
- * FALSE */
- case CURLPROXY_SOCKS5:
- case CURLPROXY_SOCKS5_HOSTNAME:
- result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost, newport,
- SECONDARYSOCKET, conn);
- connected = TRUE;
- break;
- case CURLPROXY_SOCKS4:
- result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
- SECONDARYSOCKET, conn, FALSE);
- connected = TRUE;
- break;
- case CURLPROXY_SOCKS4A:
- result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
- SECONDARYSOCKET, conn, TRUE);
- connected = TRUE;
- break;
- case CURLPROXY_HTTP:
- case CURLPROXY_HTTP_1_0:
- /* do nothing here. handled later. */
- break;
- default:
- failf(data, "unknown proxytype option given");
- result = CURLE_COULDNT_CONNECT;
- break;
- }
-
- if(result) {
- if(ftpc->count1 == 0 && ftpcode == 229)
- return ftp_epsv_disable(conn);
- return result;
- }
-
- if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
- /* FIX: this MUST wait for a proper connect first if 'connected' is
- * FALSE */
-
- /* BLOCKING */
- /* We want "seamless" FTP operations through HTTP proxy tunnel */
-
- /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
- * conn->proto.http; we want FTP through HTTP and we have to change the
- * member temporarily for connecting to the HTTP proxy. After
- * Curl_proxyCONNECT we have to set back the member to the original struct
- * FTP pointer
- */
- struct HTTP http_proxy;
- struct FTP *ftp_save = data->req.protop;
- memset(&http_proxy, 0, sizeof(http_proxy));
- data->req.protop = &http_proxy;
-
- result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
-
- data->req.protop = ftp_save;
-
- if(result)
- return result;
+ ftp_pasv_verbose(conn, addr->addr, ftpc->newhost, connectport);
- if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
- /* the CONNECT procedure is not complete, the tunnel is not yet up */
- state(conn, FTP_STOP); /* this phase is completed */
- conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
+ Curl_resolv_unlock(data, addr); /* we're done using this address */
- return result;
- }
- }
+ Curl_safefree(conn->secondaryhostname);
+ conn->secondary_port = ftpc->newport;
+ conn->secondaryhostname = strdup(ftpc->newhost);
+ if(!conn->secondaryhostname)
+ return CURLE_OUT_OF_MEMORY;
- conn->bits.tcpconnect[SECONDARYSOCKET] = connected;
conn->bits.do_more = TRUE;
state(conn, FTP_STOP); /* this phase is completed */
@@ -2076,12 +2003,14 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
static CURLcode ftp_state_port_resp(struct connectdata *conn,
int ftpcode)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ftp_conn *ftpc = &conn->proto.ftpc;
ftpport fcmd = (ftpport)ftpc->count1;
CURLcode result = CURLE_OK;
- if(ftpcode != 200) {
+ /* The FTP spec tells a positive response should have code 200.
+ Be more permissive here to tolerate deviant servers. */
+ if(ftpcode / 100 != 2) {
/* the command failed */
if(EPRT == fcmd) {
@@ -2111,7 +2040,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
int ftpcode)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
struct FTP *ftp = data->req.protop;
struct ftp_conn *ftpc = &conn->proto.ftpc;
@@ -2121,17 +2050,17 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
/* we got a time. Format should be: "YYYYMMDDHHMMSS[.sss]" where the
last .sss part is optional and means fractions of a second */
int year, month, day, hour, minute, second;
- char *buf = data->state.buffer;
- if(6 == sscanf(buf+4, "%04d%02d%02d%02d%02d%02d",
+ if(6 == sscanf(&data->state.buffer[4], "%04d%02d%02d%02d%02d%02d",
&year, &month, &day, &hour, &minute, &second)) {
/* we have a time, reformat it */
- time_t secs=time(NULL);
- /* using the good old yacc/bison yuck */
- snprintf(buf, sizeof(conn->data->state.buffer),
+ char timebuf[24];
+ time_t secs = time(NULL);
+
+ snprintf(timebuf, sizeof(timebuf),
"%04d%02d%02d %02d:%02d:%02d GMT",
year, month, day, hour, minute, second);
/* now, convert this into a time() value: */
- data->info.filetime = (long)curl_getdate(buf, &secs);
+ data->info.filetime = (long)curl_getdate(timebuf, &secs);
}
#ifdef CURL_FTP_HTTPSTYLE_HEAD
@@ -2141,7 +2070,8 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
if(data->set.opt_no_body &&
ftpc->file &&
data->set.get_filetime &&
- (data->info.filetime>=0) ) {
+ (data->info.filetime >= 0) ) {
+ char headerbuf[128];
time_t filetime = (time_t)data->info.filetime;
struct tm buffer;
const struct tm *tm = &buffer;
@@ -2151,7 +2081,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
return result;
/* format: "Tue, 15 Nov 1994 12:45:26" */
- snprintf(buf, BUFSIZE-1,
+ snprintf(headerbuf, sizeof(headerbuf),
"Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
tm->tm_mday,
@@ -2160,7 +2090,7 @@ static CURLcode ftp_state_mdtm_resp(struct connectdata *conn,
tm->tm_hour,
tm->tm_min,
tm->tm_sec);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, headerbuf, 0);
if(result)
return result;
} /* end of a ridiculous amount of conditionals */
@@ -2216,7 +2146,7 @@ static CURLcode ftp_state_type_resp(struct connectdata *conn,
ftpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
if(ftpcode/100 != 2) {
/* "sasserftpd" and "(u)r(x)bot ftpd" both responds with 226 after a
@@ -2245,7 +2175,7 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
curl_off_t filesize)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
struct FTP *ftp = data->req.protop;
struct ftp_conn *ftpc = &conn->proto.ftpc;
@@ -2271,8 +2201,8 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
if(data->state.resume_from< 0) {
/* We're supposed to download the last abs(from) bytes */
if(filesize < -data->state.resume_from) {
- failf(data, "Offset (%" FORMAT_OFF_T
- ") was beyond file size (%" FORMAT_OFF_T ")",
+ failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+ ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
data->state.resume_from, filesize);
return CURLE_BAD_DOWNLOAD_RESUME;
}
@@ -2283,8 +2213,8 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
}
else {
if(filesize < data->state.resume_from) {
- failf(data, "Offset (%" FORMAT_OFF_T
- ") was beyond file size (%" FORMAT_OFF_T ")",
+ failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+ ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
data->state.resume_from, filesize);
return CURLE_BAD_DOWNLOAD_RESUME;
}
@@ -2306,13 +2236,13 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
}
/* Set resume file transfer offset */
- infof(data, "Instructs server to resume from offset %" FORMAT_OFF_T
- "\n", data->state.resume_from);
+ infof(data, "Instructs server to resume from offset %"
+ CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from);
- PPSENDF(&ftpc->pp, "REST %" FORMAT_OFF_T, data->state.resume_from);
+ PPSENDF(&ftpc->pp, "REST %" CURL_FORMAT_CURL_OFF_T,
+ data->state.resume_from);
state(conn, FTP_RETR_REST);
-
}
else {
/* no resume */
@@ -2328,19 +2258,22 @@ static CURLcode ftp_state_size_resp(struct connectdata *conn,
ftpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data=conn->data;
- curl_off_t filesize;
+ struct Curl_easy *data = conn->data;
+ curl_off_t filesize = -1;
char *buf = data->state.buffer;
/* get the size from the ascii string: */
- filesize = (ftpcode == 213)?curlx_strtoofft(buf+4, NULL, 0):-1;
+ if(ftpcode == 213)
+ /* ignores parsing errors, which will make the size remain unknown */
+ (void)curlx_strtoofft(buf + 4, NULL, 0, &filesize);
if(instate == FTP_SIZE) {
#ifdef CURL_FTP_HTTPSTYLE_HEAD
if(-1 != filesize) {
- snprintf(buf, sizeof(data->state.buffer),
- "Content-Length: %" FORMAT_OFF_T "\r\n", filesize);
- result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
+ char clbuf[128];
+ snprintf(clbuf, sizeof(clbuf),
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", filesize);
+ result = Curl_client_write(conn, CLIENTWRITE_BOTH, clbuf, 0);
if(result)
return result;
}
@@ -2400,9 +2333,9 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
int ftpcode, ftpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
- if(ftpcode>=400) {
+ if(ftpcode >= 400) {
failf(data, "Failed FTP upload: %0d", ftpcode);
state(conn, FTP_STOP);
/* oops, we never close the sockets! */
@@ -2429,8 +2362,7 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
return CURLE_OK;
}
- else
- return InitiateTransfer(conn);
+ return InitiateTransfer(conn);
}
/* for LIST and RETR responses */
@@ -2439,9 +2371,8 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
ftpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct FTP *ftp = data->req.protop;
- char *buf = data->state.buffer;
if((ftpcode == 150) || (ftpcode == 125)) {
@@ -2462,7 +2393,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
E:
125 Data connection already open; Transfer starting. */
- curl_off_t size=-1; /* default unknown size */
+ curl_off_t size = -1; /* default unknown size */
/*
@@ -2485,9 +2416,10 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
*
* Example D above makes this parsing a little tricky */
char *bytes;
- bytes=strstr(buf, " bytes");
- if(bytes--) {
- long in=(long)(bytes-buf);
+ char *buf = data->state.buffer;
+ bytes = strstr(buf, " bytes");
+ if(bytes) {
+ long in = (long)(--bytes-buf);
/* this is a hint there is size information in there! ;-) */
while(--in) {
/* scan for the left parenthesis and break there */
@@ -2495,7 +2427,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
break;
/* skip only digits */
if(!ISDIGIT(*bytes)) {
- bytes=NULL;
+ bytes = NULL;
break;
}
/* one more estep backwards */
@@ -2504,7 +2436,7 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
/* if we have nothing but digits: */
if(bytes++) {
/* get the number! */
- size = curlx_strtoofft(bytes, NULL, 0);
+ (void)curlx_strtoofft(bytes, NULL, 0, &size);
}
}
}
@@ -2516,10 +2448,12 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
else if((instate != FTP_LIST) && (data->set.prefer_ascii))
size = -1; /* kludge for servers that understate ASCII mode file size */
- infof(data, "Maxdownload = %" FORMAT_OFF_T "\n", data->req.maxdownload);
+ infof(data, "Maxdownload = %" CURL_FORMAT_CURL_OFF_T "\n",
+ data->req.maxdownload);
if(instate != FTP_LIST)
- infof(data, "Getting file with size: %" FORMAT_OFF_T "\n", size);
+ infof(data, "Getting file with size: %" CURL_FORMAT_CURL_OFF_T "\n",
+ size);
/* FTP download: */
conn->proto.ftpc.state_saved = instate;
@@ -2594,7 +2528,7 @@ static CURLcode ftp_state_user_resp(struct connectdata *conn,
ftpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct FTP *ftp = data->req.protop;
struct ftp_conn *ftpc = &conn->proto.ftpc;
(void)instate; /* no use for this yet */
@@ -2649,7 +2583,7 @@ static CURLcode ftp_state_acct_resp(struct connectdata *conn,
int ftpcode)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(ftpcode != 230) {
failf(data, "ACCT rejected by server: %03d", ftpcode);
result = CURLE_FTP_WEIRD_PASS_REPLY; /* FIX */
@@ -2665,7 +2599,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
{
CURLcode result;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
int ftpcode;
struct ftp_conn *ftpc = &conn->proto.ftpc;
struct pingpong *pp = &ftpc->pp;
@@ -2689,7 +2623,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
else if(ftpcode != 220) {
failf(data, "Got a %03d ftp-server response when 220 was expected",
ftpcode);
- return CURLE_FTP_WEIRD_SERVER_REPLY;
+ return CURLE_WEIRD_SERVER_REPLY;
}
/* We have received a 220 response fine, now we proceed. */
@@ -2703,18 +2637,21 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
set a valid level */
Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]);
- if(Curl_sec_login(conn) != CURLE_OK)
+ if(Curl_sec_login(conn))
infof(data, "Logging in with password in cleartext!\n");
else
infof(data, "Authentication successful\n");
}
#endif
- if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+ if(data->set.use_ssl &&
+ (!conn->ssl[FIRSTSOCKET].use ||
+ (conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
+ !conn->proxy_ssl[FIRSTSOCKET].use))) {
/* We don't have a SSL/TLS connection yet, but FTPS is
requested. Try a FTPS connection now */
- ftpc->count3=0;
+ ftpc->count3 = 0;
switch(data->set.ftpsslauth) {
case CURLFTPAUTH_DEFAULT:
case CURLFTPAUTH_SSL:
@@ -2754,8 +2691,8 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
if((ftpcode == 234) || (ftpcode == 334)) {
/* Curl_ssl_connect is BLOCKING */
result = Curl_ssl_connect(conn, FIRSTSOCKET);
- if(CURLE_OK == result) {
- conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
+ if(!result) {
+ conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
result = ftp_state_user(conn);
}
}
@@ -2797,7 +2734,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
case FTP_PROT:
if(ftpcode/100 == 2)
/* We have enabled SSL for the data connection! */
- conn->ssl[SECONDARYSOCKET].use =
+ conn->bits.ftp_use_data_ssl =
(data->set.use_ssl != CURLUSESSL_CONTROL) ? TRUE : FALSE;
/* FTP servers typically responds with 500 if they decide to reject
our 'P' request */
@@ -2837,9 +2774,11 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
case FTP_PWD:
if(ftpcode == 257) {
- char *ptr=&data->state.buffer[4]; /* start on the first letter */
+ char *ptr = &data->state.buffer[4]; /* start on the first letter */
+ const size_t buf_size = data->set.buffer_size;
char *dir;
char *store;
+ bool entry_extracted = FALSE;
dir = malloc(nread + 1);
if(!dir)
@@ -2855,7 +2794,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
*/
/* scan for the first double-quote for non-standard responses */
- while(ptr < &data->state.buffer[sizeof(data->state.buffer)]
+ while(ptr < &data->state.buffer[buf_size]
&& *ptr != '\n' && *ptr != '\0' && *ptr != '"')
ptr++;
@@ -2871,7 +2810,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
}
else {
/* end of path */
- *store = '\0'; /* zero terminate */
+ entry_extracted = TRUE;
break; /* get out of this loop */
}
}
@@ -2880,12 +2819,14 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
store++;
ptr++;
}
-
+ *store = '\0'; /* zero terminate */
+ }
+ if(entry_extracted) {
/* If the path name does not look like an absolute path (i.e.: it
does not start with a '/'), we probably need some server-dependent
adjustments. For example, this is the case when connecting to
an OS400 FTP server: this server supports two name syntaxes,
- the default one being incompatible with standard pathes. In
+ the default one being incompatible with standard paths. In
addition, this server switches automatically to the regular path
syntax when one is encountered in a command: this results in
having an entrypath in the wrong syntax when later used in CWD.
@@ -2896,7 +2837,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
if(!ftpc->server_os && dir[0] != '/') {
result = Curl_pp_sendf(&ftpc->pp, "%s", "SYST");
- if(result != CURLE_OK) {
+ if(result) {
free(dir);
return result;
}
@@ -2927,7 +2868,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
case FTP_SYST:
if(ftpcode == 215) {
- char *ptr=&data->state.buffer[4]; /* start on the first letter */
+ char *ptr = &data->state.buffer[4]; /* start on the first letter */
char *os;
char *store;
@@ -2946,10 +2887,10 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
/* Check for special servers here. */
- if(strequal(os, "OS/400")) {
+ if(strcasecompare(os, "OS/400")) {
/* Force OS400 name format 1. */
result = Curl_pp_sendf(&ftpc->pp, "%s", "SITE NAMEFMT 1");
- if(result != CURLE_OK) {
+ if(result) {
free(os);
return result;
}
@@ -2959,12 +2900,10 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
state(conn, FTP_NAMEFMT);
break;
}
- else {
- /* Nothing special for the target server. */
- /* remember target server OS */
- Curl_safefree(ftpc->server_os);
- ftpc->server_os = os;
- }
+ /* Nothing special for the target server. */
+ /* remember target server OS */
+ Curl_safefree(ftpc->server_os);
+ ftpc->server_os = os;
}
else {
/* Cannot identify server OS. Continue anyway and cross fingers. */
@@ -3004,10 +2943,10 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
if(ftpcode/100 != 2) {
/* failure to CWD there */
if(conn->data->set.ftp_create_missing_dirs &&
- ftpc->count1 && !ftpc->count2) {
+ ftpc->cwdcount && !ftpc->count2) {
/* try making it */
ftpc->count2++; /* counter to prevent CWD-MKD loops */
- PPSENDF(&ftpc->pp, "MKD %s", ftpc->dirs[ftpc->count1 - 1]);
+ PPSENDF(&ftpc->pp, "MKD %s", ftpc->dirs[ftpc->cwdcount - 1]);
state(conn, FTP_MKD);
}
else {
@@ -3020,10 +2959,10 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
}
else {
/* success */
- ftpc->count2=0;
- if(++ftpc->count1 <= ftpc->dirdepth) {
+ ftpc->count2 = 0;
+ if(++ftpc->cwdcount <= ftpc->dirdepth) {
/* send next CWD */
- PPSENDF(&ftpc->pp, "CWD %s", ftpc->dirs[ftpc->count1 - 1]);
+ PPSENDF(&ftpc->pp, "CWD %s", ftpc->dirs[ftpc->cwdcount - 1]);
}
else {
result = ftp_state_mdtm(conn);
@@ -3041,7 +2980,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
}
state(conn, FTP_CWD);
/* send CWD */
- PPSENDF(&ftpc->pp, "CWD %s", ftpc->dirs[ftpc->count1 - 1]);
+ PPSENDF(&ftpc->pp, "CWD %s", ftpc->dirs[ftpc->cwdcount - 1]);
break;
case FTP_MDTM:
@@ -3112,7 +3051,7 @@ static CURLcode ftp_multi_statemach(struct connectdata *conn,
struct ftp_conn *ftpc = &conn->proto.ftpc;
CURLcode result = Curl_pp_statemach(&ftpc->pp, FALSE);
- /* Check for the state outside of the Curl_socket_ready() return code checks
+ /* Check for the state outside of the Curl_socket_check() return code checks
since at times we are in fact already in this state when this function
gets called. */
*done = (ftpc->state == FTP_STOP) ? TRUE : FALSE;
@@ -3153,7 +3092,7 @@ static CURLcode ftp_connect(struct connectdata *conn,
*done = FALSE; /* default to not done yet */
/* We always support persistent connections on ftp */
- conn->bits.close = FALSE;
+ connkeep(conn, "FTP default");
pp->response_time = RESP_TIMEOUT; /* set default response time-out */
pp->statemach_act = ftp_statemach_act;
@@ -3188,25 +3127,19 @@ static CURLcode ftp_connect(struct connectdata *conn,
* Input argument is already checked for validity.
*/
static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
- bool premature)
+ bool premature)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct FTP *ftp = data->req.protop;
struct ftp_conn *ftpc = &conn->proto.ftpc;
struct pingpong *pp = &ftpc->pp;
ssize_t nread;
int ftpcode;
CURLcode result = CURLE_OK;
- bool was_ctl_valid = ftpc->ctl_valid;
- char *path;
+ char *path = NULL;
const char *path_to_use = data->state.path;
if(!ftp)
- /* When the easy handle is removed from the multi while libcurl is still
- * trying to resolve the host name, it seems that the ftp struct is not
- * yet initialized, but the removal action calls Curl_done() which calls
- * this function. So we simply return success if no ftp pointer is set.
- */
return CURLE_OK;
switch(status) {
@@ -3226,57 +3159,56 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
/* the connection stays alive fine even though this happened */
/* fall-through */
case CURLE_OK: /* doesn't affect the control connection's status */
- if(!premature) {
- ftpc->ctl_valid = was_ctl_valid;
+ if(!premature)
break;
- }
+
/* until we cope better with prematurely ended requests, let them
* fallback as if in complete failure */
+ /* FALLTHROUGH */
default: /* by default, an error means the control connection is
wedged and should not be used anymore */
ftpc->ctl_valid = FALSE;
ftpc->cwdfail = TRUE; /* set this TRUE to prevent us to remember the
current path, as this connection is going */
- conn->bits.close = TRUE; /* marked for closure */
+ connclose(conn, "FTP ended with bad error code");
result = status; /* use the already set error code */
break;
}
/* now store a copy of the directory we are in */
- if(ftpc->prevpath)
- free(ftpc->prevpath);
+ free(ftpc->prevpath);
- if(data->set.wildcardmatch) {
+ if(data->state.wildcardmatch) {
if(data->set.chunk_end && ftpc->file) {
data->set.chunk_end(data->wildcard.customptr);
}
ftpc->known_filesize = -1;
}
- /* get the "raw" path */
- path = curl_easy_unescape(data, path_to_use, 0, NULL);
- if(!path) {
- /* out of memory, but we can limp along anyway (and should try to
- * since we may already be in the out of memory cleanup path) */
- if(!result)
- result = CURLE_OUT_OF_MEMORY;
+ if(!result)
+ /* get the "raw" path */
+ result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
+ if(result) {
+ /* We can limp along anyway (and should try to since we may already be in
+ * the error path) */
ftpc->ctl_valid = FALSE; /* mark control connection as bad */
- conn->bits.close = TRUE; /* mark for connection closure */
+ connclose(conn, "FTP: out of memory!"); /* mark for connection closure */
ftpc->prevpath = NULL; /* no path remembering */
}
else {
size_t flen = ftpc->file?strlen(ftpc->file):0; /* file is "raw" already */
size_t dlen = strlen(path)-flen;
if(!ftpc->cwdfail) {
+ ftpc->prevmethod = data->set.ftp_filemethod;
if(dlen && (data->set.ftp_filemethod != FTPFILE_NOCWD)) {
ftpc->prevpath = path;
if(flen)
/* if 'path' is not the whole string */
- ftpc->prevpath[dlen]=0; /* terminate */
+ ftpc->prevpath[dlen] = 0; /* terminate */
}
else {
/* we never changed dir */
- ftpc->prevpath=strdup("");
+ ftpc->prevpath = strdup("");
free(path);
}
if(ftpc->prevpath)
@@ -3293,7 +3225,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
/* shut down the socket to inform the server we're done */
#ifdef _WIN32_WCE
- shutdown(conn->sock[SECONDARYSOCKET],2); /* SD_BOTH */
+ shutdown(conn->sock[SECONDARYSOCKET], 2); /* SD_BOTH */
#endif
if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
@@ -3304,7 +3236,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
failf(data, "Failure sending ABOR command: %s",
curl_easy_strerror(result));
ftpc->ctl_valid = FALSE; /* mark control connection as bad */
- conn->bits.close = TRUE; /* mark for connection closure */
+ connclose(conn, "ABOR command failed"); /* connection closure */
}
}
@@ -3316,11 +3248,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
/* Note that we keep "use" set to TRUE since that (next) connection is
still requested to use SSL */
}
- if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) {
- Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
- conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
- conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
- }
+ close_secondarysocket(conn);
}
if(!result && (ftp->transfer == FTPTRANSFER_BODY) && ftpc->ctl_valid &&
@@ -3334,7 +3262,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
long old_time = pp->response_time;
pp->response_time = 60*1000; /* give it only a minute for now */
- pp->response = Curl_tvnow(); /* timeout relative now */
+ pp->response = Curl_now(); /* timeout relative now */
result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
@@ -3343,7 +3271,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
if(!nread && (CURLE_OPERATION_TIMEDOUT == result)) {
failf(data, "control connection looks dead");
ftpc->ctl_valid = FALSE; /* mark control connection as bad */
- conn->bits.close = TRUE; /* mark for closure */
+ connclose(conn, "Timeout or similar in FTP DONE operation"); /* close */
}
if(result)
@@ -3353,7 +3281,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
/* we have just sent ABOR and there is no reliable way to check if it was
* successful or not; we have to close the connection now */
infof(data, "partial download completed, closing connection\n");
- conn->bits.close = TRUE; /* mark for closure */
+ connclose(conn, "Partial download with no ability to check");
return result;
}
@@ -3371,13 +3299,13 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
use checking further */
;
else if(data->set.upload) {
- if((-1 != data->set.infilesize) &&
- (data->set.infilesize != *ftp->bytecountp) &&
+ if((-1 != data->state.infilesize) &&
+ (data->state.infilesize != *ftp->bytecountp) &&
!data->set.crlf &&
(ftp->transfer == FTPTRANSFER_BODY)) {
- failf(data, "Uploaded unaligned file size (%" FORMAT_OFF_T
- " out of %" FORMAT_OFF_T " bytes)",
- *ftp->bytecountp, data->set.infilesize);
+ failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T
+ " out of %" CURL_FORMAT_CURL_OFF_T " bytes)",
+ *ftp->bytecountp, data->state.infilesize);
result = CURLE_PARTIAL_FILE;
}
}
@@ -3393,8 +3321,8 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
*ftp->bytecountp) &&
#endif /* CURL_DO_LINEEND_CONV */
(data->req.maxdownload != *ftp->bytecountp)) {
- failf(data, "Received only partial file: %" FORMAT_OFF_T " bytes",
- *ftp->bytecountp);
+ failf(data, "Received only partial file: %" CURL_FORMAT_CURL_OFF_T
+ " bytes", *ftp->bytecountp);
result = CURLE_PARTIAL_FILE;
}
else if(!ftpc->dont_check &&
@@ -3454,7 +3382,7 @@ CURLcode ftp_sendquote(struct connectdata *conn, struct curl_slist *quote)
PPSENDF(&conn->proto.ftpc.pp, "%s", cmd);
- pp->response = Curl_tvnow(); /* timeout relative now */
+ pp->response = Curl_now(); /* timeout relative now */
result = Curl_GetFTPResponse(&nread, conn, &ftpcode);
if(result)
@@ -3543,44 +3471,46 @@ static CURLcode ftp_range(struct connectdata *conn)
{
curl_off_t from, to;
char *ptr;
- char *ptr2;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ftp_conn *ftpc = &conn->proto.ftpc;
if(data->state.use_range && data->state.range) {
- from=curlx_strtoofft(data->state.range, &ptr, 0);
- while(*ptr && (ISSPACE(*ptr) || (*ptr=='-')))
+ CURLofft from_t;
+ CURLofft to_t;
+ from_t = curlx_strtoofft(data->state.range, &ptr, 0, &from);
+ if(from_t == CURL_OFFT_FLOW)
+ return CURLE_RANGE_ERROR;
+ while(*ptr && (ISSPACE(*ptr) || (*ptr == '-')))
ptr++;
- to=curlx_strtoofft(ptr, &ptr2, 0);
- if(ptr == ptr2) {
- /* we didn't get any digit */
- to=-1;
- }
- if((-1 == to) && (from>=0)) {
+ to_t = curlx_strtoofft(ptr, NULL, 0, &to);
+ if(to_t == CURL_OFFT_FLOW)
+ return CURLE_RANGE_ERROR;
+ if((to_t == CURL_OFFT_INVAL) && !from_t) {
/* X - */
data->state.resume_from = from;
- DEBUGF(infof(conn->data, "FTP RANGE %" FORMAT_OFF_T " to end of file\n",
- from));
+ DEBUGF(infof(conn->data, "FTP RANGE %" CURL_FORMAT_CURL_OFF_T
+ " to end of file\n", from));
}
- else if(from < 0) {
+ else if(!to_t && (from_t == CURL_OFFT_INVAL)) {
/* -Y */
- data->req.maxdownload = -from;
- data->state.resume_from = from;
- DEBUGF(infof(conn->data, "FTP RANGE the last %" FORMAT_OFF_T " bytes\n",
- -from));
+ data->req.maxdownload = to;
+ data->state.resume_from = -to;
+ DEBUGF(infof(conn->data, "FTP RANGE the last %" CURL_FORMAT_CURL_OFF_T
+ " bytes\n", to));
}
else {
/* X-Y */
- data->req.maxdownload = (to-from)+1; /* include last byte */
+ data->req.maxdownload = (to - from) + 1; /* include last byte */
data->state.resume_from = from;
- DEBUGF(infof(conn->data, "FTP RANGE from %" FORMAT_OFF_T
- " getting %" FORMAT_OFF_T " bytes\n",
+ DEBUGF(infof(conn->data, "FTP RANGE from %" CURL_FORMAT_CURL_OFF_T
+ " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n",
from, data->req.maxdownload));
}
- DEBUGF(infof(conn->data, "range-download from %" FORMAT_OFF_T
- " to %" FORMAT_OFF_T ", totally %" FORMAT_OFF_T " bytes\n",
+ DEBUGF(infof(conn->data, "range-download from %" CURL_FORMAT_CURL_OFF_T
+ " to %" CURL_FORMAT_CURL_OFF_T ", totally %"
+ CURL_FORMAT_CURL_OFF_T " bytes\n",
from, to, data->req.maxdownload));
- ftpc->dont_check = TRUE; /* dont check for successful transfer */
+ ftpc->dont_check = TRUE; /* don't check for successful transfer */
}
else
data->req.maxdownload = -1;
@@ -3601,7 +3531,7 @@ static CURLcode ftp_range(struct connectdata *conn)
static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
{
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
struct ftp_conn *ftpc = &conn->proto.ftpc;
CURLcode result = CURLE_OK;
bool connected = FALSE;
@@ -3612,7 +3542,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
/* if the second connection isn't done yet, wait for it */
if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
- if(conn->tunnel_state[SECONDARYSOCKET] == TUNNEL_CONNECT) {
+ if(Curl_connect_ongoing(conn)) {
/* As we're in TUNNEL_CONNECT state now, we know the proxy name and port
aren't used so we blank their arguments. TODO: make this nicer */
result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, NULL, 0);
@@ -3636,8 +3566,20 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
}
}
+ result = Curl_proxy_connect(conn, SECONDARYSOCKET);
+ if(result)
+ return result;
+
+ if(CONNECT_SECONDARYSOCKET_PROXY_SSL())
+ return result;
+
+ if(conn->bits.tunnel_proxy && conn->bits.httpproxy &&
+ Curl_connect_ongoing(conn))
+ return result;
+
+
if(ftpc->state) {
- /* already in a state so skip the intial commands.
+ /* already in a state so skip the initial commands.
They are only done to kickstart the do_more state */
result = ftp_multi_statemach(conn, &complete);
@@ -3686,7 +3628,13 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
return result;
result = ftp_multi_statemach(conn, &complete);
- *completep = (int)complete;
+ if(ftpc->wait_data_conn)
+ /* if we reach the end of the FTP state machine here, *complete will be
+ TRUE but so is ftpc->wait_data_conn, which says we need to wait for
+ the data connection and therefore we're not actually complete */
+ *completep = 0;
+ else
+ *completep = (int)complete;
}
else {
/* download */
@@ -3720,7 +3668,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
return result;
}
- if((result == CURLE_OK) && (ftp->transfer != FTPTRANSFER_BODY))
+ if(!result && (ftp->transfer != FTPTRANSFER_BODY))
/* no data to transfer. FIX: it feels like a kludge to have this here
too! */
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
@@ -3750,7 +3698,7 @@ CURLcode ftp_perform(struct connectdata *conn,
bool *dophase_done)
{
/* this is FTP and no proxy */
- CURLcode result=CURLE_OK;
+ CURLcode result = CURLE_OK;
DEBUGF(infof(conn->data, "DO phase starts\n"));
@@ -3785,7 +3733,7 @@ static void wc_data_dtor(void *ptr)
struct ftp_wc_tmpdata *tmp = ptr;
if(tmp)
Curl_ftp_parselist_data_free(&tmp->parser);
- Curl_safefree(tmp);
+ free(tmp);
}
static CURLcode init_wc_data(struct connectdata *conn)
@@ -3793,7 +3741,7 @@ static CURLcode init_wc_data(struct connectdata *conn)
char *last_slash;
char *path = conn->data->state.path;
struct WildcardData *wildcard = &(conn->data->wildcard);
- CURLcode ret = CURLE_OK;
+ CURLcode result = CURLE_OK;
struct ftp_wc_tmpdata *ftp_tmp;
last_slash = strrchr(conn->data->state.path, '/');
@@ -3801,15 +3749,13 @@ static CURLcode init_wc_data(struct connectdata *conn)
last_slash++;
if(last_slash[0] == '\0') {
wildcard->state = CURLWC_CLEAN;
- ret = ftp_parse_url_path(conn);
- return ret;
- }
- else {
- wildcard->pattern = strdup(last_slash);
- if(!wildcard->pattern)
- return CURLE_OUT_OF_MEMORY;
- last_slash[0] = '\0'; /* cut file from path */
+ result = ftp_parse_url_path(conn);
+ return result;
}
+ wildcard->pattern = strdup(last_slash);
+ if(!wildcard->pattern)
+ return CURLE_OUT_OF_MEMORY;
+ last_slash[0] = '\0'; /* cut file from path */
}
else { /* there is only 'wildcard pattern' or nothing */
if(path[0]) {
@@ -3820,8 +3766,8 @@ static CURLcode init_wc_data(struct connectdata *conn)
}
else { /* only list */
wildcard->state = CURLWC_CLEAN;
- ret = ftp_parse_url_path(conn);
- return ret;
+ result = ftp_parse_url_path(conn);
+ return result;
}
}
@@ -3839,7 +3785,7 @@ static CURLcode init_wc_data(struct connectdata *conn)
ftp_tmp->parser = Curl_ftp_parselist_data_alloc();
if(!ftp_tmp->parser) {
Curl_safefree(wildcard->pattern);
- Curl_safefree(ftp_tmp);
+ free(ftp_tmp);
return CURLE_OUT_OF_MEMORY;
}
@@ -3851,13 +3797,13 @@ static CURLcode init_wc_data(struct connectdata *conn)
conn->data->set.ftp_filemethod = FTPFILE_MULTICWD;
/* try to parse ftp url */
- ret = ftp_parse_url_path(conn);
- if(ret) {
+ result = ftp_parse_url_path(conn);
+ if(result) {
Curl_safefree(wildcard->pattern);
wildcard->tmp_dtor(wildcard->tmp);
wildcard->tmp_dtor = ZERO_NULL;
wildcard->tmp = NULL;
- return ret;
+ return result;
}
wildcard->path = strdup(conn->data->state.path);
@@ -3886,16 +3832,15 @@ static CURLcode init_wc_data(struct connectdata *conn)
static CURLcode wc_statemach(struct connectdata *conn)
{
struct WildcardData * const wildcard = &(conn->data->wildcard);
- CURLcode ret = CURLE_OK;
+ CURLcode result = CURLE_OK;
- switch (wildcard->state) {
+ switch(wildcard->state) {
case CURLWC_INIT:
- ret = init_wc_data(conn);
+ result = init_wc_data(conn);
if(wildcard->state == CURLWC_CLEAN)
/* only listing! */
break;
- else
- wildcard->state = ret ? CURLWC_ERROR : CURLWC_MATCHING;
+ wildcard->state = result ? CURLWC_ERROR : CURLWC_MATCHING;
break;
case CURLWC_MATCHING: {
@@ -3913,7 +3858,7 @@ static CURLcode wc_statemach(struct connectdata *conn)
wildcard->state = CURLWC_CLEAN;
return wc_statemach(conn);
}
- else if(wildcard->filelist->size == 0) {
+ if(wildcard->filelist.size == 0) {
/* no corresponding file */
wildcard->state = CURLWC_CLEAN;
return CURLE_REMOTE_FILE_NOT_FOUND;
@@ -3924,7 +3869,7 @@ static CURLcode wc_statemach(struct connectdata *conn)
case CURLWC_DOWNLOADING: {
/* filelist has at least one file, lets get first one */
struct ftp_conn *ftpc = &conn->proto.ftpc;
- struct curl_fileinfo *finfo = wildcard->filelist->head->ptr;
+ struct curl_fileinfo *finfo = wildcard->filelist.head->ptr;
char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);
if(!tmp_path)
@@ -3939,7 +3884,7 @@ static CURLcode wc_statemach(struct connectdata *conn)
infof(conn->data, "Wildcard - START of \"%s\"\n", finfo->filename);
if(conn->data->set.chunk_bgn) {
long userresponse = conn->data->set.chunk_bgn(
- finfo, wildcard->customptr, (int)wildcard->filelist->size);
+ finfo, wildcard->customptr, (int)wildcard->filelist.size);
switch(userresponse) {
case CURL_CHUNK_BGN_FUNC_SKIP:
infof(conn->data, "Wildcard - \"%s\" skipped by user\n",
@@ -3959,15 +3904,14 @@ static CURLcode wc_statemach(struct connectdata *conn)
if(finfo->flags & CURLFINFOFLAG_KNOWN_SIZE)
ftpc->known_filesize = finfo->size;
- ret = ftp_parse_url_path(conn);
- if(ret) {
- return ret;
- }
+ result = ftp_parse_url_path(conn);
+ if(result)
+ return result;
/* we don't need the Curl_fileinfo of first file anymore */
- Curl_llist_remove(wildcard->filelist, wildcard->filelist->head, NULL);
+ Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
- if(wildcard->filelist->size == 0) { /* remains only one file to down. */
+ if(wildcard->filelist.size == 0) { /* remains only one file to down. */
wildcard->state = CURLWC_CLEAN;
/* after that will be ftp_do called once again and no transfer
will be done because of CURLWC_CLEAN state */
@@ -3978,27 +3922,28 @@ static CURLcode wc_statemach(struct connectdata *conn)
case CURLWC_SKIP: {
if(conn->data->set.chunk_end)
conn->data->set.chunk_end(conn->data->wildcard.customptr);
- Curl_llist_remove(wildcard->filelist, wildcard->filelist->head, NULL);
- wildcard->state = (wildcard->filelist->size == 0) ?
+ Curl_llist_remove(&wildcard->filelist, wildcard->filelist.head, NULL);
+ wildcard->state = (wildcard->filelist.size == 0) ?
CURLWC_CLEAN : CURLWC_DOWNLOADING;
return wc_statemach(conn);
}
case CURLWC_CLEAN: {
struct ftp_wc_tmpdata *ftp_tmp = wildcard->tmp;
- ret = CURLE_OK;
- if(ftp_tmp) {
- ret = Curl_ftp_parselist_geterror(ftp_tmp->parser);
- }
- wildcard->state = ret ? CURLWC_ERROR : CURLWC_DONE;
+ result = CURLE_OK;
+ if(ftp_tmp)
+ result = Curl_ftp_parselist_geterror(ftp_tmp->parser);
+
+ wildcard->state = result ? CURLWC_ERROR : CURLWC_DONE;
} break;
case CURLWC_DONE:
case CURLWC_ERROR:
+ case CURLWC_CLEAR:
break;
}
- return ret;
+ return result;
}
/***********************************************************************
@@ -4012,74 +3957,71 @@ static CURLcode wc_statemach(struct connectdata *conn)
*/
static CURLcode ftp_do(struct connectdata *conn, bool *done)
{
- CURLcode retcode = CURLE_OK;
+ CURLcode result = CURLE_OK;
struct ftp_conn *ftpc = &conn->proto.ftpc;
*done = FALSE; /* default to false */
ftpc->wait_data_conn = FALSE; /* default to no such wait */
- if(conn->data->set.wildcardmatch) {
- retcode = wc_statemach(conn);
+ if(conn->data->state.wildcardmatch) {
+ result = wc_statemach(conn);
if(conn->data->wildcard.state == CURLWC_SKIP ||
conn->data->wildcard.state == CURLWC_DONE) {
/* do not call ftp_regular_transfer */
return CURLE_OK;
}
- if(retcode) /* error, loop or skipping the file */
- return retcode;
+ if(result) /* error, loop or skipping the file */
+ return result;
}
else { /* no wildcard FSM needed */
- retcode = ftp_parse_url_path(conn);
- if(retcode)
- return retcode;
+ result = ftp_parse_url_path(conn);
+ if(result)
+ return result;
}
- retcode = ftp_regular_transfer(conn, done);
+ result = ftp_regular_transfer(conn, done);
- return retcode;
+ return result;
}
-CURLcode Curl_ftpsendf(struct connectdata *conn,
- const char *fmt, ...)
+CURLcode Curl_ftpsend(struct connectdata *conn, const char *cmd)
{
ssize_t bytes_written;
#define SBUF_SIZE 1024
char s[SBUF_SIZE];
size_t write_len;
- char *sptr=s;
- CURLcode res = CURLE_OK;
+ char *sptr = s;
+ CURLcode result = CURLE_OK;
#ifdef HAVE_GSSAPI
enum protection_level data_sec = conn->data_prot;
#endif
- va_list ap;
- va_start(ap, fmt);
- write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap);
- va_end(ap);
+ write_len = strlen(cmd);
+ if(write_len > (sizeof(s) -3))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */
- write_len +=2;
-
- bytes_written=0;
+ write_len += 2;
+ bytes_written = 0;
- res = Curl_convert_to_network(conn->data, s, write_len);
+ result = Curl_convert_to_network(conn->data, s, write_len);
/* Curl_convert_to_network calls failf if unsuccessful */
- if(res)
- return(res);
+ if(result)
+ return result;
for(;;) {
#ifdef HAVE_GSSAPI
conn->data_prot = PROT_CMD;
#endif
- res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
- &bytes_written);
+ result = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
+ &bytes_written);
#ifdef HAVE_GSSAPI
DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);
conn->data_prot = data_sec;
#endif
- if(CURLE_OK != res)
+ if(result)
break;
if(conn->data->set.verbose)
@@ -4094,7 +4036,7 @@ CURLcode Curl_ftpsendf(struct connectdata *conn,
break;
}
- return res;
+ return result;
}
/***********************************************************************
@@ -4117,7 +4059,7 @@ static CURLcode ftp_quit(struct connectdata *conn)
failf(conn->data, "Failure sending QUIT command: %s",
curl_easy_strerror(result));
conn->proto.ftpc.ctl_valid = FALSE; /* mark control connection as bad */
- conn->bits.close = TRUE; /* mark for connection closure */
+ connclose(conn, "QUIT command failed"); /* mark for connection closure */
state(conn, FTP_STOP);
return result;
}
@@ -4139,7 +4081,7 @@ static CURLcode ftp_quit(struct connectdata *conn)
*/
static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
{
- struct ftp_conn *ftpc= &conn->proto.ftpc;
+ struct ftp_conn *ftpc = &conn->proto.ftpc;
struct pingpong *pp = &ftpc->pp;
/* We cannot send quit unconditionally. If this connection is stale or
@@ -4156,7 +4098,7 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
(void)ftp_quit(conn); /* ignore errors on the QUIT */
if(ftpc->entrypath) {
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(data->state.most_recent_ftp_entrypath == ftpc->entrypath) {
data->state.most_recent_ftp_entrypath = NULL;
}
@@ -4165,14 +4107,10 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
}
freedirs(ftpc);
- if(ftpc->prevpath) {
- free(ftpc->prevpath);
- ftpc->prevpath = NULL;
- }
- if(ftpc->server_os) {
- free(ftpc->server_os);
- ftpc->server_os = NULL;
- }
+ free(ftpc->prevpath);
+ ftpc->prevpath = NULL;
+ free(ftpc->server_os);
+ ftpc->server_os = NULL;
Curl_pp_disconnect(pp);
@@ -4193,7 +4131,7 @@ static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection)
static
CURLcode ftp_parse_url_path(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* the ftp struct is already inited in ftp_connect() */
struct FTP *ftp = data->req.protop;
struct ftp_conn *ftpc = &conn->proto.ftpc;
@@ -4202,8 +4140,8 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
const char *cur_pos;
const char *filename = NULL;
- cur_pos = path_to_use; /* current position in path. point at the begin
- of next path component */
+ cur_pos = path_to_use; /* current position in path. point at the begin of
+ next path component */
ftpc->ctl_valid = FALSE;
ftpc->cwdfail = FALSE;
@@ -4219,16 +4157,17 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
the first condition in the if() right here, is there just in case
someone decides to set path to NULL one day
*/
- if(data->state.path &&
- data->state.path[0] &&
- (data->state.path[strlen(data->state.path) - 1] != '/') )
- filename = data->state.path; /* this is a full file path */
- /*
+ if(path_to_use[0] &&
+ (path_to_use[strlen(path_to_use) - 1] != '/') )
+ filename = path_to_use; /* this is a full file path */
+ /*
+ else {
ftpc->file is not used anywhere other than for operations on a file.
In other words, never for directory operations.
So we can safely leave filename as NULL here and use it as a
argument in dir/file decisions.
- */
+ }
+ */
break;
case FTPFILE_SINGLECWD:
@@ -4238,9 +4177,10 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
ftpc->dirdepth = 0;
break;
}
- slash_pos=strrchr(cur_pos, '/');
+ slash_pos = strrchr(cur_pos, '/');
if(slash_pos || !*cur_pos) {
size_t dirlen = slash_pos-cur_pos;
+ CURLcode result;
ftpc->dirs = calloc(1, sizeof(ftpc->dirs[0]));
if(!ftpc->dirs)
@@ -4249,15 +4189,16 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
if(!dirlen)
dirlen++;
- ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/",
- slash_pos ? curlx_uztosi(dirlen) : 1,
- NULL);
- if(!ftpc->dirs[0]) {
+ result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/",
+ slash_pos ? dirlen : 1,
+ &ftpc->dirs[0], NULL,
+ FALSE);
+ if(result) {
freedirs(ftpc);
- return CURLE_OUT_OF_MEMORY;
+ return result;
}
ftpc->dirdepth = 1; /* we consider it to be a single dir */
- filename = slash_pos ? slash_pos+1 : cur_pos; /* rest is file name */
+ filename = slash_pos ? slash_pos + 1 : cur_pos; /* rest is file name */
}
else
filename = cur_pos; /* this is a file name only */
@@ -4272,7 +4213,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
return CURLE_OUT_OF_MEMORY;
/* we have a special case for listing the root dir only */
- if(strequal(path_to_use, "/")) {
+ if(!strcmp(path_to_use, "/")) {
cur_pos++; /* make it point to the zero byte */
ftpc->dirs[0] = strdup("/");
ftpc->dirdepth++;
@@ -4289,18 +4230,14 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
/* we skip empty path components, like "x//y" since the FTP command
CWD requires a parameter and a non-existent parameter a) doesn't
work on many servers and b) has no effect on the others. */
- int len = curlx_sztosi(slash_pos - cur_pos + absolute_dir);
- ftpc->dirs[ftpc->dirdepth] =
- curl_easy_unescape(conn->data, cur_pos - absolute_dir, len, NULL);
- if(!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */
- failf(data, "no memory");
+ size_t len = slash_pos - cur_pos + absolute_dir;
+ CURLcode result =
+ Curl_urldecode(conn->data, cur_pos - absolute_dir, len,
+ &ftpc->dirs[ftpc->dirdepth], NULL,
+ TRUE);
+ if(result) {
freedirs(ftpc);
- return CURLE_OUT_OF_MEMORY;
- }
- if(isBadFtpString(ftpc->dirs[ftpc->dirdepth])) {
- free(ftpc->dirs[ftpc->dirdepth]);
- freedirs(ftpc);
- return CURLE_URL_MALFORMAT;
+ return result;
}
}
else {
@@ -4336,20 +4273,17 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
} /* switch */
if(filename && *filename) {
- ftpc->file = curl_easy_unescape(conn->data, filename, 0, NULL);
- if(NULL == ftpc->file) {
- freedirs(ftpc);
- failf(data, "no memory");
- return CURLE_OUT_OF_MEMORY;
- }
- if(isBadFtpString(ftpc->file)) {
+ CURLcode result =
+ Curl_urldecode(conn->data, filename, 0, &ftpc->file, NULL, TRUE);
+
+ if(result) {
freedirs(ftpc);
- return CURLE_URL_MALFORMAT;
+ return result;
}
}
else
- ftpc->file=NULL; /* instead of point to a zero byte, we make it a NULL
- pointer */
+ ftpc->file = NULL; /* instead of point to a zero byte, we make it a NULL
+ pointer */
if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
/* We need a file name when uploading. Return error! */
@@ -4362,16 +4296,19 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
if(ftpc->prevpath) {
/* prevpath is "raw" so we convert the input path before we compare the
strings */
- int dlen;
- char *path = curl_easy_unescape(conn->data, data->state.path, 0, &dlen);
- if(!path) {
+ size_t dlen;
+ char *path;
+ CURLcode result =
+ Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
+ if(result) {
freedirs(ftpc);
- return CURLE_OUT_OF_MEMORY;
+ return result;
}
- dlen -= ftpc->file?curlx_uztosi(strlen(ftpc->file)):0;
- if((dlen == curlx_uztosi(strlen(ftpc->prevpath))) &&
- strnequal(path, ftpc->prevpath, dlen)) {
+ dlen -= ftpc->file?strlen(ftpc->file):0;
+ if((dlen == strlen(ftpc->prevpath)) &&
+ !strncmp(path, ftpc->prevpath, dlen) &&
+ (ftpc->prevmethod == data->set.ftp_filemethod)) {
infof(data, "Request has same path as previous transfer\n");
ftpc->cwddone = TRUE;
}
@@ -4393,11 +4330,7 @@ static CURLcode ftp_dophase_done(struct connectdata *conn,
CURLcode result = ftp_do_more(conn, &completed);
if(result) {
- if(conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) {
- /* close the second socket if it was created already */
- Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
- conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
- }
+ close_secondarysocket(conn);
return result;
}
}
@@ -4446,16 +4379,16 @@ static
CURLcode ftp_regular_transfer(struct connectdata *conn,
bool *dophase_done)
{
- CURLcode result=CURLE_OK;
- bool connected=FALSE;
- struct SessionHandle *data = conn->data;
+ CURLcode result = CURLE_OK;
+ bool connected = FALSE;
+ struct Curl_easy *data = conn->data;
struct ftp_conn *ftpc = &conn->proto.ftpc;
data->req.size = -1; /* make sure this is unknown at this point */
Curl_pgrsSetUploadCounter(data, 0);
Curl_pgrsSetDownloadCounter(data, 0);
- Curl_pgrsSetUploadSize(data, 0);
- Curl_pgrsSetDownloadSize(data, 0);
+ Curl_pgrsSetUploadSize(data, -1);
+ Curl_pgrsSetDownloadSize(data, -1);
ftpc->ctl_valid = TRUE; /* starts good */
@@ -4463,7 +4396,7 @@ CURLcode ftp_regular_transfer(struct connectdata *conn,
&connected, /* have we connected after PASV/PORT */
dophase_done); /* all commands in the DO-phase done? */
- if(CURLE_OK == result) {
+ if(!result) {
if(!*dophase_done)
/* the DO phase has not completed yet */
@@ -4482,33 +4415,11 @@ CURLcode ftp_regular_transfer(struct connectdata *conn,
static CURLcode ftp_setup_connection(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
char *type;
char command;
struct FTP *ftp;
- if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
- /* Unless we have asked to tunnel ftp operations through the proxy, we
- switch and use HTTP operations only */
-#ifndef CURL_DISABLE_HTTP
- if(conn->handler == &Curl_handler_ftp)
- conn->handler = &Curl_handler_ftp_proxy;
- else {
-#ifdef USE_SSL
- conn->handler = &Curl_handler_ftps_proxy;
-#else
- failf(data, "FTPS not supported!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
- /* set it up as a HTTP connection instead */
- return conn->handler->setup_connection(conn);
-#else
- failf(data, "FTP over http proxy requires HTTP support built-in!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
-
conn->data->req.protop = ftp = malloc(sizeof(struct FTP));
if(NULL == ftp)
return CURLE_OUT_OF_MEMORY;
@@ -4528,7 +4439,7 @@ static CURLcode ftp_setup_connection(struct connectdata *conn)
command = Curl_raw_toupper(type[6]);
conn->bits.type_set = TRUE;
- switch (command) {
+ switch(command) {
case 'A': /* ASCII mode */
data->set.prefer_ascii = TRUE;
break;
diff --git a/libs/libcurl/src/ftp.h b/libs/libcurl/src/ftp.h
index bdd59c93da..e4aa63f178 100644
--- a/libs/libcurl/src/ftp.h
+++ b/libs/libcurl/src/ftp.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -31,7 +31,7 @@ extern const struct Curl_handler Curl_handler_ftp;
extern const struct Curl_handler Curl_handler_ftps;
#endif
-CURLcode Curl_ftpsendf(struct connectdata *, const char *fmt, ...);
+CURLcode Curl_ftpsend(struct connectdata *, const char *cmd);
CURLcode Curl_GetFTPResponse(ssize_t *nread, struct connectdata *conn,
int *ftpcode);
#endif /* CURL_DISABLE_FTP */
@@ -97,9 +97,9 @@ typedef enum {
file */
} curl_ftpfile;
-/* This FTP struct is used in the SessionHandle. All FTP data that is
+/* This FTP struct is used in the Curl_easy. All FTP data that is
connection-oriented must be in FTP_conn to properly deal with the fact that
- perhaps the SessionHandle is changed between the times the connection is
+ perhaps the Curl_easy is changed between the times the connection is
used. */
struct FTP {
curl_off_t *bytecountp;
@@ -130,10 +130,12 @@ struct ftp_conn {
should be FALSE when it gets to Curl_ftp_quit() */
bool cwddone; /* if it has been determined that the proper CWD combo
already has been done */
+ int cwdcount; /* number of CWD commands issued */
bool cwdfail; /* set TRUE if a CWD command fails, as then we must prevent
caching the current directory */
bool wait_data_conn; /* this is set TRUE if data connection is waited */
char *prevpath; /* conn->path from the previous transfer */
+ curl_ftpfile prevmethod; /* ftp method in previous transfer */
char transfertype; /* set by ftp_transfertype for use by Curl_client_write()a
and others (A/I or zero) */
int count1; /* general purpose counter for the state machine */
@@ -143,10 +145,15 @@ struct ftp_conn {
ftpstate state_saved; /* transfer type saved to be reloaded after
data connection is established */
curl_off_t retr_size_saved; /* Size of retrieved file saved */
- char * server_os; /* The target server operating system. */
+ char *server_os; /* The target server operating system. */
curl_off_t known_filesize; /* file size is different from -1, if wildcard
LIST parsing was done and wc_statemach set
it */
+ /* newhost is the (allocated) IP addr or host name to connect the data
+ connection to */
+ char *newhost; /* this is the pair to connect the DATA... */
+ unsigned short newport; /* connection to */
+
};
#define DEFAULT_ACCEPT_TIMEOUT 60000 /* milliseconds == one minute */
diff --git a/libs/libcurl/src/ftplistparser.c b/libs/libcurl/src/ftplistparser.c
index cb3601f58d..262ac03062 100644
--- a/libs/libcurl/src/ftplistparser.c
+++ b/libs/libcurl/src/ftplistparser.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,13 +23,13 @@
/**
* Now implemented:
*
- * 1) UNIX version 1
+ * 1) Unix version 1
* drwxr-xr-x 1 user01 ftp 512 Jan 29 23:32 prog
- * 2) UNIX version 2
+ * 2) Unix version 2
* drwxr-xr-x 1 user01 ftp 512 Jan 29 1997 prog
- * 3) UNIX version 3
+ * 3) Unix version 3
* drwxr-xr-x 1 1 1 512 Jan 29 23:32 prog
- * 4) UNIX symlink
+ * 4) Unix symlink
* lrwxr-xr-x 1 user01 ftp 512 Jan 29 23:32 prog -> prog2000
* 5) DOS style
* 01-29-97 11:32PM <DIR> prog
@@ -45,14 +45,9 @@
#include "fileinfo.h"
#include "llist.h"
#include "strtoofft.h"
-#include "rawstr.h"
#include "ftp.h"
#include "ftplistparser.h"
#include "curl_fnmatch.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -170,7 +165,7 @@ struct ftp_parselist_data {
} state;
CURLcode error;
- struct curl_fileinfo *file_data;
+ struct fileinfo *file_data;
unsigned int item_length;
size_t item_offset;
struct {
@@ -191,8 +186,7 @@ struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void)
void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data)
{
- if(*pl_data)
- free(*pl_data);
+ free(*pl_data);
*pl_data = NULL;
}
@@ -270,45 +264,16 @@ static int ftp_pl_get_permission(const char *str)
return permissions;
}
-static void PL_ERROR(struct connectdata *conn, CURLcode err)
-{
- struct ftp_wc_tmpdata *tmpdata = conn->data->wildcard.tmp;
- struct ftp_parselist_data *parser = tmpdata->parser;
- if(parser->file_data)
- Curl_fileinfo_dtor(NULL, parser->file_data);
- parser->file_data = NULL;
- parser->error = err;
-}
-
-static bool ftp_pl_gettime(struct ftp_parselist_data *parser, char *string)
-{
- (void)parser;
- (void)string;
- /* TODO
- * There could be possible parse timestamp from server. Leaving unimplemented
- * for now.
- * If you want implement this, please add CURLFINFOFLAG_KNOWN_TIME flag to
- * parser->file_data->flags
- *
- * Ftp servers are giving usually these formats:
- * Apr 11 1998 (unknown time.. set it to 00:00:00?)
- * Apr 11 12:21 (unknown year -> set it to NOW() time?)
- * 08-05-09 02:49PM (ms-dos format)
- * 20100421092538 -> for MLST/MLSD response
- */
-
- return FALSE;
-}
-
static CURLcode ftp_pl_insert_finfo(struct connectdata *conn,
- struct curl_fileinfo *finfo)
+ struct fileinfo *infop)
{
curl_fnmatch_callback compare;
struct WildcardData *wc = &conn->data->wildcard;
struct ftp_wc_tmpdata *tmpdata = wc->tmp;
- struct curl_llist *llist = wc->filelist;
+ struct curl_llist *llist = &wc->filelist;
struct ftp_parselist_data *parser = tmpdata->parser;
bool add = TRUE;
+ struct curl_fileinfo *finfo = &infop->info;
/* move finfo pointers to b_data */
char *str = finfo->b_data;
@@ -342,11 +307,7 @@ static CURLcode ftp_pl_insert_finfo(struct connectdata *conn,
}
if(add) {
- if(!Curl_llist_insert_next(llist, llist->tail, finfo)) {
- Curl_fileinfo_dtor(NULL, finfo);
- tmpdata->parser->file_data = NULL;
- return CURLE_OUT_OF_MEMORY;
- }
+ Curl_llist_insert_next(llist, llist->tail, finfo, &infop->list);
}
else {
Curl_fileinfo_dtor(NULL, finfo);
@@ -363,9 +324,11 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
struct connectdata *conn = (struct connectdata *)connptr;
struct ftp_wc_tmpdata *tmpdata = conn->data->wildcard.tmp;
struct ftp_parselist_data *parser = tmpdata->parser;
+ struct fileinfo *infop;
struct curl_fileinfo *finfo;
unsigned long i = 0;
- CURLcode rc;
+ CURLcode result;
+ size_t retsize = bufflen;
if(parser->error) { /* error in previous call */
/* scenario:
@@ -374,7 +337,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
* 3. (last) call => is skipped RIGHT HERE and the error is hadled later
* in wc_statemach()
*/
- return bufflen;
+ goto fail;
}
if(parser->os_type == OS_TYPE_UNKNOWN && bufflen > 0) {
@@ -390,19 +353,20 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->file_data = Curl_fileinfo_alloc();
if(!parser->file_data) {
parser->error = CURLE_OUT_OF_MEMORY;
- return bufflen;
+ goto fail;
}
- parser->file_data->b_data = malloc(FTP_BUFFER_ALLOCSIZE);
- if(!parser->file_data->b_data) {
- PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
- return bufflen;
+ parser->file_data->info.b_data = malloc(FTP_BUFFER_ALLOCSIZE);
+ if(!parser->file_data->info.b_data) {
+ parser->error = CURLE_OUT_OF_MEMORY;
+ goto fail;
}
- parser->file_data->b_size = FTP_BUFFER_ALLOCSIZE;
+ parser->file_data->info.b_size = FTP_BUFFER_ALLOCSIZE;
parser->item_offset = 0;
parser->item_length = 0;
}
- finfo = parser->file_data;
+ infop = parser->file_data;
+ finfo = &infop->info;
finfo->b_data[finfo->b_used++] = c;
if(finfo->b_used >= finfo->b_size - 1) {
@@ -417,14 +381,13 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
Curl_fileinfo_dtor(NULL, parser->file_data);
parser->file_data = NULL;
parser->error = CURLE_OUT_OF_MEMORY;
- PL_ERROR(conn, CURLE_OUT_OF_MEMORY);
- return bufflen;
+ goto fail;
}
}
- switch (parser->os_type) {
+ switch(parser->os_type) {
case OS_TYPE_UNIX:
- switch (parser->state.UNIX.main) {
+ switch(parser->state.UNIX.main) {
case PL_UNIX_TOTALSIZE:
switch(parser->state.UNIX.sub.total_dirsize) {
case PL_UNIX_TOTALSIZE_INIT:
@@ -448,29 +411,30 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
else if(c == '\n') {
finfo->b_data[parser->item_length - 1] = 0;
if(strncmp("total ", finfo->b_data, 6) == 0) {
- char *endptr = finfo->b_data+6;
- /* here we can deal with directory size */
+ char *endptr = finfo->b_data + 6;
+ /* here we can deal with directory size, pass the leading white
+ spaces and then the digits */
while(ISSPACE(*endptr))
endptr++;
+ while(ISDIGIT(*endptr))
+ endptr++;
if(*endptr != 0) {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
- }
- else {
- parser->state.UNIX.main = PL_UNIX_FILETYPE;
- finfo->b_used = 0;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
+ parser->state.UNIX.main = PL_UNIX_FILETYPE;
+ finfo->b_used = 0;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
break;
}
break;
case PL_UNIX_FILETYPE:
- switch (c) {
+ switch(c) {
case '-':
finfo->filetype = CURLFILETYPE_FILE;
break;
@@ -496,8 +460,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
finfo->filetype = CURLFILETYPE_DOOR;
break;
default:
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
parser->state.UNIX.main = PL_UNIX_PERMISSION;
parser->item_length = 0;
@@ -507,24 +471,24 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->item_length++;
if(parser->item_length <= 9) {
if(!strchr("rwx-tTsS", c)) {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
else if(parser->item_length == 10) {
unsigned int perm;
if(c != ' ') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
finfo->b_data[10] = 0; /* terminate permissions */
perm = ftp_pl_get_permission(finfo->b_data + parser->item_offset);
if(perm & FTP_LP_MALFORMATED_PERM) {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
- parser->file_data->flags |= CURLFINFOFLAG_KNOWN_PERM;
- parser->file_data->perm = perm;
+ parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_PERM;
+ parser->file_data->info.perm = perm;
parser->offsets.perm = parser->item_offset;
parser->item_length = 0;
@@ -542,8 +506,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.hlinks = PL_UNIX_HLINKS_NUMBER;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
break;
@@ -555,8 +519,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
hlinks = strtol(finfo->b_data + parser->item_offset, &p, 10);
if(p[0] == '\0' && hlinks != LONG_MAX && hlinks != LONG_MIN) {
- parser->file_data->flags |= CURLFINFOFLAG_KNOWN_HLINKCOUNT;
- parser->file_data->hardlinks = hlinks;
+ parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_HLINKCOUNT;
+ parser->file_data->info.hardlinks = hlinks;
}
parser->item_length = 0;
parser->item_offset = 0;
@@ -564,8 +528,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.user = PL_UNIX_USER_PRESPACE;
}
else if(c < '0' || c > '9') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
}
@@ -624,8 +588,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.size = PL_UNIX_SIZE_NUMBER;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
break;
@@ -635,20 +599,22 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
char *p;
curl_off_t fsize;
finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
- fsize = curlx_strtoofft(finfo->b_data+parser->item_offset, &p, 10);
- if(p[0] == '\0' && fsize != CURL_OFF_T_MAX &&
- fsize != CURL_OFF_T_MIN) {
- parser->file_data->flags |= CURLFINFOFLAG_KNOWN_SIZE;
- parser->file_data->size = fsize;
+ if(!curlx_strtoofft(finfo->b_data + parser->item_offset,
+ &p, 10, &fsize)) {
+ if(p[0] == '\0' && fsize != CURL_OFF_T_MAX &&
+ fsize != CURL_OFF_T_MIN) {
+ parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_SIZE;
+ parser->file_data->info.size = fsize;
+ }
+ parser->item_length = 0;
+ parser->item_offset = 0;
+ parser->state.UNIX.main = PL_UNIX_TIME;
+ parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART1;
}
- parser->item_length = 0;
- parser->item_offset = 0;
- parser->state.UNIX.main = PL_UNIX_TIME;
- parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART1;
}
else if(!ISDIGIT(c)) {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
}
@@ -663,8 +629,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.time = PL_UNIX_TIME_PART1;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
break;
@@ -674,8 +640,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART2;
}
else if(!ISALNUM(c) && c != '.') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
case PL_UNIX_TIME_PREPART2:
@@ -685,8 +651,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.time = PL_UNIX_TIME_PART2;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
break;
@@ -696,8 +662,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.time = PL_UNIX_TIME_PREPART3;
}
else if(!ISALNUM(c) && c != '.') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
case PL_UNIX_TIME_PREPART3:
@@ -707,8 +673,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.time = PL_UNIX_TIME_PART3;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
break;
@@ -717,9 +683,11 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
if(c == ' ') {
finfo->b_data[parser->item_offset + parser->item_length -1] = 0;
parser->offsets.time = parser->item_offset;
- if(ftp_pl_gettime(parser, finfo->b_data + parser->item_offset)) {
- parser->file_data->flags |= CURLFINFOFLAG_KNOWN_TIME;
- }
+ /*
+ if(ftp_pl_gettime(parser, finfo->b_data + parser->item_offset)) {
+ parser->file_data->flags |= CURLFINFOFLAG_KNOWN_TIME;
+ }
+ */
if(finfo->filetype == CURLFILETYPE_SYMLINK) {
parser->state.UNIX.main = PL_UNIX_SYMLINK;
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRESPACE;
@@ -730,8 +698,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
}
else if(!ISALNUM(c) && c != '.' && c != ':') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
}
@@ -748,34 +716,33 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
case PL_UNIX_FILENAME_NAME:
parser->item_length++;
if(c == '\r') {
- parser->item_length--;
parser->state.UNIX.sub.filename = PL_UNIX_FILENAME_WINDOWSEOL;
}
else if(c == '\n') {
finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
parser->offsets.filename = parser->item_offset;
parser->state.UNIX.main = PL_UNIX_FILETYPE;
- rc = ftp_pl_insert_finfo(conn, finfo);
- if(rc) {
- PL_ERROR(conn, rc);
- return bufflen;
+ result = ftp_pl_insert_finfo(conn, infop);
+ if(result) {
+ parser->error = result;
+ goto fail;
}
}
break;
case PL_UNIX_FILENAME_WINDOWSEOL:
if(c == '\n') {
- finfo->b_data[parser->item_offset + parser->item_length] = 0;
+ finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
parser->offsets.filename = parser->item_offset;
parser->state.UNIX.main = PL_UNIX_FILETYPE;
- rc = ftp_pl_insert_finfo(conn, finfo);
- if(rc) {
- PL_ERROR(conn, rc);
- return bufflen;
+ result = ftp_pl_insert_finfo(conn, infop);
+ if(result) {
+ parser->error = result;
+ goto fail;
}
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
}
@@ -795,8 +762,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET1;
}
else if(c == '\r' || c == '\n') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
case PL_UNIX_SYMLINK_PRETARGET1:
@@ -805,8 +772,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET2;
}
else if(c == '\r' || c == '\n') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@@ -818,8 +785,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRETARGET3;
}
else if(c == '\r' || c == '\n') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@@ -836,8 +803,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->item_offset = 0;
}
else if(c == '\r' || c == '\n') {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
else {
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_NAME;
@@ -850,23 +817,22 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->item_length = 1;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
case PL_UNIX_SYMLINK_TARGET:
- parser->item_length ++;
+ parser->item_length++;
if(c == '\r') {
- parser->item_length --;
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_WINDOWSEOL;
}
else if(c == '\n') {
finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
parser->offsets.symlink_target = parser->item_offset;
- rc = ftp_pl_insert_finfo(conn, finfo);
- if(rc) {
- PL_ERROR(conn, rc);
- return bufflen;
+ result = ftp_pl_insert_finfo(conn, infop);
+ if(result) {
+ parser->error = result;
+ goto fail;
}
parser->state.UNIX.main = PL_UNIX_FILETYPE;
}
@@ -875,16 +841,16 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
if(c == '\n') {
finfo->b_data[parser->item_offset + parser->item_length - 1] = 0;
parser->offsets.symlink_target = parser->item_offset;
- rc = ftp_pl_insert_finfo(conn, finfo);
- if(rc) {
- PL_ERROR(conn, rc);
- return bufflen;
+ result = ftp_pl_insert_finfo(conn, infop);
+ if(result) {
+ parser->error = result;
+ goto fail;
}
parser->state.UNIX.main = PL_UNIX_FILETYPE;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
}
@@ -897,8 +863,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->item_length++;
if(parser->item_length < 9) {
if(!strchr("0123456789-", c)) { /* only simple control */
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
else if(parser->item_length == 9) {
@@ -907,13 +873,13 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->state.NT.sub.time = PL_WINNT_TIME_PRESPACE;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
case PL_WINNT_TIME:
@@ -933,8 +899,8 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->item_length = 0;
}
else if(!strchr("APM0123456789:", c)) {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
}
@@ -961,27 +927,17 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
else {
char *endptr;
- finfo->size = curlx_strtoofft(finfo->b_data +
- parser->item_offset,
- &endptr, 10);
- if(!*endptr) {
- if(finfo->size == CURL_OFF_T_MAX ||
- finfo->size == CURL_OFF_T_MIN) {
- if(errno == ERANGE) {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
- }
- }
- }
- else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ if(curlx_strtoofft(finfo->b_data +
+ parser->item_offset,
+ &endptr, 10, &finfo->size)) {
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
/* correct file type */
- parser->file_data->filetype = CURLFILETYPE_FILE;
+ parser->file_data->info.filetype = CURLFILETYPE_FILE;
}
- parser->file_data->flags |= CURLFINFOFLAG_KNOWN_SIZE;
+ parser->file_data->info.flags |= CURLFINFOFLAG_KNOWN_SIZE;
parser->item_length = 0;
parser->state.NT.main = PL_WINNT_FILENAME;
parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
@@ -990,7 +946,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
break;
case PL_WINNT_FILENAME:
- switch (parser->state.NT.sub.filename) {
+ switch(parser->state.NT.sub.filename) {
case PL_WINNT_FILENAME_PRESPACE:
if(c != ' ') {
parser->item_offset = finfo->b_used -1;
@@ -1008,10 +964,10 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
parser->offsets.filename = parser->item_offset;
finfo->b_data[finfo->b_used - 1] = 0;
parser->offsets.filename = parser->item_offset;
- rc = ftp_pl_insert_finfo(conn, finfo);
- if(rc) {
- PL_ERROR(conn, rc);
- return bufflen;
+ result = ftp_pl_insert_finfo(conn, infop);
+ if(result) {
+ parser->error = result;
+ goto fail;
}
parser->state.NT.main = PL_WINNT_DATE;
parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
@@ -1020,17 +976,17 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
case PL_WINNT_FILENAME_WINEOL:
if(c == '\n') {
parser->offsets.filename = parser->item_offset;
- rc = ftp_pl_insert_finfo(conn, finfo);
- if(rc) {
- PL_ERROR(conn, rc);
- return bufflen;
+ result = ftp_pl_insert_finfo(conn, infop);
+ if(result) {
+ parser->error = result;
+ goto fail;
}
parser->state.NT.main = PL_WINNT_DATE;
parser->state.NT.sub.filename = PL_WINNT_FILENAME_PRESPACE;
}
else {
- PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
- return bufflen;
+ parser->error = CURLE_FTP_BAD_FILE_LIST;
+ goto fail;
}
break;
}
@@ -1038,13 +994,22 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
}
break;
default:
- return bufflen+1;
+ retsize = bufflen + 1;
+ goto fail;
}
i++;
}
- return bufflen;
+fail:
+
+ /* Clean up any allocated memory. */
+ if(parser->file_data) {
+ Curl_fileinfo_dtor(NULL, parser->file_data);
+ parser->file_data = NULL;
+ }
+
+ return retsize;
}
#endif /* CURL_DISABLE_FTP */
diff --git a/libs/libcurl/src/ftplistparser.h b/libs/libcurl/src/ftplistparser.h
index 96764e2a41..8128887c0b 100644
--- a/libs/libcurl/src/ftplistparser.h
+++ b/libs/libcurl/src/ftplistparser.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/getenv.c b/libs/libcurl/src/getenv.c
index 36215aab0a..89d181de3c 100644
--- a/libs/libcurl/src/getenv.c
+++ b/libs/libcurl/src/getenv.c
@@ -9,7 +9,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -30,7 +30,8 @@
static
char *GetEnv(const char *variable)
{
-#ifdef _WIN32_WCE
+#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP)
+ (void)variable;
return NULL;
#else
#ifdef WIN32
diff --git a/libs/libcurl/src/getinfo.c b/libs/libcurl/src/getinfo.c
index 3d09dc6846..862ced0194 100644
--- a/libs/libcurl/src/getinfo.c
+++ b/libs/libcurl/src/getinfo.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -27,22 +27,25 @@
#include "urldata.h"
#include "getinfo.h"
-#include "curl_memory.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "connect.h" /* Curl_getconnectinfo() */
#include "progress.h"
-/* Make this the last #include */
+/* The last #include files should be: */
+#include "curl_memory.h"
#include "memdebug.h"
/*
- * This is supposed to be called in the beginning of a perform() session
- * and should reset all session-info variables
+ * Initialize statistical and informational data.
+ *
+ * This function is called in curl_easy_reset, curl_easy_duphandle and at the
+ * beginning of a perform session. It must reset the session-info variables,
+ * in particular all variables in struct PureInfo.
*/
-CURLcode Curl_initinfo(struct SessionHandle *data)
+CURLcode Curl_initinfo(struct Curl_easy *data)
{
struct Progress *pro = &data->progress;
- struct PureInfo *info =&data->info;
+ struct PureInfo *info = &data->info;
pro->t_nslookup = 0;
pro->t_connect = 0;
@@ -51,30 +54,43 @@ CURLcode Curl_initinfo(struct SessionHandle *data)
pro->t_starttransfer = 0;
pro->timespent = 0;
pro->t_redirect = 0;
+ pro->is_t_startransfer_set = false;
info->httpcode = 0;
+ info->httpproxycode = 0;
info->httpversion = 0;
info->filetime = -1; /* -1 is an illegal time and thus means unknown */
info->timecond = FALSE;
- if(info->contenttype)
- free(info->contenttype);
- info->contenttype = NULL;
-
info->header_size = 0;
info->request_size = 0;
+ info->proxyauthavail = 0;
+ info->httpauthavail = 0;
info->numconnects = 0;
+ free(info->contenttype);
+ info->contenttype = NULL;
+
+ free(info->wouldredirect);
+ info->wouldredirect = NULL;
+
info->conn_primary_ip[0] = '\0';
info->conn_local_ip[0] = '\0';
info->conn_primary_port = 0;
info->conn_local_port = 0;
+ info->conn_scheme = 0;
+ info->conn_protocol = 0;
+
+#ifdef USE_SSL
+ Curl_ssl_free_certinfo(data);
+#endif
+
return CURLE_OK;
}
-static CURLcode getinfo_char(struct SessionHandle *data, CURLINFO info,
- char **param_charp)
+static CURLcode getinfo_char(struct Curl_easy *data, CURLINFO info,
+ const char **param_charp)
{
switch(info) {
case CURLINFO_EFFECTIVE_URL:
@@ -111,14 +127,18 @@ static CURLcode getinfo_char(struct SessionHandle *data, CURLINFO info,
case CURLINFO_RTSP_SESSION_ID:
*param_charp = data->set.str[STRING_RTSP_SESSION_ID];
break;
+ case CURLINFO_SCHEME:
+ *param_charp = data->info.conn_scheme;
+ break;
default:
- return CURLE_BAD_FUNCTION_ARGUMENT;
+ return CURLE_UNKNOWN_OPTION;
}
+
return CURLE_OK;
}
-static CURLcode getinfo_long(struct SessionHandle *data, CURLINFO info,
+static CURLcode getinfo_long(struct Curl_easy *data, CURLINFO info,
long *param_longp)
{
curl_socket_t sockfd;
@@ -147,6 +167,9 @@ static CURLcode getinfo_long(struct SessionHandle *data, CURLINFO info,
case CURLINFO_SSL_VERIFYRESULT:
*param_longp = data->set.ssl.certverifyresult;
break;
+ case CURLINFO_PROXY_SSL_VERIFYRESULT:
+ *param_longp = data->set.proxy_ssl.certverifyresult;
+ break;
case CURLINFO_REDIRECT_COUNT:
*param_longp = data->set.followlocation;
break;
@@ -197,34 +220,87 @@ static CURLcode getinfo_long(struct SessionHandle *data, CURLINFO info,
case CURLINFO_RTSP_CSEQ_RECV:
*param_longp = data->state.rtsp_CSeq_recv;
break;
+ case CURLINFO_HTTP_VERSION:
+ switch(data->info.httpversion) {
+ case 10:
+ *param_longp = CURL_HTTP_VERSION_1_0;
+ break;
+ case 11:
+ *param_longp = CURL_HTTP_VERSION_1_1;
+ break;
+ case 20:
+ *param_longp = CURL_HTTP_VERSION_2_0;
+ break;
+ default:
+ *param_longp = CURL_HTTP_VERSION_NONE;
+ break;
+ }
+ break;
+ case CURLINFO_PROTOCOL:
+ *param_longp = data->info.conn_protocol;
+ break;
+
+ default:
+ return CURLE_UNKNOWN_OPTION;
+ }
+ return CURLE_OK;
+}
+
+#define DOUBLE_SECS(x) (double)(x)/1000000
+
+static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info,
+ curl_off_t *param_offt)
+{
+ switch(info) {
+ case CURLINFO_SIZE_UPLOAD_T:
+ *param_offt = data->progress.uploaded;
+ break;
+ case CURLINFO_SIZE_DOWNLOAD_T:
+ *param_offt = data->progress.downloaded;
+ break;
+ case CURLINFO_SPEED_DOWNLOAD_T:
+ *param_offt = data->progress.dlspeed;
+ break;
+ case CURLINFO_SPEED_UPLOAD_T:
+ *param_offt = data->progress.ulspeed;
+ break;
+ case CURLINFO_CONTENT_LENGTH_DOWNLOAD_T:
+ *param_offt = (data->progress.flags & PGRS_DL_SIZE_KNOWN)?
+ data->progress.size_dl:-1;
+ break;
+ case CURLINFO_CONTENT_LENGTH_UPLOAD_T:
+ *param_offt = (data->progress.flags & PGRS_UL_SIZE_KNOWN)?
+ data->progress.size_ul:-1;
+ break;
default:
- return CURLE_BAD_FUNCTION_ARGUMENT;
+ return CURLE_UNKNOWN_OPTION;
}
+
return CURLE_OK;
}
-static CURLcode getinfo_double(struct SessionHandle *data, CURLINFO info,
+static CURLcode getinfo_double(struct Curl_easy *data, CURLINFO info,
double *param_doublep)
{
switch(info) {
case CURLINFO_TOTAL_TIME:
- *param_doublep = data->progress.timespent;
+ *param_doublep = DOUBLE_SECS(data->progress.timespent);
break;
case CURLINFO_NAMELOOKUP_TIME:
- *param_doublep = data->progress.t_nslookup;
+ *param_doublep = DOUBLE_SECS(data->progress.t_nslookup);
break;
case CURLINFO_CONNECT_TIME:
- *param_doublep = data->progress.t_connect;
+ *param_doublep = DOUBLE_SECS(data->progress.t_connect);
break;
case CURLINFO_APPCONNECT_TIME:
- *param_doublep = data->progress.t_appconnect;
+ *param_doublep = DOUBLE_SECS(data->progress.t_appconnect);
break;
case CURLINFO_PRETRANSFER_TIME:
- *param_doublep = data->progress.t_pretransfer;
+ *param_doublep = DOUBLE_SECS(data->progress.t_pretransfer);
break;
case CURLINFO_STARTTRANSFER_TIME:
- *param_doublep = data->progress.t_starttransfer;
+ *param_doublep = DOUBLE_SECS(data->progress.t_starttransfer);
break;
case CURLINFO_SIZE_UPLOAD:
*param_doublep = (double)data->progress.uploaded;
@@ -247,21 +323,22 @@ static CURLcode getinfo_double(struct SessionHandle *data, CURLINFO info,
(double)data->progress.size_ul:-1;
break;
case CURLINFO_REDIRECT_TIME:
- *param_doublep = data->progress.t_redirect;
+ *param_doublep = DOUBLE_SECS(data->progress.t_redirect);
break;
default:
- return CURLE_BAD_FUNCTION_ARGUMENT;
+ return CURLE_UNKNOWN_OPTION;
}
+
return CURLE_OK;
}
-static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
+static CURLcode getinfo_slist(struct Curl_easy *data, CURLINFO info,
struct curl_slist **param_slistp)
{
union {
- struct curl_certinfo * to_certinfo;
- struct curl_slist * to_slist;
+ struct curl_certinfo *to_certinfo;
+ struct curl_slist *to_slist;
} ptr;
switch(info) {
@@ -277,55 +354,108 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
ptr.to_certinfo = &data->info.certs;
*param_slistp = ptr.to_slist;
break;
+ case CURLINFO_TLS_SESSION:
+ case CURLINFO_TLS_SSL_PTR:
+ {
+ struct curl_tlssessioninfo **tsip = (struct curl_tlssessioninfo **)
+ param_slistp;
+ struct curl_tlssessioninfo *tsi = &data->tsi;
+#ifdef USE_SSL
+ struct connectdata *conn = data->easy_conn;
+#endif
+
+ *tsip = tsi;
+ tsi->backend = Curl_ssl_backend();
+ tsi->internals = NULL;
+#ifdef USE_SSL
+ if(conn && tsi->backend != CURLSSLBACKEND_NONE) {
+ unsigned int i;
+ for(i = 0; i < (sizeof(conn->ssl) / sizeof(conn->ssl[0])); ++i) {
+ if(conn->ssl[i].use) {
+ tsi->internals = Curl_ssl->get_internals(&conn->ssl[i], info);
+ break;
+ }
+ }
+ }
+#endif
+ }
+ break;
default:
- return CURLE_BAD_FUNCTION_ARGUMENT;
+ return CURLE_UNKNOWN_OPTION;
}
+
return CURLE_OK;
}
-CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
+static CURLcode getinfo_socket(struct Curl_easy *data, CURLINFO info,
+ curl_socket_t *param_socketp)
+{
+ switch(info) {
+ case CURLINFO_ACTIVESOCKET:
+ *param_socketp = Curl_getconnectinfo(data, NULL);
+ break;
+ default:
+ return CURLE_UNKNOWN_OPTION;
+ }
+
+ return CURLE_OK;
+}
+
+CURLcode Curl_getinfo(struct Curl_easy *data, CURLINFO info, ...)
{
va_list arg;
- long *param_longp=NULL;
- double *param_doublep=NULL;
- char **param_charp=NULL;
- struct curl_slist **param_slistp=NULL;
+ long *param_longp = NULL;
+ double *param_doublep = NULL;
+ curl_off_t *param_offt = NULL;
+ const char **param_charp = NULL;
+ struct curl_slist **param_slistp = NULL;
+ curl_socket_t *param_socketp = NULL;
int type;
- /* default return code is to error out! */
- CURLcode ret = CURLE_BAD_FUNCTION_ARGUMENT;
+ CURLcode result = CURLE_UNKNOWN_OPTION;
if(!data)
- return ret;
+ return result;
va_start(arg, info);
type = CURLINFO_TYPEMASK & (int)info;
switch(type) {
case CURLINFO_STRING:
- param_charp = va_arg(arg, char **);
- if(NULL != param_charp)
- ret = getinfo_char(data, info, param_charp);
+ param_charp = va_arg(arg, const char **);
+ if(param_charp)
+ result = getinfo_char(data, info, param_charp);
break;
case CURLINFO_LONG:
param_longp = va_arg(arg, long *);
- if(NULL != param_longp)
- ret = getinfo_long(data, info, param_longp);
+ if(param_longp)
+ result = getinfo_long(data, info, param_longp);
break;
case CURLINFO_DOUBLE:
param_doublep = va_arg(arg, double *);
- if(NULL != param_doublep)
- ret = getinfo_double(data, info, param_doublep);
+ if(param_doublep)
+ result = getinfo_double(data, info, param_doublep);
+ break;
+ case CURLINFO_OFF_T:
+ param_offt = va_arg(arg, curl_off_t *);
+ if(param_offt)
+ result = getinfo_offt(data, info, param_offt);
break;
case CURLINFO_SLIST:
param_slistp = va_arg(arg, struct curl_slist **);
- if(NULL != param_slistp)
- ret = getinfo_slist(data, info, param_slistp);
+ if(param_slistp)
+ result = getinfo_slist(data, info, param_slistp);
+ break;
+ case CURLINFO_SOCKET:
+ param_socketp = va_arg(arg, curl_socket_t *);
+ if(param_socketp)
+ result = getinfo_socket(data, info, param_socketp);
break;
default:
break;
}
va_end(arg);
- return ret;
+
+ return result;
}
diff --git a/libs/libcurl/src/getinfo.h b/libs/libcurl/src/getinfo.h
index 3879ff73a8..aecf717f75 100644
--- a/libs/libcurl/src/getinfo.h
+++ b/libs/libcurl/src/getinfo.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -21,7 +21,7 @@
* KIND, either express or implied.
*
***************************************************************************/
-CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...);
-CURLcode Curl_initinfo(struct SessionHandle *data);
+CURLcode Curl_getinfo(struct Curl_easy *data, CURLINFO info, ...);
+CURLcode Curl_initinfo(struct Curl_easy *data);
#endif /* HEADER_CURL_GETINFO_H */
diff --git a/libs/libcurl/src/gopher.c b/libs/libcurl/src/gopher.c
index b1dd65fffe..b7c31b695e 100644
--- a/libs/libcurl/src/gopher.c
+++ b/libs/libcurl/src/gopher.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -28,18 +28,12 @@
#include <curl/curl.h>
#include "transfer.h"
#include "sendf.h"
-
#include "progress.h"
-#include "strequal.h"
#include "gopher.h"
-#include "rawstr.h"
#include "select.h"
#include "url.h"
+#include "escape.h"
#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -71,6 +65,7 @@ const struct Curl_handler Curl_handler_gopher = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_GOPHER, /* defport */
CURLPROTO_GOPHER, /* protocol */
PROTOPT_NONE /* flags */
@@ -78,65 +73,64 @@ const struct Curl_handler Curl_handler_gopher = {
static CURLcode gopher_do(struct connectdata *conn, bool *done)
{
- CURLcode result=CURLE_OK;
- struct SessionHandle *data=conn->data;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
curl_off_t *bytecount = &data->req.bytecount;
char *path = data->state.path;
- char *sel;
+ char *sel = NULL;
char *sel_org = NULL;
ssize_t amount, k;
+ size_t len;
*done = TRUE; /* unconditionally */
/* Create selector. Degenerate cases: / and /1 => convert to "" */
- if(strlen(path) <= 2)
+ if(strlen(path) <= 2) {
sel = (char *)"";
+ len = (int)strlen(sel);
+ }
else {
char *newp;
size_t j, i;
- int len;
/* Otherwise, drop / and the first character (i.e., item type) ... */
newp = path;
- newp+=2;
+ newp += 2;
/* ... then turn ? into TAB for search servers, Veronica, etc. ... */
j = strlen(newp);
- for(i=0; i<j; i++)
+ for(i = 0; i<j; i++)
if(newp[i] == '?')
newp[i] = '\x09';
/* ... and finally unescape */
- sel = curl_easy_unescape(data, newp, 0, &len);
- if(!sel)
- return CURLE_OUT_OF_MEMORY;
+ result = Curl_urldecode(data, newp, 0, &sel, &len, FALSE);
+ if(result)
+ return result;
sel_org = sel;
}
/* We use Curl_write instead of Curl_sendf to make sure the entire buffer is
sent, which could be sizeable with long selectors. */
- k = curlx_uztosz(strlen(sel));
+ k = curlx_uztosz(len);
for(;;) {
result = Curl_write(conn, sockfd, sel, k, &amount);
- if(CURLE_OK == result) { /* Which may not have written it all! */
+ if(!result) { /* Which may not have written it all! */
result = Curl_client_write(conn, CLIENTWRITE_HEADER, sel, amount);
- if(result) {
- Curl_safefree(sel_org);
- return result;
- }
+ if(result)
+ break;
+
k -= amount;
sel += amount;
if(k < 1)
break; /* but it did write it all */
}
- else {
- failf(data, "Failed sending Gopher request");
- Curl_safefree(sel_org);
- return result;
- }
+ else
+ break;
+
/* Don't busyloop. The entire loop thing is a work-around as it causes a
BLOCKING behavior which is a NO-NO. This function should rather be
split up in a do and a doing piece where the pieces that aren't
@@ -146,15 +140,19 @@ static CURLcode gopher_do(struct connectdata *conn, bool *done)
Wait a while for the socket to be writable. Note that this doesn't
acknowledge the timeout.
*/
- Curl_socket_ready(CURL_SOCKET_BAD, sockfd, 100);
+ if(SOCKET_WRITABLE(sockfd, 100) < 0) {
+ result = CURLE_SEND_ERROR;
+ break;
+ }
}
- Curl_safefree(sel_org);
+ free(sel_org);
- /* We can use Curl_sendf to send the terminal \r\n relatively safely and
- save allocing another string/doing another _write loop. */
- result = Curl_sendf(sockfd, conn, "\r\n");
- if(result != CURLE_OK) {
+ if(!result)
+ /* We can use Curl_sendf to send the terminal \r\n relatively safely and
+ save allocing another string/doing another _write loop. */
+ result = Curl_sendf(sockfd, conn, "\r\n");
+ if(result) {
failf(data, "Failed sending Gopher request");
return result;
}
diff --git a/libs/libcurl/src/gopher.h b/libs/libcurl/src/gopher.h
index 38bbc4b738..501c990a85 100644
--- a/libs/libcurl/src/gopher.h
+++ b/libs/libcurl/src/gopher.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/gskit.c b/libs/libcurl/src/gskit.c
deleted file mode 100644
index 5cda85b9b8..0000000000
--- a/libs/libcurl/src/gskit.c
+++ /dev/null
@@ -1,906 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_GSKIT
-
-#include <gskssl.h>
-#include <qsoasync.h>
-
-/* Some symbols are undefined/unsupported on OS400 versions < V7R1. */
-#ifndef GSK_SSL_EXTN_SERVERNAME_REQUEST
-#define GSK_SSL_EXTN_SERVERNAME_REQUEST 230
-#endif
-
-#ifdef HAVE_LIMITS_H
-# include <limits.h>
-#endif
-
-#include <curl/curl.h>
-#include "urldata.h"
-#include "sendf.h"
-#include "gskit.h"
-#include "sslgen.h"
-#include "connect.h" /* for the connect timeout */
-#include "select.h"
-#include "strequal.h"
-#include "x509asn1.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-
-/* Supported ciphers. */
-typedef struct {
- const char * name; /* Cipher name. */
- const char * gsktoken; /* Corresponding token for GSKit String. */
- int sslver; /* SSL version. */
-} gskit_cipher;
-
-static const gskit_cipher ciphertable[] = {
- { "null-md5", "01", CURL_SSLVERSION_SSLv3 },
- { "null-sha", "02", CURL_SSLVERSION_SSLv3 },
- { "exp-rc4-md5", "03", CURL_SSLVERSION_SSLv3 },
- { "rc4-md5", "04", CURL_SSLVERSION_SSLv3 },
- { "rc4-sha", "05", CURL_SSLVERSION_SSLv3 },
- { "exp-rc2-cbc-md5", "06", CURL_SSLVERSION_SSLv3 },
- { "exp-des-cbc-sha", "09", CURL_SSLVERSION_SSLv3 },
- { "des-cbc3-sha", "0A", CURL_SSLVERSION_SSLv3 },
- { "aes128-sha", "2F", CURL_SSLVERSION_TLSv1 },
- { "aes256-sha", "35", CURL_SSLVERSION_TLSv1 },
- { "rc4-md5", "1", CURL_SSLVERSION_SSLv2 },
- { "exp-rc4-md5", "2", CURL_SSLVERSION_SSLv2 },
- { "rc2-md5", "3", CURL_SSLVERSION_SSLv2 },
- { "exp-rc2-md5", "4", CURL_SSLVERSION_SSLv2 },
- { "des-cbc-md5", "6", CURL_SSLVERSION_SSLv2 },
- { "des-cbc3-md5", "7", CURL_SSLVERSION_SSLv2 },
- { (const char *) NULL, (const char *) NULL, 0 }
-};
-
-
-static bool is_separator(char c)
-{
- /* Return whether character is a cipher list separator. */
- switch (c) {
- case ' ':
- case '\t':
- case ':':
- case ',':
- case ';':
- return true;
- }
- return false;
-}
-
-
-static CURLcode gskit_status(struct SessionHandle * data, int rc,
- const char * procname, CURLcode defcode)
-{
- CURLcode cc;
-
- /* Process GSKit status and map it to a CURLcode. */
- switch (rc) {
- case GSK_OK:
- case GSK_OS400_ASYNCHRONOUS_SOC_INIT:
- return CURLE_OK;
- case GSK_KEYRING_OPEN_ERROR:
- case GSK_OS400_ERROR_NO_ACCESS:
- return CURLE_SSL_CACERT_BADFILE;
- case GSK_INSUFFICIENT_STORAGE:
- return CURLE_OUT_OF_MEMORY;
- case GSK_ERROR_BAD_V2_CIPHER:
- case GSK_ERROR_BAD_V3_CIPHER:
- case GSK_ERROR_NO_CIPHERS:
- return CURLE_SSL_CIPHER;
- case GSK_OS400_ERROR_NOT_TRUSTED_ROOT:
- case GSK_ERROR_CERT_VALIDATION:
- return CURLE_PEER_FAILED_VERIFICATION;
- case GSK_OS400_ERROR_TIMED_OUT:
- return CURLE_OPERATION_TIMEDOUT;
- case GSK_WOULD_BLOCK:
- return CURLE_AGAIN;
- case GSK_OS400_ERROR_NOT_REGISTERED:
- break;
- case GSK_ERROR_IO:
- switch (errno) {
- case ENOMEM:
- return CURLE_OUT_OF_MEMORY;
- default:
- failf(data, "%s I/O error: %s", procname, strerror(errno));
- break;
- }
- break;
- default:
- failf(data, "%s: %s", procname, gsk_strerror(rc));
- break;
- }
- return defcode;
-}
-
-
-static CURLcode set_enum(struct SessionHandle * data,
- gsk_handle h, GSK_ENUM_ID id, GSK_ENUM_VALUE value)
-{
- int rc = gsk_attribute_set_enum(h, id, value);
-
- switch (rc) {
- case GSK_OK:
- return CURLE_OK;
- case GSK_ERROR_IO:
- failf(data, "gsk_attribute_set_enum() I/O error: %s", strerror(errno));
- break;
- default:
- failf(data, "gsk_attribute_set_enum(): %s", gsk_strerror(rc));
- break;
- }
- return CURLE_SSL_CONNECT_ERROR;
-}
-
-
-static CURLcode set_buffer(struct SessionHandle * data,
- gsk_handle h, GSK_BUF_ID id, const char * buffer)
-{
- int rc = gsk_attribute_set_buffer(h, id, buffer, 0);
-
- switch (rc) {
- case GSK_OK:
- return CURLE_OK;
- case GSK_ERROR_IO:
- failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno));
- break;
- default:
- failf(data, "gsk_attribute_set_buffer(): %s", gsk_strerror(rc));
- break;
- }
- return CURLE_SSL_CONNECT_ERROR;
-}
-
-
-static CURLcode set_numeric(struct SessionHandle * data,
- gsk_handle h, GSK_NUM_ID id, int value)
-{
- int rc = gsk_attribute_set_numeric_value(h, id, value);
-
- switch (rc) {
- case GSK_OK:
- return CURLE_OK;
- case GSK_ERROR_IO:
- failf(data, "gsk_attribute_set_numeric_value() I/O error: %s",
- strerror(errno));
- break;
- default:
- failf(data, "gsk_attribute_set_numeric_value(): %s", gsk_strerror(rc));
- break;
- }
- return CURLE_SSL_CONNECT_ERROR;
-}
-
-
-static CURLcode set_callback(struct SessionHandle * data,
- gsk_handle h, GSK_CALLBACK_ID id, void * info)
-{
- int rc = gsk_attribute_set_callback(h, id, info);
-
- switch (rc) {
- case GSK_OK:
- return CURLE_OK;
- case GSK_ERROR_IO:
- failf(data, "gsk_attribute_set_callback() I/O error: %s", strerror(errno));
- break;
- default:
- failf(data, "gsk_attribute_set_callback(): %s", gsk_strerror(rc));
- break;
- }
- return CURLE_SSL_CONNECT_ERROR;
-}
-
-
-static CURLcode set_ciphers(struct SessionHandle * data, gsk_handle h)
-{
- const char * cipherlist = data->set.str[STRING_SSL_CIPHER_LIST];
- char * sslv2ciphers;
- char * sslv3ciphers;
- const char * clp;
- const gskit_cipher * ctp;
- char * v2p;
- char * v3p;
- int i;
- CURLcode cc;
-
- /* Compile cipher list into GSKit-compatible cipher lists. */
-
- if(!cipherlist)
- return CURLE_OK;
- while(is_separator(*cipherlist)) /* Skip initial separators. */
- cipherlist++;
- if(!*cipherlist)
- return CURLE_OK;
-
- /* We allocate GSKit buffers of the same size as the input string: since
- GSKit tokens are always shorter than their cipher names, allocated buffers
- will always be large enough to accomodate the result. */
- i = strlen(cipherlist) + 1;
- v2p = malloc(i);
- if(!v2p)
- return CURLE_OUT_OF_MEMORY;
- v3p = malloc(i);
- if(!v3p) {
- free(v2p);
- return CURLE_OUT_OF_MEMORY;
- }
- sslv2ciphers = v2p;
- sslv3ciphers = v3p;
-
- /* Process each cipher in input string. */
- for(;;) {
- for(clp = cipherlist; *cipherlist && !is_separator(*cipherlist);)
- cipherlist++;
- i = cipherlist - clp;
- if(!i)
- break;
- /* Search the cipher in our table. */
- for(ctp = ciphertable; ctp->name; ctp++)
- if(strnequal(ctp->name, clp, i) && !ctp->name[i])
- break;
- if(!ctp->name)
- failf(data, "Unknown cipher %.*s: ignored", i, clp);
- else {
- switch (ctp->sslver) {
- case CURL_SSLVERSION_SSLv2:
- strcpy(v2p, ctp->gsktoken);
- v2p += strlen(v2p);
- break;
- default:
- /* GSKit wants TLSv1 ciphers with SSLv3 ciphers. */
- strcpy(v3p, ctp->gsktoken);
- v3p += strlen(v3p);
- break;
- }
- }
-
- /* Advance to next cipher name or end of string. */
- while(is_separator(*cipherlist))
- cipherlist++;
- }
- *v2p = '\0';
- *v3p = '\0';
- cc = set_buffer(data, h, GSK_V2_CIPHER_SPECS, sslv2ciphers);
- if(cc == CURLE_OK)
- cc = set_buffer(data, h, GSK_V3_CIPHER_SPECS, sslv3ciphers);
- free(sslv2ciphers);
- free(sslv3ciphers);
- return cc;
-}
-
-
-int Curl_gskit_init(void)
-{
- /* No initialisation needed. */
-
- return 1;
-}
-
-
-void Curl_gskit_cleanup(void)
-{
- /* Nothing to do. */
-}
-
-
-static CURLcode init_environment(struct SessionHandle * data,
- gsk_handle * envir, const char * appid,
- const char * file, const char * label,
- const char * password)
-{
- int rc;
- CURLcode c;
- gsk_handle h;
-
- /* Creates the GSKit environment. */
-
- rc = gsk_environment_open(&h);
- switch (rc) {
- case GSK_OK:
- break;
- case GSK_INSUFFICIENT_STORAGE:
- return CURLE_OUT_OF_MEMORY;
- default:
- failf(data, "gsk_environment_open(): %s", gsk_strerror(rc));
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- c = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION);
- if(c == CURLE_OK && appid)
- c = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid);
- if(c == CURLE_OK && file)
- c = set_buffer(data, h, GSK_KEYRING_FILE, file);
- if(c == CURLE_OK && label)
- c = set_buffer(data, h, GSK_KEYRING_LABEL, label);
- if(c == CURLE_OK && password)
- c = set_buffer(data, h, GSK_KEYRING_PW, password);
-
- if(c == CURLE_OK) {
- /* Locate CAs, Client certificate and key according to our settings.
- Note: this call may be blocking for some tenths of seconds. */
- c = gskit_status(data, gsk_environment_init(h),
- "gsk_environment_init()", CURLE_SSL_CERTPROBLEM);
- if(c == CURLE_OK) {
- *envir = h;
- return c;
- }
- }
- /* Error: rollback. */
- gsk_environment_close(&h);
- return c;
-}
-
-
-static void cancel_async_handshake(struct connectdata * conn, int sockindex)
-{
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- Qso_OverlappedIO_t cstat;
-
- if(QsoCancelOperation(conn->sock[sockindex], 0) > 0)
- QsoWaitForIOCompletion(connssl->iocport, &cstat, (struct timeval *) NULL);
-}
-
-
-static void close_async_handshake(struct ssl_connect_data * connssl)
-{
- QsoDestroyIOCompletionPort(connssl->iocport);
- connssl->iocport = -1;
-}
-
-
-static void close_one(struct ssl_connect_data * conn,
- struct SessionHandle * data)
-{
- if(conn->handle) {
- gskit_status(data, gsk_secure_soc_close(&conn->handle),
- "gsk_secure_soc_close()", 0);
- conn->handle = (gsk_handle) NULL;
- }
- if(conn->iocport >= 0)
- close_async_handshake(conn);
-}
-
-
-static ssize_t gskit_send(struct connectdata * conn, int sockindex,
- const void * mem, size_t len, CURLcode * curlcode)
-{
- struct SessionHandle * data = conn->data;
- CURLcode cc;
- int written;
-
- cc = gskit_status(data,
- gsk_secure_soc_write(conn->ssl[sockindex].handle,
- (char *) mem, (int) len, &written),
- "gsk_secure_soc_write()", CURLE_SEND_ERROR);
- if(cc != CURLE_OK) {
- *curlcode = cc;
- written = -1;
- }
- return (ssize_t) written; /* number of bytes */
-}
-
-
-static ssize_t gskit_recv(struct connectdata * conn, int num, char * buf,
- size_t buffersize, CURLcode * curlcode)
-{
- struct SessionHandle * data = conn->data;
- int buffsize;
- int nread;
- CURLcode cc;
-
- buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
- cc = gskit_status(data, gsk_secure_soc_read(conn->ssl[num].handle,
- buf, buffsize, &nread),
- "gsk_secure_soc_read()", CURLE_RECV_ERROR);
- if(cc != CURLE_OK) {
- *curlcode = cc;
- nread = -1;
- }
- return (ssize_t) nread;
-}
-
-
-static CURLcode gskit_connect_step1(struct connectdata * conn, int sockindex)
-{
- struct SessionHandle * data = conn->data;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- gsk_handle envir;
- CURLcode cc;
- int rc;
- char * keyringfile;
- char * keyringpwd;
- char * keyringlabel;
- char * v2ciphers;
- char * v3ciphers;
- char * sni;
- bool sslv2enable, sslv3enable, tlsv1enable;
- long timeout;
- Qso_OverlappedIO_t commarea;
-
- /* Create SSL environment, start (preferably asynchronous) handshake. */
-
- connssl->handle = (gsk_handle) NULL;
- connssl->iocport = -1;
-
- /* GSKit supports two ways of specifying an SSL context: either by
- * application identifier (that should have been defined at the system
- * level) or by keyring file, password and certificate label.
- * Local certificate name (CURLOPT_SSLCERT) is used to hold either the
- * application identifier of the certificate label.
- * Key password (CURLOPT_KEYPASSWD) holds the keyring password.
- * It is not possible to have different keyrings for the CAs and the
- * local certificate. We thus use the CA file (CURLOPT_CAINFO) to identify
- * the keyring file.
- * If no key password is given and the keyring is the system keyring,
- * application identifier mode is tried first, as recommended in IBM doc.
- */
-
- keyringfile = data->set.str[STRING_SSL_CAFILE];
- keyringpwd = data->set.str[STRING_KEY_PASSWD];
- keyringlabel = data->set.str[STRING_CERT];
- envir = (gsk_handle) NULL;
-
- if(keyringlabel && *keyringlabel && !keyringpwd &&
- !strcmp(keyringfile, CURL_CA_BUNDLE)) {
- /* Try application identifier mode. */
- init_environment(data, &envir, keyringlabel, (const char *) NULL,
- (const char *) NULL, (const char *) NULL);
- }
-
- if(!envir) {
- /* Use keyring mode. */
- cc = init_environment(data, &envir, (const char *) NULL,
- keyringfile, keyringlabel, keyringpwd);
- if(cc != CURLE_OK)
- return cc;
- }
-
- /* Create secure session. */
- cc = gskit_status(data, gsk_secure_soc_open(envir, &connssl->handle),
- "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR);
- gsk_environment_close(&envir);
- if(cc != CURLE_OK)
- return cc;
-
- /* Determine which SSL/TLS version should be enabled. */
- sslv2enable = sslv3enable = tlsv1enable = false;
- sni = conn->host.name;
- switch (data->set.ssl.version) {
- case CURL_SSLVERSION_SSLv2:
- sslv2enable = true;
- sni = (char *) NULL;
- break;
- case CURL_SSLVERSION_SSLv3:
- sslv3enable = true;
- sni = (char *) NULL;
- break;
- case CURL_SSLVERSION_TLSv1:
- tlsv1enable = true;
- break;
- default: /* CURL_SSLVERSION_DEFAULT. */
- sslv3enable = true;
- tlsv1enable = true;
- break;
- }
-
- /* Process SNI. Ignore if not supported (on OS400 < V7R1). */
- if(sni) {
- rc = gsk_attribute_set_buffer(connssl->handle,
- GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, 0);
- switch (rc) {
- case GSK_OK:
- case GSK_ATTRIBUTE_INVALID_ID:
- break;
- case GSK_ERROR_IO:
- failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno));
- cc = CURLE_SSL_CONNECT_ERROR;
- break;
- default:
- failf(data, "gsk_attribute_set_buffer(): %s", gsk_strerror(rc));
- cc = CURLE_SSL_CONNECT_ERROR;
- break;
- }
- }
-
- /* Set session parameters. */
- if(cc == CURLE_OK) {
- /* Compute the handshake timeout. Since GSKit granularity is 1 second,
- we round up the required value. */
- timeout = Curl_timeleft(data, NULL, TRUE);
- if(timeout < 0)
- cc = CURLE_OPERATION_TIMEDOUT;
- else
- cc = set_numeric(data, connssl->handle, GSK_HANDSHAKE_TIMEOUT,
- (timeout + 999) / 1000);
- }
- if(cc == CURLE_OK)
- cc = set_numeric(data, connssl->handle, GSK_FD, conn->sock[sockindex]);
- if(cc == CURLE_OK)
- cc = set_ciphers(data, connssl->handle);
- if(cc == CURLE_OK)
- cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV2,
- sslv2enable? GSK_PROTOCOL_SSLV2_ON:
- GSK_PROTOCOL_SSLV2_OFF);
- if(cc == CURLE_OK)
- cc = set_enum(data, connssl->handle, GSK_PROTOCOL_SSLV3,
- sslv3enable? GSK_PROTOCOL_SSLV3_ON:
- GSK_PROTOCOL_SSLV3_OFF);
- if(cc == CURLE_OK)
- cc = set_enum(data, connssl->handle, GSK_PROTOCOL_TLSV1,
- sslv3enable? GSK_PROTOCOL_TLSV1_ON:
- GSK_PROTOCOL_TLSV1_OFF);
- if(cc == CURLE_OK)
- cc = set_enum(data, connssl->handle, GSK_SERVER_AUTH_TYPE,
- data->set.ssl.verifypeer? GSK_SERVER_AUTH_FULL:
- GSK_SERVER_AUTH_PASSTHRU);
-
- if(cc == CURLE_OK) {
- /* Start handshake. Try asynchronous first. */
- memset(&commarea, 0, sizeof commarea);
- connssl->iocport = QsoCreateIOCompletionPort();
- if(connssl->iocport != -1) {
- cc = gskit_status(data, gsk_secure_soc_startInit(connssl->handle,
- connssl->iocport, &commarea),
- "gsk_secure_soc_startInit()", CURLE_SSL_CONNECT_ERROR);
- if(cc == CURLE_OK) {
- connssl->connecting_state = ssl_connect_2;
- return CURLE_OK;
- }
- else
- close_async_handshake(connssl);
- }
- else if(errno != ENOBUFS)
- cc = gskit_status(data, GSK_ERROR_IO, "QsoCreateIOCompletionPort()", 0);
- else {
- /* No more completion port available. Use synchronous IO. */
- cc = gskit_status(data, gsk_secure_soc_init(connssl->handle),
- "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR);
- if(cc == CURLE_OK) {
- connssl->connecting_state = ssl_connect_3;
- return CURLE_OK;
- }
- }
- }
-
- /* Error: rollback. */
- close_one(connssl, data);
- return cc;
-}
-
-
-static CURLcode gskit_connect_step2(struct connectdata * conn, int sockindex,
- bool nonblocking)
-{
- struct SessionHandle * data = conn->data;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- Qso_OverlappedIO_t cstat;
- long timeout_ms;
- struct timeval stmv;
- CURLcode cc;
-
- /* Poll or wait for end of SSL asynchronous handshake. */
-
- for(;;) {
- timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
- if(timeout_ms < 0)
- timeout_ms = 0;
- stmv.tv_sec = timeout_ms / 1000;
- stmv.tv_usec = (timeout_ms - stmv.tv_sec * 1000) * 1000;
- switch (QsoWaitForIOCompletion(connssl->iocport, &cstat, &stmv)) {
- case 1: /* Operation complete. */
- break;
- case -1: /* An error occurred: handshake still in progress. */
- if(errno == EINTR) {
- if(nonblocking)
- return CURLE_OK;
- continue; /* Retry. */
- }
- if(errno != ETIME) {
- failf(data, "QsoWaitForIOCompletion() I/O error: %s", strerror(errno));
- cancel_async_handshake(conn, sockindex);
- close_async_handshake(connssl);
- return CURLE_SSL_CONNECT_ERROR;
- }
- /* FALL INTO... */
- case 0: /* Handshake in progress, timeout occurred. */
- if(nonblocking)
- return CURLE_OK;
- cancel_async_handshake(conn, sockindex);
- close_async_handshake(connssl);
- return CURLE_OPERATION_TIMEDOUT;
- }
- break;
- }
- cc = gskit_status(data, cstat.returnValue, "SSL handshake",
- CURLE_SSL_CONNECT_ERROR);
- if(cc == CURLE_OK)
- connssl->connecting_state = ssl_connect_3;
- close_async_handshake(connssl);
- return cc;
-}
-
-
-static CURLcode gskit_connect_step3(struct connectdata * conn, int sockindex)
-{
- struct SessionHandle * data = conn->data;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- const gsk_cert_data_elem * cdev;
- int cdec;
- const gsk_cert_data_elem * p;
- const char * cert = (const char *) NULL;
- const char * certend;
- int i;
- CURLcode cc;
-
- /* SSL handshake done: gather certificate info and verify host. */
-
- if(gskit_status(data, gsk_attribute_get_cert_info(connssl->handle,
- GSK_PARTNER_CERT_INFO,
- &cdev, &cdec),
- "gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) ==
- CURLE_OK) {
- infof(data, "Server certificate:\n");
- p = cdev;
- for(i = 0; i++ < cdec; p++)
- switch (p->cert_data_id) {
- case CERT_BODY_DER:
- cert = p->cert_data_p;
- certend = cert + cdev->cert_data_l;
- break;
- case CERT_DN_PRINTABLE:
- infof(data, "\t subject: %.*s\n", p->cert_data_l, p->cert_data_p);
- break;
- case CERT_ISSUER_DN_PRINTABLE:
- infof(data, "\t issuer: %.*s\n", p->cert_data_l, p->cert_data_p);
- break;
- case CERT_VALID_FROM:
- infof(data, "\t start date: %.*s\n", p->cert_data_l, p->cert_data_p);
- break;
- case CERT_VALID_TO:
- infof(data, "\t expire date: %.*s\n", p->cert_data_l, p->cert_data_p);
- break;
- }
- }
-
- /* Verify host. */
- cc = Curl_verifyhost(conn, cert, certend);
- if(cc != CURLE_OK)
- return cc;
-
- /* The only place GSKit can get the whole CA chain is a validation
- callback where no user data pointer is available. Therefore it's not
- possible to copy this chain into our structures for CAINFO.
- However the server certificate may be available, thus we can return
- info about it. */
- if(data->set.ssl.certinfo) {
- if(Curl_ssl_init_certinfo(data, 1))
- return CURLE_OUT_OF_MEMORY;
- if(cert) {
- cc = Curl_extract_certinfo(conn, 0, cert, certend);
- if(cc != CURLE_OK)
- return cc;
- }
- }
-
- connssl->connecting_state = ssl_connect_done;
- return CURLE_OK;
-}
-
-
-static CURLcode gskit_connect_common(struct connectdata * conn, int sockindex,
- bool nonblocking, bool * done)
-{
- struct SessionHandle * data = conn->data;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- long timeout_ms;
- Qso_OverlappedIO_t cstat;
- CURLcode cc = CURLE_OK;
-
- *done = connssl->state == ssl_connection_complete;
- if(*done)
- return CURLE_OK;
-
- /* Step 1: create session, start handshake. */
- if(connssl->connecting_state == ssl_connect_1) {
- /* check allowed time left */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- cc = CURLE_OPERATION_TIMEDOUT;
- }
- else
- cc = gskit_connect_step1(conn, sockindex);
- }
-
- /* Step 2: check if handshake is over. */
- if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_2) {
- /* check allowed time left */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- cc = CURLE_OPERATION_TIMEDOUT;
- }
- else
- cc = gskit_connect_step2(conn, sockindex, nonblocking);
- }
-
- /* Step 3: gather certificate info, verify host. */
- if(cc == CURLE_OK && connssl->connecting_state == ssl_connect_3)
- cc = gskit_connect_step3(conn, sockindex);
-
- if(cc != CURLE_OK)
- close_one(connssl, data);
- else if(connssl->connecting_state == ssl_connect_done) {
- connssl->state = ssl_connection_complete;
- connssl->connecting_state = ssl_connect_1;
- conn->recv[sockindex] = gskit_recv;
- conn->send[sockindex] = gskit_send;
- *done = TRUE;
- }
-
- return cc;
-}
-
-
-CURLcode Curl_gskit_connect_nonblocking(struct connectdata * conn,
- int sockindex,
- bool * done)
-{
- CURLcode cc;
-
- cc = gskit_connect_common(conn, sockindex, TRUE, done);
- if(*done || cc != CURLE_OK)
- conn->ssl[sockindex].connecting_state = ssl_connect_1;
- return cc;
-}
-
-
-CURLcode Curl_gskit_connect(struct connectdata * conn, int sockindex)
-{
- CURLcode retcode;
- bool done;
-
- conn->ssl[sockindex].connecting_state = ssl_connect_1;
- retcode = gskit_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- return retcode;
-
- DEBUGASSERT(done);
-
- return CURLE_OK;
-}
-
-
-void Curl_gskit_close(struct connectdata * conn, int sockindex)
-{
- struct SessionHandle * data = conn->data;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
-
- if(connssl->use)
- close_one(connssl, data);
-}
-
-
-int Curl_gskit_close_all(struct SessionHandle * data)
-{
- /* Unimplemented. */
- (void) data;
- return 0;
-}
-
-
-int Curl_gskit_shutdown(struct connectdata * conn, int sockindex)
-{
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- struct SessionHandle * data = conn->data;
- ssize_t nread;
- int what;
- int rc;
- char buf[120];
-
- if(!connssl->handle)
- return 0;
-
- if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
- return 0;
-
- close_one(connssl, data);
- rc = 0;
- what = Curl_socket_ready(conn->sock[sockindex],
- CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
-
- for(;;) {
- if(what < 0) {
- /* anything that gets here is fatally bad */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- rc = -1;
- break;
- }
-
- if(!what) { /* timeout */
- failf(data, "SSL shutdown timeout");
- break;
- }
-
- /* Something to read, let's do it and hope that it is the close
- notify alert from the server. No way to gsk_secure_soc_read() now, so
- use read(). */
-
- nread = read(conn->sock[sockindex], buf, sizeof(buf));
-
- if(nread < 0) {
- failf(data, "read: %s", strerror(errno));
- rc = -1;
- }
-
- if(nread <= 0)
- break;
-
- what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
- }
-
- return rc;
-}
-
-
-size_t Curl_gskit_version(char * buffer, size_t size)
-{
- strncpy(buffer, "GSKit", size);
- return strlen(buffer);
-}
-
-
-int Curl_gskit_check_cxn(struct connectdata * cxn)
-{
- int err;
- int errlen;
-
- /* The only thing that can be tested here is at the socket level. */
-
- if(!cxn->ssl[FIRSTSOCKET].handle)
- return 0; /* connection has been closed */
-
- err = 0;
- errlen = sizeof err;
-
- if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR,
- (unsigned char *) &err, &errlen) ||
- errlen != sizeof err || err)
- return 0; /* connection has been closed */
-
- return -1; /* connection status unknown */
-}
-
-#endif /* USE_GSKIT */
diff --git a/libs/libcurl/src/gskit.h b/libs/libcurl/src/gskit.h
deleted file mode 100644
index 0d59aa7096..0000000000
--- a/libs/libcurl/src/gskit.h
+++ /dev/null
@@ -1,64 +0,0 @@
-#ifndef HEADER_CURL_GSKIT_H
-#define HEADER_CURL_GSKIT_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-/*
- * This header should only be needed to get included by sslgen.c and gskit.c
- */
-
-#include "urldata.h"
-
-#ifdef USE_GSKIT
-int Curl_gskit_init(void);
-void Curl_gskit_cleanup(void);
-CURLcode Curl_gskit_connect(struct connectdata * conn, int sockindex);
-CURLcode Curl_gskit_connect_nonblocking(struct connectdata * conn,
- int sockindex, bool * done);
-void Curl_gskit_close(struct connectdata *conn, int sockindex);
-int Curl_gskit_close_all(struct SessionHandle * data);
-int Curl_gskit_shutdown(struct connectdata * conn, int sockindex);
-
-size_t Curl_gskit_version(char * buffer, size_t size);
-int Curl_gskit_check_cxn(struct connectdata * cxn);
-
-/* API setup for GSKit */
-#define curlssl_init Curl_gskit_init
-#define curlssl_cleanup Curl_gskit_cleanup
-#define curlssl_connect Curl_gskit_connect
-#define curlssl_connect_nonblocking Curl_gskit_connect_nonblocking
-
-/* No session handling for GSKit */
-#define curlssl_session_free(x) Curl_nop_stmt
-#define curlssl_close_all Curl_gskit_close_all
-#define curlssl_close Curl_gskit_close
-#define curlssl_shutdown(x,y) Curl_gskit_shutdown(x,y)
-#define curlssl_set_engine(x,y) CURLE_NOT_BUILT_IN
-#define curlssl_set_engine_default(x) CURLE_NOT_BUILT_IN
-#define curlssl_engines_list(x) NULL
-#define curlssl_version Curl_gskit_version
-#define curlssl_check_cxn(x) Curl_gskit_check_cxn(x)
-#define curlssl_data_pending(x,y) 0
-#endif /* USE_GSKIT */
-
-#endif /* HEADER_CURL_GSKIT_H */
diff --git a/libs/libcurl/src/gtls.c b/libs/libcurl/src/gtls.c
deleted file mode 100644
index 700e46a9da..0000000000
--- a/libs/libcurl/src/gtls.c
+++ /dev/null
@@ -1,1119 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/*
- * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- *
- * Note: don't use the GnuTLS' *_t variable type names in this source code,
- * since they were not present in 1.0.X.
- */
-
-#include "curl_setup.h"
-
-#ifdef USE_GNUTLS
-
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-
-#ifdef USE_GNUTLS_NETTLE
-#include <gnutls/crypto.h>
-#include <nettle/md5.h>
-#else
-#include <gcrypt.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "inet_pton.h"
-#include "gtls.h"
-#include "sslgen.h"
-#include "parsedate.h"
-#include "connect.h" /* for the connect timeout */
-#include "select.h"
-#include "rawstr.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/*
- Some hackish cast macros based on:
- http://library.gnome.org/devel/glib/unstable/glib-Type-Conversion-Macros.html
-*/
-#ifndef GNUTLS_POINTER_TO_INT_CAST
-#define GNUTLS_POINTER_TO_INT_CAST(p) ((int) (long) (p))
-#endif
-#ifndef GNUTLS_INT_TO_POINTER_CAST
-#define GNUTLS_INT_TO_POINTER_CAST(i) ((void*) (long) (i))
-#endif
-
-/* Enable GnuTLS debugging by defining GTLSDEBUG */
-/*#define GTLSDEBUG */
-
-#ifdef GTLSDEBUG
-static void tls_log_func(int level, const char *str)
-{
- fprintf(stderr, "|<%d>| %s", level, str);
-}
-#endif
-static bool gtls_inited = FALSE;
-
-#if defined(GNUTLS_VERSION_NUMBER)
-# if (GNUTLS_VERSION_NUMBER >= 0x020c00)
-# undef gnutls_transport_set_lowat
-# define gnutls_transport_set_lowat(A,B) Curl_nop_stmt
-# define USE_GNUTLS_PRIORITY_SET_DIRECT 1
-# endif
-# if (GNUTLS_VERSION_NUMBER >= 0x020c03)
-# define GNUTLS_MAPS_WINSOCK_ERRORS 1
-# endif
-#endif
-
-/*
- * Custom push and pull callback functions used by GNU TLS to read and write
- * to the socket. These functions are simple wrappers to send() and recv()
- * (although here using the sread/swrite macros as defined by
- * curl_setup_once.h).
- * We use custom functions rather than the GNU TLS defaults because it allows
- * us to get specific about the fourth "flags" argument, and to use arbitrary
- * private data with gnutls_transport_set_ptr if we wish.
- *
- * When these custom push and pull callbacks fail, GNU TLS checks its own
- * session-specific error variable, and when not set also its own global
- * errno variable, in order to take appropriate action. GNU TLS does not
- * require that the transport is actually a socket. This implies that for
- * Windows builds these callbacks should ideally set the session-specific
- * error variable using function gnutls_transport_set_errno or as a last
- * resort global errno variable using gnutls_transport_set_global_errno,
- * with a transport agnostic error value. This implies that some winsock
- * error translation must take place in these callbacks.
- *
- * Paragraph above applies to GNU TLS versions older than 2.12.3, since
- * this version GNU TLS does its own internal winsock error translation
- * using system_errno() function.
- */
-
-#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
-# define gtls_EINTR 4
-# define gtls_EIO 5
-# define gtls_EAGAIN 11
-static int gtls_mapped_sockerrno(void)
-{
- switch(SOCKERRNO) {
- case WSAEWOULDBLOCK:
- return gtls_EAGAIN;
- case WSAEINTR:
- return gtls_EINTR;
- default:
- break;
- }
- return gtls_EIO;
-}
-#endif
-
-static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
-{
- ssize_t ret = swrite(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
-#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
- if(ret < 0)
- gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
-#endif
- return ret;
-}
-
-static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
-{
- ssize_t ret = sread(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
-#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
- if(ret < 0)
- gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
-#endif
- return ret;
-}
-
-/* Curl_gtls_init()
- *
- * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
- * are not thread-safe and thus this function itself is not thread-safe and
- * must only be called from within curl_global_init() to keep the thread
- * situation under control!
- */
-int Curl_gtls_init(void)
-{
- int ret = 1;
- if(!gtls_inited) {
- ret = gnutls_global_init()?0:1;
-#ifdef GTLSDEBUG
- gnutls_global_set_log_function(tls_log_func);
- gnutls_global_set_log_level(2);
-#endif
- gtls_inited = TRUE;
- }
- return ret;
-}
-
-int Curl_gtls_cleanup(void)
-{
- if(gtls_inited) {
- gnutls_global_deinit();
- gtls_inited = FALSE;
- }
- return 1;
-}
-
-static void showtime(struct SessionHandle *data,
- const char *text,
- time_t stamp)
-{
- struct tm buffer;
- const struct tm *tm = &buffer;
- CURLcode result = Curl_gmtime(stamp, &buffer);
- if(result)
- return;
-
- snprintf(data->state.buffer,
- BUFSIZE,
- "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT\n",
- text,
- Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
- tm->tm_mday,
- Curl_month[tm->tm_mon],
- tm->tm_year + 1900,
- tm->tm_hour,
- tm->tm_min,
- tm->tm_sec);
- infof(data, "%s\n", data->state.buffer);
-}
-
-static gnutls_datum load_file (const char *file)
-{
- FILE *f;
- gnutls_datum loaded_file = { NULL, 0 };
- long filelen;
- void *ptr;
-
- if(!(f = fopen(file, "r")))
- return loaded_file;
- if(fseek(f, 0, SEEK_END) != 0
- || (filelen = ftell(f)) < 0
- || fseek(f, 0, SEEK_SET) != 0
- || !(ptr = malloc((size_t)filelen)))
- goto out;
- if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
- free(ptr);
- goto out;
- }
-
- loaded_file.data = ptr;
- loaded_file.size = (unsigned int)filelen;
-out:
- fclose(f);
- return loaded_file;
-}
-
-static void unload_file(gnutls_datum data) {
- free(data.data);
-}
-
-
-/* this function does a SSL/TLS (re-)handshake */
-static CURLcode handshake(struct connectdata *conn,
- int sockindex,
- bool duringconnect,
- bool nonblocking)
-{
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- gnutls_session session = conn->ssl[sockindex].session;
- curl_socket_t sockfd = conn->sock[sockindex];
- long timeout_ms;
- int rc;
- int what;
-
- for(;;) {
- /* check allowed time left */
- timeout_ms = Curl_timeleft(data, NULL, duringconnect);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- /* if ssl is expecting something, check if it's available. */
- if(connssl->connecting_state == ssl_connect_2_reading
- || connssl->connecting_state == ssl_connect_2_writing) {
-
- curl_socket_t writefd = ssl_connect_2_writing==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
- curl_socket_t readfd = ssl_connect_2_reading==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
-
- what = Curl_socket_ready(readfd, writefd,
- nonblocking?0:
- timeout_ms?timeout_ms:1000);
- if(what < 0) {
- /* fatal error */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- return CURLE_SSL_CONNECT_ERROR;
- }
- else if(0 == what) {
- if(nonblocking)
- return CURLE_OK;
- else if(timeout_ms) {
- /* timeout */
- failf(data, "SSL connection timeout at %ld", timeout_ms);
- return CURLE_OPERATION_TIMEDOUT;
- }
- }
- /* socket is readable or writable */
- }
-
- rc = gnutls_handshake(session);
-
- if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) {
- connssl->connecting_state =
- gnutls_record_get_direction(session)?
- ssl_connect_2_writing:ssl_connect_2_reading;
- continue;
- if(nonblocking)
- return CURLE_OK;
- }
- else if((rc < 0) && !gnutls_error_is_fatal(rc)) {
- const char *strerr = NULL;
-
- if(rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
- int alert = gnutls_alert_get(session);
- strerr = gnutls_alert_get_name(alert);
- }
-
- if(strerr == NULL)
- strerr = gnutls_strerror(rc);
-
- failf(data, "gnutls_handshake() warning: %s", strerr);
- }
- else if(rc < 0) {
- const char *strerr = NULL;
-
- if(rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
- int alert = gnutls_alert_get(session);
- strerr = gnutls_alert_get_name(alert);
- }
-
- if(strerr == NULL)
- strerr = gnutls_strerror(rc);
-
- failf(data, "gnutls_handshake() failed: %s", strerr);
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* Reset our connect state machine */
- connssl->connecting_state = ssl_connect_1;
- return CURLE_OK;
- }
-}
-
-static gnutls_x509_crt_fmt do_file_type(const char *type)
-{
- if(!type || !type[0])
- return GNUTLS_X509_FMT_PEM;
- if(Curl_raw_equal(type, "PEM"))
- return GNUTLS_X509_FMT_PEM;
- if(Curl_raw_equal(type, "DER"))
- return GNUTLS_X509_FMT_DER;
- return -1;
-}
-
-static CURLcode
-gtls_connect_step1(struct connectdata *conn,
- int sockindex)
-{
-#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
- static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
-#endif
- struct SessionHandle *data = conn->data;
- gnutls_session session;
- int rc;
- void *ssl_sessionid;
- size_t ssl_idsize;
- bool sni = TRUE; /* default is SNI enabled */
-#ifdef ENABLE_IPV6
- struct in6_addr addr;
-#else
- struct in_addr addr;
-#endif
-
- if(conn->ssl[sockindex].state == ssl_connection_complete)
- /* to make us tolerant against being called more than once for the
- same connection */
- return CURLE_OK;
-
- if(!gtls_inited)
- Curl_gtls_init();
-
- /* GnuTLS only supports SSLv3 and TLSv1 */
- if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
- failf(data, "GnuTLS does not support SSLv2");
- return CURLE_SSL_CONNECT_ERROR;
- }
- else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
- sni = FALSE; /* SSLv3 has no SNI */
-
- /* allocate a cred struct */
- rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
- if(rc != GNUTLS_E_SUCCESS) {
- failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
- return CURLE_SSL_CONNECT_ERROR;
- }
-
-#ifdef USE_TLS_SRP
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
- infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
-
- rc = gnutls_srp_allocate_client_credentials(
- &conn->ssl[sockindex].srp_client_cred);
- if(rc != GNUTLS_E_SUCCESS) {
- failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
- gnutls_strerror(rc));
- return CURLE_OUT_OF_MEMORY;
- }
-
- rc = gnutls_srp_set_client_credentials(conn->ssl[sockindex].
- srp_client_cred,
- data->set.ssl.username,
- data->set.ssl.password);
- if(rc != GNUTLS_E_SUCCESS) {
- failf(data, "gnutls_srp_set_client_cred() failed: %s",
- gnutls_strerror(rc));
- return CURLE_BAD_FUNCTION_ARGUMENT;
- }
- }
-#endif
-
- if(data->set.ssl.CAfile) {
- /* set the trusted CA cert bundle file */
- gnutls_certificate_set_verify_flags(conn->ssl[sockindex].cred,
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
-
- rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
- data->set.ssl.CAfile,
- GNUTLS_X509_FMT_PEM);
- if(rc < 0) {
- infof(data, "error reading ca cert file %s (%s)\n",
- data->set.ssl.CAfile, gnutls_strerror(rc));
- if(data->set.ssl.verifypeer)
- return CURLE_SSL_CACERT_BADFILE;
- }
- else
- infof(data, "found %d certificates in %s\n",
- rc, data->set.ssl.CAfile);
- }
-
- if(data->set.ssl.CRLfile) {
- /* set the CRL list file */
- rc = gnutls_certificate_set_x509_crl_file(conn->ssl[sockindex].cred,
- data->set.ssl.CRLfile,
- GNUTLS_X509_FMT_PEM);
- if(rc < 0) {
- failf(data, "error reading crl file %s (%s)",
- data->set.ssl.CRLfile, gnutls_strerror(rc));
- return CURLE_SSL_CRL_BADFILE;
- }
- else
- infof(data, "found %d CRL in %s\n",
- rc, data->set.ssl.CRLfile);
- }
-
- /* Initialize TLS session as a client */
- rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
- if(rc != GNUTLS_E_SUCCESS) {
- failf(data, "gnutls_init() failed: %d", rc);
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* convenient assign */
- session = conn->ssl[sockindex].session;
-
- if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
-#ifdef ENABLE_IPV6
- (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
-#endif
- sni &&
- (gnutls_server_name_set(session, GNUTLS_NAME_DNS, conn->host.name,
- strlen(conn->host.name)) < 0))
- infof(data, "WARNING: failed to configure server name indication (SNI) "
- "TLS extension\n");
-
- /* Use default priorities */
- rc = gnutls_set_default_priority(session);
- if(rc != GNUTLS_E_SUCCESS)
- return CURLE_SSL_CONNECT_ERROR;
-
- if(data->set.ssl.version == CURL_SSLVERSION_SSLv3) {
-#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
- static const int protocol_priority[] = { GNUTLS_SSL3, 0 };
- rc = gnutls_protocol_set_priority(session, protocol_priority);
-#else
- const char *err;
- /* the combination of the cipher ARCFOUR with SSL 3.0 and TLS 1.0 is not
- vulnerable to attacks such as the BEAST, why this code now explicitly
- asks for that
- */
- rc = gnutls_priority_set_direct(session,
- "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:"
- "-CIPHER-ALL:+ARCFOUR-128",
- &err);
-#endif
- if(rc != GNUTLS_E_SUCCESS)
- return CURLE_SSL_CONNECT_ERROR;
- }
-
-#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
- /* Sets the priority on the certificate types supported by gnutls. Priority
- is higher for types specified before others. After specifying the types
- you want, you must append a 0. */
- rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
- if(rc != GNUTLS_E_SUCCESS)
- return CURLE_SSL_CONNECT_ERROR;
-#endif
-
- if(data->set.str[STRING_CERT]) {
- if(gnutls_certificate_set_x509_key_file(
- conn->ssl[sockindex].cred,
- data->set.str[STRING_CERT],
- data->set.str[STRING_KEY] ?
- data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
- do_file_type(data->set.str[STRING_CERT_TYPE]) ) !=
- GNUTLS_E_SUCCESS) {
- failf(data, "error reading X.509 key or certificate file");
- return CURLE_SSL_CONNECT_ERROR;
- }
- }
-
-#ifdef USE_TLS_SRP
- /* put the credentials to the current session */
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
- rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
- conn->ssl[sockindex].srp_client_cred);
- if(rc != GNUTLS_E_SUCCESS)
- failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
- }
- else
-#endif
- rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
- conn->ssl[sockindex].cred);
-
- /* set the connection handle (file descriptor for the socket) */
- gnutls_transport_set_ptr(session,
- GNUTLS_INT_TO_POINTER_CAST(conn->sock[sockindex]));
-
- /* register callback functions to send and receive data. */
- gnutls_transport_set_push_function(session, Curl_gtls_push);
- gnutls_transport_set_pull_function(session, Curl_gtls_pull);
-
- /* lowat must be set to zero when using custom push and pull functions. */
- gnutls_transport_set_lowat(session, 0);
-
- /* This might be a reconnect, so we check for a session ID in the cache
- to speed up things */
-
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) {
- /* we got a session id, use it! */
- gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
-
- /* Informational message */
- infof (data, "SSL re-using session ID\n");
- }
-
- return CURLE_OK;
-}
-
-static Curl_recv gtls_recv;
-static Curl_send gtls_send;
-
-static CURLcode
-gtls_connect_step3(struct connectdata *conn,
- int sockindex)
-{
- unsigned int cert_list_size;
- const gnutls_datum *chainp;
- unsigned int verify_status;
- gnutls_x509_crt x509_cert,x509_issuer;
- gnutls_datum issuerp;
- char certbuf[256]; /* big enough? */
- size_t size;
- unsigned int algo;
- unsigned int bits;
- time_t certclock;
- const char *ptr;
- struct SessionHandle *data = conn->data;
- gnutls_session session = conn->ssl[sockindex].session;
- int rc;
- int incache;
- void *ssl_sessionid;
- CURLcode result = CURLE_OK;
-
- /* This function will return the peer's raw certificate (chain) as sent by
- the peer. These certificates are in raw format (DER encoded for
- X.509). In case of a X.509 then a certificate list may be present. The
- first certificate in the list is the peer's certificate, following the
- issuer's certificate, then the issuer's issuer etc. */
-
- chainp = gnutls_certificate_get_peers(session, &cert_list_size);
- if(!chainp) {
- if(data->set.ssl.verifypeer ||
- data->set.ssl.verifyhost ||
- data->set.ssl.issuercert) {
-#ifdef USE_TLS_SRP
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP
- && data->set.ssl.username != NULL
- && !data->set.ssl.verifypeer
- && gnutls_cipher_get(session)) {
- /* no peer cert, but auth is ok if we have SRP user and cipher and no
- peer verify */
- }
- else {
-#endif
- failf(data, "failed to get server cert");
- return CURLE_PEER_FAILED_VERIFICATION;
-#ifdef USE_TLS_SRP
- }
-#endif
- }
- infof(data, "\t common name: WARNING couldn't obtain\n");
- }
-
- if(data->set.ssl.verifypeer) {
- /* This function will try to verify the peer's certificate and return its
- status (trusted, invalid etc.). The value of status should be one or
- more of the gnutls_certificate_status_t enumerated elements bitwise
- or'd. To avoid denial of service attacks some default upper limits
- regarding the certificate key size and chain size are set. To override
- them use gnutls_certificate_set_verify_limits(). */
-
- rc = gnutls_certificate_verify_peers2(session, &verify_status);
- if(rc < 0) {
- failf(data, "server cert verify failed: %d", rc);
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* verify_status is a bitmask of gnutls_certificate_status bits */
- if(verify_status & GNUTLS_CERT_INVALID) {
- if(data->set.ssl.verifypeer) {
- failf(data, "server certificate verification failed. CAfile: %s "
- "CRLfile: %s", data->set.ssl.CAfile?data->set.ssl.CAfile:"none",
- data->set.ssl.CRLfile?data->set.ssl.CRLfile:"none");
- return CURLE_SSL_CACERT;
- }
- else
- infof(data, "\t server certificate verification FAILED\n");
- }
- else
- infof(data, "\t server certificate verification OK\n");
- }
- else {
- infof(data, "\t server certificate verification SKIPPED\n");
- goto after_server_cert_verification;
- }
-
- /* initialize an X.509 certificate structure. */
- gnutls_x509_crt_init(&x509_cert);
-
- /* convert the given DER or PEM encoded Certificate to the native
- gnutls_x509_crt_t format */
- gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
-
- if(data->set.ssl.issuercert) {
- gnutls_x509_crt_init(&x509_issuer);
- issuerp = load_file(data->set.ssl.issuercert);
- gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
- rc = gnutls_x509_crt_check_issuer(x509_cert,x509_issuer);
- unload_file(issuerp);
- if(rc <= 0) {
- failf(data, "server certificate issuer check failed (IssuerCert: %s)",
- data->set.ssl.issuercert?data->set.ssl.issuercert:"none");
- return CURLE_SSL_ISSUER_ERROR;
- }
- infof(data,"\t server certificate issuer check OK (Issuer Cert: %s)\n",
- data->set.ssl.issuercert?data->set.ssl.issuercert:"none");
- }
-
- size=sizeof(certbuf);
- rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME,
- 0, /* the first and only one */
- FALSE,
- certbuf,
- &size);
- if(rc) {
- infof(data, "error fetching CN from cert:%s\n",
- gnutls_strerror(rc));
- }
-
- /* This function will check if the given certificate's subject matches the
- given hostname. This is a basic implementation of the matching described
- in RFC2818 (HTTPS), which takes into account wildcards, and the subject
- alternative name PKIX extension. Returns non zero on success, and zero on
- failure. */
- rc = gnutls_x509_crt_check_hostname(x509_cert, conn->host.name);
-
- if(!rc) {
- if(data->set.ssl.verifyhost) {
- failf(data, "SSL: certificate subject name (%s) does not match "
- "target host name '%s'", certbuf, conn->host.dispname);
- gnutls_x509_crt_deinit(x509_cert);
- return CURLE_PEER_FAILED_VERIFICATION;
- }
- else
- infof(data, "\t common name: %s (does not match '%s')\n",
- certbuf, conn->host.dispname);
- }
- else
- infof(data, "\t common name: %s (matched)\n", certbuf);
-
- /* Check for time-based validity */
- certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
-
- if(certclock == (time_t)-1) {
- failf(data, "server cert expiration date verify failed");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- if(certclock < time(NULL)) {
- if(data->set.ssl.verifypeer) {
- failf(data, "server certificate expiration date has passed.");
- return CURLE_PEER_FAILED_VERIFICATION;
- }
- else
- infof(data, "\t server certificate expiration date FAILED\n");
- }
- else
- infof(data, "\t server certificate expiration date OK\n");
-
- certclock = gnutls_x509_crt_get_activation_time(x509_cert);
-
- if(certclock == (time_t)-1) {
- failf(data, "server cert activation date verify failed");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- if(certclock > time(NULL)) {
- if(data->set.ssl.verifypeer) {
- failf(data, "server certificate not activated yet.");
- return CURLE_PEER_FAILED_VERIFICATION;
- }
- else
- infof(data, "\t server certificate activation date FAILED\n");
- }
- else
- infof(data, "\t server certificate activation date OK\n");
-
- /* Show:
-
- - ciphers used
- - subject
- - start date
- - expire date
- - common name
- - issuer
-
- */
-
- /* public key algorithm's parameters */
- algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
- infof(data, "\t certificate public key: %s\n",
- gnutls_pk_algorithm_get_name(algo));
-
- /* version of the X.509 certificate. */
- infof(data, "\t certificate version: #%d\n",
- gnutls_x509_crt_get_version(x509_cert));
-
-
- size = sizeof(certbuf);
- gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);
- infof(data, "\t subject: %s\n", certbuf);
-
- certclock = gnutls_x509_crt_get_activation_time(x509_cert);
- showtime(data, "start date", certclock);
-
- certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
- showtime(data, "expire date", certclock);
-
- size = sizeof(certbuf);
- gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);
- infof(data, "\t issuer: %s\n", certbuf);
-
- gnutls_x509_crt_deinit(x509_cert);
-
-after_server_cert_verification:
-
- /* compression algorithm (if any) */
- ptr = gnutls_compression_get_name(gnutls_compression_get(session));
- /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
- infof(data, "\t compression: %s\n", ptr);
-
- /* the name of the cipher used. ie 3DES. */
- ptr = gnutls_cipher_get_name(gnutls_cipher_get(session));
- infof(data, "\t cipher: %s\n", ptr);
-
- /* the MAC algorithms name. ie SHA1 */
- ptr = gnutls_mac_get_name(gnutls_mac_get(session));
- infof(data, "\t MAC: %s\n", ptr);
-
- conn->ssl[sockindex].state = ssl_connection_complete;
- conn->recv[sockindex] = gtls_recv;
- conn->send[sockindex] = gtls_send;
-
- {
- /* we always unconditionally get the session id here, as even if we
- already got it from the cache and asked to use it in the connection, it
- might've been rejected and then a new one is in use now and we need to
- detect that. */
- void *connect_sessionid;
- size_t connect_idsize;
-
- /* get the session ID data size */
- gnutls_session_get_data(session, NULL, &connect_idsize);
- connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
-
- if(connect_sessionid) {
- /* extract session ID to the allocated buffer */
- gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
-
- incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL));
- if(incache) {
- /* there was one before in the cache, so instead of risking that the
- previous one was rejected, we just kill that and store the new */
- Curl_ssl_delsessionid(conn, ssl_sessionid);
- }
-
- /* store this session id */
- result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize);
- if(result) {
- free(connect_sessionid);
- result = CURLE_OUT_OF_MEMORY;
- }
- }
- else
- result = CURLE_OUT_OF_MEMORY;
- }
-
- return result;
-}
-
-
-/*
- * This function is called after the TCP connect has completed. Setup the TLS
- * layer and do all necessary magic.
- */
-/* We use connssl->connecting_state to keep track of the connection status;
- there are three states: 'ssl_connect_1' (not started yet or complete),
- 'ssl_connect_2_reading' (waiting for data from server), and
- 'ssl_connect_2_writing' (waiting to be able to write).
- */
-static CURLcode
-gtls_connect_common(struct connectdata *conn,
- int sockindex,
- bool nonblocking,
- bool *done)
-{
- int rc;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- /* Initiate the connection, if not already done */
- if(ssl_connect_1==connssl->connecting_state) {
- rc = gtls_connect_step1 (conn, sockindex);
- if(rc)
- return rc;
- }
-
- rc = handshake(conn, sockindex, TRUE, nonblocking);
- if(rc)
- /* handshake() sets its own error message with failf() */
- return rc;
-
- /* Finish connecting once the handshake is done */
- if(ssl_connect_1==connssl->connecting_state) {
- rc = gtls_connect_step3(conn, sockindex);
- if(rc)
- return rc;
- }
-
- *done = ssl_connect_1==connssl->connecting_state;
-
- return CURLE_OK;
-}
-
-CURLcode
-Curl_gtls_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done)
-{
- return gtls_connect_common(conn, sockindex, TRUE, done);
-}
-
-CURLcode
-Curl_gtls_connect(struct connectdata *conn,
- int sockindex)
-
-{
- CURLcode retcode;
- bool done = FALSE;
-
- retcode = gtls_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- return retcode;
-
- DEBUGASSERT(done);
-
- return CURLE_OK;
-}
-
-static ssize_t gtls_send(struct connectdata *conn,
- int sockindex,
- const void *mem,
- size_t len,
- CURLcode *curlcode)
-{
- ssize_t rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len);
-
- if(rc < 0 ) {
- *curlcode = (rc == GNUTLS_E_AGAIN)
- ? CURLE_AGAIN
- : CURLE_SEND_ERROR;
-
- rc = -1;
- }
-
- return rc;
-}
-
-void Curl_gtls_close_all(struct SessionHandle *data)
-{
- /* FIX: make the OpenSSL code more generic and use parts of it here */
- (void)data;
-}
-
-static void close_one(struct connectdata *conn,
- int idx)
-{
- if(conn->ssl[idx].session) {
- gnutls_bye(conn->ssl[idx].session, GNUTLS_SHUT_RDWR);
- gnutls_deinit(conn->ssl[idx].session);
- conn->ssl[idx].session = NULL;
- }
- if(conn->ssl[idx].cred) {
- gnutls_certificate_free_credentials(conn->ssl[idx].cred);
- conn->ssl[idx].cred = NULL;
- }
-#ifdef USE_TLS_SRP
- if(conn->ssl[idx].srp_client_cred) {
- gnutls_srp_free_client_credentials(conn->ssl[idx].srp_client_cred);
- conn->ssl[idx].srp_client_cred = NULL;
- }
-#endif
-}
-
-void Curl_gtls_close(struct connectdata *conn, int sockindex)
-{
- close_one(conn, sockindex);
-}
-
-/*
- * This function is called to shut down the SSL layer but keep the
- * socket open (CCC - Clear Command Channel)
- */
-int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
-{
- ssize_t result;
- int retval = 0;
- struct SessionHandle *data = conn->data;
- int done = 0;
- char buf[120];
-
- /* This has only been tested on the proftpd server, and the mod_tls code
- sends a close notify alert without waiting for a close notify alert in
- response. Thus we wait for a close notify alert from the server, but
- we do not send one. Let's hope other servers do the same... */
-
- if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
- gnutls_bye(conn->ssl[sockindex].session, GNUTLS_SHUT_WR);
-
- if(conn->ssl[sockindex].session) {
- while(!done) {
- int what = Curl_socket_ready(conn->sock[sockindex],
- CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
- if(what > 0) {
- /* Something to read, let's do it and hope that it is the close
- notify alert from the server */
- result = gnutls_record_recv(conn->ssl[sockindex].session,
- buf, sizeof(buf));
- switch(result) {
- case 0:
- /* This is the expected response. There was no data but only
- the close notify alert */
- done = 1;
- break;
- case GNUTLS_E_AGAIN:
- case GNUTLS_E_INTERRUPTED:
- infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED\n");
- break;
- default:
- retval = -1;
- done = 1;
- break;
- }
- }
- else if(0 == what) {
- /* timeout */
- failf(data, "SSL shutdown timeout");
- done = 1;
- break;
- }
- else {
- /* anything that gets here is fatally bad */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- retval = -1;
- done = 1;
- }
- }
- gnutls_deinit(conn->ssl[sockindex].session);
- }
- gnutls_certificate_free_credentials(conn->ssl[sockindex].cred);
-
-#ifdef USE_TLS_SRP
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP
- && data->set.ssl.username != NULL)
- gnutls_srp_free_client_credentials(conn->ssl[sockindex].srp_client_cred);
-#endif
-
- conn->ssl[sockindex].cred = NULL;
- conn->ssl[sockindex].session = NULL;
-
- return retval;
-}
-
-static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
- int num, /* socketindex */
- char *buf, /* store read data here */
- size_t buffersize, /* max amount to read */
- CURLcode *curlcode)
-{
- ssize_t ret;
-
- ret = gnutls_record_recv(conn->ssl[num].session, buf, buffersize);
- if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
- *curlcode = CURLE_AGAIN;
- return -1;
- }
-
- if(ret == GNUTLS_E_REHANDSHAKE) {
- /* BLOCKING call, this is bad but a work-around for now. Fixing this "the
- proper way" takes a whole lot of work. */
- CURLcode rc = handshake(conn, num, FALSE, FALSE);
- if(rc)
- /* handshake() writes error message on its own */
- *curlcode = rc;
- else
- *curlcode = CURLE_AGAIN; /* then return as if this was a wouldblock */
- return -1;
- }
-
- if(ret < 0) {
- failf(conn->data, "GnuTLS recv error (%d): %s",
- (int)ret, gnutls_strerror((int)ret));
- *curlcode = CURLE_RECV_ERROR;
- return -1;
- }
-
- return ret;
-}
-
-void Curl_gtls_session_free(void *ptr)
-{
- free(ptr);
-}
-
-size_t Curl_gtls_version(char *buffer, size_t size)
-{
- return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
-}
-
-int Curl_gtls_seed(struct SessionHandle *data)
-{
- /* we have the "SSL is seeded" boolean static to prevent multiple
- time-consuming seedings in vain */
- static bool ssl_seeded = FALSE;
-
- /* Quickly add a bit of entropy */
-#ifndef USE_GNUTLS_NETTLE
- gcry_fast_random_poll();
-#endif
-
- if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
- data->set.str[STRING_SSL_EGDSOCKET]) {
-
- /* TODO: to a good job seeding the RNG
- This may involve the gcry_control function and these options:
- GCRYCTL_SET_RANDOM_SEED_FILE
- GCRYCTL_SET_RNDEGD_SOCKET
- */
- ssl_seeded = TRUE;
- }
- return 0;
-}
-
-void Curl_gtls_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length)
-{
-#if defined(USE_GNUTLS_NETTLE)
- (void)data;
- gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
-#elif defined(USE_GNUTLS)
- Curl_gtls_seed(data); /* Initiate the seed if not already done */
- gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
-#endif
-}
-
-void Curl_gtls_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len)
-{
-#if defined(USE_GNUTLS_NETTLE)
- struct md5_ctx MD5pw;
- md5_init(&MD5pw);
- md5_update(&MD5pw, tmplen, tmp);
- md5_digest(&MD5pw, md5len, md5sum);
-#elif defined(USE_GNUTLS)
- gcry_md_hd_t MD5pw;
- gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
- gcry_md_write(MD5pw, tmp, tmplen);
- memcpy(md5sum, gcry_md_read (MD5pw, 0), md5len);
- gcry_md_close(MD5pw);
-#endif
-}
-
-#endif /* USE_GNUTLS */
diff --git a/libs/libcurl/src/gtls.h b/libs/libcurl/src/gtls.h
deleted file mode 100644
index 453542e1ec..0000000000
--- a/libs/libcurl/src/gtls.h
+++ /dev/null
@@ -1,81 +0,0 @@
-#ifndef HEADER_CURL_GTLS_H
-#define HEADER_CURL_GTLS_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_GNUTLS
-
-#include "urldata.h"
-
-int Curl_gtls_init(void);
-int Curl_gtls_cleanup(void);
-CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
-CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-
-/* tell GnuTLS to close down all open information regarding connections (and
- thus session ID caching etc) */
-void Curl_gtls_close_all(struct SessionHandle *data);
-
- /* close a SSL connection */
-void Curl_gtls_close(struct connectdata *conn, int sockindex);
-
-void Curl_gtls_session_free(void *ptr);
-size_t Curl_gtls_version(char *buffer, size_t size);
-int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
-int Curl_gtls_seed(struct SessionHandle *data);
-
-void Curl_gtls_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length);
-void Curl_gtls_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len);
-
-/* this backend provides these functions: */
-#define have_curlssl_random 1
-#define have_curlssl_md5sum 1
-
-/* API setup for GnuTLS */
-#define curlssl_init Curl_gtls_init
-#define curlssl_cleanup Curl_gtls_cleanup
-#define curlssl_connect Curl_gtls_connect
-#define curlssl_connect_nonblocking Curl_gtls_connect_nonblocking
-#define curlssl_session_free(x) Curl_gtls_session_free(x)
-#define curlssl_close_all Curl_gtls_close_all
-#define curlssl_close Curl_gtls_close
-#define curlssl_shutdown(x,y) Curl_gtls_shutdown(x,y)
-#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
-#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
-#define curlssl_version Curl_gtls_version
-#define curlssl_check_cxn(x) (x=x, -1)
-#define curlssl_data_pending(x,y) (x=x, y=y, 0)
-#define curlssl_random(x,y,z) Curl_gtls_random(x,y,z)
-#define curlssl_md5sum(a,b,c,d) Curl_gtls_md5sum(a,b,c,d)
-
-#endif /* USE_GNUTLS */
-#endif /* HEADER_CURL_GTLS_H */
diff --git a/libs/libcurl/src/hash.c b/libs/libcurl/src/hash.c
index 4a12e1a7b9..c99b1b6994 100644
--- a/libs/libcurl/src/hash.c
+++ b/libs/libcurl/src/hash.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,13 +22,12 @@
#include "curl_setup.h"
+#include <curl/curl.h>
+
#include "hash.h"
#include "llist.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
+
/* The last #include file should be: */
#include "memdebug.h"
@@ -38,8 +37,6 @@ hash_element_dtor(void *user, void *element)
struct curl_hash *h = (struct curl_hash *) user;
struct curl_hash_element *e = (struct curl_hash_element *) element;
- Curl_safefree(e->key);
-
if(e->ptr) {
h->dtor(e->ptr);
e->ptr = NULL;
@@ -50,7 +47,12 @@ hash_element_dtor(void *user, void *element)
free(e);
}
-/* return 1 on error, 0 is fine */
+/* Initializes a hash structure.
+ * Return 1 on error, 0 is fine.
+ *
+ * @unittest: 1602
+ * @unittest: 1603
+ */
int
Curl_hash_init(struct curl_hash *h,
int slots,
@@ -70,92 +72,46 @@ Curl_hash_init(struct curl_hash *h,
h->size = 0;
h->slots = slots;
- h->table = malloc(slots * sizeof(struct curl_llist *));
+ h->table = malloc(slots * sizeof(struct curl_llist));
if(h->table) {
- for(i = 0; i < slots; ++i) {
- h->table[i] = Curl_llist_alloc((curl_llist_dtor) hash_element_dtor);
- if(!h->table[i]) {
- while(i--) {
- Curl_llist_destroy(h->table[i], NULL);
- h->table[i] = NULL;
- }
- free(h->table);
- h->table = NULL;
- h->slots = 0;
- return 1; /* failure */
- }
- }
+ for(i = 0; i < slots; ++i)
+ Curl_llist_init(&h->table[i], (curl_llist_dtor) hash_element_dtor);
return 0; /* fine */
}
- else {
- h->slots = 0;
- return 1; /* failure */
- }
-}
-
-struct curl_hash *
-Curl_hash_alloc(int slots,
- hash_function hfunc,
- comp_function comparator,
- curl_hash_dtor dtor)
-{
- struct curl_hash *h;
-
- if(!slots || !hfunc || !comparator ||!dtor) {
- return NULL; /* failure */
- }
-
- h = malloc(sizeof(struct curl_hash));
- if(h) {
- if(Curl_hash_init(h, slots, hfunc, comparator, dtor)) {
- /* failure */
- free(h);
- h = NULL;
- }
- }
-
- return h;
+ h->slots = 0;
+ return 1; /* failure */
}
-
-
static struct curl_hash_element *
mk_hash_element(const void *key, size_t key_len, const void *p)
{
- struct curl_hash_element *he = malloc(sizeof(struct curl_hash_element));
-
+ /* allocate the struct plus memory after it to store the key */
+ struct curl_hash_element *he = malloc(sizeof(struct curl_hash_element) +
+ key_len);
if(he) {
- void *dupkey = malloc(key_len);
- if(dupkey) {
- /* copy the key */
- memcpy(dupkey, key, key_len);
-
- he->key = dupkey;
- he->key_len = key_len;
- he->ptr = (void *) p;
- }
- else {
- /* failed to duplicate the key, free memory and fail */
- free(he);
- he = NULL;
- }
+ /* copy the key */
+ memcpy(he->key, key, key_len);
+ he->key_len = key_len;
+ he->ptr = (void *) p;
}
return he;
}
-#define FETCH_LIST(x,y,z) x->table[x->hash_func(y, z, x->slots)]
+#define FETCH_LIST(x,y,z) &x->table[x->hash_func(y, z, x->slots)]
/* Insert the data in the hash. If there already was a match in the hash,
* that data is replaced.
*
* @unittest: 1305
+ * @unittest: 1602
+ * @unittest: 1603
*/
void *
Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
{
struct curl_hash_element *he;
struct curl_llist_element *le;
- struct curl_llist *l = FETCH_LIST (h, key, key_len);
+ struct curl_llist *l = FETCH_LIST(h, key, key_len);
for(le = l->head; le; le = le->next) {
he = (struct curl_hash_element *) le->ptr;
@@ -168,24 +124,19 @@ Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
he = mk_hash_element(key, key_len, p);
if(he) {
- if(Curl_llist_insert_next(l, l->tail, he)) {
- ++h->size;
- return p; /* return the new entry */
- }
- /*
- * Couldn't insert it, destroy the 'he' element and the key again. We
- * don't call hash_element_dtor() since that would also call the
- * "destructor" for the actual data 'p'. When we fail, we shall not touch
- * that data.
- */
- free(he->key);
- free(he);
+ Curl_llist_insert_next(l, l->tail, he, &he->list);
+ ++h->size;
+ return p; /* return the new entry */
}
return NULL; /* failure */
}
-/* remove the identified hash entry, returns non-zero on failure */
+/* Remove the identified hash entry.
+ * Returns non-zero on failure.
+ *
+ * @unittest: 1603
+ */
int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
{
struct curl_llist_element *le;
@@ -203,6 +154,10 @@ int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
return 1;
}
+/* Retrieves a hash element.
+ *
+ * @unittest: 1603
+ */
void *
Curl_hash_pick(struct curl_hash *h, void *key, size_t key_len)
{
@@ -242,14 +197,20 @@ Curl_hash_apply(curl_hash *h, void *user,
}
#endif
+/* Destroys all the entries in the given hash and resets its attributes,
+ * prepping the given hash for [static|dynamic] deallocation.
+ *
+ * @unittest: 1305
+ * @unittest: 1602
+ * @unittest: 1603
+ */
void
-Curl_hash_clean(struct curl_hash *h)
+Curl_hash_destroy(struct curl_hash *h)
{
int i;
for(i = 0; i < h->slots; ++i) {
- Curl_llist_destroy(h->table[i], (void *) h);
- h->table[i] = NULL;
+ Curl_llist_destroy(&h->table[i], (void *) h);
}
Curl_safefree(h->table);
@@ -257,6 +218,17 @@ Curl_hash_clean(struct curl_hash *h)
h->slots = 0;
}
+/* Removes all the entries in the given hash.
+ *
+ * @unittest: 1602
+ */
+void
+Curl_hash_clean(struct curl_hash *h)
+{
+ Curl_hash_clean_with_criterium(h, NULL, NULL);
+}
+
+/* Cleans all entries that pass the comp function criteria. */
void
Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
int (*comp)(void *, void *))
@@ -270,13 +242,13 @@ Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
return;
for(i = 0; i < h->slots; ++i) {
- list = h->table[i];
+ list = &h->table[i];
le = list->head; /* get first list entry */
while(le) {
struct curl_hash_element *he = le->ptr;
lnext = le->next;
/* ask the callback function if we shall remove this entry or not */
- if(comp(user, he->ptr)) {
+ if(comp == NULL || comp(user, he->ptr)) {
Curl_llist_remove(list, le, (void *) h);
--h->size; /* one less entry in the hash now */
}
@@ -285,20 +257,9 @@ Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
}
}
-void
-Curl_hash_destroy(struct curl_hash *h)
+size_t Curl_hash_str(void *key, size_t key_length, size_t slots_num)
{
- if(!h)
- return;
-
- Curl_hash_clean(h);
-
- free(h);
-}
-
-size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num)
-{
- const char* key_str = (const char *) key;
+ const char *key_str = (const char *) key;
const char *end = key_str + key_length;
unsigned long h = 5381;
@@ -310,16 +271,11 @@ size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num)
return (h % slots_num);
}
-size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2, size_t key2_len)
+size_t Curl_str_key_compare(void *k1, size_t key1_len,
+ void *k2, size_t key2_len)
{
- char *key1 = (char *)k1;
- char *key2 = (char *)k2;
-
- if(key1_len == key2_len &&
- *key1 == *key2 &&
- memcmp(key1, key2, key1_len) == 0) {
+ if((key1_len == key2_len) && !memcmp(k1, k2, key1_len))
return 1;
- }
return 0;
}
@@ -344,10 +300,10 @@ Curl_hash_next_element(struct curl_hash_iterator *iter)
/* If we have reached the end of the list, find the next one */
if(!iter->current_element) {
- for(i = iter->slot_index;i < h->slots;i++) {
- if(h->table[i]->head) {
- iter->current_element = h->table[i]->head;
- iter->slot_index = i+1;
+ for(i = iter->slot_index; i < h->slots; i++) {
+ if(h->table[i].head) {
+ iter->current_element = h->table[i].head;
+ iter->slot_index = i + 1;
break;
}
}
@@ -357,10 +313,8 @@ Curl_hash_next_element(struct curl_hash_iterator *iter)
struct curl_hash_element *he = iter->current_element->ptr;
return he;
}
- else {
- iter->current_element = NULL;
- return NULL;
- }
+ iter->current_element = NULL;
+ return NULL;
}
#if 0 /* useful function for debugging hashes and their contents */
diff --git a/libs/libcurl/src/hash.h b/libs/libcurl/src/hash.h
index aa935d4eb9..90a25d1ca3 100644
--- a/libs/libcurl/src/hash.h
+++ b/libs/libcurl/src/hash.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -29,22 +29,22 @@
#include "llist.h"
/* Hash function prototype */
-typedef size_t (*hash_function) (void* key,
+typedef size_t (*hash_function) (void *key,
size_t key_length,
size_t slots_num);
/*
Comparator function prototype. Compares two keys.
*/
-typedef size_t (*comp_function) (void* key1,
+typedef size_t (*comp_function) (void *key1,
size_t key1_len,
- void*key2,
+ void *key2,
size_t key2_len);
typedef void (*curl_hash_dtor)(void *);
struct curl_hash {
- struct curl_llist **table;
+ struct curl_llist *table;
/* Hash function to be used for this hash table */
hash_function hash_func;
@@ -57,9 +57,10 @@ struct curl_hash {
};
struct curl_hash_element {
+ struct curl_llist_element list;
void *ptr;
- char *key;
size_t key_len;
+ char key[1]; /* allocated memory following the struct */
};
struct curl_hash_iterator {
@@ -74,26 +75,19 @@ int Curl_hash_init(struct curl_hash *h,
comp_function comparator,
curl_hash_dtor dtor);
-struct curl_hash *Curl_hash_alloc(int slots,
- hash_function hfunc,
- comp_function comparator,
- curl_hash_dtor dtor);
-
void *Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p);
int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len);
-void *Curl_hash_pick(struct curl_hash *, void * key, size_t key_len);
+void *Curl_hash_pick(struct curl_hash *, void *key, size_t key_len);
void Curl_hash_apply(struct curl_hash *h, void *user,
void (*cb)(void *user, void *ptr));
int Curl_hash_count(struct curl_hash *h);
+void Curl_hash_destroy(struct curl_hash *h);
void Curl_hash_clean(struct curl_hash *h);
void Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
int (*comp)(void *, void *));
-void Curl_hash_destroy(struct curl_hash *h);
-
-size_t Curl_hash_str(void* key, size_t key_length, size_t slots_num);
-size_t Curl_str_key_compare(void*k1, size_t key1_len, void*k2,
+size_t Curl_hash_str(void *key, size_t key_length, size_t slots_num);
+size_t Curl_str_key_compare(void *k1, size_t key1_len, void *k2,
size_t key2_len);
-
void Curl_hash_start_iterate(struct curl_hash *hash,
struct curl_hash_iterator *iter);
struct curl_hash_element *
diff --git a/libs/libcurl/src/hmac.c b/libs/libcurl/src/hmac.c
index dace820370..dae95054b0 100644
--- a/libs/libcurl/src/hmac.c
+++ b/libs/libcurl/src/hmac.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,12 +26,11 @@
#ifndef CURL_DISABLE_CRYPTO_AUTH
-#include "curl_hmac.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include <curl/curl.h>
+#include "curl_hmac.h"
#include "curl_memory.h"
+
/* The last #include file should be: */
#include "memdebug.h"
@@ -50,12 +49,12 @@ static const unsigned char hmac_opad = 0x5C;
HMAC_context *
Curl_HMAC_init(const HMAC_params * hashparams,
- const unsigned char * key,
+ const unsigned char *key,
unsigned int keylen)
{
size_t i;
- HMAC_context * ctxt;
- unsigned char * hkey;
+ HMAC_context *ctxt;
+ unsigned char *hkey;
unsigned char b;
/* Create HMAC context. */
@@ -102,7 +101,7 @@ Curl_HMAC_init(const HMAC_params * hashparams,
}
int Curl_HMAC_update(HMAC_context * ctxt,
- const unsigned char * data,
+ const unsigned char *data,
unsigned int len)
{
/* Update first hash calculation. */
@@ -111,7 +110,7 @@ int Curl_HMAC_update(HMAC_context * ctxt,
}
-int Curl_HMAC_final(HMAC_context * ctxt, unsigned char * result)
+int Curl_HMAC_final(HMAC_context *ctxt, unsigned char *result)
{
const HMAC_params * hashparams = ctxt->hmac_hash;
diff --git a/libs/libcurl/src/hostasyn.c b/libs/libcurl/src/hostasyn.c
index 8151b6714e..7b6e8568a0 100644
--- a/libs/libcurl/src/hostasyn.c
+++ b/libs/libcurl/src/hostasyn.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,11 @@
#include "curl_setup.h"
+/***********************************************************************
+ * Only for builds using asynchronous name resolves
+ **********************************************************************/
+#ifdef CURLRES_ASYNCH
+
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
@@ -47,19 +52,10 @@
#include "share.h"
#include "strerror.h"
#include "url.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
-/***********************************************************************
- * Only for builds using asynchronous name resolves
- **********************************************************************/
-#ifdef CURLRES_ASYNCH
-
/*
* Curl_addrinfo_callback() gets called by ares, gethostbyname_thread()
* or getaddrinfo_thread() when we got the name resolved (or not!).
@@ -75,13 +71,13 @@ CURLcode Curl_addrinfo_callback(struct connectdata *conn,
struct Curl_addrinfo *ai)
{
struct Curl_dns_entry *dns = NULL;
- CURLcode rc = CURLE_OK;
+ CURLcode result = CURLE_OK;
conn->async.status = status;
if(CURL_ASYNC_SUCCESS == status) {
if(ai) {
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(data->share)
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
@@ -92,14 +88,14 @@ CURLcode Curl_addrinfo_callback(struct connectdata *conn,
if(!dns) {
/* failed to store, cleanup and return error */
Curl_freeaddrinfo(ai);
- rc = CURLE_OUT_OF_MEMORY;
+ result = CURLE_OUT_OF_MEMORY;
}
if(data->share)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
}
else {
- rc = CURLE_OUT_OF_MEMORY;
+ result = CURLE_OUT_OF_MEMORY;
}
}
@@ -110,9 +106,9 @@ CURLcode Curl_addrinfo_callback(struct connectdata *conn,
async struct */
conn->async.done = TRUE;
- /* ipv4: The input hostent struct will be freed by ares when we return from
+ /* IPv4: The input hostent struct will be freed by ares when we return from
this function */
- return rc;
+ return result;
}
/* Call this function after Curl_connect() has returned async=TRUE and
@@ -123,21 +119,21 @@ CURLcode Curl_addrinfo_callback(struct connectdata *conn,
CURLcode Curl_async_resolved(struct connectdata *conn,
bool *protocol_done)
{
- CURLcode code;
+ CURLcode result;
if(conn->async.dns) {
conn->dns_entry = conn->async.dns;
conn->async.dns = NULL;
}
- code = Curl_setup_conn(conn, protocol_done);
+ result = Curl_setup_conn(conn, protocol_done);
- if(code)
+ if(result)
/* We're not allowed to return failure with memory left allocated
in the connectdata struct, free those here */
Curl_disconnect(conn, FALSE); /* close the connection */
- return code;
+ return result;
}
/*
diff --git a/libs/libcurl/src/hostcheck.c b/libs/libcurl/src/hostcheck.c
index abd1fa0c3c..23dc3d2a7c 100644
--- a/libs/libcurl/src/hostcheck.c
+++ b/libs/libcurl/src/hostcheck.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,12 +22,23 @@
#include "curl_setup.h"
-#if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \
- defined(USE_GSKIT)
+#if defined(USE_OPENSSL) \
+ || defined(USE_AXTLS) \
+ || defined(USE_GSKIT) \
+ || (defined(USE_SCHANNEL) && defined(_WIN32_WCE))
/* these backends use functions from this file */
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
#include "hostcheck.h"
-#include "rawstr.h"
+#include "strcase.h"
+#include "inet_pton.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
/*
* Match a hostname against a wildcard pattern.
@@ -35,35 +46,67 @@
* "foo.host.com" matches "*.host.com".
*
* We use the matching rule described in RFC6125, section 6.4.3.
- * http://tools.ietf.org/html/rfc6125#section-6.4.3
+ * https://tools.ietf.org/html/rfc6125#section-6.4.3
+ *
+ * In addition: ignore trailing dots in the host names and wildcards, so that
+ * the names are used normalized. This is what the browsers do.
+ *
+ * Do not allow wildcard matching on IP numbers. There are apparently
+ * certificates being used with an IP address in the CN field, thus making no
+ * apparent distinction between a name and an IP. We need to detect the use of
+ * an IP address and not wildcard match on such names.
+ *
+ * NOTE: hostmatch() gets called with copied buffers so that it can modify the
+ * contents at will.
*/
-static int hostmatch(const char *hostname, const char *pattern)
+static int hostmatch(char *hostname, char *pattern)
{
const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
int wildcard_enabled;
size_t prefixlen, suffixlen;
+ struct in_addr ignored;
+#ifdef ENABLE_IPV6
+ struct sockaddr_in6 si6;
+#endif
+
+ /* normalize pattern and hostname by stripping off trailing dots */
+ size_t len = strlen(hostname);
+ if(hostname[len-1]=='.')
+ hostname[len-1] = 0;
+ len = strlen(pattern);
+ if(pattern[len-1]=='.')
+ pattern[len-1] = 0;
+
pattern_wildcard = strchr(pattern, '*');
if(pattern_wildcard == NULL)
- return Curl_raw_equal(pattern, hostname) ?
+ return strcasecompare(pattern, hostname) ?
CURL_HOST_MATCH : CURL_HOST_NOMATCH;
+ /* detect IP address as hostname and fail the match if so */
+ if(Curl_inet_pton(AF_INET, hostname, &ignored) > 0)
+ return CURL_HOST_NOMATCH;
+#ifdef ENABLE_IPV6
+ if(Curl_inet_pton(AF_INET6, hostname, &si6.sin6_addr) > 0)
+ return CURL_HOST_NOMATCH;
+#endif
+
/* We require at least 2 dots in pattern to avoid too wide wildcard
match. */
wildcard_enabled = 1;
pattern_label_end = strchr(pattern, '.');
- if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
+ if(pattern_label_end == NULL || strchr(pattern_label_end + 1, '.') == NULL ||
pattern_wildcard > pattern_label_end ||
- Curl_raw_nequal(pattern, "xn--", 4)) {
+ strncasecompare(pattern, "xn--", 4)) {
wildcard_enabled = 0;
}
if(!wildcard_enabled)
- return Curl_raw_equal(pattern, hostname) ?
+ return strcasecompare(pattern, hostname) ?
CURL_HOST_MATCH : CURL_HOST_NOMATCH;
hostname_label_end = strchr(hostname, '.');
if(hostname_label_end == NULL ||
- !Curl_raw_equal(pattern_label_end, hostname_label_end))
+ !strcasecompare(pattern_label_end, hostname_label_end))
return CURL_HOST_NOMATCH;
/* The wildcard must match at least one character, so the left-most
@@ -73,25 +116,35 @@ static int hostmatch(const char *hostname, const char *pattern)
return CURL_HOST_NOMATCH;
prefixlen = pattern_wildcard - pattern;
- suffixlen = pattern_label_end - (pattern_wildcard+1);
- return Curl_raw_nequal(pattern, hostname, prefixlen) &&
- Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
+ suffixlen = pattern_label_end - (pattern_wildcard + 1);
+ return strncasecompare(pattern, hostname, prefixlen) &&
+ strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen,
suffixlen) ?
CURL_HOST_MATCH : CURL_HOST_NOMATCH;
}
int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
{
+ char *matchp;
+ char *hostp;
+ int res = 0;
if(!match_pattern || !*match_pattern ||
!hostname || !*hostname) /* sanity check */
- return 0;
-
- if(Curl_raw_equal(hostname, match_pattern)) /* trivial case */
- return 1;
+ ;
+ else {
+ matchp = strdup(match_pattern);
+ if(matchp) {
+ hostp = strdup(hostname);
+ if(hostp) {
+ if(hostmatch(hostp, matchp) == CURL_HOST_MATCH)
+ res = 1;
+ free(hostp);
+ }
+ free(matchp);
+ }
+ }
- if(hostmatch(hostname,match_pattern) == CURL_HOST_MATCH)
- return 1;
- return 0;
+ return res;
}
-#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */
+#endif /* OPENSSL, AXTLS, GSKIT or schannel+wince */
diff --git a/libs/libcurl/src/hostcheck.h b/libs/libcurl/src/hostcheck.h
index f4a517a8e8..86e3b96a97 100644
--- a/libs/libcurl/src/hostcheck.h
+++ b/libs/libcurl/src/hostcheck.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c
index f37b4925bb..7f010a0379 100644
--- a/libs/libcurl/src/hostip.c
+++ b/libs/libcurl/src/hostip.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -56,12 +56,9 @@
#include "url.h"
#include "inet_ntop.h"
#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
#if defined(CURLRES_SYNCH) && \
@@ -98,8 +95,8 @@
* hostip.c - method-independent resolver functions and utility functions
* hostasyn.c - functions for asynchronous name resolves
* hostsyn.c - functions for synchronous name resolves
- * hostip4.c - ipv4-specific functions
- * hostip6.c - ipv6-specific functions
+ * hostip4.c - IPv4 specific functions
+ * hostip6.c - IPv6 specific functions
*
* The two asynchronous name resolver backends are implemented in:
* asyn-ares.c - functions for ares-using name resolves
@@ -140,17 +137,13 @@ struct curl_hash *Curl_global_host_cache_init(void)
void Curl_global_host_cache_dtor(void)
{
if(host_cache_initialized) {
- /* first make sure that any custom "CURLOPT_RESOLVE" names are
- cleared off */
- Curl_hostcache_clean(NULL, &hostname_cache);
- /* then free the remaining hash completely */
- Curl_hash_clean(&hostname_cache);
+ Curl_hash_destroy(&hostname_cache);
host_cache_initialized = 0;
}
}
/*
- * Return # of adresses in a Curl_addrinfo struct
+ * Return # of addresses in a Curl_addrinfo struct
*/
int Curl_num_addresses(const Curl_addrinfo *addr)
{
@@ -179,7 +172,7 @@ Curl_printable_address(const Curl_addrinfo *ai, char *buf, size_t bufsize)
const struct in6_addr *ipaddr6;
#endif
- switch (ai->ai_family) {
+ switch(ai->ai_family) {
case AF_INET:
sa4 = (const void *)ai->ai_addr;
ipaddr4 = &sa4->sin_addr;
@@ -237,7 +230,8 @@ hostcache_timestamp_remove(void *datap, void *hc)
(struct hostcache_prune_data *) datap;
struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc;
- return (data->now - c->timestamp >= data->cache_timeout);
+ return (0 != c->timestamp)
+ && (data->now - c->timestamp >= data->cache_timeout);
}
/*
@@ -260,7 +254,7 @@ hostcache_prune(struct curl_hash *hostcache, long cache_timeout, time_t now)
* Library-wide function for pruning the DNS cache. This function takes and
* returns the appropriate locks.
*/
-void Curl_hostcache_prune(struct SessionHandle *data)
+void Curl_hostcache_prune(struct Curl_easy *data)
{
time_t now;
@@ -283,40 +277,90 @@ void Curl_hostcache_prune(struct SessionHandle *data)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
}
-/*
- * Check if the entry should be pruned. Assumes a locked cache.
- */
-static int
-remove_entry_if_stale(struct SessionHandle *data, struct Curl_dns_entry *dns)
+#ifdef HAVE_SIGSETJMP
+/* Beware this is a global and unique instance. This is used to store the
+ return address that we can jump back to from inside a signal handler. This
+ is not thread-safe stuff. */
+sigjmp_buf curl_jmpenv;
+#endif
+
+/* lookup address, returns entry if found and not stale */
+static struct Curl_dns_entry *
+fetch_addr(struct connectdata *conn,
+ const char *hostname,
+ int port)
{
- struct hostcache_prune_data user;
+ char *entry_id = NULL;
+ struct Curl_dns_entry *dns = NULL;
+ size_t entry_len;
+ struct Curl_easy *data = conn->data;
- if(!dns || (data->set.dns_cache_timeout == -1) || !data->dns.hostcache)
- /* cache forever means never prune, and NULL hostcache means
- we can't do it */
- return 0;
+ /* Create an entry id, based upon the hostname and port */
+ entry_id = create_hostcache_id(hostname, port);
+ /* If we can't create the entry id, fail */
+ if(!entry_id)
+ return dns;
- time(&user.now);
- user.cache_timeout = data->set.dns_cache_timeout;
+ entry_len = strlen(entry_id);
- if(!hostcache_timestamp_remove(&user,dns) )
- return 0;
+ /* See if its already in our dns cache */
+ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
- Curl_hash_clean_with_criterium(data->dns.hostcache,
- (void *) &user,
- hostcache_timestamp_remove);
+ if(dns && (data->set.dns_cache_timeout != -1)) {
+ /* See whether the returned entry is stale. Done before we release lock */
+ struct hostcache_prune_data user;
+
+ time(&user.now);
+ user.cache_timeout = data->set.dns_cache_timeout;
- return 1;
+ if(hostcache_timestamp_remove(&user, dns)) {
+ infof(data, "Hostname in DNS cache was stale, zapped\n");
+ dns = NULL; /* the memory deallocation is being handled by the hash */
+ Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1);
+ }
+ }
+
+ /* free the allocated entry_id again */
+ free(entry_id);
+
+ return dns;
}
+/*
+ * Curl_fetch_addr() fetches a 'Curl_dns_entry' already in the DNS cache.
+ *
+ * Curl_resolv() checks initially and multi_runsingle() checks each time
+ * it discovers the handle in the state WAITRESOLVE whether the hostname
+ * has already been resolved and the address has already been stored in
+ * the DNS cache. This short circuits waiting for a lot of pending
+ * lookups for the same hostname requested by different handles.
+ *
+ * Returns the Curl_dns_entry entry pointer or NULL if not in the cache.
+ *
+ * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after
+ * use, or we'll leak memory!
+ */
+struct Curl_dns_entry *
+Curl_fetch_addr(struct connectdata *conn,
+ const char *hostname,
+ int port)
+{
+ struct Curl_easy *data = conn->data;
+ struct Curl_dns_entry *dns = NULL;
+
+ if(data->share)
+ Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
-#ifdef HAVE_SIGSETJMP
-/* Beware this is a global and unique instance. This is used to store the
- return address that we can jump back to from inside a signal handler. This
- is not thread-safe stuff. */
-sigjmp_buf curl_jmpenv;
-#endif
+ dns = fetch_addr(conn, hostname, port);
+
+ if(dns)
+ dns->inuse++; /* we use it! */
+ if(data->share)
+ Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+
+ return dns;
+}
/*
* Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
@@ -328,7 +372,7 @@ sigjmp_buf curl_jmpenv;
* Returns the Curl_dns_entry entry pointer or NULL if the storage failed.
*/
struct Curl_dns_entry *
-Curl_cache_addr(struct SessionHandle *data,
+Curl_cache_addr(struct Curl_easy *data,
Curl_addrinfo *addr,
const char *hostname,
int port)
@@ -352,14 +396,14 @@ Curl_cache_addr(struct SessionHandle *data,
return NULL;
}
- dns->inuse = 0; /* init to not used */
+ dns->inuse = 1; /* the cache has the first reference */
dns->addr = addr; /* this is the address(es) */
time(&dns->timestamp);
if(dns->timestamp == 0)
- dns->timestamp = 1; /* zero indicates that entry isn't in hash table */
+ dns->timestamp = 1; /* zero indicates CURLOPT_RESOLVE entry */
/* Store the resolved data in our DNS cache. */
- dns2 = Curl_hash_add(data->dns.hostcache, entry_id, entry_len+1,
+ dns2 = Curl_hash_add(data->dns.hostcache, entry_id, entry_len + 1,
(void *)dns);
if(!dns2) {
free(dns);
@@ -402,37 +446,20 @@ int Curl_resolv(struct connectdata *conn,
int port,
struct Curl_dns_entry **entry)
{
- char *entry_id = NULL;
struct Curl_dns_entry *dns = NULL;
- size_t entry_len;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
CURLcode result;
int rc = CURLRESOLV_ERROR; /* default to failure */
*entry = NULL;
- /* Create an entry id, based upon the hostname and port */
- entry_id = create_hostcache_id(hostname, port);
- /* If we can't create the entry id, fail */
- if(!entry_id)
- return rc;
-
- entry_len = strlen(entry_id);
-
if(data->share)
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
- /* See if its already in our dns cache */
- dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1);
-
- /* free the allocated entry_id again */
- free(entry_id);
-
- /* See whether the returned entry is stale. Done before we release lock */
- if(remove_entry_if_stale(data, dns))
- dns = NULL; /* the memory deallocation is being handled by the hash */
+ dns = fetch_addr(conn, hostname, port);
if(dns) {
+ infof(data, "Hostname %s was found in DNS cache\n", hostname);
dns->inuse++; /* we use it! */
rc = CURLRESOLV_RESOLVED;
}
@@ -511,7 +538,6 @@ RETSIGTYPE alarmfunc(int sig)
/* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */
(void)sig;
siglongjmp(curl_jmpenv, 1);
- return;
}
#endif /* USE_ALARM_TIMEOUT */
@@ -541,12 +567,12 @@ int Curl_resolv_timeout(struct connectdata *conn,
const char *hostname,
int port,
struct Curl_dns_entry **entry,
- long timeoutms)
+ time_t timeoutms)
{
#ifdef USE_ALARM_TIMEOUT
#ifdef HAVE_SIGACTION
struct sigaction keep_sigact; /* store the old struct here */
- volatile bool keep_copysig = FALSE; /* wether old sigact has been saved */
+ volatile bool keep_copysig = FALSE; /* whether old sigact has been saved */
struct sigaction sigact;
#else
#ifdef HAVE_SIGNAL
@@ -555,7 +581,7 @@ int Curl_resolv_timeout(struct connectdata *conn,
#endif /* HAVE_SIGACTION */
volatile long timeout;
volatile unsigned int prev_alarm = 0;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
#endif /* USE_ALARM_TIMEOUT */
int rc;
@@ -570,43 +596,20 @@ int Curl_resolv_timeout(struct connectdata *conn,
/* Ignore the timeout when signals are disabled */
timeout = 0;
else
- timeout = timeoutms;
+ timeout = (timeoutms > LONG_MAX) ? LONG_MAX : (long)timeoutms;
if(!timeout)
/* USE_ALARM_TIMEOUT defined, but no timeout actually requested */
return Curl_resolv(conn, hostname, port, entry);
- if(timeout < 1000)
+ if(timeout < 1000) {
/* The alarm() function only provides integer second resolution, so if
we want to wait less than one second we must bail out already now. */
+ failf(data,
+ "remaining timeout of %ld too small to resolve via SIGALRM method",
+ timeout);
return CURLRESOLV_TIMEDOUT;
-
- /*************************************************************
- * Set signal handler to catch SIGALRM
- * Store the old value to be able to set it back later!
- *************************************************************/
-#ifdef HAVE_SIGACTION
- sigaction(SIGALRM, NULL, &sigact);
- keep_sigact = sigact;
- keep_copysig = TRUE; /* yes, we have a copy */
- sigact.sa_handler = alarmfunc;
-#ifdef SA_RESTART
- /* HPUX doesn't have SA_RESTART but defaults to that behaviour! */
- sigact.sa_flags &= ~SA_RESTART;
-#endif
- /* now set the new struct */
- sigaction(SIGALRM, &sigact, NULL);
-#else /* HAVE_SIGACTION */
- /* no sigaction(), revert to the much lamer signal() */
-#ifdef HAVE_SIGNAL
- keep_sigact = signal(SIGALRM, alarmfunc);
-#endif
-#endif /* HAVE_SIGACTION */
-
- /* alarm() makes a signal get sent when the timeout fires off, and that
- will abort system calls */
- prev_alarm = alarm(curlx_sltoui(timeout/1000L));
-
+ }
/* This allows us to time-out from the name resolver, as the timeout
will generate a signal and we will siglongjmp() from that here.
This technique has problems (see alarmfunc).
@@ -619,6 +622,33 @@ int Curl_resolv_timeout(struct connectdata *conn,
rc = CURLRESOLV_ERROR;
goto clean_up;
}
+ else {
+ /*************************************************************
+ * Set signal handler to catch SIGALRM
+ * Store the old value to be able to set it back later!
+ *************************************************************/
+#ifdef HAVE_SIGACTION
+ sigaction(SIGALRM, NULL, &sigact);
+ keep_sigact = sigact;
+ keep_copysig = TRUE; /* yes, we have a copy */
+ sigact.sa_handler = alarmfunc;
+#ifdef SA_RESTART
+ /* HPUX doesn't have SA_RESTART but defaults to that behaviour! */
+ sigact.sa_flags &= ~SA_RESTART;
+#endif
+ /* now set the new struct */
+ sigaction(SIGALRM, &sigact, NULL);
+#else /* HAVE_SIGACTION */
+ /* no sigaction(), revert to the much lamer signal() */
+#ifdef HAVE_SIGNAL
+ keep_sigact = signal(SIGALRM, alarmfunc);
+#endif
+#endif /* HAVE_SIGACTION */
+
+ /* alarm() makes a signal get sent when the timeout fires off, and that
+ will abort system calls */
+ prev_alarm = alarm(curlx_sltoui(timeout/1000L));
+ }
#else
#ifndef CURLRES_ASYNCH
@@ -658,10 +688,11 @@ clean_up:
the time we spent until now! */
if(prev_alarm) {
/* there was an alarm() set before us, now put it back */
- unsigned long elapsed_ms = Curl_tvdiff(Curl_tvnow(), conn->created);
+ timediff_t elapsed_secs = Curl_timediff(Curl_now(),
+ conn->created) / 1000;
/* the alarm period is counted in even number of seconds */
- unsigned long alarm_set = prev_alarm - elapsed_ms/1000;
+ unsigned long alarm_set = prev_alarm - elapsed_secs;
if(!alarm_set ||
((alarm_set >= 0x80000000) && (prev_alarm < 0x80000000)) ) {
@@ -688,56 +719,39 @@ clean_up:
*
* May be called with 'data' == NULL for global cache.
*/
-void Curl_resolv_unlock(struct SessionHandle *data, struct Curl_dns_entry *dns)
+void Curl_resolv_unlock(struct Curl_easy *data, struct Curl_dns_entry *dns)
{
- DEBUGASSERT(dns && (dns->inuse>0));
-
if(data && data->share)
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
- dns->inuse--;
- /* only free if nobody is using AND it is not in hostcache (timestamp ==
- 0) */
- if(dns->inuse == 0 && dns->timestamp == 0) {
- Curl_freeaddrinfo(dns->addr);
- free(dns);
- }
+ freednsentry(dns);
if(data && data->share)
Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
}
/*
- * File-internal: free a cache dns entry.
+ * File-internal: release cache dns entry reference, free if inuse drops to 0
*/
static void freednsentry(void *freethis)
{
- struct Curl_dns_entry *p = (struct Curl_dns_entry *) freethis;
+ struct Curl_dns_entry *dns = (struct Curl_dns_entry *) freethis;
+ DEBUGASSERT(dns && (dns->inuse>0));
- /* mark the entry as not in hostcache */
- p->timestamp = 0;
- if(p->inuse == 0) {
- Curl_freeaddrinfo(p->addr);
- free(p);
+ dns->inuse--;
+ if(dns->inuse == 0) {
+ Curl_freeaddrinfo(dns->addr);
+ free(dns);
}
}
/*
- * Curl_mk_dnscache() creates a new DNS cache and returns the handle for it.
+ * Curl_mk_dnscache() inits a new DNS cache and returns success/failure.
*/
-struct curl_hash *Curl_mk_dnscache(void)
+int Curl_mk_dnscache(struct curl_hash *hash)
{
- return Curl_hash_alloc(7, Curl_hash_str, Curl_str_key_compare, freednsentry);
-}
-
-static int hostcache_inuse(void *data, void *hc)
-{
- struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc;
-
- if(c->inuse == 1)
- Curl_resolv_unlock(data, c);
-
- return 1; /* free all entries */
+ return Curl_hash_init(hash, 7, Curl_hash_str, Curl_str_key_compare,
+ freednsentry);
}
/*
@@ -747,40 +761,87 @@ static int hostcache_inuse(void *data, void *hc)
* can be done!
*/
-void Curl_hostcache_clean(struct SessionHandle *data,
+void Curl_hostcache_clean(struct Curl_easy *data,
struct curl_hash *hash)
{
- /* Entries added to the hostcache with the CURLOPT_RESOLVE function are
- * still present in the cache with the inuse counter set to 1. Detect them
- * and cleanup!
- */
- Curl_hash_clean_with_criterium(hash, data, hostcache_inuse);
+ if(data && data->share)
+ Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+ Curl_hash_clean(hash);
+
+ if(data && data->share)
+ Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
}
-CURLcode Curl_loadhostpairs(struct SessionHandle *data)
+CURLcode Curl_loadhostpairs(struct Curl_easy *data)
{
struct curl_slist *hostp;
char hostname[256];
- char address[256];
int port;
- for(hostp = data->change.resolve; hostp; hostp = hostp->next ) {
+ for(hostp = data->change.resolve; hostp; hostp = hostp->next) {
if(!hostp->data)
continue;
if(hostp->data[0] == '-') {
- /* TODO: mark an entry for removal */
+ char *entry_id;
+ size_t entry_len;
+
+ if(2 != sscanf(hostp->data + 1, "%255[^:]:%d", hostname, &port)) {
+ infof(data, "Couldn't parse CURLOPT_RESOLVE removal entry '%s'!\n",
+ hostp->data);
+ continue;
+ }
+
+ /* Create an entry id, based upon the hostname and port */
+ entry_id = create_hostcache_id(hostname, port);
+ /* If we can't create the entry id, fail */
+ if(!entry_id) {
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ entry_len = strlen(entry_id);
+
+ if(data->share)
+ Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+ /* delete entry, ignore if it didn't exist */
+ Curl_hash_delete(data->dns.hostcache, entry_id, entry_len + 1);
+
+ if(data->share)
+ Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+
+ /* free the allocated entry_id again */
+ free(entry_id);
}
- else if(3 == sscanf(hostp->data, "%255[^:]:%d:%255s", hostname, &port,
- address)) {
+ else {
struct Curl_dns_entry *dns;
Curl_addrinfo *addr;
char *entry_id;
size_t entry_len;
+ char buffer[256];
+ char *address = &buffer[0];
+
+ if(3 != sscanf(hostp->data, "%255[^:]:%d:%255s", hostname, &port,
+ address)) {
+ infof(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'!\n",
+ hostp->data);
+ continue;
+ }
+
+ /* allow IP(v6) address within [brackets] */
+ if(address[0] == '[') {
+ size_t alen = strlen(address);
+ if(address[alen-1] != ']')
+ /* it needs to also end with ] to be valid */
+ continue;
+ address[alen-1] = 0; /* zero terminate there */
+ address++; /* pass the open bracket */
+ }
addr = Curl_str2addr(address, port);
if(!addr) {
- infof(data, "Resolve %s found illegal!\n", hostp->data);
+ infof(data, "Address in '%s' found illegal!\n", hostp->data);
continue;
}
@@ -798,14 +859,21 @@ CURLcode Curl_loadhostpairs(struct SessionHandle *data)
Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
/* See if its already in our dns cache */
- dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1);
+ dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1);
/* free the allocated entry_id again */
free(entry_id);
- if(!dns)
+ if(!dns) {
/* if not in the cache already, put this host in the cache */
dns = Curl_cache_addr(data, addr, hostname, port);
+ if(dns) {
+ dns->timestamp = 0; /* mark as added by CURLOPT_RESOLVE */
+ /* release the returned reference; the cache itself will keep the
+ * entry alive: */
+ dns->inuse--;
+ }
+ }
else
/* this is a duplicate, free it again */
Curl_freeaddrinfo(addr);
diff --git a/libs/libcurl/src/hostip.h b/libs/libcurl/src/hostip.h
index 42ed7d3208..298eeeee3b 100644
--- a/libs/libcurl/src/hostip.h
+++ b/libs/libcurl/src/hostip.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -50,7 +50,7 @@
struct addrinfo;
struct hostent;
-struct SessionHandle;
+struct Curl_easy;
struct connectdata;
/*
@@ -65,11 +65,10 @@ void Curl_global_host_cache_dtor(void);
struct Curl_dns_entry {
Curl_addrinfo *addr;
- /* timestamp == 0 -- entry not in hostcache
- timestamp != 0 -- entry is in hostcache */
+ /* timestamp == 0 -- CURLOPT_RESOLVE entry, doesn't timeout */
time_t timestamp;
- long inuse; /* use-counter, make very sure you decrease this
- when you're done using the address you received */
+ /* use-counter, use Curl_resolv_unlock to release reference */
+ long inuse;
};
/*
@@ -88,11 +87,11 @@ int Curl_resolv(struct connectdata *conn, const char *hostname,
int port, struct Curl_dns_entry **dnsentry);
int Curl_resolv_timeout(struct connectdata *conn, const char *hostname,
int port, struct Curl_dns_entry **dnsentry,
- long timeoutms);
+ time_t timeoutms);
#ifdef CURLRES_IPV6
/*
- * Curl_ipv6works() returns TRUE if ipv6 seems to work.
+ * Curl_ipv6works() returns TRUE if IPv6 seems to work.
*/
bool Curl_ipv6works(void);
#else
@@ -119,20 +118,20 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
/* unlock a previously resolved dns entry */
-void Curl_resolv_unlock(struct SessionHandle *data,
+void Curl_resolv_unlock(struct Curl_easy *data,
struct Curl_dns_entry *dns);
/* for debugging purposes only: */
void Curl_scan_cache_used(void *user, void *ptr);
-/* make a new dns cache and return the handle */
-struct curl_hash *Curl_mk_dnscache(void);
+/* init a new dns cache and return success */
+int Curl_mk_dnscache(struct curl_hash *hash);
/* prune old entries from the DNS cache */
-void Curl_hostcache_prune(struct SessionHandle *data);
+void Curl_hostcache_prune(struct Curl_easy *data);
-/* Return # of adresses in a Curl_addrinfo struct */
-int Curl_num_addresses (const Curl_addrinfo *addr);
+/* Return # of addresses in a Curl_addrinfo struct */
+int Curl_num_addresses(const Curl_addrinfo *addr);
#if defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO)
int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa,
@@ -144,7 +143,7 @@ int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa,
#endif
/* IPv4 threadsafe resolve function used for synch and asynch builds */
-Curl_addrinfo *Curl_ipv4_resolve_r(const char * hostname, int port);
+Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname, int port);
CURLcode Curl_async_resolved(struct connectdata *conn,
bool *protocol_connect);
@@ -172,12 +171,24 @@ const char *Curl_printable_address(const Curl_addrinfo *ip,
char *buf, size_t bufsize);
/*
+ * Curl_fetch_addr() fetches a 'Curl_dns_entry' already in the DNS cache.
+ *
+ * Returns the Curl_dns_entry entry pointer or NULL if not in the cache.
+ *
+ * The returned data *MUST* be "unlocked" with Curl_resolv_unlock() after
+ * use, or we'll leak memory!
+ */
+struct Curl_dns_entry *
+Curl_fetch_addr(struct connectdata *conn,
+ const char *hostname,
+ int port);
+/*
* Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
*
* Returns the Curl_dns_entry entry pointer or NULL if the storage failed.
*/
struct Curl_dns_entry *
-Curl_cache_addr(struct SessionHandle *data, Curl_addrinfo *addr,
+Curl_cache_addr(struct Curl_easy *data, Curl_addrinfo *addr,
const char *hostname, int port);
#ifndef INADDR_NONE
@@ -198,42 +209,42 @@ extern sigjmp_buf curl_jmpenv;
/*
* Function provided by the resolver backend to set DNS servers to use.
*/
-CURLcode Curl_set_dns_servers(struct SessionHandle *data, char *servers);
+CURLcode Curl_set_dns_servers(struct Curl_easy *data, char *servers);
/*
* Function provided by the resolver backend to set
* outgoing interface to use for DNS requests
*/
-CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+CURLcode Curl_set_dns_interface(struct Curl_easy *data,
const char *interf);
/*
* Function provided by the resolver backend to set
* local IPv4 address to use as source address for DNS requests
*/
-CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip4(struct Curl_easy *data,
const char *local_ip4);
/*
* Function provided by the resolver backend to set
* local IPv6 address to use as source address for DNS requests
*/
-CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip6(struct Curl_easy *data,
const char *local_ip6);
/*
* Clean off entries from the cache
*/
-void Curl_hostcache_clean(struct SessionHandle *data, struct curl_hash *hash);
+void Curl_hostcache_clean(struct Curl_easy *data, struct curl_hash *hash);
/*
* Destroy the hostcache of this handle.
*/
-void Curl_hostcache_destroy(struct SessionHandle *data);
+void Curl_hostcache_destroy(struct Curl_easy *data);
/*
* Populate the cache with specified entries from CURLOPT_RESOLVE.
*/
-CURLcode Curl_loadhostpairs(struct SessionHandle *data);
+CURLcode Curl_loadhostpairs(struct Curl_easy *data);
#endif /* HEADER_CURL_HOSTIP_H */
diff --git a/libs/libcurl/src/hostip4.c b/libs/libcurl/src/hostip4.c
index 1e39f4a987..9d6f115ae6 100644
--- a/libs/libcurl/src/hostip4.c
+++ b/libs/libcurl/src/hostip4.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,11 @@
#include "curl_setup.h"
+/***********************************************************************
+ * Only for plain IPv4 builds
+ **********************************************************************/
+#ifdef CURLRES_IPV4 /* plain IPv4 code coming up */
+
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
@@ -48,18 +53,11 @@
#include "strerror.h"
#include "url.h"
#include "inet_pton.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
-/***********************************************************************
- * Only for plain-ipv4 builds
- **********************************************************************/
-#ifdef CURLRES_IPV4 /* plain ipv4 code coming up */
/*
* Curl_ipvalid() checks what CURL_IPRESOLVE_* requirements that might've
* been set and returns TRUE if they are OK.
@@ -67,7 +65,7 @@
bool Curl_ipvalid(struct connectdata *conn)
{
if(conn->ip_version == CURL_IPRESOLVE_V6)
- /* an ipv6 address was requested and we can't get/use one */
+ /* An IPv6 address was requested and we can't get/use one */
return FALSE;
return TRUE; /* OK, proceed */
@@ -76,7 +74,7 @@ bool Curl_ipvalid(struct connectdata *conn)
#ifdef CURLRES_SYNCH
/*
- * Curl_getaddrinfo() - the ipv4 synchronous version.
+ * Curl_getaddrinfo() - the IPv4 synchronous version.
*
* The original code to this function was from the Dancer source code, written
* by Bjorn Reese, it has since been patched and modified considerably.
@@ -252,7 +250,7 @@ Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname,
*/
if(CURL_HOSTENT_SIZE >=
- (sizeof(struct hostent)+sizeof(struct hostent_data))) {
+ (sizeof(struct hostent) + sizeof(struct hostent_data))) {
/* August 22nd, 2000: Albert Chin-A-Young brought an updated version
* that should work! September 20: Richard Prescott worked on the buffer
@@ -294,7 +292,7 @@ Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname,
* gethostbyname() is the preferred one.
*/
else {
- h = gethostbyname((void*)hostname);
+ h = gethostbyname((void *)hostname);
#endif /* HAVE_GETADDRINFO_THREADSAFE || HAVE_GETHOSTBYNAME_R */
}
diff --git a/libs/libcurl/src/hostip6.c b/libs/libcurl/src/hostip6.c
index 8327004cd3..7c9988f41b 100644
--- a/libs/libcurl/src/hostip6.c
+++ b/libs/libcurl/src/hostip6.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,11 @@
#include "curl_setup.h"
+/***********************************************************************
+ * Only for IPv6-enabled builds
+ **********************************************************************/
+#ifdef CURLRES_IPV6
+
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
@@ -49,20 +54,11 @@
#include "url.h"
#include "inet_pton.h"
#include "connect.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
-/***********************************************************************
- * Only for ipv6-enabled builds
- **********************************************************************/
-#ifdef CURLRES_IPV6
-
-
#if defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO)
/* These are strictly for memory tracing and are using the same style as the
* family otherwise present in memdebug.c. I put these ones here since they
@@ -97,7 +93,7 @@ int curl_dogetnameinfo(GETNAMEINFO_QUAL_ARG1 GETNAMEINFO_TYPE_ARG1 sa,
#endif /* defined(CURLDEBUG) && defined(HAVE_GETNAMEINFO) */
/*
- * Curl_ipv6works() returns TRUE if ipv6 seems to work.
+ * Curl_ipv6works() returns TRUE if IPv6 seems to work.
*/
bool Curl_ipv6works(void)
{
@@ -109,7 +105,7 @@ bool Curl_ipv6works(void)
/* probe to see if we have a working IPv6 stack */
curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0);
if(s == CURL_SOCKET_BAD)
- /* an ipv6 address was requested but we can't get/use one */
+ /* an IPv6 address was requested but we can't get/use one */
ipv6_works = 0;
else {
ipv6_works = 1;
@@ -127,6 +123,7 @@ bool Curl_ipvalid(struct connectdata *conn)
{
if(conn->ip_version == CURL_IPRESOLVE_V6)
return Curl_ipv6works();
+
return TRUE;
}
@@ -152,7 +149,7 @@ static void dump_addrinfo(struct connectdata *conn, const Curl_addrinfo *ai)
#endif
/*
- * Curl_getaddrinfo() when built ipv6-enabled (non-threading and
+ * Curl_getaddrinfo() when built IPv6-enabled (non-threading and
* non-ares version).
*
* Returns name information about the given hostname and port number. If
@@ -170,15 +167,17 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
int error;
char sbuf[12];
char *sbufptr = NULL;
+#ifndef USE_RESOLVE_ON_IPS
char addrbuf[128];
+#endif
int pf;
- struct SessionHandle *data = conn->data;
+#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ struct Curl_easy *data = conn->data;
+#endif
*waitp = 0; /* synchronous response only */
- /*
- * Check if a limited name resolve has been requested.
- */
+ /* Check if a limited name resolve has been requested */
switch(conn->ip_version) {
case CURL_IPRESOLVE_V4:
pf = PF_INET;
@@ -192,33 +191,44 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
}
if((pf != PF_INET) && !Curl_ipv6works())
- /* the stack seems to be a non-ipv6 one */
+ /* The stack seems to be a non-IPv6 one */
pf = PF_INET;
memset(&hints, 0, sizeof(hints));
hints.ai_family = pf;
hints.ai_socktype = conn->socktype;
+#ifndef USE_RESOLVE_ON_IPS
+ /*
+ * The AI_NUMERICHOST must not be set to get synthesized IPv6 address from
+ * an IPv4 address on iOS and Mac OS X.
+ */
if((1 == Curl_inet_pton(AF_INET, hostname, addrbuf)) ||
(1 == Curl_inet_pton(AF_INET6, hostname, addrbuf))) {
/* the given address is numerical only, prevent a reverse lookup */
hints.ai_flags = AI_NUMERICHOST;
}
+#endif
if(port) {
snprintf(sbuf, sizeof(sbuf), "%d", port);
- sbufptr=sbuf;
+ sbufptr = sbuf;
}
+
error = Curl_getaddrinfo_ex(hostname, sbufptr, &hints, &res);
if(error) {
infof(data, "getaddrinfo(3) failed for %s:%d\n", hostname, port);
return NULL;
}
+ if(port) {
+ Curl_addrinfo_set_port(res, port);
+ }
+
dump_addrinfo(conn, res);
return res;
}
#endif /* CURLRES_SYNCH */
-#endif /* CURLRES_IPV6 */
+#endif /* CURLRES_IPV6 */
diff --git a/libs/libcurl/src/hostsyn.c b/libs/libcurl/src/hostsyn.c
index 4ad3c63da4..3de6746f52 100644
--- a/libs/libcurl/src/hostsyn.c
+++ b/libs/libcurl/src/hostsyn.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,11 @@
#include "curl_setup.h"
+/***********************************************************************
+ * Only for builds using synchronous name resolves
+ **********************************************************************/
+#ifdef CURLRES_SYNCH
+
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
@@ -47,23 +52,14 @@
#include "share.h"
#include "strerror.h"
#include "url.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
-/***********************************************************************
- * Only for builds using synchronous name resolves
- **********************************************************************/
-#ifdef CURLRES_SYNCH
-
/*
* Function provided by the resolver backend to set DNS servers to use.
*/
-CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+CURLcode Curl_set_dns_servers(struct Curl_easy *data,
char *servers)
{
(void)data;
@@ -76,7 +72,7 @@ CURLcode Curl_set_dns_servers(struct SessionHandle *data,
* Function provided by the resolver backend to set
* outgoing interface to use for DNS requests
*/
-CURLcode Curl_set_dns_interface(struct SessionHandle *data,
+CURLcode Curl_set_dns_interface(struct Curl_easy *data,
const char *interf)
{
(void)data;
@@ -88,7 +84,7 @@ CURLcode Curl_set_dns_interface(struct SessionHandle *data,
* Function provided by the resolver backend to set
* local IPv4 address to use as source address for DNS requests
*/
-CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip4(struct Curl_easy *data,
const char *local_ip4)
{
(void)data;
@@ -100,7 +96,7 @@ CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
* Function provided by the resolver backend to set
* local IPv6 address to use as source address for DNS requests
*/
-CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
+CURLcode Curl_set_dns_local_ip6(struct Curl_easy *data,
const char *local_ip6)
{
(void)data;
diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c
index a147181d5d..def51abc37 100644
--- a/libs/libcurl/src/http.c
+++ b/libs/libcurl/src/http.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -50,37 +50,37 @@
#include "transfer.h"
#include "sendf.h"
#include "formdata.h"
+#include "mime.h"
#include "progress.h"
#include "curl_base64.h"
#include "cookie.h"
-#include "strequal.h"
-#include "sslgen.h"
+#include "vauth/vauth.h"
+#include "vtls/vtls.h"
#include "http_digest.h"
-#include "curl_ntlm.h"
+#include "http_ntlm.h"
#include "curl_ntlm_wb.h"
#include "http_negotiate.h"
#include "url.h"
#include "share.h"
#include "hostip.h"
#include "http.h"
-#include "curl_memory.h"
#include "select.h"
#include "parsedate.h" /* for the week day and month names */
#include "strtoofft.h"
#include "multiif.h"
-#include "rawstr.h"
+#include "strcase.h"
#include "content_encoding.h"
#include "http_proxy.h"
#include "warnless.h"
#include "non-ascii.h"
-#include "bundles.h"
#include "pipeline.h"
#include "http2.h"
+#include "connect.h"
+#include "strdup.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
/*
@@ -119,9 +119,10 @@ const struct Curl_handler Curl_handler_http = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_HTTP, /* defport */
CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
+ PROTOPT_CREDSPERREQUEST /* flags */
};
#ifdef USE_SSL
@@ -143,41 +144,57 @@ const struct Curl_handler Curl_handler_https = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_HTTPS, /* defport */
- CURLPROTO_HTTP | CURLPROTO_HTTPS, /* protocol */
- PROTOPT_SSL /* flags */
+ CURLPROTO_HTTPS, /* protocol */
+ PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | PROTOPT_ALPN_NPN /* flags */
};
#endif
-
CURLcode Curl_http_setup_conn(struct connectdata *conn)
{
- /* allocate the HTTP-specific struct for the SessionHandle, only to survive
+ /* allocate the HTTP-specific struct for the Curl_easy, only to survive
during this request */
+ struct HTTP *http;
DEBUGASSERT(conn->data->req.protop == NULL);
- conn->data->req.protop = calloc(1, sizeof(struct HTTP));
- if(!conn->data->req.protop)
+ http = calloc(1, sizeof(struct HTTP));
+ if(!http)
return CURLE_OUT_OF_MEMORY;
+ Curl_mime_initpart(&http->form, conn->data);
+ conn->data->req.protop = http;
+
+ Curl_http2_setup_conn(conn);
+ Curl_http2_setup_req(conn->data);
+
return CURLE_OK;
}
+
/*
- * checkheaders() checks the linked list of custom HTTP headers for a
- * particular header (prefix).
+ * checkProxyHeaders() checks the linked list of custom proxy headers
+ * if proxy headers are not available, then it will lookup into http header
+ * link list
*
- * Returns a pointer to the first matching header or NULL if none matched.
+ * It takes a connectdata struct as input instead of the Curl_easy simply
+ * to know if this is a proxy request or not, as it then might check a
+ * different header list.
*/
-char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader)
+char *Curl_checkProxyheaders(const struct connectdata *conn,
+ const char *thisheader)
{
struct curl_slist *head;
size_t thislen = strlen(thisheader);
+ struct Curl_easy *data = conn->data;
- for(head = data->set.headers; head; head=head->next) {
- if(Curl_raw_nequal(head->data, thisheader, thislen))
+ for(head = (conn->bits.proxy && data->set.sep_headers) ?
+ data->set.proxyheaders : data->set.headers;
+ head; head = head->next) {
+ if(strncasecompare(head->data, thisheader, thislen))
return head->data;
}
+
return NULL;
}
@@ -187,25 +204,25 @@ char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader)
* case of allocation failure. Returns an empty string if the header value
* consists entirely of whitespace.
*/
-static char *copy_header_value(const char *h)
+char *Curl_copy_header_value(const char *header)
{
const char *start;
const char *end;
char *value;
size_t len;
- DEBUGASSERT(h);
+ DEBUGASSERT(header);
/* Find the end of the header name */
- while(*h && (*h != ':'))
- ++h;
+ while(*header && (*header != ':'))
+ ++header;
- if(*h)
+ if(*header)
/* Skip over colon */
- ++h;
+ ++header;
/* Find the first non-space letter */
- start = h;
+ start = header;
while(*start && ISSPACE(*start))
start++;
@@ -224,7 +241,7 @@ static char *copy_header_value(const char *h)
end--;
/* get length of the type */
- len = end-start+1;
+ len = end - start + 1;
value = malloc(len + 1);
if(!value)
@@ -246,16 +263,17 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
{
size_t size = 0;
char *authorization = NULL;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
char **userp;
const char *user;
const char *pwd;
- CURLcode error;
+ CURLcode result;
+ char *out;
if(proxy) {
userp = &conn->allocptr.proxyuserpwd;
- user = conn->proxyuser;
- pwd = conn->proxypasswd;
+ user = conn->http_proxy.user;
+ pwd = conn->http_proxy.passwd;
}
else {
userp = &conn->allocptr.userpwd;
@@ -263,26 +281,32 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
pwd = conn->passwd;
}
- snprintf(data->state.buffer, sizeof(data->state.buffer), "%s:%s", user, pwd);
+ out = aprintf("%s:%s", user, pwd);
+ if(!out)
+ return CURLE_OUT_OF_MEMORY;
- error = Curl_base64_encode(data,
- data->state.buffer, strlen(data->state.buffer),
- &authorization, &size);
- if(error)
- return error;
+ result = Curl_base64_encode(data, out, strlen(out), &authorization, &size);
+ if(result)
+ goto fail;
- if(!authorization)
- return CURLE_REMOTE_ACCESS_DENIED;
+ if(!authorization) {
+ result = CURLE_REMOTE_ACCESS_DENIED;
+ goto fail;
+ }
- Curl_safefree(*userp);
+ free(*userp);
*userp = aprintf("%sAuthorization: Basic %s\r\n",
- proxy?"Proxy-":"",
+ proxy ? "Proxy-" : "",
authorization);
free(authorization);
- if(!*userp)
- return CURLE_OUT_OF_MEMORY;
+ if(!*userp) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto fail;
+ }
- return CURLE_OK;
+ fail:
+ free(out);
+ return result;
}
/* pickoneauth() selects the most favourable authentication method from the
@@ -299,8 +323,8 @@ static bool pickoneauth(struct auth *pick)
/* The order of these checks is highly relevant, as this will be the order
of preference in case of the existence of multiple accepted types. */
- if(avail & CURLAUTH_GSSNEGOTIATE)
- pick->picked = CURLAUTH_GSSNEGOTIATE;
+ if(avail & CURLAUTH_NEGOTIATE)
+ pick->picked = CURLAUTH_NEGOTIATE;
else if(avail & CURLAUTH_DIGEST)
pick->picked = CURLAUTH_DIGEST;
else if(avail & CURLAUTH_NTLM)
@@ -343,7 +367,7 @@ static bool pickoneauth(struct auth *pick)
*/
static CURLcode http_perhapsrewind(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct HTTP *http = data->req.protop;
curl_off_t bytessent;
curl_off_t expectsend = -1; /* default is unknown */
@@ -363,24 +387,28 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
bytessent = http->writebytecount;
- if(conn->bits.authneg)
+ if(conn->bits.authneg) {
/* This is a state where we are known to be negotiating and we don't send
any data then. */
expectsend = 0;
+ }
+ else if(!conn->bits.protoconnstart) {
+ /* HTTP CONNECT in progress: there is no body */
+ expectsend = 0;
+ }
else {
/* figure out how much data we are expected to send */
switch(data->set.httpreq) {
case HTTPREQ_POST:
- if(data->set.postfieldsize != -1)
- expectsend = data->set.postfieldsize;
- else if(data->set.postfields)
- expectsend = (curl_off_t)strlen(data->set.postfields);
+ if(data->state.infilesize != -1)
+ expectsend = data->state.infilesize;
break;
case HTTPREQ_PUT:
- if(data->set.infilesize != -1)
- expectsend = data->set.infilesize;
+ if(data->state.infilesize != -1)
+ expectsend = data->state.infilesize;
break;
case HTTPREQ_POST_FORM:
+ case HTTPREQ_POST_MIME:
expectsend = http->postsize;
break;
default:
@@ -391,6 +419,7 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
conn->bits.rewindaftersend = FALSE; /* default */
if((expectsend == -1) || (expectsend > bytessent)) {
+#if defined(USE_NTLM)
/* There is still data left to send */
if((data->state.authproxy.picked == CURLAUTH_NTLM) ||
(data->state.authhost.picked == CURLAUTH_NTLM) ||
@@ -410,17 +439,19 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
return CURLE_OK;
}
+
if(conn->bits.close)
/* this is already marked to get closed */
return CURLE_OK;
- infof(data, "NTLM send, close instead of sending %" FORMAT_OFF_T
- " bytes\n", (curl_off_t)(expectsend - bytessent));
+ infof(data, "NTLM send, close instead of sending %"
+ CURL_FORMAT_CURL_OFF_T " bytes\n",
+ (curl_off_t)(expectsend - bytessent));
}
+#endif
- /* This is not NTLM or many bytes left to send: close
- */
- conn->bits.close = TRUE;
+ /* This is not NTLM or many bytes left to send: close */
+ streamclose(conn, "Mid-auth HTTP and much data left to send");
data->req.size = 0; /* don't download any more than 0 bytes */
/* There still is data left to send, but this connection is marked for
@@ -443,10 +474,10 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
CURLcode Curl_http_auth_act(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
bool pickhost = FALSE;
bool pickproxy = FALSE;
- CURLcode code = CURLE_OK;
+ CURLcode result = CURLE_OK;
if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
/* this is a transient response code, ignore */
@@ -482,12 +513,11 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
if((data->set.httpreq != HTTPREQ_GET) &&
(data->set.httpreq != HTTPREQ_HEAD) &&
!conn->bits.rewindaftersend) {
- code = http_perhapsrewind(conn);
- if(code)
- return code;
+ result = http_perhapsrewind(conn);
+ if(result)
+ return result;
}
}
-
else if((data->req.httpcode < 300) &&
(!data->state.authhost.done) &&
conn->bits.authneg) {
@@ -504,15 +534,14 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
}
}
if(http_should_fail(conn)) {
- failf (data, "The requested URL returned error: %d",
- data->req.httpcode);
- code = CURLE_HTTP_RETURNED_ERROR;
+ failf(data, "The requested URL returned error: %d",
+ data->req.httpcode);
+ result = CURLE_HTTP_RETURNED_ERROR;
}
- return code;
+ return result;
}
-
/*
* Output the correct authentication header depending on the auth type
* and whether or not it is to a proxy.
@@ -524,12 +553,14 @@ output_auth_headers(struct connectdata *conn,
const char *path,
bool proxy)
{
- struct SessionHandle *data = conn->data;
- const char *auth=NULL;
+ const char *auth = NULL;
CURLcode result = CURLE_OK;
-#ifdef USE_HTTP_NEGOTIATE
- struct negotiatedata *negdata = proxy?
- &data->state.proxyneg:&data->state.negotiate;
+#if !defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_SPNEGO)
+ struct Curl_easy *data = conn->data;
+#endif
+#ifdef USE_SPNEGO
+ struct negotiatedata *negdata = proxy ?
+ &data->state.proxyneg : &data->state.negotiate;
#endif
#ifdef CURL_DISABLE_CRYPTO_AUTH
@@ -537,11 +568,11 @@ output_auth_headers(struct connectdata *conn,
(void)path;
#endif
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
negdata->state = GSS_AUTHNONE;
- if((authstatus->picked == CURLAUTH_GSSNEGOTIATE) &&
+ if((authstatus->picked == CURLAUTH_NEGOTIATE) &&
negdata->context && !GSS_ERROR(negdata->status)) {
- auth="GSS-Negotiate";
+ auth = "Negotiate";
result = Curl_output_negotiate(conn, proxy);
if(result)
return result;
@@ -552,7 +583,7 @@ output_auth_headers(struct connectdata *conn,
#endif
#ifdef USE_NTLM
if(authstatus->picked == CURLAUTH_NTLM) {
- auth="NTLM";
+ auth = "NTLM";
result = Curl_output_ntlm(conn, proxy);
if(result)
return result;
@@ -561,7 +592,7 @@ output_auth_headers(struct connectdata *conn,
#endif
#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
if(authstatus->picked == CURLAUTH_NTLM_WB) {
- auth="NTLM_WB";
+ auth = "NTLM_WB";
result = Curl_output_ntlm_wb(conn, proxy);
if(result)
return result;
@@ -570,7 +601,7 @@ output_auth_headers(struct connectdata *conn,
#endif
#ifndef CURL_DISABLE_CRYPTO_AUTH
if(authstatus->picked == CURLAUTH_DIGEST) {
- auth="Digest";
+ auth = "Digest";
result = Curl_output_digest(conn,
proxy,
(const unsigned char *)request,
@@ -583,14 +614,15 @@ output_auth_headers(struct connectdata *conn,
if(authstatus->picked == CURLAUTH_BASIC) {
/* Basic */
if((proxy && conn->bits.proxy_user_passwd &&
- !Curl_checkheaders(data, "Proxy-authorization:")) ||
+ !Curl_checkProxyheaders(conn, "Proxy-authorization:")) ||
(!proxy && conn->bits.user_passwd &&
- !Curl_checkheaders(data, "Authorization:"))) {
- auth="Basic";
+ !Curl_checkheaders(conn, "Authorization:"))) {
+ auth = "Basic";
result = http_output_basic(conn, proxy);
if(result)
return result;
}
+
/* NOTE: this function should set 'done' TRUE, as the other auth
functions work that way */
authstatus->done = TRUE;
@@ -598,13 +630,13 @@ output_auth_headers(struct connectdata *conn,
if(auth) {
infof(data, "%s auth using %s with user '%s'\n",
- proxy?"Proxy":"Server", auth,
- proxy?(conn->proxyuser?conn->proxyuser:""):
- (conn->user?conn->user:""));
- authstatus->multi = (!authstatus->done) ? TRUE : FALSE;
+ proxy ? "Proxy" : "Server", auth,
+ proxy ? (conn->http_proxy.user ? conn->http_proxy.user : "") :
+ (conn->user ? conn->user : ""));
+ authstatus->multipass = (!authstatus->done) ? TRUE : FALSE;
}
else
- authstatus->multi = FALSE;
+ authstatus->multipass = FALSE;
return CURLE_OK;
}
@@ -631,7 +663,7 @@ Curl_http_output_auth(struct connectdata *conn,
up the proxy tunnel */
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct auth *authhost;
struct auth *authproxy;
@@ -642,7 +674,7 @@ Curl_http_output_auth(struct connectdata *conn,
if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
conn->bits.user_passwd)
- /* continue please */ ;
+ /* continue please */;
else {
authhost->done = TRUE;
authproxy->done = TRUE;
@@ -683,7 +715,7 @@ Curl_http_output_auth(struct connectdata *conn,
conn->bits.netrc ||
!data->state.first_host ||
data->set.http_disable_hostname_check_before_authentication ||
- Curl_raw_equal(data->state.first_host, conn->host.name)) {
+ strcasecompare(data->state.first_host, conn->host.name)) {
result = output_auth_headers(conn, authhost, request, path, FALSE);
}
else
@@ -692,41 +724,36 @@ Curl_http_output_auth(struct connectdata *conn,
return result;
}
-
/*
* Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate:
* headers. They are dealt with both in the transfer.c main loop and in the
* proxy CONNECT loop.
*/
-CURLcode Curl_http_input_auth(struct connectdata *conn,
- int httpcode,
- const char *header) /* the first non-space */
+CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
+ const char *auth) /* the first non-space */
{
/*
* This resource requires authentication
*/
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
+#ifdef USE_SPNEGO
+ struct negotiatedata *negdata = proxy?
+ &data->state.proxyneg:&data->state.negotiate;
+#endif
unsigned long *availp;
- const char *start;
struct auth *authp;
- if(httpcode == 407) {
- start = header+strlen("Proxy-authenticate:");
+ if(proxy) {
availp = &data->info.proxyauthavail;
authp = &data->state.authproxy;
}
else {
- start = header+strlen("WWW-Authenticate:");
availp = &data->info.httpauthavail;
authp = &data->state.authhost;
}
- /* pass all white spaces */
- while(*start && ISSPACE(*start))
- start++;
-
/*
* Here we check if we want the specific single authentication (using ==) and
* if we do, we initiate usage of it.
@@ -741,37 +768,32 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
* request is sent, and then it is again set _after_ all response 401/407
* headers have been received but then only to a single preferred method
* (bit).
- *
*/
- while(*start) {
-#ifdef USE_HTTP_NEGOTIATE
- if(checkprefix("GSS-Negotiate", start) ||
- checkprefix("Negotiate", start)) {
- int neg;
- *availp |= CURLAUTH_GSSNEGOTIATE;
- authp->avail |= CURLAUTH_GSSNEGOTIATE;
-
- if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
- if(data->state.negotiate.state == GSS_AUTHSENT) {
- /* if we sent GSS authentication in the outgoing request and we get
- this back, we're in trouble */
- infof(data, "Authentication problem. Ignoring this.\n");
- data->state.authproblem = TRUE;
- }
- else {
- neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), start);
- if(neg == 0) {
- DEBUGASSERT(!data->req.newurl);
- data->req.newurl = strdup(data->change.url);
- if(!data->req.newurl)
- return CURLE_OUT_OF_MEMORY;
- data->state.authproblem = FALSE;
- /* we received GSS auth info and we dealt with it fine */
- data->state.negotiate.state = GSS_AUTHRECV;
+ while(*auth) {
+#ifdef USE_SPNEGO
+ if(checkprefix("Negotiate", auth)) {
+ if((authp->avail & CURLAUTH_NEGOTIATE) ||
+ Curl_auth_is_spnego_supported()) {
+ *availp |= CURLAUTH_NEGOTIATE;
+ authp->avail |= CURLAUTH_NEGOTIATE;
+
+ if(authp->picked == CURLAUTH_NEGOTIATE) {
+ if(negdata->state == GSS_AUTHSENT ||
+ negdata->state == GSS_AUTHNONE) {
+ CURLcode result = Curl_input_negotiate(conn, proxy, auth);
+ if(!result) {
+ DEBUGASSERT(!data->req.newurl);
+ data->req.newurl = strdup(data->change.url);
+ if(!data->req.newurl)
+ return CURLE_OUT_OF_MEMORY;
+ data->state.authproblem = FALSE;
+ /* we received a GSS auth token and we dealt with it fine */
+ negdata->state = GSS_AUTHRECV;
+ }
+ else
+ data->state.authproblem = TRUE;
}
- else
- data->state.authproblem = TRUE;
}
}
}
@@ -779,63 +801,68 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
#endif
#ifdef USE_NTLM
/* NTLM support requires the SSL crypto libs */
- if(checkprefix("NTLM", start)) {
- *availp |= CURLAUTH_NTLM;
- authp->avail |= CURLAUTH_NTLM;
- if(authp->picked == CURLAUTH_NTLM ||
- authp->picked == CURLAUTH_NTLM_WB) {
- /* NTLM authentication is picked and activated */
- CURLcode ntlm =
- Curl_input_ntlm(conn, (httpcode == 407)?TRUE:FALSE, start);
- if(CURLE_OK == ntlm) {
- data->state.authproblem = FALSE;
+ if(checkprefix("NTLM", auth)) {
+ if((authp->avail & CURLAUTH_NTLM) ||
+ (authp->avail & CURLAUTH_NTLM_WB) ||
+ Curl_auth_is_ntlm_supported()) {
+ *availp |= CURLAUTH_NTLM;
+ authp->avail |= CURLAUTH_NTLM;
+
+ if(authp->picked == CURLAUTH_NTLM ||
+ authp->picked == CURLAUTH_NTLM_WB) {
+ /* NTLM authentication is picked and activated */
+ CURLcode result = Curl_input_ntlm(conn, proxy, auth);
+ if(!result) {
+ data->state.authproblem = FALSE;
#ifdef NTLM_WB_ENABLED
- if(authp->picked == CURLAUTH_NTLM_WB) {
- *availp &= ~CURLAUTH_NTLM;
- authp->avail &= ~CURLAUTH_NTLM;
- *availp |= CURLAUTH_NTLM_WB;
- authp->avail |= CURLAUTH_NTLM_WB;
-
- /* Get the challenge-message which will be passed to
- * ntlm_auth for generating the type 3 message later */
- while(*start && ISSPACE(*start))
- start++;
- if(checkprefix("NTLM", start)) {
- start += strlen("NTLM");
- while(*start && ISSPACE(*start))
- start++;
- if(*start)
- if((conn->challenge_header = strdup(start)) == NULL)
- return CURLE_OUT_OF_MEMORY;
+ if(authp->picked == CURLAUTH_NTLM_WB) {
+ *availp &= ~CURLAUTH_NTLM;
+ authp->avail &= ~CURLAUTH_NTLM;
+ *availp |= CURLAUTH_NTLM_WB;
+ authp->avail |= CURLAUTH_NTLM_WB;
+
+ /* Get the challenge-message which will be passed to
+ * ntlm_auth for generating the type 3 message later */
+ while(*auth && ISSPACE(*auth))
+ auth++;
+ if(checkprefix("NTLM", auth)) {
+ auth += strlen("NTLM");
+ while(*auth && ISSPACE(*auth))
+ auth++;
+ if(*auth) {
+ conn->challenge_header = strdup(auth);
+ if(!conn->challenge_header)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
}
- }
#endif
- }
- else {
- infof(data, "Authentication problem. Ignoring this.\n");
- data->state.authproblem = TRUE;
+ }
+ else {
+ infof(data, "Authentication problem. Ignoring this.\n");
+ data->state.authproblem = TRUE;
+ }
}
}
}
else
#endif
#ifndef CURL_DISABLE_CRYPTO_AUTH
- if(checkprefix("Digest", start)) {
- if((authp->avail & CURLAUTH_DIGEST) != 0) {
+ if(checkprefix("Digest", auth)) {
+ if((authp->avail & CURLAUTH_DIGEST) != 0)
infof(data, "Ignoring duplicate digest auth header.\n");
- }
- else {
- CURLdigest dig;
+ else if(Curl_auth_is_digest_supported()) {
+ CURLcode result;
+
*availp |= CURLAUTH_DIGEST;
authp->avail |= CURLAUTH_DIGEST;
/* We call this function on input Digest headers even if Digest
* authentication isn't activated yet, as we need to store the
- * incoming data from this header in case we are gonna use
- * Digest. */
- dig = Curl_input_digest(conn, (httpcode == 407)?TRUE:FALSE, start);
-
- if(CURLDIGEST_FINE != dig) {
+ * incoming data from this header in case we are going to use
+ * Digest */
+ result = Curl_input_digest(conn, proxy, auth);
+ if(result) {
infof(data, "Authentication problem. Ignoring this.\n");
data->state.authproblem = TRUE;
}
@@ -843,7 +870,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
}
else
#endif
- if(checkprefix("Basic", start)) {
+ if(checkprefix("Basic", auth)) {
*availp |= CURLAUTH_BASIC;
authp->avail |= CURLAUTH_BASIC;
if(authp->picked == CURLAUTH_BASIC) {
@@ -857,13 +884,14 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
}
/* there may be multiple methods on one line, so keep reading */
- while(*start && *start != ',') /* read up to the next comma */
- start++;
- if(*start == ',') /* if we're on a comma, skip it */
- start++;
- while(*start && ISSPACE(*start))
- start++;
+ while(*auth && *auth != ',') /* read up to the next comma */
+ auth++;
+ if(*auth == ',') /* if we're on a comma, skip it */
+ auth++;
+ while(*auth && ISSPACE(*auth))
+ auth++;
}
+
return CURLE_OK;
}
@@ -879,7 +907,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
*/
static int http_should_fail(struct connectdata *conn)
{
- struct SessionHandle *data;
+ struct Curl_easy *data;
int httpcode;
DEBUGASSERT(conn);
@@ -901,20 +929,11 @@ static int http_should_fail(struct connectdata *conn)
if(httpcode < 400)
return 0;
- if(data->state.resume_from &&
- (data->set.httpreq==HTTPREQ_GET) &&
- (httpcode == 416)) {
- /* "Requested Range Not Satisfiable", just proceed and
- pretend this is no error */
- return 0;
- }
-
/*
** Any code >= 400 that's not 401 or 407 is always
** a terminal error
*/
- if((httpcode != 401) &&
- (httpcode != 407))
+ if((httpcode != 401) && (httpcode != 407))
return 1;
/*
@@ -965,7 +984,7 @@ static size_t readmoredata(char *buffer,
struct HTTP *http = conn->data->req.protop;
size_t fullsize = size * nitems;
- if(0 == http->postsize)
+ if(!http->postsize)
/* nothing to return */
return 0;
@@ -980,12 +999,12 @@ static size_t readmoredata(char *buffer,
/* move backup data into focus and continue on that */
http->postdata = http->backup.postdata;
http->postsize = http->backup.postsize;
- conn->fread_func = http->backup.fread_func;
- conn->fread_in = http->backup.fread_in;
+ conn->data->state.fread_func = http->backup.fread_func;
+ conn->data->state.in = http->backup.fread_in;
http->sending++; /* move one step up */
- http->backup.postsize=0;
+ http->backup.postsize = 0;
}
else
http->postsize = 0;
@@ -1012,6 +1031,16 @@ Curl_send_buffer *Curl_add_buffer_init(void)
}
/*
+ * Curl_add_buffer_free() frees all associated resources.
+ */
+void Curl_add_buffer_free(Curl_send_buffer *buff)
+{
+ if(buff) /* deal with NULL input */
+ free(buff->buffer);
+ free(buff);
+}
+
+/*
* Curl_add_buffer_send() sends a header buffer and frees all associated
* memory. Body data may be appended to the header data if desired.
*
@@ -1030,7 +1059,7 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
{
ssize_t amount;
- CURLcode res;
+ CURLcode result;
char *ptr;
size_t size;
struct HTTP *http = conn->data->req.protop;
@@ -1053,24 +1082,24 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
DEBUGASSERT(size > included_body_bytes);
- res = Curl_convert_to_network(conn->data, ptr, headersize);
+ result = Curl_convert_to_network(conn->data, ptr, headersize);
/* Curl_convert_to_network calls failf if unsuccessful */
- if(res) {
+ if(result) {
/* conversion failed, free memory and return to the caller */
- if(in->buffer)
- free(in->buffer);
- free(in);
- return res;
+ Curl_add_buffer_free(in);
+ return result;
}
- if(conn->handler->flags & PROTOPT_SSL) {
+ if((conn->handler->flags & PROTOPT_SSL ||
+ conn->http_proxy.proxytype == CURLPROXY_HTTPS)
+ && conn->httpversion != 20) {
/* We never send more than CURL_MAX_WRITE_SIZE bytes in one single chunk
when we speak HTTPS, as if only a fraction of it is sent now, this data
needs to fit into the normal read-callback buffer later on and that
buffer is using this size.
*/
- sendsize= (size > CURL_MAX_WRITE_SIZE)?CURL_MAX_WRITE_SIZE:size;
+ sendsize = CURLMIN(size, CURL_MAX_WRITE_SIZE);
/* OpenSSL is very picky and we must send the SAME buffer pointer to the
library when we attempt to re-send this buffer. Sending the same data
@@ -1084,16 +1113,16 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
else
sendsize = size;
- res = Curl_write(conn, sockfd, ptr, sendsize, &amount);
+ result = Curl_write(conn, sockfd, ptr, sendsize, &amount);
- if(CURLE_OK == res) {
+ if(!result) {
/*
* Note that we may not send the entire chunk at once, and we have a set
* number of data bytes at the end of the big buffer (out of which we may
* only send away a part).
*/
/* how much of the header that was sent */
- size_t headlen = (size_t)amount>headersize?headersize:(size_t)amount;
+ size_t headlen = (size_t)amount>headersize ? headersize : (size_t)amount;
size_t bodylen = amount - headlen;
if(conn->data->set.verbose) {
@@ -1103,7 +1132,7 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
/* there was body data sent beyond the initial header part, pass that
on to the debug callback too */
Curl_debug(conn->data, CURLINFO_DATA_OUT,
- ptr+headlen, bodylen, conn);
+ ptr + headlen, bodylen, conn);
}
}
@@ -1113,10 +1142,10 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
*bytes_written += (long)amount;
if(http) {
- if(bodylen)
- /* since we sent a piece of the body here, up the byte counter for it
- accordingly */
- http->writebytecount += bodylen;
+ /* if we sent a piece of the body here, up the byte counter for it
+ accordingly */
+ http->writebytecount += bodylen;
+
if((size_t)amount != size) {
/* The whole request could not be sent in one system call. We must
queue it up and send it later when we get the chance. We must not
@@ -1127,14 +1156,14 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
ptr = in->buffer + amount;
/* backup the currently set pointers */
- http->backup.fread_func = conn->fread_func;
- http->backup.fread_in = conn->fread_in;
+ http->backup.fread_func = conn->data->state.fread_func;
+ http->backup.fread_in = conn->data->state.in;
http->backup.postdata = http->postdata;
http->backup.postsize = http->postsize;
/* set the new pointers for the request-sending */
- conn->fread_func = (curl_read_callback)readmoredata;
- conn->fread_in = (void *)conn;
+ conn->data->state.fread_func = (curl_read_callback)readmoredata;
+ conn->data->state.in = (void *)conn;
http->postdata = ptr;
http->postsize = (curl_off_t)size;
@@ -1156,15 +1185,12 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
This needs FIXing.
*/
return CURLE_SEND_ERROR;
- else
- conn->writechannel_inuse = FALSE;
+ Curl_pipeline_leave_write(conn);
}
}
- if(in->buffer)
- free(in->buffer);
- free(in);
+ Curl_add_buffer_free(in);
- return res;
+ return result;
}
@@ -1185,8 +1211,7 @@ CURLcode Curl_add_bufferf(Curl_send_buffer *in, const char *fmt, ...)
return result;
}
/* If we failed, we cleanup the whole buffer and return error */
- if(in->buffer)
- free(in->buffer);
+ free(in->buffer);
free(in);
return CURLE_OUT_OF_MEMORY;
}
@@ -1215,22 +1240,21 @@ CURLcode Curl_add_buffer(Curl_send_buffer *in, const void *inptr, size_t size)
buffer size that doubles the required size. If this new size
would wrap size_t, then just use the largest possible one */
- if((size > (size_t)-1/2) || (in->size_used > (size_t)-1/2) ||
- (~(size*2) < (in->size_used*2)))
+ if((size > (size_t)-1 / 2) || (in->size_used > (size_t)-1 / 2) ||
+ (~(size * 2) < (in->size_used * 2)))
new_size = (size_t)-1;
else
- new_size = (in->size_used+size)*2;
+ new_size = (in->size_used + size) * 2;
if(in->buffer)
/* we have a buffer, enlarge the existing one */
- new_rb = realloc(in->buffer, new_size);
+ new_rb = Curl_saferealloc(in->buffer, new_size);
else
/* create a new buffer */
new_rb = malloc(new_size);
if(!new_rb) {
/* If we failed, we cleanup the whole buffer and return error */
- Curl_safefree(in->buffer);
free(in);
return CURLE_OUT_OF_MEMORY;
}
@@ -1272,7 +1296,7 @@ Curl_compareheader(const char *headerline, /* line to check */
const char *start;
const char *end;
- if(!Curl_raw_nequal(headerline, header, hlen))
+ if(!strncasecompare(headerline, header, hlen))
return FALSE; /* doesn't start with header */
/* pass the header */
@@ -1297,8 +1321,8 @@ Curl_compareheader(const char *headerline, /* line to check */
clen = strlen(content); /* length of the word to find */
/* find the content string in the rest of the line */
- for(;len>=clen;len--, start++) {
- if(Curl_raw_nequal(start, content, clen))
+ for(; len >= clen; len--, start++) {
+ if(strncasecompare(start, content, clen))
return TRUE; /* match! */
}
@@ -1315,18 +1339,25 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
/* We default to persistent connections. We set this already in this connect
function to make the re-use checks properly be able to check this bit. */
- conn->bits.close = FALSE;
+ connkeep(conn, "HTTP default");
/* the CONNECT procedure might not have been completed */
- result = Curl_proxy_connect(conn);
+ result = Curl_proxy_connect(conn, FIRSTSOCKET);
if(result)
return result;
- if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+ if(conn->bits.proxy_connect_closed)
+ /* this is not an error, just part of the connection negotiation */
+ return CURLE_OK;
+
+ if(CONNECT_FIRSTSOCKET_PROXY_SSL())
+ return CURLE_OK; /* wait for HTTPS proxy SSL initialization to complete */
+
+ if(Curl_connect_ongoing(conn))
/* nothing else to do except wait right now - we're not done here. */
return CURLE_OK;
- if(conn->given->flags & PROTOPT_SSL) {
+ if(conn->given->protocol & CURLPROTO_HTTPS) {
/* perform SSL initialization */
result = https_connecting(conn, done);
if(result)
@@ -1360,106 +1391,89 @@ static CURLcode https_connecting(struct connectdata *conn, bool *done)
/* perform SSL initialization for this socket */
result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, done);
if(result)
- conn->bits.close = TRUE; /* a failed connection is marked for closure
- to prevent (bad) re-use or similar */
+ connclose(conn, "Failed HTTPS connection");
+
return result;
}
-#endif
-#if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
- defined(USE_DARWINSSL)
-/* This function is for OpenSSL, GnuTLS, darwinssl, and schannel only.
- It should be made to query the generic SSL layer instead. */
static int https_getsock(struct connectdata *conn,
curl_socket_t *socks,
int numsocks)
{
- if(conn->handler->flags & PROTOPT_SSL) {
- struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
-
- if(!numsocks)
- return GETSOCK_BLANK;
-
- if(connssl->connecting_state == ssl_connect_2_writing) {
- /* write mode */
- socks[0] = conn->sock[FIRSTSOCKET];
- return GETSOCK_WRITESOCK(0);
- }
- else if(connssl->connecting_state == ssl_connect_2_reading) {
- /* read mode */
- socks[0] = conn->sock[FIRSTSOCKET];
- return GETSOCK_READSOCK(0);
- }
- }
- return CURLE_OK;
-}
-#else
-#ifdef USE_SSL
-static int https_getsock(struct connectdata *conn,
- curl_socket_t *socks,
- int numsocks)
-{
- (void)conn;
- (void)socks;
- (void)numsocks;
+ if(conn->handler->flags & PROTOPT_SSL)
+ return Curl_ssl_getsock(conn, socks, numsocks);
return GETSOCK_BLANK;
}
#endif /* USE_SSL */
-#endif /* USE_SSLEAY || USE_GNUTLS || USE_SCHANNEL */
/*
- * Curl_http_done() gets called from Curl_done() after a single HTTP request
- * has been performed.
+ * Curl_http_done() gets called after a single HTTP request has been
+ * performed.
*/
CURLcode Curl_http_done(struct connectdata *conn,
CURLcode status, bool premature)
{
- struct SessionHandle *data = conn->data;
- struct HTTP *http =data->req.protop;
+ struct Curl_easy *data = conn->data;
+ struct HTTP *http = data->req.protop;
+
+ /* Clear multipass flag. If authentication isn't done yet, then it will get
+ * a chance to be set back to true when we output the next auth header */
+ data->state.authhost.multipass = FALSE;
+ data->state.authproxy.multipass = FALSE;
Curl_unencode_cleanup(conn);
+#ifdef USE_SPNEGO
+ if(data->state.proxyneg.state == GSS_AUTHSENT ||
+ data->state.negotiate.state == GSS_AUTHSENT) {
+ /* add forbid re-use if http-code != 401/407 as a WA only needed for
+ * 401/407 that signal auth failure (empty) otherwise state will be RECV
+ * with current code.
+ * Do not close CONNECT_ONLY connections. */
+ if((data->req.httpcode != 401) && (data->req.httpcode != 407) &&
+ !data->set.connect_only)
+ streamclose(conn, "Negotiate transfer completed");
+ Curl_cleanup_negotiate(data);
+ }
+#endif
+
/* set the proper values (possibly modified on POST) */
- conn->fread_func = data->set.fread_func; /* restore */
- conn->fread_in = data->set.in; /* restore */
conn->seek_func = data->set.seek_func; /* restore */
conn->seek_client = data->set.seek_client; /* restore */
- if(http == NULL)
+ if(!http)
return CURLE_OK;
if(http->send_buffer) {
- Curl_send_buffer *buff = http->send_buffer;
-
- free(buff->buffer);
- free(buff);
+ Curl_add_buffer_free(http->send_buffer);
http->send_buffer = NULL; /* clear the pointer */
}
- if(HTTPREQ_POST_FORM == data->set.httpreq) {
- data->req.bytecount = http->readbytecount + http->writebytecount;
+ Curl_http2_done(conn, premature);
- Curl_formclean(&http->sendit); /* Now free that whole lot */
- if(http->form.fp) {
- /* a file being uploaded was left opened, close it! */
- fclose(http->form.fp);
- http->form.fp = NULL;
- }
- }
- else if(HTTPREQ_PUT == data->set.httpreq)
+ Curl_mime_cleanpart(&http->form);
+
+ switch(data->set.httpreq) {
+ case HTTPREQ_PUT:
+ case HTTPREQ_POST_FORM:
+ case HTTPREQ_POST_MIME:
data->req.bytecount = http->readbytecount + http->writebytecount;
+ break;
+ default:
+ break;
+ }
- if(status != CURLE_OK)
- return (status);
+ if(status)
+ return status;
if(!premature && /* this check is pointless when DONE is called before the
entire operation is complete */
!conn->bits.retry &&
!data->set.connect_only &&
- ((http->readbytecount +
- data->req.headerbytecount -
- data->req.deductheadercount)) <= 0) {
+ (http->readbytecount +
+ data->req.headerbytecount -
+ data->req.deductheadercount) <= 0) {
/* If this connection isn't simply closed to be retried, AND nothing was
read from the HTTP server (that counts), this can't be right so we
return an error here */
@@ -1470,7 +1484,6 @@ CURLcode Curl_http_done(struct connectdata *conn,
return CURLE_OK;
}
-
/*
* Determine if we should use HTTP 1.1 (OR BETTER) for this request. Reasons
* to avoid it include:
@@ -1480,18 +1493,34 @@ CURLcode Curl_http_done(struct connectdata *conn,
* - if any server previously contacted to handle this request only supports
* 1.0.
*/
-static bool use_http_1_1plus(const struct SessionHandle *data,
+static bool use_http_1_1plus(const struct Curl_easy *data,
const struct connectdata *conn)
{
- return ((data->set.httpversion >= CURL_HTTP_VERSION_1_1) ||
- ((data->set.httpversion != CURL_HTTP_VERSION_1_0) &&
- ((conn->httpversion == 11) ||
- ((conn->httpversion != 10) &&
- (data->state.httpversion != 10))))) ? TRUE : FALSE;
+ if((data->state.httpversion == 10) || (conn->httpversion == 10))
+ return FALSE;
+ if((data->set.httpversion == CURL_HTTP_VERSION_1_0) &&
+ (conn->httpversion <= 10))
+ return FALSE;
+ return ((data->set.httpversion == CURL_HTTP_VERSION_NONE) ||
+ (data->set.httpversion >= CURL_HTTP_VERSION_1_1));
+}
+
+static const char *get_http_string(const struct Curl_easy *data,
+ const struct connectdata *conn)
+{
+#ifdef USE_NGHTTP2
+ if(conn->proto.httpc.h2)
+ return "2";
+#endif
+
+ if(use_http_1_1plus(data, conn))
+ return "1.1";
+
+ return "1.0";
}
/* check and possibly add an Expect: header */
-static CURLcode expect100(struct SessionHandle *data,
+static CURLcode expect100(struct Curl_easy *data,
struct connectdata *conn,
Curl_send_buffer *req_buffer)
{
@@ -1499,11 +1528,12 @@ static CURLcode expect100(struct SessionHandle *data,
const char *ptr;
data->state.expect100header = FALSE; /* default to false unless it is set
to TRUE below */
- if(use_http_1_1plus(data, conn)) {
- /* if not doing HTTP 1.0 or disabled explicitly, we add a Expect:
- 100-continue to the headers which actually speeds up post operations
- (as there is one packet coming back from the web server) */
- ptr = Curl_checkheaders(data, "Expect:");
+ if(use_http_1_1plus(data, conn) &&
+ (conn->httpversion != 20)) {
+ /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an
+ Expect: 100-continue to the headers which actually speeds up post
+ operations (as there is one packet coming back from the web server) */
+ ptr = Curl_checkheaders(conn, "Expect:");
if(ptr) {
data->state.expect100header =
Curl_compareheader(ptr, "Expect:", "100-continue");
@@ -1511,95 +1541,157 @@ static CURLcode expect100(struct SessionHandle *data,
else {
result = Curl_add_bufferf(req_buffer,
"Expect: 100-continue\r\n");
- if(result == CURLE_OK)
+ if(!result)
data->state.expect100header = TRUE;
}
}
+
return result;
}
+enum proxy_use {
+ HEADER_SERVER, /* direct to server */
+ HEADER_PROXY, /* regular request to proxy */
+ HEADER_CONNECT /* sending CONNECT to a proxy */
+};
+
CURLcode Curl_add_custom_headers(struct connectdata *conn,
- Curl_send_buffer *req_buffer)
+ bool is_connect,
+ Curl_send_buffer *req_buffer)
{
char *ptr;
- struct curl_slist *headers=conn->data->set.headers;
+ struct curl_slist *h[2];
+ struct curl_slist *headers;
+ int numlists = 1; /* by default */
+ struct Curl_easy *data = conn->data;
+ int i;
- while(headers) {
- ptr = strchr(headers->data, ':');
- if(ptr) {
- /* we require a colon for this to be a true header */
+ enum proxy_use proxy;
- ptr++; /* pass the colon */
- while(*ptr && ISSPACE(*ptr))
- ptr++;
+ if(is_connect)
+ proxy = HEADER_CONNECT;
+ else
+ proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy?
+ HEADER_PROXY:HEADER_SERVER;
- if(*ptr) {
- /* only send this if the contents was non-blank */
-
- if(conn->allocptr.host &&
- /* a Host: header was sent already, don't pass on any custom Host:
- header as that will produce *two* in the same request! */
- checkprefix("Host:", headers->data))
- ;
- else if(conn->data->set.httpreq == HTTPREQ_POST_FORM &&
- /* this header (extended by formdata.c) is sent later */
- checkprefix("Content-Type:", headers->data))
- ;
- else if(conn->bits.authneg &&
- /* while doing auth neg, don't allow the custom length since
- we will force length zero then */
- checkprefix("Content-Length", headers->data))
- ;
- else if(conn->allocptr.te &&
- /* when asking for Transfer-Encoding, don't pass on a custom
- Connection: */
- checkprefix("Connection", headers->data))
- ;
- else {
- CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n",
- headers->data);
- if(result)
- return result;
- }
- }
+ switch(proxy) {
+ case HEADER_SERVER:
+ h[0] = data->set.headers;
+ break;
+ case HEADER_PROXY:
+ h[0] = data->set.headers;
+ if(data->set.sep_headers) {
+ h[1] = data->set.proxyheaders;
+ numlists++;
}
- else {
- ptr = strchr(headers->data, ';');
+ break;
+ case HEADER_CONNECT:
+ if(data->set.sep_headers)
+ h[0] = data->set.proxyheaders;
+ else
+ h[0] = data->set.headers;
+ break;
+ }
+
+ /* loop through one or two lists */
+ for(i = 0; i < numlists; i++) {
+ headers = h[i];
+
+ while(headers) {
+ ptr = strchr(headers->data, ':');
if(ptr) {
+ /* we require a colon for this to be a true header */
- ptr++; /* pass the semicolon */
+ ptr++; /* pass the colon */
while(*ptr && ISSPACE(*ptr))
ptr++;
if(*ptr) {
- /* this may be used for something else in the future */
- }
- else {
- if(*(--ptr) == ';') {
- CURLcode result;
-
- /* send no-value custom header if terminated by semicolon */
- *ptr = ':';
- result = Curl_add_bufferf(req_buffer, "%s\r\n",
- headers->data);
+ /* only send this if the contents was non-blank */
+
+ if(conn->allocptr.host &&
+ /* a Host: header was sent already, don't pass on any custom Host:
+ header as that will produce *two* in the same request! */
+ checkprefix("Host:", headers->data))
+ ;
+ else if(data->set.httpreq == HTTPREQ_POST_FORM &&
+ /* this header (extended by formdata.c) is sent later */
+ checkprefix("Content-Type:", headers->data))
+ ;
+ else if(data->set.httpreq == HTTPREQ_POST_MIME &&
+ /* this header is sent later */
+ checkprefix("Content-Type:", headers->data))
+ ;
+ else if(conn->bits.authneg &&
+ /* while doing auth neg, don't allow the custom length since
+ we will force length zero then */
+ checkprefix("Content-Length:", headers->data))
+ ;
+ else if(conn->allocptr.te &&
+ /* when asking for Transfer-Encoding, don't pass on a custom
+ Connection: */
+ checkprefix("Connection:", headers->data))
+ ;
+ else if((conn->httpversion == 20) &&
+ checkprefix("Transfer-Encoding:", headers->data))
+ /* HTTP/2 doesn't support chunked requests */
+ ;
+ else {
+ CURLcode result = Curl_add_bufferf(req_buffer, "%s\r\n",
+ headers->data);
if(result)
return result;
}
}
}
+ else {
+ ptr = strchr(headers->data, ';');
+ if(ptr) {
+
+ ptr++; /* pass the semicolon */
+ while(*ptr && ISSPACE(*ptr))
+ ptr++;
+
+ if(*ptr) {
+ /* this may be used for something else in the future */
+ }
+ else {
+ if(*(--ptr) == ';') {
+ CURLcode result;
+
+ /* send no-value custom header if terminated by semicolon */
+ *ptr = ':';
+ result = Curl_add_bufferf(req_buffer, "%s\r\n",
+ headers->data);
+
+ /* restore the previous value */
+ *ptr = ';';
+
+ if(result)
+ return result;
+ }
+ }
+ }
+ }
+ headers = headers->next;
}
- headers = headers->next;
}
+
return CURLE_OK;
}
-CURLcode Curl_add_timecondition(struct SessionHandle *data,
+CURLcode Curl_add_timecondition(struct Curl_easy *data,
Curl_send_buffer *req_buffer)
{
const struct tm *tm;
- char *buf = data->state.buffer;
- CURLcode result = CURLE_OK;
struct tm keeptime;
+ CURLcode result;
+ char datestr[80];
+ const char *condp;
+
+ if(data->set.timecondition == CURL_TIMECOND_NONE)
+ /* no condition was asked for */
+ return CURLE_OK;
result = Curl_gmtime(data->set.timevalue, &keeptime);
if(result) {
@@ -1608,6 +1700,21 @@ CURLcode Curl_add_timecondition(struct SessionHandle *data,
}
tm = &keeptime;
+ switch(data->set.timecondition) {
+ default:
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ case CURL_TIMECOND_IFMODSINCE:
+ condp = "If-Modified-Since";
+ break;
+ case CURL_TIMECOND_IFUNMODSINCE:
+ condp = "If-Unmodified-Since";
+ break;
+ case CURL_TIMECOND_LASTMOD:
+ condp = "Last-Modified";
+ break;
+ }
+
/* The If-Modified-Since header family should have their times set in
* GMT as RFC2616 defines: "All HTTP date/time stamps MUST be
* represented in Greenwich Mean Time (GMT), without exception. For the
@@ -1616,8 +1723,9 @@ CURLcode Curl_add_timecondition(struct SessionHandle *data,
*/
/* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
- snprintf(buf, BUFSIZE-1,
- "%s, %02d %s %4d %02d:%02d:%02d GMT",
+ snprintf(datestr, sizeof(datestr),
+ "%s: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+ condp,
Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
tm->tm_mday,
Curl_month[tm->tm_mon],
@@ -1626,34 +1734,20 @@ CURLcode Curl_add_timecondition(struct SessionHandle *data,
tm->tm_min,
tm->tm_sec);
- switch(data->set.timecondition) {
- case CURL_TIMECOND_IFMODSINCE:
- default:
- result = Curl_add_bufferf(req_buffer,
- "If-Modified-Since: %s\r\n", buf);
- break;
- case CURL_TIMECOND_IFUNMODSINCE:
- result = Curl_add_bufferf(req_buffer,
- "If-Unmodified-Since: %s\r\n", buf);
- break;
- case CURL_TIMECOND_LASTMOD:
- result = Curl_add_bufferf(req_buffer,
- "Last-Modified: %s\r\n", buf);
- break;
- }
+ result = Curl_add_buffer(req_buffer, datestr, strlen(datestr));
return result;
}
/*
- * Curl_http() gets called from the generic Curl_do() function when a HTTP
+ * Curl_http() gets called from the generic multi_do() function when a HTTP
* request is to be performed. This creates and sends a properly constructed
* HTTP request.
*/
CURLcode Curl_http(struct connectdata *conn, bool *done)
{
- struct SessionHandle *data=conn->data;
- CURLcode result=CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ CURLcode result = CURLE_OK;
struct HTTP *http;
const char *ppath = data->state.path;
bool paste_ftp_userpwd = FALSE;
@@ -1663,33 +1757,71 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
const char *ptr;
const char *request;
Curl_HttpReq httpreq = data->set.httpreq;
+#if !defined(CURL_DISABLE_COOKIES)
char *addcookies = NULL;
+#endif
curl_off_t included_body = 0;
const char *httpstring;
Curl_send_buffer *req_buffer;
curl_off_t postsize = 0; /* curl_off_t to handle large file sizes */
- int seekerr = CURL_SEEKFUNC_OK;
+ int seekerr = CURL_SEEKFUNC_CANTSEEK;
/* Always consider the DO phase done after this function call, even if there
may be parts of the request that is not yet sent, since we can deal with
the rest of the request in the PERFORM phase. */
*done = TRUE;
+ if(conn->httpversion < 20) { /* unless the connection is re-used and already
+ http2 */
+ switch(conn->negnpn) {
+ case CURL_HTTP_VERSION_2:
+ conn->httpversion = 20; /* we know we're on HTTP/2 now */
+
+ result = Curl_http2_switched(conn, NULL, 0);
+ if(result)
+ return result;
+ break;
+ case CURL_HTTP_VERSION_1_1:
+ /* continue with HTTP/1.1 when explicitly requested */
+ break;
+ default:
+ /* Check if user wants to use HTTP/2 with clear TCP*/
+#ifdef USE_NGHTTP2
+ if(conn->data->set.httpversion ==
+ CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) {
+ DEBUGF(infof(data, "HTTP/2 over clean TCP\n"));
+ conn->httpversion = 20;
+
+ result = Curl_http2_switched(conn, NULL, 0);
+ if(result)
+ return result;
+ }
+#endif
+ break;
+ }
+ }
+ else {
+ /* prepare for a http2 request */
+ result = Curl_http2_setup(conn);
+ if(result)
+ return result;
+ }
+
http = data->req.protop;
if(!data->state.this_is_a_follow) {
- /* this is not a followed location, get the original host name */
- if(data->state.first_host)
- /* Free to avoid leaking memory on multiple requests*/
- free(data->state.first_host);
+ /* Free to avoid leaking memory on multiple requests*/
+ free(data->state.first_host);
data->state.first_host = strdup(conn->host.name);
if(!data->state.first_host)
return CURLE_OUT_OF_MEMORY;
+
+ data->state.first_remote_port = conn->remote_port;
}
http->writebytecount = http->readbytecount = 0;
- if((conn->handler->protocol&(CURLPROTO_HTTP|CURLPROTO_FTP)) &&
+ if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
data->set.upload) {
httpreq = HTTPREQ_PUT;
}
@@ -1705,11 +1837,15 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
switch(httpreq) {
case HTTPREQ_POST:
case HTTPREQ_POST_FORM:
+ case HTTPREQ_POST_MIME:
request = "POST";
break;
case HTTPREQ_PUT:
request = "PUT";
break;
+ case HTTPREQ_OPTIONS:
+ request = "OPTIONS";
+ break;
default: /* this should never happen */
case HTTPREQ_GET:
request = "GET";
@@ -1725,9 +1861,9 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
it might have been used in the proxy connect, but if we have got a header
with the user-agent string specified, we erase the previously made string
here. */
- if(Curl_checkheaders(data, "User-Agent:") && conn->allocptr.uagent) {
+ if(Curl_checkheaders(conn, "User-Agent:")) {
free(conn->allocptr.uagent);
- conn->allocptr.uagent=NULL;
+ conn->allocptr.uagent = NULL;
}
/* setup the authentication headers */
@@ -1735,7 +1871,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(result)
return result;
- if((data->state.authhost.multi || data->state.authproxy.multi) &&
+ if((data->state.authhost.multipass || data->state.authproxy.multipass) &&
(httpreq != HTTPREQ_GET) &&
(httpreq != HTTPREQ_HEAD)) {
/* Auth is required and we are not authenticated yet. Make a PUT or POST
@@ -1746,7 +1882,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
conn->bits.authneg = FALSE;
Curl_safefree(conn->allocptr.ref);
- if(data->change.referer && !Curl_checkheaders(data, "Referer:")) {
+ if(data->change.referer && !Curl_checkheaders(conn, "Referer:")) {
conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
if(!conn->allocptr.ref)
return CURLE_OUT_OF_MEMORY;
@@ -1754,10 +1890,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
else
conn->allocptr.ref = NULL;
- if(data->set.str[STRING_COOKIE] && !Curl_checkheaders(data, "Cookie:"))
+#if !defined(CURL_DISABLE_COOKIES)
+ if(data->set.str[STRING_COOKIE] && !Curl_checkheaders(conn, "Cookie:"))
addcookies = data->set.str[STRING_COOKIE];
+#endif
- if(!Curl_checkheaders(data, "Accept-Encoding:") &&
+ if(!Curl_checkheaders(conn, "Accept-Encoding:") &&
data->set.str[STRING_ENCODING]) {
Curl_safefree(conn->allocptr.accept_encoding);
conn->allocptr.accept_encoding =
@@ -1765,17 +1903,22 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(!conn->allocptr.accept_encoding)
return CURLE_OUT_OF_MEMORY;
}
+ else {
+ Curl_safefree(conn->allocptr.accept_encoding);
+ conn->allocptr.accept_encoding = NULL;
+ }
#ifdef HAVE_LIBZ
/* we only consider transfer-encoding magic if libz support is built-in */
- if(!Curl_checkheaders(data, "TE:") && data->set.http_transfer_encoding) {
+ if(!Curl_checkheaders(conn, "TE:") &&
+ data->set.http_transfer_encoding) {
/* When we are to insert a TE: header in the request, we must also insert
TE in a Connection: header, so we need to merge the custom provided
Connection: header and prevent the original to get sent. Note that if
the user has inserted his/hers own TE: header we don't do this magic
but then assume that the user will handle it all! */
- char *cptr = Curl_checkheaders(data, "Connection:");
+ char *cptr = Curl_checkheaders(conn, "Connection:");
#define TE_HEADER "TE: gzip\r\n"
Curl_safefree(conn->allocptr.te);
@@ -1789,16 +1932,59 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
}
#endif
- ptr = Curl_checkheaders(data, "Transfer-Encoding:");
+ switch(httpreq) {
+ case HTTPREQ_POST_MIME:
+ http->sendit = &data->set.mimepost;
+ break;
+ case HTTPREQ_POST_FORM:
+ /* Convert the form structure into a mime structure. */
+ Curl_mime_cleanpart(&http->form);
+ result = Curl_getformdata(data, &http->form, data->set.httppost,
+ data->state.fread_func);
+ if(result)
+ return result;
+ http->sendit = &http->form;
+ break;
+ default:
+ http->sendit = NULL;
+ }
+
+ if(http->sendit) {
+ const char *cthdr = Curl_checkheaders(conn, "Content-Type:");
+
+ /* Read and seek body only. */
+ http->sendit->flags |= MIME_BODY_ONLY;
+
+ /* Prepare the mime structure headers & set content type. */
+
+ if(cthdr)
+ for(cthdr += 13; *cthdr == ' '; cthdr++)
+ ;
+ else if(http->sendit->kind == MIMEKIND_MULTIPART)
+ cthdr = "multipart/form-data";
+
+ curl_mime_headers(http->sendit, data->set.headers, 0);
+ result = Curl_mime_prepare_headers(http->sendit, cthdr,
+ NULL, MIMESTRATEGY_FORM);
+ curl_mime_headers(http->sendit, NULL, 0);
+ if(!result)
+ result = Curl_mime_rewind(http->sendit);
+ if(result)
+ return result;
+ http->postsize = Curl_mime_size(http->sendit);
+ }
+
+ ptr = Curl_checkheaders(conn, "Transfer-Encoding:");
if(ptr) {
/* Some kind of TE is requested, check if 'chunked' is chosen */
data->req.upload_chunky =
Curl_compareheader(ptr, "Transfer-Encoding:", "chunked");
}
else {
- if((conn->handler->protocol&CURLPROTO_HTTP) &&
- data->set.upload &&
- (data->set.infilesize == -1)) {
+ if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+ (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) &&
+ http->postsize < 0) ||
+ (data->set.upload && data->state.infilesize == -1))) {
if(conn->bits.authneg)
/* don't enable chunked during auth neg */
;
@@ -1822,16 +2008,16 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
Curl_safefree(conn->allocptr.host);
- ptr = Curl_checkheaders(data, "Host:");
+ ptr = Curl_checkheaders(conn, "Host:");
if(ptr && (!data->state.this_is_a_follow ||
- Curl_raw_equal(data->state.first_host, conn->host.name))) {
+ strcasecompare(data->state.first_host, conn->host.name))) {
#if !defined(CURL_DISABLE_COOKIES)
/* If we have a given custom Host: header, we extract the host name in
order to possibly use it for cookie reasons later on. We only allow the
custom Host: header if this is NOT a redirect, as setting Host: in the
redirected request is being out on thin ice. Except if the host name
is the same as the first one! */
- char *cookiehost = copy_header_value(ptr);
+ char *cookiehost = Curl_copy_header_value(ptr);
if(!cookiehost)
return CURLE_OUT_OF_MEMORY;
if(!*cookiehost)
@@ -1860,7 +2046,14 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
}
#endif
- conn->allocptr.host = NULL;
+ if(strcmp("Host:", ptr)) {
+ conn->allocptr.host = aprintf("%s\r\n", ptr);
+ if(!conn->allocptr.host)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else
+ /* when clearing the header */
+ conn->allocptr.host = NULL;
}
else {
/* When building Host: headers, we must put the host name within
@@ -1889,7 +2082,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
}
#ifndef CURL_DISABLE_PROXY
- if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
+ if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
/* Using a proxy but does not tunnel through it */
/* The path sent to the proxy is in fact the entire URL. But if the remote
@@ -1937,7 +2130,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
/* when doing ftp, append ;type=<a|i> if not present */
char *type = strstr(ppath, ";type=");
if(type && type[6] && type[7] == 0) {
- switch (Curl_raw_toupper(type[6])) {
+ switch(Curl_raw_toupper(type[6])) {
case 'A':
case 'D':
case 'I':
@@ -1963,21 +2156,9 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
}
#endif /* CURL_DISABLE_PROXY */
- if(HTTPREQ_POST_FORM == httpreq) {
- /* we must build the whole post sequence first, so that we have a size of
- the whole transfer before we start to send it */
- result = Curl_getformdata(data, &http->sendit, data->set.httppost,
- Curl_checkheaders(data, "Content-Type:"),
- &http->postsize);
- if(result)
- return result;
- }
-
- http->p_accept = Curl_checkheaders(data, "Accept:")?NULL:"Accept: */*\r\n";
+ http->p_accept = Curl_checkheaders(conn, "Accept:")?NULL:"Accept: */*\r\n";
- if(( (HTTPREQ_POST == httpreq) ||
- (HTTPREQ_POST_FORM == httpreq) ||
- (HTTPREQ_PUT == httpreq) ) &&
+ if((HTTPREQ_POST == httpreq || HTTPREQ_PUT == httpreq) &&
data->state.resume_from) {
/**********************************************************************
* Resuming upload in HTTP means that we PUT or POST and that we have
@@ -1985,9 +2166,10 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
* a Range: header that will be passed along. We need to "fast forward"
* the file the given number of bytes and decrease the assume upload
* file size before we continue this venture in the dark lands of HTTP.
+ * Resuming mime/form posting at an offset > 0 has no sense and is ignored.
*********************************************************************/
- if(data->state.resume_from < 0 ) {
+ if(data->state.resume_from < 0) {
/*
* This is meant to get the size of the present remote-file by itself.
* We don't support this now. Bail out!
@@ -2006,40 +2188,39 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
}
if(seekerr != CURL_SEEKFUNC_OK) {
+ curl_off_t passed = 0;
+
if(seekerr != CURL_SEEKFUNC_CANTSEEK) {
failf(data, "Could not seek stream");
return CURLE_READ_ERROR;
}
/* when seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */
- else {
- curl_off_t passed=0;
- do {
- size_t readthisamountnow =
- (data->state.resume_from - passed > CURL_OFF_T_C(BUFSIZE)) ?
- BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
-
- size_t actuallyread =
- data->set.fread_func(data->state.buffer, 1, readthisamountnow,
- data->set.in);
-
- passed += actuallyread;
- if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
- /* this checks for greater-than only to make sure that the
- CURL_READFUNC_ABORT return code still aborts */
- failf(data, "Could only read %" FORMAT_OFF_T
- " bytes from the input",
- passed);
- return CURLE_READ_ERROR;
- }
- } while(passed < data->state.resume_from);
- }
+ do {
+ size_t readthisamountnow =
+ (data->state.resume_from - passed > data->set.buffer_size) ?
+ (size_t)data->set.buffer_size :
+ curlx_sotouz(data->state.resume_from - passed);
+
+ size_t actuallyread =
+ data->state.fread_func(data->state.buffer, 1, readthisamountnow,
+ data->state.in);
+
+ passed += actuallyread;
+ if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
+ /* this checks for greater-than only to make sure that the
+ CURL_READFUNC_ABORT return code still aborts */
+ failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T
+ " bytes from the input", passed);
+ return CURLE_READ_ERROR;
+ }
+ } while(passed < data->state.resume_from);
}
/* now, decrease the size of the read */
- if(data->set.infilesize>0) {
- data->set.infilesize -= data->state.resume_from;
+ if(data->state.infilesize>0) {
+ data->state.infilesize -= data->state.resume_from;
- if(data->set.infilesize <= 0) {
+ if(data->state.infilesize <= 0) {
failf(data, "File already completely uploaded");
return CURLE_PARTIAL_FILE;
}
@@ -2054,37 +2235,35 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
* ones if any such are specified.
*/
if(((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) &&
- !Curl_checkheaders(data, "Range:")) {
+ !Curl_checkheaders(conn, "Range:")) {
/* if a line like this was already allocated, free the previous one */
- if(conn->allocptr.rangeline)
- free(conn->allocptr.rangeline);
+ free(conn->allocptr.rangeline);
conn->allocptr.rangeline = aprintf("Range: bytes=%s\r\n",
data->state.range);
}
- else if((httpreq != HTTPREQ_GET) &&
- !Curl_checkheaders(data, "Content-Range:")) {
+ else if((httpreq == HTTPREQ_POST || httpreq == HTTPREQ_PUT) &&
+ !Curl_checkheaders(conn, "Content-Range:")) {
/* if a line like this was already allocated, free the previous one */
- if(conn->allocptr.rangeline)
- free(conn->allocptr.rangeline);
+ free(conn->allocptr.rangeline);
if(data->set.set_resume_from < 0) {
/* Upload resume was asked for, but we don't know the size of the
remote part so we tell the server (and act accordingly) that we
upload the whole file (again) */
conn->allocptr.rangeline =
- aprintf("Content-Range: bytes 0-%" FORMAT_OFF_T
- "/%" FORMAT_OFF_T "\r\n",
- data->set.infilesize - 1, data->set.infilesize);
+ aprintf("Content-Range: bytes 0-%" CURL_FORMAT_CURL_OFF_T
+ "/%" CURL_FORMAT_CURL_OFF_T "\r\n",
+ data->state.infilesize - 1, data->state.infilesize);
}
else if(data->state.resume_from) {
/* This is because "resume" was selected */
- curl_off_t total_expected_size=
- data->state.resume_from + data->set.infilesize;
+ curl_off_t total_expected_size =
+ data->state.resume_from + data->state.infilesize;
conn->allocptr.rangeline =
- aprintf("Content-Range: bytes %s%" FORMAT_OFF_T
- "/%" FORMAT_OFF_T "\r\n",
+ aprintf("Content-Range: bytes %s%" CURL_FORMAT_CURL_OFF_T
+ "/%" CURL_FORMAT_CURL_OFF_T "\r\n",
data->state.range, total_expected_size-1,
total_expected_size);
}
@@ -2092,17 +2271,15 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
/* Range was selected and then we just pass the incoming range and
append total size */
conn->allocptr.rangeline =
- aprintf("Content-Range: bytes %s/%" FORMAT_OFF_T "\r\n",
- data->state.range, data->set.infilesize);
+ aprintf("Content-Range: bytes %s/%" CURL_FORMAT_CURL_OFF_T "\r\n",
+ data->state.range, data->state.infilesize);
}
if(!conn->allocptr.rangeline)
return CURLE_OUT_OF_MEMORY;
}
}
- /* Use 1.1 unless the user specifically asked for 1.0 or the server only
- supports 1.0 */
- httpstring= use_http_1_1plus(data, conn)?"1.1":"1.0";
+ httpstring = get_http_string(data, conn);
/* initialize a dynamic send-buffer */
req_buffer = Curl_add_buffer_init();
@@ -2116,6 +2293,9 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(result)
return result;
+ if(data->set.str[STRING_TARGET])
+ ppath = data->set.str[STRING_TARGET];
+
/* url */
if(paste_ftp_userpwd)
result = Curl_add_bufferf(req_buffer, "ftp://%s:%s@%s",
@@ -2130,11 +2310,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
Curl_add_bufferf(req_buffer,
"%s" /* ftp typecode (;type=x) */
" HTTP/%s\r\n" /* HTTP version */
+ "%s" /* host */
"%s" /* proxyuserpwd */
"%s" /* userpwd */
"%s" /* range */
"%s" /* user agent */
- "%s" /* host */
"%s" /* accept */
"%s" /* TE: */
"%s" /* accept-encoding */
@@ -2144,6 +2324,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
ftp_typecode,
httpstring,
+ (conn->allocptr.host?conn->allocptr.host:""),
conn->allocptr.proxyuserpwd?
conn->allocptr.proxyuserpwd:"",
conn->allocptr.userpwd?conn->allocptr.userpwd:"",
@@ -2153,7 +2334,6 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
*data->set.str[STRING_USERAGENT] &&
conn->allocptr.uagent)?
conn->allocptr.uagent:"",
- (conn->allocptr.host?conn->allocptr.host:""),
http->p_accept?http->p_accept:"",
conn->allocptr.te?conn->allocptr.te:"",
(data->set.str[STRING_ENCODING] &&
@@ -2164,35 +2344,33 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
conn->allocptr.ref:"" /* Referer: <data> */,
(conn->bits.httpproxy &&
!conn->bits.tunnel_proxy &&
- !Curl_checkheaders(data, "Proxy-Connection:"))?
+ !Curl_checkProxyheaders(conn, "Proxy-Connection:"))?
"Proxy-Connection: Keep-Alive\r\n":"",
te
);
- /*
- * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM
- * with basic and digest, it will be freed anyway by the next request
- */
-
- Curl_safefree (conn->allocptr.userpwd);
- conn->allocptr.userpwd = NULL;
+ /* clear userpwd and proxyuserpwd to avoid re-using old credentials
+ * from re-used connections */
+ Curl_safefree(conn->allocptr.userpwd);
+ Curl_safefree(conn->allocptr.proxyuserpwd);
if(result)
return result;
if(!(conn->handler->flags&PROTOPT_SSL) &&
- (data->set.httpversion == CURL_HTTP_VERSION_2_0)) {
- /* append HTTP2 updrade magic stuff to the HTTP request if it isn't done
+ conn->httpversion != 20 &&
+ (data->set.httpversion == CURL_HTTP_VERSION_2)) {
+ /* append HTTP2 upgrade magic stuff to the HTTP request if it isn't done
over SSL */
- result = Curl_http2_request(req_buffer, conn);
+ result = Curl_http2_request_upgrade(req_buffer, conn);
if(result)
return result;
}
#if !defined(CURL_DISABLE_COOKIES)
if(data->cookies || addcookies) {
- struct Cookie *co=NULL; /* no cookies from start */
- int count=0;
+ struct Cookie *co = NULL; /* no cookies from start */
+ int count = 0;
if(data->cookies) {
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
@@ -2205,7 +2383,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
}
if(co) {
- struct Cookie *store=co;
+ struct Cookie *store = co;
/* now loop through all cookies that matched */
while(co) {
if(co->value) {
@@ -2223,19 +2401,18 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
}
co = co->next; /* next cookie please */
}
- Curl_cookie_freelist(store, FALSE); /* free the cookie list */
+ Curl_cookie_freelist(store);
}
- if(addcookies && (CURLE_OK == result)) {
+ if(addcookies && !result) {
if(!count)
result = Curl_add_bufferf(req_buffer, "Cookie: ");
- if(CURLE_OK == result) {
- result = Curl_add_bufferf(req_buffer, "%s%s",
- count?"; ":"",
+ if(!result) {
+ result = Curl_add_bufferf(req_buffer, "%s%s", count?"; ":"",
addcookies);
count++;
}
}
- if(count && (CURLE_OK == result))
+ if(count && !result)
result = Curl_add_buffer(req_buffer, "\r\n", 2);
if(result)
@@ -2243,18 +2420,16 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
}
#endif
- if(data->set.timecondition) {
- result = Curl_add_timecondition(data, req_buffer);
- if(result)
- return result;
- }
+ result = Curl_add_timecondition(data, req_buffer);
+ if(result)
+ return result;
- result = Curl_add_custom_headers(conn, req_buffer);
+ result = Curl_add_custom_headers(conn, FALSE, req_buffer);
if(result)
return result;
http->postdata = NULL; /* nothing to post at this point */
- Curl_pgrsSetUploadSize(data, 0); /* upload size is 0 atm */
+ Curl_pgrsSetUploadSize(data, -1); /* upload size is unknown atm */
/* If 'authdone' is FALSE, we must not set the write socket index to the
Curl_transfer() call below, as we're not ready to actually upload any
@@ -2262,8 +2437,54 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
switch(httpreq) {
+ case HTTPREQ_PUT: /* Let's PUT the data to the server! */
+
+ if(conn->bits.authneg)
+ postsize = 0;
+ else
+ postsize = data->state.infilesize;
+
+ if((postsize != -1) && !data->req.upload_chunky &&
+ (conn->bits.authneg || !Curl_checkheaders(conn, "Content-Length:"))) {
+ /* only add Content-Length if not uploading chunked */
+ result = Curl_add_bufferf(req_buffer,
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+ "\r\n", postsize);
+ if(result)
+ return result;
+ }
+
+ if(postsize != 0) {
+ result = expect100(data, conn, req_buffer);
+ if(result)
+ return result;
+ }
+
+ result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers */
+ if(result)
+ return result;
+
+ /* set the upload size to the progress meter */
+ Curl_pgrsSetUploadSize(data, postsize);
+
+ /* this sends the buffer and frees all the buffer resources */
+ result = Curl_add_buffer_send(req_buffer, conn,
+ &data->info.request_size, 0, FIRSTSOCKET);
+ if(result)
+ failf(data, "Failed sending PUT request");
+ else
+ /* prepare for transfer */
+ Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
+ &http->readbytecount, postsize?FIRSTSOCKET:-1,
+ postsize?&http->writebytecount:NULL);
+ if(result)
+ return result;
+ break;
+
case HTTPREQ_POST_FORM:
- if(!http->sendit || conn->bits.authneg) {
+ case HTTPREQ_POST_MIME:
+ /* This is form posting using mime data. */
+ if(conn->bits.authneg) {
/* nothing to post! */
result = Curl_add_bufferf(req_buffer, "Content-Length: 0\r\n\r\n");
if(result)
@@ -2280,122 +2501,68 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
break;
}
- if(Curl_FormInit(&http->form, http->sendit)) {
- failf(data, "Internal HTTP POST error!");
- return CURLE_HTTP_POST_ERROR;
- }
+ postsize = http->postsize;
- /* Get the currently set callback function pointer and store that in the
- form struct since we might want the actual user-provided callback later
- on. The conn->fread_func pointer itself will be changed for the
- multipart case to the function that returns a multipart formatted
- stream. */
- http->form.fread_func = conn->fread_func;
-
- /* Set the read function to read from the generated form data */
- conn->fread_func = (curl_read_callback)Curl_FormReader;
- conn->fread_in = &http->form;
-
- http->sending = HTTPSEND_BODY;
-
- if(!data->req.upload_chunky &&
- !Curl_checkheaders(data, "Content-Length:")) {
- /* only add Content-Length if not uploading chunked */
+ /* We only set Content-Length and allow a custom Content-Length if
+ we don't upload data chunked, as RFC2616 forbids us to set both
+ kinds of headers (Transfer-Encoding: chunked and Content-Length) */
+ if(postsize != -1 && !data->req.upload_chunky &&
+ (conn->bits.authneg || !Curl_checkheaders(conn, "Content-Length:"))) {
+ /* we allow replacing this header if not during auth negotiation,
+ although it isn't very wise to actually set your own */
result = Curl_add_bufferf(req_buffer,
- "Content-Length: %" FORMAT_OFF_T "\r\n",
- http->postsize);
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+ "\r\n", postsize);
if(result)
return result;
}
- result = expect100(data, conn, req_buffer);
- if(result)
- return result;
-
+ /* Output mime-generated headers. */
{
+ struct curl_slist *hdr;
- /* Get Content-Type: line from Curl_formpostheader.
- */
- char *contentType;
- size_t linelength=0;
- contentType = Curl_formpostheader((void *)&http->form,
- &linelength);
- if(!contentType) {
- failf(data, "Could not get Content-Type header line!");
- return CURLE_HTTP_POST_ERROR;
+ for(hdr = http->sendit->curlheaders; hdr; hdr = hdr->next) {
+ result = Curl_add_bufferf(req_buffer, "%s\r\n", hdr->data);
+ if(result)
+ return result;
}
-
- result = Curl_add_buffer(req_buffer, contentType, linelength);
- if(result)
- return result;
- }
-
- /* make the request end in a true CRLF */
- result = Curl_add_buffer(req_buffer, "\r\n", 2);
- if(result)
- return result;
-
- /* set upload size to the progress meter */
- Curl_pgrsSetUploadSize(data, http->postsize);
-
- /* fire away the whole request to the server */
- result = Curl_add_buffer_send(req_buffer, conn,
- &data->info.request_size, 0, FIRSTSOCKET);
- if(result)
- failf(data, "Failed sending POST request");
- else
- /* setup variables for the upcoming transfer */
- Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
- &http->readbytecount, FIRSTSOCKET,
- &http->writebytecount);
-
- if(result) {
- Curl_formclean(&http->sendit); /* free that whole lot */
- return result;
}
- /* convert the form data */
- result = Curl_convert_form(data, http->sendit);
- if(result) {
- Curl_formclean(&http->sendit); /* free that whole lot */
- return result;
+ /* For really small posts we don't use Expect: headers at all, and for
+ the somewhat bigger ones we allow the app to disable it. Just make
+ sure that the expect100header is always set to the preferred value
+ here. */
+ ptr = Curl_checkheaders(conn, "Expect:");
+ if(ptr) {
+ data->state.expect100header =
+ Curl_compareheader(ptr, "Expect:", "100-continue");
}
-
- break;
-
- case HTTPREQ_PUT: /* Let's PUT the data to the server! */
-
- if(conn->bits.authneg)
- postsize = 0;
- else
- postsize = data->set.infilesize;
-
- if((postsize != -1) && !data->req.upload_chunky &&
- !Curl_checkheaders(data, "Content-Length:")) {
- /* only add Content-Length if not uploading chunked */
- result = Curl_add_bufferf(req_buffer,
- "Content-Length: %" FORMAT_OFF_T "\r\n",
- postsize );
+ else if(postsize > EXPECT_100_THRESHOLD || postsize < 0) {
+ result = expect100(data, conn, req_buffer);
if(result)
return result;
}
+ else
+ data->state.expect100header = FALSE;
- result = expect100(data, conn, req_buffer);
- if(result)
- return result;
-
- result = Curl_add_buffer(req_buffer, "\r\n", 2); /* end of headers */
+ /* make the request end in a true CRLF */
+ result = Curl_add_buffer(req_buffer, "\r\n", 2);
if(result)
return result;
/* set the upload size to the progress meter */
Curl_pgrsSetUploadSize(data, postsize);
+ /* Read from mime structure. */
+ data->state.fread_func = (curl_read_callback) Curl_mime_read;
+ data->state.in = (void *) http->sendit;
+ http->sending = HTTPSEND_BODY;
+
/* this sends the buffer and frees all the buffer resources */
result = Curl_add_buffer_send(req_buffer, conn,
&data->info.request_size, 0, FIRSTSOCKET);
if(result)
- failf(data, "Failed sending PUT request");
+ failf(data, "Failed sending POST request");
else
/* prepare for transfer */
Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
@@ -2403,6 +2570,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
postsize?&http->writebytecount:NULL);
if(result)
return result;
+
break;
case HTTPREQ_POST:
@@ -2410,29 +2578,25 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(conn->bits.authneg)
postsize = 0;
- else {
- /* figure out the size of the postfields */
- postsize = (data->set.postfieldsize != -1)?
- data->set.postfieldsize:
- (data->set.postfields? (curl_off_t)strlen(data->set.postfields):-1);
- }
- if(!data->req.upload_chunky) {
- /* We only set Content-Length and allow a custom Content-Length if
- we don't upload data chunked, as RFC2616 forbids us to set both
- kinds of headers (Transfer-Encoding: chunked and Content-Length) */
-
- if(conn->bits.authneg || !Curl_checkheaders(data, "Content-Length:")) {
- /* we allow replacing this header if not during auth negotiation,
- although it isn't very wise to actually set your own */
- result = Curl_add_bufferf(req_buffer,
- "Content-Length: %" FORMAT_OFF_T"\r\n",
- postsize);
- if(result)
- return result;
- }
+ else
+ /* the size of the post body */
+ postsize = data->state.infilesize;
+
+ /* We only set Content-Length and allow a custom Content-Length if
+ we don't upload data chunked, as RFC2616 forbids us to set both
+ kinds of headers (Transfer-Encoding: chunked and Content-Length) */
+ if((postsize != -1) && !data->req.upload_chunky &&
+ (conn->bits.authneg || !Curl_checkheaders(conn, "Content-Length:"))) {
+ /* we allow replacing this header if not during auth negotiation,
+ although it isn't very wise to actually set your own */
+ result = Curl_add_bufferf(req_buffer,
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+ "\r\n", postsize);
+ if(result)
+ return result;
}
- if(!Curl_checkheaders(data, "Content-Type:")) {
+ if(!Curl_checkheaders(conn, "Content-Type:")) {
result = Curl_add_bufferf(req_buffer,
"Content-Type: application/"
"x-www-form-urlencoded\r\n");
@@ -2444,12 +2608,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
the somewhat bigger ones we allow the app to disable it. Just make
sure that the expect100header is always set to the preferred value
here. */
- ptr = Curl_checkheaders(data, "Expect:");
+ ptr = Curl_checkheaders(conn, "Expect:");
if(ptr) {
data->state.expect100header =
Curl_compareheader(ptr, "Expect:", "100-continue");
}
- else if(postsize > TINY_INITIAL_POST_SIZE || postsize < 0) {
+ else if(postsize > EXPECT_100_THRESHOLD || postsize < 0) {
result = expect100(data, conn, req_buffer);
if(result)
return result;
@@ -2459,8 +2623,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(data->set.postfields) {
- if(!data->state.expect100header &&
- (postsize < MAX_INITIAL_POST_SIZE)) {
+ /* In HTTP2, we send request body in DATA frame regardless of
+ its size. */
+ if(conn->httpversion != 20 &&
+ !data->state.expect100header &&
+ (postsize < MAX_INITIAL_POST_SIZE)) {
/* if we don't use expect: 100 AND
postsize is less than MAX_INITIAL_POST_SIZE
@@ -2483,17 +2650,16 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(postsize) {
/* Append the POST data chunky-style */
result = Curl_add_bufferf(req_buffer, "%x\r\n", (int)postsize);
- if(CURLE_OK == result) {
+ if(!result) {
result = Curl_add_buffer(req_buffer, data->set.postfields,
(size_t)postsize);
- if(CURLE_OK == result)
- result = Curl_add_buffer(req_buffer, "\r\n", 2);
+ if(!result)
+ result = Curl_add_buffer(req_buffer, "\r\n", 2);
included_body = postsize + 2;
}
}
- if(CURLE_OK == result)
- result = Curl_add_buffer(req_buffer,
- "\x30\x0d\x0a\x0d\x0a", 5);
+ if(!result)
+ result = Curl_add_buffer(req_buffer, "\x30\x0d\x0a\x0d\x0a", 5);
/* 0 CR LF CR LF */
included_body += 5;
}
@@ -2509,8 +2675,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
http->sending = HTTPSEND_BODY;
- conn->fread_func = (curl_read_callback)readmoredata;
- conn->fread_in = (void *)conn;
+ data->state.fread_func = (curl_read_callback)readmoredata;
+ data->state.in = (void *)conn;
/* set the upload size to the progress meter */
Curl_pgrsSetUploadSize(data, http->postsize);
@@ -2535,7 +2701,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
return result;
}
- else if(data->set.postfieldsize) {
+ else if(data->state.infilesize) {
/* set the upload size to the progress meter */
Curl_pgrsSetUploadSize(data, postsize?postsize:-1);
@@ -2590,15 +2756,21 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(http->writebytecount >= postsize) {
/* already sent the entire request body, mark the "upload" as
complete */
- infof(data, "upload completely sent off: %" FORMAT_OFF_T " out of "
- "%" FORMAT_OFF_T " bytes\n",
+ infof(data, "upload completely sent off: %" CURL_FORMAT_CURL_OFF_T
+ " out of %" CURL_FORMAT_CURL_OFF_T " bytes\n",
http->writebytecount, postsize);
data->req.upload_done = TRUE;
data->req.keepon &= ~KEEP_SEND; /* we're done writing */
data->req.exp100 = EXP100_SEND_DATA; /* already sent */
+ Curl_expire_done(data, EXPIRE_100_TIMEOUT);
}
}
+ if((conn->httpversion == 20) && data->req.upload_chunky)
+ /* upload_chunky was set above to set up the request in a chunky fashion,
+ but is disabled here again to avoid that the chunked encoded version is
+ actually used when sending the request body over h2 */
+ data->req.upload_chunky = FALSE;
return result;
}
@@ -2608,7 +2780,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
* Returns TRUE if member of the list matches prefix of string
*/
static bool
-checkhttpprefix(struct SessionHandle *data,
+checkhttpprefix(struct Curl_easy *data,
const char *s)
{
struct curl_slist *head = data->set.http200aliases;
@@ -2617,10 +2789,10 @@ checkhttpprefix(struct SessionHandle *data,
/* convert from the network encoding using a scratch area */
char *scratch = strdup(s);
if(NULL == scratch) {
- failf (data, "Failed to allocate memory for conversion!");
+ failf(data, "Failed to allocate memory for conversion!");
return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */
}
- if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s)+1)) {
+ if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) {
/* Curl_convert_from_network calls failf if unsuccessful */
free(scratch);
return FALSE; /* can't return CURLE_foobar so return FALSE */
@@ -2647,35 +2819,36 @@ checkhttpprefix(struct SessionHandle *data,
#ifndef CURL_DISABLE_RTSP
static bool
-checkrtspprefix(struct SessionHandle *data,
+checkrtspprefix(struct Curl_easy *data,
const char *s)
{
+ bool result = FALSE;
#ifdef CURL_DOES_CONVERSIONS
/* convert from the network encoding using a scratch area */
char *scratch = strdup(s);
if(NULL == scratch) {
- failf (data, "Failed to allocate memory for conversion!");
+ failf(data, "Failed to allocate memory for conversion!");
return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */
}
- if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s)+1)) {
+ if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) {
/* Curl_convert_from_network calls failf if unsuccessful */
- free(scratch);
- return FALSE; /* can't return CURLE_foobar so return FALSE */
+ result = FALSE; /* can't return CURLE_foobar so return FALSE */
}
- s = scratch;
+ else
+ result = checkprefix("RTSP/", scratch)? TRUE: FALSE;
+ free(scratch);
#else
(void)data; /* unused */
+ result = checkprefix("RTSP/", s)? TRUE: FALSE;
#endif /* CURL_DOES_CONVERSIONS */
- if(checkprefix("RTSP/", s))
- return TRUE;
- else
- return FALSE;
+
+ return result;
}
#endif /* CURL_DISABLE_RTSP */
static bool
-checkprotoprefix(struct SessionHandle *data, struct connectdata *conn,
+checkprotoprefix(struct Curl_easy *data, struct connectdata *conn,
const char *s)
{
#ifndef CURL_DISABLE_RTSP
@@ -2693,7 +2866,7 @@ checkprotoprefix(struct SessionHandle *data, struct connectdata *conn,
* header. We make sure that the full string fit in the allocated header
* buffer, or else we enlarge it.
*/
-static CURLcode header_append(struct SessionHandle *data,
+static CURLcode header_append(struct Curl_easy *data,
struct SingleRequest *k,
size_t length)
{
@@ -2707,19 +2880,19 @@ static CURLcode header_append(struct SessionHandle *data,
/* The reason to have a max limit for this is to avoid the risk of a bad
server feeding libcurl with a never-ending header that will cause
reallocs infinitely */
- failf (data, "Avoided giant realloc for header (max is %d)!",
- CURL_MAX_HTTP_HEADER);
+ failf(data, "Avoided giant realloc for header (max is %d)!",
+ CURL_MAX_HTTP_HEADER);
return CURLE_OUT_OF_MEMORY;
}
- newsize=CURLMAX((k->hbuflen+ length)*3/2, data->state.headersize*2);
+ newsize = CURLMAX((k->hbuflen + length) * 3 / 2, data->state.headersize*2);
hbufp_index = k->hbufp - data->state.headerbuff;
newbuff = realloc(data->state.headerbuff, newsize);
if(!newbuff) {
- failf (data, "Failed to alloc memory for big header!");
+ failf(data, "Failed to alloc memory for big header!");
return CURLE_OUT_OF_MEMORY;
}
- data->state.headersize=newsize;
+ data->state.headersize = newsize;
data->state.headerbuff = newbuff;
k->hbufp = data->state.headerbuff + hbufp_index;
}
@@ -2731,7 +2904,7 @@ static CURLcode header_append(struct SessionHandle *data,
return CURLE_OK;
}
-static void print_http_error(struct SessionHandle *data)
+static void print_http_error(struct Curl_easy *data)
{
struct SingleRequest *k = &data->req;
char *beg = k->p;
@@ -2771,7 +2944,7 @@ static void print_http_error(struct SessionHandle *data)
/*
* Read any HTTP header lines from the server and pass them to the client app.
*/
-CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
+CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
struct connectdata *conn,
ssize_t *nread,
bool *stop_reading)
@@ -2812,7 +2985,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
}
/* decrease the size of the remaining (supposed) header line */
- rest_length = (k->end_ptr - k->str)+1;
+ rest_length = (k->end_ptr - k->str) + 1;
*nread -= (ssize_t)rest_length;
k->str = k->end_ptr + 1; /* move past new line */
@@ -2871,47 +3044,95 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
#endif /* CURL_DOES_CONVERSIONS */
if(100 <= k->httpcode && 199 >= k->httpcode) {
- /*
- * We have made a HTTP PUT or POST and this is 1.1-lingo
- * that tells us that the server is OK with this and ready
- * to receive the data.
- * However, we'll get more headers now so we must get
- * back into the header-parsing state!
- */
- k->header = TRUE;
- k->headerline = 0; /* restart the header line counter */
-
- /* if we did wait for this do enable write now! */
- if(k->exp100) {
- k->exp100 = EXP100_SEND_DATA;
- k->keepon |= KEEP_SEND;
+ /* "A user agent MAY ignore unexpected 1xx status responses." */
+ switch(k->httpcode) {
+ case 100:
+ /*
+ * We have made a HTTP PUT or POST and this is 1.1-lingo
+ * that tells us that the server is OK with this and ready
+ * to receive the data.
+ * However, we'll get more headers now so we must get
+ * back into the header-parsing state!
+ */
+ k->header = TRUE;
+ k->headerline = 0; /* restart the header line counter */
+
+ /* if we did wait for this do enable write now! */
+ if(k->exp100 > EXP100_SEND_DATA) {
+ k->exp100 = EXP100_SEND_DATA;
+ k->keepon |= KEEP_SEND;
+ Curl_expire_done(data, EXPIRE_100_TIMEOUT);
+ }
+ break;
+ case 101:
+ /* Switching Protocols */
+ if(k->upgr101 == UPGR101_REQUESTED) {
+ /* Switching to HTTP/2 */
+ infof(data, "Received 101\n");
+ k->upgr101 = UPGR101_RECEIVED;
+
+ /* we'll get more headers (HTTP/2 response) */
+ k->header = TRUE;
+ k->headerline = 0; /* restart the header line counter */
+
+ /* switch to http2 now. The bytes after response headers
+ are also processed here, otherwise they are lost. */
+ result = Curl_http2_switched(conn, k->str, *nread);
+ if(result)
+ return result;
+ *nread = 0;
+ }
+ else {
+ /* Switching to another protocol (e.g. WebSocket) */
+ k->header = FALSE; /* no more header to parse! */
+ }
+ break;
+ default:
+ /* the status code 1xx indicates a provisional response, so
+ we'll get another set of headers */
+ k->header = TRUE;
+ k->headerline = 0; /* restart the header line counter */
+ break;
}
}
else {
k->header = FALSE; /* no more header to parse! */
if((k->size == -1) && !k->chunk && !conn->bits.close &&
- (conn->httpversion >= 11) &&
+ (conn->httpversion == 11) &&
!(conn->handler->protocol & CURLPROTO_RTSP) &&
data->set.httpreq != HTTPREQ_HEAD) {
/* On HTTP 1.1, when connection is not to get closed, but no
- Content-Length nor Content-Encoding chunked have been
+ Content-Length nor Transfer-Encoding chunked have been
received, according to RFC2616 section 4.4 point 5, we
assume that the server will close the connection to
signal the end of the document. */
infof(data, "no chunk, no close, no size. Assume close to "
"signal end\n");
- conn->bits.close = TRUE;
+ streamclose(conn, "HTTP: No end-of-message indicator");
}
}
+ /* At this point we have some idea about the fate of the connection.
+ If we are closing the connection it may result auth failure. */
+#if defined(USE_NTLM)
+ if(conn->bits.close &&
+ (((data->req.httpcode == 401) &&
+ (conn->ntlm.state == NTLMSTATE_TYPE2)) ||
+ ((data->req.httpcode == 407) &&
+ (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) {
+ infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
+ data->state.authproblem = TRUE;
+ }
+#endif
+
/*
* When all the headers have been parsed, see if we should give
* up and return an error.
*/
if(http_should_fail(conn)) {
- failf (data, "The requested URL returned error: %d",
- k->httpcode);
+ failf(data, "The requested URL returned error: %d",
+ k->httpcode);
return CURLE_HTTP_RETURNED_ERROR;
}
@@ -2935,52 +3156,61 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
data->req.deductheadercount =
(100 <= k->httpcode && 199 >= k->httpcode)?data->req.headerbytecount:0;
- if(!*stop_reading) {
- /* Curl_http_auth_act() checks what authentication methods
- * that are available and decides which one (if any) to
- * use. It will set 'newurl' if an auth method was picked. */
- result = Curl_http_auth_act(conn);
+ /* Curl_http_auth_act() checks what authentication methods
+ * that are available and decides which one (if any) to
+ * use. It will set 'newurl' if an auth method was picked. */
+ result = Curl_http_auth_act(conn);
- if(result)
- return result;
+ if(result)
+ return result;
- if(k->httpcode >= 300) {
- if((!conn->bits.authneg) && !conn->bits.close &&
- !conn->bits.rewindaftersend) {
- /*
- * General treatment of errors when about to send data. Including :
- * "417 Expectation Failed", while waiting for 100-continue.
- *
- * The check for close above is done simply because of something
- * else has already deemed the connection to get closed then
- * something else should've considered the big picture and we
- * avoid this check.
- *
- * rewindaftersend indicates that something has told libcurl to
- * continue sending even if it gets discarded
+ if(k->httpcode >= 300) {
+ if((!conn->bits.authneg) && !conn->bits.close &&
+ !conn->bits.rewindaftersend) {
+ /*
+ * General treatment of errors when about to send data. Including :
+ * "417 Expectation Failed", while waiting for 100-continue.
+ *
+ * The check for close above is done simply because of something
+ * else has already deemed the connection to get closed then
+ * something else should've considered the big picture and we
+ * avoid this check.
+ *
+ * rewindaftersend indicates that something has told libcurl to
+ * continue sending even if it gets discarded
+ */
+
+ switch(data->set.httpreq) {
+ case HTTPREQ_PUT:
+ case HTTPREQ_POST:
+ case HTTPREQ_POST_FORM:
+ case HTTPREQ_POST_MIME:
+ /* We got an error response. If this happened before the whole
+ * request body has been sent we stop sending and mark the
+ * connection for closure after we've read the entire response.
*/
-
- switch(data->set.httpreq) {
- case HTTPREQ_PUT:
- case HTTPREQ_POST:
- case HTTPREQ_POST_FORM:
- /* We got an error response. If this happened before the whole
- * request body has been sent we stop sending and mark the
- * connection for closure after we've read the entire response.
- */
- if(!k->upload_done) {
+ Curl_expire_done(data, EXPIRE_100_TIMEOUT);
+ if(!k->upload_done) {
+ if(data->set.http_keep_sending_on_error) {
+ infof(data, "HTTP error before end of send, keep sending\n");
+ if(k->exp100 > EXP100_SEND_DATA) {
+ k->exp100 = EXP100_SEND_DATA;
+ k->keepon |= KEEP_SEND;
+ }
+ }
+ else {
infof(data, "HTTP error before end of send, stop sending\n");
- conn->bits.close = TRUE; /* close after this */
+ streamclose(conn, "Stop sending data before everything sent");
k->upload_done = TRUE;
k->keepon &= ~KEEP_SEND; /* don't send */
if(data->state.expect100header)
k->exp100 = EXP100_FAILED;
}
- break;
-
- default: /* default label present to avoid compiler warnings */
- break;
}
+ break;
+
+ default: /* default label present to avoid compiler warnings */
+ break;
}
}
@@ -3001,6 +3231,16 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
*/
if(data->set.opt_no_body)
*stop_reading = TRUE;
+#ifndef CURL_DISABLE_RTSP
+ else if((conn->handler->protocol & CURLPROTO_RTSP) &&
+ (data->set.rtspreq == RTSPREQ_DESCRIBE) &&
+ (k->size <= -1))
+ /* Respect section 4.4 of rfc2326: If the Content-Length header is
+ absent, a length 0 must be assumed. It will prevent libcurl from
+ hanging on DESCRIBE request that got refused for whatever
+ reason */
+ *stop_reading = TRUE;
+#endif
else {
/* If we know the expected size of this document, we set the
maximum download size to the size of the expected
@@ -3027,9 +3267,17 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
k->maxdownload = k->size;
}
- /* If max download size is *zero* (nothing) we already
- have nothing and can safely return ok now! */
- if(0 == k->maxdownload)
+ /* If max download size is *zero* (nothing) we already have
+ nothing and can safely return ok now! But for HTTP/2, we'd
+ like to call http2_handle_stream_close to properly close a
+ stream. In order to do this, we keep reading until we
+ close the stream. */
+ if(0 == k->maxdownload
+#if defined(USE_NGHTTP2)
+ && !((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+ conn->httpversion == 20)
+#endif
+ )
*stop_reading = TRUE;
if(*stop_reading) {
@@ -3064,7 +3312,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
#define HEADER1 scratch
#define SCRATCHSIZE 21
CURLcode res;
- char scratch[SCRATCHSIZE+1]; /* "HTTP/major.minor 123" */
+ char scratch[SCRATCHSIZE + 1]; /* "HTTP/major.minor 123" */
/* We can't really convert this yet because we
don't know if it's the 1st header line or the body.
So we do a partial conversion into a scratch area,
@@ -3082,20 +3330,43 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
#define HEADER1 k->p /* no conversion needed, just use k->p */
#endif /* CURL_DOES_CONVERSIONS */
- if(conn->handler->protocol & CURLPROTO_HTTP) {
+ if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
+ /*
+ * https://tools.ietf.org/html/rfc7230#section-3.1.2
+ *
+ * The response code is always a three-digit number in HTTP as the spec
+ * says. We try to allow any number here, but we cannot make
+ * guarantees on future behaviors since it isn't within the protocol.
+ */
+ char separator;
nc = sscanf(HEADER1,
- " HTTP/%d.%d %3d",
+ " HTTP/%1d.%1d%c%3d",
&httpversion_major,
&conn->httpversion,
+ &separator,
&k->httpcode);
- if(nc==3) {
+
+ if(nc == 1 && httpversion_major == 2 &&
+ 1 == sscanf(HEADER1, " HTTP/2 %d", &k->httpcode)) {
+ conn->httpversion = 0;
+ nc = 4;
+ separator = ' ';
+ }
+
+ if((nc == 4) && (' ' == separator)) {
conn->httpversion += 10 * httpversion_major;
+
+ if(k->upgr101 == UPGR101_RECEIVED) {
+ /* supposedly upgraded to http2 now */
+ if(conn->httpversion != 20)
+ infof(data, "Lying server, not serving HTTP/2\n");
+ }
}
- else {
+ else if(!nc) {
/* this is the real world, not a Nirvana
NCSA 1.5.x returns this crap when asked for HTTP/1.1
*/
- nc=sscanf(HEADER1, " HTTP %3d", &k->httpcode);
+ nc = sscanf(HEADER1, " HTTP %3d", &k->httpcode);
conn->httpversion = 10;
/* If user has set option HTTP200ALIASES,
@@ -3109,14 +3380,20 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
}
}
}
+ else {
+ failf(data, "Unsupported HTTP version in response\n");
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
}
else if(conn->handler->protocol & CURLPROTO_RTSP) {
+ char separator;
nc = sscanf(HEADER1,
- " RTSP/%d.%d %3d",
+ " RTSP/%1d.%1d%c%3d",
&rtspversion_major,
&conn->rtspversion,
+ &separator,
&k->httpcode);
- if(nc==3) {
+ if((nc == 4) && (' ' == separator)) {
conn->rtspversion += 10 * rtspversion_major;
conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */
}
@@ -3148,7 +3425,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
((k->httpcode != 407) || !conn->bits.proxy_user_passwd) ) {
if(data->state.resume_from &&
- (data->set.httpreq==HTTPREQ_GET) &&
+ (data->set.httpreq == HTTPREQ_GET) &&
(k->httpcode == 416)) {
/* "Requested Range Not Satisfiable", just proceed and
pretend this is no error */
@@ -3165,22 +3442,27 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
we get one of those fancy headers that tell us the
server keeps it open for us! */
infof(data, "HTTP 1.0, assume close after body\n");
- conn->bits.close = TRUE;
+ connclose(conn, "HTTP/1.0 close after body");
+ }
+ else if(conn->httpversion == 20 ||
+ (k->upgr101 == UPGR101_REQUESTED && k->httpcode == 101)) {
+ DEBUGF(infof(data, "HTTP/2 found, allow multiplexing\n"));
+
+ /* HTTP/2 cannot blacklist multiplexing since it is a core
+ functionality of the protocol */
+ conn->bundle->multiuse = BUNDLE_MULTIPLEX;
}
else if(conn->httpversion >= 11 &&
!conn->bits.close) {
- struct connectbundle *cb_ptr;
-
/* If HTTP version is >= 1.1 and connection is persistent
server supports pipelining. */
DEBUGF(infof(data,
"HTTP 1.1 or later with persistent connection, "
"pipelining supported\n"));
/* Activate pipelining if needed */
- cb_ptr = conn->bundle;
- if(cb_ptr) {
+ if(conn->bundle) {
if(!Curl_pipeline_site_blacklisted(data, conn))
- cb_ptr->server_supports_pipelining = TRUE;
+ conn->bundle->multiuse = BUNDLE_PIPELINING;
}
}
@@ -3199,8 +3481,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
* fields. */
if(data->set.timecondition)
data->info.timecond = TRUE;
- k->size=0;
- k->maxdownload=0;
+ k->size = 0;
+ k->maxdownload = 0;
k->ignorecl = TRUE; /* ignore Content-Length headers */
break;
default:
@@ -3222,32 +3504,36 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
/* Check for Content-Length: header lines to get size */
if(!k->ignorecl && !data->set.ignorecl &&
checkprefix("Content-Length:", k->p)) {
- curl_off_t contentlength = curlx_strtoofft(k->p+15, NULL, 10);
- if(data->set.max_filesize &&
- contentlength > data->set.max_filesize) {
- failf(data, "Maximum file size exceeded");
- return CURLE_FILESIZE_EXCEEDED;
- }
- if(contentlength >= 0) {
- k->size = contentlength;
- k->maxdownload = k->size;
- /* we set the progress download size already at this point
- just to make it easier for apps/callbacks to extract this
- info as soon as possible */
- Curl_pgrsSetDownloadSize(data, k->size);
- }
- else {
- /* Negative Content-Length is really odd, and we know it
- happens for example when older Apache servers send large
- files */
- conn->bits.close = TRUE;
- infof(data, "Negative content-length: %" FORMAT_OFF_T
- ", closing after transfer\n", contentlength);
+ curl_off_t contentlength;
+ if(!curlx_strtoofft(k->p + 15, NULL, 10, &contentlength)) {
+ if(data->set.max_filesize &&
+ contentlength > data->set.max_filesize) {
+ failf(data, "Maximum file size exceeded");
+ return CURLE_FILESIZE_EXCEEDED;
+ }
+ if(contentlength >= 0) {
+ k->size = contentlength;
+ k->maxdownload = k->size;
+ /* we set the progress download size already at this point
+ just to make it easier for apps/callbacks to extract this
+ info as soon as possible */
+ Curl_pgrsSetDownloadSize(data, k->size);
+ }
+ else {
+ /* Negative Content-Length is really odd, and we know it
+ happens for example when older Apache servers send large
+ files */
+ streamclose(conn, "negative content-length");
+ infof(data, "Negative content-length: %" CURL_FORMAT_CURL_OFF_T
+ ", closing after transfer\n", contentlength);
+ }
}
+ else
+ infof(data, "Illegal Content-Length: header\n");
}
/* check for Content-Type: header lines to get the MIME-type */
else if(checkprefix("Content-Type:", k->p)) {
- char *contenttype = copy_header_value(k->p);
+ char *contenttype = Curl_copy_header_value(k->p);
if(!contenttype)
return CURLE_OUT_OF_MEMORY;
if(!*contenttype)
@@ -3259,14 +3545,17 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
}
}
else if(checkprefix("Server:", k->p)) {
- char *server_name = copy_header_value(k->p);
-
- /* Turn off pipelining if the server version is blacklisted */
- if(conn->bundle && conn->bundle->server_supports_pipelining) {
- if(Curl_pipeline_server_blacklisted(data, server_name))
- conn->bundle->server_supports_pipelining = FALSE;
+ if(conn->httpversion < 20) {
+ /* only do this for non-h2 servers */
+ char *server_name = Curl_copy_header_value(k->p);
+
+ /* Turn off pipelining if the server version is blacklisted */
+ if(conn->bundle && (conn->bundle->multiuse == BUNDLE_PIPELINING)) {
+ if(Curl_pipeline_server_blacklisted(data, server_name))
+ conn->bundle->multiuse = BUNDLE_NO_MULTIUSE;
+ }
+ free(server_name);
}
- Curl_safefree(server_name);
}
else if((conn->httpversion == 10) &&
conn->bits.httpproxy &&
@@ -3278,7 +3567,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
* connection will be kept alive for our pleasure.
* Default action for 1.0 is to close.
*/
- conn->bits.close = FALSE; /* don't close when done */
+ connkeep(conn, "Proxy-Connection keep-alive"); /* don't close */
infof(data, "HTTP/1.0 proxy connection set to keep alive!\n");
}
else if((conn->httpversion == 11) &&
@@ -3289,7 +3578,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
* We get a HTTP/1.1 response from a proxy and it says it'll
* close down after this transfer.
*/
- conn->bits.close = TRUE; /* close when done */
+ connclose(conn, "Proxy-Connection: asked to close after done");
infof(data, "HTTP/1.1 proxy connection set close!\n");
}
else if((conn->httpversion == 10) &&
@@ -3300,7 +3589,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
* pleasure. Default action for 1.0 is to close.
*
* [RFC2068, section 19.7.1] */
- conn->bits.close = FALSE; /* don't close when done */
+ connkeep(conn, "Connection keep-alive");
infof(data, "HTTP/1.0 connection set to keep alive!\n");
}
else if(Curl_compareheader(k->p, "Connection:", "close")) {
@@ -3310,7 +3599,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
* the connection will close when this request has been
* served.
*/
- conn->bits.close = TRUE; /* close when done */
+ streamclose(conn, "Connection: close used");
}
else if(checkprefix("Transfer-Encoding:", k->p)) {
/* One or more encodings. We check for chunked and/or a compression
@@ -3324,59 +3613,9 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
* of chunks, and a chunk-data set to zero signals the
* end-of-chunks. */
- char *start;
-
- /* Find the first non-space letter */
- start = k->p + 18;
-
- for(;;) {
- /* skip whitespaces and commas */
- while(*start && (ISSPACE(*start) || (*start == ',')))
- start++;
-
- if(checkprefix("chunked", start)) {
- k->chunk = TRUE; /* chunks coming our way */
-
- /* init our chunky engine */
- Curl_httpchunk_init(conn);
-
- start += 7;
- }
-
- if(k->auto_decoding)
- /* TODO: we only support the first mentioned compression for now */
- break;
-
- if(checkprefix("identity", start)) {
- k->auto_decoding = IDENTITY;
- start += 8;
- }
- else if(checkprefix("deflate", start)) {
- k->auto_decoding = DEFLATE;
- start += 7;
- }
- else if(checkprefix("gzip", start)) {
- k->auto_decoding = GZIP;
- start += 4;
- }
- else if(checkprefix("x-gzip", start)) {
- k->auto_decoding = GZIP;
- start += 6;
- }
- else if(checkprefix("compress", start)) {
- k->auto_decoding = COMPRESS;
- start += 8;
- }
- else if(checkprefix("x-compress", start)) {
- k->auto_decoding = COMPRESS;
- start += 10;
- }
- else
- /* unknown! */
- break;
-
- }
-
+ result = Curl_build_unencoding_stack(conn, k->p + 18, TRUE);
+ if(result)
+ return result;
}
else if(checkprefix("Content-Encoding:", k->p) &&
data->set.str[STRING_ENCODING]) {
@@ -3387,46 +3626,38 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
* 2616). zlib cannot handle compress. However, errors are
* handled further down when the response body is processed
*/
- char *start;
-
- /* Find the first non-space letter */
- start = k->p + 17;
- while(*start && ISSPACE(*start))
- start++;
-
- /* Record the content-encoding for later use */
- if(checkprefix("identity", start))
- k->auto_decoding = IDENTITY;
- else if(checkprefix("deflate", start))
- k->auto_decoding = DEFLATE;
- else if(checkprefix("gzip", start)
- || checkprefix("x-gzip", start))
- k->auto_decoding = GZIP;
- else if(checkprefix("compress", start)
- || checkprefix("x-compress", start))
- k->auto_decoding = COMPRESS;
+ result = Curl_build_unencoding_stack(conn, k->p + 17, FALSE);
+ if(result)
+ return result;
}
else if(checkprefix("Content-Range:", k->p)) {
/* Content-Range: bytes [num]-
Content-Range: bytes: [num]-
Content-Range: [num]-
+ Content-Range: [asterisk]/[total]
The second format was added since Sun's webserver
JavaWebServer/1.1.1 obviously sends the header this way!
The third added since some servers use that!
+ The forth means the requested range was unsatisfied.
*/
char *ptr = k->p + 14;
- /* Move forward until first digit */
- while(*ptr && !ISDIGIT(*ptr))
+ /* Move forward until first digit or asterisk */
+ while(*ptr && !ISDIGIT(*ptr) && *ptr != '*')
ptr++;
- k->offset = curlx_strtoofft(ptr, NULL, 10);
-
- if(data->state.resume_from == k->offset)
- /* we asked for a resume and we got it */
- k->content_range = TRUE;
+ /* if it truly stopped on a digit */
+ if(ISDIGIT(*ptr)) {
+ if(!curlx_strtoofft(ptr, NULL, 10, &k->offset)) {
+ if(data->state.resume_from == k->offset)
+ /* we asked for a resume and we got it */
+ k->content_range = TRUE;
+ }
+ }
+ else
+ data->state.resume_from = 0; /* get everything */
}
#if !defined(CURL_DISABLE_COOKIES)
else if(data->cookies &&
@@ -3434,7 +3665,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
Curl_share_lock(data, CURL_LOCK_DATA_COOKIE,
CURL_LOCK_ACCESS_SINGLE);
Curl_cookie_add(data,
- data->cookies, TRUE, k->p+11,
+ data->cookies, TRUE, k->p + 11,
/* If there is a custom-set Host: name, use it
here, or else use real peer host name. */
conn->allocptr.cookiehost?
@@ -3445,8 +3676,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
#endif
else if(checkprefix("Last-Modified:", k->p) &&
(data->set.timecondition || data->set.get_filetime) ) {
- time_t secs=time(NULL);
- k->timeofdoc = curl_getdate(k->p+strlen("Last-Modified:"),
+ time_t secs = time(NULL);
+ k->timeofdoc = curl_getdate(k->p + strlen("Last-Modified:"),
&secs);
if(data->set.get_filetime)
data->info.filetime = (long)k->timeofdoc;
@@ -3455,7 +3686,16 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
(401 == k->httpcode)) ||
(checkprefix("Proxy-authenticate:", k->p) &&
(407 == k->httpcode))) {
- result = Curl_http_input_auth(conn, k->httpcode, k->p);
+
+ bool proxy = (k->httpcode == 407) ? TRUE : FALSE;
+ char *auth = Curl_copy_header_value(k->p);
+ if(!auth)
+ return CURLE_OUT_OF_MEMORY;
+
+ result = Curl_http_input_auth(conn, proxy, auth);
+
+ free(auth);
+
if(result)
return result;
}
@@ -3463,7 +3703,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
checkprefix("Location:", k->p) &&
!data->req.location) {
/* this is the URL that the server advises us to use instead */
- char *location = copy_header_value(k->p);
+ char *location = Curl_copy_header_value(k->p);
if(!location)
return CURLE_OUT_OF_MEMORY;
if(!*location)
@@ -3515,7 +3755,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
k->hbufp = data->state.headerbuff;
k->hbuflen = 0;
}
- while(!*stop_reading && *k->str); /* header line within buffer */
+ while(*k->str); /* header line within buffer */
/* We might have reached the end of the header part here, but
there might be a non-header part left in the end of the read
diff --git a/libs/libcurl/src/http.h b/libs/libcurl/src/http.h
index a506238a66..d2781bc0f0 100644
--- a/libs/libcurl/src/http.h
+++ b/libs/libcurl/src/http.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -35,12 +35,15 @@ extern const struct Curl_handler Curl_handler_http;
extern const struct Curl_handler Curl_handler_https;
#endif
+/* Header specific functions */
bool Curl_compareheader(const char *headerline, /* line to check */
const char *header, /* header keyword _with_ colon */
const char *content); /* content string to find */
-char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader);
+char *Curl_copy_header_value(const char *header);
+char *Curl_checkProxyheaders(const struct connectdata *conn,
+ const char *thisheader);
/* ------------------------------------------------------------------------- */
/*
* The add_buffer series of functions are used to build one large memory chunk
@@ -55,6 +58,7 @@ struct Curl_send_buffer {
typedef struct Curl_send_buffer Curl_send_buffer;
Curl_send_buffer *Curl_add_buffer_init(void);
+void Curl_add_buffer_free(Curl_send_buffer *buff);
CURLcode Curl_add_bufferf(Curl_send_buffer *in, const char *fmt, ...);
CURLcode Curl_add_buffer(Curl_send_buffer *in, const void *inptr, size_t size);
CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
@@ -63,10 +67,11 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
size_t included_body_bytes,
int socketindex);
-CURLcode Curl_add_timecondition(struct SessionHandle *data,
+CURLcode Curl_add_timecondition(struct Curl_easy *data,
Curl_send_buffer *buf);
CURLcode Curl_add_custom_headers(struct connectdata *conn,
- Curl_send_buffer *req_buffer);
+ bool is_connect,
+ Curl_send_buffer *req_buffer);
/* protocol-specific functions set up to be called by the main engine */
CURLcode Curl_http(struct connectdata *conn, bool *done);
@@ -80,9 +85,9 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, char *datap,
ssize_t length, ssize_t *wrote);
/* These functions are in http.c */
-void Curl_http_auth_stage(struct SessionHandle *data, int stage);
-CURLcode Curl_http_input_auth(struct connectdata *conn,
- int httpcode, const char *header);
+void Curl_http_auth_stage(struct Curl_easy *data, int stage);
+CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
+ const char *auth);
CURLcode Curl_http_auth_act(struct connectdata *conn);
CURLcode Curl_http_perhapsrewind(struct connectdata *conn);
@@ -108,8 +113,13 @@ CURLcode Curl_http_perhapsrewind(struct connectdata *conn);
#define MAX_INITIAL_POST_SIZE (64*1024)
#endif
-#ifndef TINY_INITIAL_POST_SIZE
-#define TINY_INITIAL_POST_SIZE 1024
+/* EXPECT_100_THRESHOLD is the request body size limit for when libcurl will
+ * automatically add an "Expect: 100-continue" header in HTTP requests. When
+ * the size is unknown, it will always add it.
+ *
+ */
+#ifndef EXPECT_100_THRESHOLD
+#define EXPECT_100_THRESHOLD 1024
#endif
#endif /* CURL_DISABLE_HTTP */
@@ -118,7 +128,7 @@ CURLcode Curl_http_perhapsrewind(struct connectdata *conn);
* HTTP unique setup
***************************************************************************/
struct HTTP {
- struct FormData *sendit;
+ curl_mimepart *sendit;
curl_off_t postsize; /* off_t to handle large file sizes */
const char *postdata;
@@ -128,7 +138,7 @@ struct HTTP {
curl_off_t writebytecount;
/* For FORM posting */
- struct Form form;
+ curl_mimepart form;
struct back {
curl_read_callback fread_func; /* backup storage for fread pointer */
@@ -146,17 +156,82 @@ struct HTTP {
void *send_buffer; /* used if the request couldn't be sent in one chunk,
points to an allocated send_buffer struct */
+
+#ifdef USE_NGHTTP2
+ /*********** for HTTP/2 we store stream-local data here *************/
+ int32_t stream_id; /* stream we are interested in */
+
+ bool bodystarted;
+ /* We store non-final and final response headers here, per-stream */
+ Curl_send_buffer *header_recvbuf;
+ size_t nread_header_recvbuf; /* number of bytes in header_recvbuf fed into
+ upper layer */
+ Curl_send_buffer *trailer_recvbuf;
+ int status_code; /* HTTP status code */
+ const uint8_t *pausedata; /* pointer to data received in on_data_chunk */
+ size_t pauselen; /* the number of bytes left in data */
+ bool closed; /* TRUE on HTTP2 stream close */
+ bool close_handled; /* TRUE if stream closure is handled by libcurl */
+ uint32_t error_code; /* HTTP/2 error code */
+
+ char *mem; /* points to a buffer in memory to store received data */
+ size_t len; /* size of the buffer 'mem' points to */
+ size_t memlen; /* size of data copied to mem */
+
+ const uint8_t *upload_mem; /* points to a buffer to read from */
+ size_t upload_len; /* size of the buffer 'upload_mem' points to */
+ curl_off_t upload_left; /* number of bytes left to upload */
+
+ char **push_headers; /* allocated array */
+ size_t push_headers_used; /* number of entries filled in */
+ size_t push_headers_alloc; /* number of entries allocated */
+#endif
};
+typedef int (*sending)(void); /* Curl_send */
+typedef int (*recving)(void); /* Curl_recv */
+
+#ifdef USE_NGHTTP2
+/* h2 settings for this connection */
+struct h2settings {
+ uint32_t max_concurrent_streams;
+ bool enable_push;
+};
+#endif
+
+
struct http_conn {
#ifdef USE_NGHTTP2
+#define H2_BINSETTINGS_LEN 80
nghttp2_session *h2;
+ uint8_t binsettings[H2_BINSETTINGS_LEN];
+ size_t binlen; /* length of the binsettings data */
+ sending send_underlying; /* underlying send Curl_send callback */
+ recving recv_underlying; /* underlying recv Curl_recv callback */
+ char *inbuf; /* buffer to receive data from underlying socket */
+ size_t inbuflen; /* number of bytes filled in inbuf */
+ size_t nread_inbuf; /* number of bytes read from in inbuf */
+ /* We need separate buffer for transmission and reception because we
+ may call nghttp2_session_send() after the
+ nghttp2_session_mem_recv() but mem buffer is still not full. In
+ this case, we wrongly sends the content of mem buffer if we share
+ them for both cases. */
+ int32_t pause_stream_id; /* stream ID which paused
+ nghttp2_session_mem_recv */
+ size_t drain_total; /* sum of all stream's UrlState.drain */
+
+ /* this is a hash of all individual streams (Curl_easy structs) */
+ struct h2settings settings;
+
+ /* list of settings that will be sent */
+ nghttp2_settings_entry local_settings[3];
+ size_t local_settings_num;
#else
int unused; /* prevent a compiler warning */
#endif
};
-CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
+CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
struct connectdata *conn,
ssize_t *nread,
bool *stop_reading);
diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c
index b876436e1a..8e2fc71996 100644
--- a/libs/libcurl/src/http2.c
+++ b/libs/libcurl/src/http2.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,20 +23,249 @@
#include "curl_setup.h"
#ifdef USE_NGHTTP2
-#define _MPRINTF_REPLACE
-#include <curl/mprintf.h>
-
#include <nghttp2/nghttp2.h>
#include "urldata.h"
#include "http2.h"
#include "http.h"
#include "sendf.h"
+#include "select.h"
#include "curl_base64.h"
+#include "strcase.h"
+#include "multiif.h"
+#include "url.h"
+#include "connect.h"
+#include "strtoofft.h"
+#include "strdup.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-
-/* include memdebug.h last */
#include "memdebug.h"
+#define MIN(x,y) ((x)<(y)?(x):(y))
+
+#if (NGHTTP2_VERSION_NUM < 0x010000)
+#error too old nghttp2 version, upgrade!
+#endif
+
+#if (NGHTTP2_VERSION_NUM > 0x010800)
+#define NGHTTP2_HAS_HTTP2_STRERROR 1
+#endif
+
+#if (NGHTTP2_VERSION_NUM >= 0x010900)
+/* nghttp2_session_callbacks_set_error_callback is present in nghttp2 1.9.0 or
+ later */
+#define NGHTTP2_HAS_ERROR_CALLBACK 1
+#else
+#define nghttp2_session_callbacks_set_error_callback(x,y)
+#endif
+
+#if (NGHTTP2_VERSION_NUM >= 0x010c00)
+#define NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE 1
+#endif
+
+#define HTTP2_HUGE_WINDOW_SIZE (1 << 30)
+
+/*
+ * Curl_http2_init_state() is called when the easy handle is created and
+ * allows for HTTP/2 specific init of state.
+ */
+void Curl_http2_init_state(struct UrlState *state)
+{
+ state->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
+}
+
+/*
+ * Curl_http2_init_userset() is called when the easy handle is created and
+ * allows for HTTP/2 specific user-set fields.
+ */
+void Curl_http2_init_userset(struct UserDefined *set)
+{
+ set->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
+}
+
+static int http2_perform_getsock(const struct connectdata *conn,
+ curl_socket_t *sock, /* points to
+ numsocks
+ number of
+ sockets */
+ int numsocks)
+{
+ const struct http_conn *c = &conn->proto.httpc;
+ int bitmap = GETSOCK_BLANK;
+ (void)numsocks;
+
+ /* TODO We should check underlying socket state if it is SSL socket
+ because of renegotiation. */
+ sock[0] = conn->sock[FIRSTSOCKET];
+
+ /* in a HTTP/2 connection we can basically always get a frame so we should
+ always be ready for one */
+ bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
+
+ if(nghttp2_session_want_write(c->h2))
+ bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
+
+ return bitmap;
+}
+
+static int http2_getsock(struct connectdata *conn,
+ curl_socket_t *sock, /* points to numsocks
+ number of sockets */
+ int numsocks)
+{
+ return http2_perform_getsock(conn, sock, numsocks);
+}
+
+/*
+ * http2_stream_free() free HTTP2 stream related data
+ */
+static void http2_stream_free(struct HTTP *http)
+{
+ if(http) {
+ Curl_add_buffer_free(http->header_recvbuf);
+ http->header_recvbuf = NULL; /* clear the pointer */
+ Curl_add_buffer_free(http->trailer_recvbuf);
+ http->trailer_recvbuf = NULL; /* clear the pointer */
+ for(; http->push_headers_used > 0; --http->push_headers_used) {
+ free(http->push_headers[http->push_headers_used - 1]);
+ }
+ free(http->push_headers);
+ http->push_headers = NULL;
+ }
+}
+
+static CURLcode http2_disconnect(struct connectdata *conn,
+ bool dead_connection)
+{
+ struct http_conn *c = &conn->proto.httpc;
+ (void)dead_connection;
+
+ DEBUGF(infof(conn->data, "HTTP/2 DISCONNECT starts now\n"));
+
+ nghttp2_session_del(c->h2);
+ Curl_safefree(c->inbuf);
+ http2_stream_free(conn->data->req.protop);
+
+ DEBUGF(infof(conn->data, "HTTP/2 DISCONNECT done\n"));
+
+ return CURLE_OK;
+}
+
+/*
+ * The server may send us data at any point (e.g. PING frames). Therefore,
+ * we cannot assume that an HTTP/2 socket is dead just because it is readable.
+ *
+ * Instead, if it is readable, run Curl_connalive() to peek at the socket
+ * and distinguish between closed and data.
+ */
+static bool http2_connisdead(struct connectdata *check)
+{
+ int sval;
+ bool ret_val = TRUE;
+
+ sval = SOCKET_READABLE(check->sock[FIRSTSOCKET], 0);
+ if(sval == 0) {
+ /* timeout */
+ ret_val = FALSE;
+ }
+ else if(sval & CURL_CSELECT_ERR) {
+ /* socket is in an error state */
+ ret_val = TRUE;
+ }
+ else if(sval & CURL_CSELECT_IN) {
+ /* readable with no error. could still be closed */
+ ret_val = !Curl_connalive(check);
+ }
+
+ return ret_val;
+}
+
+
+static unsigned int http2_conncheck(struct connectdata *check,
+ unsigned int checks_to_perform)
+{
+ unsigned int ret_val = CONNRESULT_NONE;
+
+ if(checks_to_perform & CONNCHECK_ISDEAD) {
+ if(http2_connisdead(check))
+ ret_val |= CONNRESULT_DEAD;
+ }
+
+ return ret_val;
+}
+
+/* called from Curl_http_setup_conn */
+void Curl_http2_setup_req(struct Curl_easy *data)
+{
+ struct HTTP *http = data->req.protop;
+
+ http->nread_header_recvbuf = 0;
+ http->bodystarted = FALSE;
+ http->status_code = -1;
+ http->pausedata = NULL;
+ http->pauselen = 0;
+ http->error_code = NGHTTP2_NO_ERROR;
+ http->closed = FALSE;
+ http->close_handled = FALSE;
+ http->mem = data->state.buffer;
+ http->len = data->set.buffer_size;
+ http->memlen = 0;
+}
+
+/* called from Curl_http_setup_conn */
+void Curl_http2_setup_conn(struct connectdata *conn)
+{
+ conn->proto.httpc.settings.max_concurrent_streams =
+ DEFAULT_MAX_CONCURRENT_STREAMS;
+}
+
+/*
+ * HTTP2 handler interface. This isn't added to the general list of protocols
+ * but will be used at run-time when the protocol is dynamically switched from
+ * HTTP to HTTP2.
+ */
+static const struct Curl_handler Curl_handler_http2 = {
+ "HTTP", /* scheme */
+ ZERO_NULL, /* setup_connection */
+ Curl_http, /* do_it */
+ Curl_http_done, /* done */
+ ZERO_NULL, /* do_more */
+ ZERO_NULL, /* connect_it */
+ ZERO_NULL, /* connecting */
+ ZERO_NULL, /* doing */
+ http2_getsock, /* proto_getsock */
+ http2_getsock, /* doing_getsock */
+ ZERO_NULL, /* domore_getsock */
+ http2_perform_getsock, /* perform_getsock */
+ http2_disconnect, /* disconnect */
+ ZERO_NULL, /* readwrite */
+ http2_conncheck, /* connection_check */
+ PORT_HTTP, /* defport */
+ CURLPROTO_HTTP, /* protocol */
+ PROTOPT_STREAM /* flags */
+};
+
+static const struct Curl_handler Curl_handler_http2_ssl = {
+ "HTTPS", /* scheme */
+ ZERO_NULL, /* setup_connection */
+ Curl_http, /* do_it */
+ Curl_http_done, /* done */
+ ZERO_NULL, /* do_more */
+ ZERO_NULL, /* connect_it */
+ ZERO_NULL, /* connecting */
+ ZERO_NULL, /* doing */
+ http2_getsock, /* proto_getsock */
+ http2_getsock, /* doing_getsock */
+ ZERO_NULL, /* domore_getsock */
+ http2_perform_getsock, /* perform_getsock */
+ http2_disconnect, /* disconnect */
+ ZERO_NULL, /* readwrite */
+ http2_conncheck, /* connection_check */
+ PORT_HTTP, /* defport */
+ CURLPROTO_HTTPS, /* protocol */
+ PROTOPT_SSL | PROTOPT_STREAM /* flags */
+};
+
/*
* Store nghttp2 version info in this buffer, Prefix with a space. Return
* total length written.
@@ -47,6 +276,35 @@ int Curl_http2_ver(char *p, size_t len)
return snprintf(p, len, " nghttp2/%s", h2->version_str);
}
+/* HTTP/2 error code to name based on the Error Code Registry.
+https://tools.ietf.org/html/rfc7540#page-77
+nghttp2_error_code enums are identical.
+*/
+const char *Curl_http2_strerror(uint32_t err)
+{
+#ifndef NGHTTP2_HAS_HTTP2_STRERROR
+ const char *str[] = {
+ "NO_ERROR", /* 0x0 */
+ "PROTOCOL_ERROR", /* 0x1 */
+ "INTERNAL_ERROR", /* 0x2 */
+ "FLOW_CONTROL_ERROR", /* 0x3 */
+ "SETTINGS_TIMEOUT", /* 0x4 */
+ "STREAM_CLOSED", /* 0x5 */
+ "FRAME_SIZE_ERROR", /* 0x6 */
+ "REFUSED_STREAM", /* 0x7 */
+ "CANCEL", /* 0x8 */
+ "COMPRESSION_ERROR", /* 0x9 */
+ "CONNECT_ERROR", /* 0xA */
+ "ENHANCE_YOUR_CALM", /* 0xB */
+ "INADEQUATE_SECURITY", /* 0xC */
+ "HTTP_1_1_REQUIRED" /* 0xD */
+ };
+ return (err < sizeof str / sizeof str[0]) ? str[err] : "unknown";
+#else
+ return nghttp2_http2_strerror(err);
+#endif
+}
+
/*
* The implementation of nghttp2_send_callback type. Here we write |data| with
* size |length| to the network and return the number of bytes actually
@@ -57,126 +315,1972 @@ static ssize_t send_callback(nghttp2_session *h2,
void *userp)
{
struct connectdata *conn = (struct connectdata *)userp;
+ struct http_conn *c = &conn->proto.httpc;
ssize_t written;
- CURLcode rc =
- Curl_write(conn, conn->sock[0], data, length, &written);
+ CURLcode result = CURLE_OK;
+
(void)h2;
(void)flags;
- if(rc) {
+ written = ((Curl_send*)c->send_underlying)(conn, FIRSTSOCKET,
+ data, length, &result);
+
+ if(result == CURLE_AGAIN) {
+ return NGHTTP2_ERR_WOULDBLOCK;
+ }
+
+ if(written == -1) {
failf(conn->data, "Failed sending HTTP2 data");
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
- else if(!written)
+
+ if(!written)
return NGHTTP2_ERR_WOULDBLOCK;
return written;
}
+
+/* We pass a pointer to this struct in the push callback, but the contents of
+ the struct are hidden from the user. */
+struct curl_pushheaders {
+ struct Curl_easy *data;
+ const nghttp2_push_promise *frame;
+};
+
+/*
+ * push header access function. Only to be used from within the push callback
+ */
+char *curl_pushheader_bynum(struct curl_pushheaders *h, size_t num)
+{
+ /* Verify that we got a good easy handle in the push header struct, mostly to
+ detect rubbish input fast(er). */
+ if(!h || !GOOD_EASY_HANDLE(h->data))
+ return NULL;
+ else {
+ struct HTTP *stream = h->data->req.protop;
+ if(num < stream->push_headers_used)
+ return stream->push_headers[num];
+ }
+ return NULL;
+}
+
/*
- * The implementation of nghttp2_recv_callback type. Here we read data from
- * the network and write them in |buf|. The capacity of |buf| is |length|
- * bytes. Returns the number of bytes stored in |buf|. See the documentation
- * of nghttp2_recv_callback for the details.
+ * push header access function. Only to be used from within the push callback
*/
-static ssize_t recv_callback(nghttp2_session *h2,
- uint8_t *buf, size_t length, int flags,
+char *curl_pushheader_byname(struct curl_pushheaders *h, const char *header)
+{
+ /* Verify that we got a good easy handle in the push header struct,
+ mostly to detect rubbish input fast(er). Also empty header name
+ is just a rubbish too. We have to allow ":" at the beginning of
+ the header, but header == ":" must be rejected. If we have ':' in
+ the middle of header, it could be matched in middle of the value,
+ this is because we do prefix match.*/
+ if(!h || !GOOD_EASY_HANDLE(h->data) || !header || !header[0] ||
+ !strcmp(header, ":") || strchr(header + 1, ':'))
+ return NULL;
+ else {
+ struct HTTP *stream = h->data->req.protop;
+ size_t len = strlen(header);
+ size_t i;
+ for(i = 0; i<stream->push_headers_used; i++) {
+ if(!strncmp(header, stream->push_headers[i], len)) {
+ /* sub-match, make sure that it is followed by a colon */
+ if(stream->push_headers[i][len] != ':')
+ continue;
+ return &stream->push_headers[i][len + 1];
+ }
+ }
+ }
+ return NULL;
+}
+
+static struct Curl_easy *duphandle(struct Curl_easy *data)
+{
+ struct Curl_easy *second = curl_easy_duphandle(data);
+ if(second) {
+ /* setup the request struct */
+ struct HTTP *http = calloc(1, sizeof(struct HTTP));
+ if(!http) {
+ (void)Curl_close(second);
+ second = NULL;
+ }
+ else {
+ second->req.protop = http;
+ http->header_recvbuf = Curl_add_buffer_init();
+ if(!http->header_recvbuf) {
+ free(http);
+ (void)Curl_close(second);
+ second = NULL;
+ }
+ else {
+ Curl_http2_setup_req(second);
+ second->state.stream_weight = data->state.stream_weight;
+ }
+ }
+ }
+ return second;
+}
+
+
+static int push_promise(struct Curl_easy *data,
+ struct connectdata *conn,
+ const nghttp2_push_promise *frame)
+{
+ int rv;
+ DEBUGF(infof(data, "PUSH_PROMISE received, stream %u!\n",
+ frame->promised_stream_id));
+ if(data->multi->push_cb) {
+ struct HTTP *stream;
+ struct HTTP *newstream;
+ struct curl_pushheaders heads;
+ CURLMcode rc;
+ struct http_conn *httpc;
+ size_t i;
+ /* clone the parent */
+ struct Curl_easy *newhandle = duphandle(data);
+ if(!newhandle) {
+ infof(data, "failed to duplicate handle\n");
+ rv = 1; /* FAIL HARD */
+ goto fail;
+ }
+
+ heads.data = data;
+ heads.frame = frame;
+ /* ask the application */
+ DEBUGF(infof(data, "Got PUSH_PROMISE, ask application!\n"));
+
+ stream = data->req.protop;
+ if(!stream) {
+ failf(data, "Internal NULL stream!\n");
+ (void)Curl_close(newhandle);
+ rv = 1;
+ goto fail;
+ }
+
+ rv = data->multi->push_cb(data, newhandle,
+ stream->push_headers_used, &heads,
+ data->multi->push_userp);
+
+ /* free the headers again */
+ for(i = 0; i<stream->push_headers_used; i++)
+ free(stream->push_headers[i]);
+ free(stream->push_headers);
+ stream->push_headers = NULL;
+ stream->push_headers_used = 0;
+
+ if(rv) {
+ /* denied, kill off the new handle again */
+ http2_stream_free(newhandle->req.protop);
+ (void)Curl_close(newhandle);
+ goto fail;
+ }
+
+ newstream = newhandle->req.protop;
+ newstream->stream_id = frame->promised_stream_id;
+ newhandle->req.maxdownload = -1;
+ newhandle->req.size = -1;
+
+ /* approved, add to the multi handle and immediately switch to PERFORM
+ state with the given connection !*/
+ rc = Curl_multi_add_perform(data->multi, newhandle, conn);
+ if(rc) {
+ infof(data, "failed to add handle to multi\n");
+ http2_stream_free(newhandle->req.protop);
+ Curl_close(newhandle);
+ rv = 1;
+ goto fail;
+ }
+
+ httpc = &conn->proto.httpc;
+ nghttp2_session_set_stream_user_data(httpc->h2,
+ frame->promised_stream_id, newhandle);
+ }
+ else {
+ DEBUGF(infof(data, "Got PUSH_PROMISE, ignore it!\n"));
+ rv = 1;
+ }
+ fail:
+ return rv;
+}
+
+static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
+ void *userp)
+{
+ struct connectdata *conn = (struct connectdata *)userp;
+ struct http_conn *httpc = &conn->proto.httpc;
+ struct Curl_easy *data_s = NULL;
+ struct HTTP *stream = NULL;
+ static int lastStream = -1;
+ int rv;
+ size_t left, ncopy;
+ int32_t stream_id = frame->hd.stream_id;
+
+ if(!stream_id) {
+ /* stream ID zero is for connection-oriented stuff */
+ if(frame->hd.type == NGHTTP2_SETTINGS) {
+ uint32_t max_conn = httpc->settings.max_concurrent_streams;
+ DEBUGF(infof(conn->data, "Got SETTINGS\n"));
+ httpc->settings.max_concurrent_streams =
+ nghttp2_session_get_remote_settings(
+ session, NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS);
+ httpc->settings.enable_push =
+ nghttp2_session_get_remote_settings(
+ session, NGHTTP2_SETTINGS_ENABLE_PUSH);
+ DEBUGF(infof(conn->data, "MAX_CONCURRENT_STREAMS == %d\n",
+ httpc->settings.max_concurrent_streams));
+ DEBUGF(infof(conn->data, "ENABLE_PUSH == %s\n",
+ httpc->settings.enable_push?"TRUE":"false"));
+ if(max_conn != httpc->settings.max_concurrent_streams) {
+ /* only signal change if the value actually changed */
+ infof(conn->data,
+ "Connection state changed (MAX_CONCURRENT_STREAMS updated)!\n");
+ Curl_multi_connchanged(conn->data->multi);
+ }
+ }
+ return 0;
+ }
+ data_s = nghttp2_session_get_stream_user_data(session, stream_id);
+ if(lastStream != stream_id) {
+ lastStream = stream_id;
+ }
+ if(!data_s) {
+ DEBUGF(infof(conn->data,
+ "No Curl_easy associated with stream: %x\n",
+ stream_id));
+ return 0;
+ }
+
+ stream = data_s->req.protop;
+ if(!stream) {
+ DEBUGF(infof(conn->data, "No proto pointer for stream: %x\n",
+ stream_id));
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+ }
+
+ DEBUGF(infof(data_s, "on_frame_recv() header %x stream %x\n",
+ frame->hd.type, stream_id));
+
+ switch(frame->hd.type) {
+ case NGHTTP2_DATA:
+ /* If body started on this stream, then receiving DATA is illegal. */
+ if(!stream->bodystarted) {
+ rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+ stream_id, NGHTTP2_PROTOCOL_ERROR);
+
+ if(nghttp2_is_fatal(rv)) {
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+ }
+ }
+ break;
+ case NGHTTP2_HEADERS:
+ if(stream->bodystarted) {
+ /* Only valid HEADERS after body started is trailer HEADERS. We
+ buffer them in on_header callback. */
+ break;
+ }
+
+ /* nghttp2 guarantees that :status is received, and we store it to
+ stream->status_code */
+ DEBUGASSERT(stream->status_code != -1);
+
+ /* Only final status code signals the end of header */
+ if(stream->status_code / 100 != 1) {
+ stream->bodystarted = TRUE;
+ stream->status_code = -1;
+ }
+
+ Curl_add_buffer(stream->header_recvbuf, "\r\n", 2);
+
+ left = stream->header_recvbuf->size_used - stream->nread_header_recvbuf;
+ ncopy = MIN(stream->len, left);
+
+ memcpy(&stream->mem[stream->memlen],
+ stream->header_recvbuf->buffer + stream->nread_header_recvbuf,
+ ncopy);
+ stream->nread_header_recvbuf += ncopy;
+
+ DEBUGF(infof(data_s, "Store %zu bytes headers from stream %u at %p\n",
+ ncopy, stream_id, stream->mem));
+
+ stream->len -= ncopy;
+ stream->memlen += ncopy;
+
+ data_s->state.drain++;
+ httpc->drain_total++;
+ {
+ /* get the pointer from userp again since it was re-assigned above */
+ struct connectdata *conn_s = (struct connectdata *)userp;
+
+ /* if we receive data for another handle, wake that up */
+ if(conn_s->data != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+ }
+ break;
+ case NGHTTP2_PUSH_PROMISE:
+ rv = push_promise(data_s, conn, &frame->push_promise);
+ if(rv) { /* deny! */
+ rv = nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
+ frame->push_promise.promised_stream_id,
+ NGHTTP2_CANCEL);
+ if(nghttp2_is_fatal(rv)) {
+ return rv;
+ }
+ }
+ break;
+ default:
+ DEBUGF(infof(conn->data, "Got frame type %x for stream %u!\n",
+ frame->hd.type, stream_id));
+ break;
+ }
+ return 0;
+}
+
+static int on_invalid_frame_recv(nghttp2_session *session,
+ const nghttp2_frame *frame,
+ int lib_error_code, void *userp)
+{
+ struct Curl_easy *data_s = NULL;
+ (void)userp;
+#if !defined(DEBUGBUILD) || defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void)lib_error_code;
+#endif
+
+ data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
+ if(data_s) {
+ DEBUGF(infof(data_s,
+ "on_invalid_frame_recv() was called, error=%d:%s\n",
+ lib_error_code, nghttp2_strerror(lib_error_code)));
+ }
+ return 0;
+}
+
+static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
+ int32_t stream_id,
+ const uint8_t *data, size_t len, void *userp)
+{
+ struct HTTP *stream;
+ struct Curl_easy *data_s;
+ size_t nread;
+ struct connectdata *conn = (struct connectdata *)userp;
+ (void)session;
+ (void)flags;
+ (void)data;
+
+ DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
+
+ /* get the stream from the hash based on Stream ID */
+ data_s = nghttp2_session_get_stream_user_data(session, stream_id);
+ if(!data_s)
+ /* Receiving a Stream ID not in the hash should not happen, this is an
+ internal error more than anything else! */
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+ stream = data_s->req.protop;
+ if(!stream)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+ nread = MIN(stream->len, len);
+ memcpy(&stream->mem[stream->memlen], data, nread);
+
+ stream->len -= nread;
+ stream->memlen += nread;
+
+ data_s->state.drain++;
+ conn->proto.httpc.drain_total++;
+
+ /* if we receive data for another handle, wake that up */
+ if(conn->data != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+
+ DEBUGF(infof(data_s, "%zu data received for stream %u "
+ "(%zu left in buffer %p, total %zu)\n",
+ nread, stream_id,
+ stream->len, stream->mem,
+ stream->memlen));
+
+ if(nread < len) {
+ stream->pausedata = data + nread;
+ stream->pauselen = len - nread;
+ DEBUGF(infof(data_s, "NGHTTP2_ERR_PAUSE - %zu bytes out of buffer"
+ ", stream %u\n",
+ len - nread, stream_id));
+ data_s->easy_conn->proto.httpc.pause_stream_id = stream_id;
+
+ return NGHTTP2_ERR_PAUSE;
+ }
+
+ /* pause execution of nghttp2 if we received data for another handle
+ in order to process them first. */
+ if(conn->data != data_s) {
+ data_s->easy_conn->proto.httpc.pause_stream_id = stream_id;
+
+ return NGHTTP2_ERR_PAUSE;
+ }
+
+ return 0;
+}
+
+static int before_frame_send(nghttp2_session *session,
+ const nghttp2_frame *frame,
void *userp)
{
+ struct Curl_easy *data_s;
+ (void)userp;
+
+ data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
+ if(data_s) {
+ DEBUGF(infof(data_s, "before_frame_send() was called\n"));
+ }
+
+ return 0;
+}
+static int on_frame_send(nghttp2_session *session,
+ const nghttp2_frame *frame,
+ void *userp)
+{
+ struct Curl_easy *data_s;
+ (void)userp;
+
+ data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
+ if(data_s) {
+ DEBUGF(infof(data_s, "on_frame_send() was called, length = %zd\n",
+ frame->hd.length));
+ }
+ return 0;
+}
+static int on_frame_not_send(nghttp2_session *session,
+ const nghttp2_frame *frame,
+ int lib_error_code, void *userp)
+{
+ struct Curl_easy *data_s;
+ (void)userp;
+#if !defined(DEBUGBUILD) || defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void)lib_error_code;
+#endif
+
+ data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
+ if(data_s) {
+ DEBUGF(infof(data_s,
+ "on_frame_not_send() was called, lib_error_code = %d\n",
+ lib_error_code));
+ }
+ return 0;
+}
+static int on_stream_close(nghttp2_session *session, int32_t stream_id,
+ uint32_t error_code, void *userp)
+{
+ struct Curl_easy *data_s;
+ struct HTTP *stream;
+ struct connectdata *conn = (struct connectdata *)userp;
+ (void)session;
+ (void)stream_id;
+
+ if(stream_id) {
+ /* get the stream from the hash based on Stream ID, stream ID zero is for
+ connection-oriented stuff */
+ data_s = nghttp2_session_get_stream_user_data(session, stream_id);
+ if(!data_s) {
+ /* We could get stream ID not in the hash. For example, if we
+ decided to reject stream (e.g., PUSH_PROMISE). */
+ return 0;
+ }
+ DEBUGF(infof(data_s, "on_stream_close(), %s (err %d), stream %u\n",
+ Curl_http2_strerror(error_code), error_code, stream_id));
+ stream = data_s->req.protop;
+ if(!stream)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+ stream->error_code = error_code;
+ stream->closed = TRUE;
+ data_s->state.drain++;
+ conn->proto.httpc.drain_total++;
+
+ /* remove the entry from the hash as the stream is now gone */
+ nghttp2_session_set_stream_user_data(session, stream_id, 0);
+ DEBUGF(infof(data_s, "Removed stream %u hash!\n", stream_id));
+ }
+ return 0;
+}
+
+static int on_begin_headers(nghttp2_session *session,
+ const nghttp2_frame *frame, void *userp)
+{
+ struct HTTP *stream;
+ struct Curl_easy *data_s = NULL;
+ (void)userp;
+
+ data_s = nghttp2_session_get_stream_user_data(session, frame->hd.stream_id);
+ if(!data_s) {
+ return 0;
+ }
+
+ DEBUGF(infof(data_s, "on_begin_headers() was called\n"));
+
+ if(frame->hd.type != NGHTTP2_HEADERS) {
+ return 0;
+ }
+
+ stream = data_s->req.protop;
+ if(!stream || !stream->bodystarted) {
+ return 0;
+ }
+
+ /* This is trailer HEADERS started. Allocate buffer for them. */
+ DEBUGF(infof(data_s, "trailer field started\n"));
+
+ DEBUGASSERT(stream->trailer_recvbuf == NULL);
+
+ stream->trailer_recvbuf = Curl_add_buffer_init();
+ if(!stream->trailer_recvbuf) {
+ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+ }
+
+ return 0;
+}
+
+/* Decode HTTP status code. Returns -1 if no valid status code was
+ decoded. */
+static int decode_status_code(const uint8_t *value, size_t len)
+{
+ int i;
+ int res;
+
+ if(len != 3) {
+ return -1;
+ }
+
+ res = 0;
+
+ for(i = 0; i < 3; ++i) {
+ char c = value[i];
+
+ if(c < '0' || c > '9') {
+ return -1;
+ }
+
+ res *= 10;
+ res += c - '0';
+ }
+
+ return res;
+}
+
+/* frame->hd.type is either NGHTTP2_HEADERS or NGHTTP2_PUSH_PROMISE */
+static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
+ const uint8_t *name, size_t namelen,
+ const uint8_t *value, size_t valuelen,
+ uint8_t flags,
+ void *userp)
+{
+ struct HTTP *stream;
+ struct Curl_easy *data_s;
+ int32_t stream_id = frame->hd.stream_id;
struct connectdata *conn = (struct connectdata *)userp;
- ssize_t nread;
- CURLcode rc = Curl_read(conn, conn->sock[0], (char *)buf, length, &nread);
- (void)h2;
(void)flags;
- if(rc) {
- failf(conn->data, "Failed recving HTTP2 data");
+ DEBUGASSERT(stream_id); /* should never be a zero stream ID here */
+
+ /* get the stream from the hash based on Stream ID */
+ data_s = nghttp2_session_get_stream_user_data(session, stream_id);
+ if(!data_s)
+ /* Receiving a Stream ID not in the hash should not happen, this is an
+ internal error more than anything else! */
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+ stream = data_s->req.protop;
+ if(!stream) {
+ failf(data_s, "Internal NULL stream! 5\n");
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
- if(!nread)
- return NGHTTP2_ERR_WOULDBLOCK;
+
+ /* Store received PUSH_PROMISE headers to be used when the subsequent
+ PUSH_PROMISE callback comes */
+ if(frame->hd.type == NGHTTP2_PUSH_PROMISE) {
+ char *h;
+
+ if(!stream->push_headers) {
+ stream->push_headers_alloc = 10;
+ stream->push_headers = malloc(stream->push_headers_alloc *
+ sizeof(char *));
+ stream->push_headers_used = 0;
+ }
+ else if(stream->push_headers_used ==
+ stream->push_headers_alloc) {
+ char **headp;
+ stream->push_headers_alloc *= 2;
+ headp = Curl_saferealloc(stream->push_headers,
+ stream->push_headers_alloc * sizeof(char *));
+ if(!headp) {
+ stream->push_headers = NULL;
+ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
+ }
+ stream->push_headers = headp;
+ }
+ h = aprintf("%s:%s", name, value);
+ if(h)
+ stream->push_headers[stream->push_headers_used++] = h;
+ return 0;
+ }
+
+ if(stream->bodystarted) {
+ /* This is trailer fields. */
+ /* 3 is for ":" and "\r\n". */
+ uint32_t n = (uint32_t)(namelen + valuelen + 3);
+
+ DEBUGF(infof(data_s, "h2 trailer: %.*s: %.*s\n", namelen, name, valuelen,
+ value));
+
+ Curl_add_buffer(stream->trailer_recvbuf, &n, sizeof(n));
+ Curl_add_buffer(stream->trailer_recvbuf, name, namelen);
+ Curl_add_buffer(stream->trailer_recvbuf, ": ", 2);
+ Curl_add_buffer(stream->trailer_recvbuf, value, valuelen);
+ Curl_add_buffer(stream->trailer_recvbuf, "\r\n\0", 3);
+
+ return 0;
+ }
+
+ if(namelen == sizeof(":status") - 1 &&
+ memcmp(":status", name, namelen) == 0) {
+ /* nghttp2 guarantees :status is received first and only once, and
+ value is 3 digits status code, and decode_status_code always
+ succeeds. */
+ stream->status_code = decode_status_code(value, valuelen);
+ DEBUGASSERT(stream->status_code != -1);
+
+ Curl_add_buffer(stream->header_recvbuf, "HTTP/2 ", 7);
+ Curl_add_buffer(stream->header_recvbuf, value, valuelen);
+ /* the space character after the status code is mandatory */
+ Curl_add_buffer(stream->header_recvbuf, " \r\n", 3);
+ /* if we receive data for another handle, wake that up */
+ if(conn->data != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+
+ DEBUGF(infof(data_s, "h2 status: HTTP/2 %03d (easy %p)\n",
+ stream->status_code, data_s));
+ return 0;
+ }
+
+ /* nghttp2 guarantees that namelen > 0, and :status was already
+ received, and this is not pseudo-header field . */
+ /* convert to a HTTP1-style header */
+ Curl_add_buffer(stream->header_recvbuf, name, namelen);
+ Curl_add_buffer(stream->header_recvbuf, ": ", 2);
+ Curl_add_buffer(stream->header_recvbuf, value, valuelen);
+ Curl_add_buffer(stream->header_recvbuf, "\r\n", 2);
+ /* if we receive data for another handle, wake that up */
+ if(conn->data != data_s)
+ Curl_expire(data_s, 0, EXPIRE_RUN_NOW);
+
+ DEBUGF(infof(data_s, "h2 header: %.*s: %.*s\n", namelen, name, valuelen,
+ value));
+
+ return 0; /* 0 is successful */
+}
+
+static ssize_t data_source_read_callback(nghttp2_session *session,
+ int32_t stream_id,
+ uint8_t *buf, size_t length,
+ uint32_t *data_flags,
+ nghttp2_data_source *source,
+ void *userp)
+{
+ struct Curl_easy *data_s;
+ struct HTTP *stream = NULL;
+ size_t nread;
+ (void)source;
+ (void)userp;
+
+ if(stream_id) {
+ /* get the stream from the hash based on Stream ID, stream ID zero is for
+ connection-oriented stuff */
+ data_s = nghttp2_session_get_stream_user_data(session, stream_id);
+ if(!data_s)
+ /* Receiving a Stream ID not in the hash should not happen, this is an
+ internal error more than anything else! */
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+
+ stream = data_s->req.protop;
+ if(!stream)
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+ }
+ else
+ return NGHTTP2_ERR_INVALID_ARGUMENT;
+
+ nread = MIN(stream->upload_len, length);
+ if(nread > 0) {
+ memcpy(buf, stream->upload_mem, nread);
+ stream->upload_mem += nread;
+ stream->upload_len -= nread;
+ if(data_s->state.infilesize != -1)
+ stream->upload_left -= nread;
+ }
+
+ if(stream->upload_left == 0)
+ *data_flags = NGHTTP2_DATA_FLAG_EOF;
+ else if(nread == 0)
+ return NGHTTP2_ERR_DEFERRED;
+
+ DEBUGF(infof(data_s, "data_source_read_callback: "
+ "returns %zu bytes stream %u\n",
+ nread, stream_id));
return nread;
}
-/*
- * This is all callbacks nghttp2 calls
- */
-static const nghttp2_session_callbacks callbacks = {
- send_callback,
- recv_callback,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL
-};
+#define H2_BUFSIZE 32768
-/*
- * The HTTP2 settings we send in the Upgrade request
- */
-static nghttp2_settings_entry settings[] = {
- { NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 100 },
- { NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, NGHTTP2_INITIAL_WINDOW_SIZE },
-};
+#ifdef NGHTTP2_HAS_ERROR_CALLBACK
+static int error_callback(nghttp2_session *session,
+ const char *msg,
+ size_t len,
+ void *userp)
+{
+ struct connectdata *conn = (struct connectdata *)userp;
+ (void)session;
+ infof(conn->data, "http2 error: %.*s\n", len, msg);
+ return 0;
+}
+#endif
+
+static void populate_settings(struct connectdata *conn,
+ struct http_conn *httpc)
+{
+ nghttp2_settings_entry *iv = httpc->local_settings;
+
+ iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
+ iv[0].value = 100;
+
+ iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
+ iv[1].value = HTTP2_HUGE_WINDOW_SIZE;
+
+ iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
+ iv[2].value = conn->data->multi->push_cb != NULL;
+
+ httpc->local_settings_num = 3;
+}
+
+void Curl_http2_done(struct connectdata *conn, bool premature)
+{
+ struct Curl_easy *data = conn->data;
+ struct HTTP *http = data->req.protop;
+ struct http_conn *httpc = &conn->proto.httpc;
+
+ if(http->header_recvbuf) {
+ DEBUGF(infof(data, "free header_recvbuf!!\n"));
+ Curl_add_buffer_free(http->header_recvbuf);
+ http->header_recvbuf = NULL; /* clear the pointer */
+ Curl_add_buffer_free(http->trailer_recvbuf);
+ http->trailer_recvbuf = NULL; /* clear the pointer */
+ if(http->push_headers) {
+ /* if they weren't used and then freed before */
+ for(; http->push_headers_used > 0; --http->push_headers_used) {
+ free(http->push_headers[http->push_headers_used - 1]);
+ }
+ free(http->push_headers);
+ http->push_headers = NULL;
+ }
+ }
+
+ if(premature) {
+ /* RST_STREAM */
+ nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE, http->stream_id,
+ NGHTTP2_STREAM_CLOSED);
+ if(http->stream_id == httpc->pause_stream_id) {
+ infof(data, "stopped the pause stream!\n");
+ httpc->pause_stream_id = 0;
+ }
+ }
+ if(http->stream_id) {
+ nghttp2_session_set_stream_user_data(httpc->h2, http->stream_id, 0);
+ http->stream_id = 0;
+ }
+}
/*
- * Append headers to ask for a HTTP1.1 to HTTP2 upgrade.
+ * Initialize nghttp2 for a Curl connection
*/
-CURLcode Curl_http2_request(Curl_send_buffer *req,
- struct connectdata *conn)
+CURLcode Curl_http2_init(struct connectdata *conn)
{
- uint8_t binsettings[80];
- CURLcode result;
- ssize_t binlen;
- char *base64;
- size_t blen;
-
if(!conn->proto.httpc.h2) {
+ int rc;
+ nghttp2_session_callbacks *callbacks;
+
+ conn->proto.httpc.inbuf = malloc(H2_BUFSIZE);
+ if(conn->proto.httpc.inbuf == NULL)
+ return CURLE_OUT_OF_MEMORY;
+
+ rc = nghttp2_session_callbacks_new(&callbacks);
+
+ if(rc) {
+ failf(conn->data, "Couldn't initialize nghttp2 callbacks!");
+ return CURLE_OUT_OF_MEMORY; /* most likely at least */
+ }
+
+ /* nghttp2_send_callback */
+ nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
+ /* nghttp2_on_frame_recv_callback */
+ nghttp2_session_callbacks_set_on_frame_recv_callback
+ (callbacks, on_frame_recv);
+ /* nghttp2_on_invalid_frame_recv_callback */
+ nghttp2_session_callbacks_set_on_invalid_frame_recv_callback
+ (callbacks, on_invalid_frame_recv);
+ /* nghttp2_on_data_chunk_recv_callback */
+ nghttp2_session_callbacks_set_on_data_chunk_recv_callback
+ (callbacks, on_data_chunk_recv);
+ /* nghttp2_before_frame_send_callback */
+ nghttp2_session_callbacks_set_before_frame_send_callback
+ (callbacks, before_frame_send);
+ /* nghttp2_on_frame_send_callback */
+ nghttp2_session_callbacks_set_on_frame_send_callback
+ (callbacks, on_frame_send);
+ /* nghttp2_on_frame_not_send_callback */
+ nghttp2_session_callbacks_set_on_frame_not_send_callback
+ (callbacks, on_frame_not_send);
+ /* nghttp2_on_stream_close_callback */
+ nghttp2_session_callbacks_set_on_stream_close_callback
+ (callbacks, on_stream_close);
+ /* nghttp2_on_begin_headers_callback */
+ nghttp2_session_callbacks_set_on_begin_headers_callback
+ (callbacks, on_begin_headers);
+ /* nghttp2_on_header_callback */
+ nghttp2_session_callbacks_set_on_header_callback(callbacks, on_header);
+
+ nghttp2_session_callbacks_set_error_callback(callbacks, error_callback);
+
/* The nghttp2 session is not yet setup, do it */
- int rc = nghttp2_session_client_new(&conn->proto.httpc.h2,
- &callbacks, &conn);
+ rc = nghttp2_session_client_new(&conn->proto.httpc.h2, callbacks, conn);
+
+ nghttp2_session_callbacks_del(callbacks);
+
if(rc) {
failf(conn->data, "Couldn't initialize nghttp2!");
return CURLE_OUT_OF_MEMORY; /* most likely at least */
}
}
+ return CURLE_OK;
+}
- /* As long as we have a fixed set of settings, we don't have to dynamically
- * figure out the base64 strings since it'll always be the same. However,
- * the settings will likely not be fixed every time in the future.
- */
+/*
+ * Append headers to ask for a HTTP1.1 to HTTP2 upgrade.
+ */
+CURLcode Curl_http2_request_upgrade(Curl_send_buffer *req,
+ struct connectdata *conn)
+{
+ CURLcode result;
+ ssize_t binlen;
+ char *base64;
+ size_t blen;
+ struct SingleRequest *k = &conn->data->req;
+ uint8_t *binsettings = conn->proto.httpc.binsettings;
+ struct http_conn *httpc = &conn->proto.httpc;
+
+ populate_settings(conn, httpc);
/* this returns number of bytes it wrote */
- binlen = nghttp2_pack_settings_payload(binsettings,
- sizeof(binsettings),
- settings,
- sizeof(settings)/sizeof(settings[0]));
+ binlen = nghttp2_pack_settings_payload(binsettings, H2_BINSETTINGS_LEN,
+ httpc->local_settings,
+ httpc->local_settings_num);
if(!binlen) {
failf(conn->data, "nghttp2 unexpectedly failed on pack_settings_payload");
+ Curl_add_buffer_free(req);
return CURLE_FAILED_INIT;
}
+ conn->proto.httpc.binlen = binlen;
- result = Curl_base64_encode(conn->data, (const char *)binsettings, binlen,
- &base64, &blen);
- if(result)
+ result = Curl_base64url_encode(conn->data, (const char *)binsettings, binlen,
+ &base64, &blen);
+ if(result) {
+ Curl_add_buffer_free(req);
return result;
+ }
result = Curl_add_bufferf(req,
"Connection: Upgrade, HTTP2-Settings\r\n"
"Upgrade: %s\r\n"
"HTTP2-Settings: %s\r\n",
- NGHTTP2_PROTO_VERSION_ID, base64);
+ NGHTTP2_CLEARTEXT_PROTO_VERSION_ID, base64);
free(base64);
+ k->upgr101 = UPGR101_REQUESTED;
+
+ return result;
+}
+
+/*
+ * Returns nonzero if current HTTP/2 session should be closed.
+ */
+static int should_close_session(struct http_conn *httpc)
+{
+ return httpc->drain_total == 0 && !nghttp2_session_want_read(httpc->h2) &&
+ !nghttp2_session_want_write(httpc->h2);
+}
+
+static int h2_session_send(struct Curl_easy *data,
+ nghttp2_session *h2);
+
+/*
+ * h2_process_pending_input() processes pending input left in
+ * httpc->inbuf. Then, call h2_session_send() to send pending data.
+ * This function returns 0 if it succeeds, or -1 and error code will
+ * be assigned to *err.
+ */
+static int h2_process_pending_input(struct Curl_easy *data,
+ struct http_conn *httpc,
+ CURLcode *err)
+{
+ ssize_t nread;
+ char *inbuf;
+ ssize_t rv;
+
+ nread = httpc->inbuflen - httpc->nread_inbuf;
+ inbuf = httpc->inbuf + httpc->nread_inbuf;
+
+ rv = nghttp2_session_mem_recv(httpc->h2, (const uint8_t *)inbuf, nread);
+ if(rv < 0) {
+ failf(data,
+ "h2_process_pending_input: nghttp2_session_mem_recv() returned "
+ "%d:%s\n", rv, nghttp2_strerror((int)rv));
+ *err = CURLE_RECV_ERROR;
+ return -1;
+ }
+
+ if(nread == rv) {
+ DEBUGF(infof(data,
+ "h2_process_pending_input: All data in connection buffer "
+ "processed\n"));
+ httpc->inbuflen = 0;
+ httpc->nread_inbuf = 0;
+ }
+ else {
+ httpc->nread_inbuf += rv;
+ DEBUGF(infof(data,
+ "h2_process_pending_input: %zu bytes left in connection "
+ "buffer\n",
+ httpc->inbuflen - httpc->nread_inbuf));
+ }
+
+ rv = h2_session_send(data, httpc->h2);
+ if(rv != 0) {
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+
+ if(should_close_session(httpc)) {
+ DEBUGF(infof(data,
+ "h2_process_pending_input: nothing to do in this session\n"));
+ *err = CURLE_HTTP2;
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Called from transfer.c:done_sending when we stop uploading.
+ */
+CURLcode Curl_http2_done_sending(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+
+ if((conn->handler == &Curl_handler_http2_ssl) ||
+ (conn->handler == &Curl_handler_http2)) {
+ /* make sure this is only attempted for HTTP/2 transfers */
+
+ struct HTTP *stream = conn->data->req.protop;
+
+ if(stream->upload_left) {
+ /* If the stream still thinks there's data left to upload. */
+ struct http_conn *httpc = &conn->proto.httpc;
+ nghttp2_session *h2 = httpc->h2;
+
+ stream->upload_left = 0; /* DONE! */
+
+ /* resume sending here to trigger the callback to get called again so
+ that it can signal EOF to nghttp2 */
+ (void)nghttp2_session_resume_data(h2, stream->stream_id);
+
+ (void)h2_process_pending_input(conn->data, httpc, &result);
+ }
+ }
return result;
}
+
+static ssize_t http2_handle_stream_close(struct connectdata *conn,
+ struct Curl_easy *data,
+ struct HTTP *stream, CURLcode *err)
+{
+ char *trailer_pos, *trailer_end;
+ CURLcode result;
+ struct http_conn *httpc = &conn->proto.httpc;
+
+ if(httpc->pause_stream_id == stream->stream_id) {
+ httpc->pause_stream_id = 0;
+ }
+
+ DEBUGASSERT(httpc->drain_total >= data->state.drain);
+ httpc->drain_total -= data->state.drain;
+ data->state.drain = 0;
+
+ if(httpc->pause_stream_id == 0) {
+ if(h2_process_pending_input(data, httpc, err) != 0) {
+ return -1;
+ }
+ }
+
+ DEBUGASSERT(data->state.drain == 0);
+
+ /* Reset to FALSE to prevent infinite loop in readwrite_data function. */
+ stream->closed = FALSE;
+ if(stream->error_code != NGHTTP2_NO_ERROR) {
+ failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)",
+ stream->stream_id, Curl_http2_strerror(stream->error_code),
+ stream->error_code);
+ *err = CURLE_HTTP2_STREAM;
+ return -1;
+ }
+
+ if(!stream->bodystarted) {
+ failf(data, "HTTP/2 stream %u was closed cleanly, but before getting "
+ " all response header fields, teated as error",
+ stream->stream_id);
+ *err = CURLE_HTTP2_STREAM;
+ return -1;
+ }
+
+ if(stream->trailer_recvbuf && stream->trailer_recvbuf->buffer) {
+ trailer_pos = stream->trailer_recvbuf->buffer;
+ trailer_end = trailer_pos + stream->trailer_recvbuf->size_used;
+
+ for(; trailer_pos < trailer_end;) {
+ uint32_t n;
+ memcpy(&n, trailer_pos, sizeof(n));
+ trailer_pos += sizeof(n);
+
+ result = Curl_client_write(conn, CLIENTWRITE_HEADER, trailer_pos, n);
+ if(result) {
+ *err = result;
+ return -1;
+ }
+
+ trailer_pos += n + 1;
+ }
+ }
+
+ stream->close_handled = TRUE;
+
+ DEBUGF(infof(data, "http2_recv returns 0, http2_handle_stream_close\n"));
+ return 0;
+}
+
+/*
+ * h2_pri_spec() fills in the pri_spec struct, used by nghttp2 to send weight
+ * and dependency to the peer. It also stores the updated values in the state
+ * struct.
+ */
+
+static void h2_pri_spec(struct Curl_easy *data,
+ nghttp2_priority_spec *pri_spec)
+{
+ struct HTTP *depstream = (data->set.stream_depends_on?
+ data->set.stream_depends_on->req.protop:NULL);
+ int32_t depstream_id = depstream? depstream->stream_id:0;
+ nghttp2_priority_spec_init(pri_spec, depstream_id, data->set.stream_weight,
+ data->set.stream_depends_e);
+ data->state.stream_weight = data->set.stream_weight;
+ data->state.stream_depends_e = data->set.stream_depends_e;
+ data->state.stream_depends_on = data->set.stream_depends_on;
+}
+
+/*
+ * h2_session_send() checks if there's been an update in the priority /
+ * dependency settings and if so it submits a PRIORITY frame with the updated
+ * info.
+ */
+static int h2_session_send(struct Curl_easy *data,
+ nghttp2_session *h2)
+{
+ struct HTTP *stream = data->req.protop;
+ if((data->set.stream_weight != data->state.stream_weight) ||
+ (data->set.stream_depends_e != data->state.stream_depends_e) ||
+ (data->set.stream_depends_on != data->state.stream_depends_on) ) {
+ /* send new weight and/or dependency */
+ nghttp2_priority_spec pri_spec;
+ int rv;
+
+ h2_pri_spec(data, &pri_spec);
+
+ DEBUGF(infof(data, "Queuing PRIORITY on stream %u (easy %p)\n",
+ stream->stream_id, data));
+ rv = nghttp2_submit_priority(h2, NGHTTP2_FLAG_NONE, stream->stream_id,
+ &pri_spec);
+ if(rv)
+ return rv;
+ }
+
+ return nghttp2_session_send(h2);
+}
+
+static ssize_t http2_recv(struct connectdata *conn, int sockindex,
+ char *mem, size_t len, CURLcode *err)
+{
+ CURLcode result = CURLE_OK;
+ ssize_t rv;
+ ssize_t nread;
+ struct http_conn *httpc = &conn->proto.httpc;
+ struct Curl_easy *data = conn->data;
+ struct HTTP *stream = data->req.protop;
+
+ (void)sockindex; /* we always do HTTP2 on sockindex 0 */
+
+ if(should_close_session(httpc)) {
+ DEBUGF(infof(data,
+ "http2_recv: nothing to do in this session\n"));
+ *err = CURLE_HTTP2;
+ return -1;
+ }
+
+ /* Nullify here because we call nghttp2_session_send() and they
+ might refer to the old buffer. */
+ stream->upload_mem = NULL;
+ stream->upload_len = 0;
+
+ /*
+ * At this point 'stream' is just in the Curl_easy the connection
+ * identifies as its owner at this time.
+ */
+
+ if(stream->bodystarted &&
+ stream->nread_header_recvbuf < stream->header_recvbuf->size_used) {
+ /* If there is body data pending for this stream to return, do that */
+ size_t left =
+ stream->header_recvbuf->size_used - stream->nread_header_recvbuf;
+ size_t ncopy = MIN(len, left);
+ memcpy(mem, stream->header_recvbuf->buffer + stream->nread_header_recvbuf,
+ ncopy);
+ stream->nread_header_recvbuf += ncopy;
+
+ DEBUGF(infof(data, "http2_recv: Got %d bytes from header_recvbuf\n",
+ (int)ncopy));
+ return ncopy;
+ }
+
+ DEBUGF(infof(data, "http2_recv: easy %p (stream %u)\n",
+ data, stream->stream_id));
+
+ if((data->state.drain) && stream->memlen) {
+ DEBUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u!! (%p => %p)\n",
+ stream->memlen, stream->stream_id,
+ stream->mem, mem));
+ if(mem != stream->mem) {
+ /* if we didn't get the same buffer this time, we must move the data to
+ the beginning */
+ memmove(mem, stream->mem, stream->memlen);
+ stream->len = len - stream->memlen;
+ stream->mem = mem;
+ }
+ if(httpc->pause_stream_id == stream->stream_id && !stream->pausedata) {
+ /* We have paused nghttp2, but we have no pause data (see
+ on_data_chunk_recv). */
+ httpc->pause_stream_id = 0;
+ if(h2_process_pending_input(data, httpc, &result) != 0) {
+ *err = result;
+ return -1;
+ }
+ }
+ }
+ else if(stream->pausedata) {
+ DEBUGASSERT(httpc->pause_stream_id == stream->stream_id);
+ nread = MIN(len, stream->pauselen);
+ memcpy(mem, stream->pausedata, nread);
+
+ stream->pausedata += nread;
+ stream->pauselen -= nread;
+
+ infof(data, "%zu data bytes written\n", nread);
+ if(stream->pauselen == 0) {
+ DEBUGF(infof(data, "Unpaused by stream %u\n", stream->stream_id));
+ DEBUGASSERT(httpc->pause_stream_id == stream->stream_id);
+ httpc->pause_stream_id = 0;
+
+ stream->pausedata = NULL;
+ stream->pauselen = 0;
+
+ /* When NGHTTP2_ERR_PAUSE is returned from
+ data_source_read_callback, we might not process DATA frame
+ fully. Calling nghttp2_session_mem_recv() again will
+ continue to process DATA frame, but if there is no incoming
+ frames, then we have to call it again with 0-length data.
+ Without this, on_stream_close callback will not be called,
+ and stream could be hanged. */
+ if(h2_process_pending_input(data, httpc, &result) != 0) {
+ *err = result;
+ return -1;
+ }
+ }
+ DEBUGF(infof(data, "http2_recv: returns unpaused %zd bytes on stream %u\n",
+ nread, stream->stream_id));
+ return nread;
+ }
+ else if(httpc->pause_stream_id) {
+ /* If a stream paused nghttp2_session_mem_recv previously, and has
+ not processed all data, it still refers to the buffer in
+ nghttp2_session. If we call nghttp2_session_mem_recv(), we may
+ overwrite that buffer. To avoid that situation, just return
+ here with CURLE_AGAIN. This could be busy loop since data in
+ socket is not read. But it seems that usually streams are
+ notified with its drain property, and socket is read again
+ quickly. */
+ DEBUGF(infof(data, "stream %x is paused, pause id: %x\n",
+ stream->stream_id, httpc->pause_stream_id));
+ *err = CURLE_AGAIN;
+ return -1;
+ }
+ else {
+ char *inbuf;
+ /* remember where to store incoming data for this stream and how big the
+ buffer is */
+ stream->mem = mem;
+ stream->len = len;
+ stream->memlen = 0;
+
+ if(httpc->inbuflen == 0) {
+ nread = ((Curl_recv *)httpc->recv_underlying)(
+ conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result);
+
+ if(nread == -1) {
+ if(result != CURLE_AGAIN)
+ failf(data, "Failed receiving HTTP2 data");
+ else if(stream->closed)
+ /* received when the stream was already closed! */
+ return http2_handle_stream_close(conn, data, stream, err);
+
+ *err = result;
+ return -1;
+ }
+
+ if(nread == 0) {
+ failf(data, "Unexpected EOF");
+ *err = CURLE_RECV_ERROR;
+ return -1;
+ }
+
+ DEBUGF(infof(data, "nread=%zd\n", nread));
+
+ httpc->inbuflen = nread;
+ inbuf = httpc->inbuf;
+ }
+ else {
+ nread = httpc->inbuflen - httpc->nread_inbuf;
+ inbuf = httpc->inbuf + httpc->nread_inbuf;
+
+ DEBUGF(infof(data, "Use data left in connection buffer, nread=%zd\n",
+ nread));
+ }
+ rv = nghttp2_session_mem_recv(httpc->h2, (const uint8_t *)inbuf, nread);
+
+ if(nghttp2_is_fatal((int)rv)) {
+ failf(data, "nghttp2_session_mem_recv() returned %d:%s\n",
+ rv, nghttp2_strerror((int)rv));
+ *err = CURLE_RECV_ERROR;
+ return -1;
+ }
+ DEBUGF(infof(data, "nghttp2_session_mem_recv() returns %zd\n", rv));
+ if(nread == rv) {
+ DEBUGF(infof(data, "All data in connection buffer processed\n"));
+ httpc->inbuflen = 0;
+ httpc->nread_inbuf = 0;
+ }
+ else {
+ httpc->nread_inbuf += rv;
+ DEBUGF(infof(data, "%zu bytes left in connection buffer\n",
+ httpc->inbuflen - httpc->nread_inbuf));
+ }
+ /* Always send pending frames in nghttp2 session, because
+ nghttp2_session_mem_recv() may queue new frame */
+ rv = h2_session_send(data, httpc->h2);
+ if(rv != 0) {
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+
+ if(should_close_session(httpc)) {
+ DEBUGF(infof(data, "http2_recv: nothing to do in this session\n"));
+ *err = CURLE_HTTP2;
+ return -1;
+ }
+ }
+ if(stream->memlen) {
+ ssize_t retlen = stream->memlen;
+ DEBUGF(infof(data, "http2_recv: returns %zd for stream %u\n",
+ retlen, stream->stream_id));
+ stream->memlen = 0;
+
+ if(httpc->pause_stream_id == stream->stream_id) {
+ /* data for this stream is returned now, but this stream caused a pause
+ already so we need it called again asap */
+ DEBUGF(infof(data, "Data returned for PAUSED stream %u\n",
+ stream->stream_id));
+ }
+ else if(!stream->closed) {
+ DEBUGASSERT(httpc->drain_total >= data->state.drain);
+ httpc->drain_total -= data->state.drain;
+ data->state.drain = 0; /* this stream is hereby drained */
+ }
+
+ return retlen;
+ }
+ /* If stream is closed, return 0 to signal the http routine to close
+ the connection */
+ if(stream->closed) {
+ return http2_handle_stream_close(conn, data, stream, err);
+ }
+ *err = CURLE_AGAIN;
+ DEBUGF(infof(data, "http2_recv returns AGAIN for stream %u\n",
+ stream->stream_id));
+ return -1;
+}
+
+/* Index where :authority header field will appear in request header
+ field list. */
+#define AUTHORITY_DST_IDX 3
+
+#define HEADER_OVERFLOW(x) \
+ (x.namelen > (uint16_t)-1 || x.valuelen > (uint16_t)-1 - x.namelen)
+
+/*
+ * Check header memory for the token "trailers".
+ * Parse the tokens as separated by comma and surrounded by whitespace.
+ * Returns TRUE if found or FALSE if not.
+ */
+static bool contains_trailers(const char *p, size_t len)
+{
+ const char *end = p + len;
+ for(;;) {
+ for(; p != end && (*p == ' ' || *p == '\t'); ++p)
+ ;
+ if(p == end || (size_t)(end - p) < sizeof("trailers") - 1)
+ return FALSE;
+ if(strncasecompare("trailers", p, sizeof("trailers") - 1)) {
+ p += sizeof("trailers") - 1;
+ for(; p != end && (*p == ' ' || *p == '\t'); ++p)
+ ;
+ if(p == end || *p == ',')
+ return TRUE;
+ }
+ /* skip to next token */
+ for(; p != end && *p != ','; ++p)
+ ;
+ if(p == end)
+ return FALSE;
+ ++p;
+ }
+}
+
+typedef enum {
+ /* Send header to server */
+ HEADERINST_FORWARD,
+ /* Don't send header to server */
+ HEADERINST_IGNORE,
+ /* Discard header, and replace it with "te: trailers" */
+ HEADERINST_TE_TRAILERS
+} header_instruction;
+
+/* Decides how to treat given header field. */
+static header_instruction inspect_header(const char *name, size_t namelen,
+ const char *value, size_t valuelen) {
+ switch(namelen) {
+ case 2:
+ if(!strncasecompare("te", name, namelen))
+ return HEADERINST_FORWARD;
+
+ return contains_trailers(value, valuelen) ?
+ HEADERINST_TE_TRAILERS : HEADERINST_IGNORE;
+ case 7:
+ return strncasecompare("upgrade", name, namelen) ?
+ HEADERINST_IGNORE : HEADERINST_FORWARD;
+ case 10:
+ return (strncasecompare("connection", name, namelen) ||
+ strncasecompare("keep-alive", name, namelen)) ?
+ HEADERINST_IGNORE : HEADERINST_FORWARD;
+ case 16:
+ return strncasecompare("proxy-connection", name, namelen) ?
+ HEADERINST_IGNORE : HEADERINST_FORWARD;
+ case 17:
+ return strncasecompare("transfer-encoding", name, namelen) ?
+ HEADERINST_IGNORE : HEADERINST_FORWARD;
+ default:
+ return HEADERINST_FORWARD;
+ }
+}
+
+static ssize_t http2_send(struct connectdata *conn, int sockindex,
+ const void *mem, size_t len, CURLcode *err)
+{
+ /*
+ * BIG TODO: Currently, we send request in this function, but this
+ * function is also used to send request body. It would be nice to
+ * add dedicated function for request.
+ */
+ int rv;
+ struct http_conn *httpc = &conn->proto.httpc;
+ struct HTTP *stream = conn->data->req.protop;
+ nghttp2_nv *nva = NULL;
+ size_t nheader;
+ size_t i;
+ size_t authority_idx;
+ char *hdbuf = (char *)mem;
+ char *end, *line_end;
+ nghttp2_data_provider data_prd;
+ int32_t stream_id;
+ nghttp2_session *h2 = httpc->h2;
+ nghttp2_priority_spec pri_spec;
+
+ (void)sockindex;
+
+ DEBUGF(infof(conn->data, "http2_send len=%zu\n", len));
+
+ if(stream->stream_id != -1) {
+ if(stream->close_handled) {
+ infof(conn->data, "stream %d closed\n", stream->stream_id);
+ *err = CURLE_HTTP2_STREAM;
+ return -1;
+ }
+ else if(stream->closed) {
+ return http2_handle_stream_close(conn, conn->data, stream, err);
+ }
+ /* If stream_id != -1, we have dispatched request HEADERS, and now
+ are going to send or sending request body in DATA frame */
+ stream->upload_mem = mem;
+ stream->upload_len = len;
+ nghttp2_session_resume_data(h2, stream->stream_id);
+ rv = h2_session_send(conn->data, h2);
+ if(nghttp2_is_fatal(rv)) {
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+ len -= stream->upload_len;
+
+ /* Nullify here because we call nghttp2_session_send() and they
+ might refer to the old buffer. */
+ stream->upload_mem = NULL;
+ stream->upload_len = 0;
+
+ if(should_close_session(httpc)) {
+ DEBUGF(infof(conn->data, "http2_send: nothing to do in this session\n"));
+ *err = CURLE_HTTP2;
+ return -1;
+ }
+
+ if(stream->upload_left) {
+ /* we are sure that we have more data to send here. Calling the
+ following API will make nghttp2_session_want_write() return
+ nonzero if remote window allows it, which then libcurl checks
+ socket is writable or not. See http2_perform_getsock(). */
+ nghttp2_session_resume_data(h2, stream->stream_id);
+ }
+
+ DEBUGF(infof(conn->data, "http2_send returns %zu for stream %u\n", len,
+ stream->stream_id));
+ return len;
+ }
+
+ /* Calculate number of headers contained in [mem, mem + len) */
+ /* Here, we assume the curl http code generate *correct* HTTP header
+ field block */
+ nheader = 0;
+ for(i = 1; i < len; ++i) {
+ if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') {
+ ++nheader;
+ ++i;
+ }
+ }
+ if(nheader < 2)
+ goto fail;
+
+ /* We counted additional 2 \r\n in the first and last line. We need 3
+ new headers: :method, :path and :scheme. Therefore we need one
+ more space. */
+ nheader += 1;
+ nva = malloc(sizeof(nghttp2_nv) * nheader);
+ if(nva == NULL) {
+ *err = CURLE_OUT_OF_MEMORY;
+ return -1;
+ }
+
+ /* Extract :method, :path from request line */
+ line_end = strstr(hdbuf, "\r\n");
+
+ /* Method does not contain spaces */
+ end = memchr(hdbuf, ' ', line_end - hdbuf);
+ if(!end || end == hdbuf)
+ goto fail;
+ nva[0].name = (unsigned char *)":method";
+ nva[0].namelen = strlen((char *)nva[0].name);
+ nva[0].value = (unsigned char *)hdbuf;
+ nva[0].valuelen = (size_t)(end - hdbuf);
+ nva[0].flags = NGHTTP2_NV_FLAG_NONE;
+ if(HEADER_OVERFLOW(nva[0])) {
+ failf(conn->data, "Failed sending HTTP request: Header overflow");
+ goto fail;
+ }
+
+ hdbuf = end + 1;
+
+ /* Path may contain spaces so scan backwards */
+ end = NULL;
+ for(i = (size_t)(line_end - hdbuf); i; --i) {
+ if(hdbuf[i - 1] == ' ') {
+ end = &hdbuf[i - 1];
+ break;
+ }
+ }
+ if(!end || end == hdbuf)
+ goto fail;
+ nva[1].name = (unsigned char *)":path";
+ nva[1].namelen = strlen((char *)nva[1].name);
+ nva[1].value = (unsigned char *)hdbuf;
+ nva[1].valuelen = (size_t)(end - hdbuf);
+ nva[1].flags = NGHTTP2_NV_FLAG_NONE;
+ if(HEADER_OVERFLOW(nva[1])) {
+ failf(conn->data, "Failed sending HTTP request: Header overflow");
+ goto fail;
+ }
+
+ nva[2].name = (unsigned char *)":scheme";
+ nva[2].namelen = strlen((char *)nva[2].name);
+ if(conn->handler->flags & PROTOPT_SSL)
+ nva[2].value = (unsigned char *)"https";
+ else
+ nva[2].value = (unsigned char *)"http";
+ nva[2].valuelen = strlen((char *)nva[2].value);
+ nva[2].flags = NGHTTP2_NV_FLAG_NONE;
+ if(HEADER_OVERFLOW(nva[2])) {
+ failf(conn->data, "Failed sending HTTP request: Header overflow");
+ goto fail;
+ }
+
+ authority_idx = 0;
+ i = 3;
+ while(i < nheader) {
+ size_t hlen;
+
+ hdbuf = line_end + 2;
+
+ line_end = strstr(hdbuf, "\r\n");
+ if(line_end == hdbuf)
+ goto fail;
+
+ /* header continuation lines are not supported */
+ if(*hdbuf == ' ' || *hdbuf == '\t')
+ goto fail;
+
+ for(end = hdbuf; end < line_end && *end != ':'; ++end)
+ ;
+ if(end == hdbuf || end == line_end)
+ goto fail;
+ hlen = end - hdbuf;
+
+ if(hlen == 4 && strncasecompare("host", hdbuf, 4)) {
+ authority_idx = i;
+ nva[i].name = (unsigned char *)":authority";
+ nva[i].namelen = strlen((char *)nva[i].name);
+ }
+ else {
+ nva[i].name = (unsigned char *)hdbuf;
+ nva[i].namelen = (size_t)(end - hdbuf);
+ }
+ hdbuf = end + 1;
+ while(*hdbuf == ' ' || *hdbuf == '\t')
+ ++hdbuf;
+ end = line_end;
+
+ switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf,
+ end - hdbuf)) {
+ case HEADERINST_IGNORE:
+ /* skip header fields prohibited by HTTP/2 specification. */
+ --nheader;
+ continue;
+ case HEADERINST_TE_TRAILERS:
+ nva[i].value = (uint8_t*)"trailers";
+ nva[i].valuelen = sizeof("trailers") - 1;
+ break;
+ default:
+ nva[i].value = (unsigned char *)hdbuf;
+ nva[i].valuelen = (size_t)(end - hdbuf);
+ }
+
+ nva[i].flags = NGHTTP2_NV_FLAG_NONE;
+ if(HEADER_OVERFLOW(nva[i])) {
+ failf(conn->data, "Failed sending HTTP request: Header overflow");
+ goto fail;
+ }
+ ++i;
+ }
+
+ /* :authority must come before non-pseudo header fields */
+ if(authority_idx != 0 && authority_idx != AUTHORITY_DST_IDX) {
+ nghttp2_nv authority = nva[authority_idx];
+ for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) {
+ nva[i] = nva[i - 1];
+ }
+ nva[i] = authority;
+ }
+
+ /* Warn stream may be rejected if cumulative length of headers is too large.
+ It appears nghttp2 will not send a header frame larger than 64KB. */
+#define MAX_ACC 60000 /* <64KB to account for some overhead */
+ {
+ size_t acc = 0;
+
+ for(i = 0; i < nheader; ++i) {
+ acc += nva[i].namelen + nva[i].valuelen;
+
+ DEBUGF(infof(conn->data, "h2 header: %.*s:%.*s\n",
+ nva[i].namelen, nva[i].name,
+ nva[i].valuelen, nva[i].value));
+ }
+
+ if(acc > MAX_ACC) {
+ infof(conn->data, "http2_send: Warning: The cumulative length of all "
+ "headers exceeds %zu bytes and that could cause the "
+ "stream to be rejected.\n", MAX_ACC);
+ }
+ }
+
+ h2_pri_spec(conn->data, &pri_spec);
+
+ switch(conn->data->set.httpreq) {
+ case HTTPREQ_POST:
+ case HTTPREQ_POST_FORM:
+ case HTTPREQ_POST_MIME:
+ case HTTPREQ_PUT:
+ if(conn->data->state.infilesize != -1)
+ stream->upload_left = conn->data->state.infilesize;
+ else
+ /* data sending without specifying the data amount up front */
+ stream->upload_left = -1; /* unknown, but not zero */
+
+ data_prd.read_callback = data_source_read_callback;
+ data_prd.source.ptr = NULL;
+ stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
+ &data_prd, conn->data);
+ break;
+ default:
+ stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
+ NULL, conn->data);
+ }
+
+ Curl_safefree(nva);
+
+ if(stream_id < 0) {
+ DEBUGF(infof(conn->data, "http2_send() send error\n"));
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+
+ infof(conn->data, "Using Stream ID: %x (easy handle %p)\n",
+ stream_id, conn->data);
+ stream->stream_id = stream_id;
+
+ /* this does not call h2_session_send() since there can not have been any
+ * priority upodate since the nghttp2_submit_request() call above */
+ rv = nghttp2_session_send(h2);
+
+ if(rv != 0) {
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+
+ if(should_close_session(httpc)) {
+ DEBUGF(infof(conn->data, "http2_send: nothing to do in this session\n"));
+ *err = CURLE_HTTP2;
+ return -1;
+ }
+
+ if(stream->stream_id != -1) {
+ /* If whole HEADERS frame was sent off to the underlying socket,
+ the nghttp2 library calls data_source_read_callback. But only
+ it found that no data available, so it deferred the DATA
+ transmission. Which means that nghttp2_session_want_write()
+ returns 0 on http2_perform_getsock(), which results that no
+ writable socket check is performed. To workaround this, we
+ issue nghttp2_session_resume_data() here to bring back DATA
+ transmission from deferred state. */
+ nghttp2_session_resume_data(h2, stream->stream_id);
+ }
+
+ return len;
+
+fail:
+ free(nva);
+ *err = CURLE_SEND_ERROR;
+ return -1;
+}
+
+CURLcode Curl_http2_setup(struct connectdata *conn)
+{
+ CURLcode result;
+ struct http_conn *httpc = &conn->proto.httpc;
+ struct HTTP *stream = conn->data->req.protop;
+
+ stream->stream_id = -1;
+
+ if(!stream->header_recvbuf)
+ stream->header_recvbuf = Curl_add_buffer_init();
+
+ if((conn->handler == &Curl_handler_http2_ssl) ||
+ (conn->handler == &Curl_handler_http2))
+ return CURLE_OK; /* already done */
+
+ if(conn->handler->flags & PROTOPT_SSL)
+ conn->handler = &Curl_handler_http2_ssl;
+ else
+ conn->handler = &Curl_handler_http2;
+
+ result = Curl_http2_init(conn);
+ if(result)
+ return result;
+
+ infof(conn->data, "Using HTTP2, server supports multi-use\n");
+ stream->upload_left = 0;
+ stream->upload_mem = NULL;
+ stream->upload_len = 0;
+
+ httpc->inbuflen = 0;
+ httpc->nread_inbuf = 0;
+
+ httpc->pause_stream_id = 0;
+ httpc->drain_total = 0;
+
+ conn->bits.multiplex = TRUE; /* at least potentially multiplexed */
+ conn->httpversion = 20;
+ conn->bundle->multiuse = BUNDLE_MULTIPLEX;
+
+ infof(conn->data, "Connection state changed (HTTP/2 confirmed)\n");
+ Curl_multi_connchanged(conn->data->multi);
+
+ return CURLE_OK;
+}
+
+CURLcode Curl_http2_switched(struct connectdata *conn,
+ const char *mem, size_t nread)
+{
+ CURLcode result;
+ struct http_conn *httpc = &conn->proto.httpc;
+ int rv;
+ ssize_t nproc;
+ struct Curl_easy *data = conn->data;
+ struct HTTP *stream = conn->data->req.protop;
+
+ result = Curl_http2_setup(conn);
+ if(result)
+ return result;
+
+ httpc->recv_underlying = (recving)conn->recv[FIRSTSOCKET];
+ httpc->send_underlying = (sending)conn->send[FIRSTSOCKET];
+ conn->recv[FIRSTSOCKET] = http2_recv;
+ conn->send[FIRSTSOCKET] = http2_send;
+
+ if(conn->data->req.upgr101 == UPGR101_RECEIVED) {
+ /* stream 1 is opened implicitly on upgrade */
+ stream->stream_id = 1;
+ /* queue SETTINGS frame (again) */
+ rv = nghttp2_session_upgrade(httpc->h2, httpc->binsettings,
+ httpc->binlen, NULL);
+ if(rv != 0) {
+ failf(data, "nghttp2_session_upgrade() failed: %s(%d)",
+ nghttp2_strerror(rv), rv);
+ return CURLE_HTTP2;
+ }
+
+ nghttp2_session_set_stream_user_data(httpc->h2,
+ stream->stream_id,
+ conn->data);
+ }
+ else {
+ populate_settings(conn, httpc);
+
+ /* stream ID is unknown at this point */
+ stream->stream_id = -1;
+ rv = nghttp2_submit_settings(httpc->h2, NGHTTP2_FLAG_NONE,
+ httpc->local_settings,
+ httpc->local_settings_num);
+ if(rv != 0) {
+ failf(data, "nghttp2_submit_settings() failed: %s(%d)",
+ nghttp2_strerror(rv), rv);
+ return CURLE_HTTP2;
+ }
+ }
+
+#ifdef NGHTTP2_HAS_SET_LOCAL_WINDOW_SIZE
+ rv = nghttp2_session_set_local_window_size(httpc->h2, NGHTTP2_FLAG_NONE, 0,
+ HTTP2_HUGE_WINDOW_SIZE);
+ if(rv != 0) {
+ failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)",
+ nghttp2_strerror(rv), rv);
+ return CURLE_HTTP2;
+ }
#endif
+
+ /* we are going to copy mem to httpc->inbuf. This is required since
+ mem is part of buffer pointed by stream->mem, and callbacks
+ called by nghttp2_session_mem_recv() will write stream specific
+ data into stream->mem, overwriting data already there. */
+ if(H2_BUFSIZE < nread) {
+ failf(data, "connection buffer size is too small to store data following "
+ "HTTP Upgrade response header: buflen=%zu, datalen=%zu",
+ H2_BUFSIZE, nread);
+ return CURLE_HTTP2;
+ }
+
+ infof(conn->data, "Copying HTTP/2 data in stream buffer to connection buffer"
+ " after upgrade: len=%zu\n",
+ nread);
+
+ if(nread)
+ memcpy(httpc->inbuf, mem, nread);
+ httpc->inbuflen = nread;
+
+ nproc = nghttp2_session_mem_recv(httpc->h2, (const uint8_t *)httpc->inbuf,
+ httpc->inbuflen);
+
+ if(nghttp2_is_fatal((int)nproc)) {
+ failf(data, "nghttp2_session_mem_recv() failed: %s(%d)",
+ nghttp2_strerror((int)nproc), (int)nproc);
+ return CURLE_HTTP2;
+ }
+
+ DEBUGF(infof(data, "nghttp2_session_mem_recv() returns %zd\n", nproc));
+
+ if((ssize_t)nread == nproc) {
+ httpc->inbuflen = 0;
+ httpc->nread_inbuf = 0;
+ }
+ else {
+ httpc->nread_inbuf += nproc;
+ }
+
+ /* Try to send some frames since we may read SETTINGS already. */
+ rv = h2_session_send(data, httpc->h2);
+
+ if(rv != 0) {
+ failf(data, "nghttp2_session_send() failed: %s(%d)",
+ nghttp2_strerror(rv), rv);
+ return CURLE_HTTP2;
+ }
+
+ if(should_close_session(httpc)) {
+ DEBUGF(infof(data,
+ "nghttp2_session_send(): nothing to do in this session\n"));
+ return CURLE_HTTP2;
+ }
+
+ return CURLE_OK;
+}
+
+CURLcode Curl_http2_add_child(struct Curl_easy *parent,
+ struct Curl_easy *child,
+ bool exclusive)
+{
+ if(parent) {
+ struct Curl_http2_dep **tail;
+ struct Curl_http2_dep *dep = calloc(1, sizeof(struct Curl_http2_dep));
+ if(!dep)
+ return CURLE_OUT_OF_MEMORY;
+ dep->data = child;
+
+ if(parent->set.stream_dependents && exclusive) {
+ struct Curl_http2_dep *node = parent->set.stream_dependents;
+ while(node) {
+ node->data->set.stream_depends_on = child;
+ node = node->next;
+ }
+
+ tail = &child->set.stream_dependents;
+ while(*tail)
+ tail = &(*tail)->next;
+
+ DEBUGASSERT(!*tail);
+ *tail = parent->set.stream_dependents;
+ parent->set.stream_dependents = 0;
+ }
+
+ tail = &parent->set.stream_dependents;
+ while(*tail) {
+ (*tail)->data->set.stream_depends_e = FALSE;
+ tail = &(*tail)->next;
+ }
+
+ DEBUGASSERT(!*tail);
+ *tail = dep;
+ }
+
+ child->set.stream_depends_on = parent;
+ child->set.stream_depends_e = exclusive;
+ return CURLE_OK;
+}
+
+void Curl_http2_remove_child(struct Curl_easy *parent, struct Curl_easy *child)
+{
+ struct Curl_http2_dep *last = 0;
+ struct Curl_http2_dep *data = parent->set.stream_dependents;
+ DEBUGASSERT(child->set.stream_depends_on == parent);
+
+ while(data && data->data != child) {
+ last = data;
+ data = data->next;
+ }
+
+ DEBUGASSERT(data);
+
+ if(data) {
+ if(last) {
+ last->next = data->next;
+ }
+ else {
+ parent->set.stream_dependents = data->next;
+ }
+ free(data);
+ }
+
+ child->set.stream_depends_on = 0;
+ child->set.stream_depends_e = FALSE;
+}
+
+void Curl_http2_cleanup_dependencies(struct Curl_easy *data)
+{
+ while(data->set.stream_dependents) {
+ struct Curl_easy *tmp = data->set.stream_dependents->data;
+ Curl_http2_remove_child(data, tmp);
+ if(data->set.stream_depends_on)
+ Curl_http2_add_child(data->set.stream_depends_on, tmp, FALSE);
+ }
+
+ if(data->set.stream_depends_on)
+ Curl_http2_remove_child(data->set.stream_depends_on, data);
+}
+
+#else /* !USE_NGHTTP2 */
+
+/* Satisfy external references even if http2 is not compiled in. */
+
+#define CURL_DISABLE_TYPECHECK
+#include <curl/curl.h>
+
+char *curl_pushheader_bynum(struct curl_pushheaders *h, size_t num)
+{
+ (void) h;
+ (void) num;
+ return NULL;
+}
+
+char *curl_pushheader_byname(struct curl_pushheaders *h, const char *header)
+{
+ (void) h;
+ (void) header;
+ return NULL;
+}
+
+#endif /* USE_NGHTTP2 */
diff --git a/libs/libcurl/src/http2.h b/libs/libcurl/src/http2.h
index 09b91d1122..f597c805e5 100644
--- a/libs/libcurl/src/http2.h
+++ b/libs/libcurl/src/http2.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,16 +26,54 @@
#ifdef USE_NGHTTP2
#include "http.h"
+
+/* value for MAX_CONCURRENT_STREAMS we use until we get an updated setting
+ from the peer */
+#define DEFAULT_MAX_CONCURRENT_STREAMS 13
+
/*
* Store nghttp2 version info in this buffer, Prefix with a space. Return
* total length written.
*/
int Curl_http2_ver(char *p, size_t len);
-CURLcode Curl_http2_request(Curl_send_buffer *req,
- struct connectdata *conn);
+const char *Curl_http2_strerror(uint32_t err);
+
+CURLcode Curl_http2_init(struct connectdata *conn);
+void Curl_http2_init_state(struct UrlState *state);
+void Curl_http2_init_userset(struct UserDefined *set);
+CURLcode Curl_http2_send_request(struct connectdata *conn);
+CURLcode Curl_http2_request_upgrade(Curl_send_buffer *req,
+ struct connectdata *conn);
+CURLcode Curl_http2_setup(struct connectdata *conn);
+CURLcode Curl_http2_switched(struct connectdata *conn,
+ const char *data, size_t nread);
+/* called from Curl_http_setup_conn */
+void Curl_http2_setup_conn(struct connectdata *conn);
+void Curl_http2_setup_req(struct Curl_easy *data);
+void Curl_http2_done(struct connectdata *conn, bool premature);
+CURLcode Curl_http2_done_sending(struct connectdata *conn);
+CURLcode Curl_http2_add_child(struct Curl_easy *parent,
+ struct Curl_easy *child,
+ bool exclusive);
+void Curl_http2_remove_child(struct Curl_easy *parent,
+ struct Curl_easy *child);
+void Curl_http2_cleanup_dependencies(struct Curl_easy *data);
#else /* USE_NGHTTP2 */
-#define Curl_http2_request(x,y) CURLE_OK
+#define Curl_http2_init(x) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_send_request(x) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_request_upgrade(x,y) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_setup(x) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_switched(x,y,z) CURLE_UNSUPPORTED_PROTOCOL
+#define Curl_http2_setup_conn(x)
+#define Curl_http2_setup_req(x)
+#define Curl_http2_init_state(x)
+#define Curl_http2_init_userset(x)
+#define Curl_http2_done(x,y)
+#define Curl_http2_done_sending(x)
+#define Curl_http2_add_child(x, y, z)
+#define Curl_http2_remove_child(x, y)
+#define Curl_http2_cleanup_dependencies(x)
#endif
#endif /* HEADER_CURL_HTTP2_H */
diff --git a/libs/libcurl/src/http_chunks.c b/libs/libcurl/src/http_chunks.c
index e9fddf5889..1616429693 100644
--- a/libs/libcurl/src/http_chunks.c
+++ b/libs/libcurl/src/http_chunks.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -29,13 +29,12 @@
#include "content_encoding.h"
#include "http.h"
-#include "curl_memory.h"
#include "non-ascii.h" /* for Curl_convert_to_network prototype */
+#include "strtoofft.h"
+#include "warnless.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last #include files should be: */
+#include "curl_memory.h"
#include "memdebug.h"
/*
@@ -81,14 +80,14 @@ static bool Curl_isxdigit(char digit)
{
return ( (digit >= 0x30 && digit <= 0x39) /* 0-9 */
|| (digit >= 0x41 && digit <= 0x46) /* A-F */
- || (digit >= 0x61 && digit <= 0x66) /* a-f */ ) ? TRUE : FALSE;
+ || (digit >= 0x61 && digit <= 0x66) /* a-f */) ? TRUE : FALSE;
}
void Curl_httpchunk_init(struct connectdata *conn)
{
struct Curl_chunker *chunk = &conn->chunk;
- chunk->hexindex=0; /* start at 0 */
- chunk->dataleft=0; /* no data left yet! */
+ chunk->hexindex = 0; /* start at 0 */
+ chunk->dataleft = 0; /* no data left yet! */
chunk->state = CHUNK_HEX; /* we get hex first! */
}
@@ -108,12 +107,12 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
ssize_t datalen,
ssize_t *wrotep)
{
- CURLcode result=CURLE_OK;
- struct SessionHandle *data = conn->data;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
struct Curl_chunker *ch = &conn->chunk;
struct SingleRequest *k = &data->req;
size_t piece;
- size_t length = (size_t)datalen;
+ curl_off_t length = (curl_off_t)datalen;
size_t *wrote = (size_t *)wrotep;
*wrote = 0; /* nothing's written yet */
@@ -141,13 +140,14 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
}
}
else {
- if(0 == ch->hexindex) {
+ char *endptr;
+ if(0 == ch->hexindex)
/* This is illegal data, we received junk where we expected
a hexadecimal digit. */
return CHUNKE_ILLEGAL_HEX;
- }
+
/* length and datap are unmodified */
- ch->hexbuffer[ch->hexindex]=0;
+ ch->hexbuffer[ch->hexindex] = 0;
/* convert to host encoding before calling strtoul */
result = Curl_convert_from_network(conn->data, ch->hexbuffer,
@@ -155,141 +155,79 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
if(result) {
/* Curl_convert_from_network calls failf if unsuccessful */
/* Treat it as a bad hex character */
- return(CHUNKE_ILLEGAL_HEX);
+ return CHUNKE_ILLEGAL_HEX;
}
- ch->datasize=strtoul(ch->hexbuffer, NULL, 16);
- ch->state = CHUNK_POSTHEX;
+ if(curlx_strtoofft(ch->hexbuffer, &endptr, 16, &ch->datasize))
+ return CHUNKE_ILLEGAL_HEX;
+ ch->state = CHUNK_LF; /* now wait for the CRLF */
}
break;
- case CHUNK_POSTHEX:
- /* In this state, we're waiting for CRLF to arrive. We support
- this to allow so called chunk-extensions to show up here
- before the CRLF comes. */
- if(*datap == 0x0d)
- ch->state = CHUNK_CR;
- length--;
- datap++;
- break;
-
- case CHUNK_CR:
- /* waiting for the LF */
+ case CHUNK_LF:
+ /* waiting for the LF after a chunk size */
if(*datap == 0x0a) {
/* we're now expecting data to come, unless size was zero! */
if(0 == ch->datasize) {
ch->state = CHUNK_TRAILER; /* now check for trailers */
- conn->trlPos=0;
+ conn->trlPos = 0;
}
- else {
+ else
ch->state = CHUNK_DATA;
- }
}
- else
- /* previously we got a fake CR, go back to CR waiting! */
- ch->state = CHUNK_CR;
+
datap++;
length--;
break;
case CHUNK_DATA:
- /* we get pure and fine data
-
- We expect another 'datasize' of data. We have 'length' right now,
- it can be more or less than 'datasize'. Get the smallest piece.
+ /* We expect 'datasize' of data. We have 'length' right now, it can be
+ more or less than 'datasize'. Get the smallest piece.
*/
- piece = (ch->datasize >= length)?length:ch->datasize;
+ piece = curlx_sotouz((ch->datasize >= length)?length:ch->datasize);
/* Write the data portion available */
-#ifdef HAVE_LIBZ
- switch (conn->data->set.http_ce_skip?
- IDENTITY : data->req.auto_decoding) {
- case IDENTITY:
-#endif
- if(!k->ignorebody) {
- if(!data->set.http_te_skip)
- result = Curl_client_write(conn, CLIENTWRITE_BODY, datap,
- piece);
- else
- result = CURLE_OK;
- }
-#ifdef HAVE_LIBZ
- break;
-
- case DEFLATE:
- /* update data->req.keep.str to point to the chunk data. */
- data->req.str = datap;
- result = Curl_unencode_deflate_write(conn, &data->req,
- (ssize_t)piece);
- break;
-
- case GZIP:
- /* update data->req.keep.str to point to the chunk data. */
- data->req.str = datap;
- result = Curl_unencode_gzip_write(conn, &data->req,
- (ssize_t)piece);
- break;
-
- case COMPRESS:
- default:
- failf (conn->data,
- "Unrecognized content encoding type. "
- "libcurl understands `identity', `deflate' and `gzip' "
- "content encodings.");
- return CHUNKE_BAD_ENCODING;
+ if(conn->data->set.http_ce_skip || !k->writer_stack) {
+ if(!k->ignorebody)
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, datap, piece);
}
-#endif
+ else
+ result = Curl_unencode_write(conn, k->writer_stack, datap, piece);
if(result)
return CHUNKE_WRITE_ERROR;
*wrote += piece;
-
ch->datasize -= piece; /* decrease amount left to expect */
datap += piece; /* move read pointer forward */
length -= piece; /* decrease space left in this round */
if(0 == ch->datasize)
/* end of data this round, we now expect a trailing CRLF */
- ch->state = CHUNK_POSTCR;
- break;
-
- case CHUNK_POSTCR:
- if(*datap == 0x0d) {
ch->state = CHUNK_POSTLF;
- datap++;
- length--;
- }
- else
- return CHUNKE_BAD_CHUNK;
-
break;
case CHUNK_POSTLF:
if(*datap == 0x0a) {
- /*
- * The last one before we go back to hex state and start all
- * over.
- */
- Curl_httpchunk_init(conn);
- datap++;
- length--;
+ /* The last one before we go back to hex state and start all over. */
+ Curl_httpchunk_init(conn); /* sets state back to CHUNK_HEX */
}
- else
+ else if(*datap != 0x0d)
return CHUNKE_BAD_CHUNK;
-
+ datap++;
+ length--;
break;
case CHUNK_TRAILER:
- if(*datap == 0x0d) {
+ if((*datap == 0x0d) || (*datap == 0x0a)) {
/* this is the end of a trailer, but if the trailer was zero bytes
there was no trailer and we move on */
if(conn->trlPos) {
/* we allocate trailer with 3 bytes extra room to fit this */
- conn->trailer[conn->trlPos++]=0x0d;
- conn->trailer[conn->trlPos++]=0x0a;
- conn->trailer[conn->trlPos]=0;
+ conn->trailer[conn->trlPos++] = 0x0d;
+ conn->trailer[conn->trlPos++] = 0x0a;
+ conn->trailer[conn->trlPos] = 0;
/* Convert to host encoding before calling Curl_client_write */
result = Curl_convert_from_network(conn->data, conn->trailer,
@@ -305,8 +243,11 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
if(result)
return CHUNKE_WRITE_ERROR;
}
- conn->trlPos=0;
+ conn->trlPos = 0;
ch->state = CHUNK_TRAILER_CR;
+ if(*datap == 0x0a)
+ /* already on the LF */
+ break;
}
else {
/* no trailer, we're on the final CRLF pair */
@@ -326,7 +267,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
ptr = realloc(conn->trailer, conn->trlMax + 3);
}
else {
- conn->trlMax=128;
+ conn->trlMax = 128;
ptr = malloc(conn->trlMax + 3);
}
if(!ptr)
@@ -352,27 +293,18 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
case CHUNK_TRAILER_POSTCR:
/* We enter this state when a CR should arrive so we expect to
have to first pass a CR before we wait for LF */
- if(*datap != 0x0d) {
+ if((*datap != 0x0d) && (*datap != 0x0a)) {
/* not a CR then it must be another header in the trailer */
ch->state = CHUNK_TRAILER;
break;
}
- datap++;
- length--;
- /* now wait for the final LF */
- ch->state = CHUNK_STOP;
- break;
-
- case CHUNK_STOPCR:
- /* Read the final CRLF that ends all chunk bodies */
-
if(*datap == 0x0d) {
- ch->state = CHUNK_STOP;
+ /* skip if CR */
datap++;
length--;
}
- else
- return CHUNKE_BAD_CHUNK;
+ /* now wait for the final LF */
+ ch->state = CHUNK_STOP;
break;
case CHUNK_STOP:
@@ -381,17 +313,35 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
/* Record the length of any data left in the end of the buffer
even if there's no more chunks to read */
+ ch->dataleft = curlx_sotouz(length);
- ch->dataleft = length;
return CHUNKE_STOP; /* return stop */
}
else
return CHUNKE_BAD_CHUNK;
-
- default:
- return CHUNKE_STATE_ERROR;
}
}
return CHUNKE_OK;
}
+
+const char *Curl_chunked_strerror(CHUNKcode code)
+{
+ switch(code) {
+ default:
+ return "OK";
+ case CHUNKE_TOO_LONG_HEX:
+ return "Too long hexadecimal number";
+ case CHUNKE_ILLEGAL_HEX:
+ return "Illegal or missing hexadecimal sequence";
+ case CHUNKE_BAD_CHUNK:
+ return "Malformed encoding found";
+ case CHUNKE_WRITE_ERROR:
+ return "Write error";
+ case CHUNKE_BAD_ENCODING:
+ return "Bad content-encoding found";
+ case CHUNKE_OUT_OF_MEMORY:
+ return "Out of memory";
+ }
+}
+
#endif /* CURL_DISABLE_HTTP */
diff --git a/libs/libcurl/src/http_chunks.h b/libs/libcurl/src/http_chunks.h
index b999ab53b8..3a8b4ddf37 100644
--- a/libs/libcurl/src/http_chunks.h
+++ b/libs/libcurl/src/http_chunks.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -29,40 +29,25 @@
#define MAXNUM_SIZE 16
typedef enum {
- CHUNK_FIRST, /* never use */
-
- /* In this we await and buffer all hexadecimal digits until we get one
- that isn't a hexadecimal digit. When done, we go POSTHEX */
+ /* await and buffer all hexadecimal digits until we get one that isn't a
+ hexadecimal digit. When done, we go CHUNK_LF */
CHUNK_HEX,
- /* We have received the hexadecimal digit and we eat all characters until
- we get a CRLF pair. When we see a CR we go to the CR state. */
- CHUNK_POSTHEX,
-
- /* A single CR has been found and we should get a LF right away in this
- state or we go back to POSTHEX. When LF is received, we go to DATA.
- If the size given was zero, we set state to STOP and return. */
- CHUNK_CR,
+ /* wait for LF, ignore all else */
+ CHUNK_LF,
/* We eat the amount of data specified. When done, we move on to the
POST_CR state. */
CHUNK_DATA,
- /* POSTCR should get a CR and nothing else, then move to POSTLF */
- CHUNK_POSTCR,
-
- /* POSTLF should get a LF and nothing else, then move back to HEX as the
- CRLF combination marks the end of a chunk */
+ /* POSTLF should get a CR and then a LF and nothing else, then move back to
+ HEX as the CRLF combination marks the end of a chunk. A missing CR is no
+ big deal. */
CHUNK_POSTLF,
- /* Each Chunk body should end with a CRLF. Read a CR and nothing else,
- then move to CHUNK_STOP */
- CHUNK_STOPCR,
-
- /* This is mainly used to really mark that we're out of the game.
- NOTE: that there's a 'dataleft' field in the struct that will tell how
- many bytes that were not passed to the client in the end of the last
- buffer! */
+ /* Used to mark that we're out of the game. NOTE: that there's a 'dataleft'
+ field in the struct that will tell how many bytes that were not passed to
+ the client in the end of the last buffer! */
CHUNK_STOP,
/* At this point optional trailer headers can be found, unless the next line
@@ -77,10 +62,7 @@ typedef enum {
signalled If this is an empty trailer CHUNKE_STOP will be signalled.
Otherwise the trailer will be broadcasted via Curl_client_write() and the
next state will be CHUNK_TRAILER */
- CHUNK_TRAILER_POSTCR,
-
- CHUNK_LAST /* never use */
-
+ CHUNK_TRAILER_POSTCR
} ChunkyState;
typedef enum {
@@ -90,17 +72,18 @@ typedef enum {
CHUNKE_ILLEGAL_HEX,
CHUNKE_BAD_CHUNK,
CHUNKE_WRITE_ERROR,
- CHUNKE_STATE_ERROR,
CHUNKE_BAD_ENCODING,
CHUNKE_OUT_OF_MEMORY,
CHUNKE_LAST
} CHUNKcode;
+const char *Curl_chunked_strerror(CHUNKcode code);
+
struct Curl_chunker {
char hexbuffer[ MAXNUM_SIZE + 1];
int hexindex;
ChunkyState state;
- size_t datasize;
+ curl_off_t datasize;
size_t dataleft; /* untouched data amount at the end of the last buffer */
};
diff --git a/libs/libcurl/src/http_digest.c b/libs/libcurl/src/http_digest.c
index f50f8033f9..e2d865b0af 100644
--- a/libs/libcurl/src/http_digest.c
+++ b/libs/libcurl/src/http_digest.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,95 +25,14 @@
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
#include "urldata.h"
-#include "rawstr.h"
-#include "curl_base64.h"
-#include "curl_md5.h"
+#include "strcase.h"
+#include "vauth/vauth.h"
#include "http_digest.h"
-#include "strtok.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-#include "sslgen.h" /* for Curl_rand() */
-#include "non-ascii.h" /* included for Curl_convert_... prototypes */
-#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
#include "memdebug.h"
-#define MAX_VALUE_LENGTH 256
-#define MAX_CONTENT_LENGTH 1024
-
-static void digest_cleanup_one(struct digestdata *dig);
-
-/*
- * Return 0 on success and then the buffers are filled in fine.
- *
- * Non-zero means failure to parse.
- */
-static int get_pair(const char *str, char *value, char *content,
- const char **endptr)
-{
- int c;
- bool starts_with_quote = FALSE;
- bool escape = FALSE;
-
- for(c=MAX_VALUE_LENGTH-1; (*str && (*str != '=') && c--); )
- *value++ = *str++;
- *value=0;
-
- if('=' != *str++)
- /* eek, no match */
- return 1;
-
- if('\"' == *str) {
- /* this starts with a quote so it must end with one as well! */
- str++;
- starts_with_quote = TRUE;
- }
-
- for(c=MAX_CONTENT_LENGTH-1; *str && c--; str++) {
- switch(*str) {
- case '\\':
- if(!escape) {
- /* possibly the start of an escaped quote */
- escape = TRUE;
- *content++ = '\\'; /* even though this is an escape character, we still
- store it as-is in the target buffer */
- continue;
- }
- break;
- case ',':
- if(!starts_with_quote) {
- /* this signals the end of the content if we didn't get a starting
- quote and then we do "sloppy" parsing */
- c=0; /* the end */
- continue;
- }
- break;
- case '\r':
- case '\n':
- /* end of string */
- c=0;
- continue;
- case '\"':
- if(!escape && starts_with_quote) {
- /* end of string */
- c=0;
- continue;
- }
- break;
- }
- escape = FALSE;
- *content++ = *str;
- }
- *content=0;
-
- *endptr = str;
-
- return 0; /* all is fine! */
-}
-
/* Test example headers:
WWW-Authenticate: Digest realm="testrealm", nonce="1053604598"
@@ -121,181 +40,31 @@ Proxy-Authenticate: Digest realm="testrealm", nonce="1053604598"
*/
-CURLdigest Curl_input_digest(struct connectdata *conn,
- bool proxy,
- const char *header) /* rest of the *-authenticate:
- header */
+CURLcode Curl_input_digest(struct connectdata *conn,
+ bool proxy,
+ const char *header) /* rest of the *-authenticate:
+ header */
{
- char *token = NULL;
- char *tmp = NULL;
- bool foundAuth = FALSE;
- bool foundAuthInt = FALSE;
- struct SessionHandle *data=conn->data;
- bool before = FALSE; /* got a nonce before */
- struct digestdata *d;
+ struct Curl_easy *data = conn->data;
+
+ /* Point to the correct struct with this */
+ struct digestdata *digest;
if(proxy) {
- d = &data->state.proxydigest;
+ digest = &data->state.proxydigest;
}
else {
- d = &data->state.digest;
+ digest = &data->state.digest;
}
- /* skip initial whitespaces */
+ if(!checkprefix("Digest", header))
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ header += strlen("Digest");
while(*header && ISSPACE(*header))
header++;
- if(checkprefix("Digest", header)) {
- header += strlen("Digest");
-
- /* If we already have received a nonce, keep that in mind */
- if(d->nonce)
- before = TRUE;
-
- /* clear off any former leftovers and init to defaults */
- digest_cleanup_one(d);
-
- for(;;) {
- char value[MAX_VALUE_LENGTH];
- char content[MAX_CONTENT_LENGTH];
-
- while(*header && ISSPACE(*header))
- header++;
-
- /* extract a value=content pair */
- if(!get_pair(header, value, content, &header)) {
- if(Curl_raw_equal(value, "nonce")) {
- d->nonce = strdup(content);
- if(!d->nonce)
- return CURLDIGEST_NOMEM;
- }
- else if(Curl_raw_equal(value, "stale")) {
- if(Curl_raw_equal(content, "true")) {
- d->stale = TRUE;
- d->nc = 1; /* we make a new nonce now */
- }
- }
- else if(Curl_raw_equal(value, "realm")) {
- d->realm = strdup(content);
- if(!d->realm)
- return CURLDIGEST_NOMEM;
- }
- else if(Curl_raw_equal(value, "opaque")) {
- d->opaque = strdup(content);
- if(!d->opaque)
- return CURLDIGEST_NOMEM;
- }
- else if(Curl_raw_equal(value, "qop")) {
- char *tok_buf;
- /* tokenize the list and choose auth if possible, use a temporary
- clone of the buffer since strtok_r() ruins it */
- tmp = strdup(content);
- if(!tmp)
- return CURLDIGEST_NOMEM;
- token = strtok_r(tmp, ",", &tok_buf);
- while(token != NULL) {
- if(Curl_raw_equal(token, "auth")) {
- foundAuth = TRUE;
- }
- else if(Curl_raw_equal(token, "auth-int")) {
- foundAuthInt = TRUE;
- }
- token = strtok_r(NULL, ",", &tok_buf);
- }
- free(tmp);
- /*select only auth o auth-int. Otherwise, ignore*/
- if(foundAuth) {
- d->qop = strdup("auth");
- if(!d->qop)
- return CURLDIGEST_NOMEM;
- }
- else if(foundAuthInt) {
- d->qop = strdup("auth-int");
- if(!d->qop)
- return CURLDIGEST_NOMEM;
- }
- }
- else if(Curl_raw_equal(value, "algorithm")) {
- d->algorithm = strdup(content);
- if(!d->algorithm)
- return CURLDIGEST_NOMEM;
- if(Curl_raw_equal(content, "MD5-sess"))
- d->algo = CURLDIGESTALGO_MD5SESS;
- else if(Curl_raw_equal(content, "MD5"))
- d->algo = CURLDIGESTALGO_MD5;
- else
- return CURLDIGEST_BADALGO;
- }
- else {
- /* unknown specifier, ignore it! */
- }
- }
- else
- break; /* we're done here */
-
- /* pass all additional spaces here */
- while(*header && ISSPACE(*header))
- header++;
- if(',' == *header)
- /* allow the list to be comma-separated */
- header++;
- }
- /* We had a nonce since before, and we got another one now without
- 'stale=true'. This means we provided bad credentials in the previous
- request */
- if(before && !d->stale)
- return CURLDIGEST_BAD;
-
- /* We got this header without a nonce, that's a bad Digest line! */
- if(!d->nonce)
- return CURLDIGEST_BAD;
- }
- else
- /* else not a digest, get out */
- return CURLDIGEST_NONE;
-
- return CURLDIGEST_FINE;
-}
-
-/* convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string*/
-static void md5_to_ascii(unsigned char *source, /* 16 bytes */
- unsigned char *dest) /* 33 bytes */
-{
- int i;
- for(i=0; i<16; i++)
- snprintf((char *)&dest[i*2], 3, "%02x", source[i]);
-}
-
-/* Perform quoted-string escaping as described in RFC2616 and its errata */
-static char *string_quoted(const char *source)
-{
- char *dest, *d;
- const char *s = source;
- size_t n = 1; /* null terminator */
-
- /* Calculate size needed */
- while(*s) {
- ++n;
- if(*s == '"' || *s == '\\') {
- ++n;
- }
- ++s;
- }
-
- dest = malloc(n);
- if(dest) {
- s = source;
- d = dest;
- while(*s) {
- if(*s == '"' || *s == '\\') {
- *d++ = '\\';
- }
- *d++ = *s++;
- }
- *d = 0;
- }
-
- return dest;
+ return Curl_auth_decode_digest_http_message(header, digest);
}
CURLcode Curl_output_digest(struct connectdata *conn,
@@ -303,48 +72,35 @@ CURLcode Curl_output_digest(struct connectdata *conn,
const unsigned char *request,
const unsigned char *uripath)
{
- /* We have a Digest setup for this, use it! Now, to get all the details for
- this sorted out, I must urge you dear friend to read up on the RFC2617
- section 3.2.2, */
- unsigned char md5buf[16]; /* 16 bytes/128 bits */
- unsigned char request_digest[33];
- unsigned char *md5this;
- unsigned char ha1[33];/* 32 digits and 1 zero byte */
- unsigned char ha2[33];/* 32 digits and 1 zero byte */
- char cnoncebuf[33];
- char *cnonce = NULL;
- size_t cnonce_sz = 0;
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
+ unsigned char *path = NULL;
char *tmp = NULL;
+ char *response;
+ size_t len;
+ bool have_chlg;
+
+ /* Point to the address of the pointer that holds the string to send to the
+ server, which is for a plain host or for a HTTP proxy */
char **allocuserpwd;
- size_t userlen;
+
+ /* Point to the name and password for this */
const char *userp;
- char *userp_quoted;
const char *passwdp;
- struct auth *authp;
- struct SessionHandle *data = conn->data;
- struct digestdata *d;
- CURLcode rc;
-/* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines.
- It converts digest text to ASCII so the MD5 will be correct for
- what ultimately goes over the network.
-*/
-#define CURL_OUTPUT_DIGEST_CONV(a, b) \
- rc = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
- if(rc != CURLE_OK) { \
- free(b); \
- return rc; \
- }
+ /* Point to the correct struct with this */
+ struct digestdata *digest;
+ struct auth *authp;
if(proxy) {
- d = &data->state.proxydigest;
+ digest = &data->state.proxydigest;
allocuserpwd = &conn->allocptr.proxyuserpwd;
- userp = conn->proxyuser;
- passwdp = conn->proxypasswd;
+ userp = conn->http_proxy.user;
+ passwdp = conn->http_proxy.passwd;
authp = &data->state.authproxy;
}
else {
- d = &data->state.digest;
+ digest = &data->state.digest;
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
passwdp = conn->passwd;
@@ -355,78 +111,21 @@ CURLcode Curl_output_digest(struct connectdata *conn,
/* not set means empty */
if(!userp)
- userp="";
+ userp = "";
if(!passwdp)
- passwdp="";
+ passwdp = "";
- if(!d->nonce) {
+#if defined(USE_WINDOWS_SSPI)
+ have_chlg = digest->input_token ? TRUE : FALSE;
+#else
+ have_chlg = digest->nonce ? TRUE : FALSE;
+#endif
+
+ if(!have_chlg) {
authp->done = FALSE;
return CURLE_OK;
}
- authp->done = TRUE;
-
- if(!d->nc)
- d->nc = 1;
-
- if(!d->cnonce) {
- struct timeval now = Curl_tvnow();
- snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x",
- Curl_rand(data), Curl_rand(data),
- (unsigned int)now.tv_sec,
- (unsigned int)now.tv_usec);
-
- rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
- &cnonce, &cnonce_sz);
- if(rc)
- return rc;
- d->cnonce = cnonce;
- }
-
- /*
- if the algorithm is "MD5" or unspecified (which then defaults to MD5):
-
- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
-
- if the algorithm is "MD5-sess" then:
-
- A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd )
- ":" unq(nonce-value) ":" unq(cnonce-value)
- */
-
- md5this = (unsigned char *)
- aprintf("%s:%s:%s", userp, d->realm, passwdp);
- if(!md5this)
- return CURLE_OUT_OF_MEMORY;
-
- CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, md5this);
- Curl_safefree(md5this);
- md5_to_ascii(md5buf, ha1);
-
- if(d->algo == CURLDIGESTALGO_MD5SESS) {
- /* nonce and cnonce are OUTSIDE the hash */
- tmp = aprintf("%s:%s:%s", ha1, d->nonce, d->cnonce);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, (unsigned char *)tmp);
- Curl_safefree(tmp);
- md5_to_ascii(md5buf, ha1);
- }
-
- /*
- If the "qop" directive's value is "auth" or is unspecified, then A2 is:
-
- A2 = Method ":" digest-uri-value
-
- If the "qop" value is "auth-int", then A2 is:
-
- A2 = Method ":" digest-uri-value ":" H(entity-body)
-
- (The "Method" value is the HTTP request method as specified in section
- 5.1.1 of RFC 2616)
- */
/* So IE browsers < v7 cut off the URI part at the query part when they
evaluate the MD5 and some (IIS?) servers work with them so we may need to
@@ -435,170 +134,47 @@ CURLcode Curl_output_digest(struct connectdata *conn,
Apache servers can be set to do the Digest IE-style automatically using
the BrowserMatch feature:
- http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
+ https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#msie
Further details on Digest implementation differences:
http://www.fngtps.com/2006/09/http-authentication
*/
- if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL)) {
- md5this = (unsigned char *)aprintf("%s:%.*s", request,
- curlx_sztosi(tmp - (char *)uripath),
- uripath);
- }
- else
- md5this = (unsigned char *)aprintf("%s:%s", request, uripath);
-
- if(d->qop && Curl_raw_equal(d->qop, "auth-int")) {
- /* We don't support auth-int for PUT or POST at the moment.
- TODO: replace md5 of empty string with entity-body for PUT/POST */
- unsigned char *md5this2 = (unsigned char *)
- aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e");
- Curl_safefree(md5this);
- md5this = md5this2;
- }
- if(!md5this)
- return CURLE_OUT_OF_MEMORY;
-
- CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, md5this);
- Curl_safefree(md5this);
- md5_to_ascii(md5buf, ha2);
-
- if(d->qop) {
- md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s",
- ha1,
- d->nonce,
- d->nc,
- d->cnonce,
- d->qop,
- ha2);
- }
- else {
- md5this = (unsigned char *)aprintf("%s:%s:%s",
- ha1,
- d->nonce,
- ha2);
+ if(authp->iestyle) {
+ tmp = strchr((char *)uripath, '?');
+ if(tmp) {
+ size_t urilen = tmp - (char *)uripath;
+ path = (unsigned char *) aprintf("%.*s", urilen, uripath);
+ }
}
- if(!md5this)
- return CURLE_OUT_OF_MEMORY;
-
- CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
- Curl_md5it(md5buf, md5this);
- Curl_safefree(md5this);
- md5_to_ascii(md5buf, request_digest);
-
- /* for test case 64 (snooped from a Mozilla 1.3a request)
-
- Authorization: Digest username="testuser", realm="testrealm", \
- nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
+ if(!tmp)
+ path = (unsigned char *) strdup((char *) uripath);
- Digest parameters are all quoted strings. Username which is provided by
- the user will need double quotes and backslashes within it escaped. For
- the other fields, this shouldn't be an issue. realm, nonce, and opaque
- are copied as is from the server, escapes and all. cnonce is generated
- with web-safe characters. uri is already percent encoded. nc is 8 hex
- characters. algorithm and qop with standard values only contain web-safe
- chracters.
- */
- userp_quoted = string_quoted(userp);
- if(!userp_quoted)
+ if(!path)
return CURLE_OUT_OF_MEMORY;
- if(d->qop) {
- *allocuserpwd =
- aprintf( "%sAuthorization: Digest "
- "username=\"%s\", "
- "realm=\"%s\", "
- "nonce=\"%s\", "
- "uri=\"%s\", "
- "cnonce=\"%s\", "
- "nc=%08x, "
- "qop=%s, "
- "response=\"%s\"",
- proxy?"Proxy-":"",
- userp_quoted,
- d->realm,
- d->nonce,
- uripath, /* this is the PATH part of the URL */
- d->cnonce,
- d->nc,
- d->qop,
- request_digest);
-
- if(Curl_raw_equal(d->qop, "auth"))
- d->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0 padded
- which tells to the server how many times you are using the
- same nonce in the qop=auth mode. */
- }
- else {
- *allocuserpwd =
- aprintf( "%sAuthorization: Digest "
- "username=\"%s\", "
- "realm=\"%s\", "
- "nonce=\"%s\", "
- "uri=\"%s\", "
- "response=\"%s\"",
- proxy?"Proxy-":"",
- userp_quoted,
- d->realm,
- d->nonce,
- uripath, /* this is the PATH part of the URL */
- request_digest);
- }
- Curl_safefree(userp_quoted);
+ result = Curl_auth_create_digest_http_message(data, userp, passwdp, request,
+ path, digest, &response, &len);
+ free(path);
+ if(result)
+ return result;
+
+ *allocuserpwd = aprintf("%sAuthorization: Digest %s\r\n",
+ proxy ? "Proxy-" : "",
+ response);
+ free(response);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
- /* Add optional fields */
- if(d->opaque) {
- /* append opaque */
- tmp = aprintf("%s, opaque=\"%s\"", *allocuserpwd, d->opaque);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- free(*allocuserpwd);
- *allocuserpwd = tmp;
- }
-
- if(d->algorithm) {
- /* append algorithm */
- tmp = aprintf("%s, algorithm=\"%s\"", *allocuserpwd, d->algorithm);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- free(*allocuserpwd);
- *allocuserpwd = tmp;
- }
-
- /* append CRLF + zero (3 bytes) to the userpwd header */
- userlen = strlen(*allocuserpwd);
- tmp = realloc(*allocuserpwd, userlen + 3);
- if(!tmp)
- return CURLE_OUT_OF_MEMORY;
- strcpy(&tmp[userlen], "\r\n"); /* append the data */
- *allocuserpwd = tmp;
+ authp->done = TRUE;
return CURLE_OK;
}
-static void digest_cleanup_one(struct digestdata *d)
-{
- Curl_safefree(d->nonce);
- Curl_safefree(d->cnonce);
- Curl_safefree(d->realm);
- Curl_safefree(d->opaque);
- Curl_safefree(d->qop);
- Curl_safefree(d->algorithm);
-
- d->nc = 0;
- d->algo = CURLDIGESTALGO_MD5; /* default algorithm */
- d->stale = FALSE; /* default means normal, not stale */
-}
-
-
-void Curl_digest_cleanup(struct SessionHandle *data)
+void Curl_digest_cleanup(struct Curl_easy *data)
{
- digest_cleanup_one(&data->state.digest);
- digest_cleanup_one(&data->state.proxydigest);
+ Curl_auth_digest_cleanup(&data->state.digest);
+ Curl_auth_digest_cleanup(&data->state.proxydigest);
}
#endif
diff --git a/libs/libcurl/src/http_digest.h b/libs/libcurl/src/http_digest.h
index c6a4e91610..fd225c7c1b 100644
--- a/libs/libcurl/src/http_digest.h
+++ b/libs/libcurl/src/http_digest.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,24 +23,9 @@
***************************************************************************/
#include "curl_setup.h"
-typedef enum {
- CURLDIGEST_NONE, /* not a digest */
- CURLDIGEST_BAD, /* a digest, but one we don't like */
- CURLDIGEST_BADALGO, /* unsupported algorithm requested */
- CURLDIGEST_NOMEM,
- CURLDIGEST_FINE, /* a digest we act on */
-
- CURLDIGEST_LAST /* last entry in this enum, don't use */
-} CURLdigest;
-
-enum {
- CURLDIGESTALGO_MD5,
- CURLDIGESTALGO_MD5SESS
-};
-
/* this is for digest header input */
-CURLdigest Curl_input_digest(struct connectdata *conn,
- bool proxy, const char *header);
+CURLcode Curl_input_digest(struct connectdata *conn,
+ bool proxy, const char *header);
/* this is for creating digest header output */
CURLcode Curl_output_digest(struct connectdata *conn,
@@ -49,7 +34,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
const unsigned char *uripath);
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
-void Curl_digest_cleanup(struct SessionHandle *data);
+void Curl_digest_cleanup(struct Curl_easy *data);
#else
#define Curl_digest_cleanup(x) Curl_nop_stmt
#endif
diff --git a/libs/libcurl/src/http_negotiate.c b/libs/libcurl/src/http_negotiate.c
index 9b981b3327..51375e81d1 100644
--- a/libs/libcurl/src/http_negotiate.c
+++ b/libs/libcurl/src/http_negotiate.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,331 +22,99 @@
#include "curl_setup.h"
-#ifdef HAVE_GSSAPI
-#ifdef HAVE_OLD_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#define NCOMPAT 1
-#endif
-
-#ifndef CURL_DISABLE_HTTP
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
#include "urldata.h"
#include "sendf.h"
-#include "curl_gssapi.h"
-#include "rawstr.h"
-#include "curl_base64.h"
#include "http_negotiate.h"
-#include "curl_memory.h"
-#include "url.h"
-
-#ifdef HAVE_SPNEGO
-# include <spnegohelp.h>
-# ifdef USE_SSLEAY
-# ifdef USE_OPENSSL
-# include <openssl/objects.h>
-# else
-# include <objects.h>
-# endif
-# else
-# error "Can't compile SPNEGO support without OpenSSL."
-# endif
-#endif
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include "vauth/vauth.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
-static int
-get_gss_name(struct connectdata *conn, bool proxy, gss_name_t *server)
+CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
+ const char *header)
{
- struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
- &conn->data->state.negotiate;
- OM_uint32 major_status, minor_status;
- gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
- char name[2048];
- const char* service;
-
- /* GSSAPI implementation by Globus (known as GSI) requires the name to be
- of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash instead
- of at-sign). Also GSI servers are often identified as 'host' not 'khttp'.
- Change following lines if you want to use GSI */
-
- /* IIS uses the <service>@<fqdn> form but uses 'http' as the service name */
-
- if(neg_ctx->gss)
- service = "KHTTP";
- else
- service = "HTTP";
-
- token.length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
- conn->host.name) + 1;
- if(token.length + 1 > sizeof(name))
- return EMSGSIZE;
-
- snprintf(name, sizeof(name), "%s@%s", service, proxy ? conn->proxy.name :
- conn->host.name);
-
- token.value = (void *) name;
- major_status = gss_import_name(&minor_status,
- &token,
- GSS_C_NT_HOSTBASED_SERVICE,
- server);
-
- return GSS_ERROR(major_status) ? -1 : 0;
-}
-
-static void
-log_gss_error(struct connectdata *conn, OM_uint32 error_status,
- const char *prefix)
-{
- OM_uint32 maj_stat, min_stat;
- OM_uint32 msg_ctx = 0;
- gss_buffer_desc status_string;
- char buf[1024];
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
size_t len;
- snprintf(buf, sizeof(buf), "%s", prefix);
- len = strlen(buf);
- do {
- maj_stat = gss_display_status(&min_stat,
- error_status,
- GSS_C_MECH_CODE,
- GSS_C_NO_OID,
- &msg_ctx,
- &status_string);
- if(sizeof(buf) > len + status_string.length + 1) {
- snprintf(buf + len, sizeof(buf) - len,
- ": %s", (char*) status_string.value);
- len += status_string.length;
- }
- gss_release_buffer(&min_stat, &status_string);
- } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
+ /* Point to the username, password, service and host */
+ const char *userp;
+ const char *passwdp;
+ const char *service;
+ const char *host;
- infof(conn->data, "%s\n", buf);
-}
-
-/* returning zero (0) means success, everything else is treated as "failure"
- with no care exactly what the failure was */
-int Curl_input_negotiate(struct connectdata *conn, bool proxy,
- const char *header)
-{
- struct SessionHandle *data = conn->data;
- struct negotiatedata *neg_ctx = proxy?&data->state.proxyneg:
- &data->state.negotiate;
- OM_uint32 major_status, minor_status, discard_st;
- gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
- gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
- int ret;
- size_t len;
- size_t rawlen = 0;
- bool gss;
- const char* protocol;
- CURLcode error;
+ /* Point to the correct struct with this */
+ struct negotiatedata *neg_ctx;
- while(*header && ISSPACE(*header))
- header++;
- if(checkprefix("GSS-Negotiate", header)) {
- protocol = "GSS-Negotiate";
- gss = TRUE;
- }
- else if(checkprefix("Negotiate", header)) {
- protocol = "Negotiate";
- gss = FALSE;
- }
- else
- return -1;
-
- if(neg_ctx->context) {
- if(neg_ctx->gss != gss) {
- return -1;
- }
+ if(proxy) {
+ userp = conn->http_proxy.user;
+ passwdp = conn->http_proxy.passwd;
+ service = data->set.str[STRING_PROXY_SERVICE_NAME] ?
+ data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
+ host = conn->http_proxy.host.name;
+ neg_ctx = &data->state.proxyneg;
}
else {
- neg_ctx->protocol = protocol;
- neg_ctx->gss = gss;
+ userp = conn->user;
+ passwdp = conn->passwd;
+ service = data->set.str[STRING_SERVICE_NAME] ?
+ data->set.str[STRING_SERVICE_NAME] : "HTTP";
+ host = conn->host.name;
+ neg_ctx = &data->state.negotiate;
}
- if(neg_ctx->context && neg_ctx->status == GSS_S_COMPLETE) {
- /* We finished successfully our part of authentication, but server
- * rejected it (since we're again here). Exit with an error since we
- * can't invent anything better */
- Curl_cleanup_negotiate(data);
- return -1;
- }
+ /* Not set means empty */
+ if(!userp)
+ userp = "";
- if(neg_ctx->server_name == NULL &&
- (ret = get_gss_name(conn, proxy, &neg_ctx->server_name)))
- return ret;
+ if(!passwdp)
+ passwdp = "";
- header += strlen(neg_ctx->protocol);
+ /* Obtain the input token, if any */
+ header += strlen("Negotiate");
while(*header && ISSPACE(*header))
header++;
len = strlen(header);
- if(len > 0) {
- error = Curl_base64_decode(header,
- (unsigned char **)&input_token.value, &rawlen);
- if(error || rawlen == 0)
- return -1;
- input_token.length = rawlen;
-
- DEBUGASSERT(input_token.value != NULL);
-
-#ifdef HAVE_SPNEGO /* Handle SPNEGO */
- if(checkprefix("Negotiate", header)) {
- unsigned char *spnegoToken = NULL;
- size_t spnegoTokenLength = 0;
- gss_buffer_desc mechToken = GSS_C_EMPTY_BUFFER;
-
- spnegoToken = malloc(input_token.length);
- if(spnegoToken == NULL) {
- Curl_safefree(input_token.value);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(spnegoToken, input_token.value, input_token.length);
- spnegoTokenLength = input_token.length;
-
- if(!parseSpnegoTargetToken(spnegoToken,
- spnegoTokenLength,
- NULL,
- NULL,
- (unsigned char**)&mechToken.value,
- &mechToken.length,
- NULL,
- NULL)) {
- Curl_safefree(spnegoToken);
- infof(data, "Parse SPNEGO Target Token failed\n");
- }
- else if(!mechToken.value || !mechToken.length) {
- Curl_safefree(spnegoToken);
- if(mechToken.value)
- gss_release_buffer(&discard_st, &mechToken);
- infof(data, "Parse SPNEGO Target Token succeeded (NULL token)\n");
- }
- else {
- Curl_safefree(spnegoToken);
- Curl_safefree(input_token.value);
- input_token.value = malloc(mechToken.length);
- if(input_token.value == NULL) {
- gss_release_buffer(&discard_st, &mechToken);
- return CURLE_OUT_OF_MEMORY;
- }
- memcpy(input_token.value, mechToken.value, mechToken.length);
- input_token.length = mechToken.length;
- gss_release_buffer(&discard_st, &mechToken);
- infof(data, "Parse SPNEGO Target Token succeeded\n");
- }
+ if(!len) {
+ /* Is this the first call in a new negotiation? */
+ if(neg_ctx->context) {
+ /* The server rejected our authentication and hasn't suppled any more
+ negotiation mechanisms */
+ return CURLE_LOGIN_DENIED;
}
-#endif
}
- major_status = Curl_gss_init_sec_context(data,
- &minor_status,
- &neg_ctx->context,
- neg_ctx->server_name,
- GSS_C_NO_CHANNEL_BINDINGS,
- &input_token,
- &output_token,
- NULL);
- Curl_safefree(input_token.value);
-
- neg_ctx->status = major_status;
- if(GSS_ERROR(major_status)) {
- if(output_token.value)
- gss_release_buffer(&discard_st, &output_token);
- log_gss_error(conn, minor_status, "gss_init_sec_context() failed: ");
- return -1;
- }
+ /* Initilise the security context and decode our challenge */
+ result = Curl_auth_decode_spnego_message(data, userp, passwdp, service,
+ host, header, neg_ctx);
- if(!output_token.value || !output_token.length) {
- if(output_token.value)
- gss_release_buffer(&discard_st, &output_token);
- return -1;
- }
+ if(result)
+ Curl_auth_spnego_cleanup(neg_ctx);
- neg_ctx->output_token = output_token;
- return 0;
+ return result;
}
-
CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
{
- struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
+ struct negotiatedata *neg_ctx = proxy ? &conn->data->state.proxyneg :
&conn->data->state.negotiate;
- char *encoded = NULL;
+ char *base64 = NULL;
size_t len = 0;
char *userp;
- CURLcode error;
- OM_uint32 discard_st;
+ CURLcode result;
-#ifdef HAVE_SPNEGO /* Handle SPNEGO */
- if(checkprefix("Negotiate", neg_ctx->protocol)) {
- ASN1_OBJECT *object = NULL;
- unsigned char *responseToken = NULL;
- size_t responseTokenLength = 0;
- gss_buffer_desc spnegoToken = GSS_C_EMPTY_BUFFER;
+ result = Curl_auth_create_spnego_message(conn->data, neg_ctx, &base64, &len);
+ if(result)
+ return result;
- responseToken = malloc(neg_ctx->output_token.length);
- if(responseToken == NULL)
- return CURLE_OUT_OF_MEMORY;
- memcpy(responseToken, neg_ctx->output_token.value,
- neg_ctx->output_token.length);
- responseTokenLength = neg_ctx->output_token.length;
+ userp = aprintf("%sAuthorization: Negotiate %s\r\n", proxy ? "Proxy-" : "",
+ base64);
- object = OBJ_txt2obj("1.2.840.113554.1.2.2", 1);
- if(!object) {
- Curl_safefree(responseToken);
- return CURLE_OUT_OF_MEMORY;
- }
-
- if(!makeSpnegoInitialToken(object,
- responseToken,
- responseTokenLength,
- (unsigned char**)&spnegoToken.value,
- &spnegoToken.length)) {
- Curl_safefree(responseToken);
- ASN1_OBJECT_free(object);
- infof(conn->data, "Make SPNEGO Initial Token failed\n");
- }
- else if(!spnegoToken.value || !spnegoToken.length) {
- Curl_safefree(responseToken);
- ASN1_OBJECT_free(object);
- if(spnegoToken.value)
- gss_release_buffer(&discard_st, &spnegoToken);
- infof(conn->data, "Make SPNEGO Initial Token succeeded (NULL token)\n");
- }
- else {
- Curl_safefree(responseToken);
- ASN1_OBJECT_free(object);
- gss_release_buffer(&discard_st, &neg_ctx->output_token);
- neg_ctx->output_token.value = spnegoToken.value;
- neg_ctx->output_token.length = spnegoToken.length;
- infof(conn->data, "Make SPNEGO Initial Token succeeded\n");
- }
- }
-#endif
- error = Curl_base64_encode(conn->data,
- neg_ctx->output_token.value,
- neg_ctx->output_token.length,
- &encoded, &len);
- if(error) {
- gss_release_buffer(&discard_st, &neg_ctx->output_token);
- neg_ctx->output_token.value = NULL;
- neg_ctx->output_token.length = 0;
- return error;
- }
-
- if(!encoded || !len) {
- gss_release_buffer(&discard_st, &neg_ctx->output_token);
- neg_ctx->output_token.value = NULL;
- neg_ctx->output_token.length = 0;
- return CURLE_REMOTE_ACCESS_DENIED;
- }
-
- userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
- neg_ctx->protocol, encoded);
if(proxy) {
Curl_safefree(conn->allocptr.proxyuserpwd);
conn->allocptr.proxyuserpwd = userp;
@@ -356,33 +124,15 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
conn->allocptr.userpwd = userp;
}
- Curl_safefree(encoded);
- Curl_cleanup_negotiate(conn->data);
+ free(base64);
return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
}
-static void cleanup(struct negotiatedata *neg_ctx)
+void Curl_cleanup_negotiate(struct Curl_easy *data)
{
- OM_uint32 minor_status;
- if(neg_ctx->context != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&minor_status, &neg_ctx->context, GSS_C_NO_BUFFER);
-
- if(neg_ctx->output_token.value)
- gss_release_buffer(&minor_status, &neg_ctx->output_token);
-
- if(neg_ctx->server_name != GSS_C_NO_NAME)
- gss_release_name(&minor_status, &neg_ctx->server_name);
-
- memset(neg_ctx, 0, sizeof(*neg_ctx));
-}
-
-void Curl_cleanup_negotiate(struct SessionHandle *data)
-{
- cleanup(&data->state.negotiate);
- cleanup(&data->state.proxyneg);
+ Curl_auth_spnego_cleanup(&data->state.negotiate);
+ Curl_auth_spnego_cleanup(&data->state.proxyneg);
}
-
-#endif
-#endif
+#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
diff --git a/libs/libcurl/src/http_negotiate.h b/libs/libcurl/src/http_negotiate.h
index e584d76fcc..c64e548251 100644
--- a/libs/libcurl/src/http_negotiate.h
+++ b/libs/libcurl/src/http_negotiate.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,21 +22,17 @@
*
***************************************************************************/
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
/* this is for Negotiate header input */
-int Curl_input_negotiate(struct connectdata *conn, bool proxy,
- const char *header);
+CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
+ const char *header);
/* this is for creating Negotiate header output */
CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy);
-void Curl_cleanup_negotiate(struct SessionHandle *data);
+void Curl_cleanup_negotiate(struct Curl_easy *data);
-#ifdef USE_WINDOWS_SSPI
-#define GSS_ERROR(status) (status & 0x80000000)
-#endif
-
-#endif /* USE_HTTP_NEGOTIATE */
+#endif /* USE_SPNEGO */
#endif /* HEADER_CURL_HTTP_NEGOTIATE_H */
diff --git a/libs/libcurl/src/http_negotiate_sspi.c b/libs/libcurl/src/http_negotiate_sspi.c
deleted file mode 100644
index 997e161165..0000000000
--- a/libs/libcurl/src/http_negotiate_sspi.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_WINDOWS_SSPI
-
-#ifndef CURL_DISABLE_HTTP
-
-#include "urldata.h"
-#include "sendf.h"
-#include "rawstr.h"
-#include "warnless.h"
-#include "curl_base64.h"
-#include "http_negotiate.h"
-#include "curl_memory.h"
-#include "curl_multibyte.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-static int
-get_gss_name(struct connectdata *conn, bool proxy,
- struct negotiatedata *neg_ctx)
-{
- const char* service;
- size_t length;
-
- if(proxy && !conn->proxy.name)
- /* proxy auth requested but no given proxy name, error out! */
- return -1;
-
- /* GSSAPI implementation by Globus (known as GSI) requires the name to be
- of form "<service>/<fqdn>" instead of <service>@<fqdn> (ie. slash instead
- of at-sign). Also GSI servers are often identified as 'host' not 'khttp'.
- Change following lines if you want to use GSI */
-
- /* IIS uses the <service>@<fqdn> form but uses 'http' as the service name,
- and SSPI then generates an NTLM token. When using <service>/<fqdn> a
- Kerberos token is generated. */
-
- if(neg_ctx->gss)
- service = "KHTTP";
- else
- service = "HTTP";
-
- length = strlen(service) + 1 + strlen(proxy ? conn->proxy.name :
- conn->host.name) + 1;
- if(length + 1 > sizeof(neg_ctx->server_name))
- return EMSGSIZE;
-
- snprintf(neg_ctx->server_name, sizeof(neg_ctx->server_name), "%s/%s",
- service, proxy ? conn->proxy.name : conn->host.name);
-
- return 0;
-}
-
-/* returning zero (0) means success, everything else is treated as "failure"
- with no care exactly what the failure was */
-int Curl_input_negotiate(struct connectdata *conn, bool proxy,
- const char *header)
-{
- struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
- &conn->data->state.negotiate;
- BYTE *input_token = 0;
- SecBufferDesc out_buff_desc;
- SecBuffer out_sec_buff;
- SecBufferDesc in_buff_desc;
- SecBuffer in_sec_buff;
- unsigned long context_attributes;
- TimeStamp lifetime;
- wchar_t *sname;
- int ret;
- size_t len = 0, input_token_len = 0;
- bool gss = FALSE;
- const char* protocol;
- CURLcode error;
-
- while(*header && ISSPACE(*header))
- header++;
-
- if(checkprefix("GSS-Negotiate", header)) {
- protocol = "GSS-Negotiate";
- gss = TRUE;
- }
- else if(checkprefix("Negotiate", header)) {
- protocol = "Negotiate";
- gss = FALSE;
- }
- else
- return -1;
-
- if(neg_ctx->context) {
- if(neg_ctx->gss != gss) {
- return -1;
- }
- }
- else {
- neg_ctx->protocol = protocol;
- neg_ctx->gss = gss;
- }
-
- if(neg_ctx->context && neg_ctx->status == SEC_E_OK) {
- /* We finished successfully our part of authentication, but server
- * rejected it (since we're again here). Exit with an error since we
- * can't invent anything better */
- Curl_cleanup_negotiate(conn->data);
- return -1;
- }
-
- if(0 == strlen(neg_ctx->server_name)) {
- ret = get_gss_name(conn, proxy, neg_ctx);
- if(ret)
- return ret;
- }
-
- if(!neg_ctx->output_token) {
- PSecPkgInfo SecurityPackage;
- ret = s_pSecFn->QuerySecurityPackageInfo((wchar_t *) TEXT("Negotiate"),
- &SecurityPackage);
- if(ret != SEC_E_OK)
- return -1;
-
- /* Allocate input and output buffers according to the max token size
- as indicated by the security package */
- neg_ctx->max_token_length = SecurityPackage->cbMaxToken;
- neg_ctx->output_token = malloc(neg_ctx->max_token_length);
- s_pSecFn->FreeContextBuffer(SecurityPackage);
- }
-
- /* Obtain the input token, if any */
- header += strlen(neg_ctx->protocol);
- while(*header && ISSPACE(*header))
- header++;
-
- len = strlen(header);
- if(!len) {
- /* first call in a new negotation, we have to acquire credentials,
- and allocate memory for the context */
-
- neg_ctx->credentials = malloc(sizeof(CredHandle));
- neg_ctx->context = malloc(sizeof(CtxtHandle));
-
- if(!neg_ctx->credentials || !neg_ctx->context)
- return -1;
-
- neg_ctx->status =
- s_pSecFn->AcquireCredentialsHandle(NULL,
- (wchar_t *) TEXT("Negotiate"),
- SECPKG_CRED_OUTBOUND, NULL, NULL,
- NULL, NULL, neg_ctx->credentials,
- &lifetime);
- if(neg_ctx->status != SEC_E_OK)
- return -1;
- }
- else {
- input_token = malloc(neg_ctx->max_token_length);
- if(!input_token)
- return -1;
-
- error = Curl_base64_decode(header,
- (unsigned char **)&input_token,
- &input_token_len);
- if(error || input_token_len == 0)
- return -1;
- }
-
- /* prepare the output buffers, and input buffers if present */
- out_buff_desc.ulVersion = 0;
- out_buff_desc.cBuffers = 1;
- out_buff_desc.pBuffers = &out_sec_buff;
-
- out_sec_buff.cbBuffer = curlx_uztoul(neg_ctx->max_token_length);
- out_sec_buff.BufferType = SECBUFFER_TOKEN;
- out_sec_buff.pvBuffer = neg_ctx->output_token;
-
-
- if(input_token) {
- in_buff_desc.ulVersion = 0;
- in_buff_desc.cBuffers = 1;
- in_buff_desc.pBuffers = &in_sec_buff;
-
- in_sec_buff.cbBuffer = curlx_uztoul(input_token_len);
- in_sec_buff.BufferType = SECBUFFER_TOKEN;
- in_sec_buff.pvBuffer = input_token;
- }
-
- sname = Curl_convert_UTF8_to_tchar(neg_ctx->server_name);
- if(!sname)
- return CURLE_OUT_OF_MEMORY;
-
- neg_ctx->status = s_pSecFn->InitializeSecurityContext(
- neg_ctx->credentials,
- input_token ? neg_ctx->context : 0,
- sname,
- ISC_REQ_CONFIDENTIALITY,
- 0,
- SECURITY_NATIVE_DREP,
- input_token ? &in_buff_desc : 0,
- 0,
- neg_ctx->context,
- &out_buff_desc,
- &context_attributes,
- &lifetime);
-
- Curl_unicodefree(sname);
-
- if(GSS_ERROR(neg_ctx->status))
- return -1;
-
- if(neg_ctx->status == SEC_I_COMPLETE_NEEDED ||
- neg_ctx->status == SEC_I_COMPLETE_AND_CONTINUE) {
- neg_ctx->status = s_pSecFn->CompleteAuthToken(neg_ctx->context,
- &out_buff_desc);
- if(GSS_ERROR(neg_ctx->status))
- return -1;
- }
-
- neg_ctx->output_token_length = out_sec_buff.cbBuffer;
-
- return 0;
-}
-
-
-CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
-{
- struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
- &conn->data->state.negotiate;
- char *encoded = NULL;
- size_t len = 0;
- char *userp;
- CURLcode error;
-
- error = Curl_base64_encode(conn->data,
- (const char*)neg_ctx->output_token,
- neg_ctx->output_token_length,
- &encoded, &len);
- if(error)
- return error;
-
- if(len == 0)
- return CURLE_REMOTE_ACCESS_DENIED;
-
- userp = aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
- neg_ctx->protocol, encoded);
-
- if(proxy)
- conn->allocptr.proxyuserpwd = userp;
- else
- conn->allocptr.userpwd = userp;
- free(encoded);
- Curl_cleanup_negotiate (conn->data);
- return (userp == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
-}
-
-static void cleanup(struct negotiatedata *neg_ctx)
-{
- if(neg_ctx->context) {
- s_pSecFn->DeleteSecurityContext(neg_ctx->context);
- free(neg_ctx->context);
- neg_ctx->context = 0;
- }
-
- if(neg_ctx->credentials) {
- s_pSecFn->FreeCredentialsHandle(neg_ctx->credentials);
- free(neg_ctx->credentials);
- neg_ctx->credentials = 0;
- }
-
- if(neg_ctx->output_token) {
- free(neg_ctx->output_token);
- neg_ctx->output_token = 0;
- }
-
- neg_ctx->max_token_length = 0;
-}
-
-void Curl_cleanup_negotiate(struct SessionHandle *data)
-{
- cleanup(&data->state.negotiate);
- cleanup(&data->state.proxyneg);
-}
-
-
-#endif
-#endif
diff --git a/libs/libcurl/src/curl_ntlm.c b/libs/libcurl/src/http_ntlm.c
index 4d126a573e..0f1edcf65d 100644
--- a/libs/libcurl/src/curl_ntlm.c
+++ b/libs/libcurl/src/http_ntlm.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,36 +22,37 @@
#include "curl_setup.h"
-#ifdef USE_NTLM
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
/*
* NTLM details:
*
- * http://davenport.sourceforge.net/ntlm.html
- * http://www.innovation.ch/java/ntlm.html
+ * https://davenport.sourceforge.io/ntlm.html
+ * https://www.innovation.ch/java/ntlm.html
*/
#define DEBUG_ME 0
#include "urldata.h"
#include "sendf.h"
-#include "rawstr.h"
-#include "curl_ntlm.h"
-#include "curl_ntlm_msgs.h"
+#include "strcase.h"
+#include "http_ntlm.h"
+#include "curl_ntlm_core.h"
#include "curl_ntlm_wb.h"
+#include "vauth/vauth.h"
#include "url.h"
-#include "curl_memory.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-#if defined(USE_NSS)
-#include "nssg.h"
+/* SSL backend-specific #if branches in this file must be kept in the order
+ documented in curl_ntlm_core. */
+#if defined(NTLM_NEEDS_NSS_INIT)
+#include "vtls/nssg.h"
#elif defined(USE_WINDOWS_SSPI)
#include "curl_sspi.h"
#endif
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#if DEBUG_ME
@@ -69,18 +70,8 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
struct ntlmdata *ntlm;
CURLcode result = CURLE_OK;
-#ifdef USE_NSS
- result = Curl_nss_force_init(conn->data);
- if(result)
- return result;
-#endif
-
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
- /* skip initial whitespaces */
- while(*header && ISSPACE(*header))
- header++;
-
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
@@ -88,14 +79,18 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
header++;
if(*header) {
- result = Curl_ntlm_decode_type2_message(conn->data, header, ntlm);
- if(CURLE_OK != result)
+ result = Curl_auth_decode_ntlm_type2_message(conn->data, header, ntlm);
+ if(result)
return result;
ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
}
else {
- if(ntlm->state == NTLMSTATE_TYPE3) {
+ if(ntlm->state == NTLMSTATE_LAST) {
+ infof(conn->data, "NTLM auth restarted\n");
+ Curl_http_ntlm_cleanup(conn);
+ }
+ else if(ntlm->state == NTLMSTATE_TYPE3) {
infof(conn->data, "NTLM handshake rejected\n");
Curl_http_ntlm_cleanup(conn);
ntlm->state = NTLMSTATE_NONE;
@@ -116,12 +111,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
/*
* This is for creating ntlm header output
*/
-CURLcode Curl_output_ntlm(struct connectdata *conn,
- bool proxy)
+CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
{
char *base64 = NULL;
size_t len = 0;
- CURLcode error;
+ CURLcode result;
/* point to the address of the pointer that holds the string to send to the
server, which is for a plain host or for a HTTP proxy */
@@ -138,15 +132,15 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
DEBUGASSERT(conn);
DEBUGASSERT(conn->data);
-#ifdef USE_NSS
+#if defined(NTLM_NEEDS_NSS_INIT)
if(CURLE_OK != Curl_nss_force_init(conn->data))
return CURLE_OUT_OF_MEMORY;
#endif
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
- userp = conn->proxyuser;
- passwdp = conn->proxypasswd;
+ userp = conn->http_proxy.user;
+ passwdp = conn->http_proxy.passwd;
ntlm = &conn->proxyntlm;
authp = &conn->data->state.authproxy;
}
@@ -179,38 +173,40 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
/* Create a type-1 message */
- error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
- &len);
- if(error)
- return error;
+ result = Curl_auth_create_ntlm_type1_message(conn->data, userp, passwdp,
+ ntlm, &base64, &len);
+ if(result)
+ return result;
if(base64) {
- Curl_safefree(*allocuserpwd);
+ free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
free(base64);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
+
DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
}
break;
case NTLMSTATE_TYPE2:
/* We already received the type-2 message, create a type-3 message */
- error = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,
- ntlm, &base64, &len);
- if(error)
- return error;
+ result = Curl_auth_create_ntlm_type3_message(conn->data, userp, passwdp,
+ ntlm, &base64, &len);
+ if(result)
+ return result;
if(base64) {
- Curl_safefree(*allocuserpwd);
+ free(*allocuserpwd);
*allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
proxy ? "Proxy-" : "",
base64);
free(base64);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
+
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
@@ -221,6 +217,9 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
+ ntlm->state = NTLMSTATE_LAST;
+ /* fall-through */
+ case NTLMSTATE_LAST:
Curl_safefree(*allocuserpwd);
authp->done = TRUE;
break;
@@ -231,14 +230,12 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
void Curl_http_ntlm_cleanup(struct connectdata *conn)
{
-#ifdef USE_WINDOWS_SSPI
- Curl_ntlm_sspi_cleanup(&conn->ntlm);
- Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
-#elif defined(NTLM_WB_ENABLED)
+ Curl_auth_ntlm_cleanup(&conn->ntlm);
+ Curl_auth_ntlm_cleanup(&conn->proxyntlm);
+
+#if defined(NTLM_WB_ENABLED)
Curl_ntlm_wb_cleanup(conn);
-#else
- (void)conn;
#endif
}
-#endif /* USE_NTLM */
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM */
diff --git a/libs/libcurl/src/curl_ntlm.h b/libs/libcurl/src/http_ntlm.h
index 21a9e9e47b..d186bbe370 100644
--- a/libs/libcurl/src/curl_ntlm.h
+++ b/libs/libcurl/src/http_ntlm.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,7 +24,7 @@
#include "curl_setup.h"
-#ifdef USE_NTLM
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
/* this is for ntlm header input */
CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy,
@@ -35,10 +35,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
void Curl_http_ntlm_cleanup(struct connectdata *conn);
-#else
-
-#define Curl_http_ntlm_cleanup(a) Curl_nop_stmt
-
-#endif
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM */
#endif /* HEADER_CURL_NTLM_H */
diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c
index 6a555525d1..0283c1f3fa 100644
--- a/libs/libcurl/src/http_proxy.c
+++ b/libs/libcurl/src/http_proxy.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,36 +22,70 @@
#include "curl_setup.h"
+#include "http_proxy.h"
+
#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
-#include "urldata.h"
#include <curl/curl.h>
-#include "http_proxy.h"
#include "sendf.h"
#include "http.h"
#include "url.h"
#include "select.h"
-#include "rawstr.h"
#include "progress.h"
#include "non-ascii.h"
#include "connect.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "curlx.h"
+#include "vtls/vtls.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
-CURLcode Curl_proxy_connect(struct connectdata *conn)
+/*
+ * Perform SSL initialization for HTTPS proxy. Sets
+ * proxy_ssl_connected connection bit when complete. Can be
+ * called multiple times.
+ */
+static CURLcode https_proxy_connect(struct connectdata *conn, int sockindex)
+{
+#ifdef USE_SSL
+ CURLcode result = CURLE_OK;
+ DEBUGASSERT(conn->http_proxy.proxytype == CURLPROXY_HTTPS);
+ if(!conn->bits.proxy_ssl_connected[sockindex]) {
+ /* perform SSL initialization for this socket */
+ result =
+ Curl_ssl_connect_nonblocking(conn, sockindex,
+ &conn->bits.proxy_ssl_connected[sockindex]);
+ if(result)
+ conn->bits.close = TRUE; /* a failed connection is marked for closure to
+ prevent (bad) re-use or similar */
+ }
+ return result;
+#else
+ (void) conn;
+ (void) sockindex;
+ return CURLE_NOT_BUILT_IN;
+#endif
+}
+
+CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
{
+ if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
+ const CURLcode result = https_proxy_connect(conn, sockindex);
+ if(result)
+ return result;
+ if(!conn->bits.proxy_ssl_connected[sockindex])
+ return result; /* wait for HTTPS proxy SSL initialization to complete */
+ }
+
if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
#ifndef CURL_DISABLE_PROXY
/* for [protocol] tunneled through HTTP proxy */
struct HTTP http_proxy;
void *prot_save;
+ const char *hostname;
+ int remote_port;
CURLcode result;
/* BLOCKING */
@@ -64,17 +98,35 @@ CURLcode Curl_proxy_connect(struct connectdata *conn)
* original pointer
*
* This function might be called several times in the multi interface case
- * if the proxy's CONNTECT response is not instant.
+ * if the proxy's CONNECT response is not instant.
*/
prot_save = conn->data->req.protop;
memset(&http_proxy, 0, sizeof(http_proxy));
conn->data->req.protop = &http_proxy;
- conn->bits.close = FALSE;
- result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
- conn->host.name, conn->remote_port);
+ connkeep(conn, "HTTP proxy CONNECT");
+
+ /* for the secondary socket (FTP), use the "connect to host"
+ * but ignore the "connect to port" (use the secondary port)
+ */
+
+ if(conn->bits.conn_to_host)
+ hostname = conn->conn_to_host.name;
+ else if(sockindex == SECONDARYSOCKET)
+ hostname = conn->secondaryhostname;
+ else
+ hostname = conn->host.name;
+
+ if(sockindex == SECONDARYSOCKET)
+ remote_port = conn->secondary_port;
+ else if(conn->bits.conn_to_port)
+ remote_port = conn->conn_to_port;
+ else
+ remote_port = conn->remote_port;
+ result = Curl_proxyCONNECT(conn, sockindex, hostname, remote_port);
conn->data->req.protop = prot_save;
if(CURLE_OK != result)
return result;
+ Curl_safefree(conn->allocptr.proxyuserpwd);
#else
return CURLE_NOT_BUILT_IN;
#endif
@@ -83,41 +135,73 @@ CURLcode Curl_proxy_connect(struct connectdata *conn)
return CURLE_OK;
}
-/*
- * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
- * function will issue the necessary commands to get a seamless tunnel through
- * this proxy. After that, the socket can be used just as a normal socket.
- */
+bool Curl_connect_complete(struct connectdata *conn)
+{
+ return !conn->connect_state ||
+ (conn->connect_state->tunnel_state == TUNNEL_COMPLETE);
+}
-CURLcode Curl_proxyCONNECT(struct connectdata *conn,
- int sockindex,
- const char *hostname,
- unsigned short remote_port)
+bool Curl_connect_ongoing(struct connectdata *conn)
+{
+ return conn->connect_state &&
+ (conn->connect_state->tunnel_state != TUNNEL_COMPLETE);
+}
+
+static CURLcode connect_init(struct connectdata *conn, bool reinit)
{
- int subversion=0;
- struct SessionHandle *data=conn->data;
+ struct http_connect_state *s;
+ if(!reinit) {
+ DEBUGASSERT(!conn->connect_state);
+ s = calloc(1, sizeof(struct http_connect_state));
+ if(!s)
+ return CURLE_OUT_OF_MEMORY;
+ infof(conn->data, "allocate connect buffer!\n");
+ conn->connect_state = s;
+ }
+ else {
+ DEBUGASSERT(conn->connect_state);
+ s = conn->connect_state;
+ }
+ s->tunnel_state = TUNNEL_INIT;
+ s->keepon = TRUE;
+ s->line_start = s->connect_buffer;
+ s->ptr = s->line_start;
+ s->cl = 0;
+ return CURLE_OK;
+}
+
+static void connect_done(struct connectdata *conn)
+{
+ struct http_connect_state *s = conn->connect_state;
+ s->tunnel_state = TUNNEL_COMPLETE;
+ infof(conn->data, "CONNECT phase completed!\n");
+}
+
+static CURLcode CONNECT(struct connectdata *conn,
+ int sockindex,
+ const char *hostname,
+ int remote_port)
+{
+ int subversion = 0;
+ struct Curl_easy *data = conn->data;
struct SingleRequest *k = &data->req;
CURLcode result;
- long timeout =
- data->set.timeout?data->set.timeout:PROXY_TIMEOUT; /* in milliseconds */
curl_socket_t tunnelsocket = conn->sock[sockindex];
- curl_off_t cl=0;
bool closeConnection = FALSE;
- bool chunked_encoding = FALSE;
- long check;
+ timediff_t check;
+ struct http_connect_state *s = conn->connect_state;
#define SELECT_OK 0
#define SELECT_ERROR 1
#define SELECT_TIMEOUT 2
- int error = SELECT_OK;
- if(conn->tunnel_state[sockindex] == TUNNEL_COMPLETE)
+ if(Curl_connect_complete(conn))
return CURLE_OK; /* CONNECT is already completed */
conn->bits.proxy_connect_closed = FALSE;
do {
- if(TUNNEL_INIT == conn->tunnel_state[sockindex]) {
+ if(TUNNEL_INIT == s->tunnel_state) {
/* BEGIN CONNECT PHASE */
char *host_port;
Curl_send_buffer *req_buffer;
@@ -125,13 +209,11 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
infof(data, "Establish HTTP proxy tunnel to %s:%hu\n",
hostname, remote_port);
- if(data->req.newurl) {
/* This only happens if we've looped here due to authentication
reasons, and we don't really use the newly cloned URL here
then. Just free() it. */
- free(data->req.newurl);
- data->req.newurl = NULL;
- }
+ free(data->req.newurl);
+ data->req.newurl = NULL;
/* initialize a dynamic send-buffer */
req_buffer = Curl_add_buffer_init();
@@ -141,7 +223,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
host_port = aprintf("%s:%hu", hostname, remote_port);
if(!host_port) {
- free(req_buffer);
+ Curl_add_buffer_free(req_buffer);
return CURLE_OUT_OF_MEMORY;
}
@@ -150,33 +232,38 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
free(host_port);
- if(CURLE_OK == result) {
- char *host=(char *)"";
- const char *proxyconn="";
- const char *useragent="";
- const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
+ if(!result) {
+ char *host = NULL;
+ const char *proxyconn = "";
+ const char *useragent = "";
+ const char *http = (conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0) ?
"1.0" : "1.1";
- char *hostheader= /* host:port with IPv6 support */
- aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",
- hostname, conn->bits.ipv6_ip?"]":"",
+ bool ipv6_ip = conn->bits.ipv6_ip;
+ char *hostheader;
+
+ /* the hostname may be different */
+ if(hostname != conn->host.name)
+ ipv6_ip = (strchr(hostname, ':') != NULL);
+ hostheader = /* host:port with IPv6 support */
+ aprintf("%s%s%s:%hu", ipv6_ip?"[":"", hostname, ipv6_ip?"]":"",
remote_port);
if(!hostheader) {
- free(req_buffer);
+ Curl_add_buffer_free(req_buffer);
return CURLE_OUT_OF_MEMORY;
}
- if(!Curl_checkheaders(data, "Host:")) {
+ if(!Curl_checkProxyheaders(conn, "Host:")) {
host = aprintf("Host: %s\r\n", hostheader);
if(!host) {
free(hostheader);
- free(req_buffer);
+ Curl_add_buffer_free(req_buffer);
return CURLE_OUT_OF_MEMORY;
}
}
- if(!Curl_checkheaders(data, "Proxy-Connection:"))
+ if(!Curl_checkProxyheaders(conn, "Proxy-Connection:"))
proxyconn = "Proxy-Connection: Keep-Alive\r\n";
- if(!Curl_checkheaders(data, "User-Agent:") &&
+ if(!Curl_checkProxyheaders(conn, "User-Agent:") &&
data->set.str[STRING_USERAGENT])
useragent = conn->allocptr.uagent;
@@ -189,24 +276,24 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
"%s", /* Proxy-Connection */
hostheader,
http,
- host,
+ host?host:"",
conn->allocptr.proxyuserpwd?
conn->allocptr.proxyuserpwd:"",
useragent,
proxyconn);
- if(host && *host)
+ if(host)
free(host);
free(hostheader);
- if(CURLE_OK == result)
- result = Curl_add_custom_headers(conn, req_buffer);
+ if(!result)
+ result = Curl_add_custom_headers(conn, TRUE, req_buffer);
- if(CURLE_OK == result)
+ if(!result)
/* CRLF terminate the request */
result = Curl_add_bufferf(req_buffer, "\r\n");
- if(CURLE_OK == result) {
+ if(!result) {
/* Send the connect request to the proxy */
/* BLOCKING */
result =
@@ -218,287 +305,269 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
failf(data, "Failed sending CONNECT to proxy");
}
- Curl_safefree(req_buffer);
+ Curl_add_buffer_free(req_buffer);
if(result)
return result;
- conn->tunnel_state[sockindex] = TUNNEL_CONNECT;
+ s->tunnel_state = TUNNEL_CONNECT;
+ s->perline = 0;
+ } /* END CONNECT PHASE */
+
+ check = Curl_timeleft(data, NULL, TRUE);
+ if(check <= 0) {
+ failf(data, "Proxy CONNECT aborted due to timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
- /* now we've issued the CONNECT and we're waiting to hear back, return
- and get called again polling-style */
+ if(!Curl_conn_data_pending(conn, sockindex))
+ /* return so we'll be called again polling-style */
return CURLE_OK;
- } /* END CONNECT PHASE */
+ /* at this point, the tunnel_connecting phase is over. */
- { /* BEGIN NEGOTIATION PHASE */
- size_t nread; /* total size read */
- int perline; /* count bytes per line */
- int keepon=TRUE;
- ssize_t gotbytes;
- char *ptr;
- char *line_start;
-
- ptr=data->state.buffer;
- line_start = ptr;
-
- nread=0;
- perline=0;
- keepon=TRUE;
-
- while((nread<BUFSIZE) && (keepon && !error)) {
-
- /* if timeout is requested, find out how much remaining time we have */
- check = timeout - /* timeout time */
- Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */
- if(check <= 0) {
- failf(data, "Proxy CONNECT aborted due to timeout");
- error = SELECT_TIMEOUT; /* already too little time */
- break;
+ { /* READING RESPONSE PHASE */
+ int error = SELECT_OK;
+
+ while(s->keepon && !error) {
+ ssize_t gotbytes;
+
+ /* make sure we have space to read more data */
+ if(s->ptr >= &s->connect_buffer[CONNECT_BUFFER_SIZE]) {
+ failf(data, "CONNECT response too large!");
+ return CURLE_RECV_ERROR;
}
- /* loop every second at least, less if the timeout is near */
- switch (Curl_socket_ready(tunnelsocket, CURL_SOCKET_BAD,
- check<1000L?check:1000)) {
- case -1: /* select() error, stop reading */
- error = SELECT_ERROR;
- failf(data, "Proxy CONNECT aborted due to select/poll error");
+ /* Read one byte at a time to avoid a race condition. Wait at most one
+ second before looping to ensure continuous pgrsUpdates. */
+ result = Curl_read(conn, tunnelsocket, s->ptr, 1, &gotbytes);
+ if(result == CURLE_AGAIN)
+ /* socket buffer drained, return */
+ return CURLE_OK;
+
+ if(Curl_pgrsUpdate(conn))
+ return CURLE_ABORTED_BY_CALLBACK;
+
+ if(result) {
+ s->keepon = FALSE;
break;
- case 0: /* timeout */
+ }
+ else if(gotbytes <= 0) {
+ if(data->set.proxyauth && data->state.authproxy.avail) {
+ /* proxy auth was requested and there was proxy auth available,
+ then deem this as "mere" proxy disconnect */
+ conn->bits.proxy_connect_closed = TRUE;
+ infof(data, "Proxy CONNECT connection closed\n");
+ }
+ else {
+ error = SELECT_ERROR;
+ failf(data, "Proxy CONNECT aborted");
+ }
+ s->keepon = FALSE;
break;
- default:
- DEBUGASSERT(ptr+BUFSIZE-nread <= data->state.buffer+BUFSIZE+1);
- result = Curl_read(conn, tunnelsocket, ptr, BUFSIZE-nread,
- &gotbytes);
- if(result==CURLE_AGAIN)
- continue; /* go loop yourself */
- else if(result)
- keepon = FALSE;
- else if(gotbytes <= 0) {
- keepon = FALSE;
- if(data->set.proxyauth && data->state.authproxy.avail) {
- /* proxy auth was requested and there was proxy auth available,
- then deem this as "mere" proxy disconnect */
- conn->bits.proxy_connect_closed = TRUE;
- }
- else {
- error = SELECT_ERROR;
- failf(data, "Proxy CONNECT aborted");
+ }
+
+
+ if(s->keepon > TRUE) {
+ /* This means we are currently ignoring a response-body */
+
+ s->ptr = s->connect_buffer;
+ if(s->cl) {
+ /* A Content-Length based body: simply count down the counter
+ and make sure to break out of the loop when we're done! */
+ s->cl--;
+ if(s->cl <= 0) {
+ s->keepon = FALSE;
+ s->tunnel_state = TUNNEL_COMPLETE;
+ break;
}
}
else {
- /*
- * We got a whole chunk of data, which can be anything from one
- * byte to a set of lines and possibly just a piece of the last
- * line.
- */
- int i;
-
- nread += gotbytes;
-
- if(keepon > TRUE) {
- /* This means we are currently ignoring a response-body */
-
- nread = 0; /* make next read start over in the read buffer */
- ptr=data->state.buffer;
- if(cl) {
- /* A Content-Length based body: simply count down the counter
- and make sure to break out of the loop when we're done! */
- cl -= gotbytes;
- if(cl<=0) {
- keepon = FALSE;
- break;
- }
+ /* chunked-encoded body, so we need to do the chunked dance
+ properly to know when the end of the body is reached */
+ CHUNKcode r;
+ ssize_t tookcareof = 0;
+
+ /* now parse the chunked piece of data so that we can
+ properly tell when the stream ends */
+ r = Curl_httpchunk_read(conn, s->ptr, 1, &tookcareof);
+ if(r == CHUNKE_STOP) {
+ /* we're done reading chunks! */
+ infof(data, "chunk reading DONE\n");
+ s->keepon = FALSE;
+ /* we did the full CONNECT treatment, go COMPLETE */
+ s->tunnel_state = TUNNEL_COMPLETE;
+ }
+ }
+ continue;
+ }
+
+ s->perline++; /* amount of bytes in this line so far */
+
+ /* if this is not the end of a header line then continue */
+ if(*s->ptr != 0x0a) {
+ s->ptr++;
+ continue;
+ }
+
+ /* convert from the network encoding */
+ result = Curl_convert_from_network(data, s->line_start,
+ (size_t)s->perline);
+ /* Curl_convert_from_network calls failf if unsuccessful */
+ if(result)
+ return result;
+
+ /* output debug if that is requested */
+ if(data->set.verbose)
+ Curl_debug(data, CURLINFO_HEADER_IN,
+ s->line_start, (size_t)s->perline, conn);
+
+ if(!data->set.suppress_connect_headers) {
+ /* send the header to the callback */
+ int writetype = CLIENTWRITE_HEADER;
+ if(data->set.include_header)
+ writetype |= CLIENTWRITE_BODY;
+
+ result = Curl_client_write(conn, writetype,
+ s->line_start, s->perline);
+ if(result)
+ return result;
+ }
+
+ data->info.header_size += (long)s->perline;
+ data->req.headerbytecount += (long)s->perline;
+
+ /* Newlines are CRLF, so the CR is ignored as the line isn't
+ really terminated until the LF comes. Treat a following CR
+ as end-of-headers as well.*/
+
+ if(('\r' == s->line_start[0]) ||
+ ('\n' == s->line_start[0])) {
+ /* end of response-headers from the proxy */
+ s->ptr = s->connect_buffer;
+ if((407 == k->httpcode) && !data->state.authproblem) {
+ /* If we get a 407 response code with content length
+ when we have no auth problem, we must ignore the
+ whole response-body */
+ s->keepon = 2;
+
+ if(s->cl) {
+ infof(data, "Ignore %" CURL_FORMAT_CURL_OFF_T
+ " bytes of response-body\n", s->cl);
+ }
+ else if(s->chunked_encoding) {
+ CHUNKcode r;
+
+ infof(data, "Ignore chunked response-body\n");
+
+ /* We set ignorebody true here since the chunked
+ decoder function will acknowledge that. Pay
+ attention so that this is cleared again when this
+ function returns! */
+ k->ignorebody = TRUE;
+
+ if(s->line_start[1] == '\n') {
+ /* this can only be a LF if the letter at index 0
+ was a CR */
+ s->line_start++;
}
- else {
- /* chunked-encoded body, so we need to do the chunked dance
- properly to know when the end of the body is reached */
- CHUNKcode r;
- ssize_t tookcareof=0;
-
- /* now parse the chunked piece of data so that we can
- properly tell when the stream ends */
- r = Curl_httpchunk_read(conn, ptr, gotbytes, &tookcareof);
- if(r == CHUNKE_STOP) {
- /* we're done reading chunks! */
- infof(data, "chunk reading DONE\n");
- keepon = FALSE;
- /* we did the full CONNECT treatment, go COMPLETE */
- conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
- }
- else
- infof(data, "Read %zd bytes of chunk, continue\n",
- tookcareof);
+
+ /* now parse the chunked piece of data so that we can
+ properly tell when the stream ends */
+ r = Curl_httpchunk_read(conn, s->line_start + 1, 1, &gotbytes);
+ if(r == CHUNKE_STOP) {
+ /* we're done reading chunks! */
+ infof(data, "chunk reading DONE\n");
+ s->keepon = FALSE;
+ /* we did the full CONNECT treatment, go to COMPLETE */
+ s->tunnel_state = TUNNEL_COMPLETE;
}
}
- else
- for(i = 0; i < gotbytes; ptr++, i++) {
- perline++; /* amount of bytes in this line so far */
- if(*ptr == 0x0a) {
- char letter;
- int writetype;
-
- /* convert from the network encoding */
- result = Curl_convert_from_network(data, line_start,
- perline);
- /* Curl_convert_from_network calls failf if unsuccessful */
- if(result)
- return result;
-
- /* output debug if that is requested */
- if(data->set.verbose)
- Curl_debug(data, CURLINFO_HEADER_IN,
- line_start, (size_t)perline, conn);
-
- /* send the header to the callback */
- writetype = CLIENTWRITE_HEADER;
- if(data->set.include_header)
- writetype |= CLIENTWRITE_BODY;
-
- result = Curl_client_write(conn, writetype, line_start,
- perline);
-
- data->info.header_size += (long)perline;
- data->req.headerbytecount += (long)perline;
-
- if(result)
- return result;
-
- /* Newlines are CRLF, so the CR is ignored as the line isn't
- really terminated until the LF comes. Treat a following CR
- as end-of-headers as well.*/
-
- if(('\r' == line_start[0]) ||
- ('\n' == line_start[0])) {
- /* end of response-headers from the proxy */
- nread = 0; /* make next read start over in the read
- buffer */
- ptr=data->state.buffer;
- if((407 == k->httpcode) && !data->state.authproblem) {
- /* If we get a 407 response code with content length
- when we have no auth problem, we must ignore the
- whole response-body */
- keepon = 2;
-
- if(cl) {
-
- infof(data, "Ignore %" FORMAT_OFF_T
- " bytes of response-body\n", cl);
- /* remove the remaining chunk of what we already
- read */
- cl -= (gotbytes - i);
-
- if(cl<=0)
- /* if the whole thing was already read, we are done!
- */
- keepon=FALSE;
- }
- else if(chunked_encoding) {
- CHUNKcode r;
- /* We set ignorebody true here since the chunked
- decoder function will acknowledge that. Pay
- attention so that this is cleared again when this
- function returns! */
- k->ignorebody = TRUE;
- infof(data, "%zd bytes of chunk left\n", gotbytes-i);
-
- if(line_start[1] == '\n') {
- /* this can only be a LF if the letter at index 0
- was a CR */
- line_start++;
- i++;
- }
-
- /* now parse the chunked piece of data so that we can
- properly tell when the stream ends */
- r = Curl_httpchunk_read(conn, line_start+1,
- gotbytes -i, &gotbytes);
- if(r == CHUNKE_STOP) {
- /* we're done reading chunks! */
- infof(data, "chunk reading DONE\n");
- keepon = FALSE;
- /* we did the full CONNECT treatment, go to
- COMPLETE */
- conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
- }
- else
- infof(data, "Read %zd bytes of chunk, continue\n",
- gotbytes);
- }
- else {
- /* without content-length or chunked encoding, we
- can't keep the connection alive since the close is
- the end signal so we bail out at once instead */
- keepon=FALSE;
- }
- }
- else {
- keepon = FALSE;
- if(200 == data->info.httpproxycode) {
- if(gotbytes - (i+1))
- failf(data, "Proxy CONNECT followed by %zd bytes "
- "of opaque data. Data ignored (known bug #39)",
- gotbytes - (i+1));
- }
- }
- /* we did the full CONNECT treatment, go to COMPLETE */
- conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
- break; /* breaks out of for-loop, not switch() */
- }
-
- /* keep a backup of the position we are about to blank */
- letter = line_start[perline];
- line_start[perline]=0; /* zero terminate the buffer */
- if((checkprefix("WWW-Authenticate:", line_start) &&
- (401 == k->httpcode)) ||
- (checkprefix("Proxy-authenticate:", line_start) &&
- (407 == k->httpcode))) {
- result = Curl_http_input_auth(conn, k->httpcode,
- line_start);
- if(result)
- return result;
- }
- else if(checkprefix("Content-Length:", line_start)) {
- cl = curlx_strtoofft(line_start +
- strlen("Content-Length:"), NULL, 10);
- }
- else if(Curl_compareheader(line_start,
- "Connection:", "close"))
- closeConnection = TRUE;
- else if(Curl_compareheader(line_start,
- "Transfer-Encoding:",
- "chunked")) {
- infof(data, "CONNECT responded chunked\n");
- chunked_encoding = TRUE;
- /* init our chunky engine */
- Curl_httpchunk_init(conn);
- }
- else if(Curl_compareheader(line_start,
- "Proxy-Connection:", "close"))
- closeConnection = TRUE;
- else if(2 == sscanf(line_start, "HTTP/1.%d %d",
- &subversion,
- &k->httpcode)) {
- /* store the HTTP code from the proxy */
- data->info.httpproxycode = k->httpcode;
- }
- /* put back the letter we blanked out before */
- line_start[perline]= letter;
-
- perline=0; /* line starts over here */
- line_start = ptr+1; /* this skips the zero byte we wrote */
- }
- }
+ else {
+ /* without content-length or chunked encoding, we
+ can't keep the connection alive since the close is
+ the end signal so we bail out at once instead */
+ s->keepon = FALSE;
+ }
}
- break;
- } /* switch */
- if(Curl_pgrsUpdate(conn))
- return CURLE_ABORTED_BY_CALLBACK;
+ else
+ s->keepon = FALSE;
+ if(!s->cl)
+ /* we did the full CONNECT treatment, go to COMPLETE */
+ s->tunnel_state = TUNNEL_COMPLETE;
+ continue;
+ }
+
+ s->line_start[s->perline] = 0; /* zero terminate the buffer */
+ if((checkprefix("WWW-Authenticate:", s->line_start) &&
+ (401 == k->httpcode)) ||
+ (checkprefix("Proxy-authenticate:", s->line_start) &&
+ (407 == k->httpcode))) {
+
+ bool proxy = (k->httpcode == 407) ? TRUE : FALSE;
+ char *auth = Curl_copy_header_value(s->line_start);
+ if(!auth)
+ return CURLE_OUT_OF_MEMORY;
+
+ result = Curl_http_input_auth(conn, proxy, auth);
+
+ free(auth);
+
+ if(result)
+ return result;
+ }
+ else if(checkprefix("Content-Length:", s->line_start)) {
+ if(k->httpcode/100 == 2) {
+ /* A client MUST ignore any Content-Length or Transfer-Encoding
+ header fields received in a successful response to CONNECT.
+ "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 */
+ infof(data, "Ignoring Content-Length in CONNECT %03d response\n",
+ k->httpcode);
+ }
+ else {
+ (void)curlx_strtoofft(s->line_start +
+ strlen("Content-Length:"), NULL, 10, &s->cl);
+ }
+ }
+ else if(Curl_compareheader(s->line_start, "Connection:", "close"))
+ closeConnection = TRUE;
+ else if(checkprefix("Transfer-Encoding:", s->line_start)) {
+ if(k->httpcode/100 == 2) {
+ /* A client MUST ignore any Content-Length or Transfer-Encoding
+ header fields received in a successful response to CONNECT.
+ "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 */
+ infof(data, "Ignoring Transfer-Encoding in "
+ "CONNECT %03d response\n", k->httpcode);
+ }
+ else if(Curl_compareheader(s->line_start,
+ "Transfer-Encoding:", "chunked")) {
+ infof(data, "CONNECT responded chunked\n");
+ s->chunked_encoding = TRUE;
+ /* init our chunky engine */
+ Curl_httpchunk_init(conn);
+ }
+ }
+ else if(Curl_compareheader(s->line_start,
+ "Proxy-Connection:", "close"))
+ closeConnection = TRUE;
+ else if(2 == sscanf(s->line_start, "HTTP/1.%d %d",
+ &subversion,
+ &k->httpcode)) {
+ /* store the HTTP code from the proxy */
+ data->info.httpproxycode = k->httpcode;
+ }
+
+ s->perline = 0; /* line starts over here */
+ s->ptr = s->connect_buffer;
+ s->line_start = s->ptr;
} /* while there's buffer left and loop is requested */
+ if(Curl_pgrsUpdate(conn))
+ return CURLE_ABORTED_BY_CALLBACK;
+
if(error)
return CURLE_RECV_ERROR;
- if(data->info.httpproxycode != 200) {
+ if(data->info.httpproxycode/100 != 2) {
/* Deal with the possibly already received authenticate
headers. 'newurl' is set to a new URL if we must loop. */
result = Curl_http_auth_act(conn);
@@ -508,8 +577,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
if(conn->bits.close)
/* the connection has been marked for closure, most likely in the
Curl_http_auth_act() function and thus we can kill it at once
- below
- */
+ below */
closeConnection = TRUE;
}
@@ -519,40 +587,44 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
conn->sock[sockindex] = CURL_SOCKET_BAD;
break;
}
- } /* END NEGOTIATION PHASE */
+ } /* END READING RESPONSE PHASE */
/* If we are supposed to continue and request a new URL, which basically
* means the HTTP authentication is still going on so if the tunnel
* is complete we start over in INIT state */
- if(data->req.newurl &&
- (TUNNEL_COMPLETE == conn->tunnel_state[sockindex])) {
- conn->tunnel_state[sockindex] = TUNNEL_INIT;
- infof(data, "TUNNEL_STATE switched to: %d\n",
- conn->tunnel_state[sockindex]);
+ if(data->req.newurl && (TUNNEL_COMPLETE == s->tunnel_state)) {
+ connect_init(conn, TRUE); /* reinit */
}
} while(data->req.newurl);
- if(200 != data->req.httpcode) {
- failf(data, "Received HTTP code %d from proxy after CONNECT",
- data->req.httpcode);
-
- if(closeConnection && data->req.newurl)
+ if(data->info.httpproxycode/100 != 2) {
+ if(closeConnection && data->req.newurl) {
conn->bits.proxy_connect_closed = TRUE;
-
- if(data->req.newurl) {
- /* this won't be used anymore for the CONNECT so free it now */
+ infof(data, "Connect me again please\n");
+ connect_done(conn);
+ }
+ else {
free(data->req.newurl);
data->req.newurl = NULL;
+ /* failure, close this connection to avoid re-use */
+ streamclose(conn, "proxy CONNECT failure");
+ Curl_closesocket(conn, conn->sock[sockindex]);
+ conn->sock[sockindex] = CURL_SOCKET_BAD;
}
/* to back to init state */
- conn->tunnel_state[sockindex] = TUNNEL_INIT;
+ s->tunnel_state = TUNNEL_INIT;
+ if(conn->bits.proxy_connect_closed)
+ /* this is not an error, just part of the connection negotiation */
+ return CURLE_OK;
+ failf(data, "Received HTTP code %d from proxy after CONNECT",
+ data->req.httpcode);
return CURLE_RECV_ERROR;
}
- conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
+ s->tunnel_state = TUNNEL_COMPLETE;
/* If a proxy-authorization header was used for the proxy, then we should
make sure that it isn't accidentally used for the document request
@@ -562,10 +634,53 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
data->state.authproxy.done = TRUE;
- infof (data, "Proxy replied OK to CONNECT request\n");
+ infof(data, "Proxy replied %d to CONNECT request\n",
+ data->info.httpproxycode);
data->req.ignorebody = FALSE; /* put it (back) to non-ignore state */
conn->bits.rewindaftersend = FALSE; /* make sure this isn't set for the
document request */
return CURLE_OK;
}
+
+void Curl_connect_free(struct Curl_easy *data)
+{
+ struct connectdata *conn = data->easy_conn;
+ struct http_connect_state *s = conn->connect_state;
+ if(s) {
+ free(s);
+ conn->connect_state = NULL;
+ }
+}
+
+/*
+ * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
+ * function will issue the necessary commands to get a seamless tunnel through
+ * this proxy. After that, the socket can be used just as a normal socket.
+ */
+
+CURLcode Curl_proxyCONNECT(struct connectdata *conn,
+ int sockindex,
+ const char *hostname,
+ int remote_port)
+{
+ CURLcode result;
+ if(!conn->connect_state) {
+ result = connect_init(conn, FALSE);
+ if(result)
+ return result;
+ }
+ result = CONNECT(conn, sockindex, hostname, remote_port);
+
+ if(result || Curl_connect_complete(conn))
+ connect_done(conn);
+
+ return result;
+}
+
+#else
+void Curl_connect_free(struct Curl_easy *data)
+{
+ (void)data;
+}
+
#endif /* CURL_DISABLE_PROXY */
diff --git a/libs/libcurl/src/http_proxy.h b/libs/libcurl/src/http_proxy.h
index 518c09383d..e19fa859a0 100644
--- a/libs/libcurl/src/http_proxy.h
+++ b/libs/libcurl/src/http_proxy.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,20 +22,30 @@
*
***************************************************************************/
+#include "curl_setup.h"
+#include "urldata.h"
+
#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
/* ftp can use this as well */
CURLcode Curl_proxyCONNECT(struct connectdata *conn,
int tunnelsocket,
- const char *hostname, unsigned short remote_port);
+ const char *hostname, int remote_port);
/* Default proxy timeout in milliseconds */
#define PROXY_TIMEOUT (3600*1000)
-CURLcode Curl_proxy_connect(struct connectdata *conn);
+CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex);
+
+bool Curl_connect_complete(struct connectdata *conn);
+bool Curl_connect_ongoing(struct connectdata *conn);
#else
#define Curl_proxyCONNECT(x,y,z,w) CURLE_NOT_BUILT_IN
-#define Curl_proxy_connect(x) CURLE_OK
+#define Curl_proxy_connect(x,y) CURLE_OK
+#define Curl_connect_complete(x) CURLE_OK
+#define Curl_connect_ongoing(x) FALSE
#endif
+void Curl_connect_free(struct Curl_easy *data);
+
#endif /* HEADER_CURL_HTTP_PROXY_H */
diff --git a/libs/libcurl/src/idn_win32.c b/libs/libcurl/src/idn_win32.c
index 464964bcd0..8dc300b36d 100644
--- a/libs/libcurl/src/idn_win32.c
+++ b/libs/libcurl/src/idn_win32.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -29,57 +29,83 @@
#ifdef USE_WIN32_IDN
#include "curl_multibyte.h"
-
#include "curl_memory.h"
-/* The last #include file should be: */
+#include "warnless.h"
+
+ /* The last #include file should be: */
#include "memdebug.h"
#ifdef WANT_IDN_PROTOTYPES
-WINBASEAPI int WINAPI IdnToAscii(DWORD, const WCHAR *, int, WCHAR *, int);
-WINBASEAPI int WINAPI IdnToUnicode(DWORD, const WCHAR *, int, WCHAR *, int);
+# if defined(_SAL_VERSION)
+WINNORMALIZEAPI int WINAPI
+IdnToAscii(_In_ DWORD dwFlags,
+ _In_reads_(cchUnicodeChar) LPCWSTR lpUnicodeCharStr,
+ _In_ int cchUnicodeChar,
+ _Out_writes_opt_(cchASCIIChar) LPWSTR lpASCIICharStr,
+ _In_ int cchASCIIChar);
+WINNORMALIZEAPI int WINAPI
+IdnToUnicode(_In_ DWORD dwFlags,
+ _In_reads_(cchASCIIChar) LPCWSTR lpASCIICharStr,
+ _In_ int cchASCIIChar,
+ _Out_writes_opt_(cchUnicodeChar) LPWSTR lpUnicodeCharStr,
+ _In_ int cchUnicodeChar);
+# else
+WINBASEAPI int WINAPI IdnToAscii(DWORD dwFlags,
+ const WCHAR *lpUnicodeCharStr,
+ int cchUnicodeChar,
+ WCHAR *lpASCIICharStr,
+ int cchASCIIChar);
+WINBASEAPI int WINAPI IdnToUnicode(DWORD dwFlags,
+ const WCHAR *lpASCIICharStr,
+ int cchASCIIChar,
+ WCHAR *lpUnicodeCharStr,
+ int cchUnicodeChar);
+# endif
#endif
#define IDN_MAX_LENGTH 255
-int curl_win32_idn_to_ascii(const char *in, char **out);
-int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8);
+bool curl_win32_idn_to_ascii(const char *in, char **out);
+bool curl_win32_ascii_to_idn(const char *in, char **out);
-int curl_win32_idn_to_ascii(const char *in, char **out)
+bool curl_win32_idn_to_ascii(const char *in, char **out)
{
+ bool success = FALSE;
+
wchar_t *in_w = Curl_convert_UTF8_to_wchar(in);
if(in_w) {
wchar_t punycode[IDN_MAX_LENGTH];
- if(IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH) == 0) {
- wprintf(L"ERROR %d converting to Punycode\n", GetLastError());
- free(in_w);
- return 0;
- }
+ int chars = IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH);
free(in_w);
-
- *out = Curl_convert_wchar_to_UTF8(punycode);
- if(!*out)
- return 0;
+ if(chars) {
+ *out = Curl_convert_wchar_to_UTF8(punycode);
+ if(*out)
+ success = TRUE;
+ }
}
- return 1;
+
+ return success;
}
-int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8)
+bool curl_win32_ascii_to_idn(const char *in, char **out)
{
- (void)in_len; /* unused */
- if(in) {
- WCHAR unicode[IDN_MAX_LENGTH];
+ bool success = FALSE;
- if(IdnToUnicode(0, (wchar_t *)in, -1, unicode, IDN_MAX_LENGTH) == 0) {
- wprintf(L"ERROR %d converting to Punycode\n", GetLastError());
- return 0;
- }
- else {
- *out_utf8 = Curl_convert_wchar_to_UTF8(unicode);
- if(!*out_utf8)
- return 0;
+ wchar_t *in_w = Curl_convert_UTF8_to_wchar(in);
+ if(in_w) {
+ size_t in_len = wcslen(in_w) + 1;
+ wchar_t unicode[IDN_MAX_LENGTH];
+ int chars = IdnToUnicode(0, in_w, curlx_uztosi(in_len),
+ unicode, IDN_MAX_LENGTH);
+ free(in_w);
+ if(chars) {
+ *out = Curl_convert_wchar_to_UTF8(unicode);
+ if(*out)
+ success = TRUE;
}
}
- return 1;
+
+ return success;
}
#endif /* USE_WIN32_IDN */
diff --git a/libs/libcurl/src/if2ip.c b/libs/libcurl/src/if2ip.c
index 05ae7d6f87..ce38ea117b 100644
--- a/libs/libcurl/src/if2ip.c
+++ b/libs/libcurl/src/if2ip.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -51,18 +51,49 @@
#endif
#include "inet_ntop.h"
-#include "strequal.h"
+#include "strcase.h"
#include "if2ip.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/* ------------------------------------------------------------------ */
+/* Return the scope of the given address. */
+unsigned int Curl_ipv6_scope(const struct sockaddr *sa)
+{
+#ifndef ENABLE_IPV6
+ (void) sa;
+#else
+ if(sa->sa_family == AF_INET6) {
+ const struct sockaddr_in6 * sa6 = (const struct sockaddr_in6 *)(void *) sa;
+ const unsigned char *b = sa6->sin6_addr.s6_addr;
+ unsigned short w = (unsigned short) ((b[0] << 8) | b[1]);
+
+ if((b[0] & 0xFE) == 0xFC) /* Handle ULAs */
+ return IPV6_SCOPE_UNIQUELOCAL;
+ switch(w & 0xFFC0) {
+ case 0xFE80:
+ return IPV6_SCOPE_LINKLOCAL;
+ case 0xFEC0:
+ return IPV6_SCOPE_SITELOCAL;
+ case 0x0000:
+ w = b[1] | b[2] | b[3] | b[4] | b[5] | b[6] | b[7] | b[8] | b[9] |
+ b[10] | b[11] | b[12] | b[13] | b[14];
+ if(w || b[15] != 0x01)
+ break;
+ return IPV6_SCOPE_NODELOCAL;
+ default:
+ break;
+ }
+ }
+#endif
+
+ return IPV6_SCOPE_GLOBAL;
+}
+
+
#if defined(HAVE_GETIFADDRS)
bool Curl_if_is_interface_name(const char *interf)
@@ -72,8 +103,8 @@ bool Curl_if_is_interface_name(const char *interf)
struct ifaddrs *iface, *head;
if(getifaddrs(&head) >= 0) {
- for(iface=head; iface != NULL; iface=iface->ifa_next) {
- if(curl_strequal(iface->ifa_name, interf)) {
+ for(iface = head; iface != NULL; iface = iface->ifa_next) {
+ if(strcasecompare(iface->ifa_name, interf)) {
result = TRUE;
break;
}
@@ -84,7 +115,8 @@ bool Curl_if_is_interface_name(const char *interf)
}
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- const char *interf, char *buf, int buf_size)
+ unsigned int remote_scope_id, const char *interf,
+ char *buf, int buf_size)
{
struct ifaddrs *iface, *head;
if2ip_result_t res = IF2IP_NOT_FOUND;
@@ -93,38 +125,56 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
(void) remote_scope;
#endif
+#if !defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) || \
+ !defined(ENABLE_IPV6)
+ (void) remote_scope_id;
+#endif
+
if(getifaddrs(&head) >= 0) {
- for(iface=head; iface != NULL; iface=iface->ifa_next) {
+ for(iface = head; iface != NULL; iface = iface->ifa_next) {
if(iface->ifa_addr != NULL) {
if(iface->ifa_addr->sa_family == af) {
- if(curl_strequal(iface->ifa_name, interf)) {
+ if(strcasecompare(iface->ifa_name, interf)) {
void *addr;
char *ip;
- char scope[12]="";
+ char scope[12] = "";
char ipstr[64];
#ifdef ENABLE_IPV6
if(af == AF_INET6) {
unsigned int scopeid = 0;
- addr = &((struct sockaddr_in6 *)iface->ifa_addr)->sin6_addr;
-#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
- /* Include the scope of this interface as part of the address */
- scopeid =
- ((struct sockaddr_in6 *)iface->ifa_addr)->sin6_scope_id;
-#endif
- if(scopeid != remote_scope) {
+ unsigned int ifscope = Curl_ipv6_scope(iface->ifa_addr);
+
+ if(ifscope != remote_scope) {
/* We are interested only in interface addresses whose
- scope ID matches the remote address we want to
- connect to: global (0) for global, link-local for
+ scope matches the remote address we want to
+ connect to: global for global, link-local for
link-local, etc... */
if(res == IF2IP_NOT_FOUND) res = IF2IP_AF_NOT_SUPPORTED;
continue;
}
+
+ addr =
+ &((struct sockaddr_in6 *)(void *)iface->ifa_addr)->sin6_addr;
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+ /* Include the scope of this interface as part of the address */
+ scopeid = ((struct sockaddr_in6 *)(void *)iface->ifa_addr)
+ ->sin6_scope_id;
+
+ /* If given, scope id should match. */
+ if(remote_scope_id && scopeid != remote_scope_id) {
+ if(res == IF2IP_NOT_FOUND)
+ res = IF2IP_AF_NOT_SUPPORTED;
+
+ continue;
+ }
+#endif
if(scopeid)
snprintf(scope, sizeof(scope), "%%%u", scopeid);
}
else
#endif
- addr = &((struct sockaddr_in *)iface->ifa_addr)->sin_addr;
+ addr =
+ &((struct sockaddr_in *)(void *)iface->ifa_addr)->sin_addr;
res = IF2IP_FOUND;
ip = (char *) Curl_inet_ntop(af, addr, ipstr, sizeof(ipstr));
snprintf(buf, buf_size, "%s%s", ip, scope);
@@ -132,13 +182,15 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
}
}
else if((res == IF2IP_NOT_FOUND) &&
- curl_strequal(iface->ifa_name, interf)) {
+ strcasecompare(iface->ifa_name, interf)) {
res = IF2IP_AF_NOT_SUPPORTED;
}
}
}
+
freeifaddrs(head);
}
+
return res;
}
@@ -149,12 +201,13 @@ bool Curl_if_is_interface_name(const char *interf)
/* This is here just to support the old interfaces */
char buf[256];
- return (Curl_if2ip(AF_INET, 0, interf, buf, sizeof(buf)) ==
+ return (Curl_if2ip(AF_INET, 0 /* unused */, 0, interf, buf, sizeof(buf)) ==
IF2IP_NOT_FOUND) ? FALSE : TRUE;
}
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- const char *interf, char *buf, int buf_size)
+ unsigned int remote_scope_id, const char *interf,
+ char *buf, int buf_size)
{
struct ifreq req;
struct in_addr in;
@@ -163,6 +216,7 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
size_t len;
(void)remote_scope;
+ (void)remote_scope_id;
if(!interf || (af != AF_INET))
return IF2IP_NOT_FOUND;
@@ -176,7 +230,7 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
return IF2IP_NOT_FOUND;
memset(&req, 0, sizeof(req));
- memcpy(req.ifr_name, interf, len+1);
+ memcpy(req.ifr_name, interf, len + 1);
req.ifr_addr.sa_family = AF_INET;
if(ioctl(dummy, SIOCGIFADDR, &req) < 0) {
@@ -187,7 +241,7 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
return IF2IP_NOT_FOUND;
}
- s = (struct sockaddr_in *)&req.ifr_addr;
+ s = (struct sockaddr_in *)(void *)&req.ifr_addr;
memcpy(&in, &s->sin_addr, sizeof(in));
Curl_inet_ntop(s->sin_family, &in, buf, buf_size);
@@ -205,10 +259,12 @@ bool Curl_if_is_interface_name(const char *interf)
}
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- const char *interf, char *buf, int buf_size)
+ unsigned int remote_scope_id, const char *interf,
+ char *buf, int buf_size)
{
(void) af;
(void) remote_scope;
+ (void) remote_scope_id;
(void) interf;
(void) buf;
(void) buf_size;
diff --git a/libs/libcurl/src/if2ip.h b/libs/libcurl/src/if2ip.h
index ac58752378..a90e662164 100644
--- a/libs/libcurl/src/if2ip.h
+++ b/libs/libcurl/src/if2ip.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,6 +23,15 @@
***************************************************************************/
#include "curl_setup.h"
+/* IPv6 address scopes. */
+#define IPV6_SCOPE_GLOBAL 0 /* Global scope. */
+#define IPV6_SCOPE_LINKLOCAL 1 /* Link-local scope. */
+#define IPV6_SCOPE_SITELOCAL 2 /* Site-local scope (deprecated). */
+#define IPV6_SCOPE_UNIQUELOCAL 3 /* Unique local */
+#define IPV6_SCOPE_NODELOCAL 4 /* Loopback. */
+
+unsigned int Curl_ipv6_scope(const struct sockaddr *sa);
+
bool Curl_if_is_interface_name(const char *interf);
typedef enum {
@@ -32,7 +41,8 @@ typedef enum {
} if2ip_result_t;
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- const char *interf, char *buf, int buf_size);
+ unsigned int remote_scope_id, const char *interf,
+ char *buf, int buf_size);
#ifdef __INTERIX
diff --git a/libs/libcurl/src/imap.c b/libs/libcurl/src/imap.c
index 9a845102ad..1b52f73a41 100644
--- a/libs/libcurl/src/imap.c
+++ b/libs/libcurl/src/imap.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,9 +24,11 @@
* RFC3501 IMAPv4 protocol
* RFC4422 Simple Authentication and Security Layer (SASL)
* RFC4616 PLAIN authentication
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
* RFC4959 IMAP Extension for SASL Initial Client Response
* RFC5092 IMAP URL Scheme
* RFC6749 OAuth 2.0 Authorization Framework
+ * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
***************************************************************************/
@@ -59,7 +61,6 @@
#include <curl/curl.h>
#include "urldata.h"
#include "sendf.h"
-#include "if2ip.h"
#include "hostip.h"
#include "progress.h"
#include "transfer.h"
@@ -67,24 +68,22 @@
#include "http.h" /* for HTTP proxy tunnel stuff */
#include "socks.h"
#include "imap.h"
-
+#include "mime.h"
#include "strtoofft.h"
-#include "strequal.h"
-#include "sslgen.h"
+#include "strcase.h"
+#include "vtls/vtls.h"
#include "connect.h"
#include "strerror.h"
#include "select.h"
#include "multiif.h"
#include "url.h"
-#include "rawstr.h"
+#include "strcase.h"
#include "curl_sasl.h"
#include "warnless.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/* Local API functions */
@@ -99,11 +98,17 @@ static int imap_getsock(struct connectdata *conn, curl_socket_t *socks,
int numsocks);
static CURLcode imap_doing(struct connectdata *conn, bool *dophase_done);
static CURLcode imap_setup_connection(struct connectdata *conn);
-static char *imap_atom(const char *str);
+static char *imap_atom(const char *str, bool escape_only);
static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...);
static CURLcode imap_parse_url_options(struct connectdata *conn);
static CURLcode imap_parse_url_path(struct connectdata *conn);
static CURLcode imap_parse_custom_request(struct connectdata *conn);
+static CURLcode imap_perform_authenticate(struct connectdata *conn,
+ const char *mech,
+ const char *initresp);
+static CURLcode imap_continue_authenticate(struct connectdata *conn,
+ const char *resp);
+static void imap_get_message(char *buffer, char **outptr);
/*
* IMAP protocol handler.
@@ -124,10 +129,11 @@ const struct Curl_handler Curl_handler_imap = {
ZERO_NULL, /* perform_getsock */
imap_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_IMAP, /* defport */
CURLPROTO_IMAP, /* protocol */
- PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD
- | PROTOPT_NOURLQUERY /* flags */
+ PROTOPT_CLOSEACTION| /* flags */
+ PROTOPT_URLOPTIONS
};
#ifdef USE_SSL
@@ -150,69 +156,37 @@ const struct Curl_handler Curl_handler_imaps = {
ZERO_NULL, /* perform_getsock */
imap_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_IMAPS, /* defport */
- CURLPROTO_IMAP | CURLPROTO_IMAPS, /* protocol */
- PROTOPT_CLOSEACTION | PROTOPT_SSL | PROTOPT_NEEDSPWD
- | PROTOPT_NOURLQUERY /* flags */
+ CURLPROTO_IMAPS, /* protocol */
+ PROTOPT_CLOSEACTION | PROTOPT_SSL /* flags */
};
#endif
-#ifndef CURL_DISABLE_HTTP
-/*
- * HTTP-proxyed IMAP protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_imap_proxy = {
- "IMAP", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_IMAP, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
+#define IMAP_RESP_OK 1
+#define IMAP_RESP_NOT_OK 2
+#define IMAP_RESP_PREAUTH 3
+
+/* SASL parameters for the imap protocol */
+static const struct SASLproto saslimap = {
+ "imap", /* The service name */
+ '+', /* Code received when continuation is expected */
+ IMAP_RESP_OK, /* Code to receive upon authentication success */
+ 0, /* Maximum initial response length (no max) */
+ imap_perform_authenticate, /* Send authentication command */
+ imap_continue_authenticate, /* Send authentication continuation */
+ imap_get_message /* Get SASL response message */
};
-#ifdef USE_SSL
-/*
- * HTTP-proxyed IMAPS protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_imaps_proxy = {
- "IMAPS", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_IMAPS, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
-};
-#endif
-#endif
#ifdef USE_SSL
static void imap_to_imaps(struct connectdata *conn)
{
+ /* Change the connection handler */
conn->handler = &Curl_handler_imaps;
+
+ /* Set the connection's upgraded to TLS flag */
+ conn->tls_upgraded = TRUE;
}
#else
#define imap_to_imaps(x) Curl_nop_stmt
@@ -252,8 +226,8 @@ static bool imap_matchresp(const char *line, size_t len, const char *cmd)
/* Does the command name match and is it followed by a space character or at
the end of line? */
- if(line + cmd_len <= end && Curl_raw_nequal(line, cmd, cmd_len) &&
- (line[cmd_len] == ' ' || line + cmd_len == end))
+ if(line + cmd_len <= end && strncasecompare(line, cmd, cmd_len) &&
+ (line[cmd_len] == ' ' || line + cmd_len + 2 == end))
return TRUE;
return FALSE;
@@ -280,15 +254,11 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
len -= id_len + 1;
if(len >= 2 && !memcmp(line, "OK", 2))
- *resp = 'O';
- else if(len >= 2 && !memcmp(line, "NO", 2))
- *resp = 'N';
- else if(len >= 3 && !memcmp(line, "BAD", 3))
- *resp = 'B';
- else {
- failf(conn->data, "Bad tagged response");
- *resp = -1;
- }
+ *resp = IMAP_RESP_OK;
+ else if(len >= 7 && !memcmp(line, "PREAUTH", 7))
+ *resp = IMAP_RESP_PREAUTH;
+ else
+ *resp = IMAP_RESP_NOT_OK;
return TRUE;
}
@@ -305,15 +275,15 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
case IMAP_LIST:
if((!imap->custom && !imap_matchresp(line, len, "LIST")) ||
(imap->custom && !imap_matchresp(line, len, imap->custom) &&
- (strcmp(imap->custom, "STORE") ||
+ (!strcasecompare(imap->custom, "STORE") ||
!imap_matchresp(line, len, "FETCH")) &&
- strcmp(imap->custom, "SELECT") &&
- strcmp(imap->custom, "EXAMINE") &&
- strcmp(imap->custom, "SEARCH") &&
- strcmp(imap->custom, "EXPUNGE") &&
- strcmp(imap->custom, "LSUB") &&
- strcmp(imap->custom, "UID") &&
- strcmp(imap->custom, "NOOP")))
+ !strcasecompare(imap->custom, "SELECT") &&
+ !strcasecompare(imap->custom, "EXAMINE") &&
+ !strcasecompare(imap->custom, "SEARCH") &&
+ !strcasecompare(imap->custom, "EXPUNGE") &&
+ !strcasecompare(imap->custom, "LSUB") &&
+ !strcasecompare(imap->custom, "UID") &&
+ !strcasecompare(imap->custom, "NOOP")))
return FALSE;
break;
@@ -327,6 +297,11 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
return FALSE;
break;
+ case IMAP_SEARCH:
+ if(!imap_matchresp(line, len, "SEARCH"))
+ return FALSE;
+ break;
+
/* Ignore other untagged responses */
default:
return FALSE;
@@ -340,20 +315,11 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
a space and optionally some text as per RFC-3501 for the AUTHENTICATE and
APPEND commands and as outlined in Section 4. Examples of RFC-4959 but
some e-mail servers ignore this and only send a single + instead. */
- if((len == 3 && !memcmp("+", line, 1)) ||
- (len >= 2 && !memcmp("+ ", line, 2))) {
+ if(imap && !imap->custom && ((len == 3 && !memcmp("+", line, 1)) ||
+ (len >= 2 && !memcmp("+ ", line, 2)))) {
switch(imapc->state) {
/* States which are interested in continuation responses */
- case IMAP_AUTHENTICATE_PLAIN:
- case IMAP_AUTHENTICATE_LOGIN:
- case IMAP_AUTHENTICATE_LOGIN_PASSWD:
- case IMAP_AUTHENTICATE_CRAMMD5:
- case IMAP_AUTHENTICATE_DIGESTMD5:
- case IMAP_AUTHENTICATE_DIGESTMD5_RESP:
- case IMAP_AUTHENTICATE_NTLM:
- case IMAP_AUTHENTICATE_NTLM_TYPE2MSG:
- case IMAP_AUTHENTICATE_XOAUTH2:
- case IMAP_AUTHENTICATE_FINAL:
+ case IMAP_AUTHENTICATE:
case IMAP_APPEND:
*resp = '+';
break;
@@ -372,6 +338,35 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
/***********************************************************************
*
+ * imap_get_message()
+ *
+ * Gets the authentication message from the response buffer.
+ */
+static void imap_get_message(char *buffer, char **outptr)
+{
+ size_t len = 0;
+ char *message = NULL;
+
+ /* Find the start of the message */
+ for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+ ;
+
+ /* Find the end of the message */
+ for(len = strlen(message); len--;)
+ if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+ message[len] != '\t')
+ break;
+
+ /* Terminate the message */
+ if(++len) {
+ message[len] = '\0';
+ }
+
+ *outptr = message;
+}
+
+/***********************************************************************
+ *
* state()
*
* This is the ONLY way to change IMAP state!
@@ -387,16 +382,7 @@ static void state(struct connectdata *conn, imapstate newstate)
"CAPABILITY",
"STARTTLS",
"UPGRADETLS",
- "AUTHENTICATE_PLAIN",
- "AUTHENTICATE_LOGIN",
- "AUTHENTICATE_LOGIN_PASSWD",
- "AUTHENTICATE_CRAMMD5",
- "AUTHENTICATE_DIGESTMD5",
- "AUTHENTICATE_DIGESTMD5_RESP",
- "AUTHENTICATE_NTLM",
- "AUTHENTICATE_NTLM_TYPE2MSG",
- "AUTHENTICATE_XOAUTH2",
- "AUTHENTICATE_FINAL",
+ "AUTHENTICATE",
"LOGIN",
"LIST",
"SELECT",
@@ -404,6 +390,7 @@ static void state(struct connectdata *conn, imapstate newstate)
"FETCH_FINAL",
"APPEND",
"APPEND_FINAL",
+ "SEARCH",
"LOGOUT",
/* LAST */
};
@@ -428,9 +415,9 @@ static CURLcode imap_perform_capability(struct connectdata *conn)
CURLcode result = CURLE_OK;
struct imap_conn *imapc = &conn->proto.imapc;
- imapc->authmechs = 0; /* No known authentication mechanisms yet */
- imapc->authused = 0; /* Clear the authentication mechanism used */
- imapc->tls_supported = FALSE; /* Clear the TLS capability */
+ imapc->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */
+ imapc->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */
+ imapc->tls_supported = FALSE; /* Clear the TLS capability */
/* Send the CAPABILITY command */
result = imap_sendf(conn, "CAPABILITY");
@@ -508,15 +495,15 @@ static CURLcode imap_perform_login(struct connectdata *conn)
}
/* Make sure the username and password are in the correct atom format */
- user = imap_atom(conn->user);
- passwd = imap_atom(conn->passwd);
+ user = imap_atom(conn->user, false);
+ passwd = imap_atom(conn->passwd, false);
/* Send the LOGIN command */
result = imap_sendf(conn, "LOGIN %s %s", user ? user : "",
passwd ? passwd : "");
- Curl_safefree(user);
- Curl_safefree(passwd);
+ free(user);
+ free(passwd);
if(!result)
state(conn, IMAP_LOGIN);
@@ -528,118 +515,70 @@ static CURLcode imap_perform_login(struct connectdata *conn)
*
* imap_perform_authenticate()
*
- * Sends an AUTHENTICATE command allowing the client to login with the
- * appropriate SASL authentication mechanism.
+ * Sends an AUTHENTICATE command allowing the client to login with the given
+ * SASL authentication mechanism.
+ */
+static CURLcode imap_perform_authenticate(struct connectdata *conn,
+ const char *mech,
+ const char *initresp)
+{
+ CURLcode result = CURLE_OK;
+
+ if(initresp) {
+ /* Send the AUTHENTICATE command with the initial response */
+ result = imap_sendf(conn, "AUTHENTICATE %s %s", mech, initresp);
+ }
+ else {
+ /* Send the AUTHENTICATE command */
+ result = imap_sendf(conn, "AUTHENTICATE %s", mech);
+ }
+
+ return result;
+}
+
+/***********************************************************************
+ *
+ * imap_continue_authenticate()
*
- * Additionally, the function will perform fallback to the LOGIN command
- * should a common mechanism not be available between the client and server.
+ * Sends SASL continuation data or cancellation.
*/
-static CURLcode imap_perform_authenticate(struct connectdata *conn)
+static CURLcode imap_continue_authenticate(struct connectdata *conn,
+ const char *resp)
+{
+ struct imap_conn *imapc = &conn->proto.imapc;
+
+ return Curl_pp_sendf(&imapc->pp, "%s", resp);
+}
+
+/***********************************************************************
+ *
+ * imap_perform_authentication()
+ *
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism, falling back to clear text should a common
+ * mechanism not be available between the client and server.
+ */
+static CURLcode imap_perform_authentication(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
struct imap_conn *imapc = &conn->proto.imapc;
- const char *mech = NULL;
- char *initresp = NULL;
- size_t len = 0;
- imapstate state1 = IMAP_STOP;
- imapstate state2 = IMAP_STOP;
+ saslprogress progress;
- /* Check we have a username and password to authenticate with and end the
- connect phase if we don't */
- if(!conn->bits.user_passwd) {
+ /* Check if already authenticated OR if there is enough data to authenticate
+ with and end the connect phase if we don't */
+ if(imapc->preauth ||
+ !Curl_sasl_can_authenticate(&imapc->sasl, conn)) {
state(conn, IMAP_STOP);
-
return result;
}
- /* Calculate the supported authentication mechanism by decreasing order of
- security */
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- if((imapc->authmechs & SASL_MECH_DIGEST_MD5) &&
- (imapc->prefmech & SASL_MECH_DIGEST_MD5)) {
- mech = SASL_MECH_STRING_DIGEST_MD5;
- state1 = IMAP_AUTHENTICATE_DIGESTMD5;
- imapc->authused = SASL_MECH_DIGEST_MD5;
- }
- else if((imapc->authmechs & SASL_MECH_CRAM_MD5) &&
- (imapc->prefmech & SASL_MECH_CRAM_MD5)) {
- mech = SASL_MECH_STRING_CRAM_MD5;
- state1 = IMAP_AUTHENTICATE_CRAMMD5;
- imapc->authused = SASL_MECH_CRAM_MD5;
- }
- else
-#endif
-#ifdef USE_NTLM
- if((imapc->authmechs & SASL_MECH_NTLM) &&
- (imapc->prefmech & SASL_MECH_NTLM)) {
- mech = SASL_MECH_STRING_NTLM;
- state1 = IMAP_AUTHENTICATE_NTLM;
- state2 = IMAP_AUTHENTICATE_NTLM_TYPE2MSG;
- imapc->authused = SASL_MECH_NTLM;
-
- if(imapc->ir_supported || data->set.sasl_ir)
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &initresp, &len);
- }
- else
-#endif
- if(((imapc->authmechs & SASL_MECH_XOAUTH2) &&
- (imapc->prefmech & SASL_MECH_XOAUTH2) &&
- (imapc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
- mech = SASL_MECH_STRING_XOAUTH2;
- state1 = IMAP_AUTHENTICATE_XOAUTH2;
- state2 = IMAP_AUTHENTICATE_FINAL;
- imapc->authused = SASL_MECH_XOAUTH2;
-
- if(imapc->ir_supported || data->set.sasl_ir)
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &initresp, &len);
- }
- else if((imapc->authmechs & SASL_MECH_LOGIN) &&
- (imapc->prefmech & SASL_MECH_LOGIN)) {
- mech = SASL_MECH_STRING_LOGIN;
- state1 = IMAP_AUTHENTICATE_LOGIN;
- state2 = IMAP_AUTHENTICATE_LOGIN_PASSWD;
- imapc->authused = SASL_MECH_LOGIN;
-
- if(imapc->ir_supported || data->set.sasl_ir)
- result = Curl_sasl_create_login_message(conn->data, conn->user,
- &initresp, &len);
- }
- else if((imapc->authmechs & SASL_MECH_PLAIN) &&
- (imapc->prefmech & SASL_MECH_PLAIN)) {
- mech = SASL_MECH_STRING_PLAIN;
- state1 = IMAP_AUTHENTICATE_PLAIN;
- state2 = IMAP_AUTHENTICATE_FINAL;
- imapc->authused = SASL_MECH_PLAIN;
-
- if(imapc->ir_supported || data->set.sasl_ir)
- result = Curl_sasl_create_plain_message(conn->data, conn->user,
- conn->passwd, &initresp, &len);
- }
+ /* Calculate the SASL login details */
+ result = Curl_sasl_start(&imapc->sasl, conn, imapc->ir_supported, &progress);
if(!result) {
- if(mech) {
- /* Perform SASL based authentication */
- if(initresp) {
- result = imap_sendf(conn, "AUTHENTICATE %s %s", mech, initresp);
-
- if(!result)
- state(conn, state2);
- }
- else {
- result = imap_sendf(conn, "AUTHENTICATE %s", mech);
-
- if(!result)
- state(conn, state1);
- }
-
- Curl_safefree(initresp);
- }
- else if(!imapc->login_disabled)
+ if(progress == SASL_INPROGRESS)
+ state(conn, IMAP_AUTHENTICATE);
+ else if(!imapc->login_disabled && (imapc->preftype & IMAP_TYPE_CLEARTEXT))
/* Perform clear text authentication */
result = imap_perform_login(conn);
else {
@@ -661,7 +600,7 @@ static CURLcode imap_perform_authenticate(struct connectdata *conn)
static CURLcode imap_perform_list(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap = data->req.protop;
char *mailbox;
@@ -670,15 +609,15 @@ static CURLcode imap_perform_list(struct connectdata *conn)
result = imap_sendf(conn, "%s%s", imap->custom,
imap->custom_params ? imap->custom_params : "");
else {
- /* Make sure the mailbox is in the correct atom format */
- mailbox = imap_atom(imap->mailbox ? imap->mailbox : "");
+ /* Make sure the mailbox is in the correct atom format if necessary */
+ mailbox = imap->mailbox ? imap_atom(imap->mailbox, true) : strdup("");
if(!mailbox)
return CURLE_OUT_OF_MEMORY;
/* Send the LIST command */
result = imap_sendf(conn, "LIST \"%s\" *", mailbox);
- Curl_safefree(mailbox);
+ free(mailbox);
}
if(!result)
@@ -696,7 +635,7 @@ static CURLcode imap_perform_list(struct connectdata *conn)
static CURLcode imap_perform_select(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap = data->req.protop;
struct imap_conn *imapc = &conn->proto.imapc;
char *mailbox;
@@ -712,14 +651,14 @@ static CURLcode imap_perform_select(struct connectdata *conn)
}
/* Make sure the mailbox is in the correct atom format */
- mailbox = imap_atom(imap->mailbox);
+ mailbox = imap_atom(imap->mailbox, false);
if(!mailbox)
return CURLE_OUT_OF_MEMORY;
/* Send the SELECT command */
result = imap_sendf(conn, "SELECT %s", mailbox);
- Curl_safefree(mailbox);
+ free(mailbox);
if(!result)
state(conn, IMAP_SELECT);
@@ -745,9 +684,15 @@ static CURLcode imap_perform_fetch(struct connectdata *conn)
}
/* Send the FETCH command */
- result = imap_sendf(conn, "FETCH %s BODY[%s]",
- imap->uid,
- imap->section ? imap->section : "");
+ if(imap->partial)
+ result = imap_sendf(conn, "FETCH %s BODY[%s]<%s>",
+ imap->uid,
+ imap->section ? imap->section : "",
+ imap->partial);
+ else
+ result = imap_sendf(conn, "FETCH %s BODY[%s]",
+ imap->uid,
+ imap->section ? imap->section : "");
if(!result)
state(conn, IMAP_FETCH);
@@ -764,31 +709,61 @@ static CURLcode imap_perform_fetch(struct connectdata *conn)
static CURLcode imap_perform_append(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct IMAP *imap = conn->data->req.protop;
+ struct Curl_easy *data = conn->data;
+ struct IMAP *imap = data->req.protop;
char *mailbox;
/* Check we have a mailbox */
if(!imap->mailbox) {
- failf(conn->data, "Cannot APPEND without a mailbox.");
+ failf(data, "Cannot APPEND without a mailbox.");
return CURLE_URL_MALFORMAT;
}
+ /* Prepare the mime data if some. */
+ if(data->set.mimepost.kind != MIMEKIND_NONE) {
+ /* Use the whole structure as data. */
+ data->set.mimepost.flags &= ~MIME_BODY_ONLY;
+
+ /* Add external headers and mime version. */
+ curl_mime_headers(&data->set.mimepost, data->set.headers, 0);
+ result = Curl_mime_prepare_headers(&data->set.mimepost, NULL,
+ NULL, MIMESTRATEGY_MAIL);
+
+ if(!result)
+ if(!Curl_checkheaders(conn, "Mime-Version"))
+ result = Curl_mime_add_header(&data->set.mimepost.curlheaders,
+ "Mime-Version: 1.0");
+
+ /* Make sure we will read the entire mime structure. */
+ if(!result)
+ result = Curl_mime_rewind(&data->set.mimepost);
+
+ if(result)
+ return result;
+
+ data->state.infilesize = Curl_mime_size(&data->set.mimepost);
+
+ /* Read from mime structure. */
+ data->state.fread_func = (curl_read_callback) Curl_mime_read;
+ data->state.in = (void *) &data->set.mimepost;
+ }
+
/* Check we know the size of the upload */
- if(conn->data->set.infilesize < 0) {
- failf(conn->data, "Cannot APPEND with unknown input file size\n");
+ if(data->state.infilesize < 0) {
+ failf(data, "Cannot APPEND with unknown input file size\n");
return CURLE_UPLOAD_FAILED;
}
/* Make sure the mailbox is in the correct atom format */
- mailbox = imap_atom(imap->mailbox);
+ mailbox = imap_atom(imap->mailbox, false);
if(!mailbox)
return CURLE_OUT_OF_MEMORY;
/* Send the APPEND command */
- result = imap_sendf(conn, "APPEND %s (\\Seen) {%" FORMAT_OFF_T "}",
- mailbox, conn->data->set.infilesize);
+ result = imap_sendf(conn, "APPEND %s (\\Seen) {%" CURL_FORMAT_CURL_OFF_T "}",
+ mailbox, data->state.infilesize);
- Curl_safefree(mailbox);
+ free(mailbox);
if(!result)
state(conn, IMAP_APPEND);
@@ -798,6 +773,32 @@ static CURLcode imap_perform_append(struct connectdata *conn)
/***********************************************************************
*
+ * imap_perform_search()
+ *
+ * Sends a SEARCH command.
+ */
+static CURLcode imap_perform_search(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+ struct IMAP *imap = conn->data->req.protop;
+
+ /* Check we have a query string */
+ if(!imap->query) {
+ failf(conn->data, "Cannot SEARCH without a query string.");
+ return CURLE_URL_MALFORMAT;
+ }
+
+ /* Send the SEARCH command */
+ result = imap_sendf(conn, "SEARCH %s", imap->query);
+
+ if(!result)
+ state(conn, IMAP_SEARCH);
+
+ return result;
+}
+
+/***********************************************************************
+ *
* imap_perform_logout()
*
* Performs the logout action prior to sclose() being called.
@@ -820,19 +821,21 @@ static CURLcode imap_state_servergreet_resp(struct connectdata *conn,
int imapcode,
imapstate instate)
{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
- if(imapcode != 'O') {
+ if(imapcode == IMAP_RESP_PREAUTH) {
+ /* PREAUTH */
+ struct imap_conn *imapc = &conn->proto.imapc;
+ imapc->preauth = TRUE;
+ infof(data, "PREAUTH connection, already authenticated!\n");
+ }
+ else if(imapcode != IMAP_RESP_OK) {
failf(data, "Got unexpected imap-server response");
- result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
+ return CURLE_WEIRD_SERVER_REPLY;
}
- else
- result = imap_perform_capability(conn);
- return result;
+ return imap_perform_capability(conn);
}
/* For CAPABILITY responses */
@@ -841,7 +844,7 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn,
imapstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct imap_conn *imapc = &conn->proto.imapc;
const char *line = data->state.buffer;
size_t wordlen;
@@ -884,32 +887,22 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn,
/* Do we have a SASL based authentication mechanism? */
else if(wordlen > 5 && !memcmp(line, "AUTH=", 5)) {
+ size_t llen;
+ unsigned int mechbit;
+
line += 5;
wordlen -= 5;
/* Test the word for a matching authentication mechanism */
- if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
- imapc->authmechs |= SASL_MECH_LOGIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
- imapc->authmechs |= SASL_MECH_PLAIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
- imapc->authmechs |= SASL_MECH_CRAM_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
- imapc->authmechs |= SASL_MECH_DIGEST_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
- imapc->authmechs |= SASL_MECH_GSSAPI;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
- imapc->authmechs |= SASL_MECH_EXTERNAL;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
- imapc->authmechs |= SASL_MECH_NTLM;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
- imapc->authmechs |= SASL_MECH_XOAUTH2;
+ mechbit = Curl_sasl_decode_mech(line, wordlen, &llen);
+ if(mechbit && llen == wordlen)
+ imapc->sasl.authmechs |= mechbit;
}
line += wordlen;
}
}
- else if(imapcode == 'O') {
+ else if(imapcode == IMAP_RESP_OK) {
if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
/* We don't have a SSL/TLS connection yet, but SSL is requested */
if(imapc->tls_supported)
@@ -917,17 +910,17 @@ static CURLcode imap_state_capability_resp(struct connectdata *conn,
result = imap_perform_starttls(conn);
else if(data->set.use_ssl == CURLUSESSL_TRY)
/* Fallback and carry on with authentication */
- result = imap_perform_authenticate(conn);
+ result = imap_perform_authentication(conn);
else {
failf(data, "STARTTLS not supported.");
result = CURLE_USE_SSL_FAILED;
}
}
else
- result = imap_perform_authenticate(conn);
+ result = imap_perform_authentication(conn);
}
else
- result = imap_perform_login(conn);
+ result = imap_perform_authentication(conn);
return result;
}
@@ -938,17 +931,17 @@ static CURLcode imap_state_starttls_resp(struct connectdata *conn,
imapstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
- if(imapcode != 'O') {
+ if(imapcode != IMAP_RESP_OK) {
if(data->set.use_ssl != CURLUSESSL_TRY) {
- failf(data, "STARTTLS denied. %c", imapcode);
+ failf(data, "STARTTLS denied");
result = CURLE_USE_SSL_FAILED;
}
else
- result = imap_perform_authenticate(conn);
+ result = imap_perform_authentication(conn);
}
else
result = imap_perform_upgrade_tls(conn);
@@ -956,374 +949,36 @@ static CURLcode imap_state_starttls_resp(struct connectdata *conn,
return result;
}
-/* For AUTHENTICATE PLAIN (without initial response) responses */
-static CURLcode imap_state_auth_plain_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *plainauth = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Access denied. %c", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the authorisation message */
- result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
- &plainauth, &len);
-
- /* Send the message */
- if(!result) {
- if(plainauth) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", plainauth);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_FINAL);
- }
-
- Curl_safefree(plainauth);
- }
- }
-
- return result;
-}
-
-/* For AUTHENTICATE LOGIN (without initial response) responses */
-static CURLcode imap_state_auth_login_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *authuser = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Access denied: %d", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the user message */
- result = Curl_sasl_create_login_message(data, conn->user,
- &authuser, &len);
-
- /* Send the user */
- if(!result) {
- if(authuser) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", authuser);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_LOGIN_PASSWD);
- }
-
- Curl_safefree(authuser);
- }
- }
-
- return result;
-}
-
-/* For AUTHENTICATE LOGIN user entry responses */
-static CURLcode imap_state_auth_login_password_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *authpasswd = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Access denied: %d", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the password message */
- result = Curl_sasl_create_login_message(data, conn->passwd,
- &authpasswd, &len);
-
- /* Send the password */
- if(!result) {
- if(authpasswd) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", authpasswd);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_FINAL);
- }
-
- Curl_safefree(authpasswd);
- }
- }
-
- return result;
-}
-
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-/* For AUTHENTICATE CRAM-MD5 responses */
-static CURLcode imap_state_auth_cram_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *chlg64 = data->state.buffer;
- size_t len = 0;
- char *rplyb64 = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Access denied: %d", imapcode);
- return CURLE_LOGIN_DENIED;
- }
-
- /* Get the challenge */
- for(chlg64 += 2; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
- ;
-
- /* Terminate the challenge */
- if(*chlg64 != '=') {
- for(len = strlen(chlg64); len--;)
- if(chlg64[len] != '\r' && chlg64[len] != '\n' && chlg64[len] != ' ' &&
- chlg64[len] != '\t')
- break;
-
- if(++len) {
- chlg64[len] = '\0';
- }
- }
-
- /* Create the response message */
- result = Curl_sasl_create_cram_md5_message(data, chlg64, conn->user,
- conn->passwd, &rplyb64, &len);
-
- /* Send the response */
- if(!result) {
- if(rplyb64) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_FINAL);
- }
-
- Curl_safefree(rplyb64);
- }
-
- return result;
-}
-
-/* For AUTHENTICATE DIGEST-MD5 challenge responses */
-static CURLcode imap_state_auth_digest_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *chlg64 = data->state.buffer;
- size_t len = 0;
- char *rplyb64 = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Access denied: %d", imapcode);
- return CURLE_LOGIN_DENIED;
- }
-
- /* Get the challenge */
- for(chlg64 += 2; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
- ;
-
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, chlg64, conn->user,
- conn->passwd, "imap",
- &rplyb64, &len);
-
- /* Send the response */
- if(!result) {
- if(rplyb64) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", rplyb64);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_DIGESTMD5_RESP);
- }
-
- Curl_safefree(rplyb64);
- }
-
- return result;
-}
-
-/* For AUTHENTICATE DIGEST-MD5 challenge-response responses */
-static CURLcode imap_state_auth_digest_resp_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Authentication failed: %d", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Send an empty response */
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", "");
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_FINAL);
- }
-
- return result;
-}
-#endif
-
-#ifdef USE_NTLM
-/* For AUTHENTICATE NTLM (without initial response) responses */
-static CURLcode imap_state_auth_ntlm_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *type1msg = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Access denied: %d", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the type-1 message */
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &type1msg, &len);
-
- /* Send the message */
- if(!result) {
- if(type1msg) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", type1msg);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_NTLM_TYPE2MSG);
- }
-
- Curl_safefree(type1msg);
- }
- }
-
- return result;
-}
-
-/* For NTLM type-2 responses (sent in reponse to our type-1 message) */
-static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *type3msg = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != '+') {
- failf(data, "Access denied: %d", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the type-3 message */
- result = Curl_sasl_create_ntlm_type3_message(data,
- data->state.buffer + 2,
- conn->user, conn->passwd,
- &conn->ntlm,
- &type3msg, &len);
-
- /* Send the message */
- if(!result) {
- if(type3msg) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", type3msg);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_FINAL);
- }
-
- Curl_safefree(type3msg);
- }
- }
-
- return result;
-}
-#endif
-
-/* For AUTH XOAUTH2 (without initial response) responses */
-static CURLcode imap_state_auth_xoauth2_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
+/* For SASL authentication responses */
+static CURLcode imap_state_auth_resp(struct connectdata *conn,
+ int imapcode,
+ imapstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *xoauth = NULL;
+ struct Curl_easy *data = conn->data;
+ struct imap_conn *imapc = &conn->proto.imapc;
+ saslprogress progress;
(void)instate; /* no use for this yet */
- if(imapcode != '+') {
- failf(data, "Access denied: %d", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the authorisation message */
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &xoauth, &len);
-
- /* Send the message */
- if(!result) {
- if(xoauth) {
- result = Curl_pp_sendf(&conn->proto.imapc.pp, "%s", xoauth);
-
- if(!result)
- state(conn, IMAP_AUTHENTICATE_FINAL);
+ result = Curl_sasl_continue(&imapc->sasl, conn, imapcode, &progress);
+ if(!result)
+ switch(progress) {
+ case SASL_DONE:
+ state(conn, IMAP_STOP); /* Authenticated */
+ break;
+ case SASL_IDLE: /* No mechanism left after cancellation */
+ if((!imapc->login_disabled) && (imapc->preftype & IMAP_TYPE_CLEARTEXT))
+ /* Perform clear text authentication */
+ result = imap_perform_login(conn);
+ else {
+ failf(data, "Authentication cancelled");
+ result = CURLE_LOGIN_DENIED;
}
-
- Curl_safefree(xoauth);
+ break;
+ default:
+ break;
}
- }
-
- return result;
-}
-
-/* For final responses to the AUTHENTICATE sequence */
-static CURLcode imap_state_auth_final_resp(struct connectdata *conn,
- int imapcode,
- imapstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(imapcode != 'O') {
- failf(data, "Authentication failed: %d", imapcode);
- result = CURLE_LOGIN_DENIED;
- }
- else
- /* End of connect phase */
- state(conn, IMAP_STOP);
return result;
}
@@ -1334,11 +989,11 @@ static CURLcode imap_state_login_resp(struct connectdata *conn,
imapstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
- if(imapcode != 'O') {
+ if(imapcode != IMAP_RESP_OK) {
failf(data, "Access denied. %c", imapcode);
result = CURLE_LOGIN_DENIED;
}
@@ -1349,9 +1004,10 @@ static CURLcode imap_state_login_resp(struct connectdata *conn,
return result;
}
-/* For LIST responses */
-static CURLcode imap_state_list_resp(struct connectdata *conn, int imapcode,
- imapstate instate)
+/* For LIST and SEARCH responses */
+static CURLcode imap_state_listsearch_resp(struct connectdata *conn,
+ int imapcode,
+ imapstate instate)
{
CURLcode result = CURLE_OK;
char *line = conn->data->state.buffer;
@@ -1365,7 +1021,7 @@ static CURLcode imap_state_list_resp(struct connectdata *conn, int imapcode,
result = Curl_client_write(conn, CLIENTWRITE_BODY, line, len + 1);
line[len] = '\0';
}
- else if(imapcode != 'O')
+ else if(imapcode != IMAP_RESP_OK)
result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
else
/* End of DO phase */
@@ -1379,7 +1035,7 @@ static CURLcode imap_state_select_resp(struct connectdata *conn, int imapcode,
imapstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap = conn->data->req.protop;
struct imap_conn *imapc = &conn->proto.imapc;
const char *line = data->state.buffer;
@@ -1394,10 +1050,10 @@ static CURLcode imap_state_select_resp(struct connectdata *conn, int imapcode,
imapc->mailbox_uidvalidity = strdup(tmp);
}
}
- else if(imapcode == 'O') {
+ else if(imapcode == IMAP_RESP_OK) {
/* Check if the UIDVALIDITY has been specified and matches */
if(imap->uidvalidity && imapc->mailbox_uidvalidity &&
- strcmp(imap->uidvalidity, imapc->mailbox_uidvalidity)) {
+ !strcasecompare(imap->uidvalidity, imapc->mailbox_uidvalidity)) {
failf(conn->data, "Mailbox UIDVALIDITY has changed");
result = CURLE_REMOTE_FILE_NOT_FOUND;
}
@@ -1407,6 +1063,8 @@ static CURLcode imap_state_select_resp(struct connectdata *conn, int imapcode,
if(imap->custom)
result = imap_perform_list(conn);
+ else if(imap->query)
+ result = imap_perform_search(conn);
else
result = imap_perform_fetch(conn);
}
@@ -1424,17 +1082,17 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
imapstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct imap_conn *imapc = &conn->proto.imapc;
struct pingpong *pp = &imapc->pp;
const char *ptr = data->state.buffer;
bool parsed = FALSE;
- curl_off_t size;
+ curl_off_t size = 0;
(void)instate; /* no use for this yet */
if(imapcode != '*') {
- Curl_pgrsSetDownloadSize(data, 0);
+ Curl_pgrsSetDownloadSize(data, -1);
state(conn, IMAP_STOP);
return CURLE_REMOTE_FILE_NOT_FOUND; /* TODO: Fix error code */
}
@@ -1446,14 +1104,16 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
if(*ptr == '{') {
char *endptr;
- size = curlx_strtoofft(ptr + 1, &endptr, 10);
- if(endptr - ptr > 1 && endptr[0] == '}' &&
- endptr[1] == '\r' && endptr[2] == '\0')
- parsed = TRUE;
+ if(!curlx_strtoofft(ptr + 1, &endptr, 10, &size)) {
+ if(endptr - ptr > 1 && endptr[0] == '}' &&
+ endptr[1] == '\r' && endptr[2] == '\0')
+ parsed = TRUE;
+ }
}
if(parsed) {
- infof(data, "Found %" FORMAT_OFF_TU " bytes to download\n", size);
+ infof(data, "Found %" CURL_FORMAT_CURL_OFF_TU " bytes to download\n",
+ size);
Curl_pgrsSetDownloadSize(data, size);
if(pp->cache) {
@@ -1466,13 +1126,19 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
/* The conversion from curl_off_t to size_t is always fine here */
chunk = (size_t)size;
+ if(!chunk) {
+ /* no size, we're done with the data */
+ state(conn, IMAP_STOP);
+ return CURLE_OK;
+ }
result = Curl_client_write(conn, CLIENTWRITE_BODY, pp->cache, chunk);
if(result)
return result;
data->req.bytecount += chunk;
- infof(data, "Written %" FORMAT_OFF_TU " bytes, %" FORMAT_OFF_TU
+ infof(data, "Written %" CURL_FORMAT_CURL_OFF_TU
+ " bytes, %" CURL_FORMAT_CURL_OFF_TU
" bytes are left for transfer\n", (curl_off_t)chunk,
size - chunk);
@@ -1503,7 +1169,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
else {
/* We don't know how to parse this line */
failf(pp->conn->data, "Failed to parse FETCH response.");
- result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
+ result = CURLE_WEIRD_SERVER_REPLY;
}
/* End of DO phase */
@@ -1521,8 +1187,8 @@ static CURLcode imap_state_fetch_final_resp(struct connectdata *conn,
(void)instate; /* No use for this yet */
- if(imapcode != 'O')
- result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: Fix error code */
+ if(imapcode != IMAP_RESP_OK)
+ result = CURLE_WEIRD_SERVER_REPLY;
else
/* End of DONE phase */
state(conn, IMAP_STOP);
@@ -1535,7 +1201,7 @@ static CURLcode imap_state_append_resp(struct connectdata *conn, int imapcode,
imapstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* No use for this yet */
@@ -1544,7 +1210,7 @@ static CURLcode imap_state_append_resp(struct connectdata *conn, int imapcode,
}
else {
/* Set the progress upload size */
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
/* IMAP upload */
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
@@ -1565,7 +1231,7 @@ static CURLcode imap_state_append_final_resp(struct connectdata *conn,
(void)instate; /* No use for this yet */
- if(imapcode != 'O')
+ if(imapcode != IMAP_RESP_OK)
result = CURLE_UPLOAD_FAILED;
else
/* End of DONE phase */
@@ -1599,7 +1265,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
/* Was there an error parsing the response line? */
if(imapcode == -1)
- return CURLE_FTP_WEIRD_SERVER_REPLY;
+ return CURLE_WEIRD_SERVER_REPLY;
if(!imapcode)
break;
@@ -1618,50 +1284,8 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
result = imap_state_starttls_resp(conn, imapcode, imapc->state);
break;
- case IMAP_AUTHENTICATE_PLAIN:
- result = imap_state_auth_plain_resp(conn, imapcode, imapc->state);
- break;
-
- case IMAP_AUTHENTICATE_LOGIN:
- result = imap_state_auth_login_resp(conn, imapcode, imapc->state);
- break;
-
- case IMAP_AUTHENTICATE_LOGIN_PASSWD:
- result = imap_state_auth_login_password_resp(conn, imapcode,
- imapc->state);
- break;
-
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- case IMAP_AUTHENTICATE_CRAMMD5:
- result = imap_state_auth_cram_resp(conn, imapcode, imapc->state);
- break;
-
- case IMAP_AUTHENTICATE_DIGESTMD5:
- result = imap_state_auth_digest_resp(conn, imapcode, imapc->state);
- break;
-
- case IMAP_AUTHENTICATE_DIGESTMD5_RESP:
- result = imap_state_auth_digest_resp_resp(conn, imapcode, imapc->state);
- break;
-#endif
-
-#ifdef USE_NTLM
- case IMAP_AUTHENTICATE_NTLM:
- result = imap_state_auth_ntlm_resp(conn, imapcode, imapc->state);
- break;
-
- case IMAP_AUTHENTICATE_NTLM_TYPE2MSG:
- result = imap_state_auth_ntlm_type2msg_resp(conn, imapcode,
- imapc->state);
- break;
-#endif
-
- case IMAP_AUTHENTICATE_XOAUTH2:
- result = imap_state_auth_xoauth2_resp(conn, imapcode, imapc->state);
- break;
-
- case IMAP_AUTHENTICATE_FINAL:
- result = imap_state_auth_final_resp(conn, imapcode, imapc->state);
+ case IMAP_AUTHENTICATE:
+ result = imap_state_auth_resp(conn, imapcode, imapc->state);
break;
case IMAP_LOGIN:
@@ -1669,7 +1293,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
break;
case IMAP_LIST:
- result = imap_state_list_resp(conn, imapcode, imapc->state);
+ result = imap_state_listsearch_resp(conn, imapcode, imapc->state);
break;
case IMAP_SELECT:
@@ -1692,6 +1316,10 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
result = imap_state_append_final_resp(conn, imapcode, imapc->state);
break;
+ case IMAP_SEARCH:
+ result = imap_state_listsearch_resp(conn, imapcode, imapc->state);
+ break;
+
case IMAP_LOGOUT:
/* fallthrough, just stop! */
default:
@@ -1733,12 +1361,12 @@ static CURLcode imap_block_statemach(struct connectdata *conn)
return result;
}
-/* Allocate and initialize the struct IMAP for the current SessionHandle if
+/* Allocate and initialize the struct IMAP for the current Curl_easy if
required */
static CURLcode imap_init(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap;
imap = data->req.protop = calloc(sizeof(struct IMAP), 1);
@@ -1774,7 +1402,7 @@ static CURLcode imap_connect(struct connectdata *conn, bool *done)
*done = FALSE; /* default to not done yet */
/* We always support persistent connections in IMAP */
- conn->bits.close = FALSE;
+ connkeep(conn, "IMAP default");
/* Set the default response time-out */
pp->response_time = RESP_TIMEOUT;
@@ -1782,8 +1410,9 @@ static CURLcode imap_connect(struct connectdata *conn, bool *done)
pp->endofresp = imap_endofresp;
pp->conn = conn;
- /* Set the default preferred authentication mechanism */
- imapc->prefmech = SASL_AUTH_ANY;
+ /* Set the default preferred authentication type and mechanism */
+ imapc->preftype = IMAP_TYPE_ANY;
+ Curl_sasl_init(&imapc->sasl, &saslimap);
/* Initialise the pingpong layer */
Curl_pp_init(pp);
@@ -1817,26 +1446,23 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
bool premature)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap = data->req.protop;
(void)premature;
if(!imap)
- /* When the easy handle is removed from the multi interface while libcurl
- is still trying to resolve the host name, the IMAP struct is not yet
- initialized. However, the removal action calls Curl_done() which in
- turn calls this function, so we simply return success. */
return CURLE_OK;
if(status) {
- conn->bits.close = TRUE; /* marked for closure */
+ connclose(conn, "IMAP done with bad status"); /* marked for closure */
result = status; /* use the already set error code */
}
else if(!data->set.connect_only && !imap->custom &&
- (imap->uid || data->set.upload)) {
+ (imap->uid || data->set.upload ||
+ data->set.mimepost.kind != MIMEKIND_NONE)) {
/* Handle responses after FETCH or APPEND transfer has finished */
- if(!data->set.upload)
+ if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
state(conn, IMAP_FETCH_FINAL);
else {
/* End the APPEND command first by sending an empty line */
@@ -1849,8 +1475,7 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
TODO: when the multi interface is used, this _really_ should be using
the imap_multi_statemach function but we have no general support for
- non-blocking DONE operations, not in the multi state machine and with
- Curl_done() invokes on several places in the code!
+ non-blocking DONE operations!
*/
if(!result)
result = imap_block_statemach(conn);
@@ -1861,6 +1486,8 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
Curl_safefree(imap->uidvalidity);
Curl_safefree(imap->uid);
Curl_safefree(imap->section);
+ Curl_safefree(imap->partial);
+ Curl_safefree(imap->query);
Curl_safefree(imap->custom);
Curl_safefree(imap->custom_params);
@@ -1882,7 +1509,7 @@ static CURLcode imap_perform(struct connectdata *conn, bool *connected,
{
/* This is IMAP and no proxy */
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap = data->req.protop;
struct imap_conn *imapc = &conn->proto.imapc;
bool selected = FALSE;
@@ -1899,13 +1526,13 @@ static CURLcode imap_perform(struct connectdata *conn, bool *connected,
/* Determine if the requested mailbox (with the same UIDVALIDITY if set)
has already been selected on this connection */
if(imap->mailbox && imapc->mailbox &&
- !strcmp(imap->mailbox, imapc->mailbox) &&
+ strcasecompare(imap->mailbox, imapc->mailbox) &&
(!imap->uidvalidity || !imapc->mailbox_uidvalidity ||
- !strcmp(imap->uidvalidity, imapc->mailbox_uidvalidity)))
+ strcasecompare(imap->uidvalidity, imapc->mailbox_uidvalidity)))
selected = TRUE;
/* Start the first command in the DO phase */
- if(conn->data->set.upload)
+ if(conn->data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE)
/* APPEND can be executed directly */
result = imap_perform_append(conn);
else if(imap->custom && (selected || !imap->mailbox))
@@ -1914,7 +1541,11 @@ static CURLcode imap_perform(struct connectdata *conn, bool *connected,
else if(!imap->custom && selected && imap->uid)
/* FETCH from the same mailbox */
result = imap_perform_fetch(conn);
- else if(imap->mailbox && !selected && (imap->custom || imap->uid))
+ else if(!imap->custom && selected && imap->query)
+ /* SEARCH the current mailbox */
+ result = imap_perform_search(conn);
+ else if(imap->mailbox && !selected &&
+ (imap->custom || imap->uid || imap->query))
/* SELECT the mailbox */
result = imap_perform_select(conn);
else
@@ -1982,7 +1613,7 @@ static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection)
/* The IMAP session may or may not have been allocated/setup at this
point! */
- if(!dead_connection && imapc->pp.conn)
+ if(!dead_connection && imapc->pp.conn && imapc->pp.conn->bits.protoconnstart)
if(!imap_perform_logout(conn))
(void)imap_block_statemach(conn); /* ignore errors on LOGOUT */
@@ -1990,7 +1621,7 @@ static CURLcode imap_disconnect(struct connectdata *conn, bool dead_connection)
Curl_pp_disconnect(&imapc->pp);
/* Cleanup the SASL module */
- Curl_sasl_cleanup(conn, imapc->authused);
+ Curl_sasl_cleanup(conn, imapc->sasl.authused);
/* Cleanup our connection based variables */
Curl_safefree(imapc->mailbox);
@@ -2043,7 +1674,7 @@ static CURLcode imap_regular_transfer(struct connectdata *conn,
{
CURLcode result = CURLE_OK;
bool connected = FALSE;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* Make sure size is unknown at this point */
data->req.size = -1;
@@ -2051,8 +1682,8 @@ static CURLcode imap_regular_transfer(struct connectdata *conn,
/* Set the progress data */
Curl_pgrsSetUploadCounter(data, 0);
Curl_pgrsSetDownloadCounter(data, 0);
- Curl_pgrsSetUploadSize(data, 0);
- Curl_pgrsSetDownloadSize(data, 0);
+ Curl_pgrsSetUploadSize(data, -1);
+ Curl_pgrsSetDownloadSize(data, -1);
/* Carry out the perform */
result = imap_perform(conn, &connected, dophase_done);
@@ -2066,36 +1697,15 @@ static CURLcode imap_regular_transfer(struct connectdata *conn,
static CURLcode imap_setup_connection(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* Initialise the IMAP layer */
CURLcode result = imap_init(conn);
if(result)
return result;
- if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
- /* Unless we have asked to tunnel IMAP operations through the proxy, we
- switch and use HTTP operations only */
-#ifndef CURL_DISABLE_HTTP
- if(conn->handler == &Curl_handler_imap)
- conn->handler = &Curl_handler_imap_proxy;
- else {
-#ifdef USE_SSL
- conn->handler = &Curl_handler_imaps_proxy;
-#else
- failf(data, "IMAPS not supported!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
-
- /* set it up as an HTTP connection instead */
- return conn->handler->setup_connection(conn);
-#else
- failf(data, "IMAP over http proxy requires HTTP support built-in!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
-
+ /* Clear the TLS upgraded flag */
+ conn->tls_upgraded = FALSE;
data->state.path++; /* don't include the initial slash */
return CURLE_OK;
@@ -2105,7 +1715,7 @@ static CURLcode imap_setup_connection(struct connectdata *conn)
*
* imap_sendf()
*
- * Sends the formated string as an IMAP command to the server.
+ * Sends the formatted string as an IMAP command to the server.
*
* Designed to never block.
*/
@@ -2135,7 +1745,7 @@ static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...)
result = Curl_pp_vsendf(&imapc->pp, taggedfmt, ap);
va_end(ap);
- Curl_safefree(taggedfmt);
+ free(taggedfmt);
return result;
}
@@ -2150,38 +1760,49 @@ static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...)
* The returned string needs to be freed.
*
*/
-static char *imap_atom(const char *str)
+static char *imap_atom(const char *str, bool escape_only)
{
+ /* !checksrc! disable PARENBRACE 1 */
+ const char atom_specials[] = "(){ %*]";
const char *p1;
char *p2;
size_t backsp_count = 0;
size_t quote_count = 0;
- bool space_exists = FALSE;
+ bool others_exists = FALSE;
size_t newlen = 0;
char *newstr = NULL;
if(!str)
return NULL;
- /* Count any unescapped characters */
+ /* Look for "atom-specials", counting the backslash and quote characters as
+ these will need escapping */
p1 = str;
while(*p1) {
if(*p1 == '\\')
backsp_count++;
else if(*p1 == '"')
quote_count++;
- else if(*p1 == ' ')
- space_exists = TRUE;
+ else if(!escape_only) {
+ const char *p3 = atom_specials;
+
+ while(*p3 && !others_exists) {
+ if(*p1 == *p3)
+ others_exists = TRUE;
+
+ p3++;
+ }
+ }
p1++;
}
- /* Does the input contain any unescapped characters? */
- if(!backsp_count && !quote_count && !space_exists)
+ /* Does the input contain any "atom-special" characters? */
+ if(!backsp_count && !quote_count && !others_exists)
return strdup(str);
/* Calculate the new string length */
- newlen = strlen(str) + backsp_count + quote_count + (space_exists ? 2 : 0);
+ newlen = strlen(str) + backsp_count + quote_count + (escape_only ? 0 : 2);
/* Allocate the new string */
newstr = (char *) malloc((newlen + 1) * sizeof(char));
@@ -2190,7 +1811,7 @@ static char *imap_atom(const char *str)
/* Surround the string in quotes if necessary */
p2 = newstr;
- if(space_exists) {
+ if(!escape_only) {
newstr[0] = '"';
newstr[newlen - 1] = '"';
p2++;
@@ -2264,39 +1885,42 @@ static CURLcode imap_parse_url_options(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct imap_conn *imapc = &conn->proto.imapc;
- const char *options = conn->options;
- const char *ptr = options;
+ const char *ptr = conn->options;
- if(options) {
+ imapc->sasl.resetprefs = TRUE;
+
+ while(!result && ptr && *ptr) {
const char *key = ptr;
+ const char *value;
while(*ptr && *ptr != '=')
ptr++;
- if(strnequal(key, "AUTH", 4)) {
- const char *value = ptr + 1;
-
- if(strequal(value, "*"))
- imapc->prefmech = SASL_AUTH_ANY;
- else if(strequal(value, SASL_MECH_STRING_LOGIN))
- imapc->prefmech = SASL_MECH_LOGIN;
- else if(strequal(value, SASL_MECH_STRING_PLAIN))
- imapc->prefmech = SASL_MECH_PLAIN;
- else if(strequal(value, SASL_MECH_STRING_CRAM_MD5))
- imapc->prefmech = SASL_MECH_CRAM_MD5;
- else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5))
- imapc->prefmech = SASL_MECH_DIGEST_MD5;
- else if(strequal(value, SASL_MECH_STRING_GSSAPI))
- imapc->prefmech = SASL_MECH_GSSAPI;
- else if(strequal(value, SASL_MECH_STRING_NTLM))
- imapc->prefmech = SASL_MECH_NTLM;
- else if(strequal(value, SASL_MECH_STRING_XOAUTH2))
- imapc->prefmech = SASL_MECH_XOAUTH2;
- else
- imapc->prefmech = SASL_AUTH_NONE;
- }
+ value = ptr + 1;
+
+ while(*ptr && *ptr != ';')
+ ptr++;
+
+ if(strncasecompare(key, "AUTH=", 5))
+ result = Curl_sasl_parse_url_auth_option(&imapc->sasl,
+ value, ptr - value);
else
result = CURLE_URL_MALFORMAT;
+
+ if(*ptr == ';')
+ ptr++;
+ }
+
+ switch(imapc->sasl.prefmech) {
+ case SASL_AUTH_NONE:
+ imapc->preftype = IMAP_TYPE_NONE;
+ break;
+ case SASL_AUTH_DEFAULT:
+ imapc->preftype = IMAP_TYPE_ANY;
+ break;
+ default:
+ imapc->preftype = IMAP_TYPE_SASL;
+ break;
}
return result;
@@ -2313,7 +1937,7 @@ static CURLcode imap_parse_url_path(struct connectdata *conn)
{
/* The imap struct is already initialised in imap_connect() */
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap = data->req.protop;
const char *begin = data->state.path;
const char *ptr = begin;
@@ -2363,46 +1987,68 @@ static CURLcode imap_parse_url_path(struct connectdata *conn)
/* Decode the value parameter */
result = Curl_urldecode(data, begin, ptr - begin, &value, &valuelen, TRUE);
if(result) {
- Curl_safefree(name);
+ free(name);
return result;
}
DEBUGF(infof(conn->data, "IMAP URL parameter '%s' = '%s'\n", name, value));
- /* Process the known hierarchical parameters (UIDVALIDITY, UID and SECTION)
- stripping of the trailing slash character if it is present.
+ /* Process the known hierarchical parameters (UIDVALIDITY, UID, SECTION and
+ PARTIAL) stripping of the trailing slash character if it is present.
Note: Unknown parameters trigger a URL_MALFORMAT error. */
- if(Curl_raw_equal(name, "UIDVALIDITY") && !imap->uidvalidity) {
+ if(strcasecompare(name, "UIDVALIDITY") && !imap->uidvalidity) {
if(valuelen > 0 && value[valuelen - 1] == '/')
value[valuelen - 1] = '\0';
imap->uidvalidity = value;
value = NULL;
}
- else if(Curl_raw_equal(name, "UID") && !imap->uid) {
+ else if(strcasecompare(name, "UID") && !imap->uid) {
if(valuelen > 0 && value[valuelen - 1] == '/')
value[valuelen - 1] = '\0';
imap->uid = value;
value = NULL;
}
- else if(Curl_raw_equal(name, "SECTION") && !imap->section) {
+ else if(strcasecompare(name, "SECTION") && !imap->section) {
if(valuelen > 0 && value[valuelen - 1] == '/')
value[valuelen - 1] = '\0';
imap->section = value;
value = NULL;
}
+ else if(strcasecompare(name, "PARTIAL") && !imap->partial) {
+ if(valuelen > 0 && value[valuelen - 1] == '/')
+ value[valuelen - 1] = '\0';
+
+ imap->partial = value;
+ value = NULL;
+ }
else {
- Curl_safefree(name);
- Curl_safefree(value);
+ free(name);
+ free(value);
return CURLE_URL_MALFORMAT;
}
- Curl_safefree(name);
- Curl_safefree(value);
+ free(name);
+ free(value);
+ }
+
+ /* Does the URL contain a query parameter? Only valid when we have a mailbox
+ and no UID as per RFC-5092 */
+ if(imap->mailbox && !imap->uid && *ptr == '?') {
+ /* Find the length of the query parameter */
+ begin = ++ptr;
+ while(imap_is_bchar(*ptr))
+ ptr++;
+
+ /* Decode the query parameter */
+ result = Curl_urldecode(data, begin, ptr - begin, &imap->query, NULL,
+ TRUE);
+ if(result)
+ return result;
}
/* Any extra stuff at the end of the URL is an error */
@@ -2421,7 +2067,7 @@ static CURLcode imap_parse_url_path(struct connectdata *conn)
static CURLcode imap_parse_custom_request(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct IMAP *imap = data->req.protop;
const char *custom = data->set.str[STRING_CUSTOMREQUEST];
diff --git a/libs/libcurl/src/imap.h b/libs/libcurl/src/imap.h
index 1d4faabd70..9fc4ff5a3d 100644
--- a/libs/libcurl/src/imap.h
+++ b/libs/libcurl/src/imap.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2009 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2009 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,6 +23,7 @@
***************************************************************************/
#include "pingpong.h"
+#include "curl_sasl.h"
/****************************************************************************
* IMAP unique setup
@@ -35,16 +36,7 @@ typedef enum {
IMAP_STARTTLS,
IMAP_UPGRADETLS, /* asynchronously upgrade the connection to SSL/TLS
(multi mode only) */
- IMAP_AUTHENTICATE_PLAIN,
- IMAP_AUTHENTICATE_LOGIN,
- IMAP_AUTHENTICATE_LOGIN_PASSWD,
- IMAP_AUTHENTICATE_CRAMMD5,
- IMAP_AUTHENTICATE_DIGESTMD5,
- IMAP_AUTHENTICATE_DIGESTMD5_RESP,
- IMAP_AUTHENTICATE_NTLM,
- IMAP_AUTHENTICATE_NTLM_TYPE2MSG,
- IMAP_AUTHENTICATE_XOAUTH2,
- IMAP_AUTHENTICATE_FINAL,
+ IMAP_AUTHENTICATE,
IMAP_LOGIN,
IMAP_LIST,
IMAP_SELECT,
@@ -52,13 +44,14 @@ typedef enum {
IMAP_FETCH_FINAL,
IMAP_APPEND,
IMAP_APPEND_FINAL,
+ IMAP_SEARCH,
IMAP_LOGOUT,
IMAP_LAST /* never used */
} imapstate;
-/* This IMAP struct is used in the SessionHandle. All IMAP data that is
+/* This IMAP struct is used in the Curl_easy. All IMAP data that is
connection-oriented must be in imap_conn to properly deal with the fact that
- perhaps the SessionHandle is changed between the times the connection is
+ perhaps the Curl_easy is changed between the times the connection is
used. */
struct IMAP {
curl_pp_transfer transfer;
@@ -66,6 +59,8 @@ struct IMAP {
char *uidvalidity; /* UIDVALIDITY to check in select */
char *uid; /* Message UID to fetch */
char *section; /* Message SECTION to fetch */
+ char *partial; /* Message PARTIAL to fetch */
+ char *query; /* Query to search for */
char *custom; /* Custom request */
char *custom_params; /* Parameters for the custom request */
};
@@ -76,9 +71,9 @@ struct imap_conn {
struct pingpong pp;
imapstate state; /* Always use imap.c:state() to change state! */
bool ssldone; /* Is connect() over SSL done? */
- unsigned int authmechs; /* Accepted authentication mechanisms */
- unsigned int prefmech; /* Preferred authentication mechanism */
- unsigned int authused; /* Auth mechanism used for the connection */
+ bool preauth; /* Is this connection PREAUTH? */
+ struct SASL sasl; /* SASL-related parameters */
+ unsigned int preftype; /* Preferred authentication type */
int cmdid; /* Last used command ID */
char resptag[5]; /* Response tag to wait for */
bool tls_supported; /* StartTLS capability supported by server */
@@ -91,4 +86,12 @@ struct imap_conn {
extern const struct Curl_handler Curl_handler_imap;
extern const struct Curl_handler Curl_handler_imaps;
+/* Authentication type flags */
+#define IMAP_TYPE_CLEARTEXT (1 << 0)
+#define IMAP_TYPE_SASL (1 << 1)
+
+/* Authentication type values */
+#define IMAP_TYPE_NONE 0
+#define IMAP_TYPE_ANY ~0U
+
#endif /* HEADER_CURL_IMAP_H */
diff --git a/libs/libcurl/src/inet_ntop.c b/libs/libcurl/src/inet_ntop.c
index c327150055..fb91a505db 100644
--- a/libs/libcurl/src/inet_ntop.c
+++ b/libs/libcurl/src/inet_ntop.c
@@ -32,10 +32,8 @@
#include <arpa/inet.h>
#endif
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
#include "inet_ntop.h"
+#include "curl_printf.h"
#define IN6ADDRSZ 16
#define INADDRSZ 4
@@ -58,14 +56,14 @@ static char *inet_ntop4 (const unsigned char *src, char *dst, size_t size)
tmp[0] = '\0';
(void)snprintf(tmp, sizeof(tmp), "%d.%d.%d.%d",
- ((int)((unsigned char)src[0])) & 0xff,
- ((int)((unsigned char)src[1])) & 0xff,
- ((int)((unsigned char)src[2])) & 0xff,
- ((int)((unsigned char)src[3])) & 0xff);
+ ((int)((unsigned char)src[0])) & 0xff,
+ ((int)((unsigned char)src[1])) & 0xff,
+ ((int)((unsigned char)src[2])) & 0xff,
+ ((int)((unsigned char)src[3])) & 0xff);
len = strlen(tmp);
if(len == 0 || len >= size) {
- SET_ERRNO(ENOSPC);
+ errno = ENOSPC;
return (NULL);
}
strcpy(dst, tmp);
@@ -143,8 +141,8 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size)
*/
if(i == 6 && best.base == 0 &&
(best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
- if(!inet_ntop4(src+12, tp, sizeof(tmp) - (tp - tmp))) {
- SET_ERRNO(ENOSPC);
+ if(!inet_ntop4(src + 12, tp, sizeof(tmp) - (tp - tmp))) {
+ errno = ENOSPC;
return (NULL);
}
tp += strlen(tp);
@@ -162,7 +160,7 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size)
/* Check for overflow, copy, and we're done.
*/
if((size_t)(tp - tmp) > size) {
- SET_ERRNO(ENOSPC);
+ errno = ENOSPC;
return (NULL);
}
strcpy(dst, tmp);
@@ -179,20 +177,20 @@ static char *inet_ntop6 (const unsigned char *src, char *dst, size_t size)
*
* On Windows we store the error in the thread errno, not
* in the winsock error code. This is to avoid losing the
- * actual last winsock error. So use macro ERRNO to fetch the
- * errno this function sets when returning NULL, not SOCKERRNO.
+ * actual last winsock error. So when this function returns
+ * NULL, check errno not SOCKERRNO.
*/
char *Curl_inet_ntop(int af, const void *src, char *buf, size_t size)
{
- switch (af) {
+ switch(af) {
case AF_INET:
- return inet_ntop4((const unsigned char*)src, buf, size);
+ return inet_ntop4((const unsigned char *)src, buf, size);
#ifdef ENABLE_IPV6
case AF_INET6:
- return inet_ntop6((const unsigned char*)src, buf, size);
+ return inet_ntop6((const unsigned char *)src, buf, size);
#endif
default:
- SET_ERRNO(EAFNOSUPPORT);
+ errno = EAFNOSUPPORT;
return NULL;
}
}
diff --git a/libs/libcurl/src/inet_ntop.h b/libs/libcurl/src/inet_ntop.h
index db28ed807a..9f44612710 100644
--- a/libs/libcurl/src/inet_ntop.h
+++ b/libs/libcurl/src/inet_ntop.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -31,7 +31,7 @@ char *Curl_inet_ntop(int af, const void *addr, char *buf, size_t size);
#include <arpa/inet.h>
#endif
#define Curl_inet_ntop(af,addr,buf,size) \
- inet_ntop(af,addr,buf,(curl_socklen_t)size)
+ inet_ntop(af, addr, buf, (curl_socklen_t)size)
#endif
#endif /* HEADER_CURL_INET_NTOP_H */
diff --git a/libs/libcurl/src/inet_pton.c b/libs/libcurl/src/inet_pton.c
index f50b365da6..fef9610d1e 100644
--- a/libs/libcurl/src/inet_pton.c
+++ b/libs/libcurl/src/inet_pton.c
@@ -57,15 +57,15 @@ static int inet_pton6(const char *src, unsigned char *dst);
* notice:
* On Windows we store the error in the thread errno, not
* in the winsock error code. This is to avoid losing the
- * actual last winsock error. So use macro ERRNO to fetch the
- * errno this function sets when returning (-1), not SOCKERRNO.
+ * actual last winsock error. So when this function returns
+ * -1, check errno not SOCKERRNO.
* author:
* Paul Vixie, 1996.
*/
int
Curl_inet_pton(int af, const char *src, void *dst)
{
- switch (af) {
+ switch(af) {
case AF_INET:
return (inet_pton4(src, (unsigned char *)dst));
#ifdef ENABLE_IPV6
@@ -73,7 +73,7 @@ Curl_inet_pton(int af, const char *src, void *dst)
return (inet_pton6(src, (unsigned char *)dst));
#endif
default:
- SET_ERRNO(EAFNOSUPPORT);
+ errno = EAFNOSUPPORT;
return (-1);
}
/* NOTREACHED */
@@ -103,7 +103,8 @@ inet_pton4(const char *src, unsigned char *dst)
while((ch = *src++) != '\0') {
const char *pch;
- if((pch = strchr(digits, ch)) != NULL) {
+ pch = strchr(digits, ch);
+ if(pch) {
unsigned int val = *tp * 10 + (unsigned int)(pch - digits);
if(saw_digit && *tp == 0)
@@ -169,7 +170,8 @@ inet_pton6(const char *src, unsigned char *dst)
while((ch = *src++) != '\0') {
const char *pch;
- if((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+ pch = strchr((xdigits = xdigits_l), ch);
+ if(!pch)
pch = strchr((xdigits = xdigits_u), ch);
if(pch != NULL) {
val <<= 4;
@@ -188,8 +190,8 @@ inet_pton6(const char *src, unsigned char *dst)
}
if(tp + INT16SZ > endp)
return (0);
- *tp++ = (unsigned char) (val >> 8) & 0xff;
- *tp++ = (unsigned char) val & 0xff;
+ *tp++ = (unsigned char) ((val >> 8) & 0xff);
+ *tp++ = (unsigned char) (val & 0xff);
saw_xdigit = 0;
val = 0;
continue;
@@ -205,8 +207,8 @@ inet_pton6(const char *src, unsigned char *dst)
if(saw_xdigit) {
if(tp + INT16SZ > endp)
return (0);
- *tp++ = (unsigned char) (val >> 8) & 0xff;
- *tp++ = (unsigned char) val & 0xff;
+ *tp++ = (unsigned char) ((val >> 8) & 0xff);
+ *tp++ = (unsigned char) (val & 0xff);
}
if(colonp != NULL) {
/*
diff --git a/libs/libcurl/src/inet_pton.h b/libs/libcurl/src/inet_pton.h
index 43c5491430..e216f4efa9 100644
--- a/libs/libcurl/src/inet_pton.h
+++ b/libs/libcurl/src/inet_pton.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -29,6 +29,9 @@ int Curl_inet_pton(int, const char *, void *);
#ifdef HAVE_INET_PTON
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
+#elif defined(HAVE_WS2TCPIP_H)
+/* inet_pton() exists in Vista or later */
+#include <ws2tcpip.h>
#endif
#define Curl_inet_pton(x,y,z) inet_pton(x,y,z)
#endif
diff --git a/libs/libcurl/src/krb4.c b/libs/libcurl/src/krb4.c
deleted file mode 100644
index 3d789621d8..0000000000
--- a/libs/libcurl/src/krb4.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* This source code was modified by Martin Hedenfalk <mhe@stacken.kth.se> for
- * use in Curl. Martin's latest changes were done 2000-09-18.
- *
- * It has since been patched away like a madman by Daniel Stenberg to make it
- * better applied to curl conditions, and to make it not use globals, pollute
- * name space and more.
- *
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * Copyright (c) 2004 - 2011 Daniel Stenberg
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#include "curl_setup.h"
-
-#ifndef CURL_DISABLE_FTP
-#ifdef HAVE_KRB4
-
-#ifdef HAVE_NETDB_H
-#include <netdb.h>
-#endif
-#include <krb.h>
-#include <des.h>
-
-#include "urldata.h"
-#include "curl_base64.h"
-#include "ftp.h"
-#include "sendf.h"
-#include "krb4.h"
-#include "inet_ntop.h"
-#include "curl_memory.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#define LOCAL_ADDR (&conn->local_addr)
-#define REMOTE_ADDR conn->ip_addr->ai_addr
-#define myctladdr LOCAL_ADDR
-#define hisctladdr REMOTE_ADDR
-
-struct krb4_data {
- des_cblock key;
- des_key_schedule schedule;
- char name[ANAME_SZ];
- char instance[INST_SZ];
- char realm[REALM_SZ];
-};
-
-#ifndef HAVE_STRLCPY
-/* if it ever goes non-static, make it Curl_ prefixed! */
-static size_t
-strlcpy (char *dst, const char *src, size_t dst_sz)
-{
- size_t n;
- char *p;
-
- for(p = dst, n = 0;
- n + 1 < dst_sz && *src != '\0';
- ++p, ++src, ++n)
- *p = *src;
- *p = '\0';
- if(*src == '\0')
- return n;
- else
- return n + strlen (src);
-}
-#else
-size_t strlcpy (char *dst, const char *src, size_t dst_sz);
-#endif
-
-static int
-krb4_check_prot(void *app_data, int level)
-{
- app_data = NULL; /* prevent compiler warning */
- if(level == PROT_CONFIDENTIAL)
- return -1;
- return 0;
-}
-
-static int
-krb4_decode(void *app_data, void *buf, int len, int level,
- struct connectdata *conn)
-{
- MSG_DAT m;
- int e;
- struct krb4_data *d = app_data;
-
- if(level == PROT_SAFE)
- e = krb_rd_safe(buf, len, &d->key,
- (struct sockaddr_in *)REMOTE_ADDR,
- (struct sockaddr_in *)LOCAL_ADDR, &m);
- else
- e = krb_rd_priv(buf, len, d->schedule, &d->key,
- (struct sockaddr_in *)REMOTE_ADDR,
- (struct sockaddr_in *)LOCAL_ADDR, &m);
- if(e) {
- struct SessionHandle *data = conn->data;
- infof(data, "krb4_decode: %s\n", krb_get_err_text(e));
- return -1;
- }
- memmove(buf, m.app_data, m.app_length);
- return m.app_length;
-}
-
-static int
-krb4_overhead(void *app_data, int level, int len)
-{
- /* no arguments are used, just init them to prevent compiler warnings */
- app_data = NULL;
- level = 0;
- len = 0;
- return 31;
-}
-
-static int
-krb4_encode(void *app_data, const void *from, int length, int level, void **to,
- struct connectdata *conn)
-{
- struct krb4_data *d = app_data;
- *to = malloc(length + 31);
- if(!*to)
- return -1;
- if(level == PROT_SAFE)
- /* NOTE that the void* cast is safe, krb_mk_safe/priv don't modify the
- * input buffer
- */
- return krb_mk_safe((void*)from, *to, length, &d->key,
- (struct sockaddr_in *)LOCAL_ADDR,
- (struct sockaddr_in *)REMOTE_ADDR);
- else if(level == PROT_PRIVATE)
- return krb_mk_priv((void*)from, *to, length, d->schedule, &d->key,
- (struct sockaddr_in *)LOCAL_ADDR,
- (struct sockaddr_in *)REMOTE_ADDR);
- else
- return -1;
-}
-
-static int
-mk_auth(struct krb4_data *d, KTEXT adat,
- const char *service, char *host, int checksum)
-{
- int ret;
- CREDENTIALS cred;
- char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
-
- strlcpy(sname, service, sizeof(sname));
- strlcpy(inst, krb_get_phost(host), sizeof(inst));
- strlcpy(realm, krb_realmofhost(host), sizeof(realm));
- ret = krb_mk_req(adat, sname, inst, realm, checksum);
- if(ret)
- return ret;
- strlcpy(sname, service, sizeof(sname));
- strlcpy(inst, krb_get_phost(host), sizeof(inst));
- strlcpy(realm, krb_realmofhost(host), sizeof(realm));
- ret = krb_get_cred(sname, inst, realm, &cred);
- memmove(&d->key, &cred.session, sizeof(des_cblock));
- des_key_sched(&d->key, d->schedule);
- memset(&cred, 0, sizeof(cred));
- return ret;
-}
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
-int krb_get_our_ip_for_realm(char *, struct in_addr *);
-#endif
-
-static int
-krb4_auth(void *app_data, struct connectdata *conn)
-{
- int ret;
- char *p;
- unsigned char *ptr;
- size_t len = 0;
- KTEXT_ST adat;
- MSG_DAT msg_data;
- int checksum;
- u_int32_t cs;
- struct krb4_data *d = app_data;
- char *host = conn->host.name;
- ssize_t nread;
- int l = sizeof(conn->local_addr);
- struct SessionHandle *data = conn->data;
- CURLcode result;
- size_t base64_sz = 0;
-
- if(getsockname(conn->sock[FIRSTSOCKET],
- (struct sockaddr *)LOCAL_ADDR, &l) < 0)
- perror("getsockname()");
-
- checksum = getpid();
- ret = mk_auth(d, &adat, "ftp", host, checksum);
- if(ret == KDC_PR_UNKNOWN)
- ret = mk_auth(d, &adat, "rcmd", host, checksum);
- if(ret) {
- infof(data, "%s\n", krb_get_err_text(ret));
- return AUTH_CONTINUE;
- }
-
-#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
- if(krb_get_config_bool("nat_in_use")) {
- struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR;
- struct in_addr natAddr;
-
- if(krb_get_our_ip_for_realm(krb_realmofhost(host),
- &natAddr) != KSUCCESS
- && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
- infof(data, "Can't get address for realm %s\n",
- krb_realmofhost(host));
- else {
- if(natAddr.s_addr != localaddr->sin_addr.s_addr) {
- char addr_buf[128];
- if(Curl_inet_ntop(AF_INET, natAddr, addr_buf, sizeof(addr_buf)))
- infof(data, "Using NAT IP address (%s) for kerberos 4\n", addr_buf);
- localaddr->sin_addr = natAddr;
- }
- }
- }
-#endif
-
- result = Curl_base64_encode(conn->data, (char *)adat.dat, adat.length,
- &p, &base64_sz);
- if(result) {
- Curl_failf(data, "base64-encoding: %s", curl_easy_strerror(result));
- return AUTH_CONTINUE;
- }
-
- result = Curl_ftpsendf(conn, "ADAT %s", p);
-
- free(p);
-
- if(result)
- return -2;
-
- if(Curl_GetFTPResponse(&nread, conn, NULL))
- return -1;
-
- if(data->state.buffer[0] != '2') {
- Curl_failf(data, "Server didn't accept auth data");
- return AUTH_ERROR;
- }
-
- p = strstr(data->state.buffer, "ADAT=");
- if(!p) {
- Curl_failf(data, "Remote host didn't send adat reply");
- return AUTH_ERROR;
- }
- p += 5;
- result = Curl_base64_decode(p, &ptr, &len);
- if(result) {
- Curl_failf(data, "base64-decoding: %s", curl_easy_strerror(result));
- return AUTH_ERROR;
- }
- if(len > sizeof(adat.dat)-1) {
- free(ptr);
- ptr = NULL;
- len = 0;
- }
- if(!len || !ptr) {
- Curl_failf(data, "Failed to decode base64 from server");
- return AUTH_ERROR;
- }
- memcpy((char *)adat.dat, ptr, len);
- free(ptr);
- adat.length = len;
- ret = krb_rd_safe(adat.dat, adat.length, &d->key,
- (struct sockaddr_in *)hisctladdr,
- (struct sockaddr_in *)myctladdr, &msg_data);
- if(ret) {
- Curl_failf(data, "Error reading reply from server: %s",
- krb_get_err_text(ret));
- return AUTH_ERROR;
- }
- krb_get_int(msg_data.app_data, &cs, 4, 0);
- if(cs - checksum != 1) {
- Curl_failf(data, "Bad checksum returned from server");
- return AUTH_ERROR;
- }
- return AUTH_OK;
-}
-
-struct Curl_sec_client_mech Curl_krb4_client_mech = {
- "KERBEROS_V4",
- sizeof(struct krb4_data),
- NULL, /* init */
- krb4_auth,
- NULL, /* end */
- krb4_check_prot,
- krb4_overhead,
- krb4_encode,
- krb4_decode
-};
-
-static enum protection_level
-krb4_set_command_prot(struct connectdata *conn, enum protection_level level)
-{
- enum protection_level old = conn->command_prot;
- DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
- conn->command_prot = level;
- return old;
-}
-
-CURLcode Curl_krb_kauth(struct connectdata *conn)
-{
- des_cblock key;
- des_key_schedule schedule;
- KTEXT_ST tkt, tktcopy;
- char *name;
- char *p;
- char passwd[100];
- size_t tmp = 0;
- ssize_t nread;
- enum protection_level save;
- CURLcode result;
- unsigned char *ptr;
- size_t base64_sz = 0;
-
- save = krb4_set_command_prot(conn, PROT_PRIVATE);
-
- result = Curl_ftpsendf(conn, "SITE KAUTH %s", conn->user);
-
- if(result)
- return result;
-
- result = Curl_GetFTPResponse(&nread, conn, NULL);
- if(result)
- return result;
-
- if(conn->data->state.buffer[0] != '3') {
- krb4_set_command_prot(conn, save);
- return CURLE_FTP_WEIRD_SERVER_REPLY;
- }
-
- p = strstr(conn->data->state.buffer, "T=");
- if(!p) {
- Curl_failf(conn->data, "Bad reply from server");
- krb4_set_command_prot(conn, save);
- return CURLE_FTP_WEIRD_SERVER_REPLY;
- }
-
- p += 2;
- result = Curl_base64_decode(p, &ptr, &tmp);
- if(result) {
- Curl_failf(conn->data, "base64-decoding: %s", curl_easy_strerror(result));
- return result;
- }
- if(tmp >= sizeof(tkt.dat)) {
- free(ptr);
- ptr = NULL;
- tmp = 0;
- }
- if(!tmp || !ptr) {
- Curl_failf(conn->data, "Failed to decode base64 in reply");
- krb4_set_command_prot(conn, save);
- return CURLE_FTP_WEIRD_SERVER_REPLY;
- }
- memcpy((char *)tkt.dat, ptr, tmp);
- free(ptr);
- tkt.length = tmp;
- tktcopy.length = tkt.length;
-
- p = strstr(conn->data->state.buffer, "P=");
- if(!p) {
- Curl_failf(conn->data, "Bad reply from server");
- krb4_set_command_prot(conn, save);
- return CURLE_FTP_WEIRD_SERVER_REPLY;
- }
- name = p + 2;
- for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
- *p = 0;
-
- des_string_to_key (conn->passwd, &key);
- des_key_sched(&key, schedule);
-
- des_pcbc_encrypt((void *)tkt.dat, (void *)tktcopy.dat,
- tkt.length,
- schedule, &key, DES_DECRYPT);
- if(strcmp ((char*)tktcopy.dat + 8,
- KRB_TICKET_GRANTING_TICKET) != 0) {
- afs_string_to_key(passwd,
- krb_realmofhost(conn->host.name),
- &key);
- des_key_sched(&key, schedule);
- des_pcbc_encrypt((void *)tkt.dat, (void *)tktcopy.dat,
- tkt.length,
- schedule, &key, DES_DECRYPT);
- }
- memset(key, 0, sizeof(key));
- memset(schedule, 0, sizeof(schedule));
- memset(passwd, 0, sizeof(passwd));
- result = Curl_base64_encode(conn->data, (char *)tktcopy.dat, tktcopy.length,
- &p, &base64_sz);
- if(result) {
- Curl_failf(conn->data, "base64-encoding: %s", curl_easy_strerror(result));
- krb4_set_command_prot(conn, save);
- return result;
- }
- memset (tktcopy.dat, 0, tktcopy.length);
-
- result = Curl_ftpsendf(conn, "SITE KAUTH %s %s", name, p);
- free(p);
- if(result)
- return result;
-
- result = Curl_GetFTPResponse(&nread, conn, NULL);
- if(result)
- return result;
- krb4_set_command_prot(conn, save);
-
- return CURLE_OK;
-}
-
-#endif /* HAVE_KRB4 */
-#endif /* CURL_DISABLE_FTP */
diff --git a/libs/libcurl/src/krb4.h b/libs/libcurl/src/krb4.h
deleted file mode 100644
index 3e29b25882..0000000000
--- a/libs/libcurl/src/krb4.h
+++ /dev/null
@@ -1,57 +0,0 @@
-#ifndef HEADER_CURL_KRB4_H
-#define HEADER_CURL_KRB4_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-struct Curl_sec_client_mech {
- const char *name;
- size_t size;
- int (*init)(void *);
- int (*auth)(void *, struct connectdata *);
- void (*end)(void *);
- int (*check_prot)(void *, int);
- int (*overhead)(void *, int, int);
- int (*encode)(void *, const void*, int, int, void**, struct connectdata *);
- int (*decode)(void *, void*, int, int, struct connectdata *);
-};
-
-
-#define AUTH_OK 0
-#define AUTH_CONTINUE 1
-#define AUTH_ERROR 2
-
-#ifdef HAVE_KRB4
-extern struct Curl_sec_client_mech Curl_krb4_client_mech;
-#endif
-#ifdef HAVE_GSSAPI
-extern struct Curl_sec_client_mech Curl_krb5_client_mech;
-#endif
-
-CURLcode Curl_krb_kauth(struct connectdata *conn);
-int Curl_sec_read_msg (struct connectdata *conn, char *,
- enum protection_level);
-void Curl_sec_end (struct connectdata *);
-CURLcode Curl_sec_login (struct connectdata *);
-int Curl_sec_request_prot (struct connectdata *conn, const char *level);
-
-#endif /* HEADER_CURL_KRB4_H */
-
diff --git a/libs/libcurl/src/krb5.c b/libs/libcurl/src/krb5.c
index 1643f11a6a..69a35979a8 100644
--- a/libs/libcurl/src/krb5.c
+++ b/libs/libcurl/src/krb5.c
@@ -1,8 +1,8 @@
/* GSSAPI/krb5 support for FTP - loosely based on old krb4.c
*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999, 2013 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
- * Copyright (c) 2004 - 2012 Daniel Stenberg
+ * Copyright (c) 2004 - 2016 Daniel Stenberg
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,13 +34,7 @@
#include "curl_setup.h"
-#ifndef CURL_DISABLE_FTP
-#ifdef HAVE_GSSAPI
-
-#ifdef HAVE_OLD_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#define NCOMPAT 1
-#endif
+#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP)
#ifdef HAVE_NETDB_H
#include <netdb.h>
@@ -52,18 +46,13 @@
#include "curl_gssapi.h"
#include "sendf.h"
#include "curl_sec.h"
-#include "curl_memory.h"
#include "warnless.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
-#define LOCAL_ADDR (&conn->local_addr)
-#define REMOTE_ADDR conn->ip_addr->ai_addr
-
static int
krb5_init(void *app_data)
{
@@ -121,8 +110,7 @@ krb5_overhead(void *app_data, int level, int len)
}
static int
-krb5_encode(void *app_data, const void *from, int length, int level, void **to,
- struct connectdata *conn UNUSED_PARAM)
+krb5_encode(void *app_data, const void *from, int length, int level, void **to)
{
gss_ctx_id_t *context = app_data;
gss_buffer_desc dec, enc;
@@ -130,13 +118,10 @@ krb5_encode(void *app_data, const void *from, int length, int level, void **to,
int state;
int len;
- /* shut gcc up */
- conn = NULL;
-
/* NOTE that the cast is safe, neither of the krb5, gnu gss and heimdal
* libraries modify the input buffer in gss_seal()
*/
- dec.value = (void*)from;
+ dec.value = (void *)from;
dec.length = length;
maj = gss_seal(&min, *context,
level == PROT_PRIVATE,
@@ -165,28 +150,32 @@ krb5_auth(void *app_data, struct connectdata *conn)
const char *host = conn->host.name;
ssize_t nread;
curl_socklen_t l = sizeof(conn->local_addr);
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
CURLcode result;
- const char *service = "ftp", *srv_host = "host";
+ const char *service = data->set.str[STRING_SERVICE_NAME] ?
+ data->set.str[STRING_SERVICE_NAME] :
+ "ftp";
+ const char *srv_host = "host";
gss_buffer_desc input_buffer, output_buffer, _gssresp, *gssresp;
OM_uint32 maj, min;
gss_name_t gssname;
gss_ctx_id_t *context = app_data;
struct gss_channel_bindings_struct chan;
size_t base64_sz = 0;
+ struct sockaddr_in **remote_addr =
+ (struct sockaddr_in **)&conn->ip_addr->ai_addr;
+ char *stringp;
if(getsockname(conn->sock[FIRSTSOCKET],
- (struct sockaddr *)LOCAL_ADDR, &l) < 0)
+ (struct sockaddr *)&conn->local_addr, &l) < 0)
perror("getsockname()");
chan.initiator_addrtype = GSS_C_AF_INET;
chan.initiator_address.length = l - 4;
- chan.initiator_address.value =
- &((struct sockaddr_in *)LOCAL_ADDR)->sin_addr.s_addr;
+ chan.initiator_address.value = &conn->local_addr.sin_addr.s_addr;
chan.acceptor_addrtype = GSS_C_AF_INET;
chan.acceptor_address.length = l - 4;
- chan.acceptor_address.value =
- &((struct sockaddr_in *)REMOTE_ADDR)->sin_addr.s_addr;
+ chan.acceptor_address.value = &(*remote_addr)->sin_addr.s_addr;
chan.application_data.length = 0;
chan.application_data.value = NULL;
@@ -194,10 +183,10 @@ krb5_auth(void *app_data, struct connectdata *conn)
for(;;) {
/* this really shouldn't be repeated here, but can't help it */
if(service == srv_host) {
- result = Curl_ftpsendf(conn, "AUTH GSSAPI");
-
+ result = Curl_ftpsend(conn, "AUTH GSSAPI");
if(result)
return -2;
+
if(Curl_GetFTPResponse(&nread, conn, NULL))
return -1;
@@ -205,16 +194,19 @@ krb5_auth(void *app_data, struct connectdata *conn)
return -1;
}
- input_buffer.value = data->state.buffer;
- input_buffer.length = snprintf(input_buffer.value, BUFSIZE, "%s@%s",
- service, host);
+ stringp = aprintf("%s@%s", service, host);
+ if(!stringp)
+ return -2;
+
+ input_buffer.value = stringp;
+ input_buffer.length = strlen(stringp);
maj = gss_import_name(&min, &input_buffer, GSS_C_NT_HOSTBASED_SERVICE,
&gssname);
+ free(stringp);
if(maj != GSS_S_COMPLETE) {
gss_release_name(&min, &gssname);
if(service == srv_host) {
- Curl_failf(data, "Error importing service name %s",
- input_buffer.value);
+ Curl_failf(data, "Error importing service name %s@%s", service, host);
return AUTH_ERROR;
}
service = srv_host;
@@ -236,9 +228,11 @@ krb5_auth(void *app_data, struct connectdata *conn)
&min,
context,
gssname,
+ &Curl_krb5_mech_oid,
&chan,
gssresp,
&output_buffer,
+ TRUE,
NULL);
if(gssresp) {
@@ -253,15 +247,22 @@ krb5_auth(void *app_data, struct connectdata *conn)
}
if(output_buffer.length != 0) {
+ char *cmd;
+
result = Curl_base64_encode(data, (char *)output_buffer.value,
output_buffer.length, &p, &base64_sz);
if(result) {
- Curl_infof(data,"base64-encoding: %s\n", curl_easy_strerror(result));
- ret = AUTH_CONTINUE;
+ Curl_infof(data, "base64-encoding: %s\n",
+ curl_easy_strerror(result));
+ ret = AUTH_ERROR;
break;
}
- result = Curl_ftpsendf(conn, "ADAT %s", p);
+ cmd = aprintf("ADAT %s", p);
+ if(cmd)
+ result = Curl_ftpsend(conn, cmd);
+ else
+ result = CURLE_OUT_OF_MEMORY;
free(p);
@@ -288,7 +289,8 @@ krb5_auth(void *app_data, struct connectdata *conn)
(unsigned char **)&_gssresp.value,
&_gssresp.length);
if(result) {
- Curl_failf(data,"base64-decoding: %s", curl_easy_strerror(result));
+ Curl_failf(data, "base64-decoding: %s",
+ curl_easy_strerror(result));
ret = AUTH_CONTINUE;
break;
}
@@ -337,5 +339,4 @@ struct Curl_sec_client_mech Curl_krb5_client_mech = {
krb5_decode
};
-#endif /* HAVE_GSSAPI */
-#endif /* CURL_DISABLE_FTP */
+#endif /* HAVE_GSSAPI && !CURL_DISABLE_FTP */
diff --git a/libs/libcurl/src/ldap.c b/libs/libcurl/src/ldap.c
index c2fa1735fa..89047bcbda 100644
--- a/libs/libcurl/src/ldap.c
+++ b/libs/libcurl/src/ldap.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -35,7 +35,7 @@
* OpenLDAP library versions, USE_OPENLDAP shall not be defined.
*/
-#ifdef CURL_LDAP_WIN /* Use Windows LDAP implementation. */
+#ifdef USE_WIN32_LDAP /* Use Windows LDAP implementation. */
# include <winldap.h>
# ifndef LDAP_VENDOR_NAME
# error Your Platform SDK is NOT sufficient for LDAP support! \
@@ -54,22 +54,30 @@
# endif /* HAVE_LDAP_SSL && HAVE_LDAP_SSL_H */
#endif
+/* These are macros in both <wincrypt.h> (in above <winldap.h>) and typedefs
+ * in BoringSSL's <openssl/x509.h>
+ */
+#ifdef HAVE_BORINGSSL
+# undef X509_NAME
+# undef X509_CERT_PAIR
+# undef X509_EXTENSIONS
+#endif
+
#include "urldata.h"
#include <curl/curl.h>
#include "sendf.h"
#include "escape.h"
#include "progress.h"
#include "transfer.h"
-#include "strequal.h"
+#include "strcase.h"
#include "strtok.h"
#include "curl_ldap.h"
-#include "curl_memory.h"
+#include "curl_multibyte.h"
#include "curl_base64.h"
-#include "rawstr.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "connect.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#ifndef HAVE_LDAP_URL_PARSE
@@ -79,10 +87,19 @@
typedef struct {
char *lud_host;
int lud_port;
+#if defined(USE_WIN32_LDAP)
+ TCHAR *lud_dn;
+ TCHAR **lud_attrs;
+#else
char *lud_dn;
char **lud_attrs;
+#endif
int lud_scope;
+#if defined(USE_WIN32_LDAP)
+ TCHAR *lud_filter;
+#else
char *lud_filter;
+#endif
char **lud_exts;
size_t lud_attrs_dups; /* how many were dup'ed, this field is not in the
"real" struct so can only be used in code
@@ -92,9 +109,9 @@ typedef struct {
#undef LDAPURLDesc
#define LDAPURLDesc CURL_LDAPURLDesc
-static int _ldap_url_parse (const struct connectdata *conn,
- LDAPURLDesc **ludp);
-static void _ldap_free_urldesc (LDAPURLDesc *ludp);
+static int _ldap_url_parse(const struct connectdata *conn,
+ LDAPURLDesc **ludp);
+static void _ldap_free_urldesc(LDAPURLDesc *ludp);
#undef ldap_free_urldesc
#define ldap_free_urldesc _ldap_free_urldesc
@@ -102,11 +119,11 @@ static void _ldap_free_urldesc (LDAPURLDesc *ludp);
#ifdef DEBUG_LDAP
#define LDAP_TRACE(x) do { \
- _ldap_trace ("%u: ", __LINE__); \
+ _ldap_trace("%u: ", __LINE__); \
_ldap_trace x; \
} WHILE_FALSE
- static void _ldap_trace (const char *fmt, ...);
+ static void _ldap_trace(const char *fmt, ...);
#else
#define LDAP_TRACE(x) Curl_nop_stmt
#endif
@@ -133,6 +150,7 @@ const struct Curl_handler Curl_handler_ldap = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_LDAP, /* defport */
CURLPROTO_LDAP, /* protocol */
PROTOPT_NONE /* flags */
@@ -158,31 +176,115 @@ const struct Curl_handler Curl_handler_ldaps = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_LDAPS, /* defport */
- CURLPROTO_LDAP | CURLPROTO_LDAPS, /* protocol */
+ CURLPROTO_LDAPS, /* protocol */
PROTOPT_SSL /* flags */
};
#endif
+#if defined(USE_WIN32_LDAP)
+
+#if defined(USE_WINDOWS_SSPI)
+static int ldap_win_bind_auth(LDAP *server, const char *user,
+ const char *passwd, unsigned long authflags)
+{
+ ULONG method = 0;
+ SEC_WINNT_AUTH_IDENTITY cred;
+ int rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+
+ memset(&cred, 0, sizeof(cred));
+
+#if defined(USE_SPNEGO)
+ if(authflags & CURLAUTH_NEGOTIATE) {
+ method = LDAP_AUTH_NEGOTIATE;
+ }
+ else
+#endif
+#if defined(USE_NTLM)
+ if(authflags & CURLAUTH_NTLM) {
+ method = LDAP_AUTH_NTLM;
+ }
+ else
+#endif
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+ if(authflags & CURLAUTH_DIGEST) {
+ method = LDAP_AUTH_DIGEST;
+ }
+ else
+#endif
+ {
+ /* required anyway if one of upper preprocessor definitions enabled */
+ }
+
+ if(method && user && passwd) {
+ rc = Curl_create_sspi_identity(user, passwd, &cred);
+ if(!rc) {
+ rc = ldap_bind_s(server, NULL, (TCHAR *)&cred, method);
+ Curl_sspi_free_identity(&cred);
+ }
+ }
+ else {
+ /* proceed with current user credentials */
+ method = LDAP_AUTH_NEGOTIATE;
+ rc = ldap_bind_s(server, NULL, NULL, method);
+ }
+ return rc;
+}
+#endif /* #if defined(USE_WINDOWS_SSPI) */
+
+static int ldap_win_bind(struct connectdata *conn, LDAP *server,
+ const char *user, const char *passwd)
+{
+ int rc = LDAP_INVALID_CREDENTIALS;
+
+ PTCHAR inuser = NULL;
+ PTCHAR inpass = NULL;
+
+ if(user && passwd && (conn->data->set.httpauth & CURLAUTH_BASIC)) {
+ inuser = Curl_convert_UTF8_to_tchar((char *) user);
+ inpass = Curl_convert_UTF8_to_tchar((char *) passwd);
+
+ rc = ldap_simple_bind_s(server, inuser, inpass);
+
+ Curl_unicodefree(inuser);
+ Curl_unicodefree(inpass);
+ }
+#if defined(USE_WINDOWS_SSPI)
+ else {
+ rc = ldap_win_bind_auth(server, user, passwd, conn->data->set.httpauth);
+ }
+#endif
+
+ return rc;
+}
+#endif /* #if defined(USE_WIN32_LDAP) */
static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
{
- CURLcode status = CURLE_OK;
+ CURLcode result = CURLE_OK;
int rc = 0;
LDAP *server = NULL;
LDAPURLDesc *ludp = NULL;
- LDAPMessage *result = NULL;
+ LDAPMessage *ldapmsg = NULL;
LDAPMessage *entryIterator;
int num = 0;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
int ldap_proto = LDAP_VERSION3;
int ldap_ssl = 0;
char *val_b64 = NULL;
size_t val_b64_sz = 0;
curl_off_t dlsize = 0;
#ifdef LDAP_OPT_NETWORK_TIMEOUT
- struct timeval ldap_timeout = {10,0}; /* 10 sec connection/search timeout */
+ struct timeval ldap_timeout = {10, 0}; /* 10 sec connection/search timeout */
+#endif
+#if defined(USE_WIN32_LDAP)
+ TCHAR *host = NULL;
+#else
+ char *host = NULL;
#endif
+ char *user = NULL;
+ char *passwd = NULL;
*done = TRUE; /* unconditionally */
infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d\n",
@@ -196,16 +298,32 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
#endif
if(rc != 0) {
failf(data, "LDAP local: %s", ldap_err2string(rc));
- status = CURLE_LDAP_INVALID_URL;
+ result = CURLE_LDAP_INVALID_URL;
goto quit;
}
- /* Get the URL scheme ( either ldap or ldaps ) */
+ /* Get the URL scheme (either ldap or ldaps) */
if(conn->given->flags & PROTOPT_SSL)
ldap_ssl = 1;
infof(data, "LDAP local: trying to establish %s connection\n",
ldap_ssl ? "encrypted" : "cleartext");
+#if defined(USE_WIN32_LDAP)
+ host = Curl_convert_UTF8_to_tchar(conn->host.name);
+ if(!host) {
+ result = CURLE_OUT_OF_MEMORY;
+
+ goto quit;
+ }
+#else
+ host = conn->host.name;
+#endif
+
+ if(conn->bits.user_passwd) {
+ user = conn->user;
+ passwd = conn->passwd;
+ }
+
#ifdef LDAP_OPT_NETWORK_TIMEOUT
ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
#endif
@@ -213,30 +331,30 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
if(ldap_ssl) {
#ifdef HAVE_LDAP_SSL
-#ifdef CURL_LDAP_WIN
+#ifdef USE_WIN32_LDAP
/* Win32 LDAP SDK doesn't support insecure mode without CA! */
- server = ldap_sslinit(conn->host.name, (int)conn->port, 1);
+ server = ldap_sslinit(host, (int)conn->port, 1);
ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
#else
int ldap_option;
- char* ldap_ca = data->set.str[STRING_SSL_CAFILE];
+ char *ldap_ca = conn->ssl_config.CAfile;
#if defined(CURL_HAS_NOVELL_LDAPSDK)
rc = ldapssl_client_init(NULL, NULL);
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ldapssl_client_init %s", ldap_err2string(rc));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
- if(data->set.ssl.verifypeer) {
+ if(conn->ssl_config.verifypeer) {
/* Novell SDK supports DER or BASE64 files. */
int cert_type = LDAPSSL_CERT_FILETYPE_B64;
- if((data->set.str[STRING_CERT_TYPE]) &&
- (Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "DER")))
+ if((data->set.ssl.cert_type) &&
+ (strcasecompare(data->set.ssl.cert_type, "DER")))
cert_type = LDAPSSL_CERT_FILETYPE_DER;
if(!ldap_ca) {
failf(data, "LDAP local: ERROR %s CA cert not set!",
(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
infof(data, "LDAP local: using %s CA cert '%s'\n",
@@ -247,7 +365,7 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
failf(data, "LDAP local: ERROR setting %s CA cert: %s",
(cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM"),
ldap_err2string(rc));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
ldap_option = LDAPSSL_VERIFY_SERVER;
@@ -258,28 +376,28 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ERROR setting cert verify mode: %s",
ldap_err2string(rc));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
- server = ldapssl_init(conn->host.name, (int)conn->port, 1);
+ server = ldapssl_init(host, (int)conn->port, 1);
if(server == NULL) {
failf(data, "LDAP local: Cannot connect to %s:%ld",
- conn->host.name, conn->port);
- status = CURLE_COULDNT_CONNECT;
+ conn->host.dispname, conn->port);
+ result = CURLE_COULDNT_CONNECT;
goto quit;
}
#elif defined(LDAP_OPT_X_TLS)
- if(data->set.ssl.verifypeer) {
+ if(conn->ssl_config.verifypeer) {
/* OpenLDAP SDK supports BASE64 files. */
- if((data->set.str[STRING_CERT_TYPE]) &&
- (!Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "PEM"))) {
+ if((data->set.ssl.cert_type) &&
+ (!strcasecompare(data->set.ssl.cert_type, "PEM"))) {
failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
if(!ldap_ca) {
failf(data, "LDAP local: ERROR PEM CA cert not set!");
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
infof(data, "LDAP local: using PEM CA cert: %s\n", ldap_ca);
@@ -287,7 +405,7 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ERROR setting PEM CA cert: %s",
ldap_err2string(rc));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
ldap_option = LDAP_OPT_X_TLS_DEMAND;
@@ -299,14 +417,14 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ERROR setting cert verify mode: %s",
ldap_err2string(rc));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
- server = ldap_init(conn->host.name, (int)conn->port);
+ server = ldap_init(host, (int)conn->port);
if(server == NULL) {
failf(data, "LDAP local: Cannot connect to %s:%ld",
- conn->host.name, conn->port);
- status = CURLE_COULDNT_CONNECT;
+ conn->host.dispname, conn->port);
+ result = CURLE_COULDNT_CONNECT;
goto quit;
}
ldap_option = LDAP_OPT_X_TLS_HARD;
@@ -314,7 +432,7 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ERROR setting SSL/TLS mode: %s",
ldap_err2string(rc));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
/*
@@ -322,7 +440,7 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
if(rc != LDAP_SUCCESS) {
failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s",
ldap_err2string(rc));
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
*/
@@ -331,127 +449,287 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
should check in first place if we can support LDAP SSL/TLS */
failf(data, "LDAP local: SSL/TLS not supported with this version "
"of the OpenLDAP toolkit\n");
- status = CURLE_SSL_CERTPROBLEM;
+ result = CURLE_SSL_CERTPROBLEM;
goto quit;
#endif
#endif
#endif /* CURL_LDAP_USE_SSL */
}
else {
- server = ldap_init(conn->host.name, (int)conn->port);
+ server = ldap_init(host, (int)conn->port);
if(server == NULL) {
failf(data, "LDAP local: Cannot connect to %s:%ld",
- conn->host.name, conn->port);
- status = CURLE_COULDNT_CONNECT;
+ conn->host.dispname, conn->port);
+ result = CURLE_COULDNT_CONNECT;
goto quit;
}
}
-#ifdef CURL_LDAP_WIN
+#ifdef USE_WIN32_LDAP
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
#endif
- rc = ldap_simple_bind_s(server,
- conn->bits.user_passwd ? conn->user : NULL,
- conn->bits.user_passwd ? conn->passwd : NULL);
+#ifdef USE_WIN32_LDAP
+ rc = ldap_win_bind(conn, server, user, passwd);
+#else
+ rc = ldap_simple_bind_s(server, user, passwd);
+#endif
if(!ldap_ssl && rc != 0) {
ldap_proto = LDAP_VERSION2;
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
- rc = ldap_simple_bind_s(server,
- conn->bits.user_passwd ? conn->user : NULL,
- conn->bits.user_passwd ? conn->passwd : NULL);
+#ifdef USE_WIN32_LDAP
+ rc = ldap_win_bind(conn, server, user, passwd);
+#else
+ rc = ldap_simple_bind_s(server, user, passwd);
+#endif
}
if(rc != 0) {
failf(data, "LDAP local: ldap_simple_bind_s %s", ldap_err2string(rc));
- status = CURLE_LDAP_CANNOT_BIND;
+ result = CURLE_LDAP_CANNOT_BIND;
goto quit;
}
rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope,
- ludp->lud_filter, ludp->lud_attrs, 0, &result);
+ ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg);
if(rc != 0 && rc != LDAP_SIZELIMIT_EXCEEDED) {
failf(data, "LDAP remote: %s", ldap_err2string(rc));
- status = CURLE_LDAP_SEARCH_FAILED;
+ result = CURLE_LDAP_SEARCH_FAILED;
goto quit;
}
- for(num = 0, entryIterator = ldap_first_entry(server, result);
+ for(num = 0, entryIterator = ldap_first_entry(server, ldapmsg);
entryIterator;
entryIterator = ldap_next_entry(server, entryIterator), num++) {
BerElement *ber = NULL;
+#if defined(USE_WIN32_LDAP)
+ TCHAR *attribute;
+#else
char *attribute; /*! suspicious that this isn't 'const' */
- char *dn = ldap_get_dn(server, entryIterator);
+#endif
int i;
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)dn, 0);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+ /* Get the DN and write it to the client */
+ {
+ char *name;
+ size_t name_len;
+#if defined(USE_WIN32_LDAP)
+ TCHAR *dn = ldap_get_dn(server, entryIterator);
+ name = Curl_convert_tchar_to_UTF8(dn);
+ if(!name) {
+ ldap_memfree(dn);
+
+ result = CURLE_OUT_OF_MEMORY;
+
+ goto quit;
+ }
+#else
+ char *dn = name = ldap_get_dn(server, entryIterator);
+#endif
+ name_len = strlen(name);
+
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
+ if(result) {
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(name);
+#endif
+ ldap_memfree(dn);
- dlsize += strlen(dn)+5;
+ goto quit;
+ }
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *) name,
+ name_len);
+ if(result) {
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(name);
+#endif
+ ldap_memfree(dn);
+
+ goto quit;
+ }
+
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+ if(result) {
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(name);
+#endif
+ ldap_memfree(dn);
+
+ goto quit;
+ }
+
+ dlsize += name_len + 5;
+
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(name);
+#endif
+ ldap_memfree(dn);
+ }
+
+ /* Get the attributes and write them to the client */
for(attribute = ldap_first_attribute(server, entryIterator, &ber);
attribute;
attribute = ldap_next_attribute(server, entryIterator, ber)) {
- BerValue **vals = ldap_get_values_len(server, entryIterator, attribute);
+ BerValue **vals;
+ size_t attr_len;
+#if defined(USE_WIN32_LDAP)
+ char *attr = Curl_convert_tchar_to_UTF8(attribute);
+ if(!attr) {
+ if(ber)
+ ber_free(ber, 0);
+
+ result = CURLE_OUT_OF_MEMORY;
+
+ goto quit;
+ }
+#else
+ char *attr = attribute;
+#endif
+ attr_len = strlen(attr);
+ vals = ldap_get_values_len(server, entryIterator, attribute);
if(vals != NULL) {
for(i = 0; (vals[i] != NULL); i++) {
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *) attribute, 0);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
- dlsize += strlen(attribute)+3;
-
- if((strlen(attribute) > 7) &&
- (strcmp(";binary",
- (char *)attribute +
- (strlen((char *)attribute) - 7)) == 0)) {
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
+ if(result) {
+ ldap_value_free_len(vals);
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
+ ldap_memfree(attribute);
+ if(ber)
+ ber_free(ber, 0);
+
+ goto quit;
+ }
+
+ result = Curl_client_write(conn, CLIENTWRITE_BODY,
+ (char *) attr, attr_len);
+ if(result) {
+ ldap_value_free_len(vals);
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
+ ldap_memfree(attribute);
+ if(ber)
+ ber_free(ber, 0);
+
+ goto quit;
+ }
+
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
+ if(result) {
+ ldap_value_free_len(vals);
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
+ ldap_memfree(attribute);
+ if(ber)
+ ber_free(ber, 0);
+
+ goto quit;
+ }
+
+ dlsize += attr_len + 3;
+
+ if((attr_len > 7) &&
+ (strcmp(";binary", (char *) attr + (attr_len - 7)) == 0)) {
/* Binary attribute, encode to base64. */
- CURLcode error = Curl_base64_encode(data,
- vals[i]->bv_val,
- vals[i]->bv_len,
- &val_b64,
- &val_b64_sz);
- if(error) {
+ result = Curl_base64_encode(data,
+ vals[i]->bv_val,
+ vals[i]->bv_len,
+ &val_b64,
+ &val_b64_sz);
+ if(result) {
ldap_value_free_len(vals);
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
ldap_memfree(attribute);
- ldap_memfree(dn);
if(ber)
ber_free(ber, 0);
- status = error;
+
goto quit;
}
+
if(val_b64_sz > 0) {
- Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, val_b64_sz);
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, val_b64,
+ val_b64_sz);
free(val_b64);
+ if(result) {
+ ldap_value_free_len(vals);
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
+ ldap_memfree(attribute);
+ if(ber)
+ ber_free(ber, 0);
+
+ goto quit;
+ }
+
dlsize += val_b64_sz;
}
}
else {
- Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val,
- vals[i]->bv_len);
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, vals[i]->bv_val,
+ vals[i]->bv_len);
+ if(result) {
+ ldap_value_free_len(vals);
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
+ ldap_memfree(attribute);
+ if(ber)
+ ber_free(ber, 0);
+
+ goto quit;
+ }
+
dlsize += vals[i]->bv_len;
}
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+ if(result) {
+ ldap_value_free_len(vals);
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
+ ldap_memfree(attribute);
+ if(ber)
+ ber_free(ber, 0);
+
+ goto quit;
+ }
+
dlsize++;
}
/* Free memory used to store values */
ldap_value_free_len(vals);
}
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+
+ /* Free the attribute as we are done with it */
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(attr);
+#endif
+ ldap_memfree(attribute);
+
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+ if(result)
+ goto quit;
dlsize++;
Curl_pgrsSetDownloadCounter(data, dlsize);
- ldap_memfree(attribute);
}
- ldap_memfree(dn);
+
if(ber)
ber_free(ber, 0);
}
quit:
- if(result) {
- ldap_msgfree(result);
- LDAP_TRACE (("Received %d entries\n", num));
+ if(ldapmsg) {
+ ldap_msgfree(ldapmsg);
+ LDAP_TRACE(("Received %d entries\n", num));
}
if(rc == LDAP_SIZELIMIT_EXCEEDED)
infof(data, "There are more than %d entries\n", num);
@@ -464,15 +742,19 @@ quit:
ldapssl_client_deinit();
#endif /* HAVE_LDAP_SSL && CURL_HAS_NOVELL_LDAPSDK */
+#if defined(USE_WIN32_LDAP)
+ Curl_unicodefree(host);
+#endif
+
/* no data to transfer */
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
- conn->bits.close = TRUE;
+ connclose(conn, "LDAP connection always disable re-use");
- return status;
+ return result;
}
#ifdef DEBUG_LDAP
-static void _ldap_trace (const char *fmt, ...)
+static void _ldap_trace(const char *fmt, ...)
{
static int do_trace = -1;
va_list args;
@@ -484,9 +766,9 @@ static void _ldap_trace (const char *fmt, ...)
if(!do_trace)
return;
- va_start (args, fmt);
- vfprintf (stderr, fmt, args);
- va_end (args);
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
}
#endif
@@ -495,74 +777,51 @@ static void _ldap_trace (const char *fmt, ...)
/*
* Return scope-value for a scope-string.
*/
-static int str2scope (const char *p)
+static int str2scope(const char *p)
{
- if(strequal(p, "one"))
- return LDAP_SCOPE_ONELEVEL;
- if(strequal(p, "onetree"))
- return LDAP_SCOPE_ONELEVEL;
- if(strequal(p, "base"))
- return LDAP_SCOPE_BASE;
- if(strequal(p, "sub"))
- return LDAP_SCOPE_SUBTREE;
- if(strequal( p, "subtree"))
- return LDAP_SCOPE_SUBTREE;
+ if(strcasecompare(p, "one"))
+ return LDAP_SCOPE_ONELEVEL;
+ if(strcasecompare(p, "onetree"))
+ return LDAP_SCOPE_ONELEVEL;
+ if(strcasecompare(p, "base"))
+ return LDAP_SCOPE_BASE;
+ if(strcasecompare(p, "sub"))
+ return LDAP_SCOPE_SUBTREE;
+ if(strcasecompare(p, "subtree"))
+ return LDAP_SCOPE_SUBTREE;
return (-1);
}
/*
* Split 'str' into strings separated by commas.
- * Note: res[] points into 'str'.
+ * Note: out[] points into 'str'.
*/
-static char **split_str (char *str)
+static bool split_str(char *str, char ***out, size_t *count)
{
- char **res, *lasts, *s;
- int i;
-
- for(i = 2, s = strchr(str,','); s; i++)
- s = strchr(++s,',');
+ char **res;
+ char *lasts;
+ char *s;
+ size_t i;
+ size_t items = 1;
+
+ s = strchr(str, ',');
+ while(s) {
+ items++;
+ s = strchr(++s, ',');
+ }
- res = calloc(i, sizeof(char*));
+ res = calloc(items, sizeof(char *));
if(!res)
- return NULL;
+ return FALSE;
- for(i = 0, s = strtok_r(str, ",", &lasts); s;
+ for(i = 0, s = strtok_r(str, ",", &lasts); s && i < items;
s = strtok_r(NULL, ",", &lasts), i++)
res[i] = s;
- return res;
-}
-/*
- * Unescape the LDAP-URL components
- */
-static bool unescape_elements (void *data, LDAPURLDesc *ludp)
-{
- int i;
+ *out = res;
+ *count = items;
- if(ludp->lud_filter) {
- ludp->lud_filter = curl_easy_unescape(data, ludp->lud_filter, 0, NULL);
- if(!ludp->lud_filter)
- return FALSE;
- }
-
- for(i = 0; ludp->lud_attrs && ludp->lud_attrs[i]; i++) {
- ludp->lud_attrs[i] = curl_easy_unescape(data, ludp->lud_attrs[i],
- 0, NULL);
- if(!ludp->lud_attrs[i])
- return FALSE;
- ludp->lud_attrs_dups++;
- }
-
- if(ludp->lud_dn) {
- char *dn = ludp->lud_dn;
- char *new_dn = curl_easy_unescape(data, dn, 0, NULL);
-
- free(dn);
- ludp->lud_dn = new_dn;
- if(!new_dn)
- return (FALSE);
- }
- return (TRUE);
+ return TRUE;
}
/*
@@ -579,93 +838,216 @@ static bool unescape_elements (void *data, LDAPURLDesc *ludp)
*
* Defined in RFC4516 section 2.
*/
-static int _ldap_url_parse2 (const struct connectdata *conn, LDAPURLDesc *ludp)
+static int _ldap_url_parse2(const struct connectdata *conn, LDAPURLDesc *ludp)
{
- char *p, *q;
- int i;
+ int rc = LDAP_SUCCESS;
+ char *path;
+ char *p;
+ char *q;
+ size_t i;
if(!conn->data ||
- !conn->data->state.path ||
- conn->data->state.path[0] != '/' ||
- !checkprefix("LDAP", conn->data->change.url))
+ !conn->data->state.path ||
+ conn->data->state.path[0] != '/' ||
+ !checkprefix("LDAP", conn->data->change.url))
return LDAP_INVALID_SYNTAX;
ludp->lud_scope = LDAP_SCOPE_BASE;
ludp->lud_port = conn->remote_port;
ludp->lud_host = conn->host.name;
- /* parse DN (Distinguished Name).
- */
- ludp->lud_dn = strdup(conn->data->state.path+1);
- if(!ludp->lud_dn)
+ /* Duplicate the path */
+ p = path = strdup(conn->data->state.path + 1);
+ if(!path)
return LDAP_NO_MEMORY;
- p = strchr(ludp->lud_dn, '?');
- LDAP_TRACE (("DN '%.*s'\n", p ? (size_t)(p-ludp->lud_dn) :
- strlen(ludp->lud_dn), ludp->lud_dn));
+ /* Parse the DN (Distinguished Name) */
+ q = strchr(p, '?');
+ if(q)
+ *q++ = '\0';
+
+ if(*p) {
+ char *dn = p;
+ char *unescaped;
+ CURLcode result;
- if(!p)
- goto success;
+ LDAP_TRACE(("DN '%s'\n", dn));
+
+ /* Unescape the DN */
+ result = Curl_urldecode(conn->data, dn, 0, &unescaped, NULL, FALSE);
+ if(result) {
+ rc = LDAP_NO_MEMORY;
+
+ goto quit;
+ }
+
+#if defined(USE_WIN32_LDAP)
+ /* Convert the unescaped string to a tchar */
+ ludp->lud_dn = Curl_convert_UTF8_to_tchar(unescaped);
- *p++ = '\0';
+ /* Free the unescaped string as we are done with it */
+ Curl_unicodefree(unescaped);
- /* parse attributes. skip "??".
- */
+ if(!ludp->lud_dn) {
+ rc = LDAP_NO_MEMORY;
+
+ goto quit;
+ }
+#else
+ ludp->lud_dn = unescaped;
+#endif
+ }
+
+ p = q;
+ if(!p)
+ goto quit;
+
+ /* Parse the attributes. skip "??" */
q = strchr(p, '?');
if(q)
*q++ = '\0';
- if(*p && *p != '?') {
- ludp->lud_attrs = split_str(p);
- if(!ludp->lud_attrs)
- return LDAP_NO_MEMORY;
+ if(*p) {
+ char **attributes;
+ size_t count = 0;
+
+ /* Split the string into an array of attributes */
+ if(!split_str(p, &attributes, &count)) {
+ rc = LDAP_NO_MEMORY;
- for(i = 0; ludp->lud_attrs[i]; i++)
- LDAP_TRACE (("attr[%d] '%s'\n", i, ludp->lud_attrs[i]));
+ goto quit;
+ }
+
+ /* Allocate our array (+1 for the NULL entry) */
+#if defined(USE_WIN32_LDAP)
+ ludp->lud_attrs = calloc(count + 1, sizeof(TCHAR *));
+#else
+ ludp->lud_attrs = calloc(count + 1, sizeof(char *));
+#endif
+ if(!ludp->lud_attrs) {
+ free(attributes);
+
+ rc = LDAP_NO_MEMORY;
+
+ goto quit;
+ }
+
+ for(i = 0; i < count; i++) {
+ char *unescaped;
+ CURLcode result;
+
+ LDAP_TRACE(("attr[%d] '%s'\n", i, attributes[i]));
+
+ /* Unescape the attribute */
+ result = Curl_urldecode(conn->data, attributes[i], 0, &unescaped, NULL,
+ FALSE);
+ if(result) {
+ free(attributes);
+
+ rc = LDAP_NO_MEMORY;
+
+ goto quit;
+ }
+
+#if defined(USE_WIN32_LDAP)
+ /* Convert the unescaped string to a tchar */
+ ludp->lud_attrs[i] = Curl_convert_UTF8_to_tchar(unescaped);
+
+ /* Free the unescaped string as we are done with it */
+ Curl_unicodefree(unescaped);
+
+ if(!ludp->lud_attrs[i]) {
+ free(attributes);
+
+ rc = LDAP_NO_MEMORY;
+
+ goto quit;
+ }
+#else
+ ludp->lud_attrs[i] = unescaped;
+#endif
+
+ ludp->lud_attrs_dups++;
+ }
+
+ free(attributes);
}
p = q;
if(!p)
- goto success;
+ goto quit;
- /* parse scope. skip "??"
- */
+ /* Parse the scope. skip "??" */
q = strchr(p, '?');
if(q)
*q++ = '\0';
- if(*p && *p != '?') {
+ if(*p) {
ludp->lud_scope = str2scope(p);
if(ludp->lud_scope == -1) {
- return LDAP_INVALID_SYNTAX;
+ rc = LDAP_INVALID_SYNTAX;
+
+ goto quit;
}
- LDAP_TRACE (("scope %d\n", ludp->lud_scope));
+ LDAP_TRACE(("scope %d\n", ludp->lud_scope));
}
p = q;
if(!p)
- goto success;
+ goto quit;
- /* parse filter
- */
+ /* Parse the filter */
q = strchr(p, '?');
if(q)
*q++ = '\0';
- if(!*p) {
- return LDAP_INVALID_SYNTAX;
+
+ if(*p) {
+ char *filter = p;
+ char *unescaped;
+ CURLcode result;
+
+ LDAP_TRACE(("filter '%s'\n", filter));
+
+ /* Unescape the filter */
+ result = Curl_urldecode(conn->data, filter, 0, &unescaped, NULL, FALSE);
+ if(result) {
+ rc = LDAP_NO_MEMORY;
+
+ goto quit;
+ }
+
+#if defined(USE_WIN32_LDAP)
+ /* Convert the unescaped string to a tchar */
+ ludp->lud_filter = Curl_convert_UTF8_to_tchar(unescaped);
+
+ /* Free the unescaped string as we are done with it */
+ Curl_unicodefree(unescaped);
+
+ if(!ludp->lud_filter) {
+ rc = LDAP_NO_MEMORY;
+
+ goto quit;
+ }
+#else
+ ludp->lud_filter = unescaped;
+#endif
}
- ludp->lud_filter = p;
- LDAP_TRACE (("filter '%s'\n", ludp->lud_filter));
+ p = q;
+ if(p && !*p) {
+ rc = LDAP_INVALID_SYNTAX;
- success:
- if(!unescape_elements(conn->data, ludp))
- return LDAP_NO_MEMORY;
- return LDAP_SUCCESS;
+ goto quit;
+ }
+
+quit:
+ free(path);
+
+ return rc;
}
-static int _ldap_url_parse (const struct connectdata *conn,
- LDAPURLDesc **ludpp)
+static int _ldap_url_parse(const struct connectdata *conn,
+ LDAPURLDesc **ludpp)
{
LDAPURLDesc *ludp = calloc(1, sizeof(*ludp));
int rc;
@@ -674,7 +1056,7 @@ static int _ldap_url_parse (const struct connectdata *conn,
if(!ludp)
return LDAP_NO_MEMORY;
- rc = _ldap_url_parse2 (conn, ludp);
+ rc = _ldap_url_parse2(conn, ludp);
if(rc != LDAP_SUCCESS) {
_ldap_free_urldesc(ludp);
ludp = NULL;
@@ -683,18 +1065,15 @@ static int _ldap_url_parse (const struct connectdata *conn,
return (rc);
}
-static void _ldap_free_urldesc (LDAPURLDesc *ludp)
+static void _ldap_free_urldesc(LDAPURLDesc *ludp)
{
size_t i;
if(!ludp)
return;
- if(ludp->lud_dn)
- free(ludp->lud_dn);
-
- if(ludp->lud_filter)
- free(ludp->lud_filter);
+ free(ludp->lud_dn);
+ free(ludp->lud_filter);
if(ludp->lud_attrs) {
for(i = 0; i < ludp->lud_attrs_dups; i++)
@@ -702,7 +1081,7 @@ static void _ldap_free_urldesc (LDAPURLDesc *ludp)
free(ludp->lud_attrs);
}
- free (ludp);
+ free(ludp);
}
#endif /* !HAVE_LDAP_URL_PARSE */
#endif /* !CURL_DISABLE_LDAP && !USE_OPENLDAP */
diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist
new file mode 100644
index 0000000000..2e377865b2
--- /dev/null
+++ b/libs/libcurl/src/libcurl.plist
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd">
+<plist version="0.9">
+<dict>
+ <key>CFBundleInfoDictionaryVersion</key>
+ <string>6.0</string>
+
+ <key>CFBundleDevelopmentRegion</key>
+ <string>English</string>
+
+ <key>CFBundleExecutable</key>
+ <string>curl</string>
+
+ <key>CFBundleIdentifier</key>
+ <string>se.haxx.curl.libcurl</string>
+
+ <key>CFBundleVersion</key>
+ <string>7.57.0</string>
+
+ <key>CFBundleName</key>
+ <string>libcurl</string>
+
+ <key>CFBundlePackageType</key>
+ <string>FMWK</string>
+
+ <key>CFBundleSignature</key>
+ <string>????</string>
+
+ <key>CFBundleShortVersionString</key>
+ <string>libcurl 7.57.0</string>
+
+ <key>CFBundleGetInfoString</key>
+ <string>libcurl.plist 7.57.0</string>
+</dict>
+</plist>
diff --git a/libs/libcurl/src/libcurl.rc b/libs/libcurl/src/libcurl.rc
index e1a819bcc2..3316fba191 100644
--- a/libs/libcurl/src/libcurl.rc
+++ b/libs/libcurl/src/libcurl.rc
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -44,15 +44,15 @@ BEGIN
BEGIN
BLOCK "040904b0"
BEGIN
- VALUE "CompanyName", "The cURL library, http://curl.haxx.se/\0"
+ VALUE "CompanyName", "The curl library, https://curl.haxx.se/\0"
VALUE "FileDescription", "libcurl Shared Library\0"
VALUE "FileVersion", LIBCURL_VERSION "\0"
VALUE "InternalName", "libcurl\0"
VALUE "OriginalFilename", "libcurl.dll\0"
- VALUE "ProductName", "The cURL library\0"
+ VALUE "ProductName", "The curl library\0"
VALUE "ProductVersion", LIBCURL_VERSION "\0"
- VALUE "LegalCopyright", "© " LIBCURL_COPYRIGHT "\0"
- VALUE "License", "http://curl.haxx.se/docs/copyright.html\0"
+ VALUE "LegalCopyright", "\xa9 " LIBCURL_COPYRIGHT "\0" /* a9: Copyright symbol */
+ VALUE "License", "https://curl.haxx.se/docs/copyright.html\0"
END
END
diff --git a/libs/libcurl/src/libcurl.vers.in b/libs/libcurl/src/libcurl.vers.in
new file mode 100644
index 0000000000..ae978a485d
--- /dev/null
+++ b/libs/libcurl/src/libcurl.vers.in
@@ -0,0 +1,13 @@
+HIDDEN
+{
+ local:
+ __*;
+ _rest*;
+ _save*;
+};
+
+CURL_@CURL_LT_SHLIB_VERSIONED_FLAVOUR@4
+{
+ global: curl_*;
+ local: *;
+};
diff --git a/libs/libcurl/src/llist.c b/libs/libcurl/src/llist.c
index 40bb628379..f8769c2af8 100644
--- a/libs/libcurl/src/llist.c
+++ b/libs/libcurl/src/llist.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,6 +22,8 @@
#include "curl_setup.h"
+#include <curl/curl.h>
+
#include "llist.h"
#include "curl_memory.h"
@@ -31,8 +33,8 @@
/*
* @unittest: 1300
*/
-static void
-llist_init(struct curl_llist *l, curl_llist_dtor dtor)
+void
+Curl_llist_init(struct curl_llist *l, curl_llist_dtor dtor)
{
l->size = 0;
l->dtor = dtor;
@@ -40,20 +42,6 @@ llist_init(struct curl_llist *l, curl_llist_dtor dtor)
l->tail = NULL;
}
-struct curl_llist *
-Curl_llist_alloc(curl_llist_dtor dtor)
-{
- struct curl_llist *list;
-
- list = malloc(sizeof(struct curl_llist));
- if(!list)
- return NULL;
-
- llist_init(list, dtor);
-
- return list;
-}
-
/*
* Curl_llist_insert_next()
*
@@ -61,18 +49,15 @@ Curl_llist_alloc(curl_llist_dtor dtor)
* entry is NULL and the list already has elements, the new one will be
* inserted first in the list.
*
- * Returns: 1 on success and 0 on failure.
+ * The 'ne' argument should be a pointer into the object to store.
*
* @unittest: 1300
*/
-int
+void
Curl_llist_insert_next(struct curl_llist *list, struct curl_llist_element *e,
- const void *p)
+ const void *p,
+ struct curl_llist_element *ne)
{
- struct curl_llist_element *ne = malloc(sizeof(struct curl_llist_element));
- if(!ne)
- return 0;
-
ne->ptr = (void *) p;
if(list->size == 0) {
list->head = ne;
@@ -99,19 +84,18 @@ Curl_llist_insert_next(struct curl_llist *list, struct curl_llist_element *e,
}
++list->size;
-
- return 1;
}
/*
* @unittest: 1300
*/
-int
+void
Curl_llist_remove(struct curl_llist *list, struct curl_llist_element *e,
void *user)
{
+ void *ptr;
if(e == NULL || list->size == 0)
- return 1;
+ return;
if(e == list->head) {
list->head = e->next;
@@ -122,23 +106,28 @@ Curl_llist_remove(struct curl_llist *list, struct curl_llist_element *e,
e->next->prev = NULL;
}
else {
- e->prev->next = e->next;
+ if(!e->prev)
+ list->head = e->next;
+ else
+ e->prev->next = e->next;
+
if(!e->next)
list->tail = e->prev;
else
e->next->prev = e->prev;
}
- list->dtor(user, e->ptr);
+ ptr = e->ptr;
e->ptr = NULL;
e->prev = NULL;
e->next = NULL;
- free(e);
--list->size;
- return 1;
+ /* call the dtor() last for when it actually frees the 'e' memory itself */
+ if(list->dtor)
+ list->dtor(user, ptr);
}
void
@@ -147,8 +136,6 @@ Curl_llist_destroy(struct curl_llist *list, void *user)
if(list) {
while(list->size > 0)
Curl_llist_remove(list, list->tail, user);
-
- free(list);
}
}
@@ -161,13 +148,13 @@ Curl_llist_count(struct curl_llist *list)
/*
* @unittest: 1300
*/
-int Curl_llist_move(struct curl_llist *list, struct curl_llist_element *e,
- struct curl_llist *to_list,
- struct curl_llist_element *to_e)
+void Curl_llist_move(struct curl_llist *list, struct curl_llist_element *e,
+ struct curl_llist *to_list,
+ struct curl_llist_element *to_e)
{
/* Remove element from list */
if(e == NULL || list->size == 0)
- return 0;
+ return;
if(e == list->head) {
list->head = e->next;
@@ -207,6 +194,4 @@ int Curl_llist_move(struct curl_llist *list, struct curl_llist_element *e,
}
++to_list->size;
-
- return 1;
}
diff --git a/libs/libcurl/src/llist.h b/libs/libcurl/src/llist.h
index 27ddb719a5..6b644b99c8 100644
--- a/libs/libcurl/src/llist.h
+++ b/libs/libcurl/src/llist.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -29,7 +29,6 @@ typedef void (*curl_llist_dtor)(void *, void *);
struct curl_llist_element {
void *ptr;
-
struct curl_llist_element *prev;
struct curl_llist_element *next;
};
@@ -37,21 +36,19 @@ struct curl_llist_element {
struct curl_llist {
struct curl_llist_element *head;
struct curl_llist_element *tail;
-
curl_llist_dtor dtor;
-
size_t size;
};
-struct curl_llist *Curl_llist_alloc(curl_llist_dtor);
-int Curl_llist_insert_next(struct curl_llist *, struct curl_llist_element *,
- const void *);
-int Curl_llist_remove(struct curl_llist *, struct curl_llist_element *,
- void *);
+void Curl_llist_init(struct curl_llist *, curl_llist_dtor);
+void Curl_llist_insert_next(struct curl_llist *, struct curl_llist_element *,
+ const void *, struct curl_llist_element *node);
+void Curl_llist_remove(struct curl_llist *, struct curl_llist_element *,
+ void *);
size_t Curl_llist_count(struct curl_llist *);
void Curl_llist_destroy(struct curl_llist *, void *);
-int Curl_llist_move(struct curl_llist *, struct curl_llist_element *,
- struct curl_llist *, struct curl_llist_element *);
+void Curl_llist_move(struct curl_llist *, struct curl_llist_element *,
+ struct curl_llist *, struct curl_llist_element *);
#endif /* HEADER_CURL_LLIST_H */
diff --git a/libs/libcurl/src/makefile.amiga b/libs/libcurl/src/makefile.amiga
new file mode 100644
index 0000000000..c692e5ebe3
--- /dev/null
+++ b/libs/libcurl/src/makefile.amiga
@@ -0,0 +1,21 @@
+#
+# libcurl Makefile for AmigaOS ...
+#
+
+# change the follow to where you have the AmiTCP SDK v4.3 includes:
+
+ATCPSDKI= /GG/netinclude
+
+
+CC = m68k-amigaos-gcc
+CFLAGS = -I$(ATCPSDKI) -m68020-60 -O2 -msoft-float -noixemul -g -I. -I../include -W -Wall
+
+include Makefile.inc
+OBJS = $(CSOURCES:.c=.o)
+
+all: $(OBJS)
+ ar cru libcurl.a $(OBJS)
+ ranlib libcurl.a
+
+install:
+ $(INSTALL) -c ./libcurl.a /lib/libcurl.a
diff --git a/libs/libcurl/src/makefile.dj b/libs/libcurl/src/makefile.dj
new file mode 100644
index 0000000000..8ab2d575da
--- /dev/null
+++ b/libs/libcurl/src/makefile.dj
@@ -0,0 +1,72 @@
+#***************************************************************************
+# _ _ ____ _
+# Project ___| | | | _ \| |
+# / __| | | | |_) | |
+# | (__| |_| | _ <| |___
+# \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2003 - 2008, Gisle Vanem <gvanem@yahoo.no>.
+# Copyright (C) 2003 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at https://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+#
+# Adapted for djgpp2 / Watt-32 / DOS
+#
+
+DEPEND_PREREQ = curl_config.h
+VPATH = vtls vauth
+TOPDIR = ..
+
+include ../packages/DOS/common.dj
+include Makefile.inc
+
+CFLAGS += -DBUILDING_LIBCURL
+
+SOURCES = $(sort $(CSOURCES))
+OBJECTS = $(addprefix $(OBJ_DIR)/, $(notdir $(SOURCES:.c=.o)))
+
+CURL_LIB = libcurl.a
+
+all: $(OBJ_DIR) curl_config.h $(CURL_LIB)
+
+$(CURL_LIB): $(OBJECTS)
+ ar rs $@ $?
+
+curl_config.h: config-dos.h
+ $(COPY) $^ $@
+
+# clean generated files
+#
+genclean:
+ - $(DELETE) curl_config.h
+
+# clean object files and subdir
+#
+objclean: genclean
+ - $(DELETE) $(OBJ_DIR)$(DS)*.o
+ - $(RMDIR) $(OBJ_DIR)
+
+# clean without removing built library
+#
+clean: objclean
+ - $(DELETE) depend.dj
+
+# clean everything
+#
+realclean vclean: clean
+ - $(DELETE) $(CURL_LIB)
+
+-include depend.dj
+
diff --git a/libs/libcurl/src/md4.c b/libs/libcurl/src/md4.c
index 6930e021af..2bb7dcc25a 100644
--- a/libs/libcurl/src/md4.c
+++ b/libs/libcurl/src/md4.c
@@ -1,282 +1,307 @@
-/*-
- Copyright (C) 1990-2, RSA Data Security, Inc. All rights reserved.
-
- License to copy and use this software is granted provided that it
- is identified as the "RSA Data Security, Inc. MD4 Message-Digest
- Algorithm" in all material mentioning or referencing this software
- or this function.
-
- License is also granted to make and use derivative works provided
- that such works are identified as "derived from the RSA Data
- Security, Inc. MD4 Message-Digest Algorithm" in all material
- mentioning or referencing the derived work.
-
- RSA Data Security, Inc. makes no representations concerning either
- the merchantability of this software or the suitability of this
- software for any particular purpose. It is provided "as is"
- without express or implied warranty of any kind.
-
- These notices must be retained in any copies of any part of this
- documentation and/or software.
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD4 Message-Digest Algorithm (RFC 1320).
+ *
+ * Homepage:
+ http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001. No copyright is
+ * claimed, and the software is hereby placed in the public domain. In case
+ * this attempt to disclaim copyright and place the software in the public
+ * domain is deemed null and void, then the software is Copyright (c) 2001
+ * Alexander Peslyak and it is hereby released to the general public under the
+ * following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * (This is a heavily cut-down "BSD license".)
+ *
+ * This differs from Colin Plumb's older public domain implementation in that
+ * no exactly 32-bit integer data type is required (any 32-bit or wider
+ * unsigned integer data type will do), there's no compile-time endianness
+ * configuration, and the function prototypes match OpenSSL's. No code from
+ * Colin Plumb's implementation has been reused; this comment merely compares
+ * the properties of the two independent implementations.
+ *
+ * The primary goals of this implementation are portability and ease of use.
+ * It is meant to be fast, but not as fast as possible. Some known
+ * optimizations are not included to reduce source code size and avoid
+ * compile-time configuration.
*/
#include "curl_setup.h"
-/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
- * a local implementation of it */
-#ifdef USE_NSS
+/* The NSS, OS/400 and sometimes mbed TLS crypto libraries do not provide the
+ * MD4 hash algorithm, so we have a local implementation of it */
+#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \
+ (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))
#include "curl_md4.h"
#include "warnless.h"
-typedef unsigned int UINT4;
+#ifndef HAVE_OPENSSL
-typedef struct MD4Context {
- UINT4 state[4]; /* state (ABCD) */
- UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
- unsigned char buffer[64]; /* input buffer */
+#include <string.h>
+
+/* Any 32-bit or wider unsigned integer data type will do */
+typedef unsigned int MD4_u32plus;
+
+typedef struct {
+ MD4_u32plus lo, hi;
+ MD4_u32plus a, b, c, d;
+ unsigned char buffer[64];
+ MD4_u32plus block[16];
} MD4_CTX;
-/* Constants for MD4Transform routine.
- */
-#define S11 3
-#define S12 7
-#define S13 11
-#define S14 19
-#define S21 3
-#define S22 5
-#define S23 9
-#define S24 13
-#define S31 3
-#define S32 9
-#define S33 11
-#define S34 15
-
-static void MD4Transform(UINT4 [4], const unsigned char [64]);
-static void Encode(unsigned char *, UINT4 *, unsigned int);
-static void Decode(UINT4 *, const unsigned char *, unsigned int);
-
-static unsigned char PADDING[64] = {
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/* F, G and H are basic MD4 functions.
- */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
+static void MD4_Init(MD4_CTX *ctx);
+static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size);
+static void MD4_Final(unsigned char *result, MD4_CTX *ctx);
-/* ROTATE_LEFT rotates x left n bits.
+/*
+ * The basic MD4 functions.
+ *
+ * F and G are optimized compared to their RFC 1320 definitions, with the
+ * optimization for F borrowed from Colin Plumb's MD5 implementation.
*/
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG and HH are transformations for rounds 1, 2 and 3 */
-/* Rotation is separate from addition to prevent recomputation */
-#define FF(a, b, c, d, x, s) { \
- (a) += F ((b), (c), (d)) + (x); \
- (a) = ROTATE_LEFT ((a), (s)); \
- }
-#define GG(a, b, c, d, x, s) { \
- (a) += G ((b), (c), (d)) + (x) + (UINT4)0x5a827999; \
- (a) = ROTATE_LEFT ((a), (s)); \
- }
-#define HH(a, b, c, d, x, s) { \
- (a) += H ((b), (c), (d)) + (x) + (UINT4)0x6ed9eba1; \
- (a) = ROTATE_LEFT ((a), (s)); \
- }
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
-/* MD4 initialization. Begins an MD4 operation, writing a new context.
+/*
+ * The MD4 transformation for all three rounds.
*/
-static void MD4Init(MD4_CTX *context)
+#define STEP(f, a, b, c, d, x, s) \
+ (a) += f((b), (c), (d)) + (x); \
+ (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s))));
+
+/*
+ * SET reads 4 input bytes in little-endian byte order and stores them
+ * in a properly aligned word in host byte order.
+ *
+ * The check for little-endian architectures that tolerate unaligned
+ * memory accesses is just an optimization. Nothing will break if it
+ * doesn't work.
+ */
+#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
+#define SET(n) \
+ (*(MD4_u32plus *)(void *)&ptr[(n) * 4])
+#define GET(n) \
+ SET(n)
+#else
+#define SET(n) \
+ (ctx->block[(n)] = \
+ (MD4_u32plus)ptr[(n) * 4] | \
+ ((MD4_u32plus)ptr[(n) * 4 + 1] << 8) | \
+ ((MD4_u32plus)ptr[(n) * 4 + 2] << 16) | \
+ ((MD4_u32plus)ptr[(n) * 4 + 3] << 24))
+#define GET(n) \
+ (ctx->block[(n)])
+#endif
+
+/*
+ * This processes one or more 64-byte data blocks, but does NOT update
+ * the bit counters. There are no alignment requirements.
+ */
+static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
{
- context->count[0] = context->count[1] = 0;
-
- /* Load magic initialization constants.
- */
- context->state[0] = 0x67452301;
- context->state[1] = 0xefcdab89;
- context->state[2] = 0x98badcfe;
- context->state[3] = 0x10325476;
+ const unsigned char *ptr;
+ MD4_u32plus a, b, c, d;
+ MD4_u32plus saved_a, saved_b, saved_c, saved_d;
+
+ ptr = (const unsigned char *)data;
+
+ a = ctx->a;
+ b = ctx->b;
+ c = ctx->c;
+ d = ctx->d;
+
+ do {
+ saved_a = a;
+ saved_b = b;
+ saved_c = c;
+ saved_d = d;
+
+/* Round 1 */
+ STEP(F, a, b, c, d, SET(0), 3)
+ STEP(F, d, a, b, c, SET(1), 7)
+ STEP(F, c, d, a, b, SET(2), 11)
+ STEP(F, b, c, d, a, SET(3), 19)
+ STEP(F, a, b, c, d, SET(4), 3)
+ STEP(F, d, a, b, c, SET(5), 7)
+ STEP(F, c, d, a, b, SET(6), 11)
+ STEP(F, b, c, d, a, SET(7), 19)
+ STEP(F, a, b, c, d, SET(8), 3)
+ STEP(F, d, a, b, c, SET(9), 7)
+ STEP(F, c, d, a, b, SET(10), 11)
+ STEP(F, b, c, d, a, SET(11), 19)
+ STEP(F, a, b, c, d, SET(12), 3)
+ STEP(F, d, a, b, c, SET(13), 7)
+ STEP(F, c, d, a, b, SET(14), 11)
+ STEP(F, b, c, d, a, SET(15), 19)
+
+/* Round 2 */
+ STEP(G, a, b, c, d, GET(0) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(4) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(8) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(12) + 0x5a827999, 13)
+ STEP(G, a, b, c, d, GET(1) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(5) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(9) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(13) + 0x5a827999, 13)
+ STEP(G, a, b, c, d, GET(2) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(6) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(10) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(14) + 0x5a827999, 13)
+ STEP(G, a, b, c, d, GET(3) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(7) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(11) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(15) + 0x5a827999, 13)
+
+/* Round 3 */
+ STEP(H, a, b, c, d, GET(0) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(8) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(4) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(12) + 0x6ed9eba1, 15)
+ STEP(H, a, b, c, d, GET(2) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(10) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(6) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(14) + 0x6ed9eba1, 15)
+ STEP(H, a, b, c, d, GET(1) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(9) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(5) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(13) + 0x6ed9eba1, 15)
+ STEP(H, a, b, c, d, GET(3) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(11) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(7) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(15) + 0x6ed9eba1, 15)
+
+ a += saved_a;
+ b += saved_b;
+ c += saved_c;
+ d += saved_d;
+
+ ptr += 64;
+ } while(size -= 64);
+
+ ctx->a = a;
+ ctx->b = b;
+ ctx->c = c;
+ ctx->d = d;
+
+ return ptr;
}
-/* MD4 block update operation. Continues an MD4 message-digest
- operation, processing another message block, and updating the
- context.
- */
-static void MD4Update(MD4_CTX *context, const unsigned char *input,
- unsigned int inputLen)
+static void MD4_Init(MD4_CTX *ctx)
{
- unsigned int i, bufindex, partLen;
-
- /* Compute number of bytes mod 64 */
- bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
- /* Update number of bits */
- if((context->count[0] += ((UINT4)inputLen << 3))
- < ((UINT4)inputLen << 3))
- context->count[1]++;
- context->count[1] += ((UINT4)inputLen >> 29);
-
- partLen = 64 - bufindex;
- /* Transform as many times as possible.
- */
- if(inputLen >= partLen) {
- memcpy(&context->buffer[bufindex], input, partLen);
- MD4Transform (context->state, context->buffer);
-
- for(i = partLen; i + 63 < inputLen; i += 64)
- MD4Transform (context->state, &input[i]);
-
- bufindex = 0;
- }
- else
- i = 0;
+ ctx->a = 0x67452301;
+ ctx->b = 0xefcdab89;
+ ctx->c = 0x98badcfe;
+ ctx->d = 0x10325476;
- /* Buffer remaining input */
- memcpy(&context->buffer[bufindex], &input[i], inputLen-i);
+ ctx->lo = 0;
+ ctx->hi = 0;
}
-/* MD4 padding. */
-static void MD4Pad(MD4_CTX *context)
+static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
{
- unsigned char bits[8];
- unsigned int bufindex, padLen;
+ MD4_u32plus saved_lo;
+ unsigned long used, available;
- /* Save number of bits */
- Encode (bits, context->count, 8);
+ saved_lo = ctx->lo;
+ ctx->lo = (saved_lo + size) & 0x1fffffff;
+ if(ctx->lo < saved_lo)
+ ctx->hi++;
+ ctx->hi += (MD4_u32plus)size >> 29;
- /* Pad out to 56 mod 64.
- */
- bufindex = (unsigned int)((context->count[0] >> 3) & 0x3f);
- padLen = (bufindex < 56) ? (56 - bufindex) : (120 - bufindex);
- MD4Update (context, PADDING, padLen);
+ used = saved_lo & 0x3f;
- /* Append length (before padding) */
- MD4Update (context, bits, 8);
-}
+ if(used) {
+ available = 64 - used;
-/* MD4 finalization. Ends an MD4 message-digest operation, writing the
- the message digest and zeroizing the context.
- */
-static void MD4Final (unsigned char digest[16], MD4_CTX *context)
-{
- /* Do padding */
- MD4Pad (context);
+ if(size < available) {
+ memcpy(&ctx->buffer[used], data, size);
+ return;
+ }
- /* Store state in digest */
- Encode (digest, context->state, 16);
+ memcpy(&ctx->buffer[used], data, available);
+ data = (const unsigned char *)data + available;
+ size -= available;
+ body(ctx, ctx->buffer, 64);
+ }
- /* Zeroize sensitive information.
- */
- memset(context, 0, sizeof(*context));
-}
+ if(size >= 64) {
+ data = body(ctx, data, size & ~(unsigned long)0x3f);
+ size &= 0x3f;
+ }
-/* MD4 basic transformation. Transforms state based on block.
- */
-static void MD4Transform (UINT4 state[4], const unsigned char block[64])
-{
- UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
-
- Decode (x, block, 64);
-
- /* Round 1 */
- FF (a, b, c, d, x[ 0], S11); /* 1 */
- FF (d, a, b, c, x[ 1], S12); /* 2 */
- FF (c, d, a, b, x[ 2], S13); /* 3 */
- FF (b, c, d, a, x[ 3], S14); /* 4 */
- FF (a, b, c, d, x[ 4], S11); /* 5 */
- FF (d, a, b, c, x[ 5], S12); /* 6 */
- FF (c, d, a, b, x[ 6], S13); /* 7 */
- FF (b, c, d, a, x[ 7], S14); /* 8 */
- FF (a, b, c, d, x[ 8], S11); /* 9 */
- FF (d, a, b, c, x[ 9], S12); /* 10 */
- FF (c, d, a, b, x[10], S13); /* 11 */
- FF (b, c, d, a, x[11], S14); /* 12 */
- FF (a, b, c, d, x[12], S11); /* 13 */
- FF (d, a, b, c, x[13], S12); /* 14 */
- FF (c, d, a, b, x[14], S13); /* 15 */
- FF (b, c, d, a, x[15], S14); /* 16 */
-
- /* Round 2 */
- GG (a, b, c, d, x[ 0], S21); /* 17 */
- GG (d, a, b, c, x[ 4], S22); /* 18 */
- GG (c, d, a, b, x[ 8], S23); /* 19 */
- GG (b, c, d, a, x[12], S24); /* 20 */
- GG (a, b, c, d, x[ 1], S21); /* 21 */
- GG (d, a, b, c, x[ 5], S22); /* 22 */
- GG (c, d, a, b, x[ 9], S23); /* 23 */
- GG (b, c, d, a, x[13], S24); /* 24 */
- GG (a, b, c, d, x[ 2], S21); /* 25 */
- GG (d, a, b, c, x[ 6], S22); /* 26 */
- GG (c, d, a, b, x[10], S23); /* 27 */
- GG (b, c, d, a, x[14], S24); /* 28 */
- GG (a, b, c, d, x[ 3], S21); /* 29 */
- GG (d, a, b, c, x[ 7], S22); /* 30 */
- GG (c, d, a, b, x[11], S23); /* 31 */
- GG (b, c, d, a, x[15], S24); /* 32 */
-
- /* Round 3 */
- HH (a, b, c, d, x[ 0], S31); /* 33 */
- HH (d, a, b, c, x[ 8], S32); /* 34 */
- HH (c, d, a, b, x[ 4], S33); /* 35 */
- HH (b, c, d, a, x[12], S34); /* 36 */
- HH (a, b, c, d, x[ 2], S31); /* 37 */
- HH (d, a, b, c, x[10], S32); /* 38 */
- HH (c, d, a, b, x[ 6], S33); /* 39 */
- HH (b, c, d, a, x[14], S34); /* 40 */
- HH (a, b, c, d, x[ 1], S31); /* 41 */
- HH (d, a, b, c, x[ 9], S32); /* 42 */
- HH (c, d, a, b, x[ 5], S33); /* 43 */
- HH (b, c, d, a, x[13], S34); /* 44 */
- HH (a, b, c, d, x[ 3], S31); /* 45 */
- HH (d, a, b, c, x[11], S32); /* 46 */
- HH (c, d, a, b, x[ 7], S33); /* 47 */
- HH (b, c, d, a, x[15], S34); /* 48 */
-
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
-
- /* Zeroize sensitive information.
- */
- memset(x, 0, sizeof(x));
+ memcpy(ctx->buffer, data, size);
}
-/* Encodes input (UINT4) into output (unsigned char). Assumes len is
- a multiple of 4.
- */
-static void Encode(unsigned char *output, UINT4 *input, unsigned int len)
+static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
{
- unsigned int i, j;
+ unsigned long used, available;
- for(i = 0, j = 0; j < len; i++, j += 4) {
- output[j] = (unsigned char)(input[i] & 0xff);
- output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
- output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
- output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
- }
-}
+ used = ctx->lo & 0x3f;
-/* Decodes input (unsigned char) into output (UINT4). Assumes len is
- a multiple of 4.
- */
-static void Decode (UINT4 *output, const unsigned char *input,
- unsigned int len)
-{
- unsigned int i, j;
+ ctx->buffer[used++] = 0x80;
+
+ available = 64 - used;
- for(i = 0, j = 0; j < len; i++, j += 4)
- output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
- (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
+ if(available < 8) {
+ memset(&ctx->buffer[used], 0, available);
+ body(ctx, ctx->buffer, 64);
+ used = 0;
+ available = 64;
+ }
+
+ memset(&ctx->buffer[used], 0, available - 8);
+
+ ctx->lo <<= 3;
+ ctx->buffer[56] = curlx_ultouc((ctx->lo)&0xff);
+ ctx->buffer[57] = curlx_ultouc((ctx->lo >> 8)&0xff);
+ ctx->buffer[58] = curlx_ultouc((ctx->lo >> 16)&0xff);
+ ctx->buffer[59] = curlx_ultouc((ctx->lo >> 24)&0xff);
+ ctx->buffer[60] = curlx_ultouc((ctx->hi)&0xff);
+ ctx->buffer[61] = curlx_ultouc((ctx->hi >> 8)&0xff);
+ ctx->buffer[62] = curlx_ultouc((ctx->hi >> 16)&0xff);
+ ctx->buffer[63] = curlx_ultouc(ctx->hi >> 24);
+
+ body(ctx, ctx->buffer, 64);
+
+ result[0] = curlx_ultouc((ctx->a)&0xff);
+ result[1] = curlx_ultouc((ctx->a >> 8)&0xff);
+ result[2] = curlx_ultouc((ctx->a >> 16)&0xff);
+ result[3] = curlx_ultouc(ctx->a >> 24);
+ result[4] = curlx_ultouc((ctx->b)&0xff);
+ result[5] = curlx_ultouc((ctx->b >> 8)&0xff);
+ result[6] = curlx_ultouc((ctx->b >> 16)&0xff);
+ result[7] = curlx_ultouc(ctx->b >> 24);
+ result[8] = curlx_ultouc((ctx->c)&0xff);
+ result[9] = curlx_ultouc((ctx->c >> 8)&0xff);
+ result[10] = curlx_ultouc((ctx->c >> 16)&0xff);
+ result[11] = curlx_ultouc(ctx->c >> 24);
+ result[12] = curlx_ultouc((ctx->d)&0xff);
+ result[13] = curlx_ultouc((ctx->d >> 8)&0xff);
+ result[14] = curlx_ultouc((ctx->d >> 16)&0xff);
+ result[15] = curlx_ultouc(ctx->d >> 24);
+
+ memset(ctx, 0, sizeof(*ctx));
}
+#endif
+
void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
{
MD4_CTX ctx;
- MD4Init(&ctx);
- MD4Update(&ctx, input, curlx_uztoui(len));
- MD4Final(output, &ctx);
+ MD4_Init(&ctx);
+ MD4_Update(&ctx, input, curlx_uztoui(len));
+ MD4_Final(output, &ctx);
}
-#endif /* USE_NSS */
+#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||
+ (defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */
diff --git a/libs/libcurl/src/md5.c b/libs/libcurl/src/md5.c
index d8344dbe43..80301a1412 100644
--- a/libs/libcurl/src/md5.c
+++ b/libs/libcurl/src/md5.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,15 +24,16 @@
#ifndef CURL_DISABLE_CRYPTO_AUTH
+#include <curl/curl.h>
+
#include "curl_md5.h"
#include "curl_hmac.h"
#include "warnless.h"
-#include "curl_memory.h"
-
#if defined(USE_GNUTLS_NETTLE)
#include <nettle/md5.h>
+#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -44,7 +45,7 @@ static void MD5_Init(MD5_CTX * ctx)
}
static void MD5_Update(MD5_CTX * ctx,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
md5_update(ctx, inputLen, input);
@@ -58,6 +59,7 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
#elif defined(USE_GNUTLS)
#include <gcrypt.h>
+#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -69,7 +71,7 @@ static void MD5_Init(MD5_CTX * ctx)
}
static void MD5_Update(MD5_CTX * ctx,
- const unsigned char * input,
+ const unsigned char *input,
unsigned int inputLen)
{
gcry_md_write(*ctx, input, inputLen);
@@ -81,14 +83,12 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
gcry_md_close(*ctx);
}
-#elif defined(USE_SSLEAY)
+#elif defined(USE_OPENSSL)
/* When OpenSSL is available we use the MD5-function from OpenSSL */
-
-# ifdef USE_OPENSSL
-# include <openssl/md5.h>
-# else
-# include <md5.h>
-# endif
+#include <openssl/md5.h>
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \
(__MAC_OS_X_VERSION_MAX_ALLOWED >= 1040)) || \
@@ -103,6 +103,9 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */
# include <CommonCrypto/CommonDigest.h>
# define MD5_CTX CC_MD5_CTX
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
static void MD5_Init(MD5_CTX *ctx)
{
@@ -121,9 +124,12 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
CC_MD5_Final(digest, ctx);
}
-#elif defined(_WIN32)
+#elif defined(_WIN32) && !defined(CURL_WINDOWS_APP)
#include <wincrypt.h>
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
typedef struct {
HCRYPTPROV hCryptProv;
@@ -147,7 +153,7 @@ static void MD5_Update(MD5_CTX *ctx,
static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
{
- unsigned long length;
+ unsigned long length = 0;
CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0);
if(length == 16)
CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &length, 0);
@@ -157,314 +163,327 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
CryptReleaseContext(ctx->hCryptProv, 0);
}
+#elif defined(USE_AXTLS)
+#include <axTLS/config.h>
+#include <axTLS/os_int.h>
+#include <axTLS/crypto.h>
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
#else
/* When no other crypto library is available we use this code segment */
-
-/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
-rights reserved.
-
-License to copy and use this software is granted provided that it
-is identified as the "RSA Data Security, Inc. MD5 Message-Digest
-Algorithm" in all material mentioning or referencing this software
-or this function.
-
-License is also granted to make and use derivative works provided
-that such works are identified as "derived from the RSA Data
-Security, Inc. MD5 Message-Digest Algorithm" in all material
-mentioning or referencing the derived work.
-
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
-
-These notices must be retained in any copies of any part of this
-documentation and/or software.
+/*
+ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
+ * MD5 Message-Digest Algorithm (RFC 1321).
+ *
+ * Homepage:
+ http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
+ *
+ * Author:
+ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
+ *
+ * This software was written by Alexander Peslyak in 2001. No copyright is
+ * claimed, and the software is hereby placed in the public domain.
+ * In case this attempt to disclaim copyright and place the software in the
+ * public domain is deemed null and void, then the software is
+ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
+ * general public under the following terms:
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
+ *
+ * (This is a heavily cut-down "BSD license".)
+ *
+ * This differs from Colin Plumb's older public domain implementation in that
+ * no exactly 32-bit integer data type is required (any 32-bit or wider
+ * unsigned integer data type will do), there's no compile-time endianness
+ * configuration, and the function prototypes match OpenSSL's. No code from
+ * Colin Plumb's implementation has been reused; this comment merely compares
+ * the properties of the two independent implementations.
+ *
+ * The primary goals of this implementation are portability and ease of use.
+ * It is meant to be fast, but not as fast as possible. Some known
+ * optimizations are not included to reduce source code size and avoid
+ * compile-time configuration.
*/
-/* UINT4 defines a four byte word */
-typedef unsigned int UINT4;
-
-/* MD5 context. */
-struct md5_ctx {
- UINT4 state[4]; /* state (ABCD) */
- UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
- unsigned char buffer[64]; /* input buffer */
-};
+#include <string.h>
-typedef struct md5_ctx MD5_CTX;
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
-static void MD5_Init(struct md5_ctx *);
-static void MD5_Update(struct md5_ctx *, const unsigned char *, unsigned int);
-static void MD5_Final(unsigned char [16], struct md5_ctx *);
+/* Any 32-bit or wider unsigned integer data type will do */
+typedef unsigned int MD5_u32plus;
-/* Constants for MD5Transform routine.
- */
+typedef struct {
+ MD5_u32plus lo, hi;
+ MD5_u32plus a, b, c, d;
+ unsigned char buffer[64];
+ MD5_u32plus block[16];
+} MD5_CTX;
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
-
-static void MD5Transform(UINT4 [4], const unsigned char [64]);
-static void Encode(unsigned char *, UINT4 *, unsigned int);
-static void Decode(UINT4 *, const unsigned char *, unsigned int);
-
-static const unsigned char PADDING[64] = {
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
+static void MD5_Init(MD5_CTX *ctx);
+static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
+static void MD5_Final(unsigned char *result, MD5_CTX *ctx);
-/* F, G, H and I are basic MD5 functions.
+/*
+ * The basic MD5 functions.
+ *
+ * F and G are optimized compared to their RFC 1321 definitions for
+ * architectures that lack an AND-NOT instruction, just like in Colin Plumb's
+ * implementation.
*/
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits.
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
+#define H(x, y, z) (((x) ^ (y)) ^ (z))
+#define H2(x, y, z) ((x) ^ ((y) ^ (z)))
+#define I(x, y, z) ((y) ^ ((x) | ~(z)))
+
+/*
+ * The MD5 transformation for all four rounds.
*/
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
-Rotation is separate from addition to prevent recomputation.
+#define STEP(f, a, b, c, d, x, t, s) \
+ (a) += f((b), (c), (d)) + (x) + (t); \
+ (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
+ (a) += (b);
+
+/*
+ * SET reads 4 input bytes in little-endian byte order and stores them
+ * in a properly aligned word in host byte order.
+ *
+ * The check for little-endian architectures that tolerate unaligned
+ * memory accesses is just an optimization. Nothing will break if it
+ * doesn't work.
*/
-#define FF(a, b, c, d, x, s, ac) { \
- (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define GG(a, b, c, d, x, s, ac) { \
- (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define HH(a, b, c, d, x, s, ac) { \
- (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define II(a, b, c, d, x, s, ac) { \
- (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-
-/* MD5 initialization. Begins an MD5 operation, writing a new context.
+#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
+#define SET(n) \
+ (*(MD5_u32plus *)(void *)&ptr[(n) * 4])
+#define GET(n) \
+ SET(n)
+#else
+#define SET(n) \
+ (ctx->block[(n)] = \
+ (MD5_u32plus)ptr[(n) * 4] | \
+ ((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \
+ ((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \
+ ((MD5_u32plus)ptr[(n) * 4 + 3] << 24))
+#define GET(n) \
+ (ctx->block[(n)])
+#endif
+
+/*
+ * This processes one or more 64-byte data blocks, but does NOT update
+ * the bit counters. There are no alignment requirements.
*/
-static void MD5_Init(struct md5_ctx *context)
+static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
{
- context->count[0] = context->count[1] = 0;
- /* Load magic initialization constants. */
- context->state[0] = 0x67452301;
- context->state[1] = 0xefcdab89;
- context->state[2] = 0x98badcfe;
- context->state[3] = 0x10325476;
+ const unsigned char *ptr;
+ MD5_u32plus a, b, c, d;
+ MD5_u32plus saved_a, saved_b, saved_c, saved_d;
+
+ ptr = (const unsigned char *)data;
+
+ a = ctx->a;
+ b = ctx->b;
+ c = ctx->c;
+ d = ctx->d;
+
+ do {
+ saved_a = a;
+ saved_b = b;
+ saved_c = c;
+ saved_d = d;
+
+/* Round 1 */
+ STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7)
+ STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
+ STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
+ STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
+ STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
+ STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
+ STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
+ STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
+ STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
+ STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
+ STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
+ STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
+ STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
+ STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
+ STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
+ STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
+
+/* Round 2 */
+ STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
+ STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
+ STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
+ STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
+ STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
+ STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
+ STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
+ STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
+ STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
+ STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
+ STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
+ STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
+ STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
+ STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
+ STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
+ STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
+
+/* Round 3 */
+ STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
+ STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11)
+ STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
+ STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23)
+ STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
+ STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11)
+ STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
+ STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23)
+ STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
+ STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11)
+ STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
+ STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23)
+ STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
+ STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11)
+ STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
+ STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23)
+
+/* Round 4 */
+ STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
+ STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
+ STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
+ STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
+ STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
+ STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
+ STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
+ STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
+ STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
+ STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
+ STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
+ STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
+ STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
+ STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
+ STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
+ STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
+
+ a += saved_a;
+ b += saved_b;
+ c += saved_c;
+ d += saved_d;
+
+ ptr += 64;
+ } while(size -= 64);
+
+ ctx->a = a;
+ ctx->b = b;
+ ctx->c = c;
+ ctx->d = d;
+
+ return ptr;
}
-/* MD5 block update operation. Continues an MD5 message-digest
- operation, processing another message block, and updating the
- context.
- */
-static void MD5_Update (struct md5_ctx *context, /* context */
- const unsigned char *input, /* input block */
- unsigned int inputLen) /* length of input block */
+static void MD5_Init(MD5_CTX *ctx)
+{
+ ctx->a = 0x67452301;
+ ctx->b = 0xefcdab89;
+ ctx->c = 0x98badcfe;
+ ctx->d = 0x10325476;
+
+ ctx->lo = 0;
+ ctx->hi = 0;
+}
+
+static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
{
- unsigned int i, bufindex, partLen;
+ MD5_u32plus saved_lo;
+ unsigned long used, available;
- /* Compute number of bytes mod 64 */
- bufindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
+ saved_lo = ctx->lo;
+ ctx->lo = (saved_lo + size) & 0x1fffffff;
+ if(ctx->lo < saved_lo)
+ ctx->hi++;
+ ctx->hi += (MD5_u32plus)size >> 29;
- /* Update number of bits */
- if((context->count[0] += ((UINT4)inputLen << 3))
- < ((UINT4)inputLen << 3))
- context->count[1]++;
- context->count[1] += ((UINT4)inputLen >> 29);
+ used = saved_lo & 0x3f;
- partLen = 64 - bufindex;
+ if(used) {
+ available = 64 - used;
- /* Transform as many times as possible. */
- if(inputLen >= partLen) {
- memcpy(&context->buffer[bufindex], input, partLen);
- MD5Transform(context->state, context->buffer);
+ if(size < available) {
+ memcpy(&ctx->buffer[used], data, size);
+ return;
+ }
- for(i = partLen; i + 63 < inputLen; i += 64)
- MD5Transform(context->state, &input[i]);
+ memcpy(&ctx->buffer[used], data, available);
+ data = (const unsigned char *)data + available;
+ size -= available;
+ body(ctx, ctx->buffer, 64);
+ }
- bufindex = 0;
+ if(size >= 64) {
+ data = body(ctx, data, size & ~(unsigned long)0x3f);
+ size &= 0x3f;
}
- else
- i = 0;
- /* Buffer remaining input */
- memcpy(&context->buffer[bufindex], &input[i], inputLen-i);
+ memcpy(ctx->buffer, data, size);
}
-/* MD5 finalization. Ends an MD5 message-digest operation, writing the
- the message digest and zeroizing the context.
-*/
-static void MD5_Final(unsigned char digest[16], /* message digest */
- struct md5_ctx *context) /* context */
+static void MD5_Final(unsigned char *result, MD5_CTX *ctx)
{
- unsigned char bits[8];
- unsigned int count, padLen;
-
- /* Save number of bits */
- Encode (bits, context->count, 8);
-
- /* Pad out to 56 mod 64. */
- count = (unsigned int)((context->count[0] >> 3) & 0x3f);
- padLen = (count < 56) ? (56 - count) : (120 - count);
- MD5_Update (context, PADDING, padLen);
+ unsigned long used, available;
- /* Append length (before padding) */
- MD5_Update (context, bits, 8);
+ used = ctx->lo & 0x3f;
- /* Store state in digest */
- Encode (digest, context->state, 16);
-
- /* Zeroize sensitive information. */
- memset ((void *)context, 0, sizeof (*context));
-}
+ ctx->buffer[used++] = 0x80;
-/* MD5 basic transformation. Transforms state based on block. */
-static void MD5Transform(UINT4 state[4],
- const unsigned char block[64])
-{
- UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
-
- Decode (x, block, 64);
-
- /* Round 1 */
- FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
- FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
- FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
- FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
- FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
- FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
- FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
- FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
- FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
- FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
- FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
- FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
- FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
- FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
- FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
- FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
- /* Round 2 */
- GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
- GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
- GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
- GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
- GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
- GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
- GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
- GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
- GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
- GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
- GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
- GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
- GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
- GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
- GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
- GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
- /* Round 3 */
- HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
- HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
- HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
- HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
- HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
- HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
- HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
- HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
- HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
- HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
- HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
- HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
- HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
- HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
- HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
- HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
- /* Round 4 */
- II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
- II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
- II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
- II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
- II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
- II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
- II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
- II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
- II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
- II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
- II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
- II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
- II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
- II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
- II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
- II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
-
- /* Zeroize sensitive information. */
- memset((void *)x, 0, sizeof (x));
-}
+ available = 64 - used;
-/* Encodes input (UINT4) into output (unsigned char). Assumes len is
- a multiple of 4.
- */
-static void Encode (unsigned char *output,
- UINT4 *input,
- unsigned int len)
-{
- unsigned int i, j;
-
- for(i = 0, j = 0; j < len; i++, j += 4) {
- output[j] = (unsigned char)(input[i] & 0xff);
- output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
- output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
- output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
+ if(available < 8) {
+ memset(&ctx->buffer[used], 0, available);
+ body(ctx, ctx->buffer, 64);
+ used = 0;
+ available = 64;
}
-}
-
-/* Decodes input (unsigned char) into output (UINT4). Assumes len is
- a multiple of 4.
-*/
-static void Decode (UINT4 *output,
- const unsigned char *input,
- unsigned int len)
-{
- unsigned int i, j;
- for(i = 0, j = 0; j < len; i++, j += 4)
- output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
- (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
+ memset(&ctx->buffer[used], 0, available - 8);
+
+ ctx->lo <<= 3;
+ ctx->buffer[56] = curlx_ultouc((ctx->lo)&0xff);
+ ctx->buffer[57] = curlx_ultouc((ctx->lo >> 8)&0xff);
+ ctx->buffer[58] = curlx_ultouc((ctx->lo >> 16)&0xff);
+ ctx->buffer[59] = curlx_ultouc(ctx->lo >> 24);
+ ctx->buffer[60] = curlx_ultouc((ctx->hi)&0xff);
+ ctx->buffer[61] = curlx_ultouc((ctx->hi >> 8)&0xff);
+ ctx->buffer[62] = curlx_ultouc((ctx->hi >> 16)&0xff);
+ ctx->buffer[63] = curlx_ultouc(ctx->hi >> 24);
+
+ body(ctx, ctx->buffer, 64);
+
+ result[0] = curlx_ultouc((ctx->a)&0xff);
+ result[1] = curlx_ultouc((ctx->a >> 8)&0xff);
+ result[2] = curlx_ultouc((ctx->a >> 16)&0xff);
+ result[3] = curlx_ultouc(ctx->a >> 24);
+ result[4] = curlx_ultouc((ctx->b)&0xff);
+ result[5] = curlx_ultouc((ctx->b >> 8)&0xff);
+ result[6] = curlx_ultouc((ctx->b >> 16)&0xff);
+ result[7] = curlx_ultouc(ctx->b >> 24);
+ result[8] = curlx_ultouc((ctx->c)&0xff);
+ result[9] = curlx_ultouc((ctx->c >> 8)&0xff);
+ result[10] = curlx_ultouc((ctx->c >> 16)&0xff);
+ result[11] = curlx_ultouc(ctx->c >> 24);
+ result[12] = curlx_ultouc((ctx->d)&0xff);
+ result[13] = curlx_ultouc((ctx->d >> 8)&0xff);
+ result[14] = curlx_ultouc((ctx->d >> 16)&0xff);
+ result[15] = curlx_ultouc(ctx->d >> 24);
+
+ memset(ctx, 0, sizeof(*ctx));
}
#endif /* CRYPTO LIBS */
-/* The last #include file should be: */
-#include "memdebug.h"
-
const HMAC_params Curl_HMAC_MD5[] = {
{
(HMAC_hinit_func) MD5_Init, /* Hash initialization function. */
@@ -486,6 +505,9 @@ const MD5_params Curl_DIGEST_MD5[] = {
}
};
+/*
+ * @unittest: 1601
+ */
void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
const unsigned char *input)
{
diff --git a/libs/libcurl/src/memdebug.c b/libs/libcurl/src/memdebug.c
index 7d68af874c..2b81c26a6f 100644
--- a/libs/libcurl/src/memdebug.c
+++ b/libs/libcurl/src/memdebug.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,18 +26,15 @@
#include <curl/curl.h>
-#define _MPRINTF_REPLACE
-#include <curl/mprintf.h>
#include "urldata.h"
#define MEMDEBUG_NODEFINES /* don't redefine the standard functions */
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
#include "memdebug.h"
-#ifndef HAVE_ASSERT_H
-# define assert(x) Curl_nop_stmt
-#endif
-
/*
* Until 2011-08-17 libcurl's Memory Tracking feature also performed
* automatic malloc and free filling operations using 0xA5 and 0x13
@@ -89,7 +86,7 @@ struct memdebug {
union {
curl_off_t o;
double d;
- void * p;
+ void *p;
} mem[1];
/* I'm hoping this is the thing with the strictest alignment
* requirements. That also means we waste some space :-( */
@@ -113,12 +110,13 @@ void curl_memdebug(const char *logname)
{
if(!logfile) {
if(logname && *logname)
- logfile = fopen(logname, "w");
+ logfile = fopen(logname, FOPEN_WRITETEXT);
else
logfile = stderr;
#ifdef MEMDEBUG_LOG_SYNC
/* Flush the log file after every line so the log isn't lost in a crash */
- setvbuf(logfile, (char *)NULL, _IOLBF, 0);
+ if(logfile)
+ setbuf(logfile, (char *)NULL);
#endif
}
}
@@ -147,17 +145,14 @@ static bool countcheck(const char *func, int line, const char *source)
/* log to stderr also */
fprintf(stderr, "LIMIT %s:%d %s reached memlimit\n",
source, line, func);
+ fflush(logfile); /* because it might crash now */
}
- SET_ERRNO(ENOMEM);
+ errno = ENOMEM;
return TRUE; /* RETURN ERROR! */
}
else
memsize--; /* countdown */
- /* log the countdown */
- if(source)
- curl_memlog("LIMIT %s:%d %ld ALLOCS left\n",
- source, line, memsize);
}
@@ -169,13 +164,13 @@ void *curl_domalloc(size_t wantedsize, int line, const char *source)
struct memdebug *mem;
size_t size;
- assert(wantedsize != 0);
+ DEBUGASSERT(wantedsize != 0);
if(countcheck("malloc", line, source))
return NULL;
/* alloc at least 64 bytes */
- size = sizeof(struct memdebug)+wantedsize;
+ size = sizeof(struct memdebug) + wantedsize;
mem = (Curl_cmalloc)(size);
if(mem) {
@@ -198,8 +193,8 @@ void *curl_docalloc(size_t wanted_elements, size_t wanted_size,
struct memdebug *mem;
size_t size, user_size;
- assert(wanted_elements != 0);
- assert(wanted_size != 0);
+ DEBUGASSERT(wanted_elements != 0);
+ DEBUGASSERT(wanted_size != 0);
if(countcheck("calloc", line, source))
return NULL;
@@ -225,20 +220,20 @@ char *curl_dostrdup(const char *str, int line, const char *source)
char *mem;
size_t len;
- assert(str != NULL);
+ DEBUGASSERT(str != NULL);
if(countcheck("strdup", line, source))
return NULL;
- len=strlen(str)+1;
+ len = strlen(str) + 1;
- mem=curl_domalloc(len, 0, NULL); /* NULL prevents logging */
+ mem = curl_domalloc(len, 0, NULL); /* NULL prevents logging */
if(mem)
memcpy(mem, str, len);
if(source)
curl_memlog("MEM %s:%d strdup(%p) (%zu) = %p\n",
- source, line, (void *)str, len, (void *)mem);
+ source, line, (const void *)str, len, (const void *)mem);
return mem;
}
@@ -249,7 +244,7 @@ wchar_t *curl_dowcsdup(const wchar_t *str, int line, const char *source)
wchar_t *mem;
size_t wsiz, bsiz;
- assert(str != NULL);
+ DEBUGASSERT(str != NULL);
if(countcheck("wcsdup", line, source))
return NULL;
@@ -274,11 +269,11 @@ wchar_t *curl_dowcsdup(const wchar_t *str, int line, const char *source)
void *curl_dorealloc(void *ptr, size_t wantedsize,
int line, const char *source)
{
- struct memdebug *mem=NULL;
+ struct memdebug *mem = NULL;
- size_t size = sizeof(struct memdebug)+wantedsize;
+ size_t size = sizeof(struct memdebug) + wantedsize;
- assert(wantedsize != 0);
+ DEBUGASSERT(wantedsize != 0);
if(countcheck("realloc", line, source))
return NULL;
@@ -314,7 +309,7 @@ void curl_dofree(void *ptr, int line, const char *source)
{
struct memdebug *mem;
- assert(ptr != NULL);
+ if(ptr) {
#ifdef __INTEL_COMPILER
# pragma warning(push)
@@ -322,17 +317,18 @@ void curl_dofree(void *ptr, int line, const char *source)
/* 1684: conversion from pointer to same-sized integral type */
#endif
- mem = (void *)((char *)ptr - offsetof(struct memdebug, mem));
+ mem = (void *)((char *)ptr - offsetof(struct memdebug, mem));
#ifdef __INTEL_COMPILER
# pragma warning(pop)
#endif
- /* destroy */
- mt_free_fill(mem->mem, mem->size);
+ /* destroy */
+ mt_free_fill(mem->mem, mem->size);
- /* free for real */
- (Curl_cfree)(mem);
+ /* free for real */
+ (Curl_cfree)(mem);
+ }
if(source)
curl_memlog("MEM %s:%d free(%p)\n", source, line, (void *)ptr);
@@ -342,12 +338,17 @@ curl_socket_t curl_socket(int domain, int type, int protocol,
int line, const char *source)
{
const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
- "FD %s:%d socket() = %d\n" :
- (sizeof(curl_socket_t) == sizeof(long)) ?
- "FD %s:%d socket() = %ld\n" :
- "FD %s:%d socket() = %zd\n" ;
+ "FD %s:%d socket() = %d\n" :
+ (sizeof(curl_socket_t) == sizeof(long)) ?
+ "FD %s:%d socket() = %ld\n" :
+ "FD %s:%d socket() = %zd\n";
+
+ curl_socket_t sockfd;
- curl_socket_t sockfd = socket(domain, type, protocol);
+ if(countcheck("socket", line, source))
+ return CURL_SOCKET_BAD;
+
+ sockfd = socket(domain, type, protocol);
if(source && (sockfd != CURL_SOCKET_BAD))
curl_memlog(fmt, source, line, sockfd);
@@ -355,16 +356,45 @@ curl_socket_t curl_socket(int domain, int type, int protocol,
return sockfd;
}
+SEND_TYPE_RETV curl_dosend(SEND_TYPE_ARG1 sockfd,
+ SEND_QUAL_ARG2 SEND_TYPE_ARG2 buf,
+ SEND_TYPE_ARG3 len, SEND_TYPE_ARG4 flags, int line,
+ const char *source)
+{
+ SEND_TYPE_RETV rc;
+ if(countcheck("send", line, source))
+ return -1;
+ rc = send(sockfd, buf, len, flags);
+ if(source)
+ curl_memlog("SEND %s:%d send(%lu) = %ld\n",
+ source, line, (unsigned long)len, (long)rc);
+ return rc;
+}
+
+RECV_TYPE_RETV curl_dorecv(RECV_TYPE_ARG1 sockfd, RECV_TYPE_ARG2 buf,
+ RECV_TYPE_ARG3 len, RECV_TYPE_ARG4 flags, int line,
+ const char *source)
+{
+ RECV_TYPE_RETV rc;
+ if(countcheck("recv", line, source))
+ return -1;
+ rc = recv(sockfd, buf, len, flags);
+ if(source)
+ curl_memlog("RECV %s:%d recv(%lu) = %ld\n",
+ source, line, (unsigned long)len, (long)rc);
+ return rc;
+}
+
#ifdef HAVE_SOCKETPAIR
int curl_socketpair(int domain, int type, int protocol,
curl_socket_t socket_vector[2],
int line, const char *source)
{
const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
- "FD %s:%d socketpair() = %d %d\n" :
- (sizeof(curl_socket_t) == sizeof(long)) ?
- "FD %s:%d socketpair() = %ld %ld\n" :
- "FD %s:%d socketpair() = %zd %zd\n" ;
+ "FD %s:%d socketpair() = %d %d\n" :
+ (sizeof(curl_socket_t) == sizeof(long)) ?
+ "FD %s:%d socketpair() = %ld %ld\n" :
+ "FD %s:%d socketpair() = %zd %zd\n";
int res = socketpair(domain, type, protocol, socket_vector);
@@ -379,10 +409,10 @@ curl_socket_t curl_accept(curl_socket_t s, void *saddr, void *saddrlen,
int line, const char *source)
{
const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
- "FD %s:%d accept() = %d\n" :
- (sizeof(curl_socket_t) == sizeof(long)) ?
- "FD %s:%d accept() = %ld\n" :
- "FD %s:%d accept() = %zd\n" ;
+ "FD %s:%d accept() = %d\n" :
+ (sizeof(curl_socket_t) == sizeof(long)) ?
+ "FD %s:%d accept() = %ld\n" :
+ "FD %s:%d accept() = %zd\n";
struct sockaddr *addr = (struct sockaddr *)saddr;
curl_socklen_t *addrlen = (curl_socklen_t *)saddrlen;
@@ -399,10 +429,10 @@ curl_socket_t curl_accept(curl_socket_t s, void *saddr, void *saddrlen,
void curl_mark_sclose(curl_socket_t sockfd, int line, const char *source)
{
const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ?
- "FD %s:%d sclose(%d)\n" :
- (sizeof(curl_socket_t) == sizeof(long)) ?
- "FD %s:%d sclose(%ld)\n" :
- "FD %s:%d sclose(%zd)\n" ;
+ "FD %s:%d sclose(%d)\n":
+ (sizeof(curl_socket_t) == sizeof(long)) ?
+ "FD %s:%d sclose(%ld)\n":
+ "FD %s:%d sclose(%zd)\n";
if(source)
curl_memlog(fmt, source, line, sockfd);
@@ -411,7 +441,7 @@ void curl_mark_sclose(curl_socket_t sockfd, int line, const char *source)
/* this is our own defined way to close sockets on *ALL* platforms */
int curl_sclose(curl_socket_t sockfd, int line, const char *source)
{
- int res=sclose(sockfd);
+ int res = sclose(sockfd);
curl_mark_sclose(sockfd, line, source);
return res;
}
@@ -419,7 +449,7 @@ int curl_sclose(curl_socket_t sockfd, int line, const char *source)
FILE *curl_fopen(const char *file, const char *mode,
int line, const char *source)
{
- FILE *res=fopen(file, mode);
+ FILE *res = fopen(file, mode);
if(source)
curl_memlog("FILE %s:%d fopen(\"%s\",\"%s\") = %p\n",
@@ -432,7 +462,7 @@ FILE *curl_fopen(const char *file, const char *mode,
FILE *curl_fdopen(int filedes, const char *mode,
int line, const char *source)
{
- FILE *res=fdopen(filedes, mode);
+ FILE *res = fdopen(filedes, mode);
if(source)
curl_memlog("FILE %s:%d fdopen(\"%d\",\"%s\") = %p\n",
@@ -446,9 +476,9 @@ int curl_fclose(FILE *file, int line, const char *source)
{
int res;
- assert(file != NULL);
+ DEBUGASSERT(file != NULL);
- res=fclose(file);
+ res = fclose(file);
if(source)
curl_memlog("FILE %s:%d fclose(%p)\n",
@@ -459,7 +489,7 @@ int curl_fclose(FILE *file, int line, const char *source)
#define LOGLINE_BUFSIZE 1024
-/* this does the writting to the memory tracking log file */
+/* this does the writing to the memory tracking log file */
void curl_memlog(const char *format, ...)
{
char *buf;
@@ -481,7 +511,7 @@ void curl_memlog(const char *format, ...)
nchars = LOGLINE_BUFSIZE - 1;
if(nchars > 0)
- fwrite(buf, 1, nchars, logfile);
+ fwrite(buf, 1, (size_t)nchars, logfile);
(Curl_cfree)(buf);
}
diff --git a/libs/libcurl/src/memdebug.h b/libs/libcurl/src/memdebug.h
index c5bee0d865..6fb8b68511 100644
--- a/libs/libcurl/src/memdebug.h
+++ b/libs/libcurl/src/memdebug.h
@@ -8,11 +8,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -28,10 +28,6 @@
* as well as the library. Do not mix with library internals!
*/
-#include "curl_setup.h"
-
-#include <curl/curl.h>
-
#define CURL_MT_LOGFNAME_BUFSIZE 512
#define logfile curl_debuglogfile
@@ -57,19 +53,30 @@ CURL_EXTERN void curl_memlog(const char *format, ...);
/* file descriptor manipulators */
CURL_EXTERN curl_socket_t curl_socket(int domain, int type, int protocol,
- int line , const char *source);
+ int line, const char *source);
CURL_EXTERN void curl_mark_sclose(curl_socket_t sockfd,
- int line , const char *source);
+ int line, const char *source);
CURL_EXTERN int curl_sclose(curl_socket_t sockfd,
- int line , const char *source);
+ int line, const char *source);
CURL_EXTERN curl_socket_t curl_accept(curl_socket_t s, void *a, void *alen,
int line, const char *source);
#ifdef HAVE_SOCKETPAIR
CURL_EXTERN int curl_socketpair(int domain, int type, int protocol,
curl_socket_t socket_vector[2],
- int line , const char *source);
+ int line, const char *source);
#endif
+/* send/receive sockets */
+CURL_EXTERN SEND_TYPE_RETV curl_dosend(SEND_TYPE_ARG1 sockfd,
+ SEND_QUAL_ARG2 SEND_TYPE_ARG2 buf,
+ SEND_TYPE_ARG3 len,
+ SEND_TYPE_ARG4 flags, int line,
+ const char *source);
+CURL_EXTERN RECV_TYPE_RETV curl_dorecv(RECV_TYPE_ARG1 sockfd,
+ RECV_TYPE_ARG2 buf, RECV_TYPE_ARG3 len,
+ RECV_TYPE_ARG4 flags, int line,
+ const char *source);
+
/* FILE functions */
CURL_EXTERN FILE *curl_fopen(const char *file, const char *mode, int line,
const char *source);
@@ -88,6 +95,8 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
#define calloc(nbelem,size) curl_docalloc(nbelem, size, __LINE__, __FILE__)
#define realloc(ptr,size) curl_dorealloc(ptr, size, __LINE__, __FILE__)
#define free(ptr) curl_dofree(ptr, __LINE__, __FILE__)
+#define send(a,b,c,d) curl_dosend(a,b,c,d, __LINE__, __FILE__)
+#define recv(a,b,c,d) curl_dorecv(a,b,c,d, __LINE__, __FILE__)
#ifdef WIN32
# ifdef UNICODE
@@ -95,22 +104,23 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
# define wcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
# undef _wcsdup
# define _wcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
-# undef wcsdup
-# define wcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
+# undef _tcsdup
+# define _tcsdup(ptr) curl_dowcsdup(ptr, __LINE__, __FILE__)
# else
-# undef wcsdup
-# define wcsdup(ptr) curl_dostrdup(ptr, __LINE__, __FILE__)
+# undef _tcsdup
+# define _tcsdup(ptr) curl_dostrdup(ptr, __LINE__, __FILE__)
# endif
#endif
+#undef socket
#define socket(domain,type,protocol)\
- curl_socket(domain,type,protocol,__LINE__,__FILE__)
+ curl_socket(domain, type, protocol, __LINE__, __FILE__)
#undef accept /* for those with accept as a macro */
#define accept(sock,addr,len)\
- curl_accept(sock,addr,len,__LINE__,__FILE__)
+ curl_accept(sock, addr, len, __LINE__, __FILE__)
#ifdef HAVE_SOCKETPAIR
#define socketpair(domain,type,protocol,socket_vector)\
- curl_socketpair(domain,type,protocol,socket_vector,__LINE__,__FILE__)
+ curl_socketpair(domain, type, protocol, socket_vector, __LINE__, __FILE__)
#endif
#ifdef HAVE_GETADDRINFO
@@ -119,25 +129,25 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
our macro as for other platforms. Instead, we redefine the new name they
define getaddrinfo to become! */
#define ogetaddrinfo(host,serv,hint,res) \
- curl_dogetaddrinfo(host,serv,hint,res,__LINE__,__FILE__)
+ curl_dogetaddrinfo(host, serv, hint, res, __LINE__, __FILE__)
#else
#undef getaddrinfo
#define getaddrinfo(host,serv,hint,res) \
- curl_dogetaddrinfo(host,serv,hint,res,__LINE__,__FILE__)
+ curl_dogetaddrinfo(host, serv, hint, res, __LINE__, __FILE__)
#endif
#endif /* HAVE_GETADDRINFO */
#ifdef HAVE_GETNAMEINFO
#undef getnameinfo
#define getnameinfo(sa,salen,host,hostlen,serv,servlen,flags) \
- curl_dogetnameinfo(sa,salen,host,hostlen,serv,servlen,flags, __LINE__, \
- __FILE__)
+ curl_dogetnameinfo(sa, salen, host, hostlen, serv, servlen, flags, \
+ __LINE__, __FILE__)
#endif /* HAVE_GETNAMEINFO */
#ifdef HAVE_FREEADDRINFO
#undef freeaddrinfo
#define freeaddrinfo(data) \
- curl_dofreeaddrinfo(data,__LINE__,__FILE__)
+ curl_dofreeaddrinfo(data, __LINE__, __FILE__)
#endif /* HAVE_FREEADDRINFO */
/* sclose is probably already defined, redefine it! */
@@ -171,6 +181,6 @@ CURL_EXTERN int curl_fclose(FILE *file, int line, const char *source);
*/
#define Curl_safefree(ptr) \
- do {if((ptr)) {free((ptr)); (ptr) = NULL;}} WHILE_FALSE
+ do { free((ptr)); (ptr) = NULL;} WHILE_FALSE
#endif /* HEADER_CURL_MEMDEBUG_H */
diff --git a/libs/libcurl/src/mime.c b/libs/libcurl/src/mime.c
new file mode 100644
index 0000000000..457000a0b5
--- /dev/null
+++ b/libs/libcurl/src/mime.c
@@ -0,0 +1,1908 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "mime.h"
+#include "non-ascii.h"
+#include "urldata.h"
+#include "sendf.h"
+
+#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) || \
+ !defined(CURL_DISABLE_IMAP)
+
+#if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME)
+#include <libgen.h>
+#endif
+
+#include "rand.h"
+#include "slist.h"
+#include "strcase.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#ifdef WIN32
+# ifndef R_OK
+# define R_OK 4
+# endif
+#endif
+
+
+#define FILE_CONTENTTYPE_DEFAULT "application/octet-stream"
+#define MULTIPART_CONTENTTYPE_DEFAULT "multipart/mixed"
+#define DISPOSITION_DEFAULT "attachment"
+
+#define READ_ERROR ((size_t) -1)
+
+/* Encoders. */
+static size_t encoder_nop_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part);
+static curl_off_t encoder_nop_size(curl_mimepart *part);
+static size_t encoder_7bit_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part);
+static size_t encoder_base64_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part);
+static curl_off_t encoder_base64_size(curl_mimepart *part);
+static size_t encoder_qp_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part);
+static curl_off_t encoder_qp_size(curl_mimepart *part);
+
+static const mime_encoder encoders[] = {
+ {"binary", encoder_nop_read, encoder_nop_size},
+ {"8bit", encoder_nop_read, encoder_nop_size},
+ {"7bit", encoder_7bit_read, encoder_nop_size},
+ {"base64", encoder_base64_read, encoder_base64_size},
+ {"quoted-printable", encoder_qp_read, encoder_qp_size},
+ {ZERO_NULL, ZERO_NULL, ZERO_NULL}
+};
+
+/* Base64 encoding table */
+static const char base64[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* Quoted-printable character class table.
+ *
+ * We cannot rely on ctype functions since quoted-printable input data
+ * is assumed to be ascii-compatible, even on non-ascii platforms. */
+#define QP_OK 1 /* Can be represented by itself. */
+#define QP_SP 2 /* Space or tab. */
+#define QP_CR 3 /* Carriage return. */
+#define QP_LF 4 /* Line-feed. */
+static const unsigned char qp_class[] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, /* 00 - 07 */
+ 0, QP_SP, QP_LF, 0, 0, QP_CR, 0, 0, /* 08 - 0F */
+ 0, 0, 0, 0, 0, 0, 0, 0, /* 10 - 17 */
+ 0, 0, 0, 0, 0, 0, 0, 0, /* 18 - 1F */
+ QP_SP, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 20 - 27 */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 28 - 2F */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 30 - 37 */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, 0 , QP_OK, QP_OK, /* 38 - 3F */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 40 - 47 */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 48 - 4F */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 50 - 57 */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 58 - 5F */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 60 - 67 */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 68 - 6F */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, /* 70 - 77 */
+ QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, QP_OK, 0, /* 78 - 7F */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 - 8F */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 - 9F */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* A0 - AF */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* B0 - BF */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* C0 - CF */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* D0 - DF */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* E0 - EF */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 /* F0 - FF */
+};
+
+
+/* Binary --> hexadecimal ASCII table. */
+static const char aschex[] =
+ "\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x41\x42\x43\x44\x45\x46";
+
+
+
+#ifndef __VMS
+#define filesize(name, stat_data) (stat_data.st_size)
+#define fopen_read fopen
+
+#else
+
+#include <fabdef.h>
+/*
+ * get_vms_file_size does what it takes to get the real size of the file
+ *
+ * For fixed files, find out the size of the EOF block and adjust.
+ *
+ * For all others, have to read the entire file in, discarding the contents.
+ * Most posted text files will be small, and binary files like zlib archives
+ * and CD/DVD images should be either a STREAM_LF format or a fixed format.
+ *
+ */
+curl_off_t VmsRealFileSize(const char *name,
+ const struct_stat *stat_buf)
+{
+ char buffer[8192];
+ curl_off_t count;
+ int ret_stat;
+ FILE * file;
+
+ file = fopen(name, FOPEN_READTEXT); /* VMS */
+ if(file == NULL)
+ return 0;
+
+ count = 0;
+ ret_stat = 1;
+ while(ret_stat > 0) {
+ ret_stat = fread(buffer, 1, sizeof(buffer), file);
+ if(ret_stat != 0)
+ count += ret_stat;
+ }
+ fclose(file);
+
+ return count;
+}
+
+/*
+ *
+ * VmsSpecialSize checks to see if the stat st_size can be trusted and
+ * if not to call a routine to get the correct size.
+ *
+ */
+static curl_off_t VmsSpecialSize(const char *name,
+ const struct_stat *stat_buf)
+{
+ switch(stat_buf->st_fab_rfm) {
+ case FAB$C_VAR:
+ case FAB$C_VFC:
+ return VmsRealFileSize(name, stat_buf);
+ break;
+ default:
+ return stat_buf->st_size;
+ }
+}
+
+#define filesize(name, stat_data) VmsSpecialSize(name, &stat_data)
+
+/*
+ * vmsfopenread
+ *
+ * For upload to work as expected on VMS, different optional
+ * parameters must be added to the fopen command based on
+ * record format of the file.
+ *
+ */
+static FILE * vmsfopenread(const char *file, const char *mode)
+{
+ struct_stat statbuf;
+ int result;
+
+ result = stat(file, &statbuf);
+
+ switch(statbuf.st_fab_rfm) {
+ case FAB$C_VAR:
+ case FAB$C_VFC:
+ case FAB$C_STMCR:
+ return fopen(file, FOPEN_READTEXT); /* VMS */
+ break;
+ default:
+ return fopen(file, FOPEN_READTEXT, "rfm=stmlf", "ctx=stm");
+ }
+}
+
+#define fopen_read vmsfopenread
+#endif
+
+
+#ifndef HAVE_BASENAME
+/*
+ (Quote from The Open Group Base Specifications Issue 6 IEEE Std 1003.1, 2004
+ Edition)
+
+ The basename() function shall take the pathname pointed to by path and
+ return a pointer to the final component of the pathname, deleting any
+ trailing '/' characters.
+
+ If the string pointed to by path consists entirely of the '/' character,
+ basename() shall return a pointer to the string "/". If the string pointed
+ to by path is exactly "//", it is implementation-defined whether '/' or "//"
+ is returned.
+
+ If path is a null pointer or points to an empty string, basename() shall
+ return a pointer to the string ".".
+
+ The basename() function may modify the string pointed to by path, and may
+ return a pointer to static storage that may then be overwritten by a
+ subsequent call to basename().
+
+ The basename() function need not be reentrant. A function that is not
+ required to be reentrant is not required to be thread-safe.
+
+*/
+static char *Curl_basename(char *path)
+{
+ /* Ignore all the details above for now and make a quick and simple
+ implementaion here */
+ char *s1;
+ char *s2;
+
+ s1 = strrchr(path, '/');
+ s2 = strrchr(path, '\\');
+
+ if(s1 && s2) {
+ path = (s1 > s2? s1 : s2) + 1;
+ }
+ else if(s1)
+ path = s1 + 1;
+ else if(s2)
+ path = s2 + 1;
+
+ return path;
+}
+
+#define basename(x) Curl_basename((x))
+#endif
+
+
+/* Set readback state. */
+static void mimesetstate(mime_state *state, enum mimestate tok, void *ptr)
+{
+ state->state = tok;
+ state->ptr = ptr;
+ state->offset = 0;
+}
+
+
+/* Escape header string into allocated memory. */
+static char *escape_string(const char *src)
+{
+ size_t bytecount = 0;
+ size_t i;
+ char *dst;
+
+ for(i = 0; src[i]; i++)
+ if(src[i] == '"' || src[i] == '\\')
+ bytecount++;
+
+ bytecount += i;
+ dst = malloc(bytecount + 1);
+ if(!dst)
+ return NULL;
+
+ for(i = 0; *src; src++) {
+ if(*src == '"' || *src == '\\')
+ dst[i++] = '\\';
+ dst[i++] = *src;
+ }
+
+ dst[i] = '\0';
+ return dst;
+}
+
+/* Check if header matches. */
+static char *match_header(struct curl_slist *hdr, const char *lbl, size_t len)
+{
+ char *value = NULL;
+
+ if(strncasecompare(hdr->data, lbl, len) && hdr->data[len] == ':')
+ for(value = hdr->data + len + 1; *value == ' '; value++)
+ ;
+ return value;
+}
+
+/* Get a header from an slist. */
+static char *search_header(struct curl_slist *hdrlist, const char *hdr)
+{
+ size_t len = strlen(hdr);
+ char *value = NULL;
+
+ for(; !value && hdrlist; hdrlist = hdrlist->next)
+ value = match_header(hdrlist, hdr, len);
+
+ return value;
+}
+
+static char *strippath(const char *fullfile)
+{
+ char *filename;
+ char *base;
+ filename = strdup(fullfile); /* duplicate since basename() may ruin the
+ buffer it works on */
+ if(!filename)
+ return NULL;
+ base = strdup(basename(filename));
+
+ free(filename); /* free temporary buffer */
+
+ return base; /* returns an allocated string or NULL ! */
+}
+
+/* Initialize data encoder state. */
+static void cleanup_encoder_state(mime_encoder_state *p)
+{
+ p->pos = 0;
+ p->bufbeg = 0;
+ p->bufend = 0;
+}
+
+
+/* Dummy encoder. This is used for 8bit and binary content encodings. */
+static size_t encoder_nop_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part)
+{
+ mime_encoder_state *st = &part->encstate;
+ size_t insize = st->bufend - st->bufbeg;
+
+ (void) ateof;
+
+ if(size > insize)
+ size = insize;
+ if(size)
+ memcpy(buffer, st->buf, size);
+ st->bufbeg += size;
+ return size;
+}
+
+static curl_off_t encoder_nop_size(curl_mimepart *part)
+{
+ return part->datasize;
+}
+
+
+/* 7bit encoder: the encoder is just a data validity check. */
+static size_t encoder_7bit_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part)
+{
+ mime_encoder_state *st = &part->encstate;
+ size_t cursize = st->bufend - st->bufbeg;
+
+ (void) ateof;
+
+ if(size > cursize)
+ size = cursize;
+
+ for(cursize = 0; cursize < size; cursize++) {
+ *buffer = st->buf[st->bufbeg];
+ if(*buffer++ & 0x80)
+ return cursize? cursize: READ_ERROR;
+ st->bufbeg++;
+ }
+
+ return cursize;
+}
+
+
+/* Base64 content encoder. */
+static size_t encoder_base64_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part)
+{
+ mime_encoder_state *st = &part->encstate;
+ size_t cursize = 0;
+ int i;
+ char *ptr = buffer;
+
+ while(st->bufbeg < st->bufend) {
+ /* Line full ? */
+ if(st->pos > MAX_ENCODED_LINE_LENGTH - 4) {
+ /* Yes, we need 2 characters for CRLF. */
+ if(size < 2)
+ break;
+ *ptr++ = '\r';
+ *ptr++ = '\n';
+ st->pos = 0;
+ cursize += 2;
+ size -= 2;
+ }
+
+ /* Be sure there is enough space and input data for a base64 group. */
+ if(size < 4 || st->bufend - st->bufbeg < 3)
+ break;
+
+ /* Encode three bytes as four characters. */
+ i = st->buf[st->bufbeg++] & 0xFF;
+ i = (i << 8) | (st->buf[st->bufbeg++] & 0xFF);
+ i = (i << 8) | (st->buf[st->bufbeg++] & 0xFF);
+ *ptr++ = base64[(i >> 18) & 0x3F];
+ *ptr++ = base64[(i >> 12) & 0x3F];
+ *ptr++ = base64[(i >> 6) & 0x3F];
+ *ptr++ = base64[i & 0x3F];
+ cursize += 4;
+ st->pos += 4;
+ size -= 4;
+ }
+
+ /* If at eof, we have to flush the buffered data. */
+ if(ateof && size >= 4) {
+ /* Buffered data size can only be 0, 1 or 2. */
+ ptr[2] = ptr[3] = '=';
+ i = 0;
+ switch(st->bufend - st->bufbeg) {
+ case 2:
+ i = (st->buf[st->bufbeg + 1] & 0xFF) << 8;
+ /* FALLTHROUGH */
+ case 1:
+ i |= (st->buf[st->bufbeg] & 0xFF) << 16;
+ ptr[0] = base64[(i >> 18) & 0x3F];
+ ptr[1] = base64[(i >> 12) & 0x3F];
+ if(++st->bufbeg != st->bufend) {
+ ptr[2] = base64[(i >> 6) & 0x3F];
+ st->bufbeg++;
+ }
+ cursize += 4;
+ st->pos += 4;
+ break;
+ }
+ }
+
+#ifdef CURL_DOES_CONVERSIONS
+ /* This is now textual data, Convert character codes. */
+ if(part->easy && cursize) {
+ CURLcode result = Curl_convert_to_network(part->easy, buffer, cursize);
+ if(result)
+ return READ_ERROR;
+ }
+#endif
+
+ return cursize;
+}
+
+static curl_off_t encoder_base64_size(curl_mimepart *part)
+{
+ curl_off_t size = part->datasize;
+
+ if(size <= 0)
+ return size; /* Unknown size or no data. */
+
+ /* Compute base64 character count. */
+ size = 4 * (1 + (size - 1) / 3);
+
+ /* Effective character count must include CRLFs. */
+ return size + 2 * ((size - 1) / MAX_ENCODED_LINE_LENGTH);
+}
+
+
+/* Quoted-printable lookahead.
+ *
+ * Check if a CRLF or end of data is in input buffer at current position + n.
+ * Return -1 if more data needed, 1 if CRLF or end of data, else 0.
+ */
+static int qp_lookahead_eol(mime_encoder_state *st, int ateof, size_t n)
+{
+ n += st->bufbeg;
+ if(n >= st->bufend && ateof)
+ return 1;
+ if(n + 2 > st->bufend)
+ return ateof? 0: -1;
+ if(qp_class[st->buf[n] & 0xFF] == QP_CR &&
+ qp_class[st->buf[n + 1] & 0xFF] == QP_LF)
+ return 1;
+ return 0;
+}
+
+/* Quoted-printable encoder. */
+static size_t encoder_qp_read(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part)
+{
+ mime_encoder_state *st = &part->encstate;
+ char *ptr = buffer;
+ size_t cursize = 0;
+ int i;
+ size_t len;
+ size_t consumed;
+ int softlinebreak;
+ char buf[4];
+
+ /* On all platforms, input is supposed to be ASCII compatible: for this
+ reason, we use hexadecimal ASCII codes in this function rather than
+ character constants that can be interpreted as non-ascii on some
+ platforms. Preserve ASCII encoding on output too. */
+ while(st->bufbeg < st->bufend) {
+ len = 1;
+ consumed = 1;
+ i = st->buf[st->bufbeg];
+ buf[0] = (char) i;
+ buf[1] = aschex[(i >> 4) & 0xF];
+ buf[2] = aschex[i & 0xF];
+
+ switch(qp_class[st->buf[st->bufbeg] & 0xFF]) {
+ case QP_OK: /* Not a special character. */
+ break;
+ case QP_SP: /* Space or tab. */
+ /* Spacing must be escaped if followed by CRLF. */
+ switch(qp_lookahead_eol(st, ateof, 1)) {
+ case -1: /* More input data needed. */
+ return cursize;
+ case 0: /* No encoding needed. */
+ break;
+ default: /* CRLF after space or tab. */
+ buf[0] = '\x3D'; /* '=' */
+ len = 3;
+ break;
+ }
+ break;
+ case QP_CR: /* Carriage return. */
+ /* If followed by a line-feed, output the CRLF pair.
+ Else escape it. */
+ switch(qp_lookahead_eol(st, ateof, 0)) {
+ case -1: /* Need more data. */
+ return cursize;
+ case 1: /* CRLF found. */
+ buf[len++] = '\x0A'; /* Append '\n'. */
+ consumed = 2;
+ break;
+ default: /* Not followed by LF: escape. */
+ buf[0] = '\x3D'; /* '=' */
+ len = 3;
+ break;
+ }
+ break;
+ default: /* Character must be escaped. */
+ buf[0] = '\x3D'; /* '=' */
+ len = 3;
+ break;
+ }
+
+ /* Be sure the encoded character fits within maximum line length. */
+ if(buf[len - 1] != '\x0A') { /* '\n' */
+ softlinebreak = st->pos + len > MAX_ENCODED_LINE_LENGTH;
+ if(!softlinebreak && st->pos + len == MAX_ENCODED_LINE_LENGTH) {
+ /* We may use the current line only if end of data or followed by
+ a CRLF. */
+ switch(qp_lookahead_eol(st, ateof, consumed)) {
+ case -1: /* Need more data. */
+ return cursize;
+ break;
+ case 0: /* Not followed by a CRLF. */
+ softlinebreak = 1;
+ break;
+ }
+ }
+ if(softlinebreak) {
+ strcpy(buf, "\x3D\x0D\x0A"); /* "=\r\n" */
+ len = 3;
+ consumed = 0;
+ }
+ }
+
+ /* If the output buffer would overflow, do not store. */
+ if(len > size)
+ break;
+
+ /* Append to output buffer. */
+ memcpy(ptr, buf, len);
+ cursize += len;
+ ptr += len;
+ size -= len;
+ st->pos += len;
+ if(buf[len - 1] == '\x0A') /* '\n' */
+ st->pos = 0;
+ st->bufbeg += consumed;
+ }
+
+ return cursize;
+}
+
+static curl_off_t encoder_qp_size(curl_mimepart *part)
+{
+ /* Determining the size can only be done by reading the data: unless the
+ data size is 0, we return it as unknown (-1). */
+ return part->datasize? -1: 0;
+}
+
+
+/* In-memory data callbacks. */
+/* Argument is a pointer to the mime part. */
+static size_t mime_mem_read(char *buffer, size_t size, size_t nitems,
+ void *instream)
+{
+ curl_mimepart *part = (curl_mimepart *) instream;
+ size_t sz = (size_t) part->datasize - part->state.offset;
+ (void) size; /* Always 1.*/
+
+ if(sz > nitems)
+ sz = nitems;
+
+ if(sz)
+ memcpy(buffer, (char *) &part->data[part->state.offset], sz);
+
+ part->state.offset += sz;
+ return sz;
+}
+
+static int mime_mem_seek(void *instream, curl_off_t offset, int whence)
+{
+ curl_mimepart *part = (curl_mimepart *) instream;
+
+ switch(whence) {
+ case SEEK_CUR:
+ offset += part->state.offset;
+ break;
+ case SEEK_END:
+ offset += part->datasize;
+ break;
+ }
+
+ if(offset < 0 || offset > part->datasize)
+ return CURL_SEEKFUNC_FAIL;
+
+ part->state.offset = (size_t) offset;
+ return CURL_SEEKFUNC_OK;
+}
+
+static void mime_mem_free(void *ptr)
+{
+ Curl_safefree(((curl_mimepart *) ptr)->data);
+}
+
+
+/* Named file callbacks. */
+/* Argument is a pointer to the mime part. */
+static int mime_open_file(curl_mimepart * part)
+{
+ /* Open a MIMEKIND_FILE part. */
+
+ if(part->fp)
+ return 0;
+ part->fp = fopen_read(part->data, "rb");
+ return part->fp? 0: -1;
+}
+
+static size_t mime_file_read(char *buffer, size_t size, size_t nitems,
+ void *instream)
+{
+ curl_mimepart *part = (curl_mimepart *) instream;
+
+ if(mime_open_file(part))
+ return READ_ERROR;
+
+ return fread(buffer, size, nitems, part->fp);
+}
+
+static int mime_file_seek(void *instream, curl_off_t offset, int whence)
+{
+ curl_mimepart *part = (curl_mimepart *) instream;
+
+ if(whence == SEEK_SET && !offset && !part->fp)
+ return CURL_SEEKFUNC_OK; /* Not open: implicitly already at BOF. */
+
+ if(mime_open_file(part))
+ return CURL_SEEKFUNC_FAIL;
+
+ return fseek(part->fp, (long) offset, whence)?
+ CURL_SEEKFUNC_CANTSEEK: CURL_SEEKFUNC_OK;
+}
+
+static void mime_file_free(void *ptr)
+{
+ curl_mimepart *part = (curl_mimepart *) ptr;
+
+ if(part->fp) {
+ fclose(part->fp);
+ part->fp = NULL;
+ }
+ Curl_safefree(part->data);
+ part->data = NULL;
+}
+
+
+/* Subparts callbacks. */
+/* Argument is a pointer to the mime structure. */
+
+/* Readback a byte string segment. */
+static size_t readback_bytes(mime_state *state,
+ char *buffer, size_t bufsize,
+ const char *bytes, size_t numbytes,
+ const char *trail)
+{
+ size_t sz;
+
+ if(numbytes > state->offset) {
+ sz = numbytes - state->offset;
+ bytes += state->offset;
+ }
+ else {
+ size_t tsz = strlen(trail);
+
+ sz = state->offset - numbytes;
+ if(sz >= tsz)
+ return 0;
+ bytes = trail + sz;
+ sz = tsz - sz;
+ }
+
+ if(sz > bufsize)
+ sz = bufsize;
+
+ memcpy(buffer, bytes, sz);
+ state->offset += sz;
+ return sz;
+}
+
+/* Read a non-encoded part content. */
+static size_t read_part_content(curl_mimepart *part,
+ char *buffer, size_t bufsize)
+{
+ size_t sz = 0;
+
+ if(part->readfunc)
+ sz = part->readfunc(buffer, 1, bufsize, part->arg);
+ return sz;
+}
+
+/* Read and encode part content. */
+static size_t read_encoded_part_content(curl_mimepart *part,
+ char *buffer, size_t bufsize)
+{
+ mime_encoder_state *st = &part->encstate;
+ size_t cursize = 0;
+ size_t sz;
+ bool ateof = FALSE;
+
+ while(bufsize) {
+ if(st->bufbeg < st->bufend || ateof) {
+ /* Encode buffered data. */
+ sz = part->encoder->encodefunc(buffer, bufsize, ateof, part);
+ switch(sz) {
+ case 0:
+ if(ateof)
+ return cursize;
+ break;
+ case CURL_READFUNC_ABORT:
+ case CURL_READFUNC_PAUSE:
+ case READ_ERROR:
+ return cursize? cursize: sz;
+ default:
+ cursize += sz;
+ buffer += sz;
+ bufsize -= sz;
+ continue;
+ }
+ }
+
+ /* We need more data in input buffer. */
+ if(st->bufbeg) {
+ size_t len = st->bufend - st->bufbeg;
+
+ if(len)
+ memmove(st->buf, st->buf + st->bufbeg, len);
+ st->bufbeg = 0;
+ st->bufend = len;
+ }
+ if(st->bufend >= sizeof st->buf)
+ return cursize? cursize: READ_ERROR; /* Buffer full. */
+ sz = read_part_content(part, st->buf + st->bufend,
+ sizeof st->buf - st->bufend);
+ switch(sz) {
+ case 0:
+ ateof = TRUE;
+ break;
+ case CURL_READFUNC_ABORT:
+ case CURL_READFUNC_PAUSE:
+ case READ_ERROR:
+ return cursize? cursize: sz;
+ default:
+ st->bufend += sz;
+ break;
+ }
+ }
+
+ return cursize;
+}
+
+/* Readback a mime part. */
+static size_t readback_part(curl_mimepart *part,
+ char *buffer, size_t bufsize)
+{
+ size_t cursize = 0;
+ size_t sz;
+ struct curl_slist *hdr;
+#ifdef CURL_DOES_CONVERSIONS
+ char *convbuf = buffer;
+#endif
+
+ /* Readback from part. */
+
+ while(bufsize) {
+ sz = 0;
+ hdr = (struct curl_slist *) part->state.ptr;
+ switch(part->state.state) {
+ case MIMESTATE_BEGIN:
+ mimesetstate(&part->state, part->flags & MIME_BODY_ONLY? MIMESTATE_BODY:
+ MIMESTATE_CURLHEADERS, part->curlheaders);
+ break;
+ case MIMESTATE_USERHEADERS:
+ if(!hdr) {
+ mimesetstate(&part->state, MIMESTATE_EOH, NULL);
+ break;
+ }
+ if(match_header(hdr, "Content-Type", 12)) {
+ mimesetstate(&part->state, MIMESTATE_USERHEADERS, hdr->next);
+ break;
+ }
+ /* FALLTHROUGH */
+ case MIMESTATE_CURLHEADERS:
+ if(!hdr)
+ mimesetstate(&part->state, MIMESTATE_USERHEADERS, part->userheaders);
+ else {
+ sz = readback_bytes(&part->state, buffer, bufsize,
+ hdr->data, strlen(hdr->data), "\r\n");
+ if(!sz)
+ mimesetstate(&part->state, part->state.state, hdr->next);
+ }
+ break;
+ case MIMESTATE_EOH:
+ sz = readback_bytes(&part->state, buffer, bufsize, "\r\n", 2, "");
+ if(!sz)
+ mimesetstate(&part->state, MIMESTATE_BODY, NULL);
+ break;
+ case MIMESTATE_BODY:
+#ifdef CURL_DOES_CONVERSIONS
+ if(part->easy && convbuf < buffer) {
+ CURLcode result = Curl_convert_to_network(part->easy, convbuf,
+ buffer - convbuf);
+ if(result)
+ return READ_ERROR;
+ convbuf = buffer;
+ }
+#endif
+ cleanup_encoder_state(&part->encstate);
+ mimesetstate(&part->state, MIMESTATE_CONTENT, NULL);
+ break;
+ case MIMESTATE_CONTENT:
+ if(part->encoder)
+ sz = read_encoded_part_content(part, buffer, bufsize);
+ else
+ sz = read_part_content(part, buffer, bufsize);
+ switch(sz) {
+ case 0:
+ mimesetstate(&part->state, MIMESTATE_END, NULL);
+ /* Try sparing open file descriptors. */
+ if(part->kind == MIMEKIND_FILE && part->fp) {
+ fclose(part->fp);
+ part->fp = NULL;
+ }
+ /* FALLTHROUGH */
+ case CURL_READFUNC_ABORT:
+ case CURL_READFUNC_PAUSE:
+ case READ_ERROR:
+ return cursize? cursize: sz;
+ }
+ break;
+ case MIMESTATE_END:
+ return cursize;
+ default:
+ break; /* Other values not in part state. */
+ }
+
+ /* Bump buffer and counters according to read size. */
+ cursize += sz;
+ buffer += sz;
+ bufsize -= sz;
+ }
+
+#ifdef CURL_DOES_CONVERSIONS
+ if(part->easy && convbuf < buffer &&
+ part->state.state < MIMESTATE_BODY) {
+ CURLcode result = Curl_convert_to_network(part->easy, convbuf,
+ buffer - convbuf);
+ if(result)
+ return READ_ERROR;
+ }
+#endif
+
+ return cursize;
+}
+
+/* Readback from mime. */
+static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems,
+ void *instream)
+{
+ curl_mime *mime = (curl_mime *) instream;
+ size_t cursize = 0;
+ size_t sz;
+ curl_mimepart *part;
+#ifdef CURL_DOES_CONVERSIONS
+ char *convbuf = buffer;
+#endif
+
+ (void) size; /* Always 1. */
+
+ while(nitems) {
+ sz = 0;
+ part = mime->state.ptr;
+ switch(mime->state.state) {
+ case MIMESTATE_BEGIN:
+ case MIMESTATE_BODY:
+#ifdef CURL_DOES_CONVERSIONS
+ convbuf = buffer;
+#endif
+ mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, mime->firstpart);
+ /* The first boundary always follows the header termination empty line,
+ so is always preceded by a CRLK. We can then spare 2 characters
+ by skipping the leading CRLF in boundary. */
+ mime->state.offset += 2;
+ break;
+ case MIMESTATE_BOUNDARY1:
+ sz = readback_bytes(&mime->state, buffer, nitems, "\r\n--", 4, "");
+ if(!sz)
+ mimesetstate(&mime->state, MIMESTATE_BOUNDARY2, part);
+ break;
+ case MIMESTATE_BOUNDARY2:
+ sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary,
+ strlen(mime->boundary), part? "\r\n": "--\r\n");
+ if(!sz) {
+#ifdef CURL_DOES_CONVERSIONS
+ if(mime->easy && convbuf < buffer) {
+ CURLcode result = Curl_convert_to_network(mime->easy, convbuf,
+ buffer - convbuf);
+ if(result)
+ return READ_ERROR;
+ convbuf = buffer;
+ }
+#endif
+ mimesetstate(&mime->state, MIMESTATE_CONTENT, part);
+ }
+ break;
+ case MIMESTATE_CONTENT:
+ if(!part) {
+ mimesetstate(&mime->state, MIMESTATE_END, NULL);
+ break;
+ }
+ sz = readback_part(part, buffer, nitems);
+ switch(sz) {
+ case CURL_READFUNC_ABORT:
+ case CURL_READFUNC_PAUSE:
+ case READ_ERROR:
+ return cursize? cursize: sz;
+ case 0:
+#ifdef CURL_DOES_CONVERSIONS
+ convbuf = buffer;
+#endif
+ mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, part->nextpart);
+ break;
+ }
+ break;
+ case MIMESTATE_END:
+ return cursize;
+ default:
+ break; /* other values not used in mime state. */
+ }
+
+ /* Bump buffer and counters according to read size. */
+ cursize += sz;
+ buffer += sz;
+ nitems -= sz;
+ }
+
+#ifdef CURL_DOES_CONVERSIONS
+ if(mime->easy && convbuf < buffer &&
+ mime->state.state <= MIMESTATE_CONTENT) {
+ CURLcode result = Curl_convert_to_network(mime->easy, convbuf,
+ buffer - convbuf);
+ if(result)
+ return READ_ERROR;
+ }
+#endif
+
+ return cursize;
+}
+
+static int mime_part_rewind(curl_mimepart *part)
+{
+ int res = CURL_SEEKFUNC_OK;
+ enum mimestate targetstate = MIMESTATE_BEGIN;
+
+ if(part->flags & MIME_BODY_ONLY)
+ targetstate = MIMESTATE_BODY;
+ cleanup_encoder_state(&part->encstate);
+ if(part->state.state > targetstate) {
+ res = CURL_SEEKFUNC_CANTSEEK;
+ if(part->seekfunc) {
+ res = part->seekfunc(part->arg, (curl_off_t) 0, SEEK_SET);
+ switch(res) {
+ case CURL_SEEKFUNC_OK:
+ case CURL_SEEKFUNC_FAIL:
+ case CURL_SEEKFUNC_CANTSEEK:
+ break;
+ case -1: /* For fseek() error. */
+ res = CURL_SEEKFUNC_CANTSEEK;
+ break;
+ default:
+ res = CURL_SEEKFUNC_FAIL;
+ break;
+ }
+ }
+ }
+
+ if(res == CURL_SEEKFUNC_OK)
+ mimesetstate(&part->state, targetstate, NULL);
+
+ return res;
+}
+
+static int mime_subparts_seek(void *instream, curl_off_t offset, int whence)
+{
+ curl_mime *mime = (curl_mime *) instream;
+ curl_mimepart *part;
+ int result = CURL_SEEKFUNC_OK;
+ int res;
+
+ if(whence != SEEK_SET || offset)
+ return CURL_SEEKFUNC_CANTSEEK; /* Only support full rewind. */
+
+ if(mime->state.state == MIMESTATE_BEGIN)
+ return CURL_SEEKFUNC_OK; /* Already rewound. */
+
+ for(part = mime->firstpart; part; part = part->nextpart) {
+ res = mime_part_rewind(part);
+ if(res != CURL_SEEKFUNC_OK)
+ result = res;
+ }
+
+ if(result == CURL_SEEKFUNC_OK)
+ mimesetstate(&mime->state, MIMESTATE_BEGIN, NULL);
+
+ return result;
+}
+
+/* Release part content. */
+static void cleanup_part_content(curl_mimepart *part)
+{
+ if(part->freefunc)
+ part->freefunc(part->arg);
+
+ part->readfunc = NULL;
+ part->seekfunc = NULL;
+ part->freefunc = NULL;
+ part->arg = (void *) part; /* Defaults to part itself. */
+ part->data = NULL;
+ part->fp = NULL;
+ part->datasize = (curl_off_t) 0; /* No size yet. */
+ cleanup_encoder_state(&part->encstate);
+ part->kind = MIMEKIND_NONE;
+}
+
+static void mime_subparts_free(void *ptr)
+{
+ curl_mime *mime = (curl_mime *) ptr;
+
+ if(mime && mime->parent) {
+ mime->parent->freefunc = NULL; /* Be sure we won't be called again. */
+ cleanup_part_content(mime->parent); /* Avoid dangling pointer in part. */
+ }
+ curl_mime_free(mime);
+}
+
+/* Do not free subparts: unbind them. This is used for the top level only. */
+static void mime_subparts_unbind(void *ptr)
+{
+ curl_mime *mime = (curl_mime *) ptr;
+
+ if(mime && mime->parent) {
+ mime->parent->freefunc = NULL; /* Be sure we won't be called again. */
+ cleanup_part_content(mime->parent); /* Avoid dangling pointer in part. */
+ mime->parent = NULL;
+ }
+}
+
+
+void Curl_mime_cleanpart(curl_mimepart *part)
+{
+ cleanup_part_content(part);
+ curl_slist_free_all(part->curlheaders);
+ if(part->flags & MIME_USERHEADERS_OWNER)
+ curl_slist_free_all(part->userheaders);
+ Curl_safefree(part->mimetype);
+ Curl_safefree(part->name);
+ Curl_safefree(part->filename);
+ Curl_mime_initpart(part, part->easy);
+}
+
+/* Recursively delete a mime handle and its parts. */
+void curl_mime_free(curl_mime *mime)
+{
+ curl_mimepart *part;
+
+ if(mime) {
+ mime_subparts_unbind(mime); /* Be sure it's not referenced anymore. */
+ while(mime->firstpart) {
+ part = mime->firstpart;
+ mime->firstpart = part->nextpart;
+ Curl_mime_cleanpart(part);
+ free(part);
+ }
+
+ free(mime->boundary);
+ free(mime);
+ }
+}
+
+/*
+ * Mime build functions.
+ */
+
+/* Create a mime handle. */
+curl_mime *curl_mime_init(struct Curl_easy *easy)
+{
+ curl_mime *mime;
+
+ mime = (curl_mime *) malloc(sizeof *mime);
+
+ if(mime) {
+ mime->easy = easy;
+ mime->parent = NULL;
+ mime->firstpart = NULL;
+ mime->lastpart = NULL;
+
+ /* Get a part boundary. */
+ mime->boundary = malloc(24 + MIME_RAND_BOUNDARY_CHARS + 1);
+ if(!mime->boundary) {
+ free(mime);
+ return NULL;
+ }
+
+ memset(mime->boundary, '-', 24);
+ Curl_rand_hex(easy, (unsigned char *) mime->boundary + 24,
+ MIME_RAND_BOUNDARY_CHARS + 1);
+ mimesetstate(&mime->state, MIMESTATE_BEGIN, NULL);
+ }
+
+ return mime;
+}
+
+/* Initialize a mime part. */
+void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy)
+{
+ memset((char *) part, 0, sizeof *part);
+ part->easy = easy;
+ mimesetstate(&part->state, MIMESTATE_BEGIN, NULL);
+}
+
+/* Create a mime part and append it to a mime handle's part list. */
+curl_mimepart *curl_mime_addpart(curl_mime *mime)
+{
+ curl_mimepart *part;
+
+ if(!mime)
+ return NULL;
+
+ part = (curl_mimepart *) malloc(sizeof *part);
+
+ if(part) {
+ Curl_mime_initpart(part, mime->easy);
+ part->parent = mime;
+
+ if(mime->lastpart)
+ mime->lastpart->nextpart = part;
+ else
+ mime->firstpart = part;
+
+ mime->lastpart = part;
+ }
+
+ return part;
+}
+
+/* Set mime part name. */
+CURLcode curl_mime_name(curl_mimepart *part, const char *name)
+{
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ Curl_safefree(part->name);
+ part->name = NULL;
+
+ if(name) {
+ part->name = strdup(name);
+ if(!part->name)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ return CURLE_OK;
+}
+
+/* Set mime part remote file name. */
+CURLcode curl_mime_filename(curl_mimepart *part, const char *filename)
+{
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ Curl_safefree(part->filename);
+ part->filename = NULL;
+
+ if(filename) {
+ part->filename = strdup(filename);
+ if(!part->filename)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ return CURLE_OK;
+}
+
+/* Set mime part content from memory data. */
+CURLcode curl_mime_data(curl_mimepart *part,
+ const char *data, size_t datasize)
+{
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ cleanup_part_content(part);
+
+ if(data) {
+ if(datasize == CURL_ZERO_TERMINATED)
+ datasize = strlen(data);
+
+ part->data = malloc(datasize + 1);
+ if(!part->data)
+ return CURLE_OUT_OF_MEMORY;
+
+ part->datasize = datasize;
+
+ if(datasize)
+ memcpy(part->data, data, datasize);
+ part->data[datasize] = '\0'; /* Set a nul terminator as sentinel. */
+
+ part->readfunc = mime_mem_read;
+ part->seekfunc = mime_mem_seek;
+ part->freefunc = mime_mem_free;
+ part->kind = MIMEKIND_DATA;
+ }
+
+ return CURLE_OK;
+}
+
+/* Set mime part content from named local file. */
+CURLcode curl_mime_filedata(curl_mimepart *part, const char *filename)
+{
+ CURLcode result = CURLE_OK;
+ char *base;
+
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ cleanup_part_content(part);
+
+ if(filename) {
+ struct_stat sbuf;
+
+ if(stat(filename, &sbuf) || access(filename, R_OK))
+ result = CURLE_READ_ERROR;
+
+ part->data = strdup(filename);
+ if(!part->data)
+ result = CURLE_OUT_OF_MEMORY;
+
+ part->datasize = -1;
+ if(!result && S_ISREG(sbuf.st_mode)) {
+ part->datasize = filesize(filename, sbuf);
+ part->seekfunc = mime_file_seek;
+ }
+
+ part->readfunc = mime_file_read;
+ part->freefunc = mime_file_free;
+ part->kind = MIMEKIND_FILE;
+
+ /* As a side effect, set the filename to the current file's base name.
+ It is possible to withdraw this by explicitly calling
+ curl_mime_filename() with a NULL filename argument after the current
+ call. */
+ base = strippath(filename);
+ if(!base)
+ result = CURLE_OUT_OF_MEMORY;
+ else {
+ CURLcode res = curl_mime_filename(part, base);
+
+ if(res)
+ result = res;
+ free(base);
+ }
+ }
+ return result;
+}
+
+/* Set mime part type. */
+CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype)
+{
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ Curl_safefree(part->mimetype);
+ part->mimetype = NULL;
+
+ if(mimetype) {
+ part->mimetype = strdup(mimetype);
+ if(!part->mimetype)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ return CURLE_OK;
+}
+
+/* Set mime data transfer encoder. */
+CURLcode curl_mime_encoder(curl_mimepart *part, const char *encoding)
+{
+ CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
+ const mime_encoder *mep;
+
+ if(!part)
+ return result;
+
+ part->encoder = NULL;
+
+ if(!encoding)
+ return CURLE_OK; /* Removing current encoder. */
+
+ for(mep = encoders; mep->name; mep++)
+ if(strcasecompare(encoding, mep->name)) {
+ part->encoder = mep;
+ result = CURLE_OK;
+ }
+
+ return result;
+}
+
+/* Set mime part headers. */
+CURLcode curl_mime_headers(curl_mimepart *part,
+ struct curl_slist *headers, int take_ownership)
+{
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ if(part->flags & MIME_USERHEADERS_OWNER) {
+ if(part->userheaders != headers) /* Allow setting twice the same list. */
+ curl_slist_free_all(part->userheaders);
+ part->flags &= ~MIME_USERHEADERS_OWNER;
+ }
+ part->userheaders = headers;
+ if(headers && take_ownership)
+ part->flags |= MIME_USERHEADERS_OWNER;
+ return CURLE_OK;
+}
+
+/* Set mime part content from callback. */
+CURLcode curl_mime_data_cb(curl_mimepart *part, curl_off_t datasize,
+ curl_read_callback readfunc,
+ curl_seek_callback seekfunc,
+ curl_free_callback freefunc, void *arg)
+{
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ cleanup_part_content(part);
+
+ if(readfunc) {
+ part->readfunc = readfunc;
+ part->seekfunc = seekfunc;
+ part->freefunc = freefunc;
+ part->arg = arg;
+ part->datasize = datasize;
+ part->kind = MIMEKIND_CALLBACK;
+ }
+
+ return CURLE_OK;
+}
+
+/* Set mime part content from subparts. */
+CURLcode Curl_mime_set_subparts(curl_mimepart *part,
+ curl_mime *subparts, int take_ownership)
+{
+ curl_mime *root;
+
+ if(!part)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ /* Accept setting twice the same subparts. */
+ if(part->kind == MIMEKIND_MULTIPART && part->arg == subparts)
+ return CURLE_OK;
+
+ cleanup_part_content(part);
+
+ if(subparts) {
+ /* Must belong to the same data handle. */
+ if(part->easy && subparts->easy && part->easy != subparts->easy)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ /* Should not have been attached already. */
+ if(subparts->parent)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ /* Should not be the part's root. */
+ root = part->parent;
+ if(root) {
+ while(root->parent && root->parent->parent)
+ root = root->parent->parent;
+ if(subparts == root) {
+ if(part->easy)
+ failf(part->easy, "Can't add itself as a subpart!");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ }
+
+ subparts->parent = part;
+ part->readfunc = mime_subparts_read;
+ part->seekfunc = mime_subparts_seek;
+ part->freefunc = take_ownership? mime_subparts_free: mime_subparts_unbind;
+ part->arg = subparts;
+ part->datasize = -1;
+ part->kind = MIMEKIND_MULTIPART;
+ }
+
+ return CURLE_OK;
+}
+
+CURLcode curl_mime_subparts(curl_mimepart *part, curl_mime *subparts)
+{
+ return Curl_mime_set_subparts(part, subparts, TRUE);
+}
+
+
+/* Readback from top mime. */
+/* Argument is the dummy top part. */
+size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream)
+{
+ curl_mimepart *part = (curl_mimepart *) instream;
+
+ (void) size; /* Always 1. */
+ return readback_part(part, buffer, nitems);
+}
+
+/* Rewind mime stream. */
+CURLcode Curl_mime_rewind(curl_mimepart *part)
+{
+ return mime_part_rewind(part) == CURL_SEEKFUNC_OK?
+ CURLE_OK: CURLE_SEND_FAIL_REWIND;
+}
+
+/* Compute header list size. */
+static size_t slist_size(struct curl_slist *s,
+ size_t overhead, const char *skip)
+{
+ size_t size = 0;
+ size_t skiplen = skip? strlen(skip): 0;
+
+ for(; s; s = s->next)
+ if(!skip || !match_header(s, skip, skiplen))
+ size += strlen(s->data) + overhead;
+ return size;
+}
+
+/* Get/compute multipart size. */
+static curl_off_t multipart_size(curl_mime *mime)
+{
+ curl_off_t size;
+ curl_off_t sz;
+ size_t boundarysize;
+ curl_mimepart *part;
+
+ if(!mime)
+ return 0; /* Not present -> empty. */
+
+ boundarysize = 4 + strlen(mime->boundary) + 2;
+ size = boundarysize; /* Final boundary - CRLF after headers. */
+
+ for(part = mime->firstpart; part; part = part->nextpart) {
+ sz = Curl_mime_size(part);
+
+ if(sz < 0)
+ size = sz;
+
+ if(size >= 0)
+ size += boundarysize + sz;
+ }
+
+ return size;
+}
+
+/* Get/compute mime size. */
+curl_off_t Curl_mime_size(curl_mimepart *part)
+{
+ curl_off_t size;
+
+ if(part->kind == MIMEKIND_MULTIPART)
+ part->datasize = multipart_size(part->arg);
+
+ size = part->datasize;
+
+ if(part->encoder)
+ size = part->encoder->sizefunc(part);
+
+ if(size >= 0 && !(part->flags & MIME_BODY_ONLY)) {
+ /* Compute total part size. */
+ size += slist_size(part->curlheaders, 2, NULL);
+ size += slist_size(part->userheaders, 2, "Content-Type");
+ size += 2; /* CRLF after headers. */
+ }
+ return size;
+}
+
+/* Add a header. */
+/* VARARGS2 */
+CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...)
+{
+ struct curl_slist *hdr = NULL;
+ char *s = NULL;
+ va_list ap;
+
+ va_start(ap, fmt);
+ s = curl_mvaprintf(fmt, ap);
+ va_end(ap);
+
+ if(s) {
+ hdr = Curl_slist_append_nodup(*slp, s);
+ if(hdr)
+ *slp = hdr;
+ else
+ free(s);
+ }
+
+ return hdr? CURLE_OK: CURLE_OUT_OF_MEMORY;
+}
+
+/* Add a content type header. */
+static CURLcode add_content_type(struct curl_slist **slp,
+ const char *type, const char *boundary)
+{
+ return Curl_mime_add_header(slp, "Content-Type: %s%s%s", type,
+ boundary? "; boundary=": "",
+ boundary? boundary: "");
+}
+
+
+static const char *ContentTypeForFilename(const char *filename)
+{
+ unsigned int i;
+
+ /*
+ * If no content type was specified, we scan through a few well-known
+ * extensions and pick the first we match!
+ */
+ struct ContentType {
+ const char *extension;
+ const char *type;
+ };
+ static const struct ContentType ctts[] = {
+ {".gif", "image/gif"},
+ {".jpg", "image/jpeg"},
+ {".jpeg", "image/jpeg"},
+ {".png", "image/png"},
+ {".svg", "image/svg+xml"},
+ {".txt", "text/plain"},
+ {".htm", "text/html"},
+ {".html", "text/html"},
+ {".pdf", "application/pdf"},
+ {".xml", "application/xml"}
+ };
+
+ if(filename) {
+ size_t len1 = strlen(filename);
+ const char *nameend = filename + len1;
+
+ for(i = 0; i < sizeof ctts / sizeof ctts[0]; i++) {
+ size_t len2 = strlen(ctts[i].extension);
+
+ if(len1 >= len2 && strcasecompare(nameend - len2, ctts[i].extension))
+ return ctts[i].type;
+ }
+ }
+ return NULL;
+}
+
+CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
+ const char *contenttype,
+ const char *disposition,
+ enum mimestrategy strategy)
+{
+ curl_mime *mime = NULL;
+ const char *boundary = NULL;
+ char *customct;
+ const char *cte = NULL;
+ CURLcode ret = CURLE_OK;
+
+ /* Get rid of previously prepared headers. */
+ curl_slist_free_all(part->curlheaders);
+ part->curlheaders = NULL;
+
+ /* Be sure we won't access old headers later. */
+ if(part->state.state == MIMESTATE_CURLHEADERS)
+ mimesetstate(&part->state, MIMESTATE_CURLHEADERS, NULL);
+
+ /* Check if content type is specified. */
+ customct = part->mimetype;
+ if(!customct)
+ customct = search_header(part->userheaders, "Content-Type");
+ if(customct)
+ contenttype = customct;
+
+ /* If content type is not specified, try to determine it. */
+ if(!contenttype) {
+ switch(part->kind) {
+ case MIMEKIND_MULTIPART:
+ contenttype = MULTIPART_CONTENTTYPE_DEFAULT;
+ break;
+ case MIMEKIND_FILE:
+ contenttype = ContentTypeForFilename(part->filename);
+ if(!contenttype)
+ contenttype = ContentTypeForFilename(part->data);
+ if(!contenttype && part->filename)
+ contenttype = FILE_CONTENTTYPE_DEFAULT;
+ break;
+ default:
+ contenttype = ContentTypeForFilename(part->filename);
+ break;
+ }
+ }
+
+ if(part->kind == MIMEKIND_MULTIPART) {
+ mime = (curl_mime *) part->arg;
+ if(mime)
+ boundary = mime->boundary;
+ }
+ else if(contenttype && !customct &&
+ strcasecompare(contenttype, "text/plain"))
+ if(strategy == MIMESTRATEGY_MAIL || !part->filename)
+ contenttype = NULL;
+
+ /* Issue content-disposition header only if not already set by caller. */
+ if(!search_header(part->userheaders, "Content-Disposition")) {
+ if(!disposition)
+ if(part->filename || part->name ||
+ (contenttype && !strncasecompare(contenttype, "multipart/", 10)))
+ disposition = DISPOSITION_DEFAULT;
+ if(disposition && curl_strequal(disposition, "attachment") &&
+ !part->name && !part->filename)
+ disposition = NULL;
+ if(disposition) {
+ char *name = NULL;
+ char *filename = NULL;
+
+ if(part->name) {
+ name = escape_string(part->name);
+ if(!name)
+ ret = CURLE_OUT_OF_MEMORY;
+ }
+ if(!ret && part->filename) {
+ filename = escape_string(part->filename);
+ if(!filename)
+ ret = CURLE_OUT_OF_MEMORY;
+ }
+ if(!ret)
+ ret = Curl_mime_add_header(&part->curlheaders,
+ "Content-Disposition: %s%s%s%s%s%s%s",
+ disposition,
+ name? "; name=\"": "",
+ name? name: "",
+ name? "\"": "",
+ filename? "; filename=\"": "",
+ filename? filename: "",
+ filename? "\"": "");
+ Curl_safefree(name);
+ Curl_safefree(filename);
+ if(ret)
+ return ret;
+ }
+ }
+
+ /* Issue Content-Type header. */
+ if(contenttype) {
+ ret = add_content_type(&part->curlheaders, contenttype, boundary);
+ if(ret)
+ return ret;
+ }
+
+ /* Content-Transfer-Encoding header. */
+ if(!search_header(part->userheaders, "Content-Transfer-Encoding")) {
+ if(part->encoder)
+ cte = part->encoder->name;
+ else if(contenttype && strategy == MIMESTRATEGY_MAIL &&
+ part->kind != MIMEKIND_MULTIPART)
+ cte = "8bit";
+ if(cte) {
+ ret = Curl_mime_add_header(&part->curlheaders,
+ "Content-Transfer-Encoding: %s", cte);
+ if(ret)
+ return ret;
+ }
+ }
+
+ /* If we were reading curl-generated headers, restart with new ones (this
+ should not occur). */
+ if(part->state.state == MIMESTATE_CURLHEADERS)
+ mimesetstate(&part->state, MIMESTATE_CURLHEADERS, part->curlheaders);
+
+ /* Process subparts. */
+ if(part->kind == MIMEKIND_MULTIPART && mime) {
+ curl_mimepart *subpart;
+
+ disposition = NULL;
+ if(strcasecompare(contenttype, "multipart/form-data"))
+ disposition = "form-data";
+ for(subpart = mime->firstpart; subpart; subpart = subpart->nextpart) {
+ ret = Curl_mime_prepare_headers(subpart, NULL, disposition, strategy);
+ if(ret)
+ return ret;
+ }
+ }
+ return ret;
+}
+
+#else /* !CURL_DISABLE_HTTP || !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */
+
+/* Mime not compiled in: define stubs for externally-referenced functions. */
+curl_mime *curl_mime_init(CURL *easy)
+{
+ (void) easy;
+ return NULL;
+}
+
+void curl_mime_free(curl_mime *mime)
+{
+ (void) mime;
+}
+
+curl_mimepart *curl_mime_addpart(curl_mime *mime)
+{
+ (void) mime;
+ return NULL;
+}
+
+CURLcode curl_mime_name(curl_mimepart *part, const char *name)
+{
+ (void) part;
+ (void) name;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_filename(curl_mimepart *part, const char *filename)
+{
+ (void) part;
+ (void) filename;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype)
+{
+ (void) part;
+ (void) mimetype;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_encoder(curl_mimepart *part, const char *encoding)
+{
+ (void) part;
+ (void) encoding;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_data(curl_mimepart *part,
+ const char *data, size_t datasize)
+{
+ (void) part;
+ (void) data;
+ (void) datasize;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_filedata(curl_mimepart *part, const char *filename)
+{
+ (void) part;
+ (void) filename;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_data_cb(curl_mimepart *part,
+ curl_off_t datasize,
+ curl_read_callback readfunc,
+ curl_seek_callback seekfunc,
+ curl_free_callback freefunc,
+ void *arg)
+{
+ (void) part;
+ (void) datasize;
+ (void) readfunc;
+ (void) seekfunc;
+ (void) freefunc;
+ (void) arg;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_subparts(curl_mimepart *part, curl_mime *subparts)
+{
+ (void) part;
+ (void) subparts;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode curl_mime_headers(curl_mimepart *part,
+ struct curl_slist *headers, int take_ownership)
+{
+ (void) part;
+ (void) headers;
+ (void) take_ownership;
+ return CURLE_NOT_BUILT_IN;
+}
+
+void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy)
+{
+ (void) part;
+ (void) easy;
+}
+
+void Curl_mime_cleanpart(curl_mimepart *part)
+{
+ (void) part;
+}
+
+CURLcode Curl_mime_set_subparts(curl_mimepart *part,
+ curl_mime *subparts, int take_ownership)
+{
+ (void) part;
+ (void) subparts;
+ (void) take_ownership;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
+ const char *contenttype,
+ const char *disposition,
+ enum mimestrategy strategy)
+{
+ (void) part;
+ (void) contenttype;
+ (void) disposition;
+ (void) strategy;
+ return CURLE_NOT_BUILT_IN;
+}
+
+curl_off_t Curl_mime_size(curl_mimepart *part)
+{
+ (void) part;
+ return (curl_off_t) -1;
+}
+
+size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream)
+{
+ (void) buffer;
+ (void) size;
+ (void) nitems;
+ (void) instream;
+ return 0;
+}
+
+CURLcode Curl_mime_rewind(curl_mimepart *part)
+{
+ (void) part;
+ return CURLE_NOT_BUILT_IN;
+}
+
+/* VARARGS2 */
+CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...)
+{
+ (void) slp;
+ (void) fmt;
+ return CURLE_NOT_BUILT_IN;
+}
+
+#endif /* !CURL_DISABLE_HTTP || !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */
diff --git a/libs/libcurl/src/mime.h b/libs/libcurl/src/mime.h
new file mode 100644
index 0000000000..7827f74126
--- /dev/null
+++ b/libs/libcurl/src/mime.h
@@ -0,0 +1,137 @@
+#ifndef HEADER_CURL_MIME_H
+#define HEADER_CURL_MIME_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#define MIME_RAND_BOUNDARY_CHARS 16 /* Nb. of random boundary chars. */
+#define MAX_ENCODED_LINE_LENGTH 76 /* Maximum encoded line length. */
+#define ENCODING_BUFFER_SIZE 256 /* Encoding temp buffers size. */
+
+/* Part flags. */
+#define MIME_USERHEADERS_OWNER (1 << 0)
+#define MIME_BODY_ONLY (1 << 1)
+
+/* Part source kinds. */
+enum mimekind {
+ MIMEKIND_NONE = 0, /* Part not set. */
+ MIMEKIND_DATA, /* Allocated mime data. */
+ MIMEKIND_FILE, /* Data from file. */
+ MIMEKIND_CALLBACK, /* Data from `read' callback. */
+ MIMEKIND_MULTIPART, /* Data is a mime subpart. */
+ MIMEKIND_LAST
+};
+
+/* Readback state tokens. */
+enum mimestate {
+ MIMESTATE_BEGIN, /* Readback has not yet started. */
+ MIMESTATE_CURLHEADERS, /* In curl-generated headers. */
+ MIMESTATE_USERHEADERS, /* In caller's supplied headers. */
+ MIMESTATE_EOH, /* End of headers. */
+ MIMESTATE_BODY, /* Placeholder. */
+ MIMESTATE_BOUNDARY1, /* In boundary prefix. */
+ MIMESTATE_BOUNDARY2, /* In boundary. */
+ MIMESTATE_CONTENT, /* In content. */
+ MIMESTATE_END, /* End of part reached. */
+ MIMESTATE_LAST
+};
+
+/* Mime headers strategies. */
+enum mimestrategy {
+ MIMESTRATEGY_MAIL, /* Mime mail. */
+ MIMESTRATEGY_FORM, /* HTTP post form. */
+ MIMESTRATEGY_LAST
+};
+
+/* Content transfer encoder. */
+typedef struct {
+ const char * name; /* Encoding name. */
+ size_t (*encodefunc)(char *buffer, size_t size, bool ateof,
+ curl_mimepart *part); /* Encoded read. */
+ curl_off_t (*sizefunc)(curl_mimepart *part); /* Encoded size. */
+} mime_encoder;
+
+/* Content transfer encoder state. */
+typedef struct {
+ size_t pos; /* Position on output line. */
+ size_t bufbeg; /* Next data index in input buffer. */
+ size_t bufend; /* First unused byte index in input buffer. */
+ char buf[ENCODING_BUFFER_SIZE]; /* Input buffer. */
+} mime_encoder_state;
+
+/* Mime readback state. */
+typedef struct {
+ enum mimestate state; /* Current state token. */
+ void *ptr; /* State-dependent pointer. */
+ size_t offset; /* State-dependent offset. */
+} mime_state;
+
+/* A mime multipart. */
+struct curl_mime_s {
+ struct Curl_easy *easy; /* The associated easy handle. */
+ curl_mimepart *parent; /* Parent part. */
+ curl_mimepart *firstpart; /* First part. */
+ curl_mimepart *lastpart; /* Last part. */
+ char *boundary; /* The part boundary. */
+ mime_state state; /* Current readback state. */
+};
+
+/* A mime part. */
+struct curl_mimepart_s {
+ struct Curl_easy *easy; /* The associated easy handle. */
+ curl_mime *parent; /* Parent mime structure. */
+ curl_mimepart *nextpart; /* Forward linked list. */
+ enum mimekind kind; /* The part kind. */
+ char *data; /* Memory data or file name. */
+ curl_read_callback readfunc; /* Read function. */
+ curl_seek_callback seekfunc; /* Seek function. */
+ curl_free_callback freefunc; /* Argument free function. */
+ void *arg; /* Argument to callback functions. */
+ FILE *fp; /* File pointer. */
+ struct curl_slist *curlheaders; /* Part headers. */
+ struct curl_slist *userheaders; /* Part headers. */
+ char *mimetype; /* Part mime type. */
+ char *filename; /* Remote file name. */
+ char *name; /* Data name. */
+ curl_off_t datasize; /* Expected data size. */
+ unsigned int flags; /* Flags. */
+ mime_state state; /* Current readback state. */
+ const mime_encoder *encoder; /* Content data encoder. */
+ mime_encoder_state encstate; /* Data encoder state. */
+};
+
+
+/* Prototypes. */
+void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy);
+void Curl_mime_cleanpart(curl_mimepart *part);
+CURLcode Curl_mime_set_subparts(curl_mimepart *part,
+ curl_mime *subparts, int take_ownership);
+CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
+ const char *contenttype,
+ const char *disposition,
+ enum mimestrategy strategy);
+curl_off_t Curl_mime_size(curl_mimepart *part);
+size_t Curl_mime_read(char *buffer, size_t size, size_t nitems,
+ void *instream);
+CURLcode Curl_mime_rewind(curl_mimepart *part);
+CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...);
+
+#endif /* HEADER_CURL_MIME_H */
diff --git a/libs/libcurl/src/mk-ca-bundle.pl b/libs/libcurl/src/mk-ca-bundle.pl
index 18dc156905..dcfec0bb66 100644
--- a/libs/libcurl/src/mk-ca-bundle.pl
+++ b/libs/libcurl/src/mk-ca-bundle.pl
@@ -6,11 +6,11 @@
# * | (__| |_| | _ <| |___
# * \___|\___/|_| \_\_____|
# *
-# * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
# *
# * This software is licensed as described in the file COPYING, which
# * you should have received as part of this distribution. The terms
-# * are also available at http://curl.haxx.se/docs/copyright.html.
+# * are also available at https://curl.haxx.se/docs/copyright.html.
# *
# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
# * copies of the Software, and permit persons to whom the Software is
@@ -30,47 +30,262 @@
# dependency is the OpenSSL commandline tool for optional text listing.
# Hacked by Guenter Knauf.
#
+use Encode;
use Getopt::Std;
use MIME::Base64;
-use LWP::UserAgent;
use strict;
-use vars qw($opt_b $opt_f $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v);
+use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_k $opt_l $opt_m $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w);
+use List::Util;
+use Text::Wrap;
+my $MOD_SHA = "Digest::SHA";
+eval "require $MOD_SHA";
+if ($@) {
+ $MOD_SHA = "Digest::SHA::PurePerl";
+ eval "require $MOD_SHA";
+}
+eval "require LWP::UserAgent";
+
+my %urls = (
+ 'nss' =>
+ 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt',
+ 'central' =>
+ 'https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
+ 'beta' =>
+ 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
+ 'release' =>
+ 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
+);
+
+$opt_d = 'release';
-my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
# If the OpenSSL commandline is not in search path you can configure it here!
my $openssl = 'openssl';
-my $version = '1.17';
+my $version = '1.27';
+
+$opt_w = 76; # default base64 encoded lines length
+
+# default cert types to include in the output (default is to include CAs which may issue SSL server certs)
+my $default_mozilla_trust_purposes = "SERVER_AUTH";
+my $default_mozilla_trust_levels = "TRUSTED_DELEGATOR";
+$opt_p = $default_mozilla_trust_purposes . ":" . $default_mozilla_trust_levels;
+
+my @valid_mozilla_trust_purposes = (
+ "DIGITAL_SIGNATURE",
+ "NON_REPUDIATION",
+ "KEY_ENCIPHERMENT",
+ "DATA_ENCIPHERMENT",
+ "KEY_AGREEMENT",
+ "KEY_CERT_SIGN",
+ "CRL_SIGN",
+ "SERVER_AUTH",
+ "CLIENT_AUTH",
+ "CODE_SIGNING",
+ "EMAIL_PROTECTION",
+ "IPSEC_END_SYSTEM",
+ "IPSEC_TUNNEL",
+ "IPSEC_USER",
+ "TIME_STAMPING",
+ "STEP_UP_APPROVED"
+);
+
+my @valid_mozilla_trust_levels = (
+ "TRUSTED_DELEGATOR", # CAs
+ "NOT_TRUSTED", # Don't trust these certs.
+ "MUST_VERIFY_TRUST", # This explicitly tells us that it ISN'T a CA but is otherwise ok. In other words, this should tell the app to ignore any other sources that claim this is a CA.
+ "TRUSTED" # This cert is trusted, but only for itself and not for delegates (i.e. it is not a CA).
+);
-getopts('bfhilnqtuv');
+my $default_signature_algorithms = $opt_s = "MD5";
+
+my @valid_signature_algorithms = (
+ "MD5",
+ "SHA1",
+ "SHA256",
+ "SHA384",
+ "SHA512"
+);
+
+$0 =~ s@.*(/|\\)@@;
+$Getopt::Std::STANDARD_HELP_VERSION = 1;
+getopts('bd:fhiklmnp:qs:tuvw:');
+
+if(!defined($opt_d)) {
+ # to make plain "-d" use not cause warnings, and actually still work
+ $opt_d = 'release';
+}
+
+# Use predefined URL or else custom URL specified on command line.
+my $url;
+if(defined($urls{$opt_d})) {
+ $url = $urls{$opt_d};
+ if(!$opt_k && $url !~ /^https:\/\//i) {
+ die "The URL for '$opt_d' is not HTTPS. Use -k to override (insecure).\n";
+ }
+}
+else {
+ $url = $opt_d;
+}
+
+my $curl = `curl -V`;
if ($opt_i) {
print ("=" x 78 . "\n");
- print "Script Version : $version\n";
- print "Perl Version : $]\n";
- print "Operating System Name : $^O\n";
- print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n";
- print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n";
- print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n";
- print "LWP.pm Version : ${LWP::VERSION}\n";
+ print "Script Version : $version\n";
+ print "Perl Version : $]\n";
+ print "Operating System Name : $^O\n";
+ print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n";
+ print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n";
+ print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n" if($LWP::UserAgent::VERSION);
+ print "LWP.pm Version : ${LWP::VERSION}\n" if($LWP::VERSION);
+ print "Digest::SHA.pm Version : ${Digest::SHA::VERSION}\n" if ($Digest::SHA::VERSION);
+ print "Digest::SHA::PurePerl.pm Version : ${Digest::SHA::PurePerl::VERSION}\n" if ($Digest::SHA::PurePerl::VERSION);
print ("=" x 78 . "\n");
}
-$0 =~ s@.*(/|\\)@@;
-if ($opt_h) {
- printf("Usage:\t%s [-b] [-f] [-i] [-l] [-n] [-q] [-t] [-u] [-v] [<outputfile>]\n", $0);
+sub warning_message() {
+ if ( $opt_d =~ m/^risk$/i ) { # Long Form Warning and Exit
+ print "Warning: Use of this script may pose some risk:\n";
+ print "\n";
+ print " 1) If you use HTTP URLs they are subject to a man in the middle attack\n";
+ print " 2) Default to 'release', but more recent updates may be found in other trees\n";
+ print " 3) certdata.txt file format may change, lag time to update this script\n";
+ print " 4) Generally unwise to blindly trust CAs without manual review & verification\n";
+ print " 5) Mozilla apps use additional security checks aren't represented in certdata\n";
+ print " 6) Use of this script will make a security engineer grind his teeth and\n";
+ print " swear at you. ;)\n";
+ exit;
+ } else { # Short Form Warning
+ print "Warning: Use of this script may pose some risk, -d risk for more details.\n";
+ }
+}
+
+sub HELP_MESSAGE() {
+ print "Usage:\t${0} [-b] [-d<certdata>] [-f] [-i] [-k] [-l] [-n] [-p<purposes:levels>] [-q] [-s<algorithms>] [-t] [-u] [-v] [-w<l>] [<outputfile>]\n";
print "\t-b\tbackup an existing version of ca-bundle.crt\n";
+ print "\t-d\tspecify Mozilla tree to pull certdata.txt or custom URL\n";
+ print "\t\t Valid names are:\n";
+ print "\t\t ", join( ", ", map { ( $_ =~ m/$opt_d/ ) ? "$_ (default)" : "$_" } sort keys %urls ), "\n";
print "\t-f\tforce rebuild even if certdata.txt is current\n";
print "\t-i\tprint version info about used modules\n";
+ print "\t-k\tallow URLs other than HTTPS, enable HTTP fallback (insecure)\n";
print "\t-l\tprint license info about certdata.txt\n";
+ print "\t-m\tinclude meta data in output\n";
print "\t-n\tno download of certdata.txt (to use existing)\n";
+ print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n";
+ print "\t\t Valid purposes are:\n";
+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_purposes ) ), "\n";
+ print "\t\t Valid levels are:\n";
+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_levels ) ), "\n";
print "\t-q\tbe really quiet (no progress output at all)\n";
+ print wrap("\t","\t\t", "-s\tcomma separated list of certificate signatures/hashes to output in plain text mode. (default: $default_signature_algorithms)\n");
+ print "\t\t Valid signature algorithms are:\n";
+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_signature_algorithms ) ), "\n";
print "\t-t\tinclude plain text listing of certificates\n";
print "\t-u\tunlink (remove) certdata.txt after processing\n";
print "\t-v\tbe verbose and print out processed CAs\n";
+ print "\t-w <l>\twrap base64 output lines after <l> chars (default: ${opt_w})\n";
exit;
}
+sub VERSION_MESSAGE() {
+ print "${0} version ${version} running Perl ${]} on ${^O}\n";
+}
+
+warning_message() unless ($opt_q || $url =~ m/^(ht|f)tps:/i );
+HELP_MESSAGE() if ($opt_h);
+
+sub report($@) {
+ my $output = shift;
+
+ print STDERR $output . "\n" unless $opt_q;
+}
+
+sub is_in_list($@) {
+ my $target = shift;
+
+ return defined(List::Util::first { $target eq $_ } @_);
+}
+
+# Parses $param_string as a case insensitive comma separated list with optional whitespace
+# validates that only allowed parameters are supplied
+sub parse_csv_param($$@) {
+ my $description = shift;
+ my $param_string = shift;
+ my @valid_values = @_;
+
+ my @values = map {
+ s/^\s+//; # strip leading spaces
+ s/\s+$//; # strip trailing spaces
+ uc $_ # return the modified string as upper case
+ } split( ',', $param_string );
+
+ # Find all values which are not in the list of valid values or "ALL"
+ my @invalid = grep { !is_in_list($_,"ALL",@valid_values) } @values;
+
+ if ( scalar(@invalid) > 0 ) {
+ # Tell the user which parameters were invalid and print the standard help message which will exit
+ print "Error: Invalid ", $description, scalar(@invalid) == 1 ? ": " : "s: ", join( ", ", map { "\"$_\"" } @invalid ), "\n";
+ HELP_MESSAGE();
+ }
+
+ @values = @valid_values if ( is_in_list("ALL",@values) );
+
+ return @values;
+}
+
+sub sha256 {
+ my $result;
+ if ($Digest::SHA::VERSION || $Digest::SHA::PurePerl::VERSION) {
+ open(FILE, $_[0]) or die "Can't open '$_[0]': $!";
+ binmode(FILE);
+ $result = $MOD_SHA->new(256)->addfile(*FILE)->hexdigest;
+ close(FILE);
+ } else {
+ # Use OpenSSL command if Perl Digest::SHA modules not available
+ $result = `"$openssl" dgst -r -sha256 "$_[0]"`;
+ $result =~ s/^([0-9a-f]{64}) .+/$1/is;
+ }
+ return $result;
+}
+
+
+sub oldhash {
+ my $hash = "";
+ open(C, "<$_[0]") || return 0;
+ while(<C>) {
+ chomp;
+ if($_ =~ /^\#\# SHA256: (.*)/) {
+ $hash = $1;
+ last;
+ }
+ }
+ close(C);
+ return $hash;
+}
+
+if ( $opt_p !~ m/:/ ) {
+ print "Error: Mozilla trust identifier list must include both purposes and levels\n";
+ HELP_MESSAGE();
+}
+
+(my $included_mozilla_trust_purposes_string, my $included_mozilla_trust_levels_string) = split( ':', $opt_p );
+my @included_mozilla_trust_purposes = parse_csv_param( "trust purpose", $included_mozilla_trust_purposes_string, @valid_mozilla_trust_purposes );
+my @included_mozilla_trust_levels = parse_csv_param( "trust level", $included_mozilla_trust_levels_string, @valid_mozilla_trust_levels );
+
+my @included_signature_algorithms = parse_csv_param( "signature algorithm", $opt_s, @valid_signature_algorithms );
+
+sub should_output_cert(%) {
+ my %trust_purposes_by_level = @_;
+
+ foreach my $level (@included_mozilla_trust_levels) {
+ # for each level we want to output, see if any of our desired purposes are included
+ return 1 if ( defined( List::Util::first { is_in_list( $_, @included_mozilla_trust_purposes ) } @{$trust_purposes_by_level{$level}} ) );
+ }
+
+ return 0;
+}
+
my $crt = $ARGV[0] || 'ca-bundle.crt';
(my $txt = $url) =~ s@(.*/|\?.*)@@g;
@@ -78,26 +293,94 @@ my $stdout = $crt eq '-';
my $resp;
my $fetched;
-unless ($opt_n and -e $txt) {
- print STDERR "Downloading '$txt' ...\n" if (!$opt_q);
- my $ua = new LWP::UserAgent(agent => "$0/$version");
- $ua->env_proxy();
- $resp = $ua->mirror($url, $txt);
- if ($resp && $resp->code eq '304') {
- print STDERR "Not modified\n" unless $opt_q;
- exit 0 if -e $crt && !$opt_f;
- } else {
- $fetched = 1;
+my $oldhash = oldhash($crt);
+
+report "SHA256 of old file: $oldhash";
+
+if(!$opt_n) {
+ report "Downloading $txt ...";
+
+ # If we have an HTTPS URL then use curl
+ if($url =~ /^https:\/\//i) {
+ if($curl) {
+ if($curl =~ /^Protocols:.* https( |$)/m) {
+ report "Get certdata with curl!";
+ my $proto = !$opt_k ? "--proto =https" : "";
+ my $quiet = $opt_q ? "-s" : "";
+ my @out = `curl -w %{response_code} $proto $quiet -o "$txt" "$url"`;
+ if(!$? && @out && $out[0] == 200) {
+ $fetched = 1;
+ report "Downloaded $txt";
+ }
+ else {
+ report "Failed downloading via HTTPS with curl";
+ if(-e $txt && !unlink($txt)) {
+ report "Failed to remove '$txt': $!";
+ }
+ }
+ }
+ else {
+ report "curl lacks https support";
+ }
+ }
+ else {
+ report "curl not found";
+ }
}
- if( !$resp || $resp->code !~ /^(?:200|304)$/ ) {
- print STDERR "Unable to download latest data: "
- . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed") . "\n"
- unless $opt_q;
+
+ # If nothing was fetched then use LWP
+ if(!$fetched) {
+ if($url =~ /^https:\/\//i) {
+ report "Falling back to HTTP";
+ $url =~ s/^https:\/\//http:\/\//i;
+ }
+ if(!$opt_k) {
+ report "URLs other than HTTPS are disabled by default, to enable use -k";
+ exit 1;
+ }
+ report "Get certdata with LWP!";
+ if(!defined(${LWP::UserAgent::VERSION})) {
+ report "LWP is not available (LWP::UserAgent not found)";
+ exit 1;
+ }
+ my $ua = new LWP::UserAgent(agent => "$0/$version");
+ $ua->env_proxy();
+ $resp = $ua->mirror($url, $txt);
+ if($resp && $resp->code eq '304') {
+ report "Not modified";
+ exit 0 if -e $crt && !$opt_f;
+ }
+ else {
+ $fetched = 1;
+ report "Downloaded $txt";
+ }
+ if(!$resp || $resp->code !~ /^(?:200|304)$/) {
+ report "Unable to download latest data: "
+ . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed");
exit 1 if -e $crt || ! -r $txt;
+ }
}
}
-my $currentdate = scalar gmtime($fetched ? $resp->last_modified : (stat($txt))[9]);
+my $filedate = $resp ? $resp->last_modified : (stat($txt))[9];
+my $datesrc = "as of";
+if(!$filedate) {
+ # mxr.mozilla.org gave us a time, hg.mozilla.org does not!
+ $filedate = time();
+ $datesrc="downloaded on";
+}
+
+# get the hash from the download file
+my $newhash= sha256($txt);
+
+if(!$opt_f && $oldhash eq $newhash) {
+ report "Downloaded file identical to previous run\'s source file. Exiting";
+ exit;
+}
+
+report "SHA256 of new file: $newhash";
+
+my $currentdate = scalar gmtime($filedate);
my $format = $opt_t ? "plain text and " : "";
if( $stdout ) {
@@ -107,28 +390,32 @@ if( $stdout ) {
}
print CRT <<EOT;
##
-## $crt -- Bundle of CA Root Certificates
+## Bundle of CA Root Certificates
##
-## Certificate data from Mozilla as of: ${currentdate}
+## Certificate data from Mozilla ${datesrc}: ${currentdate} GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
## file (certdata.txt). This file can be found in the mozilla source tree:
-## $url
+## ${url}
##
## It contains the certificates in ${format}PEM format and therefore
## can be directly used with curl / libcurl / php_curl, or with
## an Apache+mod_ssl webserver for SSL client authentication.
## Just configure this file as the SSLCACertificateFile.
##
+## Conversion done with mk-ca-bundle.pl version $version.
+## SHA256: $newhash
+##
EOT
-print STDERR "Processing '$txt' ...\n" if (!$opt_q);
+report "Processing '$txt' ...";
my $caname;
my $certnum = 0;
my $skipnum = 0;
my $start_of_cert = 0;
+my @precert;
open(TXT,"$txt") or die "Couldn't open $txt: $!\n";
while (<TXT>) {
@@ -141,11 +428,15 @@ while (<TXT>) {
last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/);
}
}
- next if /^#|^\s*$/;
- chomp;
- if (/^CVS_ID\s+\"(.*)\"/) {
- print CRT "# $1\n";
+ elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) {
+ push @precert, $_;
+ next;
+ }
+ elsif(/^#|^\s*$/) {
+ undef @precert;
+ next;
}
+ chomp;
# this is a match for the start of a certificate
if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
@@ -154,7 +445,7 @@ while (<TXT>) {
if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) {
$caname = $1;
}
- my $untrusted = 0;
+ my %trust_purposes_by_level;
if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) {
my $data;
while (<TXT>) {
@@ -171,35 +462,75 @@ while (<TXT>) {
last if (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/);
chomp;
}
- # now scan the trust part for untrusted certs
+ # now scan the trust part to determine how we should trust this cert
while (<TXT>) {
last if (/^#/);
- if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/
- or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/) {
- $untrusted = 1;
+ if (/^CKA_TRUST_([A-Z_]+)\s+CK_TRUST\s+CKT_NSS_([A-Z_]+)\s*$/) {
+ if ( !is_in_list($1,@valid_mozilla_trust_purposes) ) {
+ report "Warning: Unrecognized trust purpose for cert: $caname. Trust purpose: $1. Trust Level: $2";
+ } elsif ( !is_in_list($2,@valid_mozilla_trust_levels) ) {
+ report "Warning: Unrecognized trust level for cert: $caname. Trust purpose: $1. Trust Level: $2";
+ } else {
+ push @{$trust_purposes_by_level{$2}}, $1;
+ }
}
}
- if ($untrusted) {
+
+ if ( !should_output_cert(%trust_purposes_by_level) ) {
$skipnum ++;
} else {
+ my $encoded = MIME::Base64::encode_base64($data, '');
+ $encoded =~ s/(.{1,${opt_w}})/$1\n/g;
my $pem = "-----BEGIN CERTIFICATE-----\n"
- . MIME::Base64::encode($data)
+ . $encoded
. "-----END CERTIFICATE-----\n";
print CRT "\n$caname\n";
- print CRT ("=" x length($caname) . "\n");
+ print CRT @precert if($opt_m);
+ my $maxStringLength = length(decode('UTF-8', $caname, Encode::FB_CROAK));
+ if ($opt_t) {
+ foreach my $key (keys %trust_purposes_by_level) {
+ my $string = $key . ": " . join(", ", @{$trust_purposes_by_level{$key}});
+ $maxStringLength = List::Util::max( length($string), $maxStringLength );
+ print CRT $string . "\n";
+ }
+ }
+ print CRT ("=" x $maxStringLength . "\n");
if (!$opt_t) {
print CRT $pem;
- }
- if ($opt_t) {
- open(TMP, "|$openssl x509 -md5 -fingerprint -text -inform PEM >> $crt") or die "Couldn't open openssl pipe: $!\n";
+ } else {
+ my $pipe = "";
+ foreach my $hash (@included_signature_algorithms) {
+ $pipe = "|$openssl x509 -" . $hash . " -fingerprint -noout -inform PEM";
+ if (!$stdout) {
+ $pipe .= " >> $crt.~";
+ close(CRT) or die "Couldn't close $crt.~: $!";
+ }
+ open(TMP, $pipe) or die "Couldn't open openssl pipe: $!";
+ print TMP $pem;
+ close(TMP) or die "Couldn't close openssl pipe: $!";
+ if (!$stdout) {
+ open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!";
+ }
+ }
+ $pipe = "|$openssl x509 -text -inform PEM";
+ if (!$stdout) {
+ $pipe .= " >> $crt.~";
+ close(CRT) or die "Couldn't close $crt.~: $!";
+ }
+ open(TMP, $pipe) or die "Couldn't open openssl pipe: $!";
print TMP $pem;
- close(TMP) or die "Couldn't close openssl pipe: $!\n";
+ close(TMP) or die "Couldn't close openssl pipe: $!";
+ if (!$stdout) {
+ open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!";
+ }
}
- print STDERR "Parsing: $caname\n" if ($opt_v);
+ report "Parsing: $caname" if ($opt_v);
$certnum ++;
$start_of_cert = 0;
}
+ undef @precert;
}
+
}
close(TXT) or die "Couldn't close $txt: $!\n";
close(CRT) or die "Couldn't close $crt.~: $!\n";
@@ -215,9 +546,7 @@ unless( $stdout ) {
}
rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n";
}
-unlink $txt if ($opt_u);
-print STDERR "Done ($certnum CA certs processed, $skipnum untrusted skipped).\n" if (!$opt_q);
-
-exit;
-
-
+if($opt_u && -e $txt && !unlink($txt)) {
+ report "Failed to remove $txt: $!\n";
+}
+report "Done ($certnum CA certs processed, $skipnum skipped).";
diff --git a/libs/libcurl/src/mk-ca-bundle.vbs b/libs/libcurl/src/mk-ca-bundle.vbs
new file mode 100644
index 0000000000..da7a577ea7
--- /dev/null
+++ b/libs/libcurl/src/mk-ca-bundle.vbs
@@ -0,0 +1,431 @@
+'***************************************************************************
+'* _ _ ____ _
+'* Project ___| | | | _ \| |
+'* / __| | | | |_) | |
+'* | (__| |_| | _ <| |___
+'* \___|\___/|_| \_\_____|
+'*
+'* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+'*
+'* This software is licensed as described in the file COPYING, which
+'* you should have received as part of this distribution. The terms
+'* are also available at https://curl.haxx.se/docs/copyright.html.
+'*
+'* You may opt to use, copy, modify, merge, publish, distribute and/or sell
+'* copies of the Software, and permit persons to whom the Software is
+'* furnished to do so, under the terms of the COPYING file.
+'*
+'* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+'* KIND, either express or implied.
+'*
+'***************************************************************************
+'* Script to fetch certdata.txt from Mozilla.org site and create a
+'* ca-bundle.crt for use with OpenSSL / libcurl / libcurl bindings
+'* Requires WinHttp.WinHttpRequest.5.1 and ADODB.Stream which are part of
+'* W2000 SP3 or later, WXP SP1 or later, W2003 Server SP1 or later.
+'* Hacked by Guenter Knauf
+'***************************************************************************
+Option Explicit
+Const myVersion = "0.4.0"
+
+Const myUrl = "https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
+
+Const myOpenSSL = "openssl.exe"
+Dim myUseOpenSSL
+myUseOpenSSL = TRUE ' Flag: TRUE to use OpenSSL. If TRUE and is not
+ ' found then a warning is shown before continuing.
+
+Const myCdSavF = TRUE ' Flag: save downloaded data to file certdata.txt
+Const myCaBakF = TRUE ' Flag: backup existing ca-bundle certificate
+Const myAskLiF = TRUE ' Flag: display certdata.txt license agreement
+Const myWrapLe = 76 ' Default length of base64 output lines
+
+' cert info code doesn't work properly with any recent openssl, leave disabled.
+' Also: we want our certificate output by default to be as similar as possible
+' to mk-ca-bundle.pl and setting this TRUE changes the base64 width to
+' OpenSSL's built-in default width, which is not the same as mk-ca-bundle.pl.
+Const myAskTiF = FALSE ' Flag: ask to include certificate text info
+
+'
+'******************* Nothing to configure below! *******************
+'
+Const adTypeBinary = 1
+Const adTypeText = 2
+Const adSaveCreateNotExist = 1
+Const adSaveCreateOverWrite = 2
+Dim objShell, objNetwork, objFSO, objHttp
+Dim myBase, mySelf, myStream, myTmpFh, myCdData, myCdFile
+Dim myCaFile, myTmpName, myBakNum, myOptTxt, i
+Set objNetwork = WScript.CreateObject("WScript.Network")
+Set objShell = WScript.CreateObject("WScript.Shell")
+Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
+Set objHttp = WScript.CreateObject("WinHttp.WinHttpRequest.5.1")
+If objHttp Is Nothing Then Set objHttp = WScript.CreateObject("WinHttp.WinHttpRequest")
+myBase = Left(WScript.ScriptFullName, InstrRev(WScript.ScriptFullName, "\"))
+mySelf = Left(WScript.ScriptName, InstrRev(WScript.ScriptName, ".") - 1) & " " & myVersion
+
+myCdFile = Mid(myUrl, InstrRev(myUrl, "/") + 1)
+myCaFile = "ca-bundle.crt"
+myTmpName = InputBox("It will take a minute to download and parse the " & _
+ "certificate data." & _
+ vbLf & vbLf & _
+ "Please enter the output filename:", mySelf, myCaFile)
+If (myTmpName = "") Then
+ WScript.Quit 1
+End If
+myCaFile = myTmpName
+If (myCdFile = "") Then
+ MsgBox("URL does not contain filename!"), vbCritical, mySelf
+ WScript.Quit 1
+End If
+
+' Don't use OpenSSL if it's not present.
+If (myUseOpenSSL = TRUE) Then
+ Dim errnum
+
+ On Error Resume Next
+ Call objShell.Run("""" & myOpenSSL & """ version", 0, TRUE)
+ errnum = Err.Number
+ On Error GoTo 0
+
+ If Not (errnum = 0) Then
+ myUseOpenSSL = FALSE
+ MsgBox("OpenSSL was not found so the certificate bundle will not " & _
+ "include the SHA256 hash of the raw certificate data file " & _
+ "that was used to generate the certificates in the bundle. " & _
+ vbLf & vbLf & _
+ "This does not have any effect on the certificate output, " & _
+ "so this script will continue." & _
+ vbLf & vbLf & _
+ "If you want to set a custom location for OpenSSL or disable " & _
+ "this message then edit the variables at the start of the " & _
+ "script."), vbInformation, mySelf
+ End If
+End If
+
+If (myAskTiF = TRUE) And (myUseOpenSSL = TRUE) Then
+ If (6 = objShell.PopUp("Do you want to include text information about " & _
+ "each certificate?" & vbLf & _
+ "(Requires OpenSSL.exe in the current directory " & _
+ "or search path)",, _
+ mySelf, vbQuestion + vbYesNo + vbDefaultButton2)) Then
+ myOptTxt = TRUE
+ Else
+ myOptTxt = FALSE
+ End If
+End If
+
+' Uncomment the line below to ignore SSL invalid cert errors
+' objHttp.Option(4) = 256 + 512 + 4096 + 8192
+objHttp.SetTimeouts 0, 5000, 10000, 10000
+objHttp.Open "GET", myUrl, FALSE
+objHttp.setRequestHeader "User-Agent", WScript.ScriptName & "/" & myVersion
+objHttp.Send ""
+If Not (objHttp.Status = 200) Then
+ MsgBox("Failed to download '" & myCdFile & "': " & objHttp.Status & " - " & objHttp.StatusText), vbCritical, mySelf
+ WScript.Quit 1
+End If
+' Write received data to file if enabled
+If (myCdSavF = TRUE) Then
+ Call SaveBinaryData(myCdFile, objHttp.ResponseBody)
+End If
+' Convert data from ResponseBody instead of using ResponseText because of UTF-8
+myCdData = ConvertBinaryToUTF8(objHttp.ResponseBody)
+Set objHttp = Nothing
+' Backup exitsing ca-bundle certificate file
+If (myCaBakF = TRUE) Then
+ If objFSO.FileExists(myCaFile) Then
+ Dim myBakFile, b
+ b = 1
+ myBakFile = myCaFile & ".~" & b & "~"
+ While objFSO.FileExists(myBakFile)
+ b = b + 1
+ myBakFile = myCaFile & ".~" & b & "~"
+ Wend
+ Set myTmpFh = objFSO.GetFile(myCaFile)
+ myTmpFh.Move myBakFile
+ End If
+End If
+
+' Process the received data
+Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts, myNumSkipped
+Dim myLabel, myOctets, myData, myPem, myRev, myUntrusted, j
+myNumSkipped = 0
+myNumCerts = 0
+myData = ""
+myLines = Split(myCdData, vbLf, -1)
+Set myStream = CreateObject("ADODB.Stream")
+myStream.Open
+myStream.Type = adTypeText
+myStream.Charset = "utf-8"
+myStream.WriteText "##" & vbLf & _
+ "## Bundle of CA Root Certificates" & vbLf & _
+ "##" & vbLf & _
+ "## Certificate data from Mozilla as of: " & _
+ ConvertDateToString(LocalDateToUTC(Now)) & " GMT" & vbLf & _
+ "##" & vbLf & _
+ "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf & _
+ "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf & _
+ "## file (certdata.txt). This file can be found in the mozilla source tree:" & vbLf & _
+ "## " & myUrl & vbLf & _
+ "##" & vbLf & _
+ "## It contains the certificates in PEM format and therefore" & vbLf & _
+ "## can be directly used with curl / libcurl / php_curl, or with" & vbLf & _
+ "## an Apache+mod_ssl webserver for SSL client authentication." & vbLf & _
+ "## Just configure this file as the SSLCACertificateFile." & vbLf & _
+ "##" & vbLf & _
+ "## Conversion done with mk-ca-bundle.vbs version " & myVersion & "." & vbLf
+If (myCdSavF = TRUE) And (myUseOpenSSL = TRUE) Then
+ myStream.WriteText "## SHA256: " & FileSHA256(myCdFile) & vbLf
+End If
+myStream.WriteText "##" & vbLf & vbLf
+
+myStream.WriteText vbLf
+For i = 0 To UBound(myLines)
+ If InstrRev(myLines(i), "CKA_LABEL ") Then
+ myPattern = "^CKA_LABEL\s+[A-Z0-9]+\s+""(.+?)"""
+ myLabel = RegExprFirst(myPattern, myLines(i))
+ End If
+ If (myInsideCert = TRUE) Then
+ If InstrRev(myLines(i), "END") Then
+ myInsideCert = FALSE
+ While (i < UBound(myLines)) And Not (myLines(i) = "#")
+ i = i + 1
+ If InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR") Then
+ myUntrusted = FALSE
+ End If
+ Wend
+ If (myUntrusted = TRUE) Then
+ myNumSkipped = myNumSkipped + 1
+ Else
+ myStream.WriteText myLabel & vbLf
+ myStream.WriteText String(Len(myLabel), "=") & vbLf
+ myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _
+ Base64Encode(myData) & vbLf & _
+ "-----END CERTIFICATE-----" & vbLf
+ If (myOptTxt = FALSE) Then
+ myStream.WriteText myPem & vbLf
+ Else
+ Dim myCmd, myRval, myTmpIn, myTmpOut
+ myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+ myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+ Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)
+ myTmpFh.Write myPem
+ myTmpFh.Close
+ myCmd = """" & myOpenSSL & """ x509 -md5 -fingerprint -text " & _
+ "-inform PEM -in " & myTmpIn & " -out " & myTmpOut
+ myRval = objShell.Run (myCmd, 0, TRUE)
+ objFSO.DeleteFile myTmpIn, TRUE
+ If Not (myRval = 0) Then
+ MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf
+ objFSO.DeleteFile myTmpOut, TRUE
+ WScript.Quit 3
+ End If
+ Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)
+ myStream.WriteText myTmpFh.ReadAll & vbLf
+ myTmpFh.Close
+ objFSO.DeleteFile myTmpOut, TRUE
+ End If
+ myNumCerts = myNumCerts + 1
+ End If
+ Else
+ myOctets = Split(myLines(i), "\")
+ For j = 1 To UBound(myOctets)
+ myData = myData & Chr(CByte("&o" & myOctets(j)))
+ Next
+ End If
+ End If
+ If InstrRev(myLines(i), "CVS_ID ") Then
+ myPattern = "^CVS_ID\s+""(.+?)"""
+ myRev = RegExprFirst(myPattern, myLines(i))
+ myStream.WriteText "# " & myRev & vbLf & vbLf
+ End If
+ If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
+ myInsideCert = TRUE
+ myUntrusted = TRUE
+ myData = ""
+ End If
+ If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then
+ myInsideLicense = TRUE
+ End If
+ If (myInsideLicense = TRUE) Then
+ myStream.WriteText myLines(i) & vbLf
+ myLicenseText = myLicenseText & Mid(myLines(i), 2) & vbLf
+ End If
+ If InstrRev(myLines(i), "***** END LICENSE BLOCK *****") Then
+ myInsideLicense = FALSE
+ If (myAskLiF = TRUE) Then
+ If Not (6 = objShell.PopUp(myLicenseText & vbLf & _
+ "Do you agree to the license shown above (required to proceed) ?",, _
+ mySelf, vbQuestion + vbYesNo + vbDefaultButton1)) Then
+ myStream.Close
+ objFSO.DeleteFile myCaFile, TRUE
+ WScript.Quit 2
+ End If
+ End If
+ End If
+Next
+
+' To stop the UTF-8 BOM from being written the stream has to be copied and
+' then saved as binary.
+Dim myCopy
+Set myCopy = CreateObject("ADODB.Stream")
+myCopy.Type = adTypeBinary
+myCopy.Open
+myStream.Position = 3 ' Skip UTF-8 BOM
+myStream.CopyTo myCopy
+myCopy.SaveToFile myCaFile, adSaveCreateOverWrite
+myCopy.Close
+myStream.Close
+Set myCopy = Nothing
+Set myStream = Nothing
+
+' Done
+objShell.PopUp "Done (" & myNumCerts & " CA certs processed, " & myNumSkipped & _
+ " untrusted skipped).", 20, mySelf, vbInformation
+WScript.Quit 0
+
+Function ConvertBinaryToUTF8(arrBytes)
+ Dim objStream
+ Set objStream = CreateObject("ADODB.Stream")
+ objStream.Open
+ objStream.Type = adTypeBinary
+ objStream.Write arrBytes
+ objStream.Position = 0
+ objStream.Type = adTypeText
+ objStream.Charset = "utf-8"
+ ConvertBinaryToUTF8 = objStream.ReadText
+ Set objStream = Nothing
+End Function
+
+Function SaveBinaryData(filename, data)
+ Dim objStream
+ Set objStream = CreateObject("ADODB.Stream")
+ objStream.Type = adTypeBinary
+ objStream.Open
+ objStream.Write data
+ objStream.SaveToFile filename, adSaveCreateOverWrite
+ objStream.Close
+ Set objStream = Nothing
+End Function
+
+Function RegExprFirst(SearchPattern, TheString)
+ Dim objRegExp, Matches ' create variables.
+ Set objRegExp = New RegExp ' create a regular expression.
+ objRegExp.Pattern = SearchPattern ' sets the search pattern.
+ objRegExp.IgnoreCase = TRUE ' set to ignores case.
+ objRegExp.Global = TRUE ' set to gloabal search.
+ Set Matches = objRegExp.Execute(TheString) ' do the search.
+ If (Matches.Count) Then
+ RegExprFirst = Matches(0).SubMatches(0) ' return first match.
+ Else
+ RegExprFirst = ""
+ End If
+ Set objRegExp = Nothing
+End Function
+
+Function Base64Encode(inData)
+ Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
+ Dim cOut, sOut, lWrap, I
+ lWrap = Int(myWrapLe * 3 / 4)
+
+ 'For each group of 3 bytes
+ For I = 1 To Len(inData) Step 3
+ Dim nGroup, pOut, sGroup
+
+ 'Create one long from this 3 bytes.
+ nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _
+ &H100 * MyASC(Mid(inData, I + 1, 1)) + _
+ MyASC(Mid(inData, I + 2, 1))
+
+ 'Oct splits the long To 8 groups with 3 bits
+ nGroup = Oct(nGroup)
+
+ 'Add leading zeros
+ nGroup = String(8 - Len(nGroup), "0") & nGroup
+
+ 'Convert To base64
+ pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) & _
+ Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) & _
+ Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) & _
+ Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1)
+
+ 'Add the part To OutPut string
+ sOut = sOut + pOut
+
+ 'Add a new line For Each myWrapLe chars In dest
+ If (I < Len(inData) - 2) Then
+ If (I + 2) Mod lWrap = 0 Then sOut = sOut & vbLf
+ End If
+ Next
+ Select Case Len(inData) Mod 3
+ Case 1: '8 bit final
+ sOut = Left(sOut, Len(sOut) - 2) & "=="
+ Case 2: '16 bit final
+ sOut = Left(sOut, Len(sOut) - 1) & "="
+ End Select
+ Base64Encode = sOut
+End Function
+
+Function MyASC(OneChar)
+ If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar)
+End Function
+
+' Return the date in the same format as perl to match mk-ca-bundle.pl output:
+' Wed Sep 7 03:12:05 2016
+Function ConvertDateToString(input)
+ Dim output
+ output = WeekDayName(WeekDay(input), TRUE) & " " & _
+ MonthName(Month(input), TRUE) & " "
+ If (Len(Day(input)) = 1) Then
+ output = output & " "
+ End If
+ output = output & _
+ Day(input) & " " & _
+ FormatDateTime(input, vbShortTime) & ":"
+ If (Len(Second(input)) = 1) Then
+ output = output & "0"
+ End If
+ output = output & _
+ Second(input) & " " & _
+ Year(input)
+ ConvertDateToString = output
+End Function
+
+' Convert local Date to UTC. Microsoft says:
+' Use Win32_ComputerSystem CurrentTimeZone property, because it automatically
+' adjusts the Time Zone bias for daylight saving time; Win32_Time Zone Bias
+' property does not.
+' https://msdn.microsoft.com/en-us/library/windows/desktop/ms696015.aspx
+Function LocalDateToUTC(localdate)
+ Dim item, offset
+ For Each item In GetObject("winmgmts:").InstancesOf("Win32_ComputerSystem")
+ offset = item.CurrentTimeZone ' the offset in minutes
+ Next
+ If (offset < 0) Then
+ LocalDateToUTC = DateAdd("n", ABS(offset), localdate)
+ Else
+ LocalDateToUTC = DateAdd("n", -ABS(offset), localdate)
+ End If
+ 'objShell.PopUp LocalDateToUTC
+End Function
+
+Function FileSHA256(filename)
+ Dim cmd, rval, tmpOut, tmpFh
+ if (myUseOpenSSL = TRUE) Then
+ tmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+ cmd = """" & myOpenSSL & """ dgst -r -sha256 -out """ & tmpOut & """ """ & filename & """"
+ rval = objShell.Run(cmd, 0, TRUE)
+ If Not (rval = 0) Then
+ MsgBox("Failed to get sha256 of """ & filename & """ with OpenSSL commandline!"), vbCritical, mySelf
+ objFSO.DeleteFile tmpOut, TRUE
+ WScript.Quit 3
+ End If
+ Set tmpFh = objFSO.OpenTextFile(tmpOut, 1)
+ FileSHA256 = RegExprFirst("^([0-9a-f]{64}) .+", tmpFh.ReadAll)
+ tmpFh.Close
+ objFSO.DeleteFile tmpOut, TRUE
+ Else
+ FileSHA256 = ""
+ End If
+End Function
diff --git a/libs/libcurl/src/mprintf.c b/libs/libcurl/src/mprintf.c
index 8f392c7f29..d2d91d7438 100644
--- a/libs/libcurl/src/mprintf.c
+++ b/libs/libcurl/src/mprintf.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1999 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -32,33 +32,20 @@
*
* If you ever want truly portable and good *printf() clones, the project that
* took on from here is named 'Trio' and you find more details on the trio web
- * page at http://daniel.haxx.se/trio/
+ * page at https://daniel.haxx.se/projects/trio/
*/
#include "curl_setup.h"
-
-#if defined(DJGPP) && (DJGPP_MINOR < 4)
-#undef _MPRINTF_REPLACE /* don't use x_was_used() here */
-#endif
-
#include <curl/mprintf.h>
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
-#ifndef SIZEOF_LONG_DOUBLE
-#define SIZEOF_LONG_DOUBLE 0
-#endif
-
/*
* If SIZEOF_SIZE_T has not been defined, default to the size of long.
*/
-#ifndef SIZEOF_SIZE_T
-# define SIZEOF_SIZE_T CURL_SIZEOF_LONG
-#endif
-
#ifdef HAVE_LONGLONG
# define LONG_LONG_TYPE long long
# define HAVE_LONG_LONG_TYPE
@@ -73,6 +60,19 @@
#endif
/*
+ * Non-ANSI integer extensions
+ */
+
+#if (defined(__BORLANDC__) && (__BORLANDC__ >= 0x520)) || \
+ (defined(__WATCOMC__) && defined(__386__)) || \
+ (defined(__POCC__) && defined(_MSC_VER)) || \
+ (defined(_WIN32_WCE)) || \
+ (defined(__MINGW32__)) || \
+ (defined(_MSC_VER) && (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64))
+# define MP_HAVE_INT_EXTENSIONS
+#endif
+
+/*
* Max integer data types that mprintf.c is capable
*/
@@ -84,7 +84,8 @@
# define mp_uintmax_t unsigned long
#endif
-#define BUFFSIZE 256 /* buffer for long-to-str and float-to-str calcs */
+#define BUFFSIZE 326 /* buffer for long-to-str and float-to-str calcs, should
+ fit negative DBL_MAX (317 letters) */
#define MAX_PARAMETERS 128 /* lame static limit */
#ifdef __AMIGA__
@@ -106,7 +107,7 @@ static const char upper_digits[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
} WHILE_FALSE
/* Data type to read from the arglist */
-typedef enum {
+typedef enum {
FORMAT_UNKNOWN = 0,
FORMAT_STRING,
FORMAT_PTR,
@@ -176,7 +177,7 @@ struct asprintf {
static long dprintf_DollarString(char *input, char **end)
{
- int number=0;
+ int number = 0;
while(ISDIGIT(*input)) {
number *= 10;
number += *input-'0';
@@ -189,17 +190,27 @@ static long dprintf_DollarString(char *input, char **end)
return 0;
}
-static int dprintf_IsQualifierNoDollar(char c)
+static bool dprintf_IsQualifierNoDollar(const char *fmt)
{
- switch (c) {
+#if defined(MP_HAVE_INT_EXTENSIONS)
+ if(!strncmp(fmt, "I32", 3) || !strncmp(fmt, "I64", 3)) {
+ return TRUE;
+ }
+#endif
+
+ switch(*fmt) {
case '-': case '+': case ' ': case '#': case '.':
case '0': case '1': case '2': case '3': case '4':
case '5': case '6': case '7': case '8': case '9':
case 'h': case 'l': case 'L': case 'z': case 'q':
case '*': case 'O':
- return 1; /* true */
+#if defined(MP_HAVE_INT_EXTENSIONS)
+ case 'I':
+#endif
+ return TRUE;
+
default:
- return 0; /* false */
+ return FALSE;
}
}
@@ -209,10 +220,12 @@ static int dprintf_IsQualifierNoDollar(char c)
* Create an index with the type of each parameter entry and its
* value (may vary in size)
*
+ * Returns zero on success.
+ *
******************************************************************/
-static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
- va_list arglist)
+static int dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
+ va_list arglist)
{
char *fmt = (char *)format;
int param_num = 0;
@@ -220,7 +233,7 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
long width;
long precision;
int flags;
- long max_param=0;
+ long max_param = 0;
long i;
while(*fmt) {
@@ -255,8 +268,20 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
/* Handle the flags */
- while(dprintf_IsQualifierNoDollar(*fmt)) {
- switch (*fmt++) {
+ while(dprintf_IsQualifierNoDollar(fmt)) {
+#if defined(MP_HAVE_INT_EXTENSIONS)
+ if(!strncmp(fmt, "I32", 3)) {
+ flags |= FLAGS_LONG;
+ fmt += 3;
+ }
+ else if(!strncmp(fmt, "I64", 3)) {
+ flags |= FLAGS_LONGLONG;
+ fmt += 3;
+ }
+ else
+#endif
+
+ switch(*fmt++) {
case ' ':
flags |= FLAGS_SPACE;
break;
@@ -271,7 +296,6 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
flags |= FLAGS_ALT;
break;
case '.':
- flags |= FLAGS_PREC;
if('*' == *fmt) {
/* The precision is picked from a specified parameter */
@@ -296,6 +320,15 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
case 'h':
flags |= FLAGS_SHORT;
break;
+#if defined(MP_HAVE_INT_EXTENSIONS)
+ case 'I':
+#if (SIZEOF_CURL_OFF_T > SIZEOF_LONG)
+ flags |= FLAGS_LONGLONG;
+#else
+ flags |= FLAGS_LONG;
+#endif
+ break;
+#endif
case 'l':
if(flags & FLAGS_LONG)
flags |= FLAGS_LONGLONG;
@@ -311,14 +344,14 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
case 'z':
/* the code below generates a warning if -Wunreachable-code is
used */
-#if (SIZEOF_SIZE_T > CURL_SIZEOF_LONG)
+#if (SIZEOF_SIZE_T > SIZEOF_LONG)
flags |= FLAGS_LONGLONG;
#else
flags |= FLAGS_LONG;
#endif
break;
case 'O':
-#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
+#if (SIZEOF_CURL_OFF_T > SIZEOF_LONG)
flags |= FLAGS_LONGLONG;
#else
flags |= FLAGS_LONG;
@@ -343,7 +376,7 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
else
width = param_num;
if(width > max_param)
- max_param=width;
+ max_param = width;
break;
default:
break;
@@ -354,6 +387,10 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
i = this_param - 1;
+ if((i < 0) || (i >= MAX_PARAMETERS))
+ /* out of allowed range */
+ return 1;
+
switch (*fmt) {
case 'S':
flags |= FLAGS_ALT;
@@ -421,37 +458,43 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
if(flags & FLAGS_WIDTHPARAM) {
/* we have the width specified from a parameter, so we make that
parameter's info setup properly */
- vto[i].width = width - 1;
- i = width - 1;
- vto[i].type = FORMAT_WIDTH;
- vto[i].flags = FLAGS_NEW;
- vto[i].precision = vto[i].width = 0; /* can't use width or precision
- of width! */
+ long k = width - 1;
+ vto[i].width = k;
+ vto[k].type = FORMAT_WIDTH;
+ vto[k].flags = FLAGS_NEW;
+ /* can't use width or precision of width! */
+ vto[k].width = 0;
+ vto[k].precision = 0;
}
if(flags & FLAGS_PRECPARAM) {
/* we have the precision specified from a parameter, so we make that
parameter's info setup properly */
- vto[i].precision = precision - 1;
- i = precision - 1;
- vto[i].type = FORMAT_WIDTH;
- vto[i].flags = FLAGS_NEW;
- vto[i].precision = vto[i].width = 0; /* can't use width or precision
- of width! */
+ long k = precision - 1;
+ vto[i].precision = k;
+ vto[k].type = FORMAT_WIDTH;
+ vto[k].flags = FLAGS_NEW;
+ /* can't use width or precision of width! */
+ vto[k].width = 0;
+ vto[k].precision = 0;
}
*endpos++ = fmt + 1; /* end of this sequence */
}
}
/* Read the arg list parameters into our data list */
- for(i=0; i<max_param; i++) {
- if((i + 1 < max_param) && (vto[i + 1].type == FORMAT_WIDTH)) {
- /* Width/precision arguments must be read before the main argument
- * they are attached to
- */
- vto[i + 1].data.num.as_signed = (mp_intmax_t)va_arg(arglist, int);
+ for(i = 0; i<max_param; i++) {
+ /* Width/precision arguments must be read before the main argument
+ they are attached to */
+ if(vto[i].flags & FLAGS_WIDTHPARAM) {
+ vto[vto[i].width].data.num.as_signed =
+ (mp_intmax_t)va_arg(arglist, int);
+ }
+ if(vto[i].flags & FLAGS_PRECPARAM) {
+ vto[vto[i].precision].data.num.as_signed =
+ (mp_intmax_t)va_arg(arglist, int);
}
- switch (vto[i].type) {
+ switch(vto[i].type) {
case FORMAT_STRING:
vto[i].data.str = va_arg(arglist, char *);
break;
@@ -504,7 +547,7 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
}
}
- return max_param;
+ return 0;
}
@@ -526,7 +569,7 @@ static int dprintf_formatf(
int done = 0;
long param; /* current parameter to read */
- long param_num=0; /* parameter counter */
+ long param_num = 0; /* parameter counter */
va_stack_t vto[MAX_PARAMETERS];
char *endpos[MAX_PARAMETERS];
@@ -536,8 +579,14 @@ static int dprintf_formatf(
va_stack_t *p;
+ /* 'workend' points to the final buffer byte position, but with an extra
+ byte as margin to avoid the (false?) warning Coverity gives us
+ otherwise */
+ char *workend = &work[sizeof(work) - 2];
+
/* Do the actual %-code parsing */
- dprintf_Pass1(format, vto, endpos, ap_save);
+ if(dprintf_Pass1(format, vto, endpos, ap_save))
+ return -1;
end = &endpos[0]; /* the initial end-position from the list dprintf_Pass1()
created for us */
@@ -557,7 +606,7 @@ static int dprintf_formatf(
int is_neg;
/* Base of a number to be written. */
- long base;
+ unsigned long base;
/* Integral values to be written. */
mp_uintmax_t num;
@@ -565,6 +614,8 @@ static int dprintf_formatf(
/* Used to convert negative in positive. */
mp_intmax_t signed_num;
+ char *w;
+
if(*f != '%') {
/* This isn't a format spec, so write everything out until the next one
OR end of string is reached. */
@@ -588,7 +639,7 @@ static int dprintf_formatf(
/* If this is a positional parameter, the position must follow immediately
after the %, thus create a %<num>$ sequence */
- param=dprintf_DollarString(f, &f);
+ param = dprintf_DollarString(f, &f);
if(!param)
param = param_num;
@@ -601,16 +652,30 @@ static int dprintf_formatf(
p = &vto[param];
/* pick up the specified width */
- if(p->flags & FLAGS_WIDTHPARAM)
+ if(p->flags & FLAGS_WIDTHPARAM) {
width = (long)vto[p->width].data.num.as_signed;
+ param_num++; /* since the width is extracted from a parameter, we
+ must skip that to get to the next one properly */
+ if(width < 0) {
+ /* "A negative field width is taken as a '-' flag followed by a
+ positive field width." */
+ width = -width;
+ p->flags |= FLAGS_LEFT;
+ p->flags &= ~FLAGS_PAD_NIL;
+ }
+ }
else
width = p->width;
/* pick up the specified precision */
if(p->flags & FLAGS_PRECPARAM) {
prec = (long)vto[p->precision].data.num.as_signed;
- param_num++; /* since the precision is extraced from a parameter, we
+ param_num++; /* since the precision is extracted from a parameter, we
must skip that to get to the next one properly */
+ if(prec < 0)
+ /* "A negative precision is taken as if the precision were
+ omitted." */
+ prec = -1;
}
else if(p->flags & FLAGS_PREC)
prec = p->precision;
@@ -619,7 +684,7 @@ static int dprintf_formatf(
is_alt = (p->flags & FLAGS_ALT) ? 1 : 0;
- switch (p->type) {
+ switch(p->type) {
case FORMAT_INT:
num = p->data.num.as_unsigned;
if(p->flags & FLAGS_CHAR) {
@@ -671,72 +736,68 @@ static int dprintf_formatf(
number:
/* Number of base BASE. */
- {
- char *workend = &work[sizeof(work) - 1];
- char *w;
-
- /* Supply a default precision if none was given. */
- if(prec == -1)
- prec = 1;
-
- /* Put the number in WORK. */
- w = workend;
- while(num > 0) {
- *w-- = digits[num % base];
- num /= base;
- }
- width -= (long)(workend - w);
- prec -= (long)(workend - w);
- if(is_alt && base == 8 && prec <= 0) {
- *w-- = '0';
- --width;
- }
+ /* Supply a default precision if none was given. */
+ if(prec == -1)
+ prec = 1;
- if(prec > 0) {
- width -= prec;
- while(prec-- > 0)
- *w-- = '0';
- }
+ /* Put the number in WORK. */
+ w = workend;
+ while(num > 0) {
+ *w-- = digits[num % base];
+ num /= base;
+ }
+ width -= (long)(workend - w);
+ prec -= (long)(workend - w);
- if(is_alt && base == 16)
- width -= 2;
+ if(is_alt && base == 8 && prec <= 0) {
+ *w-- = '0';
+ --width;
+ }
- if(is_neg || (p->flags & FLAGS_SHOWSIGN) || (p->flags & FLAGS_SPACE))
- --width;
+ if(prec > 0) {
+ width -= prec;
+ while(prec-- > 0)
+ *w-- = '0';
+ }
- if(!(p->flags & FLAGS_LEFT) && !(p->flags & FLAGS_PAD_NIL))
- while(width-- > 0)
- OUTCHAR(' ');
+ if(is_alt && base == 16)
+ width -= 2;
- if(is_neg)
- OUTCHAR('-');
- else if(p->flags & FLAGS_SHOWSIGN)
- OUTCHAR('+');
- else if(p->flags & FLAGS_SPACE)
- OUTCHAR(' ');
+ if(is_neg || (p->flags & FLAGS_SHOWSIGN) || (p->flags & FLAGS_SPACE))
+ --width;
- if(is_alt && base == 16) {
- OUTCHAR('0');
- if(p->flags & FLAGS_UPPER)
- OUTCHAR('X');
- else
- OUTCHAR('x');
- }
+ if(!(p->flags & FLAGS_LEFT) && !(p->flags & FLAGS_PAD_NIL))
+ while(width-- > 0)
+ OUTCHAR(' ');
- if(!(p->flags & FLAGS_LEFT) && (p->flags & FLAGS_PAD_NIL))
- while(width-- > 0)
- OUTCHAR('0');
+ if(is_neg)
+ OUTCHAR('-');
+ else if(p->flags & FLAGS_SHOWSIGN)
+ OUTCHAR('+');
+ else if(p->flags & FLAGS_SPACE)
+ OUTCHAR(' ');
+
+ if(is_alt && base == 16) {
+ OUTCHAR('0');
+ if(p->flags & FLAGS_UPPER)
+ OUTCHAR('X');
+ else
+ OUTCHAR('x');
+ }
- /* Write the number. */
- while(++w <= workend) {
- OUTCHAR(*w);
- }
+ if(!(p->flags & FLAGS_LEFT) && (p->flags & FLAGS_PAD_NIL))
+ while(width-- > 0)
+ OUTCHAR('0');
- if(p->flags & FLAGS_LEFT)
- while(width-- > 0)
- OUTCHAR(' ');
+ /* Write the number. */
+ while(++w <= workend) {
+ OUTCHAR(*w);
}
+
+ if(p->flags & FLAGS_LEFT)
+ while(width-- > 0)
+ OUTCHAR(' ');
break;
case FORMAT_STRING:
@@ -760,12 +821,12 @@ static int dprintf_formatf(
len = 0;
}
}
+ else if(prec != -1)
+ len = (size_t)prec;
else
len = strlen(str);
- if(prec != -1 && (size_t) prec < len)
- len = (size_t)prec;
- width -= (long)len;
+ width -= (len > LONG_MAX) ? LONG_MAX : (long)len;
if(p->flags & FLAGS_ALT)
OUTCHAR('"');
@@ -774,7 +835,7 @@ static int dprintf_formatf(
while(width-- > 0)
OUTCHAR(' ');
- while(len-- > 0)
+ while((len-- > 0) && *str)
OUTCHAR(*str++);
if(p->flags&FLAGS_LEFT)
while(width-- > 0)
@@ -848,12 +909,25 @@ static int dprintf_formatf(
*fptr = 0;
if(width >= 0) {
+ if(width >= (long)sizeof(work))
+ width = sizeof(work)-1;
/* RECURSIVE USAGE */
len = curl_msnprintf(fptr, left, "%ld", width);
fptr += len;
left -= len;
}
if(prec >= 0) {
+ /* for each digit in the integer part, we can have one less
+ precision */
+ size_t maxprec = sizeof(work) - 2;
+ double val = p->data.dnum;
+ while(val >= 10.0) {
+ val /= 10;
+ maxprec--;
+ }
+
+ if(prec > (long)maxprec)
+ prec = (long)maxprec-1;
/* RECURSIVE USAGE */
len = curl_msnprintf(fptr, left, ".%ld", prec);
fptr += len;
@@ -873,8 +947,8 @@ static int dprintf_formatf(
/* NOTE NOTE NOTE!! Not all sprintf implementations return number of
output characters */
(sprintf)(work, formatbuf, p->data.dnum);
-
- for(fptr=work; *fptr; fptr++)
+ DEBUGASSERT(strlen(work) <= sizeof(work));
+ for(fptr = work; *fptr; fptr++)
OUTCHAR(*fptr);
}
break;
@@ -906,7 +980,7 @@ static int dprintf_formatf(
/* fputc() look-alike */
static int addbyter(int output, FILE *data)
{
- struct nsprintf *infop=(struct nsprintf *)data;
+ struct nsprintf *infop = (struct nsprintf *)data;
unsigned char outc = (unsigned char)output;
if(infop->length < infop->max) {
@@ -930,7 +1004,7 @@ int curl_mvsnprintf(char *buffer, size_t maxlength, const char *format,
info.max = maxlength;
retcode = dprintf_formatf(&info, addbyter, format, ap_save);
- if(info.max) {
+ if((retcode != -1) && info.max) {
/* we terminate this with a zero byte */
if(info.max == info.length)
/* we're at maximum, scrap the last letter */
@@ -954,7 +1028,7 @@ int curl_msnprintf(char *buffer, size_t maxlength, const char *format, ...)
/* fputc() look-alike */
static int alloc_addbyter(int output, FILE *data)
{
- struct asprintf *infop=(struct asprintf *)data;
+ struct asprintf *infop = (struct asprintf *)data;
unsigned char outc = (unsigned char)output;
if(!infop->buffer) {
@@ -964,19 +1038,22 @@ static int alloc_addbyter(int output, FILE *data)
return -1; /* fail */
}
infop->alloc = 32;
- infop->len =0;
+ infop->len = 0;
}
- else if(infop->len+1 >= infop->alloc) {
- char *newptr;
+ else if(infop->len + 1 >= infop->alloc) {
+ char *newptr = NULL;
+ size_t newsize = infop->alloc*2;
- newptr = realloc(infop->buffer, infop->alloc*2);
+ /* detect wrap-around or other overflow problems */
+ if(newsize > infop->alloc)
+ newptr = realloc(infop->buffer, newsize);
if(!newptr) {
infop->fail = 1;
return -1; /* fail */
}
infop->buffer = newptr;
- infop->alloc *= 2;
+ infop->alloc = newsize;
}
infop->buffer[ infop->len ] = outc;
@@ -1009,8 +1086,7 @@ char *curl_maprintf(const char *format, ...)
info.buffer[info.len] = 0; /* we terminate this with a zero byte */
return info.buffer;
}
- else
- return strdup("");
+ return strdup("");
}
char *curl_mvaprintf(const char *format, va_list ap_save)
@@ -1034,8 +1110,7 @@ char *curl_mvaprintf(const char *format, va_list ap_save)
info.buffer[info.len] = 0; /* we terminate this with a zero byte */
return info.buffer;
}
- else
- return strdup("");
+ return strdup("");
}
static int storebuffer(int output, FILE *data)
@@ -1054,7 +1129,7 @@ int curl_msprintf(char *buffer, const char *format, ...)
va_start(ap_save, format);
retcode = dprintf_formatf(&buffer, storebuffer, format, ap_save);
va_end(ap_save);
- *buffer=0; /* we terminate this with a zero byte */
+ *buffer = 0; /* we terminate this with a zero byte */
return retcode;
}
@@ -1083,7 +1158,7 @@ int curl_mvsprintf(char *buffer, const char *format, va_list ap_save)
{
int retcode;
retcode = dprintf_formatf(&buffer, storebuffer, format, ap_save);
- *buffer=0; /* we terminate this with a zero byte */
+ *buffer = 0; /* we terminate this with a zero byte */
return retcode;
}
diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c
index e723a3ebf0..9728e5a2f2 100644
--- a/libs/libcurl/src/multi.c
+++ b/libs/libcurl/src/multi.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -30,6 +30,7 @@
#include "connect.h"
#include "progress.h"
#include "easyif.h"
+#include "share.h"
#include "multiif.h"
#include "sendf.h"
#include "timeval.h"
@@ -38,15 +39,15 @@
#include "warnless.h"
#include "speedcheck.h"
#include "conncache.h"
-#include "bundles.h"
#include "multihandle.h"
#include "pipeline.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "sigpipe.h"
+#include "vtls/vtls.h"
+#include "connect.h"
+#include "http_proxy.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/*
@@ -58,24 +59,22 @@
#define CURL_SOCKET_HASH_TABLE_SIZE 911
#endif
+#ifndef CURL_CONNECTION_HASH_SIZE
#define CURL_CONNECTION_HASH_SIZE 97
+#endif
#define CURL_MULTI_HANDLE 0x000bab1e
#define GOOD_MULTI_HANDLE(x) \
- ((x) && (((struct Curl_multi *)(x))->type == CURL_MULTI_HANDLE))
-#define GOOD_EASY_HANDLE(x) \
- ((x) && (((struct SessionHandle *)(x))->magic == CURLEASY_MAGIC_NUMBER))
+ ((x) && (x)->type == CURL_MULTI_HANDLE)
static void singlesocket(struct Curl_multi *multi,
- struct SessionHandle *data);
+ struct Curl_easy *data);
static int update_timer(struct Curl_multi *multi);
-static bool isHandleAtHead(struct SessionHandle *handle,
- struct curl_llist *pipeline);
-static CURLMcode add_next_timeout(struct timeval now,
+static CURLMcode add_next_timeout(struct curltime now,
struct Curl_multi *multi,
- struct SessionHandle *d);
+ struct Curl_easy *d);
static CURLMcode multi_timeout(struct Curl_multi *multi,
long *timeout_ms);
@@ -87,6 +86,7 @@ static const char * const statename[]={
"WAITRESOLVE",
"WAITCONNECT",
"WAITPROXYCONNECT",
+ "SENDPROTOCONNECT",
"PROTOCONNECT",
"WAITDO",
"DO",
@@ -102,19 +102,34 @@ static const char * const statename[]={
};
#endif
-static void multi_freetimeout(void *a, void *b);
+/* function pointer called once when switching TO a state */
+typedef void (*init_multistate_func)(struct Curl_easy *data);
/* always use this function to change state, to make debugging easier */
-static void mstate(struct SessionHandle *data, CURLMstate state
+static void mstate(struct Curl_easy *data, CURLMstate state
#ifdef DEBUGBUILD
, int lineno
#endif
)
{
-#ifdef DEBUGBUILD
- long connection_id = -5000;
-#endif
CURLMstate oldstate = data->mstate;
+ static const init_multistate_func finit[CURLM_STATE_LAST] = {
+ NULL,
+ NULL,
+ Curl_init_CONNECT, /* CONNECT */
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ Curl_connect_free /* DO */
+ /* the rest is NULL too */
+ };
+
+#if defined(DEBUGBUILD) && defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) lineno;
+#endif
if(oldstate == state)
/* don't bother when the new state is the same as the old state */
@@ -122,21 +137,28 @@ static void mstate(struct SessionHandle *data, CURLMstate state
data->mstate = state;
-#ifdef DEBUGBUILD
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
if(data->mstate >= CURLM_STATE_CONNECT_PEND &&
data->mstate < CURLM_STATE_COMPLETED) {
+ long connection_id = -5000;
+
if(data->easy_conn)
connection_id = data->easy_conn->connection_id;
infof(data,
- "STATE: %s => %s handle %p; line %d (connection #%ld) \n",
+ "STATE: %s => %s handle %p; line %d (connection #%ld)\n",
statename[oldstate], statename[data->mstate],
(void *)data, lineno, connection_id);
}
#endif
+
if(state == CURLM_STATE_COMPLETED)
/* changing to COMPLETED means there's one less easy handle 'alive' */
data->multi->num_alive--;
+
+ /* if this state has an init-function, run it */
+ if(finit[state])
+ finit[state](data);
}
#ifndef DEBUGBUILD
@@ -150,8 +172,7 @@ static void mstate(struct SessionHandle *data, CURLMstate state
*/
struct Curl_sh_entry {
- struct SessionHandle *easy;
- time_t timestamp;
+ struct Curl_easy *easy;
int action; /* what action READ/WRITE this socket waits for */
curl_socket_t socket; /* mainly to ease debugging */
void *socketp; /* settable by users with curl_multi_assign() */
@@ -161,13 +182,22 @@ struct Curl_sh_entry {
#define SH_READ 1
#define SH_WRITE 2
+/* look up a given socket in the socket hash, skip invalid sockets */
+static struct Curl_sh_entry *sh_getentry(struct curl_hash *sh,
+ curl_socket_t s)
+{
+ if(s != CURL_SOCKET_BAD)
+ /* only look for proper sockets */
+ return Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t));
+ return NULL;
+}
+
/* make sure this socket is present in the hash for this handle */
static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh,
curl_socket_t s,
- struct SessionHandle *data)
+ struct Curl_easy *data)
{
- struct Curl_sh_entry *there =
- Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t));
+ struct Curl_sh_entry *there = sh_getentry(sh, s);
struct Curl_sh_entry *check;
if(there)
@@ -178,11 +208,12 @@ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh,
check = calloc(1, sizeof(struct Curl_sh_entry));
if(!check)
return NULL; /* major failure */
+
check->easy = data;
check->socket = s;
/* make/add new hash entry */
- if(NULL == Curl_hash_add(sh, (char *)&s, sizeof(curl_socket_t), check)) {
+ if(!Curl_hash_add(sh, (char *)&s, sizeof(curl_socket_t), check)) {
free(check);
return NULL; /* major failure */
}
@@ -194,15 +225,9 @@ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh,
/* delete the given socket + handle from the hash */
static void sh_delentry(struct curl_hash *sh, curl_socket_t s)
{
- struct Curl_sh_entry *there =
- Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t));
-
- if(there) {
- /* this socket is in the hash */
- /* We remove the hash entry. (This'll end up in a call to
- sh_freeentry().) */
- Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t));
- }
+ /* We remove the hash entry. This will end up in a call to
+ sh_freeentry(). */
+ Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t));
}
/*
@@ -212,23 +237,22 @@ static void sh_freeentry(void *freethis)
{
struct Curl_sh_entry *p = (struct Curl_sh_entry *) freethis;
- if(p)
- free(p);
+ free(p);
}
static size_t fd_key_compare(void *k1, size_t k1_len, void *k2, size_t k2_len)
{
(void) k1_len; (void) k2_len;
- return (*((int *) k1)) == (*((int *) k2));
+ return (*((curl_socket_t *) k1)) == (*((curl_socket_t *) k2));
}
static size_t hash_fd(void *key, size_t key_length, size_t slots_num)
{
- int fd = *((int *) key);
+ curl_socket_t fd = *((curl_socket_t *) key);
(void) key_length;
- return (fd % (int)slots_num);
+ return (fd % slots_num);
}
/*
@@ -249,10 +273,10 @@ static size_t hash_fd(void *key, size_t key_length, size_t slots_num)
* per call."
*
*/
-static struct curl_hash *sh_init(int hashsize)
+static int sh_init(struct curl_hash *hash, int hashsize)
{
- return Curl_hash_alloc(hashsize, hash_fd, fd_key_compare,
- sh_freeentry);
+ return Curl_hash_init(hash, hashsize, hash_fd, fd_key_compare,
+ sh_freeentry);
}
/*
@@ -264,9 +288,8 @@ static struct curl_hash *sh_init(int hashsize)
static CURLMcode multi_addmsg(struct Curl_multi *multi,
struct Curl_message *msg)
{
- if(!Curl_llist_insert_next(multi->msglist, multi->msglist->tail, msg))
- return CURLM_OUT_OF_MEMORY;
-
+ Curl_llist_insert_next(&multi->msglist, multi->msglist.tail, msg,
+ &msg->list);
return CURLM_OK;
}
@@ -291,67 +314,51 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
multi->type = CURL_MULTI_HANDLE;
- multi->hostcache = Curl_mk_dnscache();
- if(!multi->hostcache)
+ if(Curl_mk_dnscache(&multi->hostcache))
goto error;
- multi->sockhash = sh_init(hashsize);
- if(!multi->sockhash)
+ if(sh_init(&multi->sockhash, hashsize))
goto error;
- multi->conn_cache = Curl_conncache_init(chashsize);
- if(!multi->conn_cache)
+ if(Curl_conncache_init(&multi->conn_cache, chashsize))
goto error;
- multi->msglist = Curl_llist_alloc(multi_freeamsg);
- if(!multi->msglist)
- goto error;
-
- /* allocate a new easy handle to use when closing cached connections */
- multi->closure_handle = curl_easy_init();
- if(!multi->closure_handle)
- goto error;
-
- multi->closure_handle->multi = multi;
- multi->closure_handle->state.conn_cache = multi->conn_cache;
+ Curl_llist_init(&multi->msglist, multi_freeamsg);
+ Curl_llist_init(&multi->pending, multi_freeamsg);
multi->max_pipeline_length = 5;
- return (CURLM *) multi;
+
+ /* -1 means it not set by user, use the default value */
+ multi->maxconnects = -1;
+ return multi;
error:
- Curl_hash_destroy(multi->sockhash);
- multi->sockhash = NULL;
- Curl_hash_destroy(multi->hostcache);
- multi->hostcache = NULL;
- Curl_conncache_destroy(multi->conn_cache);
- multi->conn_cache = NULL;
- Curl_close(multi->closure_handle);
- multi->closure_handle = NULL;
+ Curl_hash_destroy(&multi->sockhash);
+ Curl_hash_destroy(&multi->hostcache);
+ Curl_conncache_destroy(&multi->conn_cache);
+ Curl_llist_destroy(&multi->msglist, NULL);
+ Curl_llist_destroy(&multi->pending, NULL);
free(multi);
return NULL;
}
-CURLM *curl_multi_init(void)
+struct Curl_multi *curl_multi_init(void)
{
return Curl_multi_handle(CURL_SOCKET_HASH_TABLE_SIZE,
CURL_CONNECTION_HASH_SIZE);
}
-CURLMcode curl_multi_add_handle(CURLM *multi_handle,
- CURL *easy_handle)
+CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+ struct Curl_easy *data)
{
- struct curl_llist *timeoutlist;
- struct Curl_multi *multi = (struct Curl_multi *)multi_handle;
- struct SessionHandle *data = (struct SessionHandle *)easy_handle;
-
/* First, make some basic checks that the CURLM handle is a good handle */
if(!GOOD_MULTI_HANDLE(multi))
return CURLM_BAD_HANDLE;
/* Verify that we got a somewhat good easy handle too */
- if(!GOOD_EASY_HANDLE(easy_handle))
+ if(!GOOD_EASY_HANDLE(data))
return CURLM_BAD_EASY_HANDLE;
/* Prevent users from adding same easy handle more than once and prevent
@@ -359,10 +366,8 @@ CURLMcode curl_multi_add_handle(CURLM *multi_handle,
if(data->multi)
return CURLM_ADDED_ALREADY;
- /* Allocate and initialize timeout list for easy handle */
- timeoutlist = Curl_llist_alloc(multi_freetimeout);
- if(!timeoutlist)
- return CURLM_OUT_OF_MEMORY;
+ /* Initialize timeout list for this handle */
+ Curl_llist_init(&data->state.timeoutlist, NULL);
/*
* No failure allowed in this function beyond this point. And no
@@ -371,10 +376,6 @@ CURLMcode curl_multi_add_handle(CURLM *multi_handle,
* function no matter what.
*/
- /* Make easy handle use timeout list initialized above */
- data->state.timeoutlist = timeoutlist;
- timeoutlist = NULL;
-
/* set the easy handle */
multistate(data, CURLM_STATE_INIT);
@@ -392,35 +393,37 @@ CURLMcode curl_multi_add_handle(CURLM *multi_handle,
easy handle's one is currently not set. */
else if(!data->dns.hostcache ||
(data->dns.hostcachetype == HCACHE_NONE)) {
- data->dns.hostcache = multi->hostcache;
+ data->dns.hostcache = &multi->hostcache;
data->dns.hostcachetype = HCACHE_MULTI;
}
- /* Point to the multi's connection cache */
- data->state.conn_cache = multi->conn_cache;
+ /* Point to the shared or multi handle connection cache */
+ if(data->share && (data->share->specifier & (1<< CURL_LOCK_DATA_CONNECT)))
+ data->state.conn_cache = &data->share->conn_cache;
+ else
+ data->state.conn_cache = &multi->conn_cache;
/* This adds the new entry at the 'end' of the doubly-linked circular
- list of SessionHandle structs to try and maintain a FIFO queue so
+ list of Curl_easy structs to try and maintain a FIFO queue so
the pipelined requests are in order. */
/* We add this new entry last in the list. */
data->next = NULL; /* end of the line */
if(multi->easyp) {
- struct SessionHandle *last = multi->easylp;
+ struct Curl_easy *last = multi->easylp;
last->next = data;
data->prev = last;
multi->easylp = data; /* the new last node */
}
else {
- /* first node, make both prev and next be NULL! */
- data->next = NULL;
+ /* first node, make prev NULL! */
data->prev = NULL;
multi->easylp = multi->easyp = data; /* both first and last */
}
- /* make the SessionHandle refer back to this multi handle */
- data->multi = multi_handle;
+ /* make the Curl_easy refer back to this multi handle */
+ data->multi = multi;
/* Set the timeout for this handle to expire really soon so that it will
be taken care of even when this handle is added in the midst of operation
@@ -428,7 +431,7 @@ CURLMcode curl_multi_add_handle(CURLM *multi_handle,
sockets that time-out or have actions will be dealt with. Since this
handle has no action yet, we make sure it times out to get things to
happen. */
- Curl_expire(data, 1);
+ Curl_expire(data, 0, EXPIRE_RUN_NOW);
/* increase the node-counter */
multi->num_easy++;
@@ -448,6 +451,14 @@ CURLMcode curl_multi_add_handle(CURLM *multi_handle,
handle is added */
memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall));
+ /* The closure handle only ever has default timeouts set. To improve the
+ state somewhat we clone the timeouts from each added handle so that the
+ closure handle always has the same timeouts as the most recently added
+ easy handle. */
+ data->state.conn_cache->closure_handle->set.timeout = data->set.timeout;
+ data->state.conn_cache->closure_handle->set.server_response_timeout =
+ data->set.server_response_timeout;
+
update_timer(multi);
return CURLM_OK;
}
@@ -468,151 +479,316 @@ static void debug_print_sock_hash(void *p)
}
#endif
-CURLMcode curl_multi_remove_handle(CURLM *multi_handle,
- CURL *curl_handle)
+/* Mark the connection as 'idle', or close it if the cache is full.
+ Returns TRUE if the connection is kept, or FALSE if it was closed. */
+static bool
+ConnectionDone(struct Curl_easy *data, struct connectdata *conn)
+{
+ /* data->multi->maxconnects can be negative, deal with it. */
+ size_t maxconnects =
+ (data->multi->maxconnects < 0) ? data->multi->num_easy * 4:
+ data->multi->maxconnects;
+ struct connectdata *conn_candidate = NULL;
+
+ /* Mark the current connection as 'unused' */
+ conn->inuse = FALSE;
+
+ if(maxconnects > 0 &&
+ data->state.conn_cache->num_connections > maxconnects) {
+ infof(data, "Connection cache is full, closing the oldest one.\n");
+
+ conn_candidate = Curl_conncache_oldest_idle(data);
+
+ if(conn_candidate) {
+ /* Set the connection's owner correctly */
+ conn_candidate->data = data;
+
+ /* the winner gets the honour of being disconnected */
+ (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
+ }
+ }
+
+ return (conn_candidate == conn) ? FALSE : TRUE;
+}
+
+static CURLcode multi_done(struct connectdata **connp,
+ CURLcode status, /* an error if this is called
+ after an error was detected */
+ bool premature)
+{
+ CURLcode result;
+ struct connectdata *conn;
+ struct Curl_easy *data;
+ unsigned int i;
+
+ DEBUGASSERT(*connp);
+
+ conn = *connp;
+ data = conn->data;
+
+ DEBUGF(infof(data, "multi_done\n"));
+
+ if(data->state.done)
+ /* Stop if multi_done() has already been called */
+ return CURLE_OK;
+
+ Curl_getoff_all_pipelines(data, conn);
+
+ /* Cleanup possible redirect junk */
+ free(data->req.newurl);
+ data->req.newurl = NULL;
+ free(data->req.location);
+ data->req.location = NULL;
+
+ switch(status) {
+ case CURLE_ABORTED_BY_CALLBACK:
+ case CURLE_READ_ERROR:
+ case CURLE_WRITE_ERROR:
+ /* When we're aborted due to a callback return code it basically have to
+ be counted as premature as there is trouble ahead if we don't. We have
+ many callbacks and protocols work differently, we could potentially do
+ this more fine-grained in the future. */
+ premature = TRUE;
+ default:
+ break;
+ }
+
+ /* this calls the protocol-specific function pointer previously set */
+ if(conn->handler->done)
+ result = conn->handler->done(conn, status, premature);
+ else
+ result = status;
+
+ if(CURLE_ABORTED_BY_CALLBACK != result) {
+ /* avoid this if we already aborted by callback to avoid this calling
+ another callback */
+ CURLcode rc = Curl_pgrsDone(conn);
+ if(!result && rc)
+ result = CURLE_ABORTED_BY_CALLBACK;
+ }
+
+ if(conn->send_pipe.size + conn->recv_pipe.size != 0 &&
+ !data->set.reuse_forbid &&
+ !conn->bits.close) {
+ /* Stop if pipeline is not empty and we do not have to close
+ connection. */
+ data->easy_conn = NULL;
+ DEBUGF(infof(data, "Connection still in use, no more multi_done now!\n"));
+ return CURLE_OK;
+ }
+
+ data->state.done = TRUE; /* called just now! */
+ Curl_resolver_cancel(conn);
+
+ if(conn->dns_entry) {
+ Curl_resolv_unlock(data, conn->dns_entry); /* done with this */
+ conn->dns_entry = NULL;
+ }
+
+ /* if the transfer was completed in a paused state there can be buffered
+ data left to free */
+ for(i = 0; i < data->state.tempcount; i++) {
+ free(data->state.tempwrite[i].buf);
+ }
+ data->state.tempcount = 0;
+
+ /* if data->set.reuse_forbid is TRUE, it means the libcurl client has
+ forced us to close this connection. This is ignored for requests taking
+ place in a NTLM authentication handshake
+
+ if conn->bits.close is TRUE, it means that the connection should be
+ closed in spite of all our efforts to be nice, due to protocol
+ restrictions in our or the server's end
+
+ if premature is TRUE, it means this connection was said to be DONE before
+ the entire request operation is complete and thus we can't know in what
+ state it is for re-using, so we're forced to close it. In a perfect world
+ we can add code that keep track of if we really must close it here or not,
+ but currently we have no such detail knowledge.
+ */
+
+ if((data->set.reuse_forbid
+#if defined(USE_NTLM)
+ && !(conn->ntlm.state == NTLMSTATE_TYPE2 ||
+ conn->proxyntlm.state == NTLMSTATE_TYPE2)
+#endif
+ ) || conn->bits.close || premature) {
+ CURLcode res2 = Curl_disconnect(conn, premature); /* close connection */
+
+ /* If we had an error already, make sure we return that one. But
+ if we got a new error, return that. */
+ if(!result && res2)
+ result = res2;
+ }
+ else {
+ /* the connection is no longer in use */
+ if(ConnectionDone(data, conn)) {
+ /* remember the most recently used connection */
+ data->state.lastconnect = conn;
+
+ infof(data, "Connection #%ld to host %s left intact\n",
+ conn->connection_id,
+ conn->bits.socksproxy ? conn->socks_proxy.host.dispname :
+ conn->bits.httpproxy ? conn->http_proxy.host.dispname :
+ conn->bits.conn_to_host ? conn->conn_to_host.dispname :
+ conn->host.dispname);
+ }
+ else
+ data->state.lastconnect = NULL;
+ }
+
+ *connp = NULL; /* to make the caller of this function better detect that
+ this was either closed or handed over to the connection
+ cache here, and therefore cannot be used from this point on
+ */
+ Curl_free_request_state(data);
+
+ return result;
+}
+
+CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
+ struct Curl_easy *data)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
- struct SessionHandle *easy = curl_handle;
- struct SessionHandle *data = easy;
+ struct Curl_easy *easy = data;
+ bool premature;
+ bool easy_owns_conn;
+ struct curl_llist_element *e;
/* First, make some basic checks that the CURLM handle is a good handle */
if(!GOOD_MULTI_HANDLE(multi))
return CURLM_BAD_HANDLE;
/* Verify that we got a somewhat good easy handle too */
- if(!GOOD_EASY_HANDLE(curl_handle))
+ if(!GOOD_EASY_HANDLE(data))
return CURLM_BAD_EASY_HANDLE;
/* Prevent users from trying to remove same easy handle more than once */
if(!data->multi)
return CURLM_OK; /* it is already removed so let's say it is fine! */
- if(easy) {
- bool premature = (data->mstate < CURLM_STATE_COMPLETED) ? TRUE : FALSE;
- bool easy_owns_conn = (data->easy_conn &&
- (data->easy_conn->data == easy)) ?
- TRUE : FALSE;
+ premature = (data->mstate < CURLM_STATE_COMPLETED) ? TRUE : FALSE;
+ easy_owns_conn = (data->easy_conn && (data->easy_conn->data == easy)) ?
+ TRUE : FALSE;
- /* If the 'state' is not INIT or COMPLETED, we might need to do something
- nice to put the easy_handle in a good known state when this returns. */
- if(premature)
- /* this handle is "alive" so we need to count down the total number of
- alive connections when this is removed */
- multi->num_alive--;
-
- if(data->easy_conn &&
- (data->easy_conn->send_pipe->size +
- data->easy_conn->recv_pipe->size > 1) &&
- data->mstate > CURLM_STATE_WAITDO &&
- data->mstate < CURLM_STATE_COMPLETED) {
- /* If the handle is in a pipeline and has started sending off its
- request but not received its response yet, we need to close
- connection. */
- data->easy_conn->bits.close = TRUE;
- /* Set connection owner so that Curl_done() closes it.
- We can sefely do this here since connection is killed. */
- data->easy_conn->data = easy;
- }
+ /* If the 'state' is not INIT or COMPLETED, we might need to do something
+ nice to put the easy_handle in a good known state when this returns. */
+ if(premature) {
+ /* this handle is "alive" so we need to count down the total number of
+ alive connections when this is removed */
+ multi->num_alive--;
- /* The timer must be shut down before data->multi is set to NULL,
- else the timenode will remain in the splay tree after
- curl_easy_cleanup is called. */
- Curl_expire(data, 0);
+ /* When this handle gets removed, other handles may be able to get the
+ connection */
+ Curl_multi_process_pending_handles(multi);
+ }
- /* destroy the timeout list that is held in the easy handle */
- if(data->state.timeoutlist) {
- Curl_llist_destroy(data->state.timeoutlist, NULL);
- data->state.timeoutlist = NULL;
- }
+ if(data->easy_conn &&
+ data->mstate > CURLM_STATE_DO &&
+ data->mstate < CURLM_STATE_COMPLETED) {
+ /* Set connection owner so that the DONE function closes it. We can
+ safely do this here since connection is killed. */
+ data->easy_conn->data = easy;
+ /* If the handle is in a pipeline and has started sending off its
+ request but not received its response yet, we need to close
+ connection. */
+ streamclose(data->easy_conn, "Removed with partial response");
+ easy_owns_conn = TRUE;
+ }
- if(data->dns.hostcachetype == HCACHE_MULTI) {
- /* stop using the multi handle's DNS cache */
- data->dns.hostcache = NULL;
- data->dns.hostcachetype = HCACHE_NONE;
- }
+ /* The timer must be shut down before data->multi is set to NULL,
+ else the timenode will remain in the splay tree after
+ curl_easy_cleanup is called. */
+ Curl_expire_clear(data);
- if(data->easy_conn) {
+ if(data->easy_conn) {
- /* we must call Curl_done() here (if we still "own it") so that we don't
- leave a half-baked one around */
- if(easy_owns_conn) {
+ /* we must call multi_done() here (if we still own the connection) so that
+ we don't leave a half-baked one around */
+ if(easy_owns_conn) {
- /* Curl_done() clears the conn->data field to lose the association
- between the easy handle and the connection
+ /* multi_done() clears the conn->data field to lose the association
+ between the easy handle and the connection
- Note that this ignores the return code simply because there's
- nothing really useful to do with it anyway! */
- (void)Curl_done(&data->easy_conn, data->result, premature);
- }
- else
- /* Clear connection pipelines, if Curl_done above was not called */
- Curl_getoff_all_pipelines(data, data->easy_conn);
+ Note that this ignores the return code simply because there's
+ nothing really useful to do with it anyway! */
+ (void)multi_done(&data->easy_conn, data->result, premature);
}
+ else
+ /* Clear connection pipelines, if multi_done above was not called */
+ Curl_getoff_all_pipelines(data, data->easy_conn);
+ }
- /* as this was using a shared connection cache we clear the pointer
- to that since we're not part of that multi handle anymore */
- data->state.conn_cache = NULL;
+ if(data->dns.hostcachetype == HCACHE_MULTI) {
+ /* stop using the multi handle's DNS cache, *after* the possible
+ multi_done() call above */
+ data->dns.hostcache = NULL;
+ data->dns.hostcachetype = HCACHE_NONE;
+ }
- /* change state without using multistate(), only to make singlesocket() do
- what we want */
- data->mstate = CURLM_STATE_COMPLETED;
- singlesocket(multi, easy); /* to let the application know what sockets
- that vanish with this handle */
+ Curl_wildcard_dtor(&data->wildcard);
- /* Remove the association between the connection and the handle */
- if(data->easy_conn) {
- data->easy_conn->data = NULL;
- data->easy_conn = NULL;
- }
+ /* destroy the timeout list that is held in the easy handle, do this *after*
+ multi_done() as that may actually call Curl_expire that uses this */
+ Curl_llist_destroy(&data->state.timeoutlist, NULL);
- data->multi = NULL; /* clear the association to this multi handle */
+ /* as this was using a shared connection cache we clear the pointer to that
+ since we're not part of that multi handle anymore */
+ data->state.conn_cache = NULL;
- {
- /* make sure there's no pending message in the queue sent from this easy
- handle */
- struct curl_llist_element *e;
+ /* change state without using multistate(), only to make singlesocket() do
+ what we want */
+ data->mstate = CURLM_STATE_COMPLETED;
+ singlesocket(multi, easy); /* to let the application know what sockets that
+ vanish with this handle */
- for(e = multi->msglist->head; e; e = e->next) {
- struct Curl_message *msg = e->ptr;
+ /* Remove the association between the connection and the handle */
+ if(data->easy_conn) {
+ data->easy_conn->data = NULL;
+ data->easy_conn = NULL;
+ }
- if(msg->extmsg.easy_handle == easy) {
- Curl_llist_remove(multi->msglist, e, NULL);
- /* there can only be one from this specific handle */
- break;
- }
- }
- }
+ data->multi = NULL; /* clear the association to this multi handle */
- /* make the previous node point to our next */
- if(data->prev)
- data->prev->next = data->next;
- else
- multi->easyp = data->next; /* point to first node */
+ /* make sure there's no pending message in the queue sent from this easy
+ handle */
- /* make our next point to our previous node */
- if(data->next)
- data->next->prev = data->prev;
- else
- multi->easylp = data->prev; /* point to last node */
+ for(e = multi->msglist.head; e; e = e->next) {
+ struct Curl_message *msg = e->ptr;
- /* NOTE NOTE NOTE
- We do not touch the easy handle here! */
+ if(msg->extmsg.easy_handle == easy) {
+ Curl_llist_remove(&multi->msglist, e, NULL);
+ /* there can only be one from this specific handle */
+ break;
+ }
+ }
- multi->num_easy--; /* one less to care about now */
+ /* make the previous node point to our next */
+ if(data->prev)
+ data->prev->next = data->next;
+ else
+ multi->easyp = data->next; /* point to first node */
- update_timer(multi);
- return CURLM_OK;
- }
+ /* make our next point to our previous node */
+ if(data->next)
+ data->next->prev = data->prev;
else
- return CURLM_BAD_EASY_HANDLE; /* twasn't found */
+ multi->easylp = data->prev; /* point to last node */
+
+ /* NOTE NOTE NOTE
+ We do not touch the easy handle here! */
+ multi->num_easy--; /* one less to care about now */
+
+ update_timer(multi);
+ return CURLM_OK;
}
-bool Curl_multi_pipeline_enabled(const struct Curl_multi *multi)
+/* Return TRUE if the application asked for a certain set of pipelining */
+bool Curl_pipeline_wanted(const struct Curl_multi *multi, int bits)
{
- return (multi && multi->pipelining_enabled) ? TRUE : FALSE;
+ return (multi && (multi->pipelining & bits)) ? TRUE : FALSE;
}
-void Curl_multi_handlePipeBreak(struct SessionHandle *data)
+void Curl_multi_handlePipeBreak(struct Curl_easy *data)
{
data->easy_conn = NULL;
}
@@ -621,6 +797,32 @@ static int waitconnect_getsock(struct connectdata *conn,
curl_socket_t *sock,
int numsocks)
{
+ int i;
+ int s = 0;
+ int rc = 0;
+
+ if(!numsocks)
+ return GETSOCK_BLANK;
+
+#ifdef USE_SSL
+ if(CONNECT_FIRSTSOCKET_PROXY_SSL())
+ return Curl_ssl_getsock(conn, sock, numsocks);
+#endif
+
+ for(i = 0; i<2; i++) {
+ if(conn->tempsock[i] != CURL_SOCKET_BAD) {
+ sock[s] = conn->tempsock[i];
+ rc |= GETSOCK_WRITESOCK(s++);
+ }
+ }
+
+ return rc;
+}
+
+static int waitproxyconnect_getsock(struct connectdata *conn,
+ curl_socket_t *sock,
+ int numsocks)
+{
if(!numsocks)
return GETSOCK_BLANK;
@@ -628,7 +830,7 @@ static int waitconnect_getsock(struct connectdata *conn,
/* when we've sent a CONNECT to a proxy, we should rather wait for the
socket to become readable to be able to get the response headers */
- if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+ if(conn->connect_state)
return GETSOCK_READSOCK(0);
return GETSOCK_WRITESOCK(0);
@@ -644,7 +846,7 @@ static int domore_getsock(struct connectdata *conn,
}
/* returns bitmapped flags for this handle and its sockets */
-static int multi_getsock(struct SessionHandle *data,
+static int multi_getsock(struct Curl_easy *data,
curl_socket_t *socks, /* points to numsocks number
of sockets */
int numsocks)
@@ -684,6 +886,7 @@ static int multi_getsock(struct SessionHandle *data,
return Curl_resolver_getsock(data->easy_conn, socks, numsocks);
case CURLM_STATE_PROTOCONNECT:
+ case CURLM_STATE_SENDPROTOCONNECT:
return Curl_protocol_getsock(data->easy_conn, socks, numsocks);
case CURLM_STATE_DO:
@@ -691,6 +894,8 @@ static int multi_getsock(struct SessionHandle *data,
return Curl_doing_getsock(data->easy_conn, socks, numsocks);
case CURLM_STATE_WAITPROXYCONNECT:
+ return waitproxyconnect_getsock(data->easy_conn, socks, numsocks);
+
case CURLM_STATE_WAITCONNECT:
return waitconnect_getsock(data->easy_conn, socks, numsocks);
@@ -707,16 +912,15 @@ static int multi_getsock(struct SessionHandle *data,
}
-CURLMcode curl_multi_fdset(CURLM *multi_handle,
+CURLMcode curl_multi_fdset(struct Curl_multi *multi,
fd_set *read_fd_set, fd_set *write_fd_set,
fd_set *exc_fd_set, int *max_fd)
{
/* Scan through all the easy handles to get the file descriptors set.
Some easy handles may not have connected to the remote host yet,
and then we must make sure that is done. */
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
- struct SessionHandle *data;
- int this_max_fd=-1;
+ struct Curl_easy *data;
+ int this_max_fd = -1;
curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE];
int bitmap;
int i;
@@ -725,11 +929,11 @@ CURLMcode curl_multi_fdset(CURLM *multi_handle,
if(!GOOD_MULTI_HANDLE(multi))
return CURLM_BAD_HANDLE;
- data=multi->easyp;
+ data = multi->easyp;
while(data) {
bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE);
- for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
+ for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) {
curl_socket_t s = CURL_SOCKET_BAD;
if((bitmap & GETSOCK_READSOCK(i)) && VALID_SOCK((sockbunch[i]))) {
@@ -743,10 +947,8 @@ CURLMcode curl_multi_fdset(CURLM *multi_handle,
if(s == CURL_SOCKET_BAD)
/* this socket is unused, break out of loop */
break;
- else {
- if((int)s > this_max_fd)
- this_max_fd = (int)s;
- }
+ if((int)s > this_max_fd)
+ this_max_fd = (int)s;
}
data = data->next; /* check next handle */
@@ -757,38 +959,42 @@ CURLMcode curl_multi_fdset(CURLM *multi_handle,
return CURLM_OK;
}
-CURLMcode curl_multi_wait(CURLM *multi_handle,
+#define NUM_POLLS_ON_STACK 10
+
+CURLMcode curl_multi_wait(struct Curl_multi *multi,
struct curl_waitfd extra_fds[],
unsigned int extra_nfds,
int timeout_ms,
int *ret)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
- struct SessionHandle *data;
+ struct Curl_easy *data;
curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE];
int bitmap;
unsigned int i;
unsigned int nfds = 0;
unsigned int curlfds;
struct pollfd *ufds = NULL;
+ bool ufds_malloc = FALSE;
long timeout_internal;
+ int retcode = 0;
+ struct pollfd a_few_on_stack[NUM_POLLS_ON_STACK];
if(!GOOD_MULTI_HANDLE(multi))
return CURLM_BAD_HANDLE;
/* If the internally desired timeout is actually shorter than requested from
the outside, then use the shorter time! But only if the internal timer
- is actually larger than 0! */
+ is actually larger than -1! */
(void)multi_timeout(multi, &timeout_internal);
- if((timeout_internal > 0) && (timeout_internal < (long)timeout_ms))
+ if((timeout_internal >= 0) && (timeout_internal < (long)timeout_ms))
timeout_ms = (int)timeout_internal;
/* Count up how many fds we have from the multi handle */
- data=multi->easyp;
+ data = multi->easyp;
while(data) {
bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE);
- for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
+ for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) {
curl_socket_t s = CURL_SOCKET_BAD;
if(bitmap & GETSOCK_READSOCK(i)) {
@@ -811,9 +1017,18 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
nfds += extra_nfds; /* add the externally provided ones */
if(nfds) {
- ufds = malloc(nfds * sizeof(struct pollfd));
- if(!ufds)
- return CURLM_OUT_OF_MEMORY;
+ if(nfds > NUM_POLLS_ON_STACK) {
+ /* 'nfds' is a 32 bit value and 'struct pollfd' is typically 8 bytes
+ big, so at 2^29 sockets this value might wrap. When a process gets
+ the capability to actually handle over 500 million sockets this
+ calculation needs a integer overflow check. */
+ ufds = malloc(nfds * sizeof(struct pollfd));
+ if(!ufds)
+ return CURLM_OUT_OF_MEMORY;
+ ufds_malloc = TRUE;
+ }
+ else
+ ufds = &a_few_on_stack[0];
}
nfds = 0;
@@ -822,11 +1037,11 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
if(curlfds) {
/* Add the curl handles to our pollfds first */
- data=multi->easyp;
+ data = multi->easyp;
while(data) {
bitmap = multi_getsock(data, sockbunch, MAX_SOCKSPEREASYHANDLE);
- for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++) {
+ for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) {
curl_socket_t s = CURL_SOCKET_BAD;
if(bitmap & GETSOCK_READSOCK(i)) {
@@ -864,17 +1079,20 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
}
if(nfds) {
+ int pollrc;
/* wait... */
- i = Curl_poll(ufds, nfds, timeout_ms);
+ pollrc = Curl_poll(ufds, nfds, timeout_ms);
+ DEBUGF(infof(data, "Curl_poll(%d ds, %d ms) == %d\n",
+ nfds, timeout_ms, pollrc));
- if(i) {
- unsigned int j;
+ if(pollrc > 0) {
+ retcode = pollrc;
/* copy revents results from the poll to the curl_multi_wait poll
struct, the bit values of the actual underlying poll() implementation
may not be the same as the ones in the public libcurl API! */
- for(j = 0; j < extra_nfds; j++) {
+ for(i = 0; i < extra_nfds; i++) {
unsigned short mask = 0;
- unsigned r = ufds[curlfds + j].revents;
+ unsigned r = ufds[curlfds + i].revents;
if(r & POLLIN)
mask |= CURL_WAIT_POLLIN;
@@ -883,22 +1101,204 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
if(r & POLLPRI)
mask |= CURL_WAIT_POLLPRI;
- extra_fds[j].revents = mask;
+ extra_fds[i].revents = mask;
}
}
}
- else
- i = 0;
- Curl_safefree(ufds);
+ if(ufds_malloc)
+ free(ufds);
if(ret)
- *ret = i;
+ *ret = retcode;
return CURLM_OK;
}
+/*
+ * Curl_multi_connchanged() is called to tell that there is a connection in
+ * this multi handle that has changed state (pipelining become possible, the
+ * number of allowed streams changed or similar), and a subsequent use of this
+ * multi handle should move CONNECT_PEND handles back to CONNECT to have them
+ * retry.
+ */
+void Curl_multi_connchanged(struct Curl_multi *multi)
+{
+ multi->recheckstate = TRUE;
+}
+
+/*
+ * multi_ischanged() is called
+ *
+ * Returns TRUE/FALSE whether the state is changed to trigger a CONNECT_PEND
+ * => CONNECT action.
+ *
+ * Set 'clear' to TRUE to have it also clear the state variable.
+ */
+static bool multi_ischanged(struct Curl_multi *multi, bool clear)
+{
+ bool retval = multi->recheckstate;
+ if(clear)
+ multi->recheckstate = FALSE;
+ return retval;
+}
+
+CURLMcode Curl_multi_add_perform(struct Curl_multi *multi,
+ struct Curl_easy *data,
+ struct connectdata *conn)
+{
+ CURLMcode rc;
+
+ rc = curl_multi_add_handle(multi, data);
+ if(!rc) {
+ struct SingleRequest *k = &data->req;
+
+ /* pass in NULL for 'conn' here since we don't want to init the
+ connection, only this transfer */
+ Curl_init_do(data, NULL);
+
+ /* take this handle to the perform state right away */
+ multistate(data, CURLM_STATE_PERFORM);
+ data->easy_conn = conn;
+ k->keepon |= KEEP_RECV; /* setup to receive! */
+ }
+ return rc;
+}
+
+static CURLcode multi_reconnect_request(struct connectdata **connp)
+{
+ CURLcode result = CURLE_OK;
+ struct connectdata *conn = *connp;
+ struct Curl_easy *data = conn->data;
+
+ /* This was a re-use of a connection and we got a write error in the
+ * DO-phase. Then we DISCONNECT this connection and have another attempt to
+ * CONNECT and then DO again! The retry cannot possibly find another
+ * connection to re-use, since we only keep one possible connection for
+ * each. */
+
+ infof(data, "Re-used connection seems dead, get a new one\n");
+
+ connclose(conn, "Reconnect dead connection"); /* enforce close */
+ result = multi_done(&conn, result, FALSE); /* we are so done with this */
+
+ /* conn may no longer be a good pointer, clear it to avoid mistakes by
+ parent functions */
+ *connp = NULL;
+
+ /*
+ * We need to check for CURLE_SEND_ERROR here as well. This could happen
+ * when the request failed on a FTP connection and thus multi_done() itself
+ * tried to use the connection (again).
+ */
+ if(!result || (CURLE_SEND_ERROR == result)) {
+ bool async;
+ bool protocol_done = TRUE;
+
+ /* Now, redo the connect and get a new connection */
+ result = Curl_connect(data, connp, &async, &protocol_done);
+ if(!result) {
+ /* We have connected or sent away a name resolve query fine */
+
+ conn = *connp; /* setup conn to again point to something nice */
+ if(async) {
+ /* Now, if async is TRUE here, we need to wait for the name
+ to resolve */
+ result = Curl_resolver_wait_resolv(conn, NULL);
+ if(result)
+ return result;
+
+ /* Resolved, continue with the connection */
+ result = Curl_async_resolved(conn, &protocol_done);
+ if(result)
+ return result;
+ }
+ }
+ }
+
+ return result;
+}
+
+/*
+ * do_complete is called when the DO actions are complete.
+ *
+ * We init chunking and trailer bits to their default values here immediately
+ * before receiving any header data for the current request in the pipeline.
+ */
+static void do_complete(struct connectdata *conn)
+{
+ conn->data->req.chunk = FALSE;
+ conn->data->req.maxfd = (conn->sockfd>conn->writesockfd?
+ conn->sockfd:conn->writesockfd) + 1;
+ Curl_pgrsTime(conn->data, TIMER_PRETRANSFER);
+}
+
+static CURLcode multi_do(struct connectdata **connp, bool *done)
+{
+ CURLcode result = CURLE_OK;
+ struct connectdata *conn = *connp;
+ struct Curl_easy *data = conn->data;
+
+ if(conn->handler->do_it) {
+ /* generic protocol-specific function pointer set in curl_connect() */
+ result = conn->handler->do_it(conn, done);
+
+ /* This was formerly done in transfer.c, but we better do it here */
+ if((CURLE_SEND_ERROR == result) && conn->bits.reuse) {
+ /*
+ * If the connection is using an easy handle, call reconnect
+ * to re-establish the connection. Otherwise, let the multi logic
+ * figure out how to re-establish the connection.
+ */
+ if(!data->multi) {
+ result = multi_reconnect_request(connp);
+
+ if(!result) {
+ /* ... finally back to actually retry the DO phase */
+ conn = *connp; /* re-assign conn since multi_reconnect_request
+ creates a new connection */
+ result = conn->handler->do_it(conn, done);
+ }
+ }
+ else
+ return result;
+ }
+
+ if(!result && *done)
+ /* do_complete must be called after the protocol-specific DO function */
+ do_complete(conn);
+ }
+ return result;
+}
+
+/*
+ * multi_do_more() is called during the DO_MORE multi state. It is basically a
+ * second stage DO state which (wrongly) was introduced to support FTP's
+ * second connection.
+ *
+ * TODO: A future libcurl should be able to work away this state.
+ *
+ * 'complete' can return 0 for incomplete, 1 for done and -1 for go back to
+ * DOING state there's more work to do!
+ */
+
+static CURLcode multi_do_more(struct connectdata *conn, int *complete)
+{
+ CURLcode result = CURLE_OK;
+
+ *complete = 0;
+
+ if(conn->handler->do_more)
+ result = conn->handler->do_more(conn, complete);
+
+ if(!result && (*complete == 1))
+ /* do_complete must be called after the protocol-specific DO function */
+ do_complete(conn);
+
+ return result;
+}
+
static CURLMcode multi_runsingle(struct Curl_multi *multi,
- struct timeval now,
- struct SessionHandle *data)
+ struct curltime now,
+ struct Curl_easy *data)
{
struct Curl_message *msg = NULL;
bool connected;
@@ -906,35 +1306,39 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
bool protocol_connect = FALSE;
bool dophase_done = FALSE;
bool done = FALSE;
- CURLMcode result = CURLM_OK;
+ CURLMcode rc;
+ CURLcode result = CURLE_OK;
struct SingleRequest *k;
- long timeout_ms;
+ time_t timeout_ms;
+ time_t recv_timeout_ms;
+ timediff_t send_timeout_ms;
int control;
if(!GOOD_EASY_HANDLE(data))
return CURLM_BAD_EASY_HANDLE;
do {
- /* this is a single-iteration do-while loop just to allow a
- break to skip to the end of it */
- bool disconnect_conn = FALSE;
+ /* A "stream" here is a logical stream if the protocol can handle that
+ (HTTP/2), or the full connection for older protocols */
+ bool stream_error = FALSE;
+ rc = CURLM_OK;
/* Handle the case when the pipe breaks, i.e., the connection
we're using gets cleaned up and we're left with nothing. */
if(data->state.pipe_broke) {
- infof(data, "Pipe broke: handle 0x%p, url = %s\n",
+ infof(data, "Pipe broke: handle %p, url = %s\n",
(void *)data, data->state.path);
if(data->mstate < CURLM_STATE_COMPLETED) {
/* Head back to the CONNECT state */
multistate(data, CURLM_STATE_CONNECT);
- result = CURLM_CALL_MULTI_PERFORM;
- data->result = CURLE_OK;
+ rc = CURLM_CALL_MULTI_PERFORM;
+ result = CURLE_OK;
}
data->state.pipe_broke = FALSE;
data->easy_conn = NULL;
- break;
+ continue;
}
if(!data->easy_conn &&
@@ -947,6 +1351,11 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
return CURLM_INTERNAL_ERROR;
}
+ if(multi_ischanged(multi, TRUE)) {
+ DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!\n"));
+ Curl_multi_process_pending_handles(multi);
+ }
+
if(data->easy_conn && data->mstate > CURLM_STATE_CONNECT &&
data->mstate < CURLM_STATE_COMPLETED)
/* Make sure we set the connection's current owner */
@@ -966,37 +1375,49 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* Handle timed out */
if(data->mstate == CURLM_STATE_WAITRESOLVE)
failf(data, "Resolving timed out after %ld milliseconds",
- Curl_tvdiff(now, data->progress.t_startsingle));
+ Curl_timediff(now, data->progress.t_startsingle));
else if(data->mstate == CURLM_STATE_WAITCONNECT)
failf(data, "Connection timed out after %ld milliseconds",
- Curl_tvdiff(now, data->progress.t_startsingle));
+ Curl_timediff(now, data->progress.t_startsingle));
else {
k = &data->req;
- failf(data, "Operation timed out after %ld milliseconds with %"
- FORMAT_OFF_T " out of %" FORMAT_OFF_T " bytes received",
- Curl_tvdiff(now, data->progress.t_startsingle), k->bytecount,
- k->size);
+ if(k->size != -1) {
+ failf(data, "Operation timed out after %ld milliseconds with %"
+ CURL_FORMAT_CURL_OFF_T " out of %"
+ CURL_FORMAT_CURL_OFF_T " bytes received",
+ Curl_timediff(now, data->progress.t_startsingle),
+ k->bytecount, k->size);
+ }
+ else {
+ failf(data, "Operation timed out after %ld milliseconds with %"
+ CURL_FORMAT_CURL_OFF_T " bytes received",
+ Curl_timediff(now, data->progress.t_startsingle),
+ k->bytecount);
+ }
}
- /* Force the connection closed because the server could continue to
- send us stuff at any time. (The disconnect_conn logic used below
- doesn't work at this point). */
- data->easy_conn->bits.close = TRUE;
- data->result = CURLE_OPERATION_TIMEDOUT;
- multistate(data, CURLM_STATE_COMPLETED);
- break;
+ /* Force connection closed if the connection has indeed been used */
+ if(data->mstate > CURLM_STATE_DO) {
+ streamclose(data->easy_conn, "Disconnected with pending data");
+ stream_error = TRUE;
+ }
+ result = CURLE_OPERATION_TIMEDOUT;
+ (void)multi_done(&data->easy_conn, result, TRUE);
+ /* Skip the statemachine and go directly to error handling section. */
+ goto statemachine_end;
}
}
switch(data->mstate) {
case CURLM_STATE_INIT:
/* init this transfer. */
- data->result=Curl_pretransfer(data);
+ result = Curl_pretransfer(data);
- if(CURLE_OK == data->result) {
+ if(!result) {
/* after init, go CONNECT */
multistate(data, CURLM_STATE_CONNECT);
- result = CURLM_CALL_MULTI_PERFORM;
+ Curl_pgrsTime(data, TIMER_STARTOP);
+ rc = CURLM_CALL_MULTI_PERFORM;
}
break;
@@ -1008,21 +1429,25 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_CONNECT:
/* Connect. We want to get a connection identifier filled in. */
Curl_pgrsTime(data, TIMER_STARTSINGLE);
- data->result = Curl_connect(data, &data->easy_conn,
- &async, &protocol_connect);
- if(CURLE_NO_CONNECTION_AVAILABLE == data->result) {
+ result = Curl_connect(data, &data->easy_conn,
+ &async, &protocol_connect);
+ if(CURLE_NO_CONNECTION_AVAILABLE == result) {
/* There was no connection available. We will go to the pending
state and wait for an available connection. */
multistate(data, CURLM_STATE_CONNECT_PEND);
- data->result = CURLE_OK;
+
+ /* add this handle to the list of connect-pending handles */
+ Curl_llist_insert_next(&multi->pending, multi->pending.tail, data,
+ &data->connect_queue);
+ result = CURLE_OK;
break;
}
- if(CURLE_OK == data->result) {
+ if(!result) {
/* Add this handle to the send or pend pipeline */
- data->result = Curl_add_handle_to_pipeline(data, data->easy_conn);
- if(CURLE_OK != data->result)
- disconnect_conn = TRUE;
+ result = Curl_add_handle_to_pipeline(data, data->easy_conn);
+ if(result)
+ stream_error = TRUE;
else {
if(async)
/* We're now waiting for an asynchronous name lookup */
@@ -1031,14 +1456,14 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* after the connect has been sent off, go WAITCONNECT unless the
protocol connect is already done and we can go directly to
WAITDO or DO! */
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
if(protocol_connect)
- multistate(data, multi->pipelining_enabled?
+ multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
CURLM_STATE_WAITDO:CURLM_STATE_DO);
else {
#ifndef CURL_DISABLE_HTTP
- if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+ if(Curl_connect_ongoing(data->easy_conn))
multistate(data, CURLM_STATE_WAITPROXYCONNECT);
else
#endif
@@ -1053,9 +1478,30 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* awaiting an asynch name resolve to complete */
{
struct Curl_dns_entry *dns = NULL;
+ struct connectdata *conn = data->easy_conn;
+ const char *hostname;
+
+ if(conn->bits.httpproxy)
+ hostname = conn->http_proxy.host.name;
+ else if(conn->bits.conn_to_host)
+ hostname = conn->conn_to_host.name;
+ else
+ hostname = conn->host.name;
/* check if we have the name resolved by now */
- data->result = Curl_resolver_is_resolved(data->easy_conn, &dns);
+ dns = Curl_fetch_addr(conn, hostname, (int)conn->port);
+
+ if(dns) {
+#ifdef CURLRES_ASYNCH
+ conn->async.dns = dns;
+ conn->async.done = TRUE;
+#endif
+ result = CURLE_OK;
+ infof(data, "Hostname '%s' was found in DNS cache\n", hostname);
+ }
+
+ if(!dns)
+ result = Curl_resolver_is_resolved(data->easy_conn, &dns);
/* Update sockets here, because the socket(s) may have been
closed and the application thus needs to be told, even if it
@@ -1068,22 +1514,21 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(dns) {
/* Perform the next step in the connection phase, and then move on
to the WAITCONNECT state */
- data->result = Curl_async_resolved(data->easy_conn,
- &protocol_connect);
+ result = Curl_async_resolved(data->easy_conn, &protocol_connect);
- if(CURLE_OK != data->result)
+ if(result)
/* if Curl_async_resolved() returns failure, the connection struct
is already freed and gone */
data->easy_conn = NULL; /* no more connection */
else {
/* call again please so that we get the next socket setup */
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
if(protocol_connect)
- multistate(data, multi->pipelining_enabled?
+ multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
CURLM_STATE_WAITDO:CURLM_STATE_DO);
else {
#ifndef CURL_DISABLE_HTTP
- if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
+ if(Curl_connect_ongoing(data->easy_conn))
multistate(data, CURLM_STATE_WAITPROXYCONNECT);
else
#endif
@@ -1092,9 +1537,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
}
- if(CURLE_OK != data->result) {
+ if(result) {
/* failure detected */
- disconnect_conn = TRUE;
+ stream_error = TRUE;
break;
}
}
@@ -1103,139 +1548,128 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
#ifndef CURL_DISABLE_HTTP
case CURLM_STATE_WAITPROXYCONNECT:
/* this is HTTP-specific, but sending CONNECT to a proxy is HTTP... */
- data->result = Curl_http_connect(data->easy_conn, &protocol_connect);
+ result = Curl_http_connect(data->easy_conn, &protocol_connect);
if(data->easy_conn->bits.proxy_connect_closed) {
- /* reset the error buffer */
- if(data->set.errorbuffer)
- data->set.errorbuffer[0] = '\0';
- data->state.errorbuf = FALSE;
-
- data->result = CURLE_OK;
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
+ /* connect back to proxy again */
+ result = CURLE_OK;
+ multi_done(&data->easy_conn, CURLE_OK, FALSE);
multistate(data, CURLM_STATE_CONNECT);
}
- else if(CURLE_OK == data->result) {
- if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_COMPLETE)
- multistate(data, CURLM_STATE_WAITCONNECT);
+ else if(!result) {
+ if((data->easy_conn->http_proxy.proxytype != CURLPROXY_HTTPS ||
+ data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) &&
+ Curl_connect_complete(data->easy_conn)) {
+ rc = CURLM_CALL_MULTI_PERFORM;
+ /* initiate protocol connect phase */
+ multistate(data, CURLM_STATE_SENDPROTOCONNECT);
+ }
}
break;
#endif
case CURLM_STATE_WAITCONNECT:
- /* awaiting a completion of an asynch connect */
- data->result = Curl_is_connected(data->easy_conn,
- FIRSTSOCKET,
- &connected);
- if(connected) {
-
- if(!data->result)
- /* if everything is still fine we do the protocol-specific connect
- setup */
- data->result = Curl_protocol_connect(data->easy_conn,
- &protocol_connect);
+ /* awaiting a completion of an asynch TCP connect */
+ result = Curl_is_connected(data->easy_conn, FIRSTSOCKET, &connected);
+ if(connected && !result) {
+#ifndef CURL_DISABLE_HTTP
+ if((data->easy_conn->http_proxy.proxytype == CURLPROXY_HTTPS &&
+ !data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) ||
+ Curl_connect_ongoing(data->easy_conn)) {
+ multistate(data, CURLM_STATE_WAITPROXYCONNECT);
+ break;
+ }
+#endif
+ rc = CURLM_CALL_MULTI_PERFORM;
+ multistate(data, data->easy_conn->bits.tunnel_proxy?
+ CURLM_STATE_WAITPROXYCONNECT:
+ CURLM_STATE_SENDPROTOCONNECT);
}
-
- if(CURLE_OK != data->result) {
+ else if(result) {
/* failure detected */
/* Just break, the cleaning up is handled all in one place */
- disconnect_conn = TRUE;
+ stream_error = TRUE;
break;
}
+ break;
- if(connected) {
- if(!protocol_connect) {
- /* We have a TCP connection, but 'protocol_connect' may be false
- and then we continue to 'STATE_PROTOCONNECT'. If protocol
- connect is TRUE, we move on to STATE_DO.
- BUT if we are using a proxy we must change to WAITPROXYCONNECT
- */
-#ifndef CURL_DISABLE_HTTP
- if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
- multistate(data, CURLM_STATE_WAITPROXYCONNECT);
- else
-#endif
- multistate(data, CURLM_STATE_PROTOCONNECT);
-
- }
- else
- /* after the connect has completed, go WAITDO or DO */
- multistate(data, multi->pipelining_enabled?
- CURLM_STATE_WAITDO:CURLM_STATE_DO);
-
- result = CURLM_CALL_MULTI_PERFORM;
+ case CURLM_STATE_SENDPROTOCONNECT:
+ result = Curl_protocol_connect(data->easy_conn, &protocol_connect);
+ if(!protocol_connect)
+ /* switch to waiting state */
+ multistate(data, CURLM_STATE_PROTOCONNECT);
+ else if(!result) {
+ /* protocol connect has completed, go WAITDO or DO */
+ multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
+ CURLM_STATE_WAITDO:CURLM_STATE_DO);
+ rc = CURLM_CALL_MULTI_PERFORM;
+ }
+ else if(result) {
+ /* failure detected */
+ Curl_posttransfer(data);
+ multi_done(&data->easy_conn, result, TRUE);
+ stream_error = TRUE;
}
break;
case CURLM_STATE_PROTOCONNECT:
/* protocol-specific connect phase */
- data->result = Curl_protocol_connecting(data->easy_conn,
- &protocol_connect);
- if((data->result == CURLE_OK) && protocol_connect) {
+ result = Curl_protocol_connecting(data->easy_conn, &protocol_connect);
+ if(!result && protocol_connect) {
/* after the connect has completed, go WAITDO or DO */
- multistate(data, multi->pipelining_enabled?
+ multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
CURLM_STATE_WAITDO:CURLM_STATE_DO);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
- else if(data->result) {
+ else if(result) {
/* failure detected */
Curl_posttransfer(data);
- Curl_done(&data->easy_conn, data->result, TRUE);
- disconnect_conn = TRUE;
+ multi_done(&data->easy_conn, result, TRUE);
+ stream_error = TRUE;
}
break;
case CURLM_STATE_WAITDO:
/* Wait for our turn to DO when we're pipelining requests */
-#ifdef DEBUGBUILD
- infof(data, "WAITDO: Conn %ld send pipe %zu inuse %s athead %s\n",
- data->easy_conn->connection_id,
- data->easy_conn->send_pipe->size,
- data->easy_conn->writechannel_inuse?"TRUE":"FALSE",
- isHandleAtHead(data,
- data->easy_conn->send_pipe)?"TRUE":"FALSE");
-#endif
- if(!data->easy_conn->writechannel_inuse &&
- isHandleAtHead(data,
- data->easy_conn->send_pipe)) {
- /* Grab the channel */
- data->easy_conn->writechannel_inuse = TRUE;
+ if(Curl_pipeline_checkget_write(data, data->easy_conn)) {
+ /* Grabbed the channel */
multistate(data, CURLM_STATE_DO);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
break;
case CURLM_STATE_DO:
if(data->set.connect_only) {
/* keep connection open for application to use the socket */
- data->easy_conn->bits.close = FALSE;
+ connkeep(data->easy_conn, "CONNECT_ONLY");
multistate(data, CURLM_STATE_DONE);
- data->result = CURLE_OK;
- result = CURLM_CALL_MULTI_PERFORM;
+ result = CURLE_OK;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
else {
/* Perform the protocol's DO action */
- data->result = Curl_do(&data->easy_conn, &dophase_done);
+ result = multi_do(&data->easy_conn, &dophase_done);
- /* When Curl_do() returns failure, data->easy_conn might be NULL! */
+ /* When multi_do() returns failure, data->easy_conn might be NULL! */
- if(CURLE_OK == data->result) {
+ if(!result) {
if(!dophase_done) {
/* some steps needed for wildcard matching */
- if(data->set.wildcardmatch) {
+ if(data->state.wildcardmatch) {
struct WildcardData *wc = &data->wildcard;
if(wc->state == CURLWC_DONE || wc->state == CURLWC_SKIP) {
/* skip some states if it is important */
- Curl_done(&data->easy_conn, CURLE_OK, FALSE);
+ multi_done(&data->easy_conn, CURLE_OK, FALSE);
multistate(data, CURLM_STATE_DONE);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
break;
}
}
/* DO was not completed in one function call, we must continue
DOING... */
multistate(data, CURLM_STATE_DOING);
- result = CURLM_OK;
+ rc = CURLM_OK;
}
/* after DO, go DO_DONE... or DO_MORE */
@@ -1243,15 +1677,15 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* we're supposed to do more, but we need to sit down, relax
and wait a little while first */
multistate(data, CURLM_STATE_DO_MORE);
- result = CURLM_OK;
+ rc = CURLM_OK;
}
else {
/* we're done with the DO, now DO_DONE */
multistate(data, CURLM_STATE_DO_DONE);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
}
- else if((CURLE_SEND_ERROR == data->result) &&
+ else if((CURLE_SEND_ERROR == result) &&
data->easy_conn->bits.reuse) {
/*
* In this situation, a connection that we were trying to use
@@ -1259,78 +1693,77 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
* back to the CONNECT phase so we can try again.
*/
char *newurl = NULL;
- followtype follow=FOLLOW_NONE;
+ followtype follow = FOLLOW_NONE;
CURLcode drc;
bool retry = FALSE;
drc = Curl_retry_request(data->easy_conn, &newurl);
if(drc) {
/* a failure here pretty much implies an out of memory */
- data->result = drc;
- disconnect_conn = TRUE;
+ result = drc;
+ stream_error = TRUE;
}
else
retry = (newurl)?TRUE:FALSE;
Curl_posttransfer(data);
- drc = Curl_done(&data->easy_conn, data->result, FALSE);
+ drc = multi_done(&data->easy_conn, result, FALSE);
/* When set to retry the connection, we must to go back to
* the CONNECT state */
if(retry) {
- if((drc == CURLE_OK) || (drc == CURLE_SEND_ERROR)) {
+ if(!drc || (drc == CURLE_SEND_ERROR)) {
follow = FOLLOW_RETRY;
drc = Curl_follow(data, newurl, follow);
- if(drc == CURLE_OK) {
+ if(!drc) {
multistate(data, CURLM_STATE_CONNECT);
- result = CURLM_CALL_MULTI_PERFORM;
- data->result = CURLE_OK;
+ rc = CURLM_CALL_MULTI_PERFORM;
+ result = CURLE_OK;
}
else {
/* Follow failed */
- data->result = drc;
- free(newurl);
+ result = drc;
}
}
else {
/* done didn't return OK or SEND_ERROR */
- data->result = drc;
- free(newurl);
+ result = drc;
}
}
else {
/* Have error handler disconnect conn if we can't retry */
- disconnect_conn = TRUE;
+ stream_error = TRUE;
}
+ free(newurl);
}
else {
/* failure detected */
Curl_posttransfer(data);
if(data->easy_conn)
- Curl_done(&data->easy_conn, data->result, FALSE);
- disconnect_conn = TRUE;
+ multi_done(&data->easy_conn, result, FALSE);
+ stream_error = TRUE;
}
}
break;
case CURLM_STATE_DOING:
/* we continue DOING until the DO phase is complete */
- data->result = Curl_protocol_doing(data->easy_conn,
- &dophase_done);
- if(CURLE_OK == data->result) {
+ result = Curl_protocol_doing(data->easy_conn,
+ &dophase_done);
+ if(!result) {
if(dophase_done) {
/* after DO, go DO_DONE or DO_MORE */
multistate(data, data->easy_conn->bits.do_more?
CURLM_STATE_DO_MORE:
CURLM_STATE_DO_DONE);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
} /* dophase_done */
}
else {
/* failure detected */
Curl_posttransfer(data);
- Curl_done(&data->easy_conn, data->result, FALSE);
- disconnect_conn = TRUE;
+ multi_done(&data->easy_conn, result, FALSE);
+ stream_error = TRUE;
}
break;
@@ -1338,28 +1771,28 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/*
* When we are connected, DO MORE and then go DO_DONE
*/
- data->result = Curl_do_more(data->easy_conn, &control);
+ result = multi_do_more(data->easy_conn, &control);
/* No need to remove this handle from the send pipeline here since that
- is done in Curl_done() */
- if(CURLE_OK == data->result) {
+ is done in multi_done() */
+ if(!result) {
if(control) {
/* if positive, advance to DO_DONE
if negative, go back to DOING */
- multistate(data, control==1?
+ multistate(data, control == 1?
CURLM_STATE_DO_DONE:
CURLM_STATE_DOING);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
else
/* stay in DO_MORE */
- result = CURLM_OK;
+ rc = CURLM_OK;
}
else {
/* failure detected */
Curl_posttransfer(data);
- Curl_done(&data->easy_conn, data->result, FALSE);
- disconnect_conn = TRUE;
+ multi_done(&data->easy_conn, result, FALSE);
+ stream_error = TRUE;
}
break;
@@ -1368,99 +1801,112 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
Curl_move_handle_from_send_to_recv_pipe(data, data->easy_conn);
/* Check if we can move pending requests to send pipe */
Curl_multi_process_pending_handles(multi);
- multistate(data, CURLM_STATE_WAITPERFORM);
- result = CURLM_CALL_MULTI_PERFORM;
+
+ /* Only perform the transfer if there's a good socket to work with.
+ Having both BAD is a signal to skip immediately to DONE */
+ if((data->easy_conn->sockfd != CURL_SOCKET_BAD) ||
+ (data->easy_conn->writesockfd != CURL_SOCKET_BAD))
+ multistate(data, CURLM_STATE_WAITPERFORM);
+ else
+ {
+ if(data->state.wildcardmatch &&
+ ((data->easy_conn->handler->flags & PROTOPT_WILDCARD) == 0)) {
+ data->wildcard.state = CURLWC_DONE;
+ }
+ multistate(data, CURLM_STATE_DONE);
+ }
+ rc = CURLM_CALL_MULTI_PERFORM;
break;
case CURLM_STATE_WAITPERFORM:
/* Wait for our turn to PERFORM */
- if(!data->easy_conn->readchannel_inuse &&
- isHandleAtHead(data,
- data->easy_conn->recv_pipe)) {
- /* Grab the channel */
- data->easy_conn->readchannel_inuse = TRUE;
+ if(Curl_pipeline_checkget_read(data, data->easy_conn)) {
+ /* Grabbed the channel */
multistate(data, CURLM_STATE_PERFORM);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
-#ifdef DEBUGBUILD
- else {
- infof(data, "WAITPERFORM: Conn %ld recv pipe %zu inuse %s athead %s\n",
- data->easy_conn->connection_id,
- data->easy_conn->recv_pipe->size,
- data->easy_conn->readchannel_inuse?"TRUE":"FALSE",
- isHandleAtHead(data,
- data->easy_conn->recv_pipe)?"TRUE":"FALSE");
- }
-#endif
break;
case CURLM_STATE_TOOFAST: /* limit-rate exceeded in either direction */
/* if both rates are within spec, resume transfer */
if(Curl_pgrsUpdate(data->easy_conn))
- data->result = CURLE_ABORTED_BY_CALLBACK;
+ result = CURLE_ABORTED_BY_CALLBACK;
else
- data->result = Curl_speedcheck(data, now);
-
- if(( (data->set.max_send_speed == 0) ||
- (data->progress.ulspeed < data->set.max_send_speed )) &&
- ( (data->set.max_recv_speed == 0) ||
- (data->progress.dlspeed < data->set.max_recv_speed)))
- multistate(data, CURLM_STATE_PERFORM);
+ result = Curl_speedcheck(data, now);
+
+ if(!result) {
+ send_timeout_ms = 0;
+ if(data->set.max_send_speed > 0)
+ send_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.uploaded,
+ data->progress.ul_limit_size,
+ data->set.max_send_speed,
+ data->progress.ul_limit_start,
+ now);
+
+ recv_timeout_ms = 0;
+ if(data->set.max_recv_speed > 0)
+ recv_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.downloaded,
+ data->progress.dl_limit_size,
+ data->set.max_recv_speed,
+ data->progress.dl_limit_start,
+ now);
+
+ if(send_timeout_ms <= 0 && recv_timeout_ms <= 0)
+ multistate(data, CURLM_STATE_PERFORM);
+ else if(send_timeout_ms >= recv_timeout_ms)
+ Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST);
+ else
+ Curl_expire(data, recv_timeout_ms, EXPIRE_TOOFAST);
+ }
break;
case CURLM_STATE_PERFORM:
- {
+ {
char *newurl = NULL;
bool retry = FALSE;
+ bool comeback = FALSE;
/* check if over send speed */
- if((data->set.max_send_speed > 0) &&
- (data->progress.ulspeed > data->set.max_send_speed)) {
- int buffersize;
-
- multistate(data, CURLM_STATE_TOOFAST);
-
- /* calculate upload rate-limitation timeout. */
- buffersize = (int)(data->set.buffer_size ?
- data->set.buffer_size : BUFSIZE);
- timeout_ms = Curl_sleep_time(data->set.max_send_speed,
- data->progress.ulspeed, buffersize);
- Curl_expire(data, timeout_ms);
- break;
- }
+ send_timeout_ms = 0;
+ if(data->set.max_send_speed > 0)
+ send_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.uploaded,
+ data->progress.ul_limit_size,
+ data->set.max_send_speed,
+ data->progress.ul_limit_start,
+ now);
/* check if over recv speed */
- if((data->set.max_recv_speed > 0) &&
- (data->progress.dlspeed > data->set.max_recv_speed)) {
- int buffersize;
-
+ recv_timeout_ms = 0;
+ if(data->set.max_recv_speed > 0)
+ recv_timeout_ms = Curl_pgrsLimitWaitTime(data->progress.downloaded,
+ data->progress.dl_limit_size,
+ data->set.max_recv_speed,
+ data->progress.dl_limit_start,
+ now);
+
+ if(send_timeout_ms > 0 || recv_timeout_ms > 0) {
multistate(data, CURLM_STATE_TOOFAST);
-
- /* Calculate download rate-limitation timeout. */
- buffersize = (int)(data->set.buffer_size ?
- data->set.buffer_size : BUFSIZE);
- timeout_ms = Curl_sleep_time(data->set.max_recv_speed,
- data->progress.dlspeed, buffersize);
- Curl_expire(data, timeout_ms);
+ if(send_timeout_ms >= recv_timeout_ms)
+ Curl_expire(data, send_timeout_ms, EXPIRE_TOOFAST);
+ else
+ Curl_expire(data, recv_timeout_ms, EXPIRE_TOOFAST);
break;
}
/* read/write data if it is ready to do so */
- data->result = Curl_readwrite(data->easy_conn, &done);
+ result = Curl_readwrite(data->easy_conn, data, &done, &comeback);
k = &data->req;
- if(!(k->keepon & KEEP_RECV)) {
+ if(!(k->keepon & KEEP_RECV))
/* We're done receiving */
- data->easy_conn->readchannel_inuse = FALSE;
- }
+ Curl_pipeline_leave_read(data->easy_conn);
- if(!(k->keepon & KEEP_SEND)) {
+ if(!(k->keepon & KEEP_SEND))
/* We're done sending */
- data->easy_conn->writechannel_inuse = FALSE;
- }
+ Curl_pipeline_leave_write(data->easy_conn);
- if(done || (data->result == CURLE_RECV_ERROR)) {
+ if(done || (result == CURLE_RECV_ERROR)) {
/* If CURLE_RECV_ERROR happens early enough, we assume it was a race
* condition and the server closed the re-used connection exactly when
* we wanted to use it, so figure out if that is indeed the case.
@@ -1472,12 +1918,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(retry) {
/* if we are to retry, set the result to OK and consider the
request as done */
- data->result = CURLE_OK;
+ result = CURLE_OK;
done = TRUE;
}
}
- if(data->result) {
+ if(result) {
/*
* The transfer phase returned error, we mark the connection to get
* closed to prevent being re-used. This is because we can't possibly
@@ -1486,24 +1932,25 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
* happened in the data connection.
*/
- if(!(data->easy_conn->handler->flags & PROTOPT_DUAL))
- data->easy_conn->bits.close = TRUE;
+ if(!(data->easy_conn->handler->flags & PROTOPT_DUAL) &&
+ result != CURLE_HTTP2_STREAM)
+ streamclose(data->easy_conn, "Transfer returned error");
Curl_posttransfer(data);
- Curl_done(&data->easy_conn, data->result, FALSE);
+ multi_done(&data->easy_conn, result, TRUE);
}
else if(done) {
- followtype follow=FOLLOW_NONE;
+ followtype follow = FOLLOW_NONE;
/* call this even if the readwrite function returned error */
Curl_posttransfer(data);
/* we're no longer receiving */
- Curl_removeHandleFromPipeline(data, data->easy_conn->recv_pipe);
+ Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe);
/* expire the new receiving pipeline head */
- if(data->easy_conn->recv_pipe->head)
- Curl_expire(data->easy_conn->recv_pipe->head->ptr, 1);
+ if(data->easy_conn->recv_pipe.head)
+ Curl_expire(data->easy_conn->recv_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
/* Check if we can move pending requests to send pipe */
Curl_multi_process_pending_handles(multi);
@@ -1514,21 +1961,19 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(!retry) {
/* if the URL is a follow-location and not just a retried request
then figure out the URL here */
+ free(newurl);
newurl = data->req.newurl;
data->req.newurl = NULL;
follow = FOLLOW_REDIR;
}
else
follow = FOLLOW_RETRY;
- data->result = Curl_done(&data->easy_conn, CURLE_OK, FALSE);
- if(CURLE_OK == data->result) {
- data->result = Curl_follow(data, newurl, follow);
- if(CURLE_OK == data->result) {
+ result = multi_done(&data->easy_conn, CURLE_OK, FALSE);
+ if(!result) {
+ result = Curl_follow(data, newurl, follow);
+ if(!result) {
multistate(data, CURLM_STATE_CONNECT);
- result = CURLM_CALL_MULTI_PERFORM;
- newurl = NULL; /* handed over the memory ownership to
- Curl_follow(), make sure we don't free() it
- here */
+ rc = CURLM_CALL_MULTI_PERFORM;
}
}
}
@@ -1538,41 +1983,46 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* but first check to see if we got a location info even though we're
not following redirects */
if(data->req.location) {
- if(newurl)
- free(newurl);
+ free(newurl);
newurl = data->req.location;
data->req.location = NULL;
- data->result = Curl_follow(data, newurl, FOLLOW_FAKE);
- if(CURLE_OK == data->result)
- newurl = NULL; /* allocation was handed over Curl_follow() */
- else
- disconnect_conn = TRUE;
+ result = Curl_follow(data, newurl, FOLLOW_FAKE);
+ if(result)
+ stream_error = TRUE;
}
multistate(data, CURLM_STATE_DONE);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
}
+ else if(comeback)
+ rc = CURLM_CALL_MULTI_PERFORM;
- if(newurl)
- free(newurl);
+ free(newurl);
break;
- }
+ }
case CURLM_STATE_DONE:
/* this state is highly transient, so run another loop after this */
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
if(data->easy_conn) {
+ CURLcode res;
+
/* Remove ourselves from the receive pipeline, if we are there. */
- Curl_removeHandleFromPipeline(data, data->easy_conn->recv_pipe);
+ Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe);
/* Check if we can move pending requests to send pipe */
Curl_multi_process_pending_handles(multi);
/* post-transfer command */
- data->result = Curl_done(&data->easy_conn, CURLE_OK, FALSE);
+ res = multi_done(&data->easy_conn, result, FALSE);
+
+ /* allow a previously set error code take precedence */
+ if(!result)
+ result = res;
+
/*
- * If there are other handles on the pipeline, Curl_done won't set
+ * If there are other handles on the pipeline, multi_done won't set
* easy_conn to NULL. In such a case, curl_multi_remove_handle() can
* access free'd data, if the connection is free'd and the handle
* removed before we perform the processing in CURLM_STATE_COMPLETED
@@ -1581,7 +2031,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
data->easy_conn = NULL;
}
- if(data->set.wildcardmatch) {
+ if(data->state.wildcardmatch) {
if(data->wildcard.state != CURLWC_DONE) {
/* if a wildcard is set and we are not ending -> lets start again
with CURLM_STATE_INIT */
@@ -1591,7 +2041,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
/* after we have DONE what we're supposed to do, go COMPLETED, and
- it doesn't matter what the Curl_done() returned! */
+ it doesn't matter what the multi_done() returned! */
multistate(data, CURLM_STATE_COMPLETED);
break;
@@ -1605,18 +2055,20 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
that could be freed anytime */
data->easy_conn = NULL;
- Curl_expire(data, 0); /* stop all timers */
+ Curl_expire_clear(data); /* stop all timers */
break;
case CURLM_STATE_MSGSENT:
+ data->result = result;
return CURLM_OK; /* do nothing */
default:
return CURLM_INTERNAL_ERROR;
}
+ statemachine_end:
if(data->mstate < CURLM_STATE_COMPLETED) {
- if(CURLE_OK != data->result) {
+ if(result) {
/*
* If an error was returned, and we aren't in completed state now,
* then we go to completed and consider this transfer aborted.
@@ -1627,20 +2079,21 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
data->state.pipe_broke = FALSE;
+ /* Check if we can move pending requests to send pipe */
+ Curl_multi_process_pending_handles(multi);
+
if(data->easy_conn) {
/* if this has a connection, unsubscribe from the pipelines */
- data->easy_conn->writechannel_inuse = FALSE;
- data->easy_conn->readchannel_inuse = FALSE;
- Curl_removeHandleFromPipeline(data,
- data->easy_conn->send_pipe);
- Curl_removeHandleFromPipeline(data,
- data->easy_conn->recv_pipe);
- /* Check if we can move pending requests to send pipe */
- Curl_multi_process_pending_handles(multi);
-
- if(disconnect_conn) {
+ Curl_pipeline_leave_write(data->easy_conn);
+ Curl_pipeline_leave_read(data->easy_conn);
+ Curl_removeHandleFromPipeline(data, &data->easy_conn->send_pipe);
+ Curl_removeHandleFromPipeline(data, &data->easy_conn->recv_pipe);
+
+ if(stream_error) {
+ /* Don't attempt to send data over a connection that timed out */
+ bool dead_connection = result == CURLE_OPERATION_TIMEDOUT;
/* disconnect properly */
- Curl_disconnect(data->easy_conn, /* dead_connection */ FALSE);
+ Curl_disconnect(data->easy_conn, dead_connection);
/* This is where we make sure that the easy_conn pointer is reset.
We don't have to do this in every case block above where a
@@ -1659,66 +2112,55 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
else if(data->easy_conn && Curl_pgrsUpdate(data->easy_conn)) {
/* aborted due to progress callback return code must close the
connection */
- data->easy_conn->bits.close = TRUE;
+ result = CURLE_ABORTED_BY_CALLBACK;
+ streamclose(data->easy_conn, "Aborted by callback");
/* if not yet in DONE state, go there, otherwise COMPLETED */
multistate(data, (data->mstate < CURLM_STATE_DONE)?
CURLM_STATE_DONE: CURLM_STATE_COMPLETED);
- result = CURLM_CALL_MULTI_PERFORM;
+ rc = CURLM_CALL_MULTI_PERFORM;
}
}
- } WHILE_FALSE; /* just to break out from! */
- if(CURLM_STATE_COMPLETED == data->mstate) {
- /* now fill in the Curl_message with this info */
- msg = &data->msg;
+ if(CURLM_STATE_COMPLETED == data->mstate) {
+ /* now fill in the Curl_message with this info */
+ msg = &data->msg;
- msg->extmsg.msg = CURLMSG_DONE;
- msg->extmsg.easy_handle = data;
- msg->extmsg.data.result = data->result;
+ msg->extmsg.msg = CURLMSG_DONE;
+ msg->extmsg.easy_handle = data;
+ msg->extmsg.data.result = result;
- result = multi_addmsg(multi, msg);
+ rc = multi_addmsg(multi, msg);
- multistate(data, CURLM_STATE_MSGSENT);
- }
+ multistate(data, CURLM_STATE_MSGSENT);
+ }
+ } while((rc == CURLM_CALL_MULTI_PERFORM) || multi_ischanged(multi, FALSE));
- return result;
+ data->result = result;
+
+
+ return rc;
}
-CURLMcode curl_multi_perform(CURLM *multi_handle, int *running_handles)
+CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
- struct SessionHandle *data;
- CURLMcode returncode=CURLM_OK;
+ struct Curl_easy *data;
+ CURLMcode returncode = CURLM_OK;
struct Curl_tree *t;
- struct timeval now = Curl_tvnow();
+ struct curltime now = Curl_now();
if(!GOOD_MULTI_HANDLE(multi))
return CURLM_BAD_HANDLE;
- data=multi->easyp;
+ data = multi->easyp;
while(data) {
CURLMcode result;
- struct WildcardData *wc = &data->wildcard;
+ SIGPIPE_VARIABLE(pipe_st);
- if(data->set.wildcardmatch) {
- if(!wc->filelist) {
- CURLcode ret = Curl_wildcard_init(wc); /* init wildcard structures */
- if(ret)
- return CURLM_OUT_OF_MEMORY;
- }
- }
-
- do
- result = multi_runsingle(multi, now, data);
- while(CURLM_CALL_MULTI_PERFORM == result);
-
- if(data->set.wildcardmatch) {
- /* destruct wildcard structures if it is needed */
- if(wc->state == CURLWC_DONE || result)
- Curl_wildcard_dtor(wc);
- }
+ sigpipe_ignore(data, &pipe_st);
+ result = multi_runsingle(multi, now, data);
+ sigpipe_restore(&pipe_st);
if(result)
returncode = result;
@@ -1752,56 +2194,21 @@ CURLMcode curl_multi_perform(CURLM *multi_handle, int *running_handles)
return returncode;
}
-static void close_all_connections(struct Curl_multi *multi)
-{
- struct connectdata *conn;
-
- conn = Curl_conncache_find_first_connection(multi->conn_cache);
- while(conn) {
- conn->data = multi->closure_handle;
-
- /* This will remove the connection from the cache */
- (void)Curl_disconnect(conn, FALSE);
-
- conn = Curl_conncache_find_first_connection(multi->conn_cache);
- }
-}
-
-CURLMcode curl_multi_cleanup(CURLM *multi_handle)
+CURLMcode curl_multi_cleanup(struct Curl_multi *multi)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
- struct SessionHandle *data;
- struct SessionHandle *nextdata;
+ struct Curl_easy *data;
+ struct Curl_easy *nextdata;
if(GOOD_MULTI_HANDLE(multi)) {
multi->type = 0; /* not good anymore */
- /* Close all the connections in the connection cache */
- close_all_connections(multi);
-
- if(multi->closure_handle) {
- multi->closure_handle->dns.hostcache = multi->hostcache;
- Curl_hostcache_clean(multi->closure_handle,
- multi->closure_handle->dns.hostcache);
-
- Curl_close(multi->closure_handle);
- multi->closure_handle = NULL;
- }
-
- Curl_hash_destroy(multi->sockhash);
- multi->sockhash = NULL;
-
- Curl_conncache_destroy(multi->conn_cache);
- multi->conn_cache = NULL;
-
- /* remove the pending list of messages */
- Curl_llist_destroy(multi->msglist, NULL);
- multi->msglist = NULL;
-
- /* remove all easy handles */
+ /* Firsrt remove all remaining easy handles */
data = multi->easyp;
while(data) {
- nextdata=data->next;
+ nextdata = data->next;
+ if(!data->state.done && data->easy_conn)
+ /* if DONE was never called for this handle */
+ (void)multi_done(&data->easy_conn, CURLE_OK, TRUE);
if(data->dns.hostcachetype == HCACHE_MULTI) {
/* clear out the usage of the shared DNS cache */
Curl_hostcache_clean(data, data->dns.hostcache);
@@ -1816,8 +2223,15 @@ CURLMcode curl_multi_cleanup(CURLM *multi_handle)
data = nextdata;
}
- Curl_hash_destroy(multi->hostcache);
- multi->hostcache = NULL;
+ /* Close all the connections in the connection cache */
+ Curl_conncache_close_all_connections(&multi->conn_cache);
+
+ Curl_hash_destroy(&multi->sockhash);
+ Curl_conncache_destroy(&multi->conn_cache);
+ Curl_llist_destroy(&multi->msglist, NULL);
+ Curl_llist_destroy(&multi->pending, NULL);
+
+ Curl_hash_destroy(&multi->hostcache);
/* Free the blacklists by setting them to NULL */
Curl_pipeline_set_site_blacklist(NULL, &multi->pipelining_site_bl);
@@ -1827,8 +2241,7 @@ CURLMcode curl_multi_cleanup(CURLM *multi_handle)
return CURLM_OK;
}
- else
- return CURLM_BAD_HANDLE;
+ return CURLM_BAD_HANDLE;
}
/*
@@ -1841,31 +2254,29 @@ CURLMcode curl_multi_cleanup(CURLM *multi_handle)
* beyond. The current design is fully O(1).
*/
-CURLMsg *curl_multi_info_read(CURLM *multi_handle, int *msgs_in_queue)
+CURLMsg *curl_multi_info_read(struct Curl_multi *multi, int *msgs_in_queue)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
struct Curl_message *msg;
*msgs_in_queue = 0; /* default to none */
- if(GOOD_MULTI_HANDLE(multi) && Curl_llist_count(multi->msglist)) {
+ if(GOOD_MULTI_HANDLE(multi) && Curl_llist_count(&multi->msglist)) {
/* there is one or more messages in the list */
struct curl_llist_element *e;
/* extract the head of the list to return */
- e = multi->msglist->head;
+ e = multi->msglist.head;
msg = e->ptr;
/* remove the extracted entry */
- Curl_llist_remove(multi->msglist, e, NULL);
+ Curl_llist_remove(&multi->msglist, e, NULL);
- *msgs_in_queue = curlx_uztosi(Curl_llist_count(multi->msglist));
+ *msgs_in_queue = curlx_uztosi(Curl_llist_count(&multi->msglist));
return &msg->extmsg;
}
- else
- return NULL;
+ return NULL;
}
/*
@@ -1874,7 +2285,7 @@ CURLMsg *curl_multi_info_read(CURLM *multi_handle, int *msgs_in_queue)
* call the callback accordingly.
*/
static void singlesocket(struct Curl_multi *multi,
- struct SessionHandle *data)
+ struct Curl_easy *data)
{
curl_socket_t socks[MAX_SOCKSPEREASYHANDLE];
int i;
@@ -1882,9 +2293,8 @@ static void singlesocket(struct Curl_multi *multi,
curl_socket_t s;
int num;
unsigned int curraction;
- bool remove_sock_from_hash;
- for(i=0; i< MAX_SOCKSPEREASYHANDLE; i++)
+ for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++)
socks[i] = CURL_SOCKET_BAD;
/* Fill in the 'current' struct with the state as it is now: what sockets to
@@ -1896,7 +2306,7 @@ static void singlesocket(struct Curl_multi *multi,
longer supervised ones and add new ones */
/* walk over the sockets we got right now */
- for(i=0; (i< MAX_SOCKSPEREASYHANDLE) &&
+ for(i = 0; (i< MAX_SOCKSPEREASYHANDLE) &&
(curraction & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i)));
i++) {
int action = CURL_POLL_NONE;
@@ -1904,7 +2314,7 @@ static void singlesocket(struct Curl_multi *multi,
s = socks[i];
/* get it from the hash */
- entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+ entry = sh_getentry(&multi->sockhash, s);
if(curraction & GETSOCK_READSOCK(i))
action |= CURL_POLL_IN;
@@ -1919,7 +2329,7 @@ static void singlesocket(struct Curl_multi *multi,
}
else {
/* this is a socket we didn't have before, add it! */
- entry = sh_addentry(multi->sockhash, s, data);
+ entry = sh_addentry(&multi->sockhash, s, data);
if(!entry)
/* fatal */
return;
@@ -1940,67 +2350,60 @@ static void singlesocket(struct Curl_multi *multi,
/* when we've walked over all the sockets we should have right now, we must
make sure to detect sockets that are removed */
- for(i=0; i< data->numsocks; i++) {
+ for(i = 0; i< data->numsocks; i++) {
int j;
s = data->sockets[i];
- for(j=0; j<num; j++) {
+ for(j = 0; j<num; j++) {
if(s == socks[j]) {
/* this is still supervised */
s = CURL_SOCKET_BAD;
break;
}
}
- if(s != CURL_SOCKET_BAD) {
+ entry = sh_getentry(&multi->sockhash, s);
+ if(entry) {
/* this socket has been removed. Tell the app to remove it */
- remove_sock_from_hash = TRUE;
-
- entry = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
- if(entry) {
- /* check if the socket to be removed serves a connection which has
- other easy-s in a pipeline. In this case the socket should not be
- removed. */
- struct connectdata *easy_conn = data->easy_conn;
- if(easy_conn) {
- if(easy_conn->recv_pipe && easy_conn->recv_pipe->size > 1) {
- /* the handle should not be removed from the pipe yet */
- remove_sock_from_hash = FALSE;
-
- /* Update the sockhash entry to instead point to the next in line
- for the recv_pipe, or the first (in case this particular easy
- isn't already) */
- if(entry->easy == data) {
- if(isHandleAtHead(data, easy_conn->recv_pipe))
- entry->easy = easy_conn->recv_pipe->head->next->ptr;
- else
- entry->easy = easy_conn->recv_pipe->head->ptr;
- }
+ bool remove_sock_from_hash = TRUE;
+
+ /* check if the socket to be removed serves a connection which has
+ other easy-s in a pipeline. In this case the socket should not be
+ removed. */
+ struct connectdata *easy_conn = data->easy_conn;
+ if(easy_conn) {
+ if(easy_conn->recv_pipe.size > 1) {
+ /* the handle should not be removed from the pipe yet */
+ remove_sock_from_hash = FALSE;
+
+ /* Update the sockhash entry to instead point to the next in line
+ for the recv_pipe, or the first (in case this particular easy
+ isn't already) */
+ if(entry->easy == data) {
+ if(Curl_recvpipe_head(data, easy_conn))
+ entry->easy = easy_conn->recv_pipe.head->next->ptr;
+ else
+ entry->easy = easy_conn->recv_pipe.head->ptr;
}
- if(easy_conn->send_pipe && easy_conn->send_pipe->size > 1) {
- /* the handle should not be removed from the pipe yet */
- remove_sock_from_hash = FALSE;
-
- /* Update the sockhash entry to instead point to the next in line
- for the send_pipe, or the first (in case this particular easy
- isn't already) */
- if(entry->easy == data) {
- if(isHandleAtHead(data, easy_conn->send_pipe))
- entry->easy = easy_conn->send_pipe->head->next->ptr;
- else
- entry->easy = easy_conn->send_pipe->head->ptr;
- }
+ }
+ if(easy_conn->send_pipe.size > 1) {
+ /* the handle should not be removed from the pipe yet */
+ remove_sock_from_hash = FALSE;
+
+ /* Update the sockhash entry to instead point to the next in line
+ for the send_pipe, or the first (in case this particular easy
+ isn't already) */
+ if(entry->easy == data) {
+ if(Curl_sendpipe_head(data, easy_conn))
+ entry->easy = easy_conn->send_pipe.head->next->ptr;
+ else
+ entry->easy = easy_conn->send_pipe.head->ptr;
}
- /* Don't worry about overwriting recv_pipe head with send_pipe_head,
- when action will be asked on the socket (see multi_socket()), the
- head of the correct pipe will be taken according to the
- action. */
}
+ /* Don't worry about overwriting recv_pipe head with send_pipe_head,
+ when action will be asked on the socket (see multi_socket()), the
+ head of the correct pipe will be taken according to the
+ action. */
}
- else
- /* just a precaution, this socket really SHOULD be in the hash already
- but in case it isn't, we don't have to tell the app to remove it
- either since it never got to know about it */
- remove_sock_from_hash = FALSE;
if(remove_sock_from_hash) {
/* in this case 'entry' is always non-NULL */
@@ -2010,11 +2413,10 @@ static void singlesocket(struct Curl_multi *multi,
CURL_POLL_REMOVE,
multi->socket_userp,
entry->socketp);
- sh_delentry(multi->sockhash, s);
+ sh_delentry(&multi->sockhash, s);
}
-
- }
- }
+ } /* if sockhash entry existed */
+ } /* for loop over numsocks */
memcpy(data->sockets, socks, num*sizeof(curl_socket_t));
data->numsocks = num;
@@ -2024,7 +2426,7 @@ static void singlesocket(struct Curl_multi *multi,
* Curl_multi_closed()
*
* Used by the connect code to tell the multi_socket code that one of the
- * sockets we were using have just been closed. This function will then
+ * sockets we were using is about to be closed. This function will then
* remove it from the sockethash for this handle to make the multi_socket API
* behave properly, especially for the case when libcurl will create another
* socket again and it gets the same file descriptor number.
@@ -2036,8 +2438,7 @@ void Curl_multi_closed(struct connectdata *conn, curl_socket_t s)
if(multi) {
/* this is set if this connection is part of a handle that is added to
a multi handle, and only then this is necessary */
- struct Curl_sh_entry *entry =
- Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+ struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s);
if(entry) {
if(multi->socket_cb)
@@ -2046,17 +2447,15 @@ void Curl_multi_closed(struct connectdata *conn, curl_socket_t s)
entry->socketp);
/* now remove it from the socket hash */
- sh_delentry(multi->sockhash, s);
+ sh_delentry(&multi->sockhash, s);
}
}
}
-
-
/*
* add_next_timeout()
*
- * Each SessionHandle has a list of timeouts. The add_next_timeout() is called
+ * Each Curl_easy has a list of timeouts. The add_next_timeout() is called
* when it has just been removed from the splay tree because the timeout has
* expired. This function is then to advance in the list to pick the next
* timeout to use (skip the already expired ones) and add this node back to
@@ -2065,20 +2464,23 @@ void Curl_multi_closed(struct connectdata *conn, curl_socket_t s)
* The splay tree only has each sessionhandle as a single node and the nearest
* timeout is used to sort it on.
*/
-static CURLMcode add_next_timeout(struct timeval now,
+static CURLMcode add_next_timeout(struct curltime now,
struct Curl_multi *multi,
- struct SessionHandle *d)
+ struct Curl_easy *d)
{
- struct timeval *tv = &d->state.expiretime;
- struct curl_llist *list = d->state.timeoutlist;
+ struct curltime *tv = &d->state.expiretime;
+ struct curl_llist *list = &d->state.timeoutlist;
struct curl_llist_element *e;
+ struct time_node *node = NULL;
/* move over the timeout list for this specific handle and remove all
timeouts that are now passed tense and store the next pending
timeout in *tv */
- for(e = list->head; e; ) {
+ for(e = list->head; e;) {
struct curl_llist_element *n = e->next;
- long diff = curlx_tvdiff(*(struct timeval *)e->ptr, now);
+ timediff_t diff;
+ node = (struct time_node *)e->ptr;
+ diff = Curl_timediff(node->time, now);
if(diff <= 0)
/* remove outdated entry */
Curl_llist_remove(list, e, NULL);
@@ -2096,12 +2498,10 @@ static CURLMcode add_next_timeout(struct timeval now,
}
else {
/* copy the first entry to 'tv' */
- memcpy(tv, e->ptr, sizeof(*tv));
-
- /* remove first entry from list */
- Curl_llist_remove(list, e, NULL);
+ memcpy(tv, &node->time, sizeof(*tv));
- /* insert this node again into the splay */
+ /* Insert this node again into the splay. Keep the timer in the list in
+ case we need to recompute future timers. */
multi->timetree = Curl_splayinsert(*tv, multi->timetree,
&d->state.timenode);
}
@@ -2115,9 +2515,9 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
int *running_handles)
{
CURLMcode result = CURLM_OK;
- struct SessionHandle *data = NULL;
+ struct Curl_easy *data = NULL;
struct Curl_tree *t;
- struct timeval now = Curl_tvnow();
+ struct curltime now = Curl_now();
if(checkall) {
/* *perform() deals with running_handles on its own */
@@ -2125,19 +2525,20 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
/* walk through each easy handle and do the socket state change magic
and callbacks */
- data=multi->easyp;
- while(data) {
- singlesocket(multi, data);
- data = data->next;
+ if(result != CURLM_BAD_HANDLE) {
+ data = multi->easyp;
+ while(data) {
+ singlesocket(multi, data);
+ data = data->next;
+ }
}
/* or should we fall-through and do the timer-based stuff? */
return result;
}
- else if(s != CURL_SOCKET_TIMEOUT) {
+ if(s != CURL_SOCKET_TIMEOUT) {
- struct Curl_sh_entry *entry =
- Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+ struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s);
if(!entry)
/* Unmatched socket, we can't act on it but we ignore this fact. In
@@ -2147,6 +2548,8 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
and just move on. */
;
else {
+ SIGPIPE_VARIABLE(pipe_st);
+
data = entry->easy;
if(data->magic != CURLEASY_MAGIC_NUMBER)
@@ -2158,13 +2561,11 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
head. If we should read from the socket, take the recv_pipe head. */
if(data->easy_conn) {
if((ev_bitmask & CURL_POLL_OUT) &&
- data->easy_conn->send_pipe &&
- data->easy_conn->send_pipe->head)
- data = data->easy_conn->send_pipe->head->ptr;
+ data->easy_conn->send_pipe.head)
+ data = data->easy_conn->send_pipe.head->ptr;
else if((ev_bitmask & CURL_POLL_IN) &&
- data->easy_conn->recv_pipe &&
- data->easy_conn->recv_pipe->head)
- data = data->easy_conn->recv_pipe->head->ptr;
+ data->easy_conn->recv_pipe.head)
+ data = data->easy_conn->recv_pipe.head->ptr;
}
if(data->easy_conn &&
@@ -2172,9 +2573,9 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
/* set socket event bitmask if they're not locked */
data->easy_conn->cselect_bits = ev_bitmask;
- do
- result = multi_runsingle(multi, now, data);
- while(CURLM_CALL_MULTI_PERFORM == result);
+ sigpipe_ignore(data, &pipe_st);
+ result = multi_runsingle(multi, now, data);
+ sigpipe_restore(&pipe_st);
if(data->easy_conn &&
!(data->easy_conn->handler->flags & PROTOPT_DIRLOCK))
@@ -2192,31 +2593,16 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
data = NULL; /* set data to NULL again to avoid calling
multi_runsingle() in case there's no need to */
+ now = Curl_now(); /* get a newer time since the multi_runsingle() loop
+ may have taken some time */
}
}
-
- /* Compensate for bad precision timers that might've triggered too early.
-
- This precaution was added in commit 2c72732ebf3da5e as a result of bad
- resolution in the windows function use(d).
-
- The problematic case here is when using the multi_socket API and libcurl
- has told the application about a timeout, and that timeout is what fires
- off a bit early. As we don't have any IDs associated with the timeout we
- can't tell which timeout that fired off but we only have the times to use
- to check what to do. If it fires off too early, we don't run the correct
- actions and we don't tell the application again about the same timeout as
- was already first in the queue...
-
- Originally we made the timeouts run 40 milliseconds early on all systems,
- but now we have an #ifdef setup to provide a decent precaution inaccuracy
- margin.
- */
-
- now.tv_usec += MULTI_TIMEOUT_INACCURACY;
- if(now.tv_usec >= 1000000) {
- now.tv_sec++;
- now.tv_usec -= 1000000;
+ else {
+ /* Asked to run due to time-out. Clear the 'lastcall' variable to force
+ update_timer() to trigger a callback to the app again even if the same
+ timeout is still the one to run after this call. That handles the case
+ when the application asks libcurl to run the timeout prematurely. */
+ memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall));
}
/*
@@ -2227,9 +2613,11 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
do {
/* the first loop lap 'data' can be NULL */
if(data) {
- do
- result = multi_runsingle(multi, now, data);
- while(CURLM_CALL_MULTI_PERFORM == result);
+ SIGPIPE_VARIABLE(pipe_st);
+
+ sigpipe_ignore(data, &pipe_st);
+ result = multi_runsingle(multi, now, data);
+ sigpipe_restore(&pipe_st);
if(CURLM_OK >= result)
/* get the socket(s) and check if the state has been changed since
@@ -2253,10 +2641,9 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
}
#undef curl_multi_setopt
-CURLMcode curl_multi_setopt(CURLM *multi_handle,
+CURLMcode curl_multi_setopt(struct Curl_multi *multi,
CURLMoption option, ...)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
CURLMcode res = CURLM_OK;
va_list param;
@@ -2272,8 +2659,14 @@ CURLMcode curl_multi_setopt(CURLM *multi_handle,
case CURLMOPT_SOCKETDATA:
multi->socket_userp = va_arg(param, void *);
break;
+ case CURLMOPT_PUSHFUNCTION:
+ multi->push_cb = va_arg(param, curl_push_callback);
+ break;
+ case CURLMOPT_PUSHDATA:
+ multi->push_userp = va_arg(param, void *);
+ break;
case CURLMOPT_PIPELINING:
- multi->pipelining_enabled = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ multi->pipelining = va_arg(param, long);
break;
case CURLMOPT_TIMERFUNCTION:
multi->timer_cb = va_arg(param, curl_multi_timer_callback);
@@ -2318,52 +2711,51 @@ CURLMcode curl_multi_setopt(CURLM *multi_handle,
/* we define curl_multi_socket() in the public multi.h header */
#undef curl_multi_socket
-CURLMcode curl_multi_socket(CURLM *multi_handle, curl_socket_t s,
+CURLMcode curl_multi_socket(struct Curl_multi *multi, curl_socket_t s,
int *running_handles)
{
- CURLMcode result = multi_socket((struct Curl_multi *)multi_handle, FALSE, s,
- 0, running_handles);
+ CURLMcode result = multi_socket(multi, FALSE, s, 0, running_handles);
if(CURLM_OK >= result)
- update_timer((struct Curl_multi *)multi_handle);
+ update_timer(multi);
return result;
}
-CURLMcode curl_multi_socket_action(CURLM *multi_handle, curl_socket_t s,
+CURLMcode curl_multi_socket_action(struct Curl_multi *multi, curl_socket_t s,
int ev_bitmask, int *running_handles)
{
- CURLMcode result = multi_socket((struct Curl_multi *)multi_handle, FALSE, s,
+ CURLMcode result = multi_socket(multi, FALSE, s,
ev_bitmask, running_handles);
if(CURLM_OK >= result)
- update_timer((struct Curl_multi *)multi_handle);
+ update_timer(multi);
return result;
}
-CURLMcode curl_multi_socket_all(CURLM *multi_handle, int *running_handles)
+CURLMcode curl_multi_socket_all(struct Curl_multi *multi, int *running_handles)
{
- CURLMcode result = multi_socket((struct Curl_multi *)multi_handle,
- TRUE, CURL_SOCKET_BAD, 0, running_handles);
+ CURLMcode result = multi_socket(multi, TRUE, CURL_SOCKET_BAD, 0,
+ running_handles);
if(CURLM_OK >= result)
- update_timer((struct Curl_multi *)multi_handle);
+ update_timer(multi);
return result;
}
static CURLMcode multi_timeout(struct Curl_multi *multi,
long *timeout_ms)
{
- static struct timeval tv_zero = {0,0};
+ static struct curltime tv_zero = {0, 0};
if(multi->timetree) {
/* we have a tree of expire times */
- struct timeval now = Curl_tvnow();
+ struct curltime now = Curl_now();
/* splay the lowest to the bottom */
multi->timetree = Curl_splay(tv_zero, multi->timetree);
if(Curl_splaycomparekeys(multi->timetree->key, now) > 0) {
/* some time left before expiration */
- *timeout_ms = curlx_tvdiff(multi->timetree->key, now);
- if(!*timeout_ms)
+ timediff_t diff = Curl_timediff(multi->timetree->key, now);
+ if(diff <= 0)
/*
* Since we only provide millisecond resolution on the returned value
* and the diff might be less than one millisecond here, we don't
@@ -2371,7 +2763,11 @@ static CURLMcode multi_timeout(struct Curl_multi *multi,
* processors while the diff is still present but less than one
* millisecond! instead we return 1 until the time is ripe.
*/
- *timeout_ms=1;
+ *timeout_ms = 1;
+ else
+ /* this should be safe even on 64 bit archs, as we don't use that
+ overly long timeouts */
+ *timeout_ms = (long)diff;
}
else
/* 0 means immediately */
@@ -2383,11 +2779,9 @@ static CURLMcode multi_timeout(struct Curl_multi *multi,
return CURLM_OK;
}
-CURLMcode curl_multi_timeout(CURLM *multi_handle,
+CURLMcode curl_multi_timeout(struct Curl_multi *multi,
long *timeout_ms)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
-
/* First, make some basic checks that the CURLM handle is a good handle */
if(!GOOD_MULTI_HANDLE(multi))
return CURLM_BAD_HANDLE;
@@ -2409,12 +2803,12 @@ static int update_timer(struct Curl_multi *multi)
return -1;
}
if(timeout_ms < 0) {
- static const struct timeval none={0,0};
+ static const struct curltime none = {0, 0};
if(Curl_splaycomparekeys(none, multi->timer_lastcall)) {
multi->timer_lastcall = none;
/* there's no timeout now but there was one previously, tell the app to
disable it */
- return multi->timer_cb((CURLM*)multi, -1, multi->timer_userp);
+ return multi->timer_cb(multi, -1, multi->timer_userp);
}
return 0;
}
@@ -2428,37 +2822,27 @@ static int update_timer(struct Curl_multi *multi)
multi->timer_lastcall = multi->timetree->key;
- return multi->timer_cb((CURLM*)multi, timeout_ms, multi->timer_userp);
-}
-
-void Curl_multi_set_easy_connection(struct SessionHandle *handle,
- struct connectdata *conn)
-{
- handle->easy_conn = conn;
-}
-
-static bool isHandleAtHead(struct SessionHandle *handle,
- struct curl_llist *pipeline)
-{
- struct curl_llist_element *curr = pipeline->head;
- if(curr)
- return (curr->ptr == handle) ? TRUE : FALSE;
-
- return FALSE;
+ return multi->timer_cb(multi, timeout_ms, multi->timer_userp);
}
/*
- * multi_freetimeout()
+ * multi_deltimeout()
*
- * Callback used by the llist system when a single timeout list entry is
- * destroyed.
+ * Remove a given timestamp from the list of timeouts.
*/
-static void multi_freetimeout(void *user, void *entryptr)
+static void
+multi_deltimeout(struct Curl_easy *data, expire_id eid)
{
- (void)user;
-
- /* the entry was plain malloc()'ed */
- free(entryptr);
+ struct curl_llist_element *e;
+ struct curl_llist *timeoutlist = &data->state.timeoutlist;
+ /* find and remove the specific node from the list */
+ for(e = timeoutlist->head; e; e = e->next) {
+ struct time_node *n = (struct time_node *)e->ptr;
+ if(n->eid == eid) {
+ Curl_llist_remove(timeoutlist, e, NULL);
+ return;
+ }
+ }
}
/*
@@ -2469,25 +2853,28 @@ static void multi_freetimeout(void *user, void *entryptr)
*
*/
static CURLMcode
-multi_addtimeout(struct curl_llist *timeoutlist,
- struct timeval *stamp)
+multi_addtimeout(struct Curl_easy *data,
+ struct curltime *stamp,
+ expire_id eid)
{
struct curl_llist_element *e;
- struct timeval *timedup;
+ struct time_node *node;
struct curl_llist_element *prev = NULL;
+ size_t n;
+ struct curl_llist *timeoutlist = &data->state.timeoutlist;
- timedup = malloc(sizeof(*timedup));
- if(!timedup)
- return CURLM_OUT_OF_MEMORY;
+ node = &data->state.expires[eid];
- /* copy the timestamp */
- memcpy(timedup, stamp, sizeof(*timedup));
+ /* copy the timestamp and id */
+ memcpy(&node->time, stamp, sizeof(*stamp));
+ node->eid = eid; /* also marks it as in use */
- if(Curl_llist_count(timeoutlist)) {
+ n = Curl_llist_count(timeoutlist);
+ if(n) {
/* find the correct spot in the list */
for(e = timeoutlist->head; e; e = e->next) {
- struct timeval *checktime = e->ptr;
- long diff = curlx_tvdiff(*checktime, *timedup);
+ struct time_node *check = (struct time_node *)e->ptr;
+ timediff_t diff = Curl_timediff(check->time, node->time);
if(diff > 0)
break;
prev = e;
@@ -2497,11 +2884,7 @@ multi_addtimeout(struct curl_llist *timeoutlist,
/* else
this is the first timeout on the list */
- if(!Curl_llist_insert_next(timeoutlist, prev, timedup)) {
- free(timedup);
- return CURLM_OUT_OF_MEMORY;
- }
-
+ Curl_llist_insert_next(timeoutlist, prev, node, &node->list);
return CURLM_OK;
}
@@ -2511,102 +2894,131 @@ multi_addtimeout(struct curl_llist *timeoutlist,
* given a number of milliseconds from now to use to set the 'act before
* this'-time for the transfer, to be extracted by curl_multi_timeout()
*
- * Note that the timeout will be added to a queue of timeouts if it defines a
- * moment in time that is later than the current head of queue.
+ * The timeout will be added to a queue of timeouts if it defines a moment in
+ * time that is later than the current head of queue.
*
- * Pass zero to clear all timeout values for this handle.
-*/
-void Curl_expire(struct SessionHandle *data, long milli)
+ * Expire replaces a former timeout using the same id if already set.
+ */
+void Curl_expire(struct Curl_easy *data, time_t milli, expire_id id)
{
struct Curl_multi *multi = data->multi;
- struct timeval *nowp = &data->state.expiretime;
+ struct curltime *nowp = &data->state.expiretime;
int rc;
+ struct curltime set;
/* this is only interesting while there is still an associated multi struct
remaining! */
if(!multi)
return;
- if(!milli) {
- /* No timeout, clear the time data. */
- if(nowp->tv_sec || nowp->tv_usec) {
- /* Since this is an cleared time, we must remove the previous entry from
- the splay tree */
- struct curl_llist *list = data->state.timeoutlist;
+ DEBUGASSERT(id < EXPIRE_LAST);
- rc = Curl_splayremovebyaddr(multi->timetree,
- &data->state.timenode,
- &multi->timetree);
- if(rc)
- infof(data, "Internal error clearing splay node = %d\n", rc);
+ set = Curl_now();
+ set.tv_sec += milli/1000;
+ set.tv_usec += (unsigned int)(milli%1000)*1000;
- /* flush the timeout list too */
- while(list->size > 0)
- Curl_llist_remove(list, list->tail, NULL);
+ if(set.tv_usec >= 1000000) {
+ set.tv_sec++;
+ set.tv_usec -= 1000000;
+ }
-#ifdef DEBUGBUILD
- infof(data, "Expire cleared\n");
-#endif
- nowp->tv_sec = 0;
- nowp->tv_usec = 0;
+ /* Remove any timer with the same id just in case. */
+ multi_deltimeout(data, id);
+
+ /* Add it to the timer list. It must stay in the list until it has expired
+ in case we need to recompute the minimum timer later. */
+ multi_addtimeout(data, &set, id);
+
+ if(nowp->tv_sec || nowp->tv_usec) {
+ /* This means that the struct is added as a node in the splay tree.
+ Compare if the new time is earlier, and only remove-old/add-new if it
+ is. */
+ timediff_t diff = Curl_timediff(set, *nowp);
+
+ if(diff > 0) {
+ /* The current splay tree entry is sooner than this new expiry time.
+ We don't need to update our splay tree entry. */
+ return;
}
+
+ /* Since this is an updated time, we must remove the previous entry from
+ the splay tree first and then re-add the new value */
+ rc = Curl_splayremovebyaddr(multi->timetree,
+ &data->state.timenode,
+ &multi->timetree);
+ if(rc)
+ infof(data, "Internal error removing splay node = %d\n", rc);
}
- else {
- struct timeval set;
- set = Curl_tvnow();
- set.tv_sec += milli/1000;
- set.tv_usec += (milli%1000)*1000;
+ /* Indicate that we are in the splay tree and insert the new timer expiry
+ value since it is our local minimum. */
+ *nowp = set;
+ data->state.timenode.payload = data;
+ multi->timetree = Curl_splayinsert(*nowp, multi->timetree,
+ &data->state.timenode);
+}
- if(set.tv_usec >= 1000000) {
- set.tv_sec++;
- set.tv_usec -= 1000000;
- }
+/*
+ * Curl_expire_done()
+ *
+ * Removes the expire timer. Marks it as done.
+ *
+ */
+void Curl_expire_done(struct Curl_easy *data, expire_id id)
+{
+ /* remove the timer, if there */
+ multi_deltimeout(data, id);
+}
- if(nowp->tv_sec || nowp->tv_usec) {
- /* This means that the struct is added as a node in the splay tree.
- Compare if the new time is earlier, and only remove-old/add-new if it
- is. */
- long diff = curlx_tvdiff(set, *nowp);
- if(diff > 0) {
- /* the new expire time was later so just add it to the queue
- and get out */
- multi_addtimeout(data->state.timeoutlist, &set);
- return;
- }
+/*
+ * Curl_expire_clear()
+ *
+ * Clear ALL timeout values for this handle.
+ */
+void Curl_expire_clear(struct Curl_easy *data)
+{
+ struct Curl_multi *multi = data->multi;
+ struct curltime *nowp = &data->state.expiretime;
+ int rc;
+
+ /* this is only interesting while there is still an associated multi struct
+ remaining! */
+ if(!multi)
+ return;
- /* the new time is newer than the presently set one, so add the current
- to the queue and update the head */
- multi_addtimeout(data->state.timeoutlist, nowp);
-
- /* Since this is an updated time, we must remove the previous entry from
- the splay tree first and then re-add the new value */
- rc = Curl_splayremovebyaddr(multi->timetree,
- &data->state.timenode,
- &multi->timetree);
- if(rc)
- infof(data, "Internal error removing splay node = %d\n", rc);
+ if(nowp->tv_sec || nowp->tv_usec) {
+ /* Since this is an cleared time, we must remove the previous entry from
+ the splay tree */
+ struct curl_llist *list = &data->state.timeoutlist;
+
+ rc = Curl_splayremovebyaddr(multi->timetree,
+ &data->state.timenode,
+ &multi->timetree);
+ if(rc)
+ infof(data, "Internal error clearing splay node = %d\n", rc);
+
+ /* flush the timeout list too */
+ while(list->size > 0) {
+ Curl_llist_remove(list, list->tail, NULL);
}
- *nowp = set;
- data->state.timenode.payload = data;
- multi->timetree = Curl_splayinsert(*nowp,
- multi->timetree,
- &data->state.timenode);
- }
-#if 0
- Curl_splayprint(multi->timetree, 0, TRUE);
+#ifdef DEBUGBUILD
+ infof(data, "Expire cleared\n");
#endif
+ nowp->tv_sec = 0;
+ nowp->tv_usec = 0;
+ }
}
-CURLMcode curl_multi_assign(CURLM *multi_handle,
- curl_socket_t s, void *hashp)
+
+
+
+CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s,
+ void *hashp)
{
struct Curl_sh_entry *there = NULL;
- struct Curl_multi *multi = (struct Curl_multi *)multi_handle;
- if(s != CURL_SOCKET_BAD)
- there = Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(curl_socket_t));
+ there = sh_getentry(&multi->sockhash, s);
if(!there)
return CURLM_BAD_SOCKET;
@@ -2626,11 +3038,6 @@ size_t Curl_multi_max_total_connections(struct Curl_multi *multi)
return multi ? multi->max_total_connections : 0;
}
-size_t Curl_multi_max_pipeline_length(struct Curl_multi *multi)
-{
- return multi ? multi->max_pipeline_length : 0;
-}
-
curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi)
{
return multi ? multi->content_length_penalty_size : 0;
@@ -2643,47 +3050,52 @@ curl_off_t Curl_multi_chunk_length_penalty_size(struct Curl_multi *multi)
struct curl_llist *Curl_multi_pipelining_site_bl(struct Curl_multi *multi)
{
- return multi->pipelining_site_bl;
+ return &multi->pipelining_site_bl;
}
struct curl_llist *Curl_multi_pipelining_server_bl(struct Curl_multi *multi)
{
- return multi->pipelining_server_bl;
+ return &multi->pipelining_server_bl;
}
void Curl_multi_process_pending_handles(struct Curl_multi *multi)
{
- struct SessionHandle *data;
+ struct curl_llist_element *e = multi->pending.head;
+
+ while(e) {
+ struct Curl_easy *data = e->ptr;
+ struct curl_llist_element *next = e->next;
- data=multi->easyp;
- while(data) {
if(data->mstate == CURLM_STATE_CONNECT_PEND) {
multistate(data, CURLM_STATE_CONNECT);
+
+ /* Remove this node from the list */
+ Curl_llist_remove(&multi->pending, e, NULL);
+
/* Make sure that the handle will be processed soonish. */
- Curl_expire(data, 1);
+ Curl_expire(data, 0, EXPIRE_RUN_NOW);
}
- data = data->next; /* operate on next handle */
+
+ e = next; /* operate on next handle */
}
}
#ifdef DEBUGBUILD
-void Curl_multi_dump(const struct Curl_multi *multi_handle)
+void Curl_multi_dump(struct Curl_multi *multi)
{
- struct Curl_multi *multi=(struct Curl_multi *)multi_handle;
- struct SessionHandle *data;
+ struct Curl_easy *data;
int i;
fprintf(stderr, "* Multi status: %d handles, %d alive\n",
multi->num_easy, multi->num_alive);
- for(data=multi->easyp; data; data = data->next) {
+ for(data = multi->easyp; data; data = data->next) {
if(data->mstate < CURLM_STATE_COMPLETED) {
/* only display handles that are not completed */
fprintf(stderr, "handle %p, state %s, %d sockets\n",
(void *)data,
statename[data->mstate], data->numsocks);
- for(i=0; i < data->numsocks; i++) {
+ for(i = 0; i < data->numsocks; i++) {
curl_socket_t s = data->sockets[i];
- struct Curl_sh_entry *entry =
- Curl_hash_pick(multi->sockhash, (char *)&s, sizeof(s));
+ struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s);
fprintf(stderr, "%d ", (int)s);
if(!entry) {
diff --git a/libs/libcurl/src/multihandle.h b/libs/libcurl/src/multihandle.h
index 552aa93797..de9a7cf59c 100644
--- a/libs/libcurl/src/multihandle.h
+++ b/libs/libcurl/src/multihandle.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,7 +22,10 @@
*
***************************************************************************/
+#include "conncache.h"
+
struct Curl_message {
+ struct curl_llist_element list;
/* the 'CURLMsg' is the part that is visible to the external user */
struct CURLMsg extmsg;
};
@@ -35,22 +38,25 @@ typedef enum {
CURLM_STATE_CONNECT_PEND, /* 1 - no connections, waiting for one */
CURLM_STATE_CONNECT, /* 2 - resolve/connect has been sent off */
CURLM_STATE_WAITRESOLVE, /* 3 - awaiting the resolve to finalize */
- CURLM_STATE_WAITCONNECT, /* 4 - awaiting the connect to finalize */
- CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting proxy CONNECT to finalize */
- CURLM_STATE_PROTOCONNECT, /* 6 - completing the protocol-specific connect
+ CURLM_STATE_WAITCONNECT, /* 4 - awaiting the TCP connect to finalize */
+ CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting HTTPS proxy SSL initialization
+ to complete and/or proxy CONNECT to
+ finalize */
+ CURLM_STATE_SENDPROTOCONNECT, /* 6 - initiate protocol connect procedure */
+ CURLM_STATE_PROTOCONNECT, /* 7 - completing the protocol-specific connect
phase */
- CURLM_STATE_WAITDO, /* 7 - wait for our turn to send the request */
- CURLM_STATE_DO, /* 8 - start send off the request (part 1) */
- CURLM_STATE_DOING, /* 9 - sending off the request (part 1) */
- CURLM_STATE_DO_MORE, /* 10 - send off the request (part 2) */
- CURLM_STATE_DO_DONE, /* 11 - done sending off request */
- CURLM_STATE_WAITPERFORM, /* 12 - wait for our turn to read the response */
- CURLM_STATE_PERFORM, /* 13 - transfer data */
- CURLM_STATE_TOOFAST, /* 14 - wait because limit-rate exceeded */
- CURLM_STATE_DONE, /* 15 - post data transfer operation */
- CURLM_STATE_COMPLETED, /* 16 - operation complete */
- CURLM_STATE_MSGSENT, /* 17 - the operation complete message is sent */
- CURLM_STATE_LAST /* 18 - not a true state, never use this */
+ CURLM_STATE_WAITDO, /* 8 - wait for our turn to send the request */
+ CURLM_STATE_DO, /* 9 - start send off the request (part 1) */
+ CURLM_STATE_DOING, /* 10 - sending off the request (part 1) */
+ CURLM_STATE_DO_MORE, /* 11 - send off the request (part 2) */
+ CURLM_STATE_DO_DONE, /* 12 - done sending off request */
+ CURLM_STATE_WAITPERFORM, /* 13 - wait for our turn to read the response */
+ CURLM_STATE_PERFORM, /* 14 - transfer data */
+ CURLM_STATE_TOOFAST, /* 15 - wait because limit-rate exceeded */
+ CURLM_STATE_DONE, /* 16 - post data transfer operation */
+ CURLM_STATE_COMPLETED, /* 17 - operation complete */
+ CURLM_STATE_MSGSENT, /* 18 - the operation complete message is sent */
+ CURLM_STATE_LAST /* 19 - not a true state, never use this */
} CURLMstate;
/* we support N sockets per easy handle. Set the corresponding bit to what
@@ -59,6 +65,8 @@ typedef enum {
#define GETSOCK_READABLE (0x00ff)
#define GETSOCK_WRITABLE (0xff00)
+#define CURLPIPE_ANY (CURLPIPE_HTTP1 | CURLPIPE_MULTIPLEX)
+
/* This is the struct known as CURLM on the outside */
struct Curl_multi {
/* First a simple identifier to easier detect if a user mix up
@@ -66,21 +74,28 @@ struct Curl_multi {
long type;
/* We have a doubly-linked circular list with easy handles */
- struct SessionHandle *easyp;
- struct SessionHandle *easylp; /* last node */
+ struct Curl_easy *easyp;
+ struct Curl_easy *easylp; /* last node */
int num_easy; /* amount of entries in the linked list above. */
int num_alive; /* amount of easy handles that are added but have not yet
reached COMPLETE state */
- struct curl_llist *msglist; /* a list of messages from completed transfers */
+ struct curl_llist msglist; /* a list of messages from completed transfers */
+
+ struct curl_llist pending; /* Curl_easys that are in the
+ CURLM_STATE_CONNECT_PEND state */
/* callback function and user data pointer for the *socket() API */
curl_socket_callback socket_cb;
void *socket_userp;
+ /* callback function and user data pointer for server push */
+ curl_push_callback push_cb;
+ void *push_userp;
+
/* Hostname cache */
- struct curl_hash *hostcache;
+ struct curl_hash hostcache;
/* timetree points to the splay-tree of time nodes to figure out expire
times of all currently set timers */
@@ -89,17 +104,15 @@ struct Curl_multi {
/* 'sockhash' is the lookup hash for socket descriptor => easy handles (note
the pluralis form, there can be more than one easy handle waiting on the
same actual socket) */
- struct curl_hash *sockhash;
+ struct curl_hash sockhash;
- /* Whether pipelining is enabled for this multi handle */
- bool pipelining_enabled;
+ /* pipelining wanted bits (CURLPIPE*) */
+ long pipelining;
- /* Shared connection cache (bundles)*/
- struct conncache *conn_cache;
+ bool recheckstate; /* see Curl_multi_connchanged */
- /* This handle will be used for closing the cached connections in
- curl_multi_cleanup() */
- struct SessionHandle *closure_handle;
+ /* Shared connection cache (bundles)*/
+ struct conncache conn_cache;
long maxconnects; /* if >0, a fixed limit of the maximum number of entries
we're allowed to grow the connection cache to */
@@ -122,18 +135,17 @@ struct Curl_multi {
bigger than this is not
considered for pipelining */
- struct curl_llist *pipelining_site_bl; /* List of sites that are blacklisted
- from pipelining */
+ struct curl_llist pipelining_site_bl; /* List of sites that are blacklisted
+ from pipelining */
- struct curl_llist *pipelining_server_bl; /* List of server types that are
- blacklisted from pipelining */
+ struct curl_llist pipelining_server_bl; /* List of server types that are
+ blacklisted from pipelining */
/* timer callback and user data pointer for the *socket() API */
curl_multi_timer_callback timer_cb;
void *timer_userp;
- struct timeval timer_lastcall; /* the fixed time for the timeout for the
+ struct curltime timer_lastcall; /* the fixed time for the timeout for the
previous callback */
};
#endif /* HEADER_CURL_MULTIHANDLE_H */
-
diff --git a/libs/libcurl/src/multiif.h b/libs/libcurl/src/multiif.h
index e61c5c6f2c..a877571a00 100644
--- a/libs/libcurl/src/multiif.h
+++ b/libs/libcurl/src/multiif.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,21 +22,15 @@
*
***************************************************************************/
-/* See multi_socket() for the explanation of this constant. Counted in number
- of microseconds. */
-#ifdef WIN32
-#define MULTI_TIMEOUT_INACCURACY 40000
-#else
-#define MULTI_TIMEOUT_INACCURACY 3000
-#endif
-
/*
* Prototypes for library-wide functions provided by multi.c
*/
-void Curl_expire(struct SessionHandle *data, long milli);
-bool Curl_multi_pipeline_enabled(const struct Curl_multi* multi);
-void Curl_multi_handlePipeBreak(struct SessionHandle *data);
+void Curl_expire(struct Curl_easy *data, time_t milli, expire_id);
+void Curl_expire_clear(struct Curl_easy *data);
+void Curl_expire_done(struct Curl_easy *data, expire_id id);
+bool Curl_pipeline_wanted(const struct Curl_multi* multi, int bits);
+void Curl_multi_handlePipeBreak(struct Curl_easy *data);
/* Internal version of curl_multi_init() accepts size parameters for the
socket and connection hashes */
@@ -59,21 +53,14 @@ struct Curl_multi *Curl_multi_handle(int hashsize, int chashsize);
* allow easier tracking of the internal handle's state and what sockets
* they use. Only for research and development DEBUGBUILD enabled builds.
*/
-void Curl_multi_dump(const struct Curl_multi *multi_handle);
+void Curl_multi_dump(struct Curl_multi *multi);
#endif
-/* Update the current connection of a One_Easy handle */
-void Curl_multi_set_easy_connection(struct SessionHandle *handle,
- struct connectdata *conn);
-
void Curl_multi_process_pending_handles(struct Curl_multi *multi);
/* Return the value of the CURLMOPT_MAX_HOST_CONNECTIONS option */
size_t Curl_multi_max_host_connections(struct Curl_multi *multi);
-/* Return the value of the CURLMOPT_MAX_PIPELINE_LENGTH option */
-size_t Curl_multi_max_pipeline_length(struct Curl_multi *multi);
-
/* Return the value of the CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE option */
curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi);
@@ -89,11 +76,13 @@ struct curl_llist *Curl_multi_pipelining_server_bl(struct Curl_multi *multi);
/* Return the value of the CURLMOPT_MAX_TOTAL_CONNECTIONS option */
size_t Curl_multi_max_total_connections(struct Curl_multi *multi);
+void Curl_multi_connchanged(struct Curl_multi *multi);
+
/*
* Curl_multi_closed()
*
* Used by the connect code to tell the multi_socket code that one of the
- * sockets we were using have just been closed. This function will then
+ * sockets we were using is about to be closed. This function will then
* remove it from the sockethash for this handle to make the multi_socket API
* behave properly, especially for the case when libcurl will create another
* socket again and it gets the same file descriptor number.
@@ -101,4 +90,10 @@ size_t Curl_multi_max_total_connections(struct Curl_multi *multi);
void Curl_multi_closed(struct connectdata *conn, curl_socket_t s);
+/*
+ * Add a handle and move it into PERFORM state at once. For pushed streams.
+ */
+CURLMcode Curl_multi_add_perform(struct Curl_multi *multi,
+ struct Curl_easy *data,
+ struct connectdata *conn);
#endif /* HEADER_CURL_MULTIIF_H */
diff --git a/libs/libcurl/src/netrc.c b/libs/libcurl/src/netrc.c
index 6ff92bb33f..dbcc59ac93 100644
--- a/libs/libcurl/src/netrc.c
+++ b/libs/libcurl/src/netrc.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -28,16 +28,12 @@
#include <curl/curl.h>
#include "netrc.h"
-
-#include "strequal.h"
#include "strtok.h"
-#include "curl_memory.h"
-#include "rawstr.h"
+#include "strcase.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
/* Get user and password from .netrc when given a machine name */
@@ -60,28 +56,40 @@ int Curl_parsenetrc(const char *host,
char *netrcfile)
{
FILE *file;
- int retcode=1;
- int specific_login = (**loginp != 0);
- char *home = NULL;
- bool home_alloc = FALSE;
+ int retcode = 1;
+ int specific_login = (*loginp && **loginp != 0);
bool netrc_alloc = FALSE;
- enum host_lookup_state state=NOTHING;
+ enum host_lookup_state state = NOTHING;
- char state_login=0; /* Found a login keyword */
- char state_password=0; /* Found a password keyword */
- int state_our_login=FALSE; /* With specific_login, found *our* login name */
+ char state_login = 0; /* Found a login keyword */
+ char state_password = 0; /* Found a password keyword */
+ int state_our_login = FALSE; /* With specific_login, found *our* login
+ name */
#define NETRC DOT_CHAR "netrc"
if(!netrcfile) {
- home = curl_getenv("HOME"); /* portable environment reader */
+ bool home_alloc = FALSE;
+ char *home = curl_getenv("HOME"); /* portable environment reader */
if(home) {
home_alloc = TRUE;
-#if defined(HAVE_GETPWUID) && defined(HAVE_GETEUID)
+#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID)
+ }
+ else {
+ struct passwd pw, *pw_res;
+ char pwbuf[1024];
+ if(!getpwuid_r(geteuid(), &pw, pwbuf, sizeof(pwbuf), &pw_res)
+ && pw_res) {
+ home = strdup(pw.pw_dir);
+ if(!home)
+ return CURLE_OUT_OF_MEMORY;
+ home_alloc = TRUE;
+ }
+#elif defined(HAVE_GETPWUID) && defined(HAVE_GETEUID)
}
else {
struct passwd *pw;
- pw= getpwuid(geteuid());
+ pw = getpwuid(geteuid());
if(pw) {
home = pw->pw_dir;
}
@@ -89,82 +97,95 @@ int Curl_parsenetrc(const char *host,
}
if(!home)
- return -1;
+ return retcode; /* no home directory found (or possibly out of memory) */
netrcfile = curl_maprintf("%s%s%s", home, DIR_CHAR, NETRC);
+ if(home_alloc)
+ free(home);
if(!netrcfile) {
- if(home_alloc)
- free(home);
return -1;
}
netrc_alloc = TRUE;
}
- file = fopen(netrcfile, "r");
+ file = fopen(netrcfile, FOPEN_READTEXT);
+ if(netrc_alloc)
+ free(netrcfile);
if(file) {
char *tok;
char *tok_buf;
- bool done=FALSE;
+ bool done = FALSE;
char netrcbuffer[256];
- int netrcbuffsize = sizeof(netrcbuffer);
+ int netrcbuffsize = (int)sizeof(netrcbuffer);
while(!done && fgets(netrcbuffer, netrcbuffsize, file)) {
- tok=strtok_r(netrcbuffer, " \t\n", &tok_buf);
+ tok = strtok_r(netrcbuffer, " \t\n", &tok_buf);
+ if(tok && *tok == '#')
+ /* treat an initial hash as a comment line */
+ continue;
while(!done && tok) {
- if(**loginp && **passwordp) {
- done=TRUE;
+ if((*loginp && **loginp) && (*passwordp && **passwordp)) {
+ done = TRUE;
break;
}
switch(state) {
case NOTHING:
- if(Curl_raw_equal("machine", tok)) {
+ if(strcasecompare("machine", tok)) {
/* the next tok is the machine name, this is in itself the
delimiter that starts the stuff entered for this machine,
after this we need to search for 'login' and
'password'. */
- state=HOSTFOUND;
+ state = HOSTFOUND;
+ }
+ else if(strcasecompare("default", tok)) {
+ state = HOSTVALID;
+ retcode = 0; /* we did find our host */
}
break;
case HOSTFOUND:
- if(Curl_raw_equal(host, tok)) {
+ if(strcasecompare(host, tok)) {
/* and yes, this is our host! */
- state=HOSTVALID;
- retcode=0; /* we did find our host */
+ state = HOSTVALID;
+ retcode = 0; /* we did find our host */
}
else
/* not our host */
- state=NOTHING;
+ state = NOTHING;
break;
case HOSTVALID:
/* we are now parsing sub-keywords concerning "our" host */
if(state_login) {
if(specific_login) {
- state_our_login = Curl_raw_equal(*loginp, tok);
+ state_our_login = strcasecompare(*loginp, tok);
}
else {
free(*loginp);
*loginp = strdup(tok);
- if(!*loginp)
- return -1; /* allocation failed */
+ if(!*loginp) {
+ retcode = -1; /* allocation failed */
+ goto out;
+ }
}
- state_login=0;
+ state_login = 0;
}
else if(state_password) {
if(state_our_login || !specific_login) {
free(*passwordp);
*passwordp = strdup(tok);
- if(!*passwordp)
- return -1; /* allocation failed */
+ if(!*passwordp) {
+ retcode = -1; /* allocation failed */
+ goto out;
+ }
}
- state_password=0;
+ state_password = 0;
}
- else if(Curl_raw_equal("login", tok))
- state_login=1;
- else if(Curl_raw_equal("password", tok))
- state_password=1;
- else if(Curl_raw_equal("machine", tok)) {
+ else if(strcasecompare("login", tok))
+ state_login = 1;
+ else if(strcasecompare("password", tok))
+ state_password = 1;
+ else if(strcasecompare("machine", tok)) {
/* ok, there's machine here go => */
state = HOSTFOUND;
state_our_login = FALSE;
@@ -176,13 +197,9 @@ int Curl_parsenetrc(const char *host,
} /* while(tok) */
} /* while fgets() */
+ out:
fclose(file);
}
- if(home_alloc)
- free(home);
- if(netrc_alloc)
- free(netrcfile);
-
return retcode;
}
diff --git a/libs/libcurl/src/netrc.h b/libs/libcurl/src/netrc.h
index a145601148..d980166e6b 100644
--- a/libs/libcurl/src/netrc.h
+++ b/libs/libcurl/src/netrc.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/non-ascii.c b/libs/libcurl/src/non-ascii.c
index 91d6a54fcb..92b2f8d732 100644
--- a/libs/libcurl/src/non-ascii.c
+++ b/libs/libcurl/src/non-ascii.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -51,7 +51,7 @@
* Curl_convert_clone() returns a malloced copy of the source string (if
* returning CURLE_OK), with the data converted to network format.
*/
-CURLcode Curl_convert_clone(struct SessionHandle *data,
+CURLcode Curl_convert_clone(struct Curl_easy *data,
const char *indata,
size_t insize,
char **outbuf)
@@ -79,52 +79,54 @@ CURLcode Curl_convert_clone(struct SessionHandle *data,
* Curl_convert_to_network() is an internal function for performing ASCII
* conversions on non-ASCII platforms. It convers the buffer _in place_.
*/
-CURLcode Curl_convert_to_network(struct SessionHandle *data,
+CURLcode Curl_convert_to_network(struct Curl_easy *data,
char *buffer, size_t length)
{
- CURLcode rc;
-
- if(data->set.convtonetwork) {
+ if(data && data->set.convtonetwork) {
/* use translation callback */
- rc = data->set.convtonetwork(buffer, length);
- if(rc != CURLE_OK) {
+ CURLcode result = data->set.convtonetwork(buffer, length);
+ if(result) {
failf(data,
"CURLOPT_CONV_TO_NETWORK_FUNCTION callback returned %d: %s",
- (int)rc, curl_easy_strerror(rc));
+ (int)result, curl_easy_strerror(result));
}
- return rc;
+
+ return result;
}
else {
#ifdef HAVE_ICONV
/* do the translation ourselves */
+ iconv_t tmpcd = (iconv_t) -1;
+ iconv_t *cd = &tmpcd;
char *input_ptr, *output_ptr;
size_t in_bytes, out_bytes, rc;
- int error;
/* open an iconv conversion descriptor if necessary */
- if(data->outbound_cd == (iconv_t)-1) {
- data->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK,
- CURL_ICONV_CODESET_OF_HOST);
- if(data->outbound_cd == (iconv_t)-1) {
- error = ERRNO;
+ if(data)
+ cd = &data->outbound_cd;
+ if(*cd == (iconv_t)-1) {
+ *cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK,
+ CURL_ICONV_CODESET_OF_HOST);
+ if(*cd == (iconv_t)-1) {
failf(data,
"The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
CURL_ICONV_CODESET_OF_NETWORK,
CURL_ICONV_CODESET_OF_HOST,
- error, strerror(error));
+ errno, strerror(errno));
return CURLE_CONV_FAILED;
}
}
/* call iconv */
input_ptr = output_ptr = buffer;
in_bytes = out_bytes = length;
- rc = iconv(data->outbound_cd, (const char**)&input_ptr, &in_bytes,
+ rc = iconv(*cd, &input_ptr, &in_bytes,
&output_ptr, &out_bytes);
+ if(!data)
+ iconv_close(tmpcd);
if((rc == ICONV_ERROR) || (in_bytes != 0)) {
- error = ERRNO;
failf(data,
"The Curl_convert_to_network iconv call failed with errno %i: %s",
- error, strerror(error));
+ errno, strerror(errno));
return CURLE_CONV_FAILED;
}
#else
@@ -140,52 +142,54 @@ CURLcode Curl_convert_to_network(struct SessionHandle *data,
* Curl_convert_from_network() is an internal function for performing ASCII
* conversions on non-ASCII platforms. It convers the buffer _in place_.
*/
-CURLcode Curl_convert_from_network(struct SessionHandle *data,
+CURLcode Curl_convert_from_network(struct Curl_easy *data,
char *buffer, size_t length)
{
- CURLcode rc;
-
- if(data->set.convfromnetwork) {
+ if(data && data->set.convfromnetwork) {
/* use translation callback */
- rc = data->set.convfromnetwork(buffer, length);
- if(rc != CURLE_OK) {
+ CURLcode result = data->set.convfromnetwork(buffer, length);
+ if(result) {
failf(data,
"CURLOPT_CONV_FROM_NETWORK_FUNCTION callback returned %d: %s",
- (int)rc, curl_easy_strerror(rc));
+ (int)result, curl_easy_strerror(result));
}
- return rc;
+
+ return result;
}
else {
#ifdef HAVE_ICONV
/* do the translation ourselves */
+ iconv_t tmpcd = (iconv_t) -1;
+ iconv_t *cd = &tmpcd;
char *input_ptr, *output_ptr;
size_t in_bytes, out_bytes, rc;
- int error;
/* open an iconv conversion descriptor if necessary */
- if(data->inbound_cd == (iconv_t)-1) {
- data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
- CURL_ICONV_CODESET_OF_NETWORK);
- if(data->inbound_cd == (iconv_t)-1) {
- error = ERRNO;
+ if(data)
+ cd = &data->inbound_cd;
+ if(*cd == (iconv_t)-1) {
+ *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
+ CURL_ICONV_CODESET_OF_NETWORK);
+ if(*cd == (iconv_t)-1) {
failf(data,
"The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
CURL_ICONV_CODESET_OF_HOST,
CURL_ICONV_CODESET_OF_NETWORK,
- error, strerror(error));
+ errno, strerror(errno));
return CURLE_CONV_FAILED;
}
}
/* call iconv */
input_ptr = output_ptr = buffer;
in_bytes = out_bytes = length;
- rc = iconv(data->inbound_cd, (const char **)&input_ptr, &in_bytes,
+ rc = iconv(*cd, &input_ptr, &in_bytes,
&output_ptr, &out_bytes);
+ if(!data)
+ iconv_close(tmpcd);
if((rc == ICONV_ERROR) || (in_bytes != 0)) {
- error = ERRNO;
failf(data,
"Curl_convert_from_network iconv call failed with errno %i: %s",
- error, strerror(error));
+ errno, strerror(errno));
return CURLE_CONV_FAILED;
}
#else
@@ -201,53 +205,55 @@ CURLcode Curl_convert_from_network(struct SessionHandle *data,
* Curl_convert_from_utf8() is an internal function for performing UTF-8
* conversions on non-ASCII platforms.
*/
-CURLcode Curl_convert_from_utf8(struct SessionHandle *data,
+CURLcode Curl_convert_from_utf8(struct Curl_easy *data,
char *buffer, size_t length)
{
- CURLcode rc;
-
- if(data->set.convfromutf8) {
+ if(data && data->set.convfromutf8) {
/* use translation callback */
- rc = data->set.convfromutf8(buffer, length);
- if(rc != CURLE_OK) {
+ CURLcode result = data->set.convfromutf8(buffer, length);
+ if(result) {
failf(data,
"CURLOPT_CONV_FROM_UTF8_FUNCTION callback returned %d: %s",
- (int)rc, curl_easy_strerror(rc));
+ (int)result, curl_easy_strerror(result));
}
- return rc;
+
+ return result;
}
else {
#ifdef HAVE_ICONV
/* do the translation ourselves */
- const char *input_ptr;
+ iconv_t tmpcd = (iconv_t) -1;
+ iconv_t *cd = &tmpcd;
+ char *input_ptr;
char *output_ptr;
size_t in_bytes, out_bytes, rc;
- int error;
/* open an iconv conversion descriptor if necessary */
- if(data->utf8_cd == (iconv_t)-1) {
- data->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
- CURL_ICONV_CODESET_FOR_UTF8);
- if(data->utf8_cd == (iconv_t)-1) {
- error = ERRNO;
+ if(data)
+ cd = &data->utf8_cd;
+ if(*cd == (iconv_t)-1) {
+ *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
+ CURL_ICONV_CODESET_FOR_UTF8);
+ if(*cd == (iconv_t)-1) {
failf(data,
"The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s",
CURL_ICONV_CODESET_OF_HOST,
CURL_ICONV_CODESET_FOR_UTF8,
- error, strerror(error));
+ errno, strerror(errno));
return CURLE_CONV_FAILED;
}
}
/* call iconv */
input_ptr = output_ptr = buffer;
in_bytes = out_bytes = length;
- rc = iconv(data->utf8_cd, &input_ptr, &in_bytes,
+ rc = iconv(*cd, &input_ptr, &in_bytes,
&output_ptr, &out_bytes);
+ if(!data)
+ iconv_close(tmpcd);
if((rc == ICONV_ERROR) || (in_bytes != 0)) {
- error = ERRNO;
failf(data,
"The Curl_convert_from_utf8 iconv call failed with errno %i: %s",
- error, strerror(error));
+ errno, strerror(errno));
return CURLE_CONV_FAILED;
}
if(output_ptr < input_ptr) {
@@ -264,9 +270,9 @@ CURLcode Curl_convert_from_utf8(struct SessionHandle *data,
}
/*
- * Init conversion stuff for a SessionHandle
+ * Init conversion stuff for a Curl_easy
*/
-void Curl_convert_init(struct SessionHandle *data)
+void Curl_convert_init(struct Curl_easy *data)
{
#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
/* conversion descriptors for iconv calls */
@@ -279,9 +285,9 @@ void Curl_convert_init(struct SessionHandle *data)
}
/*
- * Setup conversion stuff for a SessionHandle
+ * Setup conversion stuff for a Curl_easy
*/
-void Curl_convert_setup(struct SessionHandle *data)
+void Curl_convert_setup(struct Curl_easy *data)
{
data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST,
CURL_ICONV_CODESET_OF_NETWORK);
@@ -292,10 +298,10 @@ void Curl_convert_setup(struct SessionHandle *data)
}
/*
- * Close conversion stuff for a SessionHandle
+ * Close conversion stuff for a Curl_easy
*/
-void Curl_convert_close(struct SessionHandle *data)
+void Curl_convert_close(struct Curl_easy *data)
{
#ifdef HAVE_ICONV
/* close iconv conversion descriptors */
@@ -313,31 +319,4 @@ void Curl_convert_close(struct SessionHandle *data)
#endif /* HAVE_ICONV */
}
-/*
- * Curl_convert_form() is used from http.c, this converts any form items that
- need to be sent in the network encoding. Returns CURLE_OK on success.
- */
-CURLcode Curl_convert_form(struct SessionHandle *data, struct FormData *form)
-{
- struct FormData *next;
- CURLcode rc;
-
- if(!form)
- return CURLE_OK;
-
- if(!data)
- return CURLE_BAD_FUNCTION_ARGUMENT;
-
- do {
- next=form->next; /* the following form line */
- if(form->type == FORM_DATA) {
- rc = Curl_convert_to_network(data, form->line, form->length);
- /* Curl_convert_to_network calls failf if unsuccessful */
- if(rc != CURLE_OK)
- return rc;
- }
- } while((form = next) != NULL); /* continue */
- return CURLE_OK;
-}
-
#endif /* CURL_DOES_CONVERSIONS */
diff --git a/libs/libcurl/src/non-ascii.h b/libs/libcurl/src/non-ascii.h
index 8b4b7c22e8..5fb5771e04 100644
--- a/libs/libcurl/src/non-ascii.h
+++ b/libs/libcurl/src/non-ascii.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -33,22 +33,21 @@
*
* If no conversion was needed *outbuf may be NULL.
*/
-CURLcode Curl_convert_clone(struct SessionHandle *data,
+CURLcode Curl_convert_clone(struct Curl_easy *data,
const char *indata,
size_t insize,
char **outbuf);
-void Curl_convert_init(struct SessionHandle *data);
-void Curl_convert_setup(struct SessionHandle *data);
-void Curl_convert_close(struct SessionHandle *data);
+void Curl_convert_init(struct Curl_easy *data);
+void Curl_convert_setup(struct Curl_easy *data);
+void Curl_convert_close(struct Curl_easy *data);
-CURLcode Curl_convert_to_network(struct SessionHandle *data,
+CURLcode Curl_convert_to_network(struct Curl_easy *data,
char *buffer, size_t length);
-CURLcode Curl_convert_from_network(struct SessionHandle *data,
+CURLcode Curl_convert_from_network(struct Curl_easy *data,
char *buffer, size_t length);
-CURLcode Curl_convert_from_utf8(struct SessionHandle *data,
+CURLcode Curl_convert_from_utf8(struct Curl_easy *data,
char *buffer, size_t length);
-CURLcode Curl_convert_form(struct SessionHandle *data, struct FormData *form);
#else
#define Curl_convert_clone(a,b,c,d) ((void)a, CURLE_OK)
#define Curl_convert_init(x) Curl_nop_stmt
@@ -57,7 +56,6 @@ CURLcode Curl_convert_form(struct SessionHandle *data, struct FormData *form);
#define Curl_convert_to_network(a,b,c) ((void)a, CURLE_OK)
#define Curl_convert_from_network(a,b,c) ((void)a, CURLE_OK)
#define Curl_convert_from_utf8(a,b,c) ((void)a, CURLE_OK)
-#define Curl_convert_form(a,b) CURLE_OK
#endif
#endif /* HEADER_CURL_NON_ASCII_H */
diff --git a/libs/libcurl/src/nonblock.c b/libs/libcurl/src/nonblock.c
index 1447c877df..5959281e54 100644
--- a/libs/libcurl/src/nonblock.c
+++ b/libs/libcurl/src/nonblock.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -58,8 +58,7 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */
flags = sfcntl(sockfd, F_GETFL, 0);
if(nonblock)
return sfcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
- else
- return sfcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
+ return sfcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
#elif defined(HAVE_IOCTL_FIONBIO)
@@ -77,7 +76,7 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */
/* Amiga */
long flags = nonblock ? 1L : 0L;
- return IoctlSocket(sockfd, FIONBIO, flags);
+ return IoctlSocket(sockfd, FIONBIO, (char *)&flags);
#elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK)
diff --git a/libs/libcurl/src/nonblock.h b/libs/libcurl/src/nonblock.h
index b540ae46f6..98cdc25ab9 100644
--- a/libs/libcurl/src/nonblock.h
+++ b/libs/libcurl/src/nonblock.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/nss.c b/libs/libcurl/src/nss.c
deleted file mode 100644
index 2d4bf9e9c8..0000000000
--- a/libs/libcurl/src/nss.c
+++ /dev/null
@@ -1,1574 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/*
- * Source file for all NSS-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- */
-
-#include "curl_setup.h"
-
-#ifdef USE_NSS
-
-#include "urldata.h"
-#include "sendf.h"
-#include "formdata.h" /* for the boundary function */
-#include "url.h" /* for the ssl config check function */
-#include "connect.h"
-#include "strequal.h"
-#include "select.h"
-#include "sslgen.h"
-#include "llist.h"
-
-#define _MPRINTF_REPLACE /* use the internal *printf() functions */
-#include <curl/mprintf.h>
-
-#include "nssg.h"
-#include <nspr.h>
-#include <nss.h>
-#include <ssl.h>
-#include <sslerr.h>
-#include <secerr.h>
-#include <secmod.h>
-#include <sslproto.h>
-#include <prtypes.h>
-#include <pk11pub.h>
-#include <prio.h>
-#include <secitem.h>
-#include <secport.h>
-#include <certdb.h>
-#include <base64.h>
-#include <cert.h>
-#include <prerror.h>
-
-#include "curl_memory.h"
-#include "rawstr.h"
-#include "warnless.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#define SSL_DIR "/etc/pki/nssdb"
-
-/* enough to fit the string "PEM Token #[0|1]" */
-#define SLOTSIZE 13
-
-PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);
-
-PRLock * nss_initlock = NULL;
-PRLock * nss_crllock = NULL;
-#ifdef HAVE_NSS_INITCONTEXT
-NSSInitContext * nss_context = NULL;
-#endif
-
-volatile int initialized = 0;
-
-typedef struct {
- const char *name;
- int num;
-} cipher_s;
-
-#define PK11_SETATTRS(_attr, _idx, _type, _val, _len) do { \
- CK_ATTRIBUTE *ptr = (_attr) + ((_idx)++); \
- ptr->type = (_type); \
- ptr->pValue = (_val); \
- ptr->ulValueLen = (_len); \
-} WHILE_FALSE
-
-#define CERT_NewTempCertificate __CERT_NewTempCertificate
-
-#define NUM_OF_CIPHERS sizeof(cipherlist)/sizeof(cipherlist[0])
-static const cipher_s cipherlist[] = {
- /* SSL2 cipher suites */
- {"rc4", SSL_EN_RC4_128_WITH_MD5},
- {"rc4-md5", SSL_EN_RC4_128_WITH_MD5},
- {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
- {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5},
- {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
- {"des", SSL_EN_DES_64_CBC_WITH_MD5},
- {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
- /* SSL3/TLS cipher suites */
- {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
- {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA},
- {"rsa_3des_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
- {"rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
- {"rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
- {"rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
- {"rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
- {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA},
- {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
- {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
- {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
- {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
- {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
- /* TLS 1.0: Exportable 56-bit Cipher Suites. */
- {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
- {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
- /* AES ciphers. */
- {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA},
- {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA},
-#ifdef NSS_ENABLE_ECC
- /* ECC ciphers. */
- {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA},
- {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
- {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA},
- {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA},
- {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA},
- {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA},
- {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
- {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA},
- {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
- {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
- {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA},
- {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA},
- {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA},
- {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA},
- {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA},
- {"echde_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA},
- {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
- {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA},
- {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
- {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
- {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA},
- {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA},
- {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
- {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
- {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
-#endif
-};
-
-/* following ciphers are new in NSS 3.4 and not enabled by default, therefore
- they are enabled explicitly */
-static const int enable_ciphers_by_default[] = {
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
- TLS_RSA_WITH_AES_128_CBC_SHA,
- TLS_RSA_WITH_AES_256_CBC_SHA,
- SSL_NULL_WITH_NULL_NULL
-};
-
-static const char* pem_library = "libnsspem.so";
-SECMODModule* mod = NULL;
-
-static const char* nss_error_to_name(PRErrorCode code)
-{
- const char *name = PR_ErrorToName(code);
- if(name)
- return name;
-
- return "unknown error";
-}
-
-static void nss_print_error_message(struct SessionHandle *data, PRUint32 err)
-{
- failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
-}
-
-static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
- char *cipher_list)
-{
- unsigned int i;
- PRBool cipher_state[NUM_OF_CIPHERS];
- PRBool found;
- char *cipher;
- SECStatus rv;
-
- /* First disable all ciphers. This uses a different max value in case
- * NSS adds more ciphers later we don't want them available by
- * accident
- */
- for(i=0; i<SSL_NumImplementedCiphers; i++) {
- SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
- }
-
- /* Set every entry in our list to false */
- for(i=0; i<NUM_OF_CIPHERS; i++) {
- cipher_state[i] = PR_FALSE;
- }
-
- cipher = cipher_list;
-
- while(cipher_list && (cipher_list[0])) {
- while((*cipher) && (ISSPACE(*cipher)))
- ++cipher;
-
- if((cipher_list = strchr(cipher, ','))) {
- *cipher_list++ = '\0';
- }
-
- found = PR_FALSE;
-
- for(i=0; i<NUM_OF_CIPHERS; i++) {
- if(Curl_raw_equal(cipher, cipherlist[i].name)) {
- cipher_state[i] = PR_TRUE;
- found = PR_TRUE;
- break;
- }
- }
-
- if(found == PR_FALSE) {
- failf(data, "Unknown cipher in list: %s", cipher);
- return SECFailure;
- }
-
- if(cipher_list) {
- cipher = cipher_list;
- }
- }
-
- /* Finally actually enable the selected ciphers */
- for(i=0; i<NUM_OF_CIPHERS; i++) {
- rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
- if(rv != SECSuccess) {
- failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
- return SECFailure;
- }
- }
-
- return SECSuccess;
-}
-
-/*
- * Get the number of ciphers that are enabled. We use this to determine
- * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
- */
-static int num_enabled_ciphers(void)
-{
- PRInt32 policy = 0;
- int count = 0;
- unsigned int i;
-
- for(i=0; i<NUM_OF_CIPHERS; i++) {
- SSL_CipherPolicyGet(cipherlist[i].num, &policy);
- if(policy)
- count++;
- }
- return count;
-}
-
-/*
- * Determine whether the nickname passed in is a filename that needs to
- * be loaded as a PEM or a regular NSS nickname.
- *
- * returns 1 for a file
- * returns 0 for not a file (NSS nickname)
- */
-static int is_file(const char *filename)
-{
- struct_stat st;
-
- if(filename == NULL)
- return 0;
-
- if(stat(filename, &st) == 0)
- if(S_ISREG(st.st_mode))
- return 1;
-
- return 0;
-}
-
-/* Check if the given string is filename or nickname of a certificate. If the
- * given string is recognized as filename, return NULL. If the given string is
- * recognized as nickname, return a duplicated string. The returned string
- * should be later deallocated using free(). If the OOM failure occurs, we
- * return NULL, too.
- */
-static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind)
-{
- const char *str = data->set.str[cert_kind];
- const char *n;
-
- if(!is_file(str))
- /* no such file exists, use the string as nickname */
- return strdup(str);
-
- /* search the last slash; we require at least one slash in a file name */
- n = strrchr(str, '/');
- if(!n) {
- infof(data, "warning: certificate file name \"%s\" handled as nickname; "
- "please use \"./%s\" to force file name\n", str, str);
- return strdup(str);
- }
-
- /* we'll use the PEM reader to read the certificate from file */
- return NULL;
-}
-
-/* Call PK11_CreateGenericObject() with the given obj_class and filename. If
- * the call succeeds, append the object handle to the list of objects so that
- * the object can be destroyed in Curl_nss_close(). */
-static CURLcode nss_create_object(struct ssl_connect_data *ssl,
- CK_OBJECT_CLASS obj_class,
- const char *filename, bool cacert)
-{
- PK11SlotInfo *slot;
- PK11GenericObject *obj;
- CK_BBOOL cktrue = CK_TRUE;
- CK_BBOOL ckfalse = CK_FALSE;
- CK_ATTRIBUTE attrs[/* max count of attributes */ 4];
- int attr_cnt = 0;
- CURLcode err = (cacert)
- ? CURLE_SSL_CACERT_BADFILE
- : CURLE_SSL_CERTPROBLEM;
-
- const int slot_id = (cacert) ? 0 : 1;
- char *slot_name = aprintf("PEM Token #%d", slot_id);
- if(!slot_name)
- return CURLE_OUT_OF_MEMORY;
-
- slot = PK11_FindSlotByName(slot_name);
- free(slot_name);
- if(!slot)
- return err;
-
- PK11_SETATTRS(attrs, attr_cnt, CKA_CLASS, &obj_class, sizeof(obj_class));
- PK11_SETATTRS(attrs, attr_cnt, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
- PK11_SETATTRS(attrs, attr_cnt, CKA_LABEL, (unsigned char *)filename,
- strlen(filename) + 1);
-
- if(CKO_CERTIFICATE == obj_class) {
- CK_BBOOL *pval = (cacert) ? (&cktrue) : (&ckfalse);
- PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
- }
-
- obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
- PK11_FreeSlot(slot);
- if(!obj)
- return err;
-
- if(!Curl_llist_insert_next(ssl->obj_list, ssl->obj_list->tail, obj)) {
- PK11_DestroyGenericObject(obj);
- return CURLE_OUT_OF_MEMORY;
- }
-
- if(!cacert && CKO_CERTIFICATE == obj_class)
- /* store reference to a client certificate */
- ssl->obj_clicert = obj;
-
- return CURLE_OK;
-}
-
-/* Destroy the NSS object whose handle is given by ptr. This function is
- * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy
- * NSS objects in Curl_nss_close() */
-static void nss_destroy_object(void *user, void *ptr)
-{
- PK11GenericObject *obj = (PK11GenericObject *)ptr;
- (void) user;
- PK11_DestroyGenericObject(obj);
-}
-
-static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
- const char *filename, PRBool cacert)
-{
- CURLcode err = (cacert)
- ? CURLE_SSL_CACERT_BADFILE
- : CURLE_SSL_CERTPROBLEM;
-
- /* libnsspem.so leaks memory if the requested file does not exist. For more
- * details, go to <https://bugzilla.redhat.com/734760>. */
- if(is_file(filename))
- err = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
-
- if(CURLE_OK == err && !cacert) {
- /* we have successfully loaded a client certificate */
- CERTCertificate *cert;
- char *nickname = NULL;
- char *n = strrchr(filename, '/');
- if(n)
- n++;
-
- /* The following undocumented magic helps to avoid a SIGSEGV on call
- * of PK11_ReadRawAttribute() from SelectClientCert() when using an
- * immature version of libnsspem.so. For more details, go to
- * <https://bugzilla.redhat.com/733685>. */
- nickname = aprintf("PEM Token #1:%s", n);
- if(nickname) {
- cert = PK11_FindCertFromNickname(nickname, NULL);
- if(cert)
- CERT_DestroyCertificate(cert);
-
- free(nickname);
- }
- }
-
- return err;
-}
-
-/* add given CRL to cache if it is not already there */
-static SECStatus nss_cache_crl(SECItem *crlDER)
-{
- CERTCertDBHandle *db = CERT_GetDefaultCertDB();
- CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0);
- if(crl) {
- /* CRL already cached */
- SEC_DestroyCrl(crl);
- SECITEM_FreeItem(crlDER, PR_FALSE);
- return SECSuccess;
- }
-
- /* acquire lock before call of CERT_CacheCRL() */
- PR_Lock(nss_crllock);
- if(SECSuccess != CERT_CacheCRL(db, crlDER)) {
- /* unable to cache CRL */
- PR_Unlock(nss_crllock);
- SECITEM_FreeItem(crlDER, PR_FALSE);
- return SECFailure;
- }
-
- /* we need to clear session cache, so that the CRL could take effect */
- SSL_ClearSessionCache();
- PR_Unlock(nss_crllock);
- return SECSuccess;
-}
-
-static SECStatus nss_load_crl(const char* crlfilename)
-{
- PRFileDesc *infile;
- PRFileInfo info;
- SECItem filedata = { 0, NULL, 0 };
- SECItem crlDER = { 0, NULL, 0 };
- char *body;
-
- infile = PR_Open(crlfilename, PR_RDONLY, 0);
- if(!infile)
- return SECFailure;
-
- if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info))
- goto fail;
-
- if(!SECITEM_AllocItem(NULL, &filedata, info.size + /* zero ended */ 1))
- goto fail;
-
- if(info.size != PR_Read(infile, filedata.data, info.size))
- goto fail;
-
- /* place a trailing zero right after the visible data */
- body = (char*)filedata.data;
- body[--filedata.len] = '\0';
-
- body = strstr(body, "-----BEGIN");
- if(body) {
- /* assume ASCII */
- char *trailer;
- char *begin = PORT_Strchr(body, '\n');
- if(!begin)
- begin = PORT_Strchr(body, '\r');
- if(!begin)
- goto fail;
-
- trailer = strstr(++begin, "-----END");
- if(!trailer)
- goto fail;
-
- /* retrieve DER from ASCII */
- *trailer = '\0';
- if(ATOB_ConvertAsciiToItem(&crlDER, begin))
- goto fail;
-
- SECITEM_FreeItem(&filedata, PR_FALSE);
- }
- else
- /* assume DER */
- crlDER = filedata;
-
- PR_Close(infile);
- return nss_cache_crl(&crlDER);
-
-fail:
- PR_Close(infile);
- SECITEM_FreeItem(&filedata, PR_FALSE);
- return SECFailure;
-}
-
-static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
- char *key_file)
-{
- PK11SlotInfo *slot;
- SECStatus status;
- CURLcode rv;
- struct ssl_connect_data *ssl = conn->ssl;
- (void)sockindex; /* unused */
-
- rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
- if(CURLE_OK != rv) {
- PR_SetError(SEC_ERROR_BAD_KEY, 0);
- return rv;
- }
-
- slot = PK11_FindSlotByName("PEM Token #1");
- if(!slot)
- return CURLE_SSL_CERTPROBLEM;
-
- /* This will force the token to be seen as re-inserted */
- SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
- PK11_IsPresent(slot);
-
- status = PK11_Authenticate(slot, PR_TRUE,
- conn->data->set.str[STRING_KEY_PASSWD]);
- PK11_FreeSlot(slot);
- return (SECSuccess == status)
- ? CURLE_OK
- : CURLE_SSL_CERTPROBLEM;
-}
-
-static int display_error(struct connectdata *conn, PRInt32 err,
- const char *filename)
-{
- switch(err) {
- case SEC_ERROR_BAD_PASSWORD:
- failf(conn->data, "Unable to load client key: Incorrect password");
- return 1;
- case SEC_ERROR_UNKNOWN_CERT:
- failf(conn->data, "Unable to load certificate %s", filename);
- return 1;
- default:
- break;
- }
- return 0; /* The caller will print a generic error */
-}
-
-static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
- char *cert_file, char *key_file)
-{
- struct SessionHandle *data = conn->data;
- CURLcode rv;
-
- if(cert_file) {
- rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
- if(CURLE_OK != rv) {
- const PRErrorCode err = PR_GetError();
- if(!display_error(conn, err, cert_file)) {
- const char *err_name = nss_error_to_name(err);
- failf(data, "unable to load client cert: %d (%s)", err, err_name);
- }
-
- return rv;
- }
- }
-
- if(key_file || (is_file(cert_file))) {
- if(key_file)
- rv = nss_load_key(conn, sockindex, key_file);
- else
- /* In case the cert file also has the key */
- rv = nss_load_key(conn, sockindex, cert_file);
- if(CURLE_OK != rv) {
- const PRErrorCode err = PR_GetError();
- if(!display_error(conn, err, key_file)) {
- const char *err_name = nss_error_to_name(err);
- failf(data, "unable to load client key: %d (%s)", err, err_name);
- }
-
- return rv;
- }
- }
-
- return CURLE_OK;
-}
-
-static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg)
-{
- (void)slot; /* unused */
- if(retry || NULL == arg)
- return NULL;
- else
- return (char *)PORT_Strdup((char *)arg);
-}
-
-/* bypass the default SSL_AuthCertificate() hook in case we do not want to
- * verify peer */
-static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
- PRBool isServer)
-{
- struct connectdata *conn = (struct connectdata *)arg;
- if(!conn->data->set.ssl.verifypeer) {
- infof(conn->data, "skipping SSL peer certificate verification\n");
- return SECSuccess;
- }
-
- return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
-}
-
-/**
- * Inform the application that the handshake is complete.
- */
-static void HandshakeCallback(PRFileDesc *sock, void *arg)
-{
- (void)sock;
- (void)arg;
-}
-
-static void display_cert_info(struct SessionHandle *data,
- CERTCertificate *cert)
-{
- char *subject, *issuer, *common_name;
- PRExplodedTime printableTime;
- char timeString[256];
- PRTime notBefore, notAfter;
-
- subject = CERT_NameToAscii(&cert->subject);
- issuer = CERT_NameToAscii(&cert->issuer);
- common_name = CERT_GetCommonName(&cert->subject);
- infof(data, "\tsubject: %s\n", subject);
-
- CERT_GetCertTimes(cert, &notBefore, &notAfter);
- PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
- PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
- infof(data, "\tstart date: %s\n", timeString);
- PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime);
- PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
- infof(data, "\texpire date: %s\n", timeString);
- infof(data, "\tcommon name: %s\n", common_name);
- infof(data, "\tissuer: %s\n", issuer);
-
- PR_Free(subject);
- PR_Free(issuer);
- PR_Free(common_name);
-}
-
-static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
-{
- SSLChannelInfo channel;
- SSLCipherSuiteInfo suite;
- CERTCertificate *cert;
-
- if(SSL_GetChannelInfo(sock, &channel, sizeof channel) ==
- SECSuccess && channel.length == sizeof channel &&
- channel.cipherSuite) {
- if(SSL_GetCipherSuiteInfo(channel.cipherSuite,
- &suite, sizeof suite) == SECSuccess) {
- infof(conn->data, "SSL connection using %s\n", suite.cipherSuiteName);
- }
- }
-
- infof(conn->data, "Server certificate:\n");
-
- cert = SSL_PeerCertificate(sock);
- display_cert_info(conn->data, cert);
- CERT_DestroyCertificate(cert);
-
- return;
-}
-
-static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
-{
- struct connectdata *conn = (struct connectdata *)arg;
- struct SessionHandle *data = conn->data;
- PRErrorCode err = PR_GetError();
- CERTCertificate *cert;
-
- /* remember the cert verification result */
- data->set.ssl.certverifyresult = err;
-
- if(err == SSL_ERROR_BAD_CERT_DOMAIN && !data->set.ssl.verifyhost)
- /* we are asked not to verify the host name */
- return SECSuccess;
-
- /* print only info about the cert, the error is printed off the callback */
- cert = SSL_PeerCertificate(sock);
- if(cert) {
- infof(data, "Server certificate:\n");
- display_cert_info(data, cert);
- CERT_DestroyCertificate(cert);
- }
-
- return SECFailure;
-}
-
-/**
- *
- * Check that the Peer certificate's issuer certificate matches the one found
- * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the
- * issuer check, so we provide comments that mimic the OpenSSL
- * X509_check_issued function (in x509v3/v3_purp.c)
- */
-static SECStatus check_issuer_cert(PRFileDesc *sock,
- char *issuer_nickname)
-{
- CERTCertificate *cert,*cert_issuer,*issuer;
- SECStatus res=SECSuccess;
- void *proto_win = NULL;
-
- /*
- PRArenaPool *tmpArena = NULL;
- CERTAuthKeyID *authorityKeyID = NULL;
- SECITEM *caname = NULL;
- */
-
- cert = SSL_PeerCertificate(sock);
- cert_issuer = CERT_FindCertIssuer(cert,PR_Now(),certUsageObjectSigner);
-
- proto_win = SSL_RevealPinArg(sock);
- issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
-
- if((!cert_issuer) || (!issuer))
- res = SECFailure;
- else if(SECITEM_CompareItem(&cert_issuer->derCert,
- &issuer->derCert)!=SECEqual)
- res = SECFailure;
-
- CERT_DestroyCertificate(cert);
- CERT_DestroyCertificate(issuer);
- CERT_DestroyCertificate(cert_issuer);
- return res;
-}
-
-/**
- *
- * Callback to pick the SSL client certificate.
- */
-static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
-{
- struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
- struct SessionHandle *data = connssl->data;
- const char *nickname = connssl->client_nickname;
-
- if(connssl->obj_clicert) {
- /* use the cert/key provided by PEM reader */
- static const char pem_slotname[] = "PEM Token #1";
- SECItem cert_der = { 0, NULL, 0 };
- void *proto_win = SSL_RevealPinArg(sock);
- struct CERTCertificateStr *cert;
- struct SECKEYPrivateKeyStr *key;
-
- PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
- if(NULL == slot) {
- failf(data, "NSS: PK11 slot not found: %s", pem_slotname);
- return SECFailure;
- }
-
- if(PK11_ReadRawAttribute(PK11_TypeGeneric, connssl->obj_clicert, CKA_VALUE,
- &cert_der) != SECSuccess) {
- failf(data, "NSS: CKA_VALUE not found in PK11 generic object");
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
- cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
- SECITEM_FreeItem(&cert_der, PR_FALSE);
- if(NULL == cert) {
- failf(data, "NSS: client certificate from file not found");
- PK11_FreeSlot(slot);
- return SECFailure;
- }
-
- key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
- PK11_FreeSlot(slot);
- if(NULL == key) {
- failf(data, "NSS: private key from file not found");
- CERT_DestroyCertificate(cert);
- return SECFailure;
- }
-
- infof(data, "NSS: client certificate from file\n");
- display_cert_info(data, cert);
-
- *pRetCert = cert;
- *pRetKey = key;
- return SECSuccess;
- }
-
- /* use the default NSS hook */
- if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
- pRetCert, pRetKey)
- || NULL == *pRetCert) {
-
- if(NULL == nickname)
- failf(data, "NSS: client certificate not found (nickname not "
- "specified)");
- else
- failf(data, "NSS: client certificate not found: %s", nickname);
-
- return SECFailure;
- }
-
- /* get certificate nickname if any */
- nickname = (*pRetCert)->nickname;
- if(NULL == nickname)
- nickname = "[unknown]";
-
- if(NULL == *pRetKey) {
- failf(data, "NSS: private key not found for certificate: %s", nickname);
- return SECFailure;
- }
-
- infof(data, "NSS: using client certificate: %s\n", nickname);
- display_cert_info(data, *pRetCert);
- return SECSuccess;
-}
-
-/* This function is supposed to decide, which error codes should be used
- * to conclude server is TLS intolerant.
- *
- * taken from xulrunner - nsNSSIOLayer.cpp
- */
-static PRBool
-isTLSIntoleranceError(PRInt32 err)
-{
- switch (err) {
- case SSL_ERROR_BAD_MAC_ALERT:
- case SSL_ERROR_BAD_MAC_READ:
- case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:
- case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:
- case SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE:
- case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:
- case SSL_ERROR_NO_CYPHER_OVERLAP:
- case SSL_ERROR_BAD_SERVER:
- case SSL_ERROR_BAD_BLOCK_PADDING:
- case SSL_ERROR_UNSUPPORTED_VERSION:
- case SSL_ERROR_PROTOCOL_VERSION_ALERT:
- case SSL_ERROR_RX_MALFORMED_FINISHED:
- case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE:
- case SSL_ERROR_DECODE_ERROR_ALERT:
- case SSL_ERROR_RX_UNKNOWN_ALERT:
- return PR_TRUE;
- default:
- return PR_FALSE;
- }
-}
-
-static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
-{
-#ifdef HAVE_NSS_INITCONTEXT
- NSSInitParameters initparams;
-
- if(nss_context != NULL)
- return CURLE_OK;
-
- memset((void *) &initparams, '\0', sizeof(initparams));
- initparams.length = sizeof(initparams);
-#else /* HAVE_NSS_INITCONTEXT */
- SECStatus rv;
-
- if(NSS_IsInitialized())
- return CURLE_OK;
-#endif
-
- if(cert_dir) {
- const bool use_sql = NSS_VersionCheck("3.12.0");
- char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
- if(!certpath)
- return CURLE_OUT_OF_MEMORY;
-
- infof(data, "Initializing NSS with certpath: %s\n", certpath);
-#ifdef HAVE_NSS_INITCONTEXT
- nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
- NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
- free(certpath);
-
- if(nss_context != NULL)
- return CURLE_OK;
-#else /* HAVE_NSS_INITCONTEXT */
- rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
- free(certpath);
-
- if(rv == SECSuccess)
- return CURLE_OK;
-#endif
-
- infof(data, "Unable to initialize NSS database\n");
- }
-
- infof(data, "Initializing NSS with certpath: none\n");
-#ifdef HAVE_NSS_INITCONTEXT
- nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
- | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
- | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
- if(nss_context != NULL)
- return CURLE_OK;
-#else /* HAVE_NSS_INITCONTEXT */
- if(NSS_NoDB_Init(NULL) == SECSuccess)
- return CURLE_OK;
-#endif
-
- infof(data, "Unable to initialize NSS\n");
- return CURLE_SSL_CACERT_BADFILE;
-}
-
-static CURLcode nss_init(struct SessionHandle *data)
-{
- char *cert_dir;
- struct_stat st;
- CURLcode rv;
-
- if(initialized)
- return CURLE_OK;
-
- /* First we check if $SSL_DIR points to a valid dir */
- cert_dir = getenv("SSL_DIR");
- if(cert_dir) {
- if((stat(cert_dir, &st) != 0) ||
- (!S_ISDIR(st.st_mode))) {
- cert_dir = NULL;
- }
- }
-
- /* Now we check if the default location is a valid dir */
- if(!cert_dir) {
- if((stat(SSL_DIR, &st) == 0) &&
- (S_ISDIR(st.st_mode))) {
- cert_dir = (char *)SSL_DIR;
- }
- }
-
- rv = nss_init_core(data, cert_dir);
- if(rv)
- return rv;
-
- if(num_enabled_ciphers() == 0)
- NSS_SetDomesticPolicy();
-
- initialized = 1;
- return CURLE_OK;
-}
-
-/**
- * Global SSL init
- *
- * @retval 0 error initializing SSL
- * @retval 1 SSL initialized successfully
- */
-int Curl_nss_init(void)
-{
- /* curl_global_init() is not thread-safe so this test is ok */
- if(nss_initlock == NULL) {
- PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
- nss_initlock = PR_NewLock();
- nss_crllock = PR_NewLock();
- }
-
- /* We will actually initialize NSS later */
-
- return 1;
-}
-
-CURLcode Curl_nss_force_init(struct SessionHandle *data)
-{
- CURLcode rv;
- if(!nss_initlock) {
- failf(data,
- "unable to initialize NSS, curl_global_init() should have been "
- "called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
- return CURLE_FAILED_INIT;
- }
-
- PR_Lock(nss_initlock);
- rv = nss_init(data);
- PR_Unlock(nss_initlock);
- return rv;
-}
-
-/* Global cleanup */
-void Curl_nss_cleanup(void)
-{
- /* This function isn't required to be threadsafe and this is only done
- * as a safety feature.
- */
- PR_Lock(nss_initlock);
- if(initialized) {
- /* Free references to client certificates held in the SSL session cache.
- * Omitting this hampers destruction of the security module owning
- * the certificates. */
- SSL_ClearSessionCache();
-
- if(mod && SECSuccess == SECMOD_UnloadUserModule(mod)) {
- SECMOD_DestroyModule(mod);
- mod = NULL;
- }
-#ifdef HAVE_NSS_INITCONTEXT
- NSS_ShutdownContext(nss_context);
- nss_context = NULL;
-#else /* HAVE_NSS_INITCONTEXT */
- NSS_Shutdown();
-#endif
- }
- PR_Unlock(nss_initlock);
-
- PR_DestroyLock(nss_initlock);
- PR_DestroyLock(nss_crllock);
- nss_initlock = NULL;
-
- initialized = 0;
-}
-
-/*
- * This function uses SSL_peek to determine connection status.
- *
- * Return codes:
- * 1 means the connection is still in place
- * 0 means the connection has been closed
- * -1 means the connection status is unknown
- */
-int
-Curl_nss_check_cxn(struct connectdata *conn)
-{
- int rc;
- char buf;
-
- rc =
- PR_Recv(conn->ssl[FIRSTSOCKET].handle, (void *)&buf, 1, PR_MSG_PEEK,
- PR_SecondsToInterval(1));
- if(rc > 0)
- return 1; /* connection still in place */
-
- if(rc == 0)
- return 0; /* connection has been closed */
-
- return -1; /* connection status unknown */
-}
-
-/*
- * This function is called when an SSL connection is closed.
- */
-void Curl_nss_close(struct connectdata *conn, int sockindex)
-{
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- if(connssl->handle) {
- /* NSS closes the socket we previously handed to it, so we must mark it
- as closed to avoid double close */
- fake_sclose(conn->sock[sockindex]);
- conn->sock[sockindex] = CURL_SOCKET_BAD;
-
- if((connssl->client_nickname != NULL) || (connssl->obj_clicert != NULL))
- /* A server might require different authentication based on the
- * particular path being requested by the client. To support this
- * scenario, we must ensure that a connection will never reuse the
- * authentication data from a previous connection. */
- SSL_InvalidateSession(connssl->handle);
-
- if(connssl->client_nickname != NULL) {
- free(connssl->client_nickname);
- connssl->client_nickname = NULL;
- }
- /* destroy all NSS objects in order to avoid failure of NSS shutdown */
- Curl_llist_destroy(connssl->obj_list, NULL);
- connssl->obj_list = NULL;
- connssl->obj_clicert = NULL;
-
- PR_Close(connssl->handle);
- connssl->handle = NULL;
- }
-}
-
-/*
- * This function is called when the 'data' struct is going away. Close
- * down everything and free all resources!
- */
-int Curl_nss_close_all(struct SessionHandle *data)
-{
- (void)data;
- return 0;
-}
-
-/* return true if NSS can provide error code (and possibly msg) for the
- error */
-static bool is_nss_error(CURLcode err)
-{
- switch(err) {
- case CURLE_PEER_FAILED_VERIFICATION:
- case CURLE_SSL_CACERT:
- case CURLE_SSL_CERTPROBLEM:
- case CURLE_SSL_CONNECT_ERROR:
- case CURLE_SSL_ISSUER_ERROR:
- return true;
-
- default:
- return false;
- }
-}
-
-/* return true if the given error code is related to a client certificate */
-static bool is_cc_error(PRInt32 err)
-{
- switch(err) {
- case SSL_ERROR_BAD_CERT_ALERT:
- case SSL_ERROR_EXPIRED_CERT_ALERT:
- case SSL_ERROR_REVOKED_CERT_ALERT:
- return true;
-
- default:
- return false;
- }
-}
-
-static Curl_recv nss_recv;
-static Curl_send nss_send;
-
-static CURLcode nss_load_ca_certificates(struct connectdata *conn,
- int sockindex)
-{
- struct SessionHandle *data = conn->data;
- const char *cafile = data->set.ssl.CAfile;
- const char *capath = data->set.ssl.CApath;
-
- if(cafile) {
- CURLcode rv = nss_load_cert(&conn->ssl[sockindex], cafile, PR_TRUE);
- if(CURLE_OK != rv)
- return rv;
- }
-
- if(capath) {
- struct_stat st;
- if(stat(capath, &st) == -1)
- return CURLE_SSL_CACERT_BADFILE;
-
- if(S_ISDIR(st.st_mode)) {
- PRDirEntry *entry;
- PRDir *dir = PR_OpenDir(capath);
- if(!dir)
- return CURLE_SSL_CACERT_BADFILE;
-
- while((entry = PR_ReadDir(dir, PR_SKIP_BOTH | PR_SKIP_HIDDEN))) {
- char *fullpath = aprintf("%s/%s", capath, entry->name);
- if(!fullpath) {
- PR_CloseDir(dir);
- return CURLE_OUT_OF_MEMORY;
- }
-
- if(CURLE_OK != nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE))
- /* This is purposefully tolerant of errors so non-PEM files can
- * be in the same directory */
- infof(data, "failed to load '%s' from CURLOPT_CAPATH\n", fullpath);
-
- free(fullpath);
- }
-
- PR_CloseDir(dir);
- }
- else
- infof(data, "warning: CURLOPT_CAPATH not a directory (%s)\n", capath);
- }
-
- infof(data, " CAfile: %s\n CApath: %s\n",
- cafile ? cafile : "none",
- capath ? capath : "none");
-
- return CURLE_OK;
-}
-
-CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
-{
- PRErrorCode err = 0;
- PRFileDesc *model = NULL;
- PRBool ssl2 = PR_FALSE;
- PRBool ssl3 = PR_FALSE;
- PRBool tlsv1 = PR_FALSE;
- PRBool ssl_no_cache;
- PRBool ssl_cbc_random_iv;
- struct SessionHandle *data = conn->data;
- curl_socket_t sockfd = conn->sock[sockindex];
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- CURLcode curlerr;
- const int *cipher_to_enable;
- PRSocketOptionData sock_opt;
- long time_left;
- PRUint32 timeout;
-
- if(connssl->state == ssl_connection_complete)
- return CURLE_OK;
-
- connssl->data = data;
-
- /* list of all NSS objects we need to destroy in Curl_nss_close() */
- connssl->obj_list = Curl_llist_alloc(nss_destroy_object);
- if(!connssl->obj_list)
- return CURLE_OUT_OF_MEMORY;
-
- /* FIXME. NSS doesn't support multiple databases open at the same time. */
- PR_Lock(nss_initlock);
- curlerr = nss_init(conn->data);
- if(CURLE_OK != curlerr) {
- PR_Unlock(nss_initlock);
- goto error;
- }
-
- curlerr = CURLE_SSL_CONNECT_ERROR;
-
- if(!mod) {
- char *configstring = aprintf("library=%s name=PEM", pem_library);
- if(!configstring) {
- PR_Unlock(nss_initlock);
- goto error;
- }
- mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
- free(configstring);
-
- if(!mod || !mod->loaded) {
- if(mod) {
- SECMOD_DestroyModule(mod);
- mod = NULL;
- }
- infof(data, "WARNING: failed to load NSS PEM library %s. Using "
- "OpenSSL PEM certificates will not work.\n", pem_library);
- }
- }
-
- PK11_SetPasswordFunc(nss_get_password);
- PR_Unlock(nss_initlock);
-
- model = PR_NewTCPSocket();
- if(!model)
- goto error;
- model = SSL_ImportFD(NULL, model);
-
- if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
- goto error;
- if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
- goto error;
- if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess)
- goto error;
-
- /* do not use SSL cache if we are not going to verify peer */
- ssl_no_cache = (data->set.ssl.verifypeer) ? PR_FALSE : PR_TRUE;
- if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
- goto error;
-
- switch (data->set.ssl.version) {
- default:
- case CURL_SSLVERSION_DEFAULT:
- ssl3 = PR_TRUE;
- if(data->state.ssl_connect_retry)
- infof(data, "TLS disabled due to previous handshake failure\n");
- else
- tlsv1 = PR_TRUE;
- break;
- case CURL_SSLVERSION_TLSv1:
- tlsv1 = PR_TRUE;
- break;
- case CURL_SSLVERSION_SSLv2:
- ssl2 = PR_TRUE;
- break;
- case CURL_SSLVERSION_SSLv3:
- ssl3 = PR_TRUE;
- break;
- }
-
- if(SSL_OptionSet(model, SSL_ENABLE_SSL2, ssl2) != SECSuccess)
- goto error;
- if(SSL_OptionSet(model, SSL_ENABLE_SSL3, ssl3) != SECSuccess)
- goto error;
- if(SSL_OptionSet(model, SSL_ENABLE_TLS, tlsv1) != SECSuccess)
- goto error;
-
- if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
- goto error;
-
- ssl_cbc_random_iv = !data->set.ssl_enable_beast;
-#ifdef SSL_CBC_RANDOM_IV
- /* unless the user explicitly asks to allow the protocol vulnerability, we
- use the work-around */
- if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
- infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n",
- ssl_cbc_random_iv);
-#else
- if(ssl_cbc_random_iv)
- infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n");
-#endif
-
- /* reset the flag to avoid an infinite loop */
- data->state.ssl_connect_retry = FALSE;
-
- /* enable all ciphers from enable_ciphers_by_default */
- cipher_to_enable = enable_ciphers_by_default;
- while(SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
- if(SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
- curlerr = CURLE_SSL_CIPHER;
- goto error;
- }
- cipher_to_enable++;
- }
-
- if(data->set.ssl.cipher_list) {
- if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
- curlerr = CURLE_SSL_CIPHER;
- goto error;
- }
- }
-
- if(!data->set.ssl.verifypeer && data->set.ssl.verifyhost)
- infof(data, "warning: ignoring value of ssl.verifyhost\n");
-
- /* bypass the default SSL_AuthCertificate() hook in case we do not want to
- * verify peer */
- if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, conn) != SECSuccess)
- goto error;
-
- data->set.ssl.certverifyresult=0; /* not checked yet */
- if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
- goto error;
-
- if(SSL_HandshakeCallback(model, HandshakeCallback, NULL) != SECSuccess)
- goto error;
-
- if(data->set.ssl.verifypeer) {
- const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
- if(CURLE_OK != rv) {
- curlerr = rv;
- goto error;
- }
- }
-
- if(data->set.ssl.CRLfile) {
- if(SECSuccess != nss_load_crl(data->set.ssl.CRLfile)) {
- curlerr = CURLE_SSL_CRL_BADFILE;
- goto error;
- }
- infof(data,
- " CRLfile: %s\n",
- data->set.ssl.CRLfile ? data->set.ssl.CRLfile : "none");
- }
-
- if(data->set.str[STRING_CERT]) {
- char *nickname = dup_nickname(data, STRING_CERT);
- if(nickname) {
- /* we are not going to use libnsspem.so to read the client cert */
- connssl->obj_clicert = NULL;
- }
- else {
- CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
- data->set.str[STRING_KEY]);
- if(CURLE_OK != rv) {
- /* failf() is already done in cert_stuff() */
- curlerr = rv;
- goto error;
- }
- }
-
- /* store the nickname for SelectClientCert() called during handshake */
- connssl->client_nickname = nickname;
- }
- else
- connssl->client_nickname = NULL;
-
- if(SSL_GetClientAuthDataHook(model, SelectClientCert,
- (void *)connssl) != SECSuccess) {
- curlerr = CURLE_SSL_CERTPROBLEM;
- goto error;
- }
-
- /* Import our model socket onto the existing file descriptor */
- connssl->handle = PR_ImportTCPSocket(sockfd);
- connssl->handle = SSL_ImportFD(model, connssl->handle);
- if(!connssl->handle)
- goto error;
-
- PR_Close(model); /* We don't need this any more */
- model = NULL;
-
- /* This is the password associated with the cert that we're using */
- if(data->set.str[STRING_KEY_PASSWD]) {
- SSL_SetPKCS11PinArg(connssl->handle, data->set.str[STRING_KEY_PASSWD]);
- }
-
- /* Force handshake on next I/O */
- SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);
-
- SSL_SetURL(connssl->handle, conn->host.name);
-
- /* check timeout situation */
- time_left = Curl_timeleft(data, NULL, TRUE);
- if(time_left < 0L) {
- failf(data, "timed out before SSL handshake");
- curlerr = CURLE_OPERATION_TIMEDOUT;
- goto error;
- }
- timeout = PR_MillisecondsToInterval((PRUint32) time_left);
-
- /* Force the handshake now */
- if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
- if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
- curlerr = CURLE_PEER_FAILED_VERIFICATION;
- else if(conn->data->set.ssl.certverifyresult!=0)
- curlerr = CURLE_SSL_CACERT;
- goto error;
- }
-
- /* switch the SSL socket into non-blocking mode */
- sock_opt.option = PR_SockOpt_Nonblocking;
- sock_opt.value.non_blocking = PR_TRUE;
- if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
- goto error;
-
- connssl->state = ssl_connection_complete;
- conn->recv[sockindex] = nss_recv;
- conn->send[sockindex] = nss_send;
-
- display_conn_info(conn, connssl->handle);
-
- if(data->set.str[STRING_SSL_ISSUERCERT]) {
- SECStatus ret = SECFailure;
- char *nickname = dup_nickname(data, STRING_SSL_ISSUERCERT);
- if(nickname) {
- /* we support only nicknames in case of STRING_SSL_ISSUERCERT for now */
- ret = check_issuer_cert(connssl->handle, nickname);
- free(nickname);
- }
-
- if(SECFailure == ret) {
- infof(data,"SSL certificate issuer check failed\n");
- curlerr = CURLE_SSL_ISSUER_ERROR;
- goto error;
- }
- else {
- infof(data, "SSL certificate issuer check ok\n");
- }
- }
-
- return CURLE_OK;
-
- error:
- /* reset the flag to avoid an infinite loop */
- data->state.ssl_connect_retry = FALSE;
-
- if(is_nss_error(curlerr)) {
- /* read NSPR error code */
- err = PR_GetError();
- if(is_cc_error(err))
- curlerr = CURLE_SSL_CERTPROBLEM;
-
- /* print the error number and error string */
- infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
-
- /* print a human-readable message describing the error if available */
- nss_print_error_message(data, err);
- }
-
- if(model)
- PR_Close(model);
-
- /* cleanup on connection failure */
- Curl_llist_destroy(connssl->obj_list, NULL);
- connssl->obj_list = NULL;
-
- if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
- /* schedule reconnect through Curl_retry_request() */
- data->state.ssl_connect_retry = TRUE;
- infof(data, "Error in TLS handshake, trying SSLv3...\n");
- return CURLE_OK;
- }
-
- return curlerr;
-}
-
-static ssize_t nss_send(struct connectdata *conn, /* connection data */
- int sockindex, /* socketindex */
- const void *mem, /* send this data */
- size_t len, /* amount to write */
- CURLcode *curlcode)
-{
- ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0,
- PR_INTERVAL_NO_WAIT);
- if(rc < 0) {
- PRInt32 err = PR_GetError();
- if(err == PR_WOULD_BLOCK_ERROR)
- *curlcode = CURLE_AGAIN;
- else {
- /* print the error number and error string */
- const char *err_name = nss_error_to_name(err);
- infof(conn->data, "SSL write: error %d (%s)\n", err, err_name);
-
- /* print a human-readable message describing the error if available */
- nss_print_error_message(conn->data, err);
-
- *curlcode = (is_cc_error(err))
- ? CURLE_SSL_CERTPROBLEM
- : CURLE_SEND_ERROR;
- }
- return -1;
- }
- return rc; /* number of bytes */
-}
-
-static ssize_t nss_recv(struct connectdata * conn, /* connection data */
- int num, /* socketindex */
- char *buf, /* store read data here */
- size_t buffersize, /* max amount to read */
- CURLcode *curlcode)
-{
- ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
- PR_INTERVAL_NO_WAIT);
- if(nread < 0) {
- /* failed SSL read */
- PRInt32 err = PR_GetError();
-
- if(err == PR_WOULD_BLOCK_ERROR)
- *curlcode = CURLE_AGAIN;
- else {
- /* print the error number and error string */
- const char *err_name = nss_error_to_name(err);
- infof(conn->data, "SSL read: errno %d (%s)\n", err, err_name);
-
- /* print a human-readable message describing the error if available */
- nss_print_error_message(conn->data, err);
-
- *curlcode = (is_cc_error(err))
- ? CURLE_SSL_CERTPROBLEM
- : CURLE_RECV_ERROR;
- }
- return -1;
- }
- return nread;
-}
-
-size_t Curl_nss_version(char *buffer, size_t size)
-{
- return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
-}
-
-int Curl_nss_seed(struct SessionHandle *data)
-{
- /* make sure that NSS is initialized */
- return !!Curl_nss_force_init(data);
-}
-
-void Curl_nss_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length)
-{
- Curl_nss_seed(data); /* Initiate the seed if not already done */
- if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {
- /* no way to signal a failure from here, we have to abort */
- failf(data, "PK11_GenerateRandom() failed, calling abort()...");
- abort();
- }
-}
-
-void Curl_nss_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len)
-{
- PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
- unsigned int MD5out;
- PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen));
- PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len));
- PK11_DestroyContext(MD5pw, PR_TRUE);
-}
-
-#endif /* USE_NSS */
diff --git a/libs/libcurl/src/nssg.h b/libs/libcurl/src/nssg.h
deleted file mode 100644
index cd32706a71..0000000000
--- a/libs/libcurl/src/nssg.h
+++ /dev/null
@@ -1,88 +0,0 @@
-#ifndef HEADER_CURL_NSSG_H
-#define HEADER_CURL_NSSG_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-#ifdef USE_NSS
-/*
- * This header should only be needed to get included by sslgen.c and nss.c
- */
-
-#include "urldata.h"
-
-CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex);
-CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-/* close a SSL connection */
-void Curl_nss_close(struct connectdata *conn, int sockindex);
-
-/* tell NSS to close down all open information regarding connections (and
- thus session ID caching etc) */
-int Curl_nss_close_all(struct SessionHandle *data);
-
-int Curl_nss_init(void);
-void Curl_nss_cleanup(void);
-
-size_t Curl_nss_version(char *buffer, size_t size);
-int Curl_nss_check_cxn(struct connectdata *cxn);
-int Curl_nss_seed(struct SessionHandle *data);
-
-/* initialize NSS library if not already */
-CURLcode Curl_nss_force_init(struct SessionHandle *data);
-
-void Curl_nss_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length);
-
-void Curl_nss_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len);
-
-/* this backend provides these functions: */
-#define have_curlssl_random 1
-#define have_curlssl_md5sum 1
-
-/* API setup for NSS */
-#define curlssl_init Curl_nss_init
-#define curlssl_cleanup Curl_nss_cleanup
-#define curlssl_connect Curl_nss_connect
-
-/* NSS has its own session ID cache */
-#define curlssl_session_free(x) Curl_nop_stmt
-#define curlssl_close_all Curl_nss_close_all
-#define curlssl_close Curl_nss_close
-/* NSS has no shutdown function provided and thus always fail */
-#define curlssl_shutdown(x,y) (x=x, y=y, 1)
-#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
-#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
-#define curlssl_version Curl_nss_version
-#define curlssl_check_cxn(x) Curl_nss_check_cxn(x)
-#define curlssl_data_pending(x,y) (x=x, y=y, 0)
-#define curlssl_random(x,y,z) Curl_nss_random(x,y,z)
-#define curlssl_md5sum(a,b,c,d) Curl_nss_md5sum(a,b,c,d)
-
-#endif /* USE_NSS */
-#endif /* HEADER_CURL_NSSG_H */
diff --git a/libs/libcurl/src/nwlib.c b/libs/libcurl/src/nwlib.c
index 252bf11ec8..290cbe31f4 100644
--- a/libs/libcurl/src/nwlib.c
+++ b/libs/libcurl/src/nwlib.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -58,26 +58,26 @@ rtag_t gAllocTag = (rtag_t) NULL;
NXMutex_t *gLibLock = (NXMutex_t *) NULL;
/* internal library function prototypes... */
-int DisposeLibraryData( void * );
-void DisposeThreadData( void * );
-int GetOrSetUpData( int id, libdata_t **data, libthreaddata_t **threaddata );
-
-
-int _NonAppStart( void *NLMHandle,
- void *errorScreen,
- const char *cmdLine,
- const char *loadDirPath,
- size_t uninitializedDataLength,
- void *NLMFileHandle,
- int (*readRoutineP)( int conn,
- void *fileHandle, size_t offset,
- size_t nbytes,
- size_t *bytesRead,
- void *buffer ),
+int DisposeLibraryData(void *);
+void DisposeThreadData(void *);
+int GetOrSetUpData(int id, libdata_t **data, libthreaddata_t **threaddata);
+
+
+int _NonAppStart(void *NLMHandle,
+ void *errorScreen,
+ const char *cmdLine,
+ const char *loadDirPath,
+ size_t uninitializedDataLength,
+ void *NLMFileHandle,
+ int (*readRoutineP)(int conn,
+ void *fileHandle, size_t offset,
+ size_t nbytes,
+ size_t *bytesRead,
+ void *buffer),
size_t customDataOffset,
size_t customDataSize,
int messageCount,
- const char **messages )
+ const char **messages)
{
NX_LOCK_INFO_ALLOC(liblock, "Per-Application Data Lock", 0);
@@ -132,7 +132,7 @@ int _NonAppStart( void *NLMHandle,
* Here we clean up any resources we allocated. Resource tags is a big part
* of what we created, but NetWare doesn't ask us to free those.
*/
-void _NonAppStop( void )
+void _NonAppStop(void)
{
(void) unregister_library(gLibId);
NXMutexFree(gLibLock);
@@ -149,13 +149,13 @@ void _NonAppStop( void )
* we return a non-zero value. Right now, there isn't any reason not to allow
* it.
*/
-int _NonAppCheckUnload( void )
+int _NonAppCheckUnload(void)
{
return 0;
}
int GetOrSetUpData(int id, libdata_t **appData,
- libthreaddata_t **threadData )
+ libthreaddata_t **threadData)
{
int err;
libdata_t *app_data;
@@ -184,7 +184,8 @@ int GetOrSetUpData(int id, libdata_t **appData,
*/
NXLock(gLibLock);
- if(!(app_data = (libdata_t *) get_app_data(id))) {
+ app_data = (libdata_t *) get_app_data(id);
+ if(!app_data) {
app_data = malloc(sizeof(libdata_t));
if(app_data) {
@@ -259,7 +260,8 @@ int GetOrSetUpData(int id, libdata_t **appData,
err = ENOMEM;
}
- if((err = NXKeySetValue(key, thread_data))) {
+ err = NXKeySetValue(key, thread_data);
+ if(err) {
free(thread_data->twentybytes);
free(thread_data);
thread_data = (libthreaddata_t *) NULL;
@@ -277,28 +279,24 @@ int GetOrSetUpData(int id, libdata_t **appData,
return err;
}
-int DisposeLibraryData( void *data )
+int DisposeLibraryData(void *data)
{
if(data) {
void *tenbytes = ((libdata_t *) data)->tenbytes;
- if(tenbytes)
- free(tenbytes);
-
+ free(tenbytes);
free(data);
}
return 0;
}
-void DisposeThreadData( void *data )
+void DisposeThreadData(void *data)
{
if(data) {
void *twentybytes = ((libthreaddata_t *) data)->twentybytes;
- if(twentybytes)
- free(twentybytes);
-
+ free(twentybytes);
free(data);
}
}
@@ -307,14 +305,14 @@ void DisposeThreadData( void *data )
/* For native CLib-based NLM seems we can do a bit more simple. */
#include <nwthread.h>
-int main ( void )
+int main(void)
{
/* initialize any globals here... */
/* do this if any global initializing was done
SynchronizeStart();
*/
- ExitThread (TSR_THREAD, 0);
+ ExitThread(TSR_THREAD, 0);
return 0;
}
diff --git a/libs/libcurl/src/nwos.c b/libs/libcurl/src/nwos.c
index 23ff2a7172..c6c22ccbbf 100644
--- a/libs/libcurl/src/nwos.c
+++ b/libs/libcurl/src/nwos.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,7 +26,7 @@
#ifdef __NOVELL_LIBC__
/* For native LibC-based NLM we need to do nothing. */
-int netware_init ( void )
+int netware_init(void)
{
return 0;
}
@@ -45,7 +45,7 @@ NETDB_DEFINE_CONTEXT
#include <arpa/inet.h>
NETINET_DEFINE_CONTEXT
-int netware_init ( void )
+int netware_init(void)
{
int rc = 0;
unsigned int myHandle = GetNLMHandle();
@@ -72,13 +72,13 @@ int netware_init ( void )
}
/* dummy function to satisfy newer prelude */
-int __init_environment ( void )
+int __init_environment(void)
{
return 0;
}
/* dummy function to satisfy newer prelude */
-int __deinit_environment ( void )
+int __deinit_environment(void)
{
return 0;
}
diff --git a/libs/libcurl/src/objnames-test08.sh b/libs/libcurl/src/objnames-test08.sh
new file mode 100644
index 0000000000..485975765c
--- /dev/null
+++ b/libs/libcurl/src/objnames-test08.sh
@@ -0,0 +1,217 @@
+#!/bin/sh
+# ***************************************************************************
+# * _ _ ____ _
+# * Project ___| | | | _ \| |
+# * / __| | | | |_) | |
+# * | (__| |_| | _ <| |___
+# * \___|\___/|_| \_\_____|
+# *
+# * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# *
+# * This software is licensed as described in the file COPYING, which
+# * you should have received as part of this distribution. The terms
+# * are also available at https://curl.haxx.se/docs/copyright.html.
+# *
+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# * copies of the Software, and permit persons to whom the Software is
+# * furnished to do so, under the terms of the COPYING file.
+# *
+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# * KIND, either express or implied.
+# *
+# ***************************************************************************
+
+#
+# This Bourne shell script file is used by test case 1222 to do
+# unit testing of curl_8char_object_name() shell function which
+# is defined in file objnames.inc and sourced by this file and
+# any other shell script that may use it.
+#
+
+#
+# argument validation
+#
+
+if test $# -eq 1; then
+ :
+else
+ echo "Usage: ${0} srcdir"
+ exit 1
+fi
+
+if test -f "${1}/runtests.pl"; then
+ :
+else
+ echo "${0}: Wrong srcdir"
+ exit 1
+fi
+
+srcdir=${1}
+
+if test -f "$srcdir/../lib/objnames.inc"; then
+ :
+else
+ echo "$0: Missing objnames.inc"
+ exit 1
+fi
+
+#
+# Some variables
+#
+
+logdir=log
+tstnum=1222
+
+list_c=$logdir/${tstnum}_list_c
+list_obj=$logdir/${tstnum}_list_obj
+list_obj_c=$logdir/${tstnum}_list_obj_c
+list_obj_uniq=$logdir/${tstnum}_list_obj_uniq
+
+
+#
+# Source curl_8char_object_name() function definition
+#
+
+. $srcdir/../lib/objnames.inc
+
+#
+# Some curl_8char_object_name() unit tests
+#
+
+echo 'Testing curl_8char_object_name...'
+echo ""
+
+argstr=123__678__ABC__FGH__KLM__PQRSTUV
+expect=16AFKPQR
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123__678__ABC__FGH__KLM__PQ.S.UV
+expect=16AFKPQ
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123__678__ABC..FGH..KLM..PQRSTUV
+expect=16ABC
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123__678_.ABC._FGH__KLM__PQRSTUV
+expect=16
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123.567.90ABCDEFGHIJKLMNOPQRSTUV
+expect=123
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567.90A.CDEFGHIJKLMNOPQRSTUV
+expect=1234567
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567890.BCD.FGHIJKLMNOPQRSTUV
+expect=12345678
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=12=45-78+0AB.DE.GHIJKLMNOPQRSTUV
+expect=1470AB
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
+expect=12345678
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567_90A_CDE_GHIJKLMNOPQRSTUV
+expect=159CGHIJ
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567_90A_CDEFGHIJKLMNOPQRSTUV
+expect=159CDEFG
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567_90ABCDEFGHIJKLMNOPQRSTUV
+expect=1590ABCD
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567890ABCDEFGHIJKLMNOPQRSTUV
+expect=1567890A
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
+expect=12345678
+outstr=`curl_8char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+#
+# Verify that generated object name is distinct for
+# all *.c source files in lib and src subdirectories.
+#
+
+ls $srcdir/../lib/*.c > $list_c
+ls $srcdir/../src/*.c >> $list_c
+
+rm -f $list_obj
+
+for c_fname in `cat $list_c`; do
+ obj_name=`curl_8char_object_name $c_fname`
+ echo "$obj_name" >> $list_obj
+done
+
+sort -u $list_obj > $list_obj_uniq
+
+cnt_c=`cat $list_c | wc -l`
+cnt_u=`cat $list_obj_uniq | wc -l`
+
+echo ""
+echo ""
+echo ""
+if test $cnt_c -eq $cnt_u; then
+ echo "8-characters-or-less generated object names are unique."
+ obj_name_clash="no"
+else
+ echo "8-characters-or-less generated object names are clashing..."
+ obj_name_clash="yes"
+fi
+
+if test $obj_name_clash = "yes"; then
+ #
+ # Show clashing object names and respective source file names
+ #
+ echo ""
+ paste $list_obj $list_c | sort > $list_obj_c
+ prev_match="no"
+ prev_line="unknown"
+ prev_obj_name="unknown"
+ while read this_line; do
+ obj_name=`echo "$this_line" | cut -f1`
+ if test "x$obj_name" = "x$prev_obj_name"; then
+ if test "x$prev_match" != "xyes"; then
+ echo "$prev_line"
+ echo "$this_line"
+ prev_match="yes"
+ else
+ echo "$this_line"
+ fi
+ else
+ prev_match="no"
+ fi
+ prev_line=$this_line
+ prev_obj_name=$obj_name
+ done < $list_obj_c
+fi
+
+rm -f $list_c
+rm -f $list_obj
+rm -f $list_obj_c
+rm -f $list_obj_uniq
+
+# end of objnames-test.sh
diff --git a/libs/libcurl/src/objnames-test10.sh b/libs/libcurl/src/objnames-test10.sh
new file mode 100644
index 0000000000..62184b8640
--- /dev/null
+++ b/libs/libcurl/src/objnames-test10.sh
@@ -0,0 +1,217 @@
+#!/bin/sh
+# ***************************************************************************
+# * _ _ ____ _
+# * Project ___| | | | _ \| |
+# * / __| | | | |_) | |
+# * | (__| |_| | _ <| |___
+# * \___|\___/|_| \_\_____|
+# *
+# * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# *
+# * This software is licensed as described in the file COPYING, which
+# * you should have received as part of this distribution. The terms
+# * are also available at https://curl.haxx.se/docs/copyright.html.
+# *
+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# * copies of the Software, and permit persons to whom the Software is
+# * furnished to do so, under the terms of the COPYING file.
+# *
+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# * KIND, either express or implied.
+# *
+# ***************************************************************************
+
+#
+# This Bourne shell script file is used by test case 1221 to do
+# unit testing of curl_10char_object_name() shell function which
+# is defined in file objnames.inc and sourced by this file and
+# any other shell script that may use it.
+#
+
+#
+# argument validation
+#
+
+if test $# -eq 1; then
+ :
+else
+ echo "Usage: ${0} srcdir"
+ exit 1
+fi
+
+if test -f "${1}/runtests.pl"; then
+ :
+else
+ echo "${0}: Wrong srcdir"
+ exit 1
+fi
+
+srcdir=${1}
+
+if test -f "$srcdir/../lib/objnames.inc"; then
+ :
+else
+ echo "$0: Missing objnames.inc"
+ exit 1
+fi
+
+#
+# Some variables
+#
+
+logdir=log
+tstnum=1221
+
+list_c=$logdir/${tstnum}_list_c
+list_obj=$logdir/${tstnum}_list_obj
+list_obj_c=$logdir/${tstnum}_list_obj_c
+list_obj_uniq=$logdir/${tstnum}_list_obj_uniq
+
+
+#
+# Source curl_10char_object_name() function definition
+#
+
+. $srcdir/../lib/objnames.inc
+
+#
+# Some curl_10char_object_name() unit tests
+#
+
+echo 'Testing curl_10char_object_name...'
+echo ""
+
+argstr=123__678__ABC__FGH__KLM__PQRSTUV
+expect=16AFKPQRST
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123__678__ABC__FGH__KLM__PQ.S.UV
+expect=16AFKPQ
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123__678__ABC..FGH..KLM..PQRSTUV
+expect=16ABC
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123__678_.ABC._FGH__KLM__PQRSTUV
+expect=16
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123.567.90ABCDEFGHIJKLMNOPQRSTUV
+expect=123
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567.90A.CDEFGHIJKLMNOPQRSTUV
+expect=1234567
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567890.BCD.FGHIJKLMNOPQRSTUV
+expect=1234567890
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=12=45-78+0AB.DE.GHIJKLMNOPQRSTUV
+expect=1470AB
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
+expect=1234567890
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567_90A_CDE_GHIJKLMNOPQRSTUV
+expect=159CGHIJKL
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567_90A_CDEFGHIJKLMNOPQRSTUV
+expect=159CDEFGHI
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567_90ABCDEFGHIJKLMNOPQRSTUV
+expect=1590ABCDEF
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=123_567890ABCDEFGHIJKLMNOPQRSTUV
+expect=1567890ABC
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+argstr=1234567890ABCDEFGHIJKLMNOPQRSTUV
+expect=1234567890
+outstr=`curl_10char_object_name $argstr`
+echo "result: $outstr expected: $expect input: $argstr"
+
+#
+# Verify that generated object name is distinct for
+# all *.c source files in lib and src subdirectories.
+#
+
+ls $srcdir/../lib/*.c > $list_c
+ls $srcdir/../src/*.c >> $list_c
+
+rm -f $list_obj
+
+for c_fname in `cat $list_c`; do
+ obj_name=`curl_10char_object_name $c_fname`
+ echo "$obj_name" >> $list_obj
+done
+
+sort -u $list_obj > $list_obj_uniq
+
+cnt_c=`cat $list_c | wc -l`
+cnt_u=`cat $list_obj_uniq | wc -l`
+
+echo ""
+echo ""
+echo ""
+if test $cnt_c -eq $cnt_u; then
+ echo "10-characters-or-less generated object names are unique."
+ obj_name_clash="no"
+else
+ echo "10-characters-or-less generated object names are clashing..."
+ obj_name_clash="yes"
+fi
+
+if test $obj_name_clash = "yes"; then
+ #
+ # Show clashing object names and respective source file names
+ #
+ echo ""
+ paste $list_obj $list_c | sort > $list_obj_c
+ prev_match="no"
+ prev_line="unknown"
+ prev_obj_name="unknown"
+ while read this_line; do
+ obj_name=`echo "$this_line" | cut -f1`
+ if test "x$obj_name" = "x$prev_obj_name"; then
+ if test "x$prev_match" != "xyes"; then
+ echo "$prev_line"
+ echo "$this_line"
+ prev_match="yes"
+ else
+ echo "$this_line"
+ fi
+ else
+ prev_match="no"
+ fi
+ prev_line=$this_line
+ prev_obj_name=$obj_name
+ done < $list_obj_c
+fi
+
+rm -f $list_c
+rm -f $list_obj
+rm -f $list_obj_c
+rm -f $list_obj_uniq
+
+# end of objnames-test10.sh
diff --git a/libs/libcurl/src/objnames.inc b/libs/libcurl/src/objnames.inc
new file mode 100644
index 0000000000..6a5b2a8378
--- /dev/null
+++ b/libs/libcurl/src/objnames.inc
@@ -0,0 +1,107 @@
+# ***************************************************************************
+# * _ _ ____ _
+# * Project ___| | | | _ \| |
+# * / __| | | | |_) | |
+# * | (__| |_| | _ <| |___
+# * \___|\___/|_| \_\_____|
+# *
+# * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+# *
+# * This software is licensed as described in the file COPYING, which
+# * you should have received as part of this distribution. The terms
+# * are also available at https://curl.haxx.se/docs/copyright.html.
+# *
+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# * copies of the Software, and permit persons to whom the Software is
+# * furnished to do so, under the terms of the COPYING file.
+# *
+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# * KIND, either express or implied.
+# *
+# ***************************************************************************
+
+#
+# This file is sourced from curl/packages/OS400/initscript.sh and
+# other Bourne shell scripts. Keep it as portable as possible.
+#
+
+#
+# curl_10char_object_name
+#
+# This shell function accepts a single string argument with unspecified
+# length representing a (*.c) source file name and returns a string which
+# is a transformation of given argument.
+#
+# The intended purpose of this function is to transliterate a (*.c) source
+# file name that may be longer than 10 characters, or not, into a string
+# with at most 10 characters which may be used as an OS/400 object name.
+#
+# This function might not be universally useful, nor we care about it.
+#
+# It is intended to be used with libcurl's (*.c) source file names, so
+# dependency on libcurl's source file naming scheme is acceptable and
+# good enough for its intended use. Specifically it makes use of the fact
+# that libcurl's (*.c) source file names which may be longer than 10 chars
+# are conformed with underscore '_' separated substrings, or separated by
+# other character which does not belong to the [0-9], [a-z] or [A-Z] sets.
+#
+# This allows repeatable and automatic short object name generation with
+# no need for a hardcoded mapping table.
+#
+# Transformation is done in the following way:
+#
+# 1) Leading directory components are removed.
+# 2) Leftmost dot character and any other char following it are removed.
+# 3) Lowercase characters are transliterated to uppercase.
+# 4) Characters not in [A-Z] or [0-9] are transliterated to underscore '_'.
+# 5) Every sequence of one or more underscores is replaced with a single one.
+# 6) Five leftmost substrings which end in an underscore character are
+# replaced by the first character of each substring, while retaining
+# the rest of the string.
+# 7) Finally the result is truncated to 10 characters.
+#
+# Resulting object name may be shorter than 10 characters.
+#
+# Test case 1221 does unit testng of this function and also verifies
+# that it is possible to generate distinct short object names for all
+# curl and libcurl *.c source file names.
+#
+
+curl_10char_object_name() {
+ echo "${1}" | \
+ sed -e 's:.*/::' \
+ -e 's:[.].*::' \
+ -e 'y:abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:' \
+ -e 's:[^ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_]:_:g' \
+ -e 's:__*:_:g' \
+ -e 's:\([^_]\)[^_]*_\(.*\):\1\2:' \
+ -e 's:\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3:' \
+ -e 's:\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4:' \
+ -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5:' \
+ -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5\6:' \
+ -e 's:^\(..........\).*:\1:'
+}
+
+#
+# curl_8char_object_name
+#
+# Same as curl_10char_object_name() description and details above, except
+# that object name is limited to 8 charcters maximum.
+#
+
+curl_8char_object_name() {
+ echo "${1}" | \
+ sed -e 's:.*/::' \
+ -e 's:[.].*::' \
+ -e 'y:abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:' \
+ -e 's:[^ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_]:_:g' \
+ -e 's:__*:_:g' \
+ -e 's:\([^_]\)[^_]*_\(.*\):\1\2:' \
+ -e 's:\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3:' \
+ -e 's:\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4:' \
+ -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5:' \
+ -e 's:\([^_]\)\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\):\1\2\3\4\5\6:' \
+ -e 's:^\(........\).*:\1:'
+}
+
+# end of objectname.inc
diff --git a/libs/libcurl/src/openldap.c b/libs/libcurl/src/openldap.c
index 98793b3067..ac356d098c 100644
--- a/libs/libcurl/src/openldap.c
+++ b/libs/libcurl/src/openldap.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010, Howard Chu, <hyc@openldap.org>
- * Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010, 2017, Howard Chu, <hyc@openldap.org>
+ * Copyright (C) 2011 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -41,15 +41,14 @@
#include "urldata.h"
#include <curl/curl.h>
#include "sendf.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "transfer.h"
#include "curl_ldap.h"
-#include "curl_memory.h"
#include "curl_base64.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "connect.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#ifndef _LDAP_PVT_H
@@ -58,7 +57,7 @@ extern int ldap_init_fd(ber_socket_t fd, int proto, const char *url,
LDAP **ld);
#endif
-static CURLcode ldap_setup(struct connectdata *conn);
+static CURLcode ldap_setup_connection(struct connectdata *conn);
static CURLcode ldap_do(struct connectdata *conn, bool *done);
static CURLcode ldap_done(struct connectdata *conn, CURLcode, bool);
static CURLcode ldap_connect(struct connectdata *conn, bool *done);
@@ -73,7 +72,7 @@ static Curl_recv ldap_recv;
const struct Curl_handler Curl_handler_ldap = {
"LDAP", /* scheme */
- ldap_setup, /* setup_connection */
+ ldap_setup_connection, /* setup_connection */
ldap_do, /* do_it */
ldap_done, /* done */
ZERO_NULL, /* do_more */
@@ -86,6 +85,7 @@ const struct Curl_handler Curl_handler_ldap = {
ZERO_NULL, /* perform_getsock */
ldap_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_LDAP, /* defport */
CURLPROTO_LDAP, /* protocol */
PROTOPT_NONE /* flags */
@@ -98,7 +98,7 @@ const struct Curl_handler Curl_handler_ldap = {
const struct Curl_handler Curl_handler_ldaps = {
"LDAPS", /* scheme */
- ldap_setup, /* setup_connection */
+ ldap_setup_connection, /* setup_connection */
ldap_do, /* do_it */
ldap_done, /* done */
ZERO_NULL, /* do_more */
@@ -111,6 +111,7 @@ const struct Curl_handler Curl_handler_ldaps = {
ZERO_NULL, /* perform_getsock */
ldap_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_LDAPS, /* defport */
CURLPROTO_LDAP, /* protocol */
PROTOPT_SSL /* flags */
@@ -147,11 +148,11 @@ typedef struct ldapreqinfo {
int nument;
} ldapreqinfo;
-static CURLcode ldap_setup(struct connectdata *conn)
+static CURLcode ldap_setup_connection(struct connectdata *conn)
{
ldapconninfo *li;
LDAPURLDesc *lud;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
int rc, proto;
CURLcode status;
@@ -175,7 +176,7 @@ static CURLcode ldap_setup(struct connectdata *conn)
return CURLE_OUT_OF_MEMORY;
li->proto = proto;
conn->proto.generic = li;
- conn->bits.close = FALSE;
+ connkeep(conn, "OpenLDAP default");
/* TODO:
* - provide option to choose SASL Binds instead of Simple
*/
@@ -189,13 +190,15 @@ static Sockbuf_IO ldapsb_tls;
static CURLcode ldap_connect(struct connectdata *conn, bool *done)
{
ldapconninfo *li = conn->proto.generic;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
int rc, proto = LDAP_VERSION3;
- char hosturl[1024], *ptr;
+ char hosturl[1024];
+ char *ptr;
+
(void)done;
strcpy(hosturl, "ldap");
- ptr = hosturl+4;
+ ptr = hosturl + 4;
if(conn->handler->flags & PROTOPT_SSL)
*ptr++ = 's';
snprintf(ptr, sizeof(hosturl)-(ptr-hosturl), "://%s:%d",
@@ -212,10 +215,10 @@ static CURLcode ldap_connect(struct connectdata *conn, bool *done)
#ifdef USE_SSL
if(conn->handler->flags & PROTOPT_SSL) {
- CURLcode res;
- res = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &li->ssldone);
- if(res)
- return res;
+ CURLcode result;
+ result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &li->ssldone);
+ if(result)
+ return result;
}
#endif
@@ -225,9 +228,9 @@ static CURLcode ldap_connect(struct connectdata *conn, bool *done)
static CURLcode ldap_connecting(struct connectdata *conn, bool *done)
{
ldapconninfo *li = conn->proto.generic;
- struct SessionHandle *data=conn->data;
- LDAPMessage *result = NULL;
- struct timeval tv = {0,1}, *tvp;
+ struct Curl_easy *data = conn->data;
+ LDAPMessage *msg = NULL;
+ struct timeval tv = {0, 1}, *tvp;
int rc, err;
char *info = NULL;
@@ -235,11 +238,12 @@ static CURLcode ldap_connecting(struct connectdata *conn, bool *done)
if(conn->handler->flags & PROTOPT_SSL) {
/* Is the SSL handshake complete yet? */
if(!li->ssldone) {
- CURLcode res = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET,
- &li->ssldone);
- if(res || !li->ssldone)
- return res;
+ CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET,
+ &li->ssldone);
+ if(result || !li->ssldone)
+ return result;
}
+
/* Have we installed the libcurl SSL handlers into the sockbuf yet? */
if(!li->sslinst) {
Sockbuf *sb;
@@ -278,7 +282,7 @@ retry:
return CURLE_OK;
}
- rc = ldap_result(li->ld, li->msgid, LDAP_MSG_ONE, tvp, &result);
+ rc = ldap_result(li->ld, li->msgid, LDAP_MSG_ONE, tvp, &msg);
if(rc < 0) {
failf(data, "LDAP local: bind ldap_result %s", ldap_err2string(rc));
return CURLE_LDAP_CANNOT_BIND;
@@ -287,11 +291,13 @@ retry:
/* timed out */
return CURLE_OK;
}
- rc = ldap_parse_result(li->ld, result, &err, NULL, &info, NULL, NULL, 1);
+
+ rc = ldap_parse_result(li->ld, msg, &err, NULL, &info, NULL, NULL, 1);
if(rc) {
failf(data, "LDAP local: bind ldap_parse_result %s", ldap_err2string(rc));
return CURLE_LDAP_CANNOT_BIND;
}
+
/* Try to fallback to LDAPv2? */
if(err == LDAP_PROTOCOL_ERROR) {
int proto;
@@ -320,6 +326,7 @@ retry:
ldap_memfree(info);
conn->recv[FIRSTSOCKET] = ldap_recv;
*done = TRUE;
+
return CURLE_OK;
}
@@ -347,9 +354,9 @@ static CURLcode ldap_do(struct connectdata *conn, bool *done)
int rc = 0;
LDAPURLDesc *ludp = NULL;
int msgid;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
- conn->bits.close = FALSE;
+ connkeep(conn, "OpenLDAP do");
infof(data, "LDAP local: %s\n", data->change.url);
@@ -374,7 +381,7 @@ static CURLcode ldap_do(struct connectdata *conn, bool *done)
failf(data, "LDAP local: ldap_search_ext %s", ldap_err2string(rc));
return CURLE_LDAP_SEARCH_FAILED;
}
- lr = calloc(1,sizeof(ldapreqinfo));
+ lr = calloc(1, sizeof(ldapreqinfo));
if(!lr)
return CURLE_OUT_OF_MEMORY;
lr->msgid = msgid;
@@ -388,6 +395,7 @@ static CURLcode ldap_done(struct connectdata *conn, CURLcode res,
bool premature)
{
ldapreqinfo *lr = conn->data->req.protop;
+
(void)res;
(void)premature;
@@ -401,6 +409,7 @@ static CURLcode ldap_done(struct connectdata *conn, CURLcode res,
conn->data->req.protop = NULL;
free(lr);
}
+
return CURLE_OK;
}
@@ -408,18 +417,19 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
size_t len, CURLcode *err)
{
ldapconninfo *li = conn->proto.generic;
- struct SessionHandle *data=conn->data;
+ struct Curl_easy *data = conn->data;
ldapreqinfo *lr = data->req.protop;
int rc, ret;
- LDAPMessage *result = NULL;
+ LDAPMessage *msg = NULL;
LDAPMessage *ent;
BerElement *ber = NULL;
- struct timeval tv = {0,1};
+ struct timeval tv = {0, 1};
+
(void)len;
(void)buf;
(void)sockindex;
- rc = ldap_result(li->ld, lr->msgid, LDAP_MSG_RECEIVED, &tv, &result);
+ rc = ldap_result(li->ld, lr->msgid, LDAP_MSG_RECEIVED, &tv, &msg);
if(rc < 0) {
failf(data, "LDAP local: search ldap_result %s", ldap_err2string(rc));
*err = CURLE_RECV_ERROR;
@@ -430,13 +440,14 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
ret = -1;
/* timed out */
- if(result == NULL)
+ if(!msg)
return ret;
- for(ent = ldap_first_message(li->ld, result); ent;
+ for(ent = ldap_first_message(li->ld, msg); ent;
ent = ldap_next_message(li->ld, ent)) {
struct berval bv, *bvals, **bvp = &bvals;
int binary = 0, msgtype;
+ CURLcode writeerr;
msgtype = ldap_msgtype(ent);
if(msgtype == LDAP_RES_SEARCH_RESULT) {
@@ -476,9 +487,24 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
*err = CURLE_RECV_ERROR;
return -1;
}
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val, bv.bv_len);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"DN: ", 4);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val,
+ bv.bv_len);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 1);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
data->req.bytecount += bv.bv_len + 5;
for(rc = ldap_get_attribute_ber(li->ld, ent, ber, &bv, bvp);
@@ -493,12 +519,26 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
else
binary = 0;
- for(i=0; bvals[i].bv_val != NULL; i++) {
+ for(i = 0; bvals[i].bv_val != NULL; i++) {
int binval = 0;
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val,
- bv.bv_len);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)":", 1);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\t", 1);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)bv.bv_val,
+ bv.bv_len);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)":", 1);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
data->req.bytecount += bv.bv_len + 2;
if(!binary) {
@@ -509,7 +549,7 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
else {
/* check for unprintable characters */
unsigned int j;
- for(j=0; j<bvals[i].bv_len; j++)
+ for(j = 0; j<bvals[i].bv_len; j++)
if(!ISPRINT(bvals[i].bv_val[j])) {
binval = 1;
break;
@@ -528,36 +568,70 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
if(error) {
ber_memfree(bvals);
ber_free(ber, 0);
- ldap_msgfree(result);
+ ldap_msgfree(msg);
*err = error;
return -1;
}
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)": ", 2);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY,
+ (char *)": ", 2);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
data->req.bytecount += 2;
if(val_b64_sz > 0) {
- Curl_client_write(conn, CLIENTWRITE_BODY, val_b64, val_b64_sz);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, val_b64,
+ val_b64_sz);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
free(val_b64);
data->req.bytecount += val_b64_sz;
}
}
else {
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)" ", 1);
- Curl_client_write(conn, CLIENTWRITE_BODY, bvals[i].bv_val,
- bvals[i].bv_len);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)" ", 1);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, bvals[i].bv_val,
+ bvals[i].bv_len);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
data->req.bytecount += bvals[i].bv_len + 1;
}
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
+
data->req.bytecount++;
}
ber_memfree(bvals);
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
data->req.bytecount++;
}
- Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+ writeerr = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)"\n", 0);
+ if(writeerr) {
+ *err = writeerr;
+ return -1;
+ }
data->req.bytecount++;
ber_free(ber, 0);
}
- ldap_msgfree(result);
+ ldap_msgfree(msg);
return ret;
}
@@ -603,7 +677,7 @@ ldapsb_tls_read(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
ber_slen_t ret;
CURLcode err = CURLE_RECV_ERROR;
- ret = li->recv(conn, FIRSTSOCKET, buf, len, &err);
+ ret = (li->recv)(conn, FIRSTSOCKET, buf, len, &err);
if(ret < 0 && err == CURLE_AGAIN) {
SET_SOCKERRNO(EWOULDBLOCK);
}
@@ -618,7 +692,7 @@ ldapsb_tls_write(Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
ber_slen_t ret;
CURLcode err = CURLE_SEND_ERROR;
- ret = li->send(conn, FIRSTSOCKET, buf, len, &err);
+ ret = (li->send)(conn, FIRSTSOCKET, buf, len, &err);
if(ret < 0 && err == CURLE_AGAIN) {
SET_SOCKERRNO(EWOULDBLOCK);
}
diff --git a/libs/libcurl/src/openssl.c b/libs/libcurl/src/openssl.c
new file mode 100644
index 0000000000..7e1b681b2b
--- /dev/null
+++ b/libs/libcurl/src/openssl.c
@@ -0,0 +1,3661 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ */
+
+/*
+ * The original SSLeay-using code for curl was written by Linas Vepstas and
+ * Sampo Kellomaki 1998.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_OPENSSL
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "formdata.h" /* for the boundary function */
+#include "url.h" /* for the ssl config check function */
+#include "inet_pton.h"
+#include "openssl.h"
+#include "connect.h"
+#include "slist.h"
+#include "select.h"
+#include "vtls/vtls.h"
+#include "strcase.h"
+#include "hostcheck.h"
+#include "curl_printf.h"
+#include <openssl/ssl.h>
+#ifdef HAVE_OPENSSL_ENGINE_H
+#include <openssl/engine.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include <openssl/md5.h>
+#include <openssl/conf.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/bio.h>
+#include <openssl/buffer.h>
+
+#ifndef OPENSSL_IS_BORINGSSL
+/* BoringSSL does not support PKCS12 */
+#define HAVE_PKCS12_SUPPORT 1
+#include <openssl/pkcs12.h>
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
+#include <openssl/ocsp.h>
+#endif
+
+#include "warnless.h"
+#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#ifndef OPENSSL_VERSION_NUMBER
+#error "OPENSSL_VERSION_NUMBER not defined"
+#endif
+
+#if defined(HAVE_OPENSSL_ENGINE_H)
+#include <openssl/ui.h>
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#define SSL_METHOD_QUAL const
+#else
+#define SSL_METHOD_QUAL
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#define HAVE_ERR_REMOVE_THREAD_STATE 1
+#endif
+
+#if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
+ OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
+#undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
+#define OPENSSL_NO_SSL2
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
+ !defined(LIBRESSL_VERSION_NUMBER)
+#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
+#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
+#define CONST_EXTS const
+#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
+#else
+/* For OpenSSL before 1.1.0 */
+#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
+#define X509_get0_notBefore(x) X509_get_notBefore(x)
+#define X509_get0_notAfter(x) X509_get_notAfter(x)
+#define CONST_EXTS /* nope */
+#ifdef LIBRESSL_VERSION_NUMBER
+static unsigned long OpenSSL_version_num(void)
+{
+ return LIBRESSL_VERSION_NUMBER;
+}
+#else
+#define OpenSSL_version_num() SSLeay()
+#endif
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
+ !defined(LIBRESSL_VERSION_NUMBER)
+#define HAVE_X509_GET0_SIGNATURE 1
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
+ OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
+ !defined(OPENSSL_NO_COMP)
+#define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
+#endif
+
+#if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
+/* not present in older OpenSSL */
+#define OPENSSL_load_builtin_modules(x)
+#endif
+
+/*
+ * Whether SSL_CTX_set_keylog_callback is available.
+ * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
+ * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
+ * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
+ * lies and pretends to be OpenSSL 2.0.0).
+ */
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+ !defined(LIBRESSL_VERSION_NUMBER)) || \
+ defined(OPENSSL_IS_BORINGSSL)
+#define HAVE_KEYLOG_CALLBACK
+#endif
+
+#if defined(LIBRESSL_VERSION_NUMBER)
+#define OSSL_PACKAGE "LibreSSL"
+#elif defined(OPENSSL_IS_BORINGSSL)
+#define OSSL_PACKAGE "BoringSSL"
+#else
+#define OSSL_PACKAGE "OpenSSL"
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+/* up2date versions of OpenSSL maintain the default reasonably secure without
+ * breaking compatibility, so it is better not to override the default by curl
+ */
+#define DEFAULT_CIPHER_SELECTION NULL
+#else
+/* ... but it is not the case with old versions of OpenSSL */
+#define DEFAULT_CIPHER_SELECTION \
+ "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
+#endif
+
+#ifdef ENABLE_SSLKEYLOGFILE
+typedef struct ssl_tap_state {
+ int master_key_length;
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+} ssl_tap_state_t;
+#endif /* ENABLE_SSLKEYLOGFILE */
+
+struct ssl_backend_data {
+ /* these ones requires specific SSL-types */
+ SSL_CTX* ctx;
+ SSL* handle;
+ X509* server_cert;
+#ifdef ENABLE_SSLKEYLOGFILE
+ /* tap_state holds the last seen master key if we're logging them */
+ ssl_tap_state_t tap_state;
+#endif
+};
+
+#define BACKEND connssl->backend
+
+/*
+ * Number of bytes to read from the random number seed file. This must be
+ * a finite value (because some entropy "files" like /dev/urandom have
+ * an infinite length), but must be large enough to provide enough
+ * entropy to properly seed OpenSSL's PRNG.
+ */
+#define RAND_LOAD_LENGTH 1024
+
+#ifdef ENABLE_SSLKEYLOGFILE
+/* The fp for the open SSLKEYLOGFILE, or NULL if not open */
+static FILE *keylog_file_fp;
+
+#ifdef HAVE_KEYLOG_CALLBACK
+static void ossl_keylog_callback(const SSL *ssl, const char *line)
+{
+ (void)ssl;
+
+ /* Using fputs here instead of fprintf since libcurl's fprintf replacement
+ may not be thread-safe. */
+ if(keylog_file_fp && line && *line) {
+ char stackbuf[256];
+ char *buf;
+ size_t linelen = strlen(line);
+
+ if(linelen <= sizeof(stackbuf) - 2)
+ buf = stackbuf;
+ else {
+ buf = malloc(linelen + 2);
+ if(!buf)
+ return;
+ }
+ strncpy(buf, line, linelen);
+ buf[linelen] = '\n';
+ buf[linelen + 1] = '\0';
+
+ fputs(buf, keylog_file_fp);
+ if(buf != stackbuf)
+ free(buf);
+ }
+}
+#else
+#define KEYLOG_PREFIX "CLIENT_RANDOM "
+#define KEYLOG_PREFIX_LEN (sizeof(KEYLOG_PREFIX) - 1)
+/*
+ * tap_ssl_key is called by libcurl to make the CLIENT_RANDOMs if the OpenSSL
+ * being used doesn't have native support for doing that.
+ */
+static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state)
+{
+ const char *hex = "0123456789ABCDEF";
+ int pos, i;
+ char line[KEYLOG_PREFIX_LEN + 2 * SSL3_RANDOM_SIZE + 1 +
+ 2 * SSL_MAX_MASTER_KEY_LENGTH + 1 + 1];
+ const SSL_SESSION *session = SSL_get_session(ssl);
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ int master_key_length = 0;
+
+ if(!session || !keylog_file_fp)
+ return;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
+ * we have a valid SSL context if we have a non-NULL session. */
+ SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
+ master_key_length =
+ SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
+#else
+ if(ssl->s3 && session->master_key_length > 0) {
+ master_key_length = session->master_key_length;
+ memcpy(master_key, session->master_key, session->master_key_length);
+ memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
+ }
+#endif
+
+ if(master_key_length <= 0)
+ return;
+
+ /* Skip writing keys if there is no key or it did not change. */
+ if(state->master_key_length == master_key_length &&
+ !memcmp(state->master_key, master_key, master_key_length) &&
+ !memcmp(state->client_random, client_random, SSL3_RANDOM_SIZE)) {
+ return;
+ }
+
+ state->master_key_length = master_key_length;
+ memcpy(state->master_key, master_key, master_key_length);
+ memcpy(state->client_random, client_random, SSL3_RANDOM_SIZE);
+
+ memcpy(line, KEYLOG_PREFIX, KEYLOG_PREFIX_LEN);
+ pos = KEYLOG_PREFIX_LEN;
+
+ /* Client Random for SSLv3/TLS */
+ for(i = 0; i < SSL3_RANDOM_SIZE; i++) {
+ line[pos++] = hex[client_random[i] >> 4];
+ line[pos++] = hex[client_random[i] & 0xF];
+ }
+ line[pos++] = ' ';
+
+ /* Master Secret (size is at most SSL_MAX_MASTER_KEY_LENGTH) */
+ for(i = 0; i < master_key_length; i++) {
+ line[pos++] = hex[master_key[i] >> 4];
+ line[pos++] = hex[master_key[i] & 0xF];
+ }
+ line[pos++] = '\n';
+ line[pos] = '\0';
+
+ /* Using fputs here instead of fprintf since libcurl's fprintf replacement
+ may not be thread-safe. */
+ fputs(line, keylog_file_fp);
+}
+#endif /* !HAVE_KEYLOG_CALLBACK */
+#endif /* ENABLE_SSLKEYLOGFILE */
+
+static const char *SSL_ERROR_to_str(int err)
+{
+ switch(err) {
+ case SSL_ERROR_NONE:
+ return "SSL_ERROR_NONE";
+ case SSL_ERROR_SSL:
+ return "SSL_ERROR_SSL";
+ case SSL_ERROR_WANT_READ:
+ return "SSL_ERROR_WANT_READ";
+ case SSL_ERROR_WANT_WRITE:
+ return "SSL_ERROR_WANT_WRITE";
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ return "SSL_ERROR_WANT_X509_LOOKUP";
+ case SSL_ERROR_SYSCALL:
+ return "SSL_ERROR_SYSCALL";
+ case SSL_ERROR_ZERO_RETURN:
+ return "SSL_ERROR_ZERO_RETURN";
+ case SSL_ERROR_WANT_CONNECT:
+ return "SSL_ERROR_WANT_CONNECT";
+ case SSL_ERROR_WANT_ACCEPT:
+ return "SSL_ERROR_WANT_ACCEPT";
+#if defined(SSL_ERROR_WANT_ASYNC)
+ case SSL_ERROR_WANT_ASYNC:
+ return "SSL_ERROR_WANT_ASYNC";
+#endif
+#if defined(SSL_ERROR_WANT_ASYNC_JOB)
+ case SSL_ERROR_WANT_ASYNC_JOB:
+ return "SSL_ERROR_WANT_ASYNC_JOB";
+#endif
+#if defined(SSL_ERROR_WANT_EARLY)
+ case SSL_ERROR_WANT_EARLY:
+ return "SSL_ERROR_WANT_EARLY";
+#endif
+ default:
+ return "SSL_ERROR unknown";
+ }
+}
+
+/* Return error string for last OpenSSL error
+ */
+static char *ossl_strerror(unsigned long error, char *buf, size_t size)
+{
+ ERR_error_string_n(error, buf, size);
+ return buf;
+}
+
+static int passwd_callback(char *buf, int num, int encrypting,
+ void *global_passwd)
+{
+ DEBUGASSERT(0 == encrypting);
+
+ if(!encrypting) {
+ int klen = curlx_uztosi(strlen((char *)global_passwd));
+ if(num > klen) {
+ memcpy(buf, global_passwd, klen + 1);
+ return klen;
+ }
+ }
+ return 0;
+}
+
+/*
+ * rand_enough() returns TRUE if we have seeded the random engine properly.
+ */
+static bool rand_enough(void)
+{
+ return (0 != RAND_status()) ? TRUE : FALSE;
+}
+
+static CURLcode Curl_ossl_seed(struct Curl_easy *data)
+{
+ /* we have the "SSL is seeded" boolean static to prevent multiple
+ time-consuming seedings in vain */
+ static bool ssl_seeded = FALSE;
+ char fname[256];
+
+ if(ssl_seeded)
+ return CURLE_OK;
+
+ if(rand_enough()) {
+ /* OpenSSL 1.1.0+ will return here */
+ ssl_seeded = TRUE;
+ return CURLE_OK;
+ }
+
+#ifndef RANDOM_FILE
+ /* if RANDOM_FILE isn't defined, we only perform this if an option tells
+ us to! */
+ if(data->set.str[STRING_SSL_RANDOM_FILE])
+#define RANDOM_FILE "" /* doesn't matter won't be used */
+#endif
+ {
+ /* let the option override the define */
+ RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
+ data->set.str[STRING_SSL_RANDOM_FILE]:
+ RANDOM_FILE),
+ RAND_LOAD_LENGTH);
+ if(rand_enough())
+ return CURLE_OK;
+ }
+
+#if defined(HAVE_RAND_EGD)
+ /* only available in OpenSSL 0.9.5 and later */
+ /* EGD_SOCKET is set at configure time or not at all */
+#ifndef EGD_SOCKET
+ /* If we don't have the define set, we only do this if the egd-option
+ is set */
+ if(data->set.str[STRING_SSL_EGDSOCKET])
+#define EGD_SOCKET "" /* doesn't matter won't be used */
+#endif
+ {
+ /* If there's an option and a define, the option overrides the
+ define */
+ int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
+ data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
+ if(-1 != ret) {
+ if(rand_enough())
+ return CURLE_OK;
+ }
+ }
+#endif
+
+ /* fallback to a custom seeding of the PRNG using a hash based on a current
+ time */
+ do {
+ unsigned char randb[64];
+ size_t len = sizeof(randb);
+ size_t i, i_max;
+ for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
+ struct curltime tv = Curl_now();
+ Curl_wait_ms(1);
+ tv.tv_sec *= i + 1;
+ tv.tv_usec *= (unsigned int)i + 2;
+ tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
+ (i + 3)) << 8;
+ tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
+ Curl_now().tv_usec) *
+ (i + 4)) << 16;
+ memcpy(&randb[i * sizeof(struct curltime)], &tv,
+ sizeof(struct curltime));
+ }
+ RAND_add(randb, (int)len, (double)len/2);
+ } while(!rand_enough());
+
+ /* generates a default path for the random seed file */
+ fname[0] = 0; /* blank it first */
+ RAND_file_name(fname, sizeof(fname));
+ if(fname[0]) {
+ /* we got a file name to try */
+ RAND_load_file(fname, RAND_LOAD_LENGTH);
+ if(rand_enough())
+ return CURLE_OK;
+ }
+
+ infof(data, "libcurl is now using a weak random seed!\n");
+ return (rand_enough() ? CURLE_OK :
+ CURLE_SSL_CONNECT_ERROR /* confusing error code */);
+}
+
+#ifndef SSL_FILETYPE_ENGINE
+#define SSL_FILETYPE_ENGINE 42
+#endif
+#ifndef SSL_FILETYPE_PKCS12
+#define SSL_FILETYPE_PKCS12 43
+#endif
+static int do_file_type(const char *type)
+{
+ if(!type || !type[0])
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "PEM"))
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "DER"))
+ return SSL_FILETYPE_ASN1;
+ if(strcasecompare(type, "ENG"))
+ return SSL_FILETYPE_ENGINE;
+ if(strcasecompare(type, "P12"))
+ return SSL_FILETYPE_PKCS12;
+ return -1;
+}
+
+#if defined(HAVE_OPENSSL_ENGINE_H)
+/*
+ * Supply default password to the engine user interface conversation.
+ * The password is passed by OpenSSL engine from ENGINE_load_private_key()
+ * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
+ */
+static int ssl_ui_reader(UI *ui, UI_STRING *uis)
+{
+ const char *password;
+ switch(UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ password = (const char *)UI_get0_user_data(ui);
+ if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ default:
+ break;
+ }
+ return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
+}
+
+/*
+ * Suppress interactive request for a default password if available.
+ */
+static int ssl_ui_writer(UI *ui, UI_STRING *uis)
+{
+ switch(UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ if(UI_get0_user_data(ui) &&
+ (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
+ return 1;
+ }
+ default:
+ break;
+ }
+ return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
+}
+#endif
+
+static
+int cert_stuff(struct connectdata *conn,
+ SSL_CTX* ctx,
+ char *cert_file,
+ const char *cert_type,
+ char *key_file,
+ const char *key_type,
+ char *key_passwd)
+{
+ struct Curl_easy *data = conn->data;
+ char error_buffer[256];
+ bool check_privkey = TRUE;
+
+ int file_type = do_file_type(cert_type);
+
+ if(cert_file || (file_type == SSL_FILETYPE_ENGINE)) {
+ SSL *ssl;
+ X509 *x509;
+ int cert_done = 0;
+
+ if(key_passwd) {
+ /* set the password in the callback userdata */
+ SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
+ /* Set passwd callback: */
+ SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
+ }
+
+
+ switch(file_type) {
+ case SSL_FILETYPE_PEM:
+ /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
+ if(SSL_CTX_use_certificate_chain_file(ctx,
+ cert_file) != 1) {
+ failf(data,
+ "could not load PEM client certificate, " OSSL_PACKAGE
+ " error %s, "
+ "(no key found, wrong pass phrase, or wrong file format?)",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ return 0;
+ }
+ break;
+
+ case SSL_FILETYPE_ASN1:
+ /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
+ we use the case above for PEM so this can only be performed with
+ ASN1 files. */
+ if(SSL_CTX_use_certificate_file(ctx,
+ cert_file,
+ file_type) != 1) {
+ failf(data,
+ "could not load ASN1 client certificate, " OSSL_PACKAGE
+ " error %s, "
+ "(no key found, wrong pass phrase, or wrong file format?)",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ return 0;
+ }
+ break;
+ case SSL_FILETYPE_ENGINE:
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
+ {
+ if(data->state.engine) {
+ const char *cmd_name = "LOAD_CERT_CTRL";
+ struct {
+ const char *cert_id;
+ X509 *cert;
+ } params;
+
+ params.cert_id = cert_file;
+ params.cert = NULL;
+
+ /* Does the engine supports LOAD_CERT_CTRL ? */
+ if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
+ 0, (void *)cmd_name, NULL)) {
+ failf(data, "ssl engine does not support loading certificates");
+ return 0;
+ }
+
+ /* Load the certificate from the engine */
+ if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
+ 0, &params, NULL, 1)) {
+ failf(data, "ssl engine cannot load client cert with id"
+ " '%s' [%s]", cert_file,
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)));
+ return 0;
+ }
+
+ if(!params.cert) {
+ failf(data, "ssl engine didn't initialized the certificate "
+ "properly.");
+ return 0;
+ }
+
+ if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
+ failf(data, "unable to set client certificate");
+ X509_free(params.cert);
+ return 0;
+ }
+ X509_free(params.cert); /* we don't need the handle any more... */
+ }
+ else {
+ failf(data, "crypto engine not set, can't load certificate");
+ return 0;
+ }
+ }
+ break;
+#else
+ failf(data, "file type ENG for certificate not implemented");
+ return 0;
+#endif
+
+ case SSL_FILETYPE_PKCS12:
+ {
+#ifdef HAVE_PKCS12_SUPPORT
+ FILE *f;
+ PKCS12 *p12;
+ EVP_PKEY *pri;
+ STACK_OF(X509) *ca = NULL;
+
+ f = fopen(cert_file, "rb");
+ if(!f) {
+ failf(data, "could not open PKCS12 file '%s'", cert_file);
+ return 0;
+ }
+ p12 = d2i_PKCS12_fp(f, NULL);
+ fclose(f);
+
+ if(!p12) {
+ failf(data, "error reading PKCS12 file '%s'", cert_file);
+ return 0;
+ }
+
+ PKCS12_PBE_add();
+
+ if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
+ &ca)) {
+ failf(data,
+ "could not parse PKCS12 file, check password, " OSSL_PACKAGE
+ " error %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ PKCS12_free(p12);
+ return 0;
+ }
+
+ PKCS12_free(p12);
+
+ if(SSL_CTX_use_certificate(ctx, x509) != 1) {
+ failf(data,
+ "could not load PKCS12 client certificate, " OSSL_PACKAGE
+ " error %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ goto fail;
+ }
+
+ if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
+ failf(data, "unable to use private key from PKCS12 file '%s'",
+ cert_file);
+ goto fail;
+ }
+
+ if(!SSL_CTX_check_private_key (ctx)) {
+ failf(data, "private key from PKCS12 file '%s' "
+ "does not match certificate in same file", cert_file);
+ goto fail;
+ }
+ /* Set Certificate Verification chain */
+ if(ca) {
+ while(sk_X509_num(ca)) {
+ /*
+ * Note that sk_X509_pop() is used below to make sure the cert is
+ * removed from the stack properly before getting passed to
+ * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
+ * we used sk_X509_value() instead, but then we'd clean it in the
+ * subsequent sk_X509_pop_free() call.
+ */
+ X509 *x = sk_X509_pop(ca);
+ if(!SSL_CTX_add_client_CA(ctx, x)) {
+ X509_free(x);
+ failf(data, "cannot add certificate to client CA list");
+ goto fail;
+ }
+ if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
+ X509_free(x);
+ failf(data, "cannot add certificate to certificate chain");
+ goto fail;
+ }
+ }
+ }
+
+ cert_done = 1;
+ fail:
+ EVP_PKEY_free(pri);
+ X509_free(x509);
+ sk_X509_pop_free(ca, X509_free);
+
+ if(!cert_done)
+ return 0; /* failure! */
+ break;
+#else
+ failf(data, "file type P12 for certificate not supported");
+ return 0;
+#endif
+ }
+ default:
+ failf(data, "not supported file type '%s' for certificate", cert_type);
+ return 0;
+ }
+
+ file_type = do_file_type(key_type);
+
+ switch(file_type) {
+ case SSL_FILETYPE_PEM:
+ if(cert_done)
+ break;
+ if(!key_file)
+ /* cert & key can only be in PEM case in the same file */
+ key_file = cert_file;
+ /* FALLTHROUGH */
+ case SSL_FILETYPE_ASN1:
+ if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
+ failf(data, "unable to set private key file: '%s' type %s",
+ key_file, key_type?key_type:"PEM");
+ return 0;
+ }
+ break;
+ case SSL_FILETYPE_ENGINE:
+#ifdef HAVE_OPENSSL_ENGINE_H
+ { /* XXXX still needs some work */
+ EVP_PKEY *priv_key = NULL;
+ if(data->state.engine) {
+ UI_METHOD *ui_method =
+ UI_create_method((char *)"curl user interface");
+ if(!ui_method) {
+ failf(data, "unable do create " OSSL_PACKAGE
+ " user-interface method");
+ return 0;
+ }
+ UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
+ UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
+ UI_method_set_reader(ui_method, ssl_ui_reader);
+ UI_method_set_writer(ui_method, ssl_ui_writer);
+ /* the typecast below was added to please mingw32 */
+ priv_key = (EVP_PKEY *)
+ ENGINE_load_private_key(data->state.engine, key_file,
+ ui_method,
+ key_passwd);
+ UI_destroy_method(ui_method);
+ if(!priv_key) {
+ failf(data, "failed to load private key from crypto engine");
+ return 0;
+ }
+ if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
+ failf(data, "unable to set private key");
+ EVP_PKEY_free(priv_key);
+ return 0;
+ }
+ EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
+ }
+ else {
+ failf(data, "crypto engine not set, can't load private key");
+ return 0;
+ }
+ }
+ break;
+#else
+ failf(data, "file type ENG for private key not supported");
+ return 0;
+#endif
+ case SSL_FILETYPE_PKCS12:
+ if(!cert_done) {
+ failf(data, "file type P12 for private key not supported");
+ return 0;
+ }
+ break;
+ default:
+ failf(data, "not supported file type for private key");
+ return 0;
+ }
+
+ ssl = SSL_new(ctx);
+ if(!ssl) {
+ failf(data, "unable to create an SSL structure");
+ return 0;
+ }
+
+ x509 = SSL_get_certificate(ssl);
+
+ /* This version was provided by Evan Jordan and is supposed to not
+ leak memory as the previous version: */
+ if(x509) {
+ EVP_PKEY *pktmp = X509_get_pubkey(x509);
+ EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
+ EVP_PKEY_free(pktmp);
+ }
+
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL)
+ {
+ /* If RSA is used, don't check the private key if its flags indicate
+ * it doesn't support it. */
+ EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
+ int pktype;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ pktype = EVP_PKEY_id(priv_key);
+#else
+ pktype = priv_key->type;
+#endif
+ if(pktype == EVP_PKEY_RSA) {
+ RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
+ if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
+ check_privkey = FALSE;
+ RSA_free(rsa); /* Decrement reference count */
+ }
+ }
+#endif
+
+ SSL_free(ssl);
+
+ /* If we are using DSA, we can copy the parameters from
+ * the private key */
+
+ if(check_privkey == TRUE) {
+ /* Now we know that a key and cert have been set against
+ * the SSL context */
+ if(!SSL_CTX_check_private_key(ctx)) {
+ failf(data, "Private key does not match the certificate public key");
+ return 0;
+ }
+ }
+ }
+ return 1;
+}
+
+/* returns non-zero on failure */
+static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
+{
+#if 0
+ return X509_NAME_oneline(a, buf, size);
+#else
+ BIO *bio_out = BIO_new(BIO_s_mem());
+ BUF_MEM *biomem;
+ int rc;
+
+ if(!bio_out)
+ return 1; /* alloc failed! */
+
+ rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
+ BIO_get_mem_ptr(bio_out, &biomem);
+
+ if((size_t)biomem->length < size)
+ size = biomem->length;
+ else
+ size--; /* don't overwrite the buffer end */
+
+ memcpy(buf, biomem->data, size);
+ buf[size] = 0;
+
+ BIO_free(bio_out);
+
+ return !rc;
+#endif
+}
+
+/**
+ * Global SSL init
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
+ */
+static int Curl_ossl_init(void)
+{
+#ifdef ENABLE_SSLKEYLOGFILE
+ const char *keylog_file_name;
+#endif
+
+ OPENSSL_load_builtin_modules();
+
+#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+ ENGINE_load_builtin_engines();
+#endif
+
+ /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
+ that function makes an exit() call on wrongly formatted config files
+ which makes it hard to use in some situations. OPENSSL_config() itself
+ calls CONF_modules_load_file() and we use that instead and we ignore
+ its return code! */
+
+ /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and
+ 0.9.8e */
+#ifndef CONF_MFLAGS_DEFAULT_SECTION
+#define CONF_MFLAGS_DEFAULT_SECTION 0x0
+#endif
+
+ CONF_modules_load_file(NULL, NULL,
+ CONF_MFLAGS_DEFAULT_SECTION|
+ CONF_MFLAGS_IGNORE_MISSING_FILE);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+ !defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL 1.1.0+ takes care of initialization itself */
+#else
+ /* Lets get nice error messages */
+ SSL_load_error_strings();
+
+ /* Init the global ciphers and digests */
+ if(!SSLeay_add_ssl_algorithms())
+ return 0;
+
+ OpenSSL_add_all_algorithms();
+#endif
+
+#ifdef ENABLE_SSLKEYLOGFILE
+ keylog_file_name = curl_getenv("SSLKEYLOGFILE");
+ if(keylog_file_name && !keylog_file_fp) {
+ keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
+ if(keylog_file_fp) {
+ if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) {
+ fclose(keylog_file_fp);
+ keylog_file_fp = NULL;
+ }
+ }
+ }
+#endif
+
+ return 1;
+}
+
+/* Global cleanup */
+static void Curl_ossl_cleanup(void)
+{
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+ !defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL 1.1 deprecates all these cleanup functions and
+ turns them into no-ops in OpenSSL 1.0 compatibility mode */
+#else
+ /* Free ciphers and digests lists */
+ EVP_cleanup();
+
+#ifdef HAVE_ENGINE_CLEANUP
+ /* Free engine list */
+ ENGINE_cleanup();
+#endif
+
+ /* Free OpenSSL error strings */
+ ERR_free_strings();
+
+ /* Free thread local error state, destroying hash upon zero refcount */
+#ifdef HAVE_ERR_REMOVE_THREAD_STATE
+ ERR_remove_thread_state(NULL);
+#else
+ ERR_remove_state(0);
+#endif
+
+ /* Free all memory allocated by all configuration modules */
+ CONF_modules_free();
+
+#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
+ SSL_COMP_free_compression_methods();
+#endif
+#endif
+
+#ifdef ENABLE_SSLKEYLOGFILE
+ if(keylog_file_fp) {
+ fclose(keylog_file_fp);
+ keylog_file_fp = NULL;
+ }
+#endif
+}
+
+/*
+ * This function is used to determine connection status.
+ *
+ * Return codes:
+ * 1 means the connection is still in place
+ * 0 means the connection has been closed
+ * -1 means the connection status is unknown
+ */
+static int Curl_ossl_check_cxn(struct connectdata *conn)
+{
+ /* SSL_peek takes data out of the raw recv buffer without peeking so we use
+ recv MSG_PEEK instead. Bug #795 */
+#ifdef MSG_PEEK
+ char buf;
+ ssize_t nread;
+ nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
+ (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK);
+ if(nread == 0)
+ return 0; /* connection has been closed */
+ if(nread == 1)
+ return 1; /* connection still in place */
+ else if(nread == -1) {
+ int err = SOCKERRNO;
+ if(err == EINPROGRESS ||
+#if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
+ err == EAGAIN ||
+#endif
+ err == EWOULDBLOCK)
+ return 1; /* connection still in place */
+ if(err == ECONNRESET ||
+#ifdef ECONNABORTED
+ err == ECONNABORTED ||
+#endif
+#ifdef ENETDOWN
+ err == ENETDOWN ||
+#endif
+#ifdef ENETRESET
+ err == ENETRESET ||
+#endif
+#ifdef ESHUTDOWN
+ err == ESHUTDOWN ||
+#endif
+#ifdef ETIMEDOUT
+ err == ETIMEDOUT ||
+#endif
+ err == ENOTCONN)
+ return 0; /* connection has been closed */
+ }
+#endif
+ return -1; /* connection status unknown */
+}
+
+/* Selects an OpenSSL crypto engine
+ */
+static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
+ const char *engine)
+{
+#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+ ENGINE *e;
+
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+ e = ENGINE_by_id(engine);
+#else
+ /* avoid memory leak */
+ for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
+ const char *e_id = ENGINE_get_id(e);
+ if(!strcmp(engine, e_id))
+ break;
+ }
+#endif
+
+ if(!e) {
+ failf(data, "SSL Engine '%s' not found", engine);
+ return CURLE_SSL_ENGINE_NOTFOUND;
+ }
+
+ if(data->state.engine) {
+ ENGINE_finish(data->state.engine);
+ ENGINE_free(data->state.engine);
+ data->state.engine = NULL;
+ }
+ if(!ENGINE_init(e)) {
+ char buf[256];
+
+ ENGINE_free(e);
+ failf(data, "Failed to initialise SSL Engine '%s':\n%s",
+ engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
+ return CURLE_SSL_ENGINE_INITFAILED;
+ }
+ data->state.engine = e;
+ return CURLE_OK;
+#else
+ (void)engine;
+ failf(data, "SSL Engine not supported");
+ return CURLE_SSL_ENGINE_NOTFOUND;
+#endif
+}
+
+/* Sets engine as default for all SSL operations
+ */
+static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
+{
+#ifdef HAVE_OPENSSL_ENGINE_H
+ if(data->state.engine) {
+ if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
+ infof(data, "set default crypto engine '%s'\n",
+ ENGINE_get_id(data->state.engine));
+ }
+ else {
+ failf(data, "set default crypto engine '%s' failed",
+ ENGINE_get_id(data->state.engine));
+ return CURLE_SSL_ENGINE_SETFAILED;
+ }
+ }
+#else
+ (void) data;
+#endif
+ return CURLE_OK;
+}
+
+/* Return list of OpenSSL crypto engine names.
+ */
+static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
+{
+ struct curl_slist *list = NULL;
+#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+ struct curl_slist *beg;
+ ENGINE *e;
+
+ for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
+ beg = curl_slist_append(list, ENGINE_get_id(e));
+ if(!beg) {
+ curl_slist_free_all(list);
+ return NULL;
+ }
+ list = beg;
+ }
+#endif
+ (void) data;
+ return list;
+}
+
+
+static void ossl_close(struct ssl_connect_data *connssl)
+{
+ if(BACKEND->handle) {
+ (void)SSL_shutdown(BACKEND->handle);
+ SSL_set_connect_state(BACKEND->handle);
+
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = NULL;
+ }
+ if(BACKEND->ctx) {
+ SSL_CTX_free(BACKEND->ctx);
+ BACKEND->ctx = NULL;
+ }
+}
+
+/*
+ * This function is called when an SSL connection is closed.
+ */
+static void Curl_ossl_close(struct connectdata *conn, int sockindex)
+{
+ ossl_close(&conn->ssl[sockindex]);
+ ossl_close(&conn->proxy_ssl[sockindex]);
+}
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
+{
+ int retval = 0;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+ char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
+ to be at least 256 bytes long. */
+ unsigned long sslerror;
+ ssize_t nread;
+ int buffsize;
+ int err;
+ int done = 0;
+
+ /* This has only been tested on the proftpd server, and the mod_tls code
+ sends a close notify alert without waiting for a close notify alert in
+ response. Thus we wait for a close notify alert from the server, but
+ we do not send one. Let's hope other servers do the same... */
+
+ if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
+ (void)SSL_shutdown(BACKEND->handle);
+
+ if(BACKEND->handle) {
+ buffsize = (int)sizeof(buf);
+ while(!done) {
+ int what = SOCKET_READABLE(conn->sock[sockindex],
+ SSL_SHUTDOWN_TIMEOUT);
+ if(what > 0) {
+ ERR_clear_error();
+
+ /* Something to read, let's do it and hope that it is the close
+ notify alert from the server */
+ nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
+ err = SSL_get_error(BACKEND->handle, (int)nread);
+
+ switch(err) {
+ case SSL_ERROR_NONE: /* this is not an error */
+ case SSL_ERROR_ZERO_RETURN: /* no more data */
+ /* This is the expected response. There was no data but only
+ the close notify alert */
+ done = 1;
+ break;
+ case SSL_ERROR_WANT_READ:
+ /* there's data pending, re-invoke SSL_read() */
+ infof(data, "SSL_ERROR_WANT_READ\n");
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ /* SSL wants a write. Really odd. Let's bail out. */
+ infof(data, "SSL_ERROR_WANT_WRITE\n");
+ done = 1;
+ break;
+ default:
+ /* openssl/ssl.h says "look at error stack/return value/errno" */
+ sslerror = ERR_get_error();
+ failf(conn->data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
+ (sslerror ?
+ ossl_strerror(sslerror, buf, sizeof(buf)) :
+ SSL_ERROR_to_str(err)),
+ SOCKERRNO);
+ done = 1;
+ break;
+ }
+ }
+ else if(0 == what) {
+ /* timeout */
+ failf(data, "SSL shutdown timeout");
+ done = 1;
+ }
+ else {
+ /* anything that gets here is fatally bad */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ retval = -1;
+ done = 1;
+ }
+ } /* while()-loop for the select() */
+
+ if(data->set.verbose) {
+#ifdef HAVE_SSL_GET_SHUTDOWN
+ switch(SSL_get_shutdown(BACKEND->handle)) {
+ case SSL_SENT_SHUTDOWN:
+ infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
+ break;
+ case SSL_RECEIVED_SHUTDOWN:
+ infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
+ break;
+ case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
+ infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
+ "SSL_RECEIVED__SHUTDOWN\n");
+ break;
+ }
+#endif
+ }
+
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = NULL;
+ }
+ return retval;
+}
+
+static void Curl_ossl_session_free(void *ptr)
+{
+ /* free the ID */
+ SSL_SESSION_free(ptr);
+}
+
+/*
+ * This function is called when the 'data' struct is going away. Close
+ * down everything and free all resources!
+ */
+static void Curl_ossl_close_all(struct Curl_easy *data)
+{
+#ifdef HAVE_OPENSSL_ENGINE_H
+ if(data->state.engine) {
+ ENGINE_finish(data->state.engine);
+ ENGINE_free(data->state.engine);
+ data->state.engine = NULL;
+ }
+#else
+ (void)data;
+#endif
+#if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
+ defined(HAVE_ERR_REMOVE_THREAD_STATE)
+ /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
+ so we need to clean it here in case the thread will be killed. All OpenSSL
+ code should extract the error in association with the error so clearing
+ this queue here should be harmless at worst. */
+ ERR_remove_thread_state(NULL);
+#endif
+}
+
+/* ====================================================== */
+
+
+/* Quote from RFC2818 section 3.1 "Server Identity"
+
+ If a subjectAltName extension of type dNSName is present, that MUST
+ be used as the identity. Otherwise, the (most specific) Common Name
+ field in the Subject field of the certificate MUST be used. Although
+ the use of the Common Name is existing practice, it is deprecated and
+ Certification Authorities are encouraged to use the dNSName instead.
+
+ Matching is performed using the matching rules specified by
+ [RFC2459]. If more than one identity of a given type is present in
+ the certificate (e.g., more than one dNSName name, a match in any one
+ of the set is considered acceptable.) Names may contain the wildcard
+ character * which is considered to match any single domain name
+ component or component fragment. E.g., *.a.com matches foo.a.com but
+ not bar.foo.a.com. f*.com matches foo.com but not bar.com.
+
+ In some cases, the URI is specified as an IP address rather than a
+ hostname. In this case, the iPAddress subjectAltName must be present
+ in the certificate and must exactly match the IP in the URI.
+
+*/
+static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
+{
+ bool matched = FALSE;
+ int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
+ size_t addrlen = 0;
+ struct Curl_easy *data = conn->data;
+ STACK_OF(GENERAL_NAME) *altnames;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+ CURLcode result = CURLE_OK;
+ bool dNSName = FALSE; /* if a dNSName field exists in the cert */
+ bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const char * const dispname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.dispname : conn->host.dispname;
+
+#ifdef ENABLE_IPV6
+ if(conn->bits.ipv6_ip &&
+ Curl_inet_pton(AF_INET6, hostname, &addr)) {
+ target = GEN_IPADD;
+ addrlen = sizeof(struct in6_addr);
+ }
+ else
+#endif
+ if(Curl_inet_pton(AF_INET, hostname, &addr)) {
+ target = GEN_IPADD;
+ addrlen = sizeof(struct in_addr);
+ }
+
+ /* get a "list" of alternative names */
+ altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
+
+ if(altnames) {
+ int numalts;
+ int i;
+ bool dnsmatched = FALSE;
+ bool ipmatched = FALSE;
+
+ /* get amount of alternatives, RFC2459 claims there MUST be at least
+ one, but we don't depend on it... */
+ numalts = sk_GENERAL_NAME_num(altnames);
+
+ /* loop through all alternatives - until a dnsmatch */
+ for(i = 0; (i < numalts) && !dnsmatched; i++) {
+ /* get a handle to alternative name number i */
+ const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
+
+ if(check->type == GEN_DNS)
+ dNSName = TRUE;
+ else if(check->type == GEN_IPADD)
+ iPAddress = TRUE;
+
+ /* only check alternatives of the same type the target is */
+ if(check->type == target) {
+ /* get data and length */
+ const char *altptr = (char *)ASN1_STRING_get0_data(check->d.ia5);
+ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+
+ switch(target) {
+ case GEN_DNS: /* name/pattern comparison */
+ /* The OpenSSL man page explicitly says: "In general it cannot be
+ assumed that the data returned by ASN1_STRING_data() is null
+ terminated or does not contain embedded nulls." But also that
+ "The actual format of the data will depend on the actual string
+ type itself: for example for and IA5String the data will be ASCII"
+
+ Gisle researched the OpenSSL sources:
+ "I checked the 0.9.6 and 0.9.8 sources before my patch and
+ it always 0-terminates an IA5String."
+ */
+ if((altlen == strlen(altptr)) &&
+ /* if this isn't true, there was an embedded zero in the name
+ string and we cannot match it. */
+ Curl_cert_hostcheck(altptr, hostname)) {
+ dnsmatched = TRUE;
+ infof(data,
+ " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
+ dispname, altptr);
+ }
+ break;
+
+ case GEN_IPADD: /* IP address comparison */
+ /* compare alternative IP address if the data chunk is the same size
+ our server IP address is */
+ if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
+ ipmatched = TRUE;
+ infof(data,
+ " subjectAltName: host \"%s\" matched cert's IP address!\n",
+ dispname);
+ }
+ break;
+ }
+ }
+ }
+ GENERAL_NAMES_free(altnames);
+
+ if(dnsmatched || ipmatched)
+ matched = TRUE;
+ }
+
+ if(matched)
+ /* an alternative name matched */
+ ;
+ else if(dNSName || iPAddress) {
+ infof(data, " subjectAltName does not match %s\n", dispname);
+ failf(data, "SSL: no alternative certificate subject name matches "
+ "target host name '%s'", dispname);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else {
+ /* we have to look to the last occurrence of a commonName in the
+ distinguished one to get the most significant one. */
+ int j, i = -1;
+
+ /* The following is done because of a bug in 0.9.6b */
+
+ unsigned char *nulstr = (unsigned char *)"";
+ unsigned char *peer_CN = nulstr;
+
+ X509_NAME *name = X509_get_subject_name(server_cert);
+ if(name)
+ while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
+ i = j;
+
+ /* we have the name entry and we will now convert this to a string
+ that we can use for comparison. Doing this we support BMPstring,
+ UTF8 etc. */
+
+ if(i >= 0) {
+ ASN1_STRING *tmp =
+ X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+
+ /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
+ is already UTF-8 encoded. We check for this case and copy the raw
+ string manually to avoid the problem. This code can be made
+ conditional in the future when OpenSSL has been fixed. Work-around
+ brought by Alexis S. L. Carvalho. */
+ if(tmp) {
+ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+ j = ASN1_STRING_length(tmp);
+ if(j >= 0) {
+ peer_CN = OPENSSL_malloc(j + 1);
+ if(peer_CN) {
+ memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
+ peer_CN[j] = '\0';
+ }
+ }
+ }
+ else /* not a UTF8 name */
+ j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+
+ if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
+ /* there was a terminating zero before the end of string, this
+ cannot match and we return failure! */
+ failf(data, "SSL: illegal cert name field");
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ }
+ }
+
+ if(peer_CN == nulstr)
+ peer_CN = NULL;
+ else {
+ /* convert peer_CN from UTF8 */
+ CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN,
+ strlen((char *)peer_CN));
+ /* Curl_convert_from_utf8 calls failf if unsuccessful */
+ if(rc) {
+ OPENSSL_free(peer_CN);
+ return rc;
+ }
+ }
+
+ if(result)
+ /* error already detected, pass through */
+ ;
+ else if(!peer_CN) {
+ failf(data,
+ "SSL: unable to obtain common name from peer certificate");
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
+ failf(data, "SSL: certificate subject name '%s' does not match "
+ "target host name '%s'", peer_CN, dispname);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else {
+ infof(data, " common name: %s (matched)\n", peer_CN);
+ }
+ if(peer_CN)
+ OPENSSL_free(peer_CN);
+ }
+
+ return result;
+}
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+static CURLcode verifystatus(struct connectdata *conn,
+ struct ssl_connect_data *connssl)
+{
+ int i, ocsp_status;
+ const unsigned char *p;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+
+ OCSP_RESPONSE *rsp = NULL;
+ OCSP_BASICRESP *br = NULL;
+ X509_STORE *st = NULL;
+ STACK_OF(X509) *ch = NULL;
+
+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
+
+ if(!p) {
+ failf(data, "No OCSP response received");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+ if(!rsp) {
+ failf(data, "Invalid OCSP response");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ ocsp_status = OCSP_response_status(rsp);
+ if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+ failf(data, "Invalid OCSP response status: %s (%d)",
+ OCSP_response_status_str(ocsp_status), ocsp_status);
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ br = OCSP_response_get1_basic(rsp);
+ if(!br) {
+ failf(data, "Invalid OCSP response");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ ch = SSL_get_peer_cert_chain(BACKEND->handle);
+ st = SSL_CTX_get_cert_store(BACKEND->ctx);
+
+#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
+ (defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
+ /* The authorized responder cert in the OCSP response MUST be signed by the
+ peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
+ no problem, but if it's an intermediate cert OpenSSL has a bug where it
+ expects this issuer to be present in the chain embedded in the OCSP
+ response. So we add it if necessary. */
+
+ /* First make sure the peer cert chain includes both a peer and an issuer,
+ and the OCSP response contains a responder cert. */
+ if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
+ X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
+
+ /* Find issuer of responder cert and add it to the OCSP response chain */
+ for(i = 0; i < sk_X509_num(ch); i++) {
+ X509 *issuer = sk_X509_value(ch, i);
+ if(X509_check_issued(issuer, responder) == X509_V_OK) {
+ if(!OCSP_basic_add1_cert(br, issuer)) {
+ failf(data, "Could not add issuer cert to OCSP response");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+ }
+ }
+ }
+#endif
+
+ if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
+ failf(data, "OCSP response verification failed");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ for(i = 0; i < OCSP_resp_count(br); i++) {
+ int cert_status, crl_reason;
+ OCSP_SINGLERESP *single = NULL;
+
+ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+ single = OCSP_resp_get0(br, i);
+ if(!single)
+ continue;
+
+ cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
+ &thisupd, &nextupd);
+
+ if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
+ failf(data, "OCSP response has expired");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ infof(data, "SSL certificate status: %s (%d)\n",
+ OCSP_cert_status_str(cert_status), cert_status);
+
+ switch(cert_status) {
+ case V_OCSP_CERTSTATUS_GOOD:
+ break;
+
+ case V_OCSP_CERTSTATUS_REVOKED:
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+
+ failf(data, "SSL certificate revocation reason: %s (%d)",
+ OCSP_crl_reason_str(crl_reason), crl_reason);
+ goto end;
+
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+ }
+
+end:
+ if(br) OCSP_BASICRESP_free(br);
+ OCSP_RESPONSE_free(rsp);
+
+ return result;
+}
+#endif
+
+#endif /* USE_OPENSSL */
+
+/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
+ and thus this cannot be done there. */
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+
+static const char *ssl_msg_type(int ssl_ver, int msg)
+{
+#ifdef SSL2_VERSION_MAJOR
+ if(ssl_ver == SSL2_VERSION_MAJOR) {
+ switch(msg) {
+ case SSL2_MT_ERROR:
+ return "Error";
+ case SSL2_MT_CLIENT_HELLO:
+ return "Client hello";
+ case SSL2_MT_CLIENT_MASTER_KEY:
+ return "Client key";
+ case SSL2_MT_CLIENT_FINISHED:
+ return "Client finished";
+ case SSL2_MT_SERVER_HELLO:
+ return "Server hello";
+ case SSL2_MT_SERVER_VERIFY:
+ return "Server verify";
+ case SSL2_MT_SERVER_FINISHED:
+ return "Server finished";
+ case SSL2_MT_REQUEST_CERTIFICATE:
+ return "Request CERT";
+ case SSL2_MT_CLIENT_CERTIFICATE:
+ return "Client CERT";
+ }
+ }
+ else
+#endif
+ if(ssl_ver == SSL3_VERSION_MAJOR) {
+ switch(msg) {
+ case SSL3_MT_HELLO_REQUEST:
+ return "Hello request";
+ case SSL3_MT_CLIENT_HELLO:
+ return "Client hello";
+ case SSL3_MT_SERVER_HELLO:
+ return "Server hello";
+#ifdef SSL3_MT_NEWSESSION_TICKET
+ case SSL3_MT_NEWSESSION_TICKET:
+ return "Newsession Ticket";
+#endif
+ case SSL3_MT_CERTIFICATE:
+ return "Certificate";
+ case SSL3_MT_SERVER_KEY_EXCHANGE:
+ return "Server key exchange";
+ case SSL3_MT_CLIENT_KEY_EXCHANGE:
+ return "Client key exchange";
+ case SSL3_MT_CERTIFICATE_REQUEST:
+ return "Request CERT";
+ case SSL3_MT_SERVER_DONE:
+ return "Server finished";
+ case SSL3_MT_CERTIFICATE_VERIFY:
+ return "CERT verify";
+ case SSL3_MT_FINISHED:
+ return "Finished";
+#ifdef SSL3_MT_CERTIFICATE_STATUS
+ case SSL3_MT_CERTIFICATE_STATUS:
+ return "Certificate Status";
+#endif
+ }
+ }
+ return "Unknown";
+}
+
+static const char *tls_rt_type(int type)
+{
+ switch(type) {
+#ifdef SSL3_RT_HEADER
+ case SSL3_RT_HEADER:
+ return "TLS header";
+#endif
+ case SSL3_RT_CHANGE_CIPHER_SPEC:
+ return "TLS change cipher";
+ case SSL3_RT_ALERT:
+ return "TLS alert";
+ case SSL3_RT_HANDSHAKE:
+ return "TLS handshake";
+ case SSL3_RT_APPLICATION_DATA:
+ return "TLS app data";
+ default:
+ return "TLS Unknown";
+ }
+}
+
+
+/*
+ * Our callback from the SSL/TLS layers.
+ */
+static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
+ const void *buf, size_t len, SSL *ssl,
+ void *userp)
+{
+ struct Curl_easy *data;
+ const char *msg_name, *tls_rt_name;
+ char ssl_buf[1024];
+ char unknown[32];
+ int msg_type, txt_len;
+ const char *verstr = NULL;
+ struct connectdata *conn = userp;
+
+ if(!conn || !conn->data || !conn->data->set.fdebug ||
+ (direction != 0 && direction != 1))
+ return;
+
+ data = conn->data;
+
+ switch(ssl_ver) {
+#ifdef SSL2_VERSION /* removed in recent versions */
+ case SSL2_VERSION:
+ verstr = "SSLv2";
+ break;
+#endif
+#ifdef SSL3_VERSION
+ case SSL3_VERSION:
+ verstr = "SSLv3";
+ break;
+#endif
+ case TLS1_VERSION:
+ verstr = "TLSv1.0";
+ break;
+#ifdef TLS1_1_VERSION
+ case TLS1_1_VERSION:
+ verstr = "TLSv1.1";
+ break;
+#endif
+#ifdef TLS1_2_VERSION
+ case TLS1_2_VERSION:
+ verstr = "TLSv1.2";
+ break;
+#endif
+#ifdef TLS1_3_VERSION
+ case TLS1_3_VERSION:
+ verstr = "TLSv1.3";
+ break;
+#endif
+ case 0:
+ break;
+ default:
+ snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
+ verstr = unknown;
+ break;
+ }
+
+ if(ssl_ver) {
+ /* the info given when the version is zero is not that useful for us */
+
+ ssl_ver >>= 8; /* check the upper 8 bits only below */
+
+ /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
+ * always pass-up content-type as 0. But the interesting message-type
+ * is at 'buf[0]'.
+ */
+ if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
+ tls_rt_name = tls_rt_type(content_type);
+ else
+ tls_rt_name = "";
+
+ msg_type = *(char *)buf;
+ msg_name = ssl_msg_type(ssl_ver, msg_type);
+
+ txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
+ verstr, direction?"OUT":"IN",
+ tls_rt_name, msg_name, msg_type);
+ Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ }
+
+ Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
+ CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
+ (void) ssl;
+}
+#endif
+
+#ifdef USE_OPENSSL
+/* ====================================================== */
+
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+# define use_sni(x) sni = (x)
+#else
+# define use_sni(x) Curl_nop_stmt
+#endif
+
+/* Check for OpenSSL 1.0.2 which has ALPN support. */
+#undef HAS_ALPN
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L \
+ && !defined(OPENSSL_NO_TLSEXT)
+# define HAS_ALPN 1
+#endif
+
+/* Check for OpenSSL 1.0.1 which has NPN support. */
+#undef HAS_NPN
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
+ && !defined(OPENSSL_NO_TLSEXT) \
+ && !defined(OPENSSL_NO_NEXTPROTONEG)
+# define HAS_NPN 1
+#endif
+
+#ifdef HAS_NPN
+
+/*
+ * in is a list of length prefixed strings. this function has to select
+ * the protocol we want to use from the list and write its string into out.
+ */
+
+static int
+select_next_protocol(unsigned char **out, unsigned char *outlen,
+ const unsigned char *in, unsigned int inlen,
+ const char *key, unsigned int keylen)
+{
+ unsigned int i;
+ for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
+ if(memcmp(&in[i + 1], key, keylen) == 0) {
+ *out = (unsigned char *) &in[i + 1];
+ *outlen = in[i];
+ return 0;
+ }
+ }
+ return -1;
+}
+
+static int
+select_next_proto_cb(SSL *ssl,
+ unsigned char **out, unsigned char *outlen,
+ const unsigned char *in, unsigned int inlen,
+ void *arg)
+{
+ struct connectdata *conn = (struct connectdata*) arg;
+
+ (void)ssl;
+
+#ifdef USE_NGHTTP2
+ if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN)) {
+ infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
+ NGHTTP2_PROTO_VERSION_ID);
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ return SSL_TLSEXT_ERR_OK;
+ }
+#endif
+
+ if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
+ ALPN_HTTP_1_1_LENGTH)) {
+ infof(conn->data, "NPN, negotiated HTTP1.1\n");
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ return SSL_TLSEXT_ERR_OK;
+ }
+
+ infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
+ *out = (unsigned char *)ALPN_HTTP_1_1;
+ *outlen = ALPN_HTTP_1_1_LENGTH;
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+
+ return SSL_TLSEXT_ERR_OK;
+}
+#endif /* HAS_NPN */
+
+static const char *
+get_ssl_version_txt(SSL *ssl)
+{
+ if(!ssl)
+ return "";
+
+ switch(SSL_version(ssl)) {
+#ifdef TLS1_3_VERSION
+ case TLS1_3_VERSION:
+ return "TLSv1.3";
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ case TLS1_2_VERSION:
+ return "TLSv1.2";
+ case TLS1_1_VERSION:
+ return "TLSv1.1";
+#endif
+ case TLS1_VERSION:
+ return "TLSv1.0";
+ case SSL3_VERSION:
+ return "SSLv3";
+ case SSL2_VERSION:
+ return "SSLv2";
+ }
+ return "unknown";
+}
+
+static CURLcode
+set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
+ int sockindex)
+{
+#if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
+ /* convoluted #if condition just to avoid compiler warnings on unused
+ variable */
+ struct Curl_easy *data = conn->data;
+#endif
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+
+ if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
+ ssl_version_max = ssl_version << 16;
+ }
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_TLSv1_3:
+#ifdef TLS1_3_VERSION
+ {
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SSL_CTX_set_max_proto_version(BACKEND->ctx, TLS1_3_VERSION);
+ *ctx_options |= SSL_OP_NO_TLSv1_2;
+ }
+#else
+ (void)sockindex;
+ failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_TLSv1_2:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1_1;
+#else
+ failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_TLSv1_1:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1;
+#else
+ failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_TLSv1_0:
+ *ctx_options |= SSL_OP_NO_SSLv2;
+ *ctx_options |= SSL_OP_NO_SSLv3;
+ break;
+ }
+
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_TLSv1_0:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1_1;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_MAX_TLSv1_1:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_MAX_TLSv1_2:
+ case CURL_SSLVERSION_MAX_DEFAULT:
+#ifdef TLS1_3_VERSION
+ *ctx_options |= SSL_OP_NO_TLSv1_3;
+#endif
+ break;
+ case CURL_SSLVERSION_MAX_TLSv1_3:
+#ifdef TLS1_3_VERSION
+ break;
+#else
+ failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ }
+ return CURLE_OK;
+}
+
+static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+{
+ CURLcode result = CURLE_OK;
+ char *ciphers;
+ struct Curl_easy *data = conn->data;
+ SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
+ X509_LOOKUP *lookup = NULL;
+ curl_socket_t sockfd = conn->sock[sockindex];
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ long ctx_options = 0;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ bool sni;
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+#endif
+ long * const certverifyresult = SSL_IS_PROXY() ?
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ const long int ssl_version = SSL_CONN_CONFIG(version);
+#ifdef USE_TLS_SRP
+ const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
+#endif
+ char * const ssl_cert = SSL_SET_OPTION(cert);
+ const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
+ const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
+ const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+ const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
+ char error_buffer[256];
+
+ DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
+
+ /* Make funny stuff to get random input */
+ result = Curl_ossl_seed(data);
+ if(result)
+ return result;
+
+ *certverifyresult = !X509_V_OK;
+
+ /* check to see if we've been told to use an explicit SSL/TLS version */
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ /* it will be handled later with the context options */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+ !defined(LIBRESSL_VERSION_NUMBER)
+ req_method = TLS_client_method();
+#else
+ req_method = SSLv23_client_method();
+#endif
+ use_sni(TRUE);
+ break;
+ case CURL_SSLVERSION_SSLv2:
+#ifdef OPENSSL_NO_SSL2
+ failf(data, OSSL_PACKAGE " was built without SSLv2 support");
+ return CURLE_NOT_BUILT_IN;
+#else
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP)
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+ req_method = SSLv2_client_method();
+ use_sni(FALSE);
+ break;
+#endif
+ case CURL_SSLVERSION_SSLv3:
+#ifdef OPENSSL_NO_SSL3_METHOD
+ failf(data, OSSL_PACKAGE " was built without SSLv3 support");
+ return CURLE_NOT_BUILT_IN;
+#else
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP)
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+ req_method = SSLv3_client_method();
+ use_sni(FALSE);
+ break;
+#endif
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(BACKEND->ctx)
+ SSL_CTX_free(BACKEND->ctx);
+ BACKEND->ctx = SSL_CTX_new(req_method);
+
+ if(!BACKEND->ctx) {
+ failf(data, "SSL: couldn't create a context: %s",
+ ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode(BACKEND->ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+ if(data->set.fdebug && data->set.verbose) {
+ /* the SSL trace callback is only used for verbose logging */
+ SSL_CTX_set_msg_callback(BACKEND->ctx, ssl_tls_trace);
+ SSL_CTX_set_msg_callback_arg(BACKEND->ctx, conn);
+ }
+#endif
+
+ /* OpenSSL contains code to work-around lots of bugs and flaws in various
+ SSL-implementations. SSL_CTX_set_options() is used to enabled those
+ work-arounds. The man page for this option states that SSL_OP_ALL enables
+ all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
+ enable the bug workaround options if compatibility with somewhat broken
+ implementations is desired."
+
+ The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
+ disable "rfc4507bis session ticket support". rfc4507bis was later turned
+ into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
+
+ The enabled extension concerns the session management. I wonder how often
+ libcurl stops a connection and then resumes a TLS session. also, sending
+ the session data is some overhead. .I suggest that you just use your
+ proposed patch (which explicitly disables TICKET).
+
+ If someone writes an application with libcurl and openssl who wants to
+ enable the feature, one can do this in the SSL callback.
+
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
+ interoperability with web server Netscape Enterprise Server 2.0.1 which
+ was released back in 1996.
+
+ Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
+ become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
+ CVE-2010-4180 when using previous OpenSSL versions we no longer enable
+ this option regardless of OpenSSL version and SSL_OP_ALL definition.
+
+ OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
+ (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
+ SSL_OP_ALL that _disables_ that work-around despite the fact that
+ SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
+ keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
+ must not be set.
+ */
+
+ ctx_options = SSL_OP_ALL;
+
+#ifdef SSL_OP_NO_TICKET
+ ctx_options |= SSL_OP_NO_TICKET;
+#endif
+
+#ifdef SSL_OP_NO_COMPRESSION
+ ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ /* mitigate CVE-2010-4180 */
+ ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
+#endif
+
+#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ /* unless the user explicitly ask to allow the protocol vulnerability we
+ use the work-around */
+ if(!SSL_SET_OPTION(enable_beast))
+ ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_SSLv3:
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP) {
+ infof(data, "Set version TLSv1.x for SRP authorisation\n");
+ }
+#endif
+ ctx_options |= SSL_OP_NO_SSLv2;
+ ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ ctx_options |= SSL_OP_NO_TLSv1_1;
+ ctx_options |= SSL_OP_NO_TLSv1_2;
+#ifdef TLS1_3_VERSION
+ ctx_options |= SSL_OP_NO_TLSv1_3;
+#endif
+#endif
+ break;
+
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ ctx_options |= SSL_OP_NO_SSLv2;
+ ctx_options |= SSL_OP_NO_SSLv3;
+ break;
+
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
+ if(result != CURLE_OK)
+ return result;
+ break;
+
+ case CURL_SSLVERSION_SSLv2:
+#ifndef OPENSSL_NO_SSL2
+ ctx_options |= SSL_OP_NO_SSLv3;
+ ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ ctx_options |= SSL_OP_NO_TLSv1_1;
+ ctx_options |= SSL_OP_NO_TLSv1_2;
+#ifdef TLS1_3_VERSION
+ ctx_options |= SSL_OP_NO_TLSv1_3;
+#endif
+#endif
+ break;
+#else
+ failf(data, OSSL_PACKAGE " was built without SSLv2 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ SSL_CTX_set_options(BACKEND->ctx, ctx_options);
+
+#ifdef HAS_NPN
+ if(conn->bits.tls_enable_npn)
+ SSL_CTX_set_next_proto_select_cb(BACKEND->ctx, select_next_proto_cb, conn);
+#endif
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ int cur = 0;
+ unsigned char protocols[128];
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
+ protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
+
+ memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN);
+ cur += NGHTTP2_PROTO_VERSION_ID_LEN;
+ infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+#endif
+
+ protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
+ memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
+ cur += ALPN_HTTP_1_1_LENGTH;
+ infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+ /* expects length prefixed preference ordered list of protocols in wire
+ * format
+ */
+ SSL_CTX_set_alpn_protos(BACKEND->ctx, protocols, cur);
+ }
+#endif
+
+ if(ssl_cert || ssl_cert_type) {
+ if(!cert_stuff(conn, BACKEND->ctx, ssl_cert, ssl_cert_type,
+ SSL_SET_OPTION(key), SSL_SET_OPTION(key_type),
+ SSL_SET_OPTION(key_passwd))) {
+ /* failf() is already done in cert_stuff() */
+ return CURLE_SSL_CERTPROBLEM;
+ }
+ }
+
+ ciphers = SSL_CONN_CONFIG(cipher_list);
+ if(!ciphers)
+ ciphers = (char *)DEFAULT_CIPHER_SELECTION;
+ if(ciphers) {
+ if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
+ failf(data, "failed setting cipher list: %s", ciphers);
+ return CURLE_SSL_CIPHER;
+ }
+ infof(data, "Cipher selection: %s\n", ciphers);
+ }
+
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP) {
+ char * const ssl_username = SSL_SET_OPTION(username);
+
+ infof(data, "Using TLS-SRP username: %s\n", ssl_username);
+
+ if(!SSL_CTX_set_srp_username(BACKEND->ctx, ssl_username)) {
+ failf(data, "Unable to set SRP user name");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ if(!SSL_CTX_set_srp_password(BACKEND->ctx, SSL_SET_OPTION(password))) {
+ failf(data, "failed setting SRP password");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ if(!SSL_CONN_CONFIG(cipher_list)) {
+ infof(data, "Setting cipher list SRP\n");
+
+ if(!SSL_CTX_set_cipher_list(BACKEND->ctx, "SRP")) {
+ failf(data, "failed setting SRP cipher list");
+ return CURLE_SSL_CIPHER;
+ }
+ }
+ }
+#endif
+
+ if(ssl_cafile || ssl_capath) {
+ /* tell SSL where to find CA certificates that are used to verify
+ the servers certificate. */
+ if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
+ if(verifypeer) {
+ /* Fail if we insist on successfully verifying the server. */
+ failf(data, "error setting certificate verify locations:\n"
+ " CAfile: %s\n CApath: %s",
+ ssl_cafile ? ssl_cafile : "none",
+ ssl_capath ? ssl_capath : "none");
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ /* Just continue with a warning if no strict certificate verification
+ is required. */
+ infof(data, "error setting certificate verify locations,"
+ " continuing anyway:\n");
+ }
+ else {
+ /* Everything is fine. */
+ infof(data, "successfully set certificate verify locations:\n");
+ }
+ infof(data,
+ " CAfile: %s\n"
+ " CApath: %s\n",
+ ssl_cafile ? ssl_cafile : "none",
+ ssl_capath ? ssl_capath : "none");
+ }
+#ifdef CURL_CA_FALLBACK
+ else if(verifypeer) {
+ /* verfying the peer without any CA certificates won't
+ work so use openssl's built in default as fallback */
+ SSL_CTX_set_default_verify_paths(BACKEND->ctx);
+ }
+#endif
+
+ if(ssl_crlfile) {
+ /* tell SSL where to find CRL file that is used to check certificate
+ * revocation */
+ lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(BACKEND->ctx),
+ X509_LOOKUP_file());
+ if(!lookup ||
+ (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
+ failf(data, "error loading CRL file: %s", ssl_crlfile);
+ return CURLE_SSL_CRL_BADFILE;
+ }
+ /* Everything is fine. */
+ infof(data, "successfully load CRL file:\n");
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
+ X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+
+ infof(data, " CRLfile: %s\n", ssl_crlfile);
+ }
+
+ /* Try building a chain using issuers in the trusted store first to avoid
+ problems with server-sent legacy intermediates.
+ Newer versions of OpenSSL do alternate chain checking by default which
+ gives us the same fix without as much of a performance hit (slight), so we
+ prefer that if available.
+ https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
+ */
+#if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
+ if(verifypeer) {
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
+ X509_V_FLAG_TRUSTED_FIRST);
+ }
+#endif
+
+ /* SSL always tries to verify the peer, this only says whether it should
+ * fail to connect if the verification fails, or if it should continue
+ * anyway. In the latter case the result of the verification is checked with
+ * SSL_get_verify_result() below. */
+ SSL_CTX_set_verify(BACKEND->ctx,
+ verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
+
+ /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
+#if defined(ENABLE_SSLKEYLOGFILE) && defined(HAVE_KEYLOG_CALLBACK)
+ if(keylog_file) {
+ SSL_CTX_set_keylog_callback(connssl->ctx, ossl_keylog_callback);
+ }
+#endif
+
+ /* give application a chance to interfere with SSL set up. */
+ if(data->set.ssl.fsslctx) {
+ result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx,
+ data->set.ssl.fsslctxp);
+ if(result) {
+ failf(data, "error signaled by ssl ctx callback");
+ return result;
+ }
+ }
+
+ /* Lets make an SSL structure */
+ if(BACKEND->handle)
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = SSL_new(BACKEND->ctx);
+ if(!BACKEND->handle) {
+ failf(data, "SSL: couldn't create a context (handle)!");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+ if(SSL_CONN_CONFIG(verifystatus))
+ SSL_set_tlsext_status_type(BACKEND->handle, TLSEXT_STATUSTYPE_ocsp);
+#endif
+
+ SSL_set_connect_state(BACKEND->handle);
+
+ BACKEND->server_cert = 0x0;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
+#endif
+ sni &&
+ !SSL_set_tlsext_host_name(BACKEND->handle, hostname))
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+#endif
+
+ /* Check if there's a cached ID we can/should use here! */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ void *ssl_sessionid = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
+ /* we got a session id, use it! */
+ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "SSL: SSL_set_session failed: %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ /* Informational message */
+ infof(data, "SSL re-using session ID\n");
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ if(conn->proxy_ssl[sockindex].use) {
+ BIO *const bio = BIO_new(BIO_f_ssl());
+ SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
+ DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
+ DEBUGASSERT(handle != NULL);
+ DEBUGASSERT(bio != NULL);
+ BIO_set_ssl(bio, handle, FALSE);
+ SSL_set_bio(BACKEND->handle, bio, bio);
+ }
+ else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
+ /* pass the raw socket into the SSL layers */
+ failf(data, "SSL: SSL_set_fd failed: %s",
+ ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ connssl->connecting_state = ssl_connect_2;
+
+ return CURLE_OK;
+}
+
+static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ int err;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ long * const certverifyresult = SSL_IS_PROXY() ?
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
+ || ssl_connect_2_reading == connssl->connecting_state
+ || ssl_connect_2_writing == connssl->connecting_state);
+
+ ERR_clear_error();
+
+ err = SSL_connect(BACKEND->handle);
+ /* If keylogging is enabled but the keylog callback is not supported then log
+ secrets here, immediately after SSL_connect by using tap_ssl_key. */
+#if defined(ENABLE_SSLKEYLOGFILE) && !defined(HAVE_KEYLOG_CALLBACK)
+ tap_ssl_key(BACKEND->handle, &BACKEND->tap_state);
+#endif
+
+ /* 1 is fine
+ 0 is "not successful but was shut down controlled"
+ <0 is "handshake was not successful, because a fatal error occurred" */
+ if(1 != err) {
+ int detail = SSL_get_error(BACKEND->handle, err);
+
+ if(SSL_ERROR_WANT_READ == detail) {
+ connssl->connecting_state = ssl_connect_2_reading;
+ return CURLE_OK;
+ }
+ if(SSL_ERROR_WANT_WRITE == detail) {
+ connssl->connecting_state = ssl_connect_2_writing;
+ return CURLE_OK;
+ }
+ else {
+ /* untreated error */
+ unsigned long errdetail;
+ char error_buffer[256]="";
+ CURLcode result;
+ long lerr;
+ int lib;
+ int reason;
+
+ /* the connection failed, we're not waiting for anything else. */
+ connssl->connecting_state = ssl_connect_2;
+
+ /* Get the earliest error code from the thread's error queue and removes
+ the entry. */
+ errdetail = ERR_get_error();
+
+ /* Extract which lib and reason */
+ lib = ERR_GET_LIB(errdetail);
+ reason = ERR_GET_REASON(errdetail);
+
+ if((lib == ERR_LIB_SSL) &&
+ (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
+ result = CURLE_SSL_CACERT;
+
+ lerr = SSL_get_verify_result(BACKEND->handle);
+ if(lerr != X509_V_OK) {
+ *certverifyresult = lerr;
+ snprintf(error_buffer, sizeof(error_buffer),
+ "SSL certificate problem: %s",
+ X509_verify_cert_error_string(lerr));
+ }
+ else
+ /* strcpy() is fine here as long as the string fits within
+ error_buffer */
+ strcpy(error_buffer, "SSL certificate verification failed");
+ }
+ else {
+ result = CURLE_SSL_CONNECT_ERROR;
+ ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
+ }
+
+ /* detail is already set to the SSL error above */
+
+ /* If we e.g. use SSLv2 request-method and the server doesn't like us
+ * (RST connection etc.), OpenSSL gives no explanation whatsoever and
+ * the SO_ERROR is also lost.
+ */
+ if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
+ const char * const hostname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.name : conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+ failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%ld ",
+ SSL_ERROR_to_str(detail), hostname, port);
+ return result;
+ }
+
+ /* Could be a CERT problem */
+ failf(data, "%s", error_buffer);
+
+ return result;
+ }
+ }
+ else {
+ /* we have been connected fine, we're not waiting for anything else. */
+ connssl->connecting_state = ssl_connect_3;
+
+ /* Informational message */
+ infof(data, "SSL connection using %s / %s\n",
+ get_ssl_version_txt(BACKEND->handle),
+ SSL_get_cipher(BACKEND->handle));
+
+#ifdef HAS_ALPN
+ /* Sets data and len to negotiated protocol, len is 0 if no protocol was
+ * negotiated
+ */
+ if(conn->bits.tls_enable_alpn) {
+ const unsigned char *neg_protocol;
+ unsigned int len;
+ SSL_get0_alpn_selected(BACKEND->handle, &neg_protocol, &len);
+ if(len != 0) {
+ infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
+
+#ifdef USE_NGHTTP2
+ if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
+ !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(len == ALPN_HTTP_1_1_LENGTH &&
+ !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ }
+ else
+ infof(data, "ALPN, server did not agree to a protocol\n");
+ }
+#endif
+
+ return CURLE_OK;
+ }
+}
+
+static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
+{
+ int i, ilen;
+
+ ilen = (int)len;
+ if(ilen < 0)
+ return 1; /* buffer too big */
+
+ i = i2t_ASN1_OBJECT(buf, ilen, a);
+
+ if(i >= ilen)
+ return 1; /* buffer too small */
+
+ return 0;
+}
+
+#define push_certinfo(_label, _num) \
+do { \
+ long info_len = BIO_get_mem_data(mem, &ptr); \
+ Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
+ if(1 != BIO_reset(mem)) \
+ break; \
+} WHILE_FALSE
+
+static void pubkey_show(struct Curl_easy *data,
+ BIO *mem,
+ int num,
+ const char *type,
+ const char *name,
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ const
+#endif
+ BIGNUM *bn)
+{
+ char *ptr;
+ char namebuf[32];
+
+ snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
+
+ if(bn)
+ BN_print(mem, bn);
+ push_certinfo(namebuf, num);
+}
+
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+#define print_pubkey_BN(_type, _name, _num) \
+ pubkey_show(data, mem, _num, #_type, #_name, _name)
+
+#else
+#define print_pubkey_BN(_type, _name, _num) \
+do { \
+ if(_type->_name) { \
+ pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
+ } \
+} WHILE_FALSE
+#endif
+
+static int X509V3_ext(struct Curl_easy *data,
+ int certnum,
+ CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
+{
+ int i;
+ size_t j;
+
+ if((int)sk_X509_EXTENSION_num(exts) <= 0)
+ /* no extensions, bail out */
+ return 1;
+
+ for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+ BUF_MEM *biomem;
+ char buf[512];
+ char *ptr = buf;
+ char namebuf[128];
+ BIO *bio_out = BIO_new(BIO_s_mem());
+
+ if(!bio_out)
+ return 1;
+
+ obj = X509_EXTENSION_get_object(ext);
+
+ asn1_object_dump(obj, namebuf, sizeof(namebuf));
+
+ if(!X509V3_EXT_print(bio_out, ext, 0, 0))
+ ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
+
+ BIO_get_mem_ptr(bio_out, &biomem);
+
+ for(j = 0; j < (size_t)biomem->length; j++) {
+ const char *sep = "";
+ if(biomem->data[j] == '\n') {
+ sep = ", ";
+ j++; /* skip the newline */
+ };
+ while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
+ j++;
+ if(j<(size_t)biomem->length)
+ ptr += snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
+ biomem->data[j]);
+ }
+
+ Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
+
+ BIO_free(bio_out);
+
+ }
+ return 0; /* all is fine */
+}
+
+static CURLcode get_cert_chain(struct connectdata *conn,
+ struct ssl_connect_data *connssl)
+
+{
+ CURLcode result;
+ STACK_OF(X509) *sk;
+ int i;
+ struct Curl_easy *data = conn->data;
+ int numcerts;
+ BIO *mem;
+
+ sk = SSL_get_peer_cert_chain(BACKEND->handle);
+ if(!sk) {
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ numcerts = sk_X509_num(sk);
+
+ result = Curl_ssl_init_certinfo(data, numcerts);
+ if(result) {
+ return result;
+ }
+
+ mem = BIO_new(BIO_s_mem());
+
+ for(i = 0; i < numcerts; i++) {
+ ASN1_INTEGER *num;
+ X509 *x = sk_X509_value(sk, i);
+ EVP_PKEY *pubkey = NULL;
+ int j;
+ char *ptr;
+ const ASN1_BIT_STRING *psig = NULL;
+
+ X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+ push_certinfo("Subject", i);
+
+ X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+ push_certinfo("Issuer", i);
+
+ BIO_printf(mem, "%lx", X509_get_version(x));
+ push_certinfo("Version", i);
+
+ num = X509_get_serialNumber(x);
+ if(num->type == V_ASN1_NEG_INTEGER)
+ BIO_puts(mem, "-");
+ for(j = 0; j < num->length; j++)
+ BIO_printf(mem, "%02x", num->data[j]);
+ push_certinfo("Serial Number", i);
+
+#if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
+ {
+ const X509_ALGOR *palg = NULL;
+ ASN1_STRING *a = ASN1_STRING_new();
+ if(a) {
+ X509_get0_signature(&psig, &palg, x);
+ X509_signature_print(mem, palg, a);
+ ASN1_STRING_free(a);
+
+ if(palg) {
+ i2a_ASN1_OBJECT(mem, palg->algorithm);
+ push_certinfo("Public Key Algorithm", i);
+ }
+ }
+ X509V3_ext(data, i, X509_get0_extensions(x));
+ }
+#else
+ {
+ /* before OpenSSL 1.0.2 */
+ X509_CINF *cinf = x->cert_info;
+
+ i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
+ push_certinfo("Signature Algorithm", i);
+
+ i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
+ push_certinfo("Public Key Algorithm", i);
+
+ X509V3_ext(data, i, cinf->extensions);
+
+ psig = x->signature;
+ }
+#endif
+
+ ASN1_TIME_print(mem, X509_get0_notBefore(x));
+ push_certinfo("Start date", i);
+
+ ASN1_TIME_print(mem, X509_get0_notAfter(x));
+ push_certinfo("Expire date", i);
+
+ pubkey = X509_get_pubkey(x);
+ if(!pubkey)
+ infof(data, " Unable to load public key\n");
+ else {
+ int pktype;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ pktype = EVP_PKEY_id(pubkey);
+#else
+ pktype = pubkey->type;
+#endif
+ switch(pktype) {
+ case EVP_PKEY_RSA:
+ {
+ RSA *rsa;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ rsa = EVP_PKEY_get0_RSA(pubkey);
+#else
+ rsa = pubkey->pkey.rsa;
+#endif
+
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ {
+ const BIGNUM *n;
+ const BIGNUM *e;
+
+ RSA_get0_key(rsa, &n, &e, NULL);
+ BN_print(mem, n);
+ push_certinfo("RSA Public Key", i);
+ print_pubkey_BN(rsa, n, i);
+ print_pubkey_BN(rsa, e, i);
+ }
+#else
+ BIO_printf(mem, "%d", BN_num_bits(rsa->n));
+ push_certinfo("RSA Public Key", i);
+ print_pubkey_BN(rsa, n, i);
+ print_pubkey_BN(rsa, e, i);
+#endif
+
+ break;
+ }
+ case EVP_PKEY_DSA:
+ {
+#ifndef OPENSSL_NO_DSA
+ DSA *dsa;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ dsa = EVP_PKEY_get0_DSA(pubkey);
+#else
+ dsa = pubkey->pkey.dsa;
+#endif
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ {
+ const BIGNUM *p;
+ const BIGNUM *q;
+ const BIGNUM *g;
+ const BIGNUM *pub_key;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, NULL);
+
+ print_pubkey_BN(dsa, p, i);
+ print_pubkey_BN(dsa, q, i);
+ print_pubkey_BN(dsa, g, i);
+ print_pubkey_BN(dsa, pub_key, i);
+ }
+#else
+ print_pubkey_BN(dsa, p, i);
+ print_pubkey_BN(dsa, q, i);
+ print_pubkey_BN(dsa, g, i);
+ print_pubkey_BN(dsa, pub_key, i);
+#endif
+#endif /* !OPENSSL_NO_DSA */
+ break;
+ }
+ case EVP_PKEY_DH:
+ {
+ DH *dh;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ dh = EVP_PKEY_get0_DH(pubkey);
+#else
+ dh = pubkey->pkey.dh;
+#endif
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ {
+ const BIGNUM *p;
+ const BIGNUM *q;
+ const BIGNUM *g;
+ const BIGNUM *pub_key;
+ DH_get0_pqg(dh, &p, &q, &g);
+ DH_get0_key(dh, &pub_key, NULL);
+ print_pubkey_BN(dh, p, i);
+ print_pubkey_BN(dh, q, i);
+ print_pubkey_BN(dh, g, i);
+ print_pubkey_BN(dh, pub_key, i);
+ }
+#else
+ print_pubkey_BN(dh, p, i);
+ print_pubkey_BN(dh, g, i);
+ print_pubkey_BN(dh, pub_key, i);
+#endif
+ break;
+ }
+#if 0
+ case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
+ /* left TODO */
+ break;
+#endif
+ }
+ EVP_PKEY_free(pubkey);
+ }
+
+ if(psig) {
+ for(j = 0; j < psig->length; j++)
+ BIO_printf(mem, "%02x:", psig->data[j]);
+ push_certinfo("Signature", i);
+ }
+
+ PEM_write_bio_X509(mem, x);
+ push_certinfo("Cert", i);
+ }
+
+ BIO_free(mem);
+
+ return CURLE_OK;
+}
+
+/*
+ * Heavily modified from:
+ * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
+ */
+static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
+ const char *pinnedpubkey)
+{
+ /* Scratch */
+ int len1 = 0, len2 = 0;
+ unsigned char *buff1 = NULL, *temp = NULL;
+
+ /* Result is returned to caller */
+ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+
+ /* if a path wasn't specified, don't pin */
+ if(!pinnedpubkey)
+ return CURLE_OK;
+
+ if(!cert)
+ return result;
+
+ do {
+ /* Begin Gyrations to get the subjectPublicKeyInfo */
+ /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
+
+ /* https://groups.google.com/group/mailing.openssl.users/browse_thread
+ /thread/d61858dae102c6c7 */
+ len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
+ if(len1 < 1)
+ break; /* failed */
+
+ /* https://www.openssl.org/docs/crypto/buffer.html */
+ buff1 = temp = malloc(len1);
+ if(!buff1)
+ break; /* failed */
+
+ /* https://www.openssl.org/docs/crypto/d2i_X509.html */
+ len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
+
+ /*
+ * These checks are verifying we got back the same values as when we
+ * sized the buffer. It's pretty weak since they should always be the
+ * same. But it gives us something to test.
+ */
+ if((len1 != len2) || !temp || ((temp - buff1) != len1))
+ break; /* failed */
+
+ /* End Gyrations */
+
+ /* The one good exit point */
+ result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
+ } while(0);
+
+ /* https://www.openssl.org/docs/crypto/buffer.html */
+ if(buff1)
+ free(buff1);
+
+ return result;
+}
+
+/*
+ * Get the server cert, verify it and show it etc, only call failf() if the
+ * 'strict' argument is TRUE as otherwise all this is for informational
+ * purposes only!
+ *
+ * We check certificates to authenticate the server; otherwise we risk
+ * man-in-the-middle attack.
+ */
+static CURLcode servercert(struct connectdata *conn,
+ struct ssl_connect_data *connssl,
+ bool strict)
+{
+ CURLcode result = CURLE_OK;
+ int rc;
+ long lerr, len;
+ struct Curl_easy *data = conn->data;
+ X509 *issuer;
+ FILE *fp;
+ char buffer[2048];
+ const char *ptr;
+ long * const certverifyresult = SSL_IS_PROXY() ?
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ BIO *mem = BIO_new(BIO_s_mem());
+
+ if(data->set.ssl.certinfo)
+ /* we've been asked to gather certificate info! */
+ (void)get_cert_chain(conn, connssl);
+
+ BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
+ if(!BACKEND->server_cert) {
+ BIO_free(mem);
+ if(!strict)
+ return CURLE_OK;
+
+ failf(data, "SSL: couldn't get peer certificate!");
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server");
+
+ rc = x509_name_oneline(X509_get_subject_name(BACKEND->server_cert),
+ buffer, sizeof(buffer));
+ infof(data, " subject: %s\n", rc?"[NONE]":buffer);
+
+ ASN1_TIME_print(mem, X509_get0_notBefore(BACKEND->server_cert));
+ len = BIO_get_mem_data(mem, (char **) &ptr);
+ infof(data, " start date: %.*s\n", len, ptr);
+ (void)BIO_reset(mem);
+
+ ASN1_TIME_print(mem, X509_get0_notAfter(BACKEND->server_cert));
+ len = BIO_get_mem_data(mem, (char **) &ptr);
+ infof(data, " expire date: %.*s\n", len, ptr);
+ (void)BIO_reset(mem);
+
+ BIO_free(mem);
+
+ if(SSL_CONN_CONFIG(verifyhost)) {
+ result = verifyhost(conn, BACKEND->server_cert);
+ if(result) {
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ return result;
+ }
+ }
+
+ rc = x509_name_oneline(X509_get_issuer_name(BACKEND->server_cert),
+ buffer, sizeof(buffer));
+ if(rc) {
+ if(strict)
+ failf(data, "SSL: couldn't get X509-issuer name!");
+ result = CURLE_SSL_CONNECT_ERROR;
+ }
+ else {
+ infof(data, " issuer: %s\n", buffer);
+
+ /* We could do all sorts of certificate verification stuff here before
+ deallocating the certificate. */
+
+ /* e.g. match issuer name with provided issuer certificate */
+ if(SSL_SET_OPTION(issuercert)) {
+ fp = fopen(SSL_SET_OPTION(issuercert), FOPEN_READTEXT);
+ if(!fp) {
+ if(strict)
+ failf(data, "SSL: Unable to open issuer cert (%s)",
+ SSL_SET_OPTION(issuercert));
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+
+ issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
+ if(!issuer) {
+ if(strict)
+ failf(data, "SSL: Unable to read issuer cert (%s)",
+ SSL_SET_OPTION(issuercert));
+ X509_free(BACKEND->server_cert);
+ X509_free(issuer);
+ fclose(fp);
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+
+ fclose(fp);
+
+ if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) {
+ if(strict)
+ failf(data, "SSL: Certificate issuer check failed (%s)",
+ SSL_SET_OPTION(issuercert));
+ X509_free(BACKEND->server_cert);
+ X509_free(issuer);
+ BACKEND->server_cert = NULL;
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+
+ infof(data, " SSL certificate issuer check ok (%s)\n",
+ SSL_SET_OPTION(issuercert));
+ X509_free(issuer);
+ }
+
+ lerr = *certverifyresult = SSL_get_verify_result(BACKEND->handle);
+
+ if(*certverifyresult != X509_V_OK) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ /* We probably never reach this, because SSL_connect() will fail
+ and we return earlier if verifypeer is set? */
+ if(strict)
+ failf(data, "SSL certificate verify result: %s (%ld)",
+ X509_verify_cert_error_string(lerr), lerr);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else
+ infof(data, " SSL certificate verify result: %s (%ld),"
+ " continuing anyway.\n",
+ X509_verify_cert_error_string(lerr), lerr);
+ }
+ else
+ infof(data, " SSL certificate verify ok.\n");
+ }
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+ if(SSL_CONN_CONFIG(verifystatus)) {
+ result = verifystatus(conn, connssl);
+ if(result) {
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ return result;
+ }
+ }
+#endif
+
+ if(!strict)
+ /* when not strict, we don't bother about the verify cert problems */
+ result = CURLE_OK;
+
+ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+ if(!result && ptr) {
+ result = pkp_pin_peer_pubkey(data, BACKEND->server_cert, ptr);
+ if(result)
+ failf(data, "SSL: public key does not match pinned public key!");
+ }
+
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ connssl->connecting_state = ssl_connect_done;
+
+ return result;
+}
+
+static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
+{
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ bool incache;
+ SSL_SESSION *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
+
+ our_ssl_sessionid = SSL_get1_session(BACKEND->handle);
+
+ /* SSL_get1_session() will increment the reference count and the session
+ will stay in memory until explicitly freed with SSL_SESSION_free(3),
+ regardless of its state. */
+
+ Curl_ssl_sessionid_lock(conn);
+ incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
+ sockindex));
+ if(incache) {
+ if(old_ssl_sessionid != our_ssl_sessionid) {
+ infof(data, "old SSL session ID is stale, removing\n");
+ Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ incache = FALSE;
+ }
+ }
+
+ if(!incache) {
+ result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
+ 0 /* unknown size */, sockindex);
+ if(result) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "failed to store ssl session");
+ return result;
+ }
+ }
+ else {
+ /* Session was incache, so refcount already incremented earlier.
+ * Avoid further increments with each SSL_get1_session() call.
+ * This does not free the session as refcount remains > 0
+ */
+ SSL_SESSION_free(our_ssl_sessionid);
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ /*
+ * We check certificates to authenticate the server; otherwise we risk
+ * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
+ * verify the peer ignore faults and failures from the server cert
+ * operations.
+ */
+
+ result = servercert(conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
+ SSL_CONN_CONFIG(verifyhost)));
+
+ if(!result)
+ connssl->connecting_state = ssl_connect_done;
+
+ return result;
+}
+
+static Curl_recv ossl_recv;
+static Curl_send ossl_send;
+
+static CURLcode ossl_connect_common(struct connectdata *conn,
+ int sockindex,
+ bool nonblocking,
+ bool *done)
+{
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ curl_socket_t sockfd = conn->sock[sockindex];
+ time_t timeout_ms;
+ int what;
+
+ /* check if the connection has already been established */
+ if(ssl_connection_complete == connssl->state) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ if(ssl_connect_1 == connssl->connecting_state) {
+ /* Find out how much more time we're allowed */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ result = ossl_connect_step1(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ while(ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state) {
+
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ /* if ssl is expecting something, check if it's available. */
+ if(connssl->connecting_state == ssl_connect_2_reading ||
+ connssl->connecting_state == ssl_connect_2_writing) {
+
+ curl_socket_t writefd = ssl_connect_2_writing ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+ curl_socket_t readfd = ssl_connect_2_reading ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking?0:timeout_ms);
+ if(what < 0) {
+ /* fatal error */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ if(0 == what) {
+ if(nonblocking) {
+ *done = FALSE;
+ return CURLE_OK;
+ }
+ /* timeout */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ /* socket is readable or writable */
+ }
+
+ /* Run transaction, and return to the caller if it failed or if this
+ * connection is done nonblocking and this loop would execute again. This
+ * permits the owner of a multi handle to abort a connection attempt
+ * before step2 has completed while ensuring that a client using select()
+ * or epoll() will always have a valid fdset to wait on.
+ */
+ result = ossl_connect_step2(conn, sockindex);
+ if(result || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return result;
+
+ } /* repeat step2 until all transactions are done. */
+
+ if(ssl_connect_3 == connssl->connecting_state) {
+ result = ossl_connect_step3(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ if(ssl_connect_done == connssl->connecting_state) {
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = ossl_recv;
+ conn->send[sockindex] = ossl_send;
+ *done = TRUE;
+ }
+ else
+ *done = FALSE;
+
+ /* Reset our connect state machine */
+ connssl->connecting_state = ssl_connect_1;
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
+ int sockindex,
+ bool *done)
+{
+ return ossl_connect_common(conn, sockindex, TRUE, done);
+}
+
+static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+ bool done = FALSE;
+
+ result = ossl_connect_common(conn, sockindex, FALSE, &done);
+ if(result)
+ return result;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+static bool Curl_ossl_data_pending(const struct connectdata *conn,
+ int connindex)
+{
+ const struct ssl_connect_data *connssl = &conn->ssl[connindex];
+ const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex];
+ if(BACKEND->handle)
+ /* SSL is in use */
+ return (0 != SSL_pending(BACKEND->handle) ||
+ (proxyssl->backend->handle &&
+ 0 != SSL_pending(proxyssl->backend->handle))) ?
+ TRUE : FALSE;
+ return FALSE;
+}
+
+static size_t Curl_ossl_version(char *buffer, size_t size);
+
+static ssize_t ossl_send(struct connectdata *conn,
+ int sockindex,
+ const void *mem,
+ size_t len,
+ CURLcode *curlcode)
+{
+ /* SSL_write() is said to return 'int' while write() and send() returns
+ 'size_t' */
+ int err;
+ char error_buffer[256];
+ unsigned long sslerror;
+ int memlen;
+ int rc;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ ERR_clear_error();
+
+ memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
+ rc = SSL_write(BACKEND->handle, mem, memlen);
+
+ if(rc <= 0) {
+ err = SSL_get_error(BACKEND->handle, rc);
+
+ switch(err) {
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ /* The operation did not complete; the same TLS/SSL I/O function
+ should be called again later. This is basically an EWOULDBLOCK
+ equivalent. */
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ case SSL_ERROR_SYSCALL:
+ failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
+ SOCKERRNO);
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ case SSL_ERROR_SSL:
+ /* A failure in the SSL library occurred, usually a protocol error.
+ The OpenSSL error queue contains more information on the error. */
+ sslerror = ERR_get_error();
+ if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL &&
+ ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET &&
+ conn->ssl[sockindex].state == ssl_connection_complete &&
+ conn->proxy_ssl[sockindex].state == ssl_connection_complete) {
+ char ver[120];
+ Curl_ossl_version(ver, 120);
+ failf(conn->data, "Error: %s does not support double SSL tunneling.",
+ ver);
+ }
+ else
+ failf(conn->data, "SSL_write() error: %s",
+ ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ }
+ /* a true error */
+ failf(conn->data, OSSL_PACKAGE " SSL_write: %s, errno %d",
+ SSL_ERROR_to_str(err), SOCKERRNO);
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ }
+ *curlcode = CURLE_OK;
+ return (ssize_t)rc; /* number of bytes */
+}
+
+static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
+ int num, /* socketindex */
+ char *buf, /* store read data here */
+ size_t buffersize, /* max amount to read */
+ CURLcode *curlcode)
+{
+ char error_buffer[256];
+ unsigned long sslerror;
+ ssize_t nread;
+ int buffsize;
+ struct ssl_connect_data *connssl = &conn->ssl[num];
+
+ ERR_clear_error();
+
+ buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+ nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
+ if(nread <= 0) {
+ /* failed SSL_read */
+ int err = SSL_get_error(BACKEND->handle, (int)nread);
+
+ switch(err) {
+ case SSL_ERROR_NONE: /* this is not an error */
+ case SSL_ERROR_ZERO_RETURN: /* no more data */
+ break;
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ /* there's data pending, re-invoke SSL_read() */
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ default:
+ /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
+ value/errno" */
+ /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
+ sslerror = ERR_get_error();
+ if((nread < 0) || sslerror) {
+ /* If the return code was negative or there actually is an error in the
+ queue */
+ failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d",
+ (sslerror ?
+ ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)) :
+ SSL_ERROR_to_str(err)),
+ SOCKERRNO);
+ *curlcode = CURLE_RECV_ERROR;
+ return -1;
+ }
+ }
+ }
+ return nread;
+}
+
+static size_t Curl_ossl_version(char *buffer, size_t size)
+{
+#ifdef OPENSSL_IS_BORINGSSL
+ return snprintf(buffer, size, OSSL_PACKAGE);
+#else /* OPENSSL_IS_BORINGSSL */
+ char sub[3];
+ unsigned long ssleay_value;
+ sub[2]='\0';
+ sub[1]='\0';
+ ssleay_value = OpenSSL_version_num();
+ if(ssleay_value < 0x906000) {
+ ssleay_value = SSLEAY_VERSION_NUMBER;
+ sub[0]='\0';
+ }
+ else {
+ if(ssleay_value&0xff0) {
+ int minor_ver = (ssleay_value >> 4) & 0xff;
+ if(minor_ver > 26) {
+ /* handle extended version introduced for 0.9.8za */
+ sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
+ sub[0] = 'z';
+ }
+ else {
+ sub[0] = (char) (minor_ver + 'a' - 1);
+ }
+ }
+ else
+ sub[0]='\0';
+ }
+
+ return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
+ OSSL_PACKAGE,
+ (ssleay_value>>28)&0xf,
+ (ssleay_value>>20)&0xff,
+ (ssleay_value>>12)&0xff,
+ sub);
+#endif /* OPENSSL_IS_BORINGSSL */
+}
+
+/* can be called with data == NULL */
+static CURLcode Curl_ossl_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
+{
+ int rc;
+ if(data) {
+ if(Curl_ossl_seed(data)) /* Initiate the seed if not already done */
+ return CURLE_FAILED_INIT; /* couldn't seed for some reason */
+ }
+ else {
+ if(!rand_enough())
+ return CURLE_FAILED_INIT;
+ }
+ /* RAND_bytes() returns 1 on success, 0 otherwise. */
+ rc = RAND_bytes(entropy, curlx_uztosi(length));
+ return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT);
+}
+
+static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum /* output */,
+ size_t unused)
+{
+ MD5_CTX MD5pw;
+ (void)unused;
+ MD5_Init(&MD5pw);
+ MD5_Update(&MD5pw, tmp, tmplen);
+ MD5_Final(md5sum, &MD5pw);
+ return CURLE_OK;
+}
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
+static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum /* output */,
+ size_t unused)
+{
+ SHA256_CTX SHA256pw;
+ (void)unused;
+ SHA256_Init(&SHA256pw);
+ SHA256_Update(&SHA256pw, tmp, tmplen);
+ SHA256_Final(sha256sum, &SHA256pw);
+}
+#endif
+
+static bool Curl_ossl_cert_status_request(void)
+{
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}
+
+static void *Curl_ossl_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info)
+{
+ /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
+ return info == CURLINFO_TLS_SESSION ?
+ (void *)BACKEND->ctx : (void *)BACKEND->handle;
+}
+
+const struct Curl_ssl Curl_ssl_openssl = {
+ { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
+
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 1, /* have_ssl_ctx */
+ 1, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_ossl_init, /* init */
+ Curl_ossl_cleanup, /* cleanup */
+ Curl_ossl_version, /* version */
+ Curl_ossl_check_cxn, /* check_cxn */
+ Curl_ossl_shutdown, /* shutdown */
+ Curl_ossl_data_pending, /* data_pending */
+ Curl_ossl_random, /* random */
+ Curl_ossl_cert_status_request, /* cert_status_request */
+ Curl_ossl_connect, /* connect */
+ Curl_ossl_connect_nonblocking, /* connect_nonblocking */
+ Curl_ossl_get_internals, /* get_internals */
+ Curl_ossl_close, /* close_one */
+ Curl_ossl_close_all, /* close_all */
+ Curl_ossl_session_free, /* session_free */
+ Curl_ossl_set_engine, /* set_engine */
+ Curl_ossl_set_engine_default, /* set_engine_default */
+ Curl_ossl_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_ossl_md5sum, /* md5sum */
+#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
+ Curl_ossl_sha256sum /* sha256sum */
+#else
+ NULL /* sha256sum */
+#endif
+};
+
+#endif /* USE_OPENSSL */
diff --git a/libs/libcurl/src/openssl.h b/libs/libcurl/src/openssl.h
new file mode 100644
index 0000000000..114dc4baeb
--- /dev/null
+++ b/libs/libcurl/src/openssl.h
@@ -0,0 +1,37 @@
+#ifndef HEADER_CURL_SSLUSE_H
+#define HEADER_CURL_SSLUSE_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_OPENSSL
+/*
+ * This header should only be needed to get included by vtls.c and openssl.c
+ */
+
+#include "urldata.h"
+
+extern const struct Curl_ssl Curl_ssl_openssl;
+
+#endif /* USE_OPENSSL */
+#endif /* HEADER_CURL_SSLUSE_H */
diff --git a/libs/libcurl/src/parsedate.c b/libs/libcurl/src/parsedate.c
index 1ddd0080ae..b82605bbe3 100644
--- a/libs/libcurl/src/parsedate.c
+++ b/libs/libcurl/src/parsedate.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -80,7 +80,7 @@
#endif
#include <curl/curl.h>
-#include "rawstr.h"
+#include "strcase.h"
#include "warnless.h"
#include "parsedate.h"
@@ -167,20 +167,20 @@ static const struct tzinfo tz[]= {
RFC 1123) had their signs wrong. Here we use the correct signs to match
actual military usage.
*/
- {"A", +1 * 60}, /* Alpha */
- {"B", +2 * 60}, /* Bravo */
- {"C", +3 * 60}, /* Charlie */
- {"D", +4 * 60}, /* Delta */
- {"E", +5 * 60}, /* Echo */
- {"F", +6 * 60}, /* Foxtrot */
- {"G", +7 * 60}, /* Golf */
- {"H", +8 * 60}, /* Hotel */
- {"I", +9 * 60}, /* India */
+ {"A", 1 * 60}, /* Alpha */
+ {"B", 2 * 60}, /* Bravo */
+ {"C", 3 * 60}, /* Charlie */
+ {"D", 4 * 60}, /* Delta */
+ {"E", 5 * 60}, /* Echo */
+ {"F", 6 * 60}, /* Foxtrot */
+ {"G", 7 * 60}, /* Golf */
+ {"H", 8 * 60}, /* Hotel */
+ {"I", 9 * 60}, /* India */
/* "J", Juliet is not used as a timezone, to indicate the observer's local
time */
- {"K", +10 * 60}, /* Kilo */
- {"L", +11 * 60}, /* Lima */
- {"M", +12 * 60}, /* Mike */
+ {"K", 10 * 60}, /* Kilo */
+ {"L", 11 * 60}, /* Lima */
+ {"M", 12 * 60}, /* Mike */
{"N", -1 * 60}, /* November */
{"O", -2 * 60}, /* Oscar */
{"P", -3 * 60}, /* Papa */
@@ -205,14 +205,14 @@ static int checkday(const char *check, size_t len)
{
int i;
const char * const *what;
- bool found= FALSE;
+ bool found = FALSE;
if(len > 3)
what = &weekday[0];
else
what = &Curl_wkday[0];
- for(i=0; i<7; i++) {
- if(Curl_raw_equal(check, what[0])) {
- found=TRUE;
+ for(i = 0; i<7; i++) {
+ if(strcasecompare(check, what[0])) {
+ found = TRUE;
break;
}
what++;
@@ -224,12 +224,12 @@ static int checkmonth(const char *check)
{
int i;
const char * const *what;
- bool found= FALSE;
+ bool found = FALSE;
what = &Curl_month[0];
- for(i=0; i<12; i++) {
- if(Curl_raw_equal(check, what[0])) {
- found=TRUE;
+ for(i = 0; i<12; i++) {
+ if(strcasecompare(check, what[0])) {
+ found = TRUE;
break;
}
what++;
@@ -244,12 +244,12 @@ static int checktz(const char *check)
{
unsigned int i;
const struct tzinfo *what;
- bool found= FALSE;
+ bool found = FALSE;
what = tz;
- for(i=0; i< sizeof(tz)/sizeof(tz[0]); i++) {
- if(Curl_raw_equal(check, what->name)) {
- found=TRUE;
+ for(i = 0; i< sizeof(tz)/sizeof(tz[0]); i++) {
+ if(strcasecompare(check, what->name)) {
+ found = TRUE;
break;
}
what++;
@@ -331,21 +331,21 @@ static time_t my_timegm(struct my_tm *tm)
static int parsedate(const char *date, time_t *output)
{
time_t t = 0;
- int wdaynum=-1; /* day of the week number, 0-6 (mon-sun) */
- int monnum=-1; /* month of the year number, 0-11 */
- int mdaynum=-1; /* day of month, 1 - 31 */
- int hournum=-1;
- int minnum=-1;
- int secnum=-1;
- int yearnum=-1;
- int tzoff=-1;
+ int wdaynum = -1; /* day of the week number, 0-6 (mon-sun) */
+ int monnum = -1; /* month of the year number, 0-11 */
+ int mdaynum = -1; /* day of month, 1 - 31 */
+ int hournum = -1;
+ int minnum = -1;
+ int secnum = -1;
+ int yearnum = -1;
+ int tzoff = -1;
struct my_tm tm;
enum assume dignext = DATE_MDAY;
const char *indate = date; /* save the original pointer */
int part = 0; /* max 6 parts */
while(*date && (part < 6)) {
- bool found=FALSE;
+ bool found = FALSE;
skip(&date);
@@ -353,9 +353,11 @@ static int parsedate(const char *date, time_t *output)
/* a name coming up */
char buf[32]="";
size_t len;
- sscanf(date, "%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]",
- buf);
- len = strlen(buf);
+ if(sscanf(date, "%31[ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz]", buf))
+ len = strlen(buf);
+ else
+ len = 0;
if(wdaynum == -1) {
wdaynum = checkday(buf, len);
@@ -384,15 +386,17 @@ static int parsedate(const char *date, time_t *output)
/* a digit */
int val;
char *end;
+ int len = 0;
if((secnum == -1) &&
- (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
+ (3 == sscanf(date, "%02d:%02d:%02d%n",
+ &hournum, &minnum, &secnum, &len))) {
/* time stamp! */
- date += 8;
+ date += len;
}
else if((secnum == -1) &&
- (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
+ (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
/* time stamp without seconds */
- date += 5;
+ date += len;
secnum = 0;
}
else {
@@ -400,18 +404,20 @@ static int parsedate(const char *date, time_t *output)
int error;
int old_errno;
- old_errno = ERRNO;
- SET_ERRNO(0);
+ old_errno = errno;
+ errno = 0;
lval = strtol(date, &end, 10);
- error = ERRNO;
- if(error != old_errno)
- SET_ERRNO(old_errno);
+ error = errno;
+ if(errno != old_errno)
+ errno = old_errno;
if(error)
return PARSEDATE_FAIL;
+#if LONG_MAX != INT_MAX
if((lval > (long)INT_MAX) || (lval < (long)INT_MIN))
return PARSEDATE_FAIL;
+#endif
val = curlx_sltosi(lval);
@@ -526,8 +532,10 @@ static int parsedate(const char *date, time_t *output)
/* Add the time zone diff between local time zone and GMT. */
long delta = (long)(tzoff!=-1?tzoff:0);
- if((delta>0) && (t + delta < t))
- return -1; /* time_t overflow */
+ if((delta>0) && (t > LONG_MAX - delta)) {
+ *output = 0x7fffffff;
+ return PARSEDATE_LATER; /* time_t overflow */
+ }
t += delta;
}
@@ -539,7 +547,7 @@ static int parsedate(const char *date, time_t *output)
time_t curl_getdate(const char *p, const time_t *now)
{
- time_t parsed;
+ time_t parsed = -1;
int rc = parsedate(p, &parsed);
(void)now; /* legacy argument from the past that we ignore */
@@ -557,9 +565,6 @@ time_t curl_getdate(const char *p, const time_t *now)
* Curl_gmtime() is a gmtime() replacement for portability. Do not use the
* gmtime_r() or gmtime() functions anywhere else but here.
*
- * To make sure no such function calls slip in, we define them to cause build
- * errors, which is why we use the name within parentheses in this function.
- *
*/
CURLcode Curl_gmtime(time_t intime, struct tm *store)
diff --git a/libs/libcurl/src/parsedate.h b/libs/libcurl/src/parsedate.h
index ade0f4f602..2e59eb17c2 100644
--- a/libs/libcurl/src/parsedate.h
+++ b/libs/libcurl/src/parsedate.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/pingpong.c b/libs/libcurl/src/pingpong.c
index 3ebeabe537..438856a991 100644
--- a/libs/libcurl/src/pingpong.c
+++ b/libs/libcurl/src/pingpong.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -33,26 +33,24 @@
#include "pingpong.h"
#include "multiif.h"
#include "non-ascii.h"
-#include "sslgen.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include "vtls/vtls.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
#ifdef USE_PINGPONG
/* Returns timeout in ms. 0 or negative number means the timeout has already
triggered */
-long Curl_pp_state_timeout(struct pingpong *pp)
+time_t Curl_pp_state_timeout(struct pingpong *pp)
{
struct connectdata *conn = pp->conn;
- struct SessionHandle *data=conn->data;
- long timeout_ms; /* in milliseconds */
- long timeout2_ms; /* in milliseconds */
- long response_time= (data->set.server_response_timeout)?
+ struct Curl_easy *data = conn->data;
+ time_t timeout_ms; /* in milliseconds */
+ time_t timeout2_ms; /* in milliseconds */
+ long response_time = (data->set.server_response_timeout)?
data->set.server_response_timeout: pp->response_time;
/* if CURLOPT_SERVER_RESPONSE_TIMEOUT is set, use that to determine
@@ -63,12 +61,12 @@ long Curl_pp_state_timeout(struct pingpong *pp)
/* Without a requested timeout, we only wait 'response_time' seconds for the
full response to arrive before we bail out */
timeout_ms = response_time -
- Curl_tvdiff(Curl_tvnow(), pp->response); /* spent time */
+ Curl_timediff(Curl_now(), pp->response); /* spent time */
if(data->set.timeout) {
/* if timeout is requested, find out how much remaining time we have */
timeout2_ms = data->set.timeout - /* timeout time */
- Curl_tvdiff(Curl_tvnow(), conn->now); /* spent time */
+ Curl_timediff(Curl_now(), conn->now); /* spent time */
/* pick the lowest number */
timeout_ms = CURLMIN(timeout_ms, timeout2_ms);
@@ -85,12 +83,12 @@ CURLcode Curl_pp_statemach(struct pingpong *pp, bool block)
struct connectdata *conn = pp->conn;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
int rc;
- long interval_ms;
- long timeout_ms = Curl_pp_state_timeout(pp);
- struct SessionHandle *data=conn->data;
+ time_t interval_ms;
+ time_t timeout_ms = Curl_pp_state_timeout(pp);
+ struct Curl_easy *data = conn->data;
CURLcode result = CURLE_OK;
- if(timeout_ms <=0 ) {
+ if(timeout_ms <= 0) {
failf(data, "server response timeout");
return CURLE_OPERATION_TIMEDOUT; /* already too little time */
}
@@ -103,14 +101,17 @@ CURLcode Curl_pp_statemach(struct pingpong *pp, bool block)
else
interval_ms = 0; /* immediate */
- if(Curl_pp_moredata(pp))
+ if(Curl_ssl_data_pending(conn, FIRSTSOCKET))
+ rc = 1;
+ else if(Curl_pp_moredata(pp))
/* We are receiving and there is data in the cache so just read it */
rc = 1;
else if(!pp->sendleft && Curl_ssl_data_pending(conn, FIRSTSOCKET))
/* We are receiving and there is data ready in the SSL library */
rc = 1;
else
- rc = Curl_socket_ready(pp->sendleft?CURL_SOCKET_BAD:sock, /* reading */
+ rc = Curl_socket_check(pp->sendleft?CURL_SOCKET_BAD:sock, /* reading */
+ CURL_SOCKET_BAD,
pp->sendleft?sock:CURL_SOCKET_BAD, /* writing */
interval_ms);
@@ -119,7 +120,7 @@ CURLcode Curl_pp_statemach(struct pingpong *pp, bool block)
if(Curl_pgrsUpdate(conn))
result = CURLE_ABORTED_BY_CALLBACK;
else
- result = Curl_speedcheck(data, Curl_tvnow());
+ result = Curl_speedcheck(data, Curl_now());
if(result)
return result;
@@ -142,7 +143,7 @@ void Curl_pp_init(struct pingpong *pp)
pp->nread_resp = 0;
pp->linestart_resp = conn->data->state.buffer;
pp->pending_resp = TRUE;
- pp->response = Curl_tvnow(); /* start response time-out now! */
+ pp->response = Curl_now(); /* start response time-out now! */
}
@@ -151,7 +152,7 @@ void Curl_pp_init(struct pingpong *pp)
*
* Curl_pp_vsendf()
*
- * Send the formated string as a command to a pingpong server. Note that
+ * Send the formatted string as a command to a pingpong server. Note that
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
@@ -165,18 +166,24 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
size_t write_len;
char *fmt_crlf;
char *s;
- CURLcode error;
+ CURLcode result;
struct connectdata *conn = pp->conn;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data;
#ifdef HAVE_GSSAPI
- enum protection_level data_sec = conn->data_prot;
+ enum protection_level data_sec;
#endif
DEBUGASSERT(pp->sendleft == 0);
DEBUGASSERT(pp->sendsize == 0);
DEBUGASSERT(pp->sendthis == NULL);
+ if(!conn)
+ /* can't send without a connection! */
+ return CURLE_SEND_ERROR;
+
+ data = conn->data;
+
fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */
if(!fmt_crlf)
return CURLE_OUT_OF_MEMORY;
@@ -191,26 +198,27 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
Curl_pp_init(pp);
- error = Curl_convert_to_network(data, s, write_len);
+ result = Curl_convert_to_network(data, s, write_len);
/* Curl_convert_to_network calls failf if unsuccessful */
- if(error) {
+ if(result) {
free(s);
- return error;
+ return result;
}
#ifdef HAVE_GSSAPI
conn->data_prot = PROT_CMD;
#endif
- error = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len,
+ result = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len,
&bytes_written);
#ifdef HAVE_GSSAPI
+ data_sec = conn->data_prot;
DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);
conn->data_prot = data_sec;
#endif
- if(error) {
+ if(result) {
free(s);
- return error;
+ return result;
}
if(conn->data->set.verbose)
@@ -227,7 +235,7 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
free(s);
pp->sendthis = NULL;
pp->sendleft = pp->sendsize = 0;
- pp->response = Curl_tvnow();
+ pp->response = Curl_now();
}
return CURLE_OK;
@@ -238,7 +246,7 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
*
* Curl_pp_sendf()
*
- * Send the formated string as a command to a pingpong server. Note that
+ * Send the formatted string as a command to a pingpong server. Note that
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
@@ -247,15 +255,15 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
CURLcode Curl_pp_sendf(struct pingpong *pp,
const char *fmt, ...)
{
- CURLcode res;
+ CURLcode result;
va_list ap;
va_start(ap, fmt);
- res = Curl_pp_vsendf(pp, fmt, ap);
+ result = Curl_pp_vsendf(pp, fmt, ap);
va_end(ap);
- return res;
+ return result;
}
/*
@@ -269,25 +277,24 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
size_t *size) /* size of the response */
{
ssize_t perline; /* count bytes per line */
- bool keepon=TRUE;
+ bool keepon = TRUE;
ssize_t gotbytes;
char *ptr;
struct connectdata *conn = pp->conn;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
char * const buf = data->state.buffer;
CURLcode result = CURLE_OK;
*code = 0; /* 0 for errors or not done */
*size = 0;
- ptr=buf + pp->nread_resp;
+ ptr = buf + pp->nread_resp;
/* number of bytes in the current line, so far */
perline = (ssize_t)(ptr-pp->linestart_resp);
- keepon=TRUE;
-
- while((pp->nread_resp<BUFSIZE) && (keepon && !result)) {
+ while((pp->nread_resp < (size_t)data->set.buffer_size) &&
+ (keepon && !result)) {
if(pp->cache) {
/* we had data in the "cache", copy that instead of doing an actual
@@ -297,7 +304,7 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
* it would have been populated with something of size int to begin
* with, even though its datatype may be larger than an int.
*/
- DEBUGASSERT((ptr+pp->cache_size) <= (buf+BUFSIZE+1));
+ DEBUGASSERT((ptr + pp->cache_size) <= (buf + data->set.buffer_size + 1));
memcpy(ptr, pp->cache, pp->cache_size);
gotbytes = (ssize_t)pp->cache_size;
free(pp->cache); /* free the cache */
@@ -305,30 +312,30 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
pp->cache_size = 0; /* zero the size just in case */
}
else {
- int res;
#ifdef HAVE_GSSAPI
enum protection_level prot = conn->data_prot;
conn->data_prot = PROT_CLEAR;
#endif
- DEBUGASSERT((ptr+BUFSIZE-pp->nread_resp) <= (buf+BUFSIZE+1));
- res = Curl_read(conn, sockfd, ptr, BUFSIZE-pp->nread_resp,
- &gotbytes);
+ DEBUGASSERT((ptr + data->set.buffer_size - pp->nread_resp) <=
+ (buf + data->set.buffer_size + 1));
+ result = Curl_read(conn, sockfd, ptr,
+ data->set.buffer_size - pp->nread_resp,
+ &gotbytes);
#ifdef HAVE_GSSAPI
DEBUGASSERT(prot > PROT_NONE && prot < PROT_LAST);
conn->data_prot = prot;
#endif
- if(res == CURLE_AGAIN)
+ if(result == CURLE_AGAIN)
return CURLE_OK; /* return */
- if((res == CURLE_OK) && (gotbytes > 0))
+ if(!result && (gotbytes > 0))
/* convert from the network encoding */
- res = Curl_convert_from_network(data, ptr, gotbytes);
+ result = Curl_convert_from_network(data, ptr, gotbytes);
/* Curl_convert_from_network calls failf if unsuccessful */
- if(CURLE_OK != res) {
- result = (CURLcode)res; /* Set outer result variable to this error. */
+ if(result)
+ /* Set outer result variable to this error. */
keepon = FALSE;
- }
}
if(!keepon)
@@ -351,7 +358,7 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
pp->nread_resp += gotbytes;
for(i = 0; i < gotbytes; ptr++, i++) {
perline++;
- if(*ptr=='\n') {
+ if(*ptr == '\n') {
/* a newline is CRLF in pp-talk, so the CR is ignored as
the line isn't really terminated until the LF comes */
@@ -376,21 +383,19 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
if(pp->endofresp(conn, pp->linestart_resp, perline, code)) {
/* This is the end of the last line, copy the last line to the
start of the buffer and zero terminate, for old times sake */
- char *meow;
- int n;
- for(meow=pp->linestart_resp, n=0; meow<ptr; meow++, n++)
- buf[n] = *meow;
- *meow=0; /* zero terminate */
- keepon=FALSE;
- pp->linestart_resp = ptr+1; /* advance pointer */
+ size_t n = ptr - pp->linestart_resp;
+ memmove(buf, pp->linestart_resp, n);
+ buf[n] = 0; /* zero terminate */
+ keepon = FALSE;
+ pp->linestart_resp = ptr + 1; /* advance pointer */
i++; /* skip this before getting out */
*size = pp->nread_resp; /* size of the response */
pp->nread_resp = 0; /* restart */
break;
}
- perline=0; /* line starts over here */
- pp->linestart_resp = ptr+1;
+ perline = 0; /* line starts over here */
+ pp->linestart_resp = ptr + 1;
}
}
@@ -407,7 +412,7 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
}
else if(keepon) {
- if((perline == gotbytes) && (gotbytes > BUFSIZE/2)) {
+ if((perline == gotbytes) && (gotbytes > data->set.buffer_size/2)) {
/* We got an excessive line without newlines and we need to deal
with it. We keep the first bytes of the line then we throw
away the rest. */
@@ -419,7 +424,7 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
interested in the first piece */
clipamount = 40;
}
- else if(pp->nread_resp > BUFSIZE/2) {
+ else if(pp->nread_resp > (size_t)data->set.buffer_size/2) {
/* We got a large chunk of data and there's potentially still
trailing data to take care of, so we put any such part in the
"cache", clear the buffer to make space and restart. */
@@ -480,11 +485,9 @@ CURLcode Curl_pp_flushsend(struct pingpong *pp)
/* we have a piece of a command still left to send */
struct connectdata *conn = pp->conn;
ssize_t written;
- CURLcode result = CURLE_OK;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
-
- result = Curl_write(conn, sock, pp->sendthis + pp->sendsize -
- pp->sendleft, pp->sendleft, &written);
+ CURLcode result = Curl_write(conn, sock, pp->sendthis + pp->sendsize -
+ pp->sendleft, pp->sendleft, &written);
if(result)
return result;
@@ -494,19 +497,17 @@ CURLcode Curl_pp_flushsend(struct pingpong *pp)
}
else {
free(pp->sendthis);
- pp->sendthis=NULL;
+ pp->sendthis = NULL;
pp->sendleft = pp->sendsize = 0;
- pp->response = Curl_tvnow();
+ pp->response = Curl_now();
}
return CURLE_OK;
}
CURLcode Curl_pp_disconnect(struct pingpong *pp)
{
- if(pp->cache) {
- free(pp->cache);
- pp->cache = NULL;
- }
+ free(pp->cache);
+ pp->cache = NULL;
return CURLE_OK;
}
diff --git a/libs/libcurl/src/pingpong.h b/libs/libcurl/src/pingpong.h
index b925ab98e1..5ac8df876e 100644
--- a/libs/libcurl/src/pingpong.h
+++ b/libs/libcurl/src/pingpong.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -58,8 +58,8 @@ struct pingpong {
server */
size_t sendleft; /* number of bytes left to send from the sendthis buffer */
size_t sendsize; /* total size of the sendthis buffer */
- struct timeval response; /* set to Curl_tvnow() when a command has been sent
- off, used to time-out response reading */
+ struct curltime response; /* set to Curl_now() when a command has been sent
+ off, used to time-out response reading */
long response_time; /* When no timeout is given, this is the amount of
milliseconds we await for a server response. */
@@ -88,14 +88,14 @@ void Curl_pp_init(struct pingpong *pp);
/* Returns timeout in ms. 0 or negative number means the timeout has already
triggered */
-long Curl_pp_state_timeout(struct pingpong *pp);
+time_t Curl_pp_state_timeout(struct pingpong *pp);
/***********************************************************************
*
* Curl_pp_sendf()
*
- * Send the formated string as a command to a pingpong server. Note that
+ * Send the formatted string as a command to a pingpong server. Note that
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
@@ -108,7 +108,7 @@ CURLcode Curl_pp_sendf(struct pingpong *pp,
*
* Curl_pp_vsendf()
*
- * Send the formated string as a command to a pingpong server. Note that
+ * Send the formatted string as a command to a pingpong server. Note that
* the string should not have any CRLF appended, as this function will
* append the necessary things itself.
*
diff --git a/libs/libcurl/src/pipeline.c b/libs/libcurl/src/pipeline.c
index 418058afa0..4d41b04139 100644
--- a/libs/libcurl/src/pipeline.c
+++ b/libs/libcurl/src/pipeline.c
@@ -6,11 +6,11 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2013, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2013 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -31,36 +31,32 @@
#include "multiif.h"
#include "pipeline.h"
#include "sendf.h"
-#include "rawstr.h"
-#include "bundles.h"
+#include "strcase.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
struct site_blacklist_entry {
- char *hostname;
+ struct curl_llist_element list;
unsigned short port;
+ char hostname[1];
};
static void site_blacklist_llist_dtor(void *user, void *element)
{
struct site_blacklist_entry *entry = element;
(void)user;
-
- Curl_safefree(entry->hostname);
- Curl_safefree(entry);
+ free(entry);
}
static void server_blacklist_llist_dtor(void *user, void *element)
{
- char *server_name = element;
(void)user;
-
- Curl_safefree(server_name);
+ free(element);
}
-bool Curl_pipeline_penalized(struct SessionHandle *data,
+bool Curl_pipeline_penalized(struct Curl_easy *data,
struct connectdata *conn)
{
if(data) {
@@ -72,8 +68,8 @@ bool Curl_pipeline_penalized(struct SessionHandle *data,
curl_off_t recv_size = -2; /* Make it easy to spot in the log */
/* Find the head of the recv pipe, if any */
- if(conn->recv_pipe && conn->recv_pipe->head) {
- struct SessionHandle *recv_handle = conn->recv_pipe->head->ptr;
+ if(conn->recv_pipe.head) {
+ struct Curl_easy *recv_handle = conn->recv_pipe.head->ptr;
recv_size = recv_handle->req.size;
@@ -85,8 +81,8 @@ bool Curl_pipeline_penalized(struct SessionHandle *data,
(curl_off_t)conn->chunk.datasize > chunk_penalty_size)
penalized = TRUE;
- infof(data, "Conn: %ld (%p) Receive pipe weight: (%" FORMAT_OFF_T
- "/%zu), penalized: %s\n",
+ infof(data, "Conn: %ld (%p) Receive pipe weight: (%"
+ CURL_FORMAT_CURL_OFF_T "/%zu), penalized: %s\n",
conn->connection_id, (void *)conn, recv_size,
conn->chunk.datasize, penalized?"TRUE":"FALSE");
return penalized;
@@ -94,33 +90,37 @@ bool Curl_pipeline_penalized(struct SessionHandle *data,
return FALSE;
}
-CURLcode Curl_add_handle_to_pipeline(struct SessionHandle *handle,
+static CURLcode addHandleToPipeline(struct Curl_easy *data,
+ struct curl_llist *pipeline)
+{
+ Curl_llist_insert_next(pipeline, pipeline->tail, data,
+ &data->pipeline_queue);
+ return CURLE_OK;
+}
+
+
+CURLcode Curl_add_handle_to_pipeline(struct Curl_easy *handle,
struct connectdata *conn)
{
- struct curl_llist_element *sendhead = conn->send_pipe->head;
+ struct curl_llist_element *sendhead = conn->send_pipe.head;
struct curl_llist *pipeline;
- CURLcode rc;
+ CURLcode result;
- pipeline = conn->send_pipe;
+ pipeline = &conn->send_pipe;
- infof(conn->data, "Adding handle: conn: %p\n", (void *)conn);
- infof(conn->data, "Adding handle: send: %d\n", conn->send_pipe->size);
- infof(conn->data, "Adding handle: recv: %d\n", conn->recv_pipe->size);
- rc = Curl_addHandleToPipeline(handle, pipeline);
+ result = addHandleToPipeline(handle, pipeline);
- if(pipeline == conn->send_pipe && sendhead != conn->send_pipe->head) {
+ if(pipeline == &conn->send_pipe && sendhead != conn->send_pipe.head) {
/* this is a new one as head, expire it */
- conn->writechannel_inuse = FALSE; /* not in use yet */
-#ifdef DEBUGBUILD
- infof(conn->data, "%p is at send pipe head!\n",
- (void *)conn->send_pipe->head->ptr);
-#endif
- Curl_expire(conn->send_pipe->head->ptr, 1);
+ Curl_pipeline_leave_write(conn); /* not in use yet */
+ Curl_expire(conn->send_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
}
+#if 0 /* enable for pipeline debugging */
print_pipeline(conn);
+#endif
- return rc;
+ return result;
}
/* Move this transfer from the sending list to the receiving list.
@@ -129,26 +129,26 @@ CURLcode Curl_add_handle_to_pipeline(struct SessionHandle *handle,
checked to update what sockets it acts on.
*/
-void Curl_move_handle_from_send_to_recv_pipe(struct SessionHandle *handle,
+void Curl_move_handle_from_send_to_recv_pipe(struct Curl_easy *handle,
struct connectdata *conn)
{
struct curl_llist_element *curr;
- curr = conn->send_pipe->head;
+ curr = conn->send_pipe.head;
while(curr) {
if(curr->ptr == handle) {
- Curl_llist_move(conn->send_pipe, curr,
- conn->recv_pipe, conn->recv_pipe->tail);
+ Curl_llist_move(&conn->send_pipe, curr,
+ &conn->recv_pipe, conn->recv_pipe.tail);
- if(conn->send_pipe->head) {
+ if(conn->send_pipe.head) {
/* Since there's a new easy handle at the start of the send pipeline,
set its timeout value to 1ms to make it trigger instantly */
- conn->writechannel_inuse = FALSE; /* not used now */
+ Curl_pipeline_leave_write(conn); /* not used now */
#ifdef DEBUGBUILD
infof(conn->data, "%p is at send pipe head B!\n",
- (void *)conn->send_pipe->head->ptr);
+ (void *)conn->send_pipe.head->ptr);
#endif
- Curl_expire(conn->send_pipe->head->ptr, 1);
+ Curl_expire(conn->send_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
}
/* The receiver's list is not really interesting here since either this
@@ -161,7 +161,7 @@ void Curl_move_handle_from_send_to_recv_pipe(struct SessionHandle *handle,
}
}
-bool Curl_pipeline_site_blacklisted(struct SessionHandle *handle,
+bool Curl_pipeline_site_blacklisted(struct Curl_easy *handle,
struct connectdata *conn)
{
if(handle->multi) {
@@ -176,7 +176,7 @@ bool Curl_pipeline_site_blacklisted(struct SessionHandle *handle,
struct site_blacklist_entry *site;
site = curr->ptr;
- if(Curl_raw_equal(site->hostname, conn->host.name) &&
+ if(strcasecompare(site->hostname, conn->host.name) &&
site->port == conn->remote_port) {
infof(handle, "Site %s:%d is pipeline blacklisted\n",
conn->host.name, conn->remote_port);
@@ -190,29 +190,28 @@ bool Curl_pipeline_site_blacklisted(struct SessionHandle *handle,
}
CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
- struct curl_llist **list_ptr)
+ struct curl_llist *list)
{
- struct curl_llist *old_list = *list_ptr;
- struct curl_llist *new_list = NULL;
+ /* Free the old list */
+ if(list->size)
+ Curl_llist_destroy(list, NULL);
if(sites) {
- new_list = Curl_llist_alloc((curl_llist_dtor) site_blacklist_llist_dtor);
- if(!new_list)
- return CURLM_OUT_OF_MEMORY;
+ Curl_llist_init(list, (curl_llist_dtor) site_blacklist_llist_dtor);
/* Parse the URLs and populate the list */
while(*sites) {
- char *hostname;
char *port;
struct site_blacklist_entry *entry;
- entry = malloc(sizeof(struct site_blacklist_entry));
-
- hostname = strdup(*sites);
- if(!hostname)
+ entry = malloc(sizeof(struct site_blacklist_entry) + strlen(*sites));
+ if(!entry) {
+ Curl_llist_destroy(list, NULL);
return CURLM_OUT_OF_MEMORY;
+ }
+ strcpy(entry->hostname, *sites);
- port = strchr(hostname, ':');
+ port = strchr(entry->hostname, ':');
if(port) {
*port = '\0';
port++;
@@ -223,98 +222,167 @@ CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
entry->port = 80;
}
- entry->hostname = hostname;
-
- if(!Curl_llist_insert_next(new_list, new_list->tail, entry))
- return CURLM_OUT_OF_MEMORY;
-
+ Curl_llist_insert_next(list, list->tail, entry, &entry->list);
sites++;
}
}
- /* Free the old list */
- if(old_list) {
- Curl_llist_destroy(old_list, NULL);
- }
-
- /* This might be NULL if sites == NULL, i.e the blacklist is cleared */
- *list_ptr = new_list;
-
return CURLM_OK;
}
-bool Curl_pipeline_server_blacklisted(struct SessionHandle *handle,
+struct blacklist_node {
+ struct curl_llist_element list;
+ char server_name[1];
+};
+
+bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle,
char *server_name)
{
- if(handle->multi) {
- struct curl_llist *blacklist =
+ if(handle->multi && server_name) {
+ struct curl_llist *list =
Curl_multi_pipelining_server_bl(handle->multi);
- if(blacklist) {
- struct curl_llist_element *curr;
-
- curr = blacklist->head;
- while(curr) {
- char *bl_server_name;
-
- bl_server_name = curr->ptr;
- if(Curl_raw_nequal(bl_server_name, server_name,
- strlen(bl_server_name))) {
- infof(handle, "Server %s is blacklisted\n", server_name);
- return TRUE;
- }
- curr = curr->next;
+ struct curl_llist_element *e = list->head;
+ while(e) {
+ struct blacklist_node *bl = (struct blacklist_node *)e;
+ if(strncasecompare(bl->server_name, server_name,
+ strlen(bl->server_name))) {
+ infof(handle, "Server %s is blacklisted\n", server_name);
+ return TRUE;
}
+ e = e->next;
}
- infof(handle, "Server %s is not blacklisted\n", server_name);
+ DEBUGF(infof(handle, "Server %s is not blacklisted\n", server_name));
}
return FALSE;
}
CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
- struct curl_llist **list_ptr)
+ struct curl_llist *list)
{
- struct curl_llist *old_list = *list_ptr;
- struct curl_llist *new_list = NULL;
+ /* Free the old list */
+ if(list->size)
+ Curl_llist_destroy(list, NULL);
if(servers) {
- new_list = Curl_llist_alloc((curl_llist_dtor) server_blacklist_llist_dtor);
- if(!new_list)
- return CURLM_OUT_OF_MEMORY;
+ Curl_llist_init(list, (curl_llist_dtor) server_blacklist_llist_dtor);
/* Parse the URLs and populate the list */
while(*servers) {
- char *server_name;
-
- server_name = strdup(*servers);
- if(!server_name)
- return CURLM_OUT_OF_MEMORY;
+ struct blacklist_node *n;
+ size_t len = strlen(*servers);
- if(!Curl_llist_insert_next(new_list, new_list->tail, server_name))
+ n = malloc(sizeof(struct blacklist_node) + len);
+ if(!n) {
+ Curl_llist_destroy(list, NULL);
return CURLM_OUT_OF_MEMORY;
+ }
+ strcpy(n->server_name, *servers);
+ Curl_llist_insert_next(list, list->tail, n, &n->list);
servers++;
}
}
- /* Free the old list */
- if(old_list) {
- Curl_llist_destroy(old_list, NULL);
+
+ return CURLM_OK;
+}
+
+static bool pipe_head(struct Curl_easy *data,
+ struct curl_llist *pipeline)
+{
+ if(pipeline) {
+ struct curl_llist_element *curr = pipeline->head;
+ if(curr)
+ return (curr->ptr == data) ? TRUE : FALSE;
}
+ return FALSE;
+}
+
+/* returns TRUE if the given handle is head of the recv pipe */
+bool Curl_recvpipe_head(struct Curl_easy *data,
+ struct connectdata *conn)
+{
+ return pipe_head(data, &conn->recv_pipe);
+}
- /* This might be NULL if sites == NULL, i.e the blacklist is cleared */
- *list_ptr = new_list;
+/* returns TRUE if the given handle is head of the send pipe */
+bool Curl_sendpipe_head(struct Curl_easy *data,
+ struct connectdata *conn)
+{
+ return pipe_head(data, &conn->send_pipe);
+}
- return CURLM_OK;
+
+/*
+ * Check if the write channel is available and this handle as at the head,
+ * then grab the channel and return TRUE.
+ *
+ * If not available, return FALSE.
+ */
+
+bool Curl_pipeline_checkget_write(struct Curl_easy *data,
+ struct connectdata *conn)
+{
+ if(conn->bits.multiplex)
+ /* when multiplexing, we can use it at once */
+ return TRUE;
+
+ if(!conn->writechannel_inuse && Curl_sendpipe_head(data, conn)) {
+ /* Grab the channel */
+ conn->writechannel_inuse = TRUE;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+
+/*
+ * Check if the read channel is available and this handle as at the head, then
+ * grab the channel and return TRUE.
+ *
+ * If not available, return FALSE.
+ */
+
+bool Curl_pipeline_checkget_read(struct Curl_easy *data,
+ struct connectdata *conn)
+{
+ if(conn->bits.multiplex)
+ /* when multiplexing, we can use it at once */
+ return TRUE;
+
+ if(!conn->readchannel_inuse && Curl_recvpipe_head(data, conn)) {
+ /* Grab the channel */
+ conn->readchannel_inuse = TRUE;
+ return TRUE;
+ }
+ return FALSE;
}
+/*
+ * The current user of the pipeline write channel gives it up.
+ */
+void Curl_pipeline_leave_write(struct connectdata *conn)
+{
+ conn->writechannel_inuse = FALSE;
+}
+/*
+ * The current user of the pipeline read channel gives it up.
+ */
+void Curl_pipeline_leave_read(struct connectdata *conn)
+{
+ conn->readchannel_inuse = FALSE;
+}
+
+
+#if 0
void print_pipeline(struct connectdata *conn)
{
struct curl_llist_element *curr;
struct connectbundle *cb_ptr;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
cb_ptr = conn->bundle;
@@ -331,3 +399,5 @@ void print_pipeline(struct connectdata *conn)
}
}
}
+
+#endif
diff --git a/libs/libcurl/src/pipeline.h b/libs/libcurl/src/pipeline.h
index 1df9589535..413ba31a06 100644
--- a/libs/libcurl/src/pipeline.h
+++ b/libs/libcurl/src/pipeline.h
@@ -7,11 +7,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2013, Linus Nielsen Feltzing, <linus@haxx.se>
+ * Copyright (C) 2015 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2013 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,25 +23,34 @@
*
***************************************************************************/
-CURLcode Curl_add_handle_to_pipeline(struct SessionHandle *handle,
+CURLcode Curl_add_handle_to_pipeline(struct Curl_easy *handle,
struct connectdata *conn);
-void Curl_move_handle_from_send_to_recv_pipe(struct SessionHandle *handle,
+void Curl_move_handle_from_send_to_recv_pipe(struct Curl_easy *handle,
struct connectdata *conn);
-bool Curl_pipeline_penalized(struct SessionHandle *data,
+bool Curl_pipeline_penalized(struct Curl_easy *data,
struct connectdata *conn);
-bool Curl_pipeline_site_blacklisted(struct SessionHandle *handle,
+bool Curl_pipeline_site_blacklisted(struct Curl_easy *handle,
struct connectdata *conn);
CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
- struct curl_llist **list_ptr);
+ struct curl_llist *list_ptr);
-bool Curl_pipeline_server_blacklisted(struct SessionHandle *handle,
+bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle,
char *server_name);
CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
- struct curl_llist **list_ptr);
+ struct curl_llist *list_ptr);
-void print_pipeline(struct connectdata *conn);
+bool Curl_pipeline_checkget_write(struct Curl_easy *data,
+ struct connectdata *conn);
+bool Curl_pipeline_checkget_read(struct Curl_easy *data,
+ struct connectdata *conn);
+void Curl_pipeline_leave_write(struct connectdata *conn);
+void Curl_pipeline_leave_read(struct connectdata *conn);
+bool Curl_recvpipe_head(struct Curl_easy *data,
+ struct connectdata *conn);
+bool Curl_sendpipe_head(struct Curl_easy *data,
+ struct connectdata *conn);
#endif /* HEADER_CURL_PIPELINE_H */
diff --git a/libs/libcurl/src/polarssl.c b/libs/libcurl/src/polarssl.c
deleted file mode 100644
index 808f54c243..0000000000
--- a/libs/libcurl/src/polarssl.c
+++ /dev/null
@@ -1,706 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/*
- * Source file for all PolarSSL-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- *
- */
-
-#include "curl_setup.h"
-
-#ifdef USE_POLARSSL
-
-#include <polarssl/net.h>
-#include <polarssl/ssl.h>
-#include <polarssl/certs.h>
-#include <polarssl/x509.h>
-#include <polarssl/version.h>
-
-#if POLARSSL_VERSION_NUMBER >= 0x01000000
-#include <polarssl/error.h>
-#endif /* POLARSSL_VERSION_NUMBER >= 0x01000000 */
-
-#if POLARSSL_VERSION_NUMBER>0x01010000
-#include <polarssl/entropy.h>
-#include <polarssl/ctr_drbg.h>
-#else
-#include <polarssl/havege.h>
-#endif /* POLARSSL_VERSION_NUMBER>0x01010000 */
-
-
-#if POLARSSL_VERSION_NUMBER<0x01000000
-/*
- Earlier versions of polarssl had no WANT_READ or WANT_WRITE, only TRY_AGAIN
-*/
-#define POLARSSL_ERR_NET_WANT_READ POLARSSL_ERR_NET_TRY_AGAIN
-#define POLARSSL_ERR_NET_WANT_WRITE POLARSSL_ERR_NET_TRY_AGAIN
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "inet_pton.h"
-#include "polarssl.h"
-#include "sslgen.h"
-#include "parsedate.h"
-#include "connect.h" /* for the connect timeout */
-#include "select.h"
-#include "rawstr.h"
-#include "polarssl_threadlock.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* apply threading? */
-#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
-#define THREADING_SUPPORT
-#endif
-
-#if defined(THREADING_SUPPORT) && POLARSSL_VERSION_NUMBER>0x01010000
-static entropy_context entropy;
-
-static int entropy_init_initialized = 0;
-
-/* start of entropy_init_mutex() */
-static void entropy_init_mutex(entropy_context *ctx)
-{
- /* lock 0 = entropy_init_mutex() */
- polarsslthreadlock_lock_function(0);
- if(entropy_init_initialized == 0) {
- entropy_init(ctx);
- entropy_init_initialized = 1;
- }
- polarsslthreadlock_unlock_function(0);
-}
-/* end of entropy_init_mutex() */
-
-/* start of entropy_func_mutex() */
-static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
-{
- int ret;
- /* lock 1 = entropy_func_mutex() */
- polarsslthreadlock_lock_function(1);
- ret = entropy_func(data, output, len);
- polarsslthreadlock_unlock_function(1);
-
- return ret;
-}
-/* end of entropy_func_mutex() */
-
-#endif /* THREADING_SUPPORT && POLARSSL_VERSION_NUMBER>0x01010000 */
-
-/* Define this to enable lots of debugging for PolarSSL */
-#undef POLARSSL_DEBUG
-
-#ifdef POLARSSL_DEBUG
-static void polarssl_debug(void *context, int level, char *line)
-{
- struct SessionHandle *data = NULL;
-
- if(!context)
- return;
-
- data = (struct SessionHandle *)context;
-
- infof(data, "%s\n", line);
-}
-#else
-#endif
-
-static Curl_recv polarssl_recv;
-static Curl_send polarssl_send;
-
-
-static CURLcode
-polarssl_connect_step1(struct connectdata *conn,
- int sockindex)
-{
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data* connssl = &conn->ssl[sockindex];
-
- bool sni = TRUE; /* default is SNI enabled */
- int ret = -1;
-#ifdef ENABLE_IPV6
- struct in6_addr addr;
-#else
- struct in_addr addr;
-#endif
- void *old_session = NULL;
- size_t old_session_size = 0;
-
- char errorbuf[128];
- memset(errorbuf, 0, sizeof(errorbuf));
-
-
- /* PolarSSL only supports SSLv3 and TLSv1 */
- if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
- failf(data, "PolarSSL does not support SSLv2");
- return CURLE_SSL_CONNECT_ERROR;
- }
- else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
- sni = FALSE; /* SSLv3 has no SNI */
-
-#if POLARSSL_VERSION_NUMBER<0x01010000
- havege_init(&connssl->hs);
-#else
-#ifdef THREADING_SUPPORT
- entropy_init_mutex(&entropy);
-
- if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func_mutex, &entropy,
- connssl->ssn.id, connssl->ssn.length)) != 0) {
-#ifdef POLARSSL_ERROR_C
- error_strerror(ret, errorbuf, sizeof(errorbuf));
-#endif /* POLARSSL_ERROR_C */
- failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
- -ret, errorbuf);
- }
-#else
- entropy_init(&connssl->entropy);
-
- if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy,
- connssl->ssn.id, connssl->ssn.length)) != 0) {
-#ifdef POLARSSL_ERROR_C
- error_strerror(ret, errorbuf, sizeof(errorbuf));
-#endif /* POLARSSL_ERROR_C */
- failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
- -ret, errorbuf);
- }
-#endif /* THREADING_SUPPORT */
-#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
-
- /* Load the trusted CA */
- memset(&connssl->cacert, 0, sizeof(x509_cert));
-
- if(data->set.str[STRING_SSL_CAFILE]) {
- ret = x509parse_crtfile(&connssl->cacert,
- data->set.str[STRING_SSL_CAFILE]);
-
- if(ret<0) {
-#ifdef POLARSSL_ERROR_C
- error_strerror(ret, errorbuf, sizeof(errorbuf));
-#endif /* POLARSSL_ERROR_C */
- failf(data, "Error reading ca cert file %s - PolarSSL: (-0x%04X) %s",
- data->set.str[STRING_SSL_CAFILE], -ret, errorbuf);
-
- if(data->set.ssl.verifypeer)
- return CURLE_SSL_CACERT_BADFILE;
- }
- }
-
- /* Load the client certificate */
- memset(&connssl->clicert, 0, sizeof(x509_cert));
-
- if(data->set.str[STRING_CERT]) {
- ret = x509parse_crtfile(&connssl->clicert,
- data->set.str[STRING_CERT]);
-
- if(ret) {
-#ifdef POLARSSL_ERROR_C
- error_strerror(ret, errorbuf, sizeof(errorbuf));
-#endif /* POLARSSL_ERROR_C */
- failf(data, "Error reading client cert file %s - PolarSSL: (-0x%04X) %s",
- data->set.str[STRING_CERT], -ret, errorbuf);
-
- return CURLE_SSL_CERTPROBLEM;
- }
- }
-
- /* Load the client private key */
- if(data->set.str[STRING_KEY]) {
- ret = x509parse_keyfile(&connssl->rsa,
- data->set.str[STRING_KEY],
- data->set.str[STRING_KEY_PASSWD]);
-
- if(ret) {
-#ifdef POLARSSL_ERROR_C
- error_strerror(ret, errorbuf, sizeof(errorbuf));
-#endif /* POLARSSL_ERROR_C */
- failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s",
- data->set.str[STRING_KEY], -ret, errorbuf);
-
- return CURLE_SSL_CERTPROBLEM;
- }
- }
-
- /* Load the CRL */
- memset(&connssl->crl, 0, sizeof(x509_crl));
-
- if(data->set.str[STRING_SSL_CRLFILE]) {
- ret = x509parse_crlfile(&connssl->crl,
- data->set.str[STRING_SSL_CRLFILE]);
-
- if(ret) {
-#ifdef POLARSSL_ERROR_C
- error_strerror(ret, errorbuf, sizeof(errorbuf));
-#endif /* POLARSSL_ERROR_C */
- failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",
- data->set.str[STRING_SSL_CRLFILE], -ret, errorbuf);
-
- return CURLE_SSL_CRL_BADFILE;
- }
- }
-
- infof(data, "PolarSSL: Connecting to %s:%d\n",
- conn->host.name, conn->remote_port);
-
- if(ssl_init(&connssl->ssl)) {
- failf(data, "PolarSSL: ssl_init failed");
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
- ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);
-
-#if POLARSSL_VERSION_NUMBER<0x01010000
- ssl_set_rng(&connssl->ssl, havege_rand,
- &connssl->hs);
-#else
- ssl_set_rng(&connssl->ssl, ctr_drbg_random,
- &connssl->ctr_drbg);
-#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
- ssl_set_bio(&connssl->ssl,
- net_recv, &conn->sock[sockindex],
- net_send, &conn->sock[sockindex]);
-
-
-#if POLARSSL_VERSION_NUMBER<0x01000000
- ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);
-#else
- ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);
-#endif
- if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
- memcpy(&connssl->ssn, old_session, old_session_size);
- infof(data, "PolarSSL re-using session\n");
- }
-
-/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's
- 1.1.4 version and the like */
-#if POLARSSL_VERSION_NUMBER<0x01020000
- ssl_set_session(&connssl->ssl, 1, 600,
- &connssl->ssn);
-#else
- ssl_set_session(&connssl->ssl,
- &connssl->ssn);
-#endif
-
- ssl_set_ca_chain(&connssl->ssl,
- &connssl->cacert,
- &connssl->crl,
- conn->host.name);
-
- ssl_set_own_cert(&connssl->ssl,
- &connssl->clicert, &connssl->rsa);
-
- if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&
-#ifdef ENABLE_IPV6
- !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&
-#endif
- sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {
- infof(data, "WARNING: failed to configure "
- "server name indication (SNI) TLS extension\n");
- }
-
-#ifdef POLARSSL_DEBUG
- ssl_set_dbg(&connssl->ssl, polarssl_debug, data);
-#endif
-
- connssl->connecting_state = ssl_connect_2;
-
- return CURLE_OK;
-}
-
-static CURLcode
-polarssl_connect_step2(struct connectdata *conn,
- int sockindex)
-{
- int ret;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data* connssl = &conn->ssl[sockindex];
- char buffer[1024];
-
- char errorbuf[128];
- memset(errorbuf, 0, sizeof(errorbuf));
-
- conn->recv[sockindex] = polarssl_recv;
- conn->send[sockindex] = polarssl_send;
-
- for(;;) {
- if(!(ret = ssl_handshake(&connssl->ssl)))
- break;
- else if(ret != POLARSSL_ERR_NET_WANT_READ &&
- ret != POLARSSL_ERR_NET_WANT_WRITE) {
-#ifdef POLARSSL_ERROR_C
- error_strerror(ret, errorbuf, sizeof(errorbuf));
-#endif /* POLARSSL_ERROR_C */
- failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s",
- -ret, errorbuf);
-
- return CURLE_SSL_CONNECT_ERROR;
- }
- else {
- if(ret == POLARSSL_ERR_NET_WANT_READ) {
- connssl->connecting_state = ssl_connect_2_reading;
- return CURLE_OK;
- }
- if(ret == POLARSSL_ERR_NET_WANT_WRITE) {
- connssl->connecting_state = ssl_connect_2_writing;
- return CURLE_OK;
- }
- failf(data, "SSL_connect failed with error %d.", ret);
- return CURLE_SSL_CONNECT_ERROR;
-
- }
- }
-
- infof(data, "PolarSSL: Handshake complete, cipher is %s\n",
-#if POLARSSL_VERSION_NUMBER<0x01000000
- ssl_get_cipher(&conn->ssl[sockindex].ssl)
-#elif POLARSSL_VERSION_NUMBER >= 0x01010000
- ssl_get_ciphersuite(&conn->ssl[sockindex].ssl)
-#else
- ssl_get_ciphersuite_name(&conn->ssl[sockindex].ssl)
-#endif
- );
-
- ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl);
-
- if(ret && data->set.ssl.verifypeer) {
- if(ret & BADCERT_EXPIRED)
- failf(data, "Cert verify failed: BADCERT_EXPIRED");
-
- if(ret & BADCERT_REVOKED) {
- failf(data, "Cert verify failed: BADCERT_REVOKED");
- return CURLE_SSL_CACERT;
- }
-
- if(ret & BADCERT_CN_MISMATCH)
- failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
-
- if(ret & BADCERT_NOT_TRUSTED)
- failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
-
- return CURLE_PEER_FAILED_VERIFICATION;
- }
-
-/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's
- 1.1.4 version and the like */
-#if POLARSSL_VERSION_NUMBER<0x01020000
- if(conn->ssl[sockindex].ssl.peer_cert) {
-#else
- if(ssl_get_peer_cert(&(connssl->ssl))) {
-#endif
- /* If the session was resumed, there will be no peer certs */
- memset(buffer, 0, sizeof(buffer));
-
-/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's
- 1.1.4 version and the like */
-#if POLARSSL_VERSION_NUMBER<0x01020000
- if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
- conn->ssl[sockindex].ssl.peer_cert) != -1)
-#else
- if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
- ssl_get_peer_cert(&(connssl->ssl))) != -1)
-#endif
- infof(data, "Dumping cert info:\n%s\n", buffer);
- }
-
- connssl->connecting_state = ssl_connect_3;
- infof(data, "SSL connected\n");
-
- return CURLE_OK;
-}
-
-static CURLcode
-polarssl_connect_step3(struct connectdata *conn,
- int sockindex)
-{
- CURLcode retcode = CURLE_OK;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct SessionHandle *data = conn->data;
- void *old_ssl_sessionid = NULL;
- ssl_session *our_ssl_sessionid = &conn->ssl[sockindex].ssn ;
- int incache;
-
- DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
-
- /* Save the current session data for possible re-use */
- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
- if(incache) {
- if(old_ssl_sessionid != our_ssl_sessionid) {
- infof(data, "old SSL session ID is stale, removing\n");
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
- incache = FALSE;
- }
- }
- if(!incache) {
- void *new_session = malloc(sizeof(ssl_session));
-
- if(new_session) {
- memcpy(new_session, our_ssl_sessionid,
- sizeof(ssl_session));
-
- retcode = Curl_ssl_addsessionid(conn, new_session,
- sizeof(ssl_session));
- }
- else {
- retcode = CURLE_OUT_OF_MEMORY;
- }
-
- if(retcode) {
- failf(data, "failed to store ssl session");
- return retcode;
- }
- }
-
- connssl->connecting_state = ssl_connect_done;
-
- return CURLE_OK;
-}
-
-static ssize_t polarssl_send(struct connectdata *conn,
- int sockindex,
- const void *mem,
- size_t len,
- CURLcode *curlcode)
-{
- int ret = -1;
-
- ret = ssl_write(&conn->ssl[sockindex].ssl,
- (unsigned char *)mem, len);
-
- if(ret < 0) {
- *curlcode = (ret == POLARSSL_ERR_NET_WANT_WRITE) ?
- CURLE_AGAIN : CURLE_SEND_ERROR;
- ret = -1;
- }
-
- return ret;
-}
-
-void Curl_polarssl_close_all(struct SessionHandle *data)
-{
- (void)data;
-}
-
-void Curl_polarssl_close(struct connectdata *conn, int sockindex)
-{
- rsa_free(&conn->ssl[sockindex].rsa);
- x509_free(&conn->ssl[sockindex].clicert);
- x509_free(&conn->ssl[sockindex].cacert);
- x509_crl_free(&conn->ssl[sockindex].crl);
- ssl_free(&conn->ssl[sockindex].ssl);
-}
-
-static ssize_t polarssl_recv(struct connectdata *conn,
- int num,
- char *buf,
- size_t buffersize,
- CURLcode *curlcode)
-{
- int ret = -1;
- ssize_t len = -1;
-
- memset(buf, 0, buffersize);
- ret = ssl_read(&conn->ssl[num].ssl, (unsigned char *)buf, buffersize);
-
- if(ret <= 0) {
- if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
- return 0;
-
- *curlcode = (ret == POLARSSL_ERR_NET_WANT_READ) ?
- CURLE_AGAIN : CURLE_RECV_ERROR;
- return -1;
- }
-
- len = ret;
-
- return len;
-}
-
-void Curl_polarssl_session_free(void *ptr)
-{
- free(ptr);
-}
-
-size_t Curl_polarssl_version(char *buffer, size_t size)
-{
- unsigned int version = version_get_number();
- return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24,
- (version>>16)&0xff, (version>>8)&0xff);
-}
-
-static CURLcode
-polarssl_connect_common(struct connectdata *conn,
- int sockindex,
- bool nonblocking,
- bool *done)
-{
- CURLcode retcode;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- curl_socket_t sockfd = conn->sock[sockindex];
- long timeout_ms;
- int what;
-
- /* check if the connection has already been established */
- if(ssl_connection_complete == connssl->state) {
- *done = TRUE;
- return CURLE_OK;
- }
-
- if(ssl_connect_1==connssl->connecting_state) {
- /* Find out how much more time we're allowed */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
- retcode = polarssl_connect_step1(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- while(ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state) {
-
- /* check allowed time left */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- /* if ssl is expecting something, check if it's available. */
- if(connssl->connecting_state == ssl_connect_2_reading
- || connssl->connecting_state == ssl_connect_2_writing) {
-
- curl_socket_t writefd = ssl_connect_2_writing==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
- curl_socket_t readfd = ssl_connect_2_reading==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
-
- what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
- if(what < 0) {
- /* fatal error */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- return CURLE_SSL_CONNECT_ERROR;
- }
- else if(0 == what) {
- if(nonblocking) {
- *done = FALSE;
- return CURLE_OK;
- }
- else {
- /* timeout */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
- }
- /* socket is readable or writable */
- }
-
- /* Run transaction, and return to the caller if it failed or if
- * this connection is part of a multi handle and this loop would
- * execute again. This permits the owner of a multi handle to
- * abort a connection attempt before step2 has completed while
- * ensuring that a client using select() or epoll() will always
- * have a valid fdset to wait on.
- */
- retcode = polarssl_connect_step2(conn, sockindex);
- if(retcode || (nonblocking &&
- (ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state)))
- return retcode;
-
- } /* repeat step2 until all transactions are done. */
-
- if(ssl_connect_3==connssl->connecting_state) {
- retcode = polarssl_connect_step3(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- if(ssl_connect_done==connssl->connecting_state) {
- connssl->state = ssl_connection_complete;
- conn->recv[sockindex] = polarssl_recv;
- conn->send[sockindex] = polarssl_send;
- *done = TRUE;
- }
- else
- *done = FALSE;
-
- /* Reset our connect state machine */
- connssl->connecting_state = ssl_connect_1;
-
- return CURLE_OK;
-}
-
-CURLcode
-Curl_polarssl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done)
-{
- return polarssl_connect_common(conn, sockindex, TRUE, done);
-}
-
-
-CURLcode
-Curl_polarssl_connect(struct connectdata *conn,
- int sockindex)
-{
- CURLcode retcode;
- bool done = FALSE;
-
- retcode = polarssl_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- return retcode;
-
- DEBUGASSERT(done);
-
- return CURLE_OK;
-}
-
-/*
- * return 0 error initializing SSL
- * return 1 SSL initialized successfully
- */
-int polarssl_init(void)
-{
- return polarsslthreadlock_thread_setup();
-}
-
-void polarssl_cleanup(void)
-{
- (void)polarsslthreadlock_thread_cleanup();
-}
-
-#endif /* USE_POLARSSL */
diff --git a/libs/libcurl/src/polarssl.h b/libs/libcurl/src/polarssl.h
deleted file mode 100644
index af3b28b89a..0000000000
--- a/libs/libcurl/src/polarssl.h
+++ /dev/null
@@ -1,67 +0,0 @@
-#ifndef HEADER_CURL_POLARSSL_H
-#define HEADER_CURL_POLARSSL_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-#ifdef USE_POLARSSL
-
-/* Called on first use PolarSSL, setup threading if supported */
-int polarssl_init(void);
-void polarssl_cleanup(void);
-
-
-CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex);
-
-CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-
-/* tell PolarSSL to close down all open information regarding connections (and
- thus session ID caching etc) */
-void Curl_polarssl_close_all(struct SessionHandle *data);
-
- /* close a SSL connection */
-void Curl_polarssl_close(struct connectdata *conn, int sockindex);
-
-void Curl_polarssl_session_free(void *ptr);
-size_t Curl_polarssl_version(char *buffer, size_t size);
-int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex);
-
-/* API setup for PolarSSL */
-#define curlssl_init() polarssl_init()
-#define curlssl_cleanup() polarssl_cleanup()
-#define curlssl_connect Curl_polarssl_connect
-#define curlssl_connect_nonblocking Curl_polarssl_connect_nonblocking
-#define curlssl_session_free(x) Curl_polarssl_session_free(x)
-#define curlssl_close_all Curl_polarssl_close_all
-#define curlssl_close Curl_polarssl_close
-#define curlssl_shutdown(x,y) 0
-#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
-#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
-#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
-#define curlssl_version Curl_polarssl_version
-#define curlssl_check_cxn(x) (x=x, -1)
-#define curlssl_data_pending(x,y) (x=x, y=y, 0)
-
-#endif /* USE_POLARSSL */
-#endif /* HEADER_CURL_POLARSSL_H */
diff --git a/libs/libcurl/src/pop3.c b/libs/libcurl/src/pop3.c
index a771933840..5792a4a6fd 100644
--- a/libs/libcurl/src/pop3.c
+++ b/libs/libcurl/src/pop3.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -27,8 +27,10 @@
* RFC2831 DIGEST-MD5 authentication
* RFC4422 Simple Authentication and Security Layer (SASL)
* RFC4616 PLAIN authentication
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
* RFC5034 POP3 SASL Authentication Mechanism
* RFC6749 OAuth 2.0 Authorization Framework
+ * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
***************************************************************************/
@@ -61,7 +63,6 @@
#include <curl/curl.h>
#include "urldata.h"
#include "sendf.h"
-#include "if2ip.h"
#include "hostip.h"
#include "progress.h"
#include "transfer.h"
@@ -69,25 +70,20 @@
#include "http.h" /* for HTTP proxy tunnel stuff */
#include "socks.h"
#include "pop3.h"
-
#include "strtoofft.h"
-#include "strequal.h"
-#include "sslgen.h"
+#include "strcase.h"
+#include "vtls/vtls.h"
#include "connect.h"
#include "strerror.h"
#include "select.h"
#include "multiif.h"
#include "url.h"
-#include "rawstr.h"
#include "curl_sasl.h"
#include "curl_md5.h"
#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/* Local API functions */
@@ -105,6 +101,10 @@ static CURLcode pop3_setup_connection(struct connectdata *conn);
static CURLcode pop3_parse_url_options(struct connectdata *conn);
static CURLcode pop3_parse_url_path(struct connectdata *conn);
static CURLcode pop3_parse_custom_request(struct connectdata *conn);
+static CURLcode pop3_perform_auth(struct connectdata *conn, const char *mech,
+ const char *initresp);
+static CURLcode pop3_continue_auth(struct connectdata *conn, const char *resp);
+static void pop3_get_message(char *buffer, char **outptr);
/*
* POP3 protocol handler.
@@ -125,9 +125,11 @@ const struct Curl_handler Curl_handler_pop3 = {
ZERO_NULL, /* perform_getsock */
pop3_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_POP3, /* defport */
CURLPROTO_POP3, /* protocol */
- PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
+ PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY | /* flags */
+ PROTOPT_URLOPTIONS
};
#ifdef USE_SSL
@@ -150,69 +152,33 @@ const struct Curl_handler Curl_handler_pop3s = {
ZERO_NULL, /* perform_getsock */
pop3_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_POP3S, /* defport */
- CURLPROTO_POP3 | CURLPROTO_POP3S, /* protocol */
+ CURLPROTO_POP3S, /* protocol */
PROTOPT_CLOSEACTION | PROTOPT_SSL
- | PROTOPT_NOURLQUERY /* flags */
+ | PROTOPT_NOURLQUERY | PROTOPT_URLOPTIONS /* flags */
};
#endif
-#ifndef CURL_DISABLE_HTTP
-/*
- * HTTP-proxyed POP3 protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_pop3_proxy = {
- "POP3", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_POP3, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
+/* SASL parameters for the pop3 protocol */
+static const struct SASLproto saslpop3 = {
+ "pop", /* The service name */
+ '*', /* Code received when continuation is expected */
+ '+', /* Code to receive upon authentication success */
+ 255 - 8, /* Maximum initial response length (no max) */
+ pop3_perform_auth, /* Send authentication command */
+ pop3_continue_auth, /* Send authentication continuation */
+ pop3_get_message /* Get SASL response message */
};
#ifdef USE_SSL
-/*
- * HTTP-proxyed POP3S protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_pop3s_proxy = {
- "POP3S", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_POP3S, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
-};
-#endif
-#endif
-
-#ifdef USE_SSL
static void pop3_to_pop3s(struct connectdata *conn)
{
+ /* Change the connection handler */
conn->handler = &Curl_handler_pop3s;
+
+ /* Set the connection's upgraded to TLS flag */
+ conn->tls_upgraded = TRUE;
}
#else
#define pop3_to_pop3s(x) Curl_nop_stmt
@@ -231,8 +197,6 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len,
int *resp)
{
struct pop3_conn *pop3c = &conn->proto.pop3c;
- size_t wordlen;
- size_t i;
/* Do we have an error response? */
if(len >= 4 && !memcmp("-ERR", line, 4)) {
@@ -241,112 +205,63 @@ static bool pop3_endofresp(struct connectdata *conn, char *line, size_t len,
return TRUE;
}
- /* Are we processing servergreet responses? */
- if(pop3c->state == POP3_SERVERGREET) {
- /* Look for the APOP timestamp */
- if(len >= 3 && line[len - 3] == '>') {
- for(i = 0; i < len - 3; ++i) {
- if(line[i] == '<') {
- /* Calculate the length of the timestamp */
- size_t timestamplen = len - 2 - i;
-
- /* Allocate some memory for the timestamp */
- pop3c->apoptimestamp = (char *)calloc(1, timestamplen + 1);
-
- if(!pop3c->apoptimestamp)
- break;
-
- /* Copy the timestamp */
- memcpy(pop3c->apoptimestamp, line + i, timestamplen);
- pop3c->apoptimestamp[timestamplen] = '\0';
- break;
- }
- }
- }
- }
/* Are we processing CAPA command responses? */
- else if(pop3c->state == POP3_CAPA) {
+ if(pop3c->state == POP3_CAPA) {
/* Do we have the terminating line? */
- if(len >= 1 && !memcmp(line, ".", 1)) {
+ if(len >= 1 && !memcmp(line, ".", 1))
+ /* Treat the response as a success */
*resp = '+';
+ else
+ /* Treat the response as an untagged continuation */
+ *resp = '*';
- return TRUE;
- }
-
- /* Does the server support the STLS capability? */
- if(len >= 4 && !memcmp(line, "STLS", 4))
- pop3c->tls_supported = TRUE;
-
- /* Does the server support clear text authentication? */
- else if(len >= 4 && !memcmp(line, "USER", 4))
- pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
-
- /* Does the server support APOP authentication? */
- else if(len >= 4 && !memcmp(line, "APOP", 4))
- pop3c->authtypes |= POP3_TYPE_APOP;
-
- /* Does the server support SASL based authentication? */
- else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
- pop3c->authtypes |= POP3_TYPE_SASL;
-
- /* Advance past the SASL keyword */
- line += 5;
- len -= 5;
+ return TRUE;
+ }
- /* Loop through the data line */
- for(;;) {
- while(len &&
- (*line == ' ' || *line == '\t' ||
- *line == '\r' || *line == '\n')) {
+ /* Do we have a success response? */
+ if(len >= 3 && !memcmp("+OK", line, 3)) {
+ *resp = '+';
- line++;
- len--;
- }
+ return TRUE;
+ }
- if(!len)
- break;
+ /* Do we have a continuation response? */
+ if(len >= 1 && !memcmp("+", line, 1)) {
+ *resp = '*';
- /* Extract the word */
- for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
- line[wordlen] != '\t' && line[wordlen] != '\r' &&
- line[wordlen] != '\n';)
- wordlen++;
+ return TRUE;
+ }
- /* Test the word for a matching authentication mechanism */
- if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
- pop3c->authmechs |= SASL_MECH_LOGIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
- pop3c->authmechs |= SASL_MECH_PLAIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
- pop3c->authmechs |= SASL_MECH_CRAM_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
- pop3c->authmechs |= SASL_MECH_DIGEST_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
- pop3c->authmechs |= SASL_MECH_GSSAPI;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
- pop3c->authmechs |= SASL_MECH_EXTERNAL;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
- pop3c->authmechs |= SASL_MECH_NTLM;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
- pop3c->authmechs |= SASL_MECH_XOAUTH2;
+ return FALSE; /* Nothing for us */
+}
- line += wordlen;
- len -= wordlen;
- }
- }
+/***********************************************************************
+ *
+ * pop3_get_message()
+ *
+ * Gets the authentication message from the response buffer.
+ */
+static void pop3_get_message(char *buffer, char **outptr)
+{
+ size_t len = 0;
+ char *message = NULL;
- return FALSE;
- }
+ /* Find the start of the message */
+ for(message = buffer + 2; *message == ' ' || *message == '\t'; message++)
+ ;
- /* Do we have a command or continuation response? */
- if((len >= 3 && !memcmp("+OK", line, 3)) ||
- (len >= 1 && !memcmp("+", line, 1))) {
- *resp = '+';
+ /* Find the end of the message */
+ for(len = strlen(message); len--;)
+ if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+ message[len] != '\t')
+ break;
- return TRUE;
+ /* Terminate the message */
+ if(++len) {
+ message[len] = '\0';
}
- return FALSE; /* Nothing for us */
+ *outptr = message;
}
/***********************************************************************
@@ -366,16 +281,7 @@ static void state(struct connectdata *conn, pop3state newstate)
"CAPA",
"STARTTLS",
"UPGRADETLS",
- "AUTH_PLAIN",
- "AUTH_LOGIN",
- "AUTH_LOGIN_PASSWD",
- "AUTH_CRAMMD5",
- "AUTH_DIGESTMD5",
- "AUTH_DIGESTMD5_RESP",
- "AUTH_NTLM",
- "AUTH_NTLM_TYPE2MSG",
- "AUTH_XOAUTH2",
- "AUTH_FINAL",
+ "AUTH",
"APOP",
"USER",
"PASS",
@@ -404,9 +310,9 @@ static CURLcode pop3_perform_capa(struct connectdata *conn)
CURLcode result = CURLE_OK;
struct pop3_conn *pop3c = &conn->proto.pop3c;
- pop3c->authmechs = 0; /* No known authentication mechanisms yet */
- pop3c->authused = 0; /* Clear the authentication mechanism used */
- pop3c->tls_supported = FALSE; /* Clear the TLS capability */
+ pop3c->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanisms yet */
+ pop3c->sasl.authused = SASL_AUTH_NONE; /* Clear the auth. mechanism used */
+ pop3c->tls_supported = FALSE; /* Clear the TLS capability */
/* Send the CAPA command */
result = Curl_pp_sendf(&pop3c->pp, "%s", "CAPA");
@@ -543,131 +449,82 @@ static CURLcode pop3_perform_apop(struct connectdata *conn)
/***********************************************************************
*
- * pop3_perform_authenticate()
+ * pop3_perform_auth()
+ *
+ * Sends an AUTH command allowing the client to login with the given SASL
+ * authentication mechanism.
+ */
+static CURLcode pop3_perform_auth(struct connectdata *conn,
+ const char *mech,
+ const char *initresp)
+{
+ CURLcode result = CURLE_OK;
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+ if(initresp) { /* AUTH <mech> ...<crlf> */
+ /* Send the AUTH command with the initial response */
+ result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
+ }
+ else {
+ /* Send the AUTH command */
+ result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);
+ }
+
+ return result;
+}
+
+/***********************************************************************
*
- * Sends an AUTH command allowing the client to login with the appropriate
- * SASL authentication mechanism.
+ * pop3_continue_auth()
*
- * Additionally, the function will perform fallback to APOP and USER commands
- * should a common mechanism not be available between the client and server.
+ * Sends SASL continuation data or cancellation.
*/
-static CURLcode pop3_perform_authenticate(struct connectdata *conn)
+static CURLcode pop3_continue_auth(struct connectdata *conn,
+ const char *resp)
+{
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+ return Curl_pp_sendf(&pop3c->pp, "%s", resp);
+}
+
+/***********************************************************************
+ *
+ * pop3_perform_authentication()
+ *
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism, falling back to APOP and clear text should a
+ * common mechanism not be available between the client and server.
+ */
+static CURLcode pop3_perform_authentication(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
struct pop3_conn *pop3c = &conn->proto.pop3c;
- const char *mech = NULL;
- char *initresp = NULL;
- size_t len = 0;
- pop3state state1 = POP3_STOP;
- pop3state state2 = POP3_STOP;
+ saslprogress progress = SASL_IDLE;
- /* Check we have a username and password to authenticate with and end the
+ /* Check we have enough data to authenticate with and end the
connect phase if we don't */
- if(!conn->bits.user_passwd) {
+ if(!Curl_sasl_can_authenticate(&pop3c->sasl, conn)) {
state(conn, POP3_STOP);
-
return result;
}
- /* Calculate the supported authentication mechanism by decreasing order of
- security */
- if(pop3c->authtypes & POP3_TYPE_SASL) {
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- if((pop3c->authmechs & SASL_MECH_DIGEST_MD5) &&
- (pop3c->prefmech & SASL_MECH_DIGEST_MD5)) {
- mech = SASL_MECH_STRING_DIGEST_MD5;
- state1 = POP3_AUTH_DIGESTMD5;
- pop3c->authused = SASL_MECH_DIGEST_MD5;
- }
- else if((pop3c->authmechs & SASL_MECH_CRAM_MD5) &&
- (pop3c->prefmech & SASL_MECH_CRAM_MD5)) {
- mech = SASL_MECH_STRING_CRAM_MD5;
- state1 = POP3_AUTH_CRAMMD5;
- pop3c->authused = SASL_MECH_CRAM_MD5;
- }
- else
-#endif
-#ifdef USE_NTLM
- if((pop3c->authmechs & SASL_MECH_NTLM) &&
- (pop3c->prefmech & SASL_MECH_NTLM)) {
- mech = SASL_MECH_STRING_NTLM;
- state1 = POP3_AUTH_NTLM;
- state2 = POP3_AUTH_NTLM_TYPE2MSG;
- pop3c->authused = SASL_MECH_NTLM;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &initresp, &len);
- }
- else
-#endif
- if(((pop3c->authmechs & SASL_MECH_XOAUTH2) &&
- (pop3c->prefmech & SASL_MECH_XOAUTH2) &&
- (pop3c->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
- mech = SASL_MECH_STRING_XOAUTH2;
- state1 = POP3_AUTH_XOAUTH2;
- state2 = POP3_AUTH_FINAL;
- pop3c->authused = SASL_MECH_XOAUTH2;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &initresp, &len);
- }
- else if((pop3c->authmechs & SASL_MECH_LOGIN) &&
- (pop3c->prefmech & SASL_MECH_LOGIN)) {
- mech = SASL_MECH_STRING_LOGIN;
- state1 = POP3_AUTH_LOGIN;
- state2 = POP3_AUTH_LOGIN_PASSWD;
- pop3c->authused = SASL_MECH_LOGIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_login_message(conn->data, conn->user,
- &initresp, &len);
- }
- else if((pop3c->authmechs & SASL_MECH_PLAIN) &&
- (pop3c->prefmech & SASL_MECH_PLAIN)) {
- mech = SASL_MECH_STRING_PLAIN;
- state1 = POP3_AUTH_PLAIN;
- state2 = POP3_AUTH_FINAL;
- pop3c->authused = SASL_MECH_PLAIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_plain_message(conn->data, conn->user,
- conn->passwd, &initresp,
- &len);
- }
- }
-
- if(!result) {
- if(mech && (pop3c->preftype & POP3_TYPE_SASL)) {
- /* Perform SASL based authentication */
- if(initresp &&
- 8 + strlen(mech) + len <= 255) { /* AUTH <mech> ...<crlf> */
- result = Curl_pp_sendf(&pop3c->pp, "AUTH %s %s", mech, initresp);
-
- if(!result)
- state(conn, state2);
- }
- else {
- result = Curl_pp_sendf(&pop3c->pp, "AUTH %s", mech);
+ if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_SASL) {
+ /* Calculate the SASL login details */
+ result = Curl_sasl_start(&pop3c->sasl, conn, FALSE, &progress);
- if(!result)
- state(conn, state1);
- }
+ if(!result)
+ if(progress == SASL_INPROGRESS)
+ state(conn, POP3_AUTH);
+ }
- Curl_safefree(initresp);
- }
+ if(!result && progress == SASL_IDLE) {
#ifndef CURL_DISABLE_CRYPTO_AUTH
- else if((pop3c->authtypes & POP3_TYPE_APOP) &&
- (pop3c->preftype & POP3_TYPE_APOP))
+ if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_APOP)
/* Perform APOP authentication */
result = pop3_perform_apop(conn);
+ else
#endif
- else if((pop3c->authtypes & POP3_TYPE_CLEARTEXT) &&
- (pop3c->preftype & POP3_TYPE_CLEARTEXT))
+ if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_CLEARTEXT)
/* Perform clear text authentication */
result = pop3_perform_user(conn);
else {
@@ -689,7 +546,7 @@ static CURLcode pop3_perform_authenticate(struct connectdata *conn)
static CURLcode pop3_perform_command(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct POP3 *pop3 = data->req.protop;
const char *command = NULL;
@@ -745,442 +602,202 @@ static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(pop3code != '+') {
- failf(data, "Got unexpected pop3-server response");
- result = CURLE_FTP_WEIRD_SERVER_REPLY;
- }
- else
- result = pop3_perform_capa(conn);
-
- return result;
-}
-
-/* For CAPA responses */
-static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct pop3_conn *pop3c = &conn->proto.pop3c;
-
- (void)instate; /* no use for this yet */
-
- if(pop3code != '+')
- result = pop3_perform_user(conn);
- else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
- /* We don't have a SSL/TLS connection yet, but SSL is requested */
- if(pop3c->tls_supported)
- /* Switch to TLS connection now */
- result = pop3_perform_starttls(conn);
- else if(data->set.use_ssl == CURLUSESSL_TRY)
- /* Fallback and carry on with authentication */
- result = pop3_perform_authenticate(conn);
- else {
- failf(data, "STLS not supported.");
- result = CURLE_USE_SSL_FAILED;
- }
- }
- else
- result = pop3_perform_authenticate(conn);
-
- return result;
-}
-
-/* For STARTTLS responses */
-static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(pop3code != '+') {
- if(data->set.use_ssl != CURLUSESSL_TRY) {
- failf(data, "STARTTLS denied. %c", pop3code);
- result = CURLE_USE_SSL_FAILED;
- }
- else
- result = pop3_perform_authenticate(conn);
- }
- else
- result = pop3_perform_upgrade_tls(conn);
-
- return result;
-}
-
-/* For AUTH PLAIN (without initial response) responses */
-static CURLcode pop3_state_auth_plain_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *plainauth = NULL;
+ const char *line = data->state.buffer;
+ size_t len = strlen(line);
+ size_t i;
(void)instate; /* no use for this yet */
if(pop3code != '+') {
- failf(data, "Access denied. %c", pop3code);
- result = CURLE_LOGIN_DENIED;
+ failf(data, "Got unexpected pop3-server response");
+ result = CURLE_WEIRD_SERVER_REPLY;
}
else {
- /* Create the authorisation message */
- result = Curl_sasl_create_plain_message(data, conn->user, conn->passwd,
- &plainauth, &len);
-
- /* Send the message */
- if(!result) {
- if(plainauth) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", plainauth);
-
- if(!result)
- state(conn, POP3_AUTH_FINAL);
- }
-
- Curl_safefree(plainauth);
- }
- }
-
- return result;
-}
-
-/* For AUTH LOGIN (without initial response) responses */
-static CURLcode pop3_state_auth_login_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *authuser = NULL;
+ /* Does the server support APOP authentication? */
+ if(len >= 4 && line[len - 2] == '>') {
+ /* Look for the APOP timestamp */
+ for(i = 3; i < len - 2; ++i) {
+ if(line[i] == '<') {
+ /* Calculate the length of the timestamp */
+ size_t timestamplen = len - 1 - i;
+ if(!timestamplen)
+ break;
- (void)instate; /* no use for this yet */
+ /* Allocate some memory for the timestamp */
+ pop3c->apoptimestamp = (char *)calloc(1, timestamplen + 1);
- if(pop3code != '+') {
- failf(data, "Access denied: %d", pop3code);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the user message */
- result = Curl_sasl_create_login_message(data, conn->user,
- &authuser, &len);
+ if(!pop3c->apoptimestamp)
+ break;
- /* Send the user */
- if(!result) {
- if(authuser) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authuser);
+ /* Copy the timestamp */
+ memcpy(pop3c->apoptimestamp, line + i, timestamplen);
+ pop3c->apoptimestamp[timestamplen] = '\0';
- if(!result)
- state(conn, POP3_AUTH_LOGIN_PASSWD);
+ /* Store the APOP capability */
+ pop3c->authtypes |= POP3_TYPE_APOP;
+ break;
+ }
}
-
- Curl_safefree(authuser);
}
- }
- return result;
-}
-
-/* For AUTH LOGIN user entry responses */
-static CURLcode pop3_state_auth_login_password_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *authpasswd = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(pop3code != '+') {
- failf(data, "Access denied: %d", pop3code);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the password message */
- result = Curl_sasl_create_login_message(data, conn->passwd,
- &authpasswd, &len);
-
- /* Send the password */
- if(!result) {
- if(authpasswd) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", authpasswd);
-
- if(!result)
- state(conn, POP3_AUTH_FINAL);
- }
-
- Curl_safefree(authpasswd);
- }
+ result = pop3_perform_capa(conn);
}
return result;
}
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-/* For AUTH CRAM-MD5 responses */
-static CURLcode pop3_state_auth_cram_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
+/* For CAPA responses */
+static CURLcode pop3_state_capa_resp(struct connectdata *conn, int pop3code,
+ pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *chlg64 = data->state.buffer;
- size_t len = 0;
- char *rplyb64 = NULL;
+ struct Curl_easy *data = conn->data;
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+ const char *line = data->state.buffer;
+ size_t len = strlen(line);
+ size_t wordlen;
(void)instate; /* no use for this yet */
- if(pop3code != '+') {
- failf(data, "Access denied: %d", pop3code);
- return CURLE_LOGIN_DENIED;
- }
-
- /* Get the challenge */
- for(chlg64 += 2; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
- ;
-
- /* Terminate the challenge */
- if(*chlg64 != '=') {
- for(len = strlen(chlg64); len--;)
- if(chlg64[len] != '\r' && chlg64[len] != '\n' && chlg64[len] != ' ' &&
- chlg64[len] != '\t')
- break;
-
- if(++len) {
- chlg64[len] = '\0';
- }
- }
-
- /* Create the response message */
- result = Curl_sasl_create_cram_md5_message(data, chlg64, conn->user,
- conn->passwd, &rplyb64, &len);
-
- /* Send the response */
- if(!result) {
- if(rplyb64) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
+ /* Do we have a untagged continuation response? */
+ if(pop3code == '*') {
+ /* Does the server support the STLS capability? */
+ if(len >= 4 && !memcmp(line, "STLS", 4))
+ pop3c->tls_supported = TRUE;
- if(!result)
- state(conn, POP3_AUTH_FINAL);
- }
+ /* Does the server support clear text authentication? */
+ else if(len >= 4 && !memcmp(line, "USER", 4))
+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
- Curl_safefree(rplyb64);
- }
+ /* Does the server support SASL based authentication? */
+ else if(len >= 5 && !memcmp(line, "SASL ", 5)) {
+ pop3c->authtypes |= POP3_TYPE_SASL;
- return result;
-}
+ /* Advance past the SASL keyword */
+ line += 5;
+ len -= 5;
-/* For AUTH DIGEST-MD5 challenge responses */
-static CURLcode pop3_state_auth_digest_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *chlg64 = data->state.buffer;
- size_t len = 0;
- char *rplyb64 = NULL;
+ /* Loop through the data line */
+ for(;;) {
+ size_t llen;
+ unsigned int mechbit;
- (void)instate; /* no use for this yet */
+ while(len &&
+ (*line == ' ' || *line == '\t' ||
+ *line == '\r' || *line == '\n')) {
- if(pop3code != '+') {
- failf(data, "Access denied: %d", pop3code);
- return CURLE_LOGIN_DENIED;
- }
+ line++;
+ len--;
+ }
- /* Get the challenge */
- for(chlg64 += 2; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
- ;
+ if(!len)
+ break;
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, chlg64, conn->user,
- conn->passwd, "pop",
- &rplyb64, &len);
+ /* Extract the word */
+ for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
+ line[wordlen] != '\t' && line[wordlen] != '\r' &&
+ line[wordlen] != '\n';)
+ wordlen++;
- /* Send the response */
- if(!result) {
- if(rplyb64) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", rplyb64);
+ /* Test the word for a matching authentication mechanism */
+ mechbit = Curl_sasl_decode_mech(line, wordlen, &llen);
+ if(mechbit && llen == wordlen)
+ pop3c->sasl.authmechs |= mechbit;
- if(!result)
- state(conn, POP3_AUTH_DIGESTMD5_RESP);
+ line += wordlen;
+ len -= wordlen;
+ }
}
-
- Curl_safefree(rplyb64);
}
-
- return result;
-}
-
-/* For AUTH DIGEST-MD5 challenge-response responses */
-static CURLcode pop3_state_auth_digest_resp_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(pop3code != '+') {
- failf(data, "Authentication failed: %d", pop3code);
- result = CURLE_LOGIN_DENIED;
+ else if(pop3code == '+') {
+ if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+ /* We don't have a SSL/TLS connection yet, but SSL is requested */
+ if(pop3c->tls_supported)
+ /* Switch to TLS connection now */
+ result = pop3_perform_starttls(conn);
+ else if(data->set.use_ssl == CURLUSESSL_TRY)
+ /* Fallback and carry on with authentication */
+ result = pop3_perform_authentication(conn);
+ else {
+ failf(data, "STLS not supported.");
+ result = CURLE_USE_SSL_FAILED;
+ }
+ }
+ else
+ result = pop3_perform_authentication(conn);
}
else {
- /* Send an empty response */
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "");
+ /* Clear text is supported when CAPA isn't recognised */
+ pop3c->authtypes |= POP3_TYPE_CLEARTEXT;
- if(!result)
- state(conn, POP3_AUTH_FINAL);
+ result = pop3_perform_authentication(conn);
}
return result;
}
-#endif
-#ifdef USE_NTLM
-/* For AUTH NTLM (without initial response) responses */
-static CURLcode pop3_state_auth_ntlm_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
+/* For STARTTLS responses */
+static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
+ int pop3code,
+ pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *type1msg = NULL;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
if(pop3code != '+') {
- failf(data, "Access denied: %d", pop3code);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the type-1 message */
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &type1msg, &len);
-
- /* Send the message */
- if(!result) {
- if(type1msg) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", type1msg);
-
- if(!result)
- state(conn, POP3_AUTH_NTLM_TYPE2MSG);
- }
-
- Curl_safefree(type1msg);
+ if(data->set.use_ssl != CURLUSESSL_TRY) {
+ failf(data, "STARTTLS denied");
+ result = CURLE_USE_SSL_FAILED;
}
+ else
+ result = pop3_perform_authentication(conn);
}
+ else
+ result = pop3_perform_upgrade_tls(conn);
return result;
}
-/* For NTLM type-2 responses (sent in reponse to our type-1 message) */
-static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
+/* For SASL authentication responses */
+static CURLcode pop3_state_auth_resp(struct connectdata *conn,
+ int pop3code,
+ pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *type3msg = NULL;
+ struct Curl_easy *data = conn->data;
+ struct pop3_conn *pop3c = &conn->proto.pop3c;
+ saslprogress progress;
(void)instate; /* no use for this yet */
- if(pop3code != '+') {
- failf(data, "Access denied: %d", pop3code);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the type-3 message */
- result = Curl_sasl_create_ntlm_type3_message(data,
- data->state.buffer + 2,
- conn->user, conn->passwd,
- &conn->ntlm,
- &type3msg, &len);
-
- /* Send the message */
- if(!result) {
- if(type3msg) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", type3msg);
-
- if(!result)
- state(conn, POP3_AUTH_FINAL);
- }
-
- Curl_safefree(type3msg);
- }
- }
-
- return result;
-}
+ result = Curl_sasl_continue(&pop3c->sasl, conn, pop3code, &progress);
+ if(!result)
+ switch(progress) {
+ case SASL_DONE:
+ state(conn, POP3_STOP); /* Authenticated */
+ break;
+ case SASL_IDLE: /* No mechanism left after cancellation */
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+ if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_APOP)
+ /* Perform APOP authentication */
+ result = pop3_perform_apop(conn);
+ else
#endif
-
-/* For AUTH XOAUTH2 (without initial response) responses */
-static CURLcode pop3_state_auth_xoauth2_resp(struct connectdata *conn,
- int pop3code, pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *xoauth = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(pop3code != '+') {
- failf(data, "Access denied: %d", pop3code);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the authorisation message */
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &xoauth, &len);
-
- /* Send the message */
- if(!result) {
- if(xoauth) {
- result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", xoauth);
-
- if(!result)
- state(conn, POP3_AUTH_FINAL);
+ if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_CLEARTEXT)
+ /* Perform clear text authentication */
+ result = pop3_perform_user(conn);
+ else {
+ failf(data, "Authentication cancelled");
+ result = CURLE_LOGIN_DENIED;
}
-
- Curl_safefree(xoauth);
+ break;
+ default:
+ break;
}
- }
-
- return result;
-}
-
-/* For final responses to the AUTH sequence */
-static CURLcode pop3_state_auth_final_resp(struct connectdata *conn,
- int pop3code,
- pop3state instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(pop3code != '+') {
- failf(data, "Authentication failed: %d", pop3code);
- result = CURLE_LOGIN_DENIED;
- }
- else
- /* End of connect phase */
- state(conn, POP3_STOP);
return result;
}
@@ -1191,7 +808,7 @@ static CURLcode pop3_state_apop_resp(struct connectdata *conn, int pop3code,
pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
@@ -1212,7 +829,7 @@ static CURLcode pop3_state_user_resp(struct connectdata *conn, int pop3code,
pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
@@ -1235,7 +852,7 @@ static CURLcode pop3_state_pass_resp(struct connectdata *conn, int pop3code,
pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
@@ -1256,7 +873,7 @@ static CURLcode pop3_state_command_resp(struct connectdata *conn,
pop3state instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct POP3 *pop3 = data->req.protop;
struct pop3_conn *pop3c = &conn->proto.pop3c;
struct pingpong *pp = &pop3c->pp;
@@ -1324,12 +941,15 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
if(pp->sendleft)
return Curl_pp_flushsend(pp);
- /* Read the response from the server */
- result = Curl_pp_readresp(sock, pp, &pop3code, &nread);
- if(result)
- return result;
+ do {
+ /* Read the response from the server */
+ result = Curl_pp_readresp(sock, pp, &pop3code, &nread);
+ if(result)
+ return result;
+
+ if(!pop3code)
+ break;
- if(pop3code) {
/* We have now received a full POP3 server response */
switch(pop3c->state) {
case POP3_SERVERGREET:
@@ -1344,50 +964,8 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
result = pop3_state_starttls_resp(conn, pop3code, pop3c->state);
break;
- case POP3_AUTH_PLAIN:
- result = pop3_state_auth_plain_resp(conn, pop3code, pop3c->state);
- break;
-
- case POP3_AUTH_LOGIN:
- result = pop3_state_auth_login_resp(conn, pop3code, pop3c->state);
- break;
-
- case POP3_AUTH_LOGIN_PASSWD:
- result = pop3_state_auth_login_password_resp(conn, pop3code,
- pop3c->state);
- break;
-
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- case POP3_AUTH_CRAMMD5:
- result = pop3_state_auth_cram_resp(conn, pop3code, pop3c->state);
- break;
-
- case POP3_AUTH_DIGESTMD5:
- result = pop3_state_auth_digest_resp(conn, pop3code, pop3c->state);
- break;
-
- case POP3_AUTH_DIGESTMD5_RESP:
- result = pop3_state_auth_digest_resp_resp(conn, pop3code, pop3c->state);
- break;
-#endif
-
-#ifdef USE_NTLM
- case POP3_AUTH_NTLM:
- result = pop3_state_auth_ntlm_resp(conn, pop3code, pop3c->state);
- break;
-
- case POP3_AUTH_NTLM_TYPE2MSG:
- result = pop3_state_auth_ntlm_type2msg_resp(conn, pop3code,
- pop3c->state);
- break;
-#endif
-
- case POP3_AUTH_XOAUTH2:
- result = pop3_state_auth_xoauth2_resp(conn, pop3code, pop3c->state);
- break;
-
- case POP3_AUTH_FINAL:
- result = pop3_state_auth_final_resp(conn, pop3code, pop3c->state);
+ case POP3_AUTH:
+ result = pop3_state_auth_resp(conn, pop3code, pop3c->state);
break;
#ifndef CURL_DISABLE_CRYPTO_AUTH
@@ -1415,7 +993,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
state(conn, POP3_STOP);
break;
}
- }
+ } while(!result && pop3c->state != POP3_STOP && Curl_pp_moredata(pp));
return result;
}
@@ -1449,12 +1027,12 @@ static CURLcode pop3_block_statemach(struct connectdata *conn)
return result;
}
-/* Allocate and initialize the POP3 struct for the current SessionHandle if
+/* Allocate and initialize the POP3 struct for the current Curl_easy if
required */
static CURLcode pop3_init(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct POP3 *pop3;
pop3 = data->req.protop = calloc(sizeof(struct POP3), 1);
@@ -1490,7 +1068,7 @@ static CURLcode pop3_connect(struct connectdata *conn, bool *done)
*done = FALSE; /* default to not done yet */
/* We always support persistent connections in POP3 */
- conn->bits.close = FALSE;
+ connkeep(conn, "POP3 default");
/* Set the default response time-out */
pp->response_time = RESP_TIMEOUT;
@@ -1500,7 +1078,7 @@ static CURLcode pop3_connect(struct connectdata *conn, bool *done)
/* Set the default preferred authentication type and mechanism */
pop3c->preftype = POP3_TYPE_ANY;
- pop3c->prefmech = SASL_AUTH_ANY;
+ Curl_sasl_init(&pop3c->sasl, &saslpop3);
/* Initialise the pingpong layer */
Curl_pp_init(pp);
@@ -1531,20 +1109,16 @@ static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
bool premature)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct POP3 *pop3 = data->req.protop;
(void)premature;
if(!pop3)
- /* When the easy handle is removed from the multi interface while libcurl
- is still trying to resolve the host name, the POP3 struct is not yet
- initialized. However, the removal action calls Curl_done() which in
- turn calls this function, so we simply return success. */
return CURLE_OK;
if(status) {
- conn->bits.close = TRUE; /* marked for closure */
+ connclose(conn, "POP3 done with bad status");
result = status; /* use the already set error code */
}
@@ -1570,12 +1144,12 @@ static CURLcode pop3_perform(struct connectdata *conn, bool *connected,
{
/* This is POP3 and no proxy */
CURLcode result = CURLE_OK;
+ struct POP3 *pop3 = conn->data->req.protop;
DEBUGF(infof(conn->data, "DO phase starts\n"));
if(conn->data->set.opt_no_body) {
/* Requested no body means no transfer */
- struct POP3 *pop3 = conn->data->req.protop;
pop3->transfer = FTPTRANSFER_INFO;
}
@@ -1634,8 +1208,7 @@ static CURLcode pop3_do(struct connectdata *conn, bool *done)
* Disconnect from an POP3 server. Cleanup protocol-specific per-connection
* resources. BLOCKING.
*/
-static CURLcode pop3_disconnect(struct connectdata *conn,
- bool dead_connection)
+static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection)
{
struct pop3_conn *pop3c = &conn->proto.pop3c;
@@ -1645,7 +1218,7 @@ static CURLcode pop3_disconnect(struct connectdata *conn,
/* The POP3 session may or may not have been allocated/setup at this
point! */
- if(!dead_connection && pop3c->pp.conn)
+ if(!dead_connection && pop3c->pp.conn && pop3c->pp.conn->bits.protoconnstart)
if(!pop3_perform_quit(conn))
(void)pop3_block_statemach(conn); /* ignore errors on QUIT */
@@ -1653,7 +1226,7 @@ static CURLcode pop3_disconnect(struct connectdata *conn,
Curl_pp_disconnect(&pop3c->pp);
/* Cleanup the SASL module */
- Curl_sasl_cleanup(conn, pop3c->authused);
+ Curl_sasl_cleanup(conn, pop3c->sasl.authused);
/* Cleanup our connection based variables */
Curl_safefree(pop3c->apoptimestamp);
@@ -1700,7 +1273,7 @@ static CURLcode pop3_regular_transfer(struct connectdata *conn,
{
CURLcode result = CURLE_OK;
bool connected = FALSE;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* Make sure size is unknown at this point */
data->req.size = -1;
@@ -1708,8 +1281,8 @@ static CURLcode pop3_regular_transfer(struct connectdata *conn,
/* Set the progress data */
Curl_pgrsSetUploadCounter(data, 0);
Curl_pgrsSetDownloadCounter(data, 0);
- Curl_pgrsSetUploadSize(data, 0);
- Curl_pgrsSetDownloadSize(data, 0);
+ Curl_pgrsSetUploadSize(data, -1);
+ Curl_pgrsSetDownloadSize(data, -1);
/* Carry out the perform */
result = pop3_perform(conn, &connected, dophase_done);
@@ -1723,36 +1296,15 @@ static CURLcode pop3_regular_transfer(struct connectdata *conn,
static CURLcode pop3_setup_connection(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* Initialise the POP3 layer */
CURLcode result = pop3_init(conn);
if(result)
return result;
- if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
- /* Unless we have asked to tunnel POP3 operations through the proxy, we
- switch and use HTTP operations only */
-#ifndef CURL_DISABLE_HTTP
- if(conn->handler == &Curl_handler_pop3)
- conn->handler = &Curl_handler_pop3_proxy;
- else {
-#ifdef USE_SSL
- conn->handler = &Curl_handler_pop3s_proxy;
-#else
- failf(data, "POP3S not supported!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
-
- /* set it up as an HTTP connection instead */
- return conn->handler->setup_connection(conn);
-#else
- failf(data, "POP3 over http proxy requires HTTP support built-in!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
-
+ /* Clear the TLS upgraded flag */
+ conn->tls_upgraded = FALSE;
data->state.path++; /* don't include the initial slash */
return CURLE_OK;
@@ -1768,63 +1320,52 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct pop3_conn *pop3c = &conn->proto.pop3c;
- const char *options = conn->options;
- const char *ptr = options;
+ const char *ptr = conn->options;
+
+ pop3c->sasl.resetprefs = TRUE;
- if(options) {
+ while(!result && ptr && *ptr) {
const char *key = ptr;
+ const char *value;
while(*ptr && *ptr != '=')
ptr++;
- if(strnequal(key, "AUTH", 4)) {
- const char *value = ptr + 1;
+ value = ptr + 1;
- if(strequal(value, "*")) {
- pop3c->preftype = POP3_TYPE_ANY;
- pop3c->prefmech = SASL_AUTH_ANY;
- }
- else if(strequal(value, "+APOP")) {
+ while(*ptr && *ptr != ';')
+ ptr++;
+
+ if(strncasecompare(key, "AUTH=", 5)) {
+ result = Curl_sasl_parse_url_auth_option(&pop3c->sasl,
+ value, ptr - value);
+
+ if(result && strncasecompare(value, "+APOP", ptr - value)) {
pop3c->preftype = POP3_TYPE_APOP;
- pop3c->prefmech = SASL_AUTH_NONE;
- }
- else if(strequal(value, SASL_MECH_STRING_LOGIN)) {
- pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_LOGIN;
- }
- else if(strequal(value, SASL_MECH_STRING_PLAIN)) {
- pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_PLAIN;
- }
- else if(strequal(value, SASL_MECH_STRING_CRAM_MD5)) {
- pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_CRAM_MD5;
- }
- else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5)) {
- pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_DIGEST_MD5;
- }
- else if(strequal(value, SASL_MECH_STRING_GSSAPI)) {
- pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_GSSAPI;
- }
- else if(strequal(value, SASL_MECH_STRING_NTLM)) {
- pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_NTLM;
- }
- else if(strequal(value, SASL_MECH_STRING_XOAUTH2)) {
- pop3c->preftype = POP3_TYPE_SASL;
- pop3c->prefmech = SASL_MECH_XOAUTH2;
- }
- else {
- pop3c->preftype = POP3_TYPE_NONE;
- pop3c->prefmech = SASL_AUTH_NONE;
+ pop3c->sasl.prefmech = SASL_AUTH_NONE;
+ result = CURLE_OK;
}
}
else
result = CURLE_URL_MALFORMAT;
+
+ if(*ptr == ';')
+ ptr++;
}
+ if(pop3c->preftype != POP3_TYPE_APOP)
+ switch(pop3c->sasl.prefmech) {
+ case SASL_AUTH_NONE:
+ pop3c->preftype = POP3_TYPE_NONE;
+ break;
+ case SASL_AUTH_DEFAULT:
+ pop3c->preftype = POP3_TYPE_ANY;
+ break;
+ default:
+ pop3c->preftype = POP3_TYPE_SASL;
+ break;
+ }
+
return result;
}
@@ -1837,7 +1378,7 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn)
static CURLcode pop3_parse_url_path(struct connectdata *conn)
{
/* The POP3 struct is already initialised in pop3_connect() */
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct POP3 *pop3 = data->req.protop;
const char *path = data->state.path;
@@ -1854,7 +1395,7 @@ static CURLcode pop3_parse_url_path(struct connectdata *conn)
static CURLcode pop3_parse_custom_request(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct POP3 *pop3 = data->req.protop;
const char *custom = data->set.str[STRING_CUSTOMREQUEST];
@@ -1876,7 +1417,7 @@ CURLcode Curl_pop3_write(struct connectdata *conn, char *str, size_t nread)
{
/* This code could be made into a special function in the handler struct */
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SingleRequest *k = &data->req;
struct pop3_conn *pop3c = &conn->proto.pop3c;
@@ -1957,7 +1498,7 @@ CURLcode Curl_pop3_write(struct connectdata *conn, char *str, size_t nread)
if(prev) {
/* If the partial match was the CRLF and dot then only write the CRLF
as the server would have inserted the dot */
- result = Curl_client_write(conn, CLIENTWRITE_BODY, (char*)POP3_EOB,
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, (char *)POP3_EOB,
strip_dot ? prev - 1 : prev);
if(result)
diff --git a/libs/libcurl/src/pop3.h b/libs/libcurl/src/pop3.h
index 7bc7744955..a8e697cde2 100644
--- a/libs/libcurl/src/pop3.h
+++ b/libs/libcurl/src/pop3.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2009 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2009 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,6 +23,7 @@
***************************************************************************/
#include "pingpong.h"
+#include "curl_sasl.h"
/****************************************************************************
* POP3 unique setup
@@ -35,16 +36,7 @@ typedef enum {
POP3_STARTTLS,
POP3_UPGRADETLS, /* asynchronously upgrade the connection to SSL/TLS
(multi mode only) */
- POP3_AUTH_PLAIN,
- POP3_AUTH_LOGIN,
- POP3_AUTH_LOGIN_PASSWD,
- POP3_AUTH_CRAMMD5,
- POP3_AUTH_DIGESTMD5,
- POP3_AUTH_DIGESTMD5_RESP,
- POP3_AUTH_NTLM,
- POP3_AUTH_NTLM_TYPE2MSG,
- POP3_AUTH_XOAUTH2,
- POP3_AUTH_FINAL,
+ POP3_AUTH,
POP3_APOP,
POP3_USER,
POP3_PASS,
@@ -53,9 +45,9 @@ typedef enum {
POP3_LAST /* never used */
} pop3state;
-/* This POP3 struct is used in the SessionHandle. All POP3 data that is
+/* This POP3 struct is used in the Curl_easy. All POP3 data that is
connection-oriented must be in pop3_conn to properly deal with the fact that
- perhaps the SessionHandle is changed between the times the connection is
+ perhaps the Curl_easy is changed between the times the connection is
used. */
struct POP3 {
curl_pp_transfer transfer;
@@ -73,11 +65,9 @@ struct pop3_conn {
have been received so far */
size_t strip; /* Number of bytes from the start to ignore as
non-body */
+ struct SASL sasl; /* SASL-related storage */
unsigned int authtypes; /* Accepted authentication types */
- unsigned int authmechs; /* Accepted SASL authentication mechanisms */
unsigned int preftype; /* Preferred authentication type */
- unsigned int prefmech; /* Preferred SASL authentication mechanism */
- unsigned int authused; /* SASL auth mechanism used for the connection */
char *apoptimestamp; /* APOP timestamp from the server greeting */
bool tls_supported; /* StartTLS capability supported by server */
};
@@ -92,7 +82,7 @@ extern const struct Curl_handler Curl_handler_pop3s;
/* Authentication type values */
#define POP3_TYPE_NONE 0
-#define POP3_TYPE_ANY ~0
+#define POP3_TYPE_ANY ~0U
/* This is the 5-bytes End-Of-Body marker for POP3 */
#define POP3_EOB "\x0d\x0a\x2e\x0d\x0a"
diff --git a/libs/libcurl/src/progress.c b/libs/libcurl/src/progress.c
index dac7f8d6ec..72c518a149 100644
--- a/libs/libcurl/src/progress.c
+++ b/libs/libcurl/src/progress.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,9 +25,7 @@
#include "urldata.h"
#include "sendf.h"
#include "progress.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include "curl_printf.h"
/* Provide a string that is 2 + 1 + 2 + 1 + 2 = 8 letters long (plus the zero
byte) */
@@ -42,8 +40,8 @@ static void time2str(char *r, curl_off_t seconds)
if(h <= CURL_OFF_T_C(99)) {
m = (seconds - (h*CURL_OFF_T_C(3600))) / CURL_OFF_T_C(60);
s = (seconds - (h*CURL_OFF_T_C(3600))) - (m*CURL_OFF_T_C(60));
- snprintf(r, 9, "%2" FORMAT_OFF_T ":%02" FORMAT_OFF_T ":%02" FORMAT_OFF_T,
- h, m, s);
+ snprintf(r, 9, "%2" CURL_FORMAT_CURL_OFF_T ":%02" CURL_FORMAT_CURL_OFF_T
+ ":%02" CURL_FORMAT_CURL_OFF_T, h, m, s);
}
else {
/* this equals to more than 99 hours, switch to a more suitable output
@@ -51,9 +49,10 @@ static void time2str(char *r, curl_off_t seconds)
d = seconds / CURL_OFF_T_C(86400);
h = (seconds - (d*CURL_OFF_T_C(86400))) / CURL_OFF_T_C(3600);
if(d <= CURL_OFF_T_C(999))
- snprintf(r, 9, "%3" FORMAT_OFF_T "d %02" FORMAT_OFF_T "h", d, h);
+ snprintf(r, 9, "%3" CURL_FORMAT_CURL_OFF_T
+ "d %02" CURL_FORMAT_CURL_OFF_T "h", d, h);
else
- snprintf(r, 9, "%7" FORMAT_OFF_T "d", d);
+ snprintf(r, 9, "%7" CURL_FORMAT_CURL_OFF_T "d", d);
}
}
@@ -69,40 +68,40 @@ static char *max5data(curl_off_t bytes, char *max5)
#define ONE_PETABYTE (CURL_OFF_T_C(1024) * ONE_TERABYTE)
if(bytes < CURL_OFF_T_C(100000))
- snprintf(max5, 6, "%5" FORMAT_OFF_T, bytes);
+ snprintf(max5, 6, "%5" CURL_FORMAT_CURL_OFF_T, bytes);
else if(bytes < CURL_OFF_T_C(10000) * ONE_KILOBYTE)
- snprintf(max5, 6, "%4" FORMAT_OFF_T "k", bytes/ONE_KILOBYTE);
+ snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "k", bytes/ONE_KILOBYTE);
else if(bytes < CURL_OFF_T_C(100) * ONE_MEGABYTE)
/* 'XX.XM' is good as long as we're less than 100 megs */
- snprintf(max5, 6, "%2" FORMAT_OFF_T ".%0" FORMAT_OFF_T "M",
- bytes/ONE_MEGABYTE,
+ snprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0"
+ CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE,
(bytes%ONE_MEGABYTE) / (ONE_MEGABYTE/CURL_OFF_T_C(10)) );
#if (CURL_SIZEOF_CURL_OFF_T > 4)
else if(bytes < CURL_OFF_T_C(10000) * ONE_MEGABYTE)
/* 'XXXXM' is good until we're at 10000MB or above */
- snprintf(max5, 6, "%4" FORMAT_OFF_T "M", bytes/ONE_MEGABYTE);
+ snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
else if(bytes < CURL_OFF_T_C(100) * ONE_GIGABYTE)
/* 10000 MB - 100 GB, we show it as XX.XG */
- snprintf(max5, 6, "%2" FORMAT_OFF_T ".%0" FORMAT_OFF_T "G",
- bytes/ONE_GIGABYTE,
+ snprintf(max5, 6, "%2" CURL_FORMAT_CURL_OFF_T ".%0"
+ CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE,
(bytes%ONE_GIGABYTE) / (ONE_GIGABYTE/CURL_OFF_T_C(10)) );
else if(bytes < CURL_OFF_T_C(10000) * ONE_GIGABYTE)
/* up to 10000GB, display without decimal: XXXXG */
- snprintf(max5, 6, "%4" FORMAT_OFF_T "G", bytes/ONE_GIGABYTE);
+ snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "G", bytes/ONE_GIGABYTE);
else if(bytes < CURL_OFF_T_C(10000) * ONE_TERABYTE)
/* up to 10000TB, display without decimal: XXXXT */
- snprintf(max5, 6, "%4" FORMAT_OFF_T "T", bytes/ONE_TERABYTE);
+ snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "T", bytes/ONE_TERABYTE);
else
/* up to 10000PB, display without decimal: XXXXP */
- snprintf(max5, 6, "%4" FORMAT_OFF_T "P", bytes/ONE_PETABYTE);
+ snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "P", bytes/ONE_PETABYTE);
/* 16384 petabytes (16 exabytes) is the maximum a 64 bit unsigned number
can hold, but our data type is signed so 8192PB will be the maximum. */
@@ -110,7 +109,7 @@ static char *max5data(curl_off_t bytes, char *max5)
#else
else
- snprintf(max5, 6, "%4" FORMAT_OFF_T "M", bytes/ONE_MEGABYTE);
+ snprintf(max5, 6, "%4" CURL_FORMAT_CURL_OFF_T "M", bytes/ONE_MEGABYTE);
#endif
@@ -134,8 +133,8 @@ static char *max5data(curl_off_t bytes, char *max5)
int Curl_pgrsDone(struct connectdata *conn)
{
int rc;
- struct SessionHandle *data = conn->data;
- data->progress.lastshow=0;
+ struct Curl_easy *data = conn->data;
+ data->progress.lastshow = 0;
rc = Curl_pgrsUpdate(conn); /* the final (forced) update */
if(rc)
return rc;
@@ -150,99 +149,198 @@ int Curl_pgrsDone(struct connectdata *conn)
return 0;
}
-/* reset all times except redirect, and reset the known transfer sizes */
-void Curl_pgrsResetTimesSizes(struct SessionHandle *data)
+/* reset the known transfer sizes */
+void Curl_pgrsResetTransferSizes(struct Curl_easy *data)
{
- data->progress.t_nslookup = 0.0;
- data->progress.t_connect = 0.0;
- data->progress.t_pretransfer = 0.0;
- data->progress.t_starttransfer = 0.0;
-
- Curl_pgrsSetDownloadSize(data, 0);
- Curl_pgrsSetUploadSize(data, 0);
+ Curl_pgrsSetDownloadSize(data, -1);
+ Curl_pgrsSetUploadSize(data, -1);
}
-void Curl_pgrsTime(struct SessionHandle *data, timerid timer)
+/*
+ * @unittest: 1399
+ */
+void Curl_pgrsTime(struct Curl_easy *data, timerid timer)
{
- struct timeval now = Curl_tvnow();
+ struct curltime now = Curl_now();
+ time_t *delta = NULL;
switch(timer) {
default:
case TIMER_NONE:
/* mistake filter */
break;
+ case TIMER_STARTOP:
+ /* This is set at the start of a transfer */
+ data->progress.t_startop = now;
+ break;
case TIMER_STARTSINGLE:
- /* This is set at the start of a single fetch */
+ /* This is set at the start of each single fetch */
data->progress.t_startsingle = now;
+ data->progress.is_t_startransfer_set = false;
break;
-
case TIMER_STARTACCEPT:
- data->progress.t_acceptdata = Curl_tvnow();
+ data->progress.t_acceptdata = now;
break;
-
case TIMER_NAMELOOKUP:
- data->progress.t_nslookup =
- Curl_tvdiff_secs(now, data->progress.t_startsingle);
+ delta = &data->progress.t_nslookup;
break;
case TIMER_CONNECT:
- data->progress.t_connect =
- Curl_tvdiff_secs(now, data->progress.t_startsingle);
+ delta = &data->progress.t_connect;
break;
case TIMER_APPCONNECT:
- data->progress.t_appconnect =
- Curl_tvdiff_secs(now, data->progress.t_startsingle);
+ delta = &data->progress.t_appconnect;
break;
case TIMER_PRETRANSFER:
- data->progress.t_pretransfer =
- Curl_tvdiff_secs(now, data->progress.t_startsingle);
+ delta = &data->progress.t_pretransfer;
break;
case TIMER_STARTTRANSFER:
- data->progress.t_starttransfer =
- Curl_tvdiff_secs(now, data->progress.t_startsingle);
- break;
+ delta = &data->progress.t_starttransfer;
+ /* prevent updating t_starttransfer unless:
+ * 1) this is the first time we're setting t_starttransfer
+ * 2) a redirect has occurred since the last time t_starttransfer was set
+ * This prevents repeated invocations of the function from incorrectly
+ * changing the t_starttransfer time.
+ */
+ if(data->progress.is_t_startransfer_set) {
+ return;
+ }
+ else {
+ data->progress.is_t_startransfer_set = true;
+ break;
+ }
case TIMER_POSTRANSFER:
/* this is the normal end-of-transfer thing */
break;
case TIMER_REDIRECT:
- data->progress.t_redirect = Curl_tvdiff_secs(now, data->progress.start);
+ data->progress.t_redirect = Curl_timediff_us(now, data->progress.start);
break;
}
+ if(delta) {
+ timediff_t us = Curl_timediff_us(now, data->progress.t_startsingle);
+ if(us < 1)
+ us = 1; /* make sure at least one microsecond passed */
+ *delta += us;
+ }
}
-void Curl_pgrsStartNow(struct SessionHandle *data)
+void Curl_pgrsStartNow(struct Curl_easy *data)
{
data->progress.speeder_c = 0; /* reset the progress meter display */
- data->progress.start = Curl_tvnow();
+ data->progress.start = Curl_now();
+ data->progress.is_t_startransfer_set = false;
+ data->progress.ul_limit_start.tv_sec = 0;
+ data->progress.ul_limit_start.tv_usec = 0;
+ data->progress.dl_limit_start.tv_sec = 0;
+ data->progress.dl_limit_start.tv_usec = 0;
/* clear all bits except HIDE and HEADERS_OUT */
data->progress.flags &= PGRS_HIDE|PGRS_HEADERS_OUT;
}
-void Curl_pgrsSetDownloadCounter(struct SessionHandle *data, curl_off_t size)
+/*
+ * This is used to handle speed limits, calculating how much milliseconds we
+ * need to wait until we're back under the speed limit, if needed.
+ *
+ * The way it works is by having a "starting point" (time & amount of data
+ * transferred by then) used in the speed computation, to be used instead of
+ * the start of the transfer. This starting point is regularly moved as
+ * transfer goes on, to keep getting accurate values (instead of average over
+ * the entire transfer).
+ *
+ * This function takes the current amount of data transferred, the amount at
+ * the starting point, the limit (in bytes/s), the time of the starting point
+ * and the current time.
+ *
+ * Returns -1 if no waiting is needed (not enough data transferred since
+ * starting point yet), 0 when no waiting is needed but the starting point
+ * should be reset (to current), or the number of milliseconds to wait to get
+ * back under the speed limit.
+ */
+long Curl_pgrsLimitWaitTime(curl_off_t cursize,
+ curl_off_t startsize,
+ curl_off_t limit,
+ struct curltime start,
+ struct curltime now)
{
+ curl_off_t size = cursize - startsize;
+ time_t minimum;
+ time_t actual;
+
+ /* we don't have a starting point yet -- return 0 so it gets (re)set */
+ if(start.tv_sec == 0 && start.tv_usec == 0)
+ return 0;
+
+ /* not enough data yet */
+ if(size < limit)
+ return -1;
+
+ minimum = (time_t) (CURL_OFF_T_C(1000) * size / limit);
+ actual = Curl_timediff(now, start);
+
+ if(actual < minimum)
+ /* this is a conversion on some systems (64bit time_t => 32bit long) */
+ return (long)(minimum - actual);
+
+ return 0;
+}
+
+void Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size)
+{
+ struct curltime now = Curl_now();
+
data->progress.downloaded = size;
+
+ /* download speed limit */
+ if((data->set.max_recv_speed > 0) &&
+ (Curl_pgrsLimitWaitTime(data->progress.downloaded,
+ data->progress.dl_limit_size,
+ data->set.max_recv_speed,
+ data->progress.dl_limit_start,
+ now) == 0)) {
+ data->progress.dl_limit_start = now;
+ data->progress.dl_limit_size = size;
+ }
}
-void Curl_pgrsSetUploadCounter(struct SessionHandle *data, curl_off_t size)
+void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size)
{
+ struct curltime now = Curl_now();
+
data->progress.uploaded = size;
+
+ /* upload speed limit */
+ if((data->set.max_send_speed > 0) &&
+ (Curl_pgrsLimitWaitTime(data->progress.uploaded,
+ data->progress.ul_limit_size,
+ data->set.max_send_speed,
+ data->progress.ul_limit_start,
+ now) == 0)) {
+ data->progress.ul_limit_start = now;
+ data->progress.ul_limit_size = size;
+ }
}
-void Curl_pgrsSetDownloadSize(struct SessionHandle *data, curl_off_t size)
+void Curl_pgrsSetDownloadSize(struct Curl_easy *data, curl_off_t size)
{
- data->progress.size_dl = size;
- if(size >= 0)
+ if(size >= 0) {
+ data->progress.size_dl = size;
data->progress.flags |= PGRS_DL_SIZE_KNOWN;
- else
+ }
+ else {
+ data->progress.size_dl = 0;
data->progress.flags &= ~PGRS_DL_SIZE_KNOWN;
+ }
}
-void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size)
+void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size)
{
- data->progress.size_ul = size;
- if(size >= 0)
+ if(size >= 0) {
+ data->progress.size_ul = size;
data->progress.flags |= PGRS_UL_SIZE_KNOWN;
- else
+ }
+ else {
+ data->progress.size_ul = 0;
data->progress.flags &= ~PGRS_UL_SIZE_KNOWN;
+ }
}
/*
@@ -251,56 +349,53 @@ void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size)
*/
int Curl_pgrsUpdate(struct connectdata *conn)
{
- struct timeval now;
+ struct curltime now;
int result;
char max5[6][10];
- curl_off_t dlpercen=0;
- curl_off_t ulpercen=0;
- curl_off_t total_percen=0;
+ curl_off_t dlpercen = 0;
+ curl_off_t ulpercen = 0;
+ curl_off_t total_percen = 0;
curl_off_t total_transfer;
curl_off_t total_expected_transfer;
curl_off_t timespent;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
int nowindex = data->progress.speeder_c% CURR_TIME;
int checkindex;
int countindex; /* amount of seconds stored in the speeder array */
char time_left[10];
char time_total[10];
char time_spent[10];
- curl_off_t ulestimate=0;
- curl_off_t dlestimate=0;
+ curl_off_t ulestimate = 0;
+ curl_off_t dlestimate = 0;
curl_off_t total_estimate;
- bool shownow=FALSE;
+ bool shownow = FALSE;
- now = Curl_tvnow(); /* what time is it */
+ now = Curl_now(); /* what time is it */
/* The time spent so far (from the start) */
- data->progress.timespent =
- (double)(now.tv_sec - data->progress.start.tv_sec) +
- (double)(now.tv_usec - data->progress.start.tv_usec)/1000000.0;
- timespent = (curl_off_t)data->progress.timespent;
+ data->progress.timespent = Curl_timediff_us(now, data->progress.start);
+ timespent = (curl_off_t)data->progress.timespent/1000000; /* seconds */
/* The average download speed this far */
data->progress.dlspeed = (curl_off_t)
- ((double)data->progress.downloaded/
- (data->progress.timespent>0?data->progress.timespent:1));
+ (data->progress.downloaded/
+ (timespent>0?timespent:1));
/* The average upload speed this far */
data->progress.ulspeed = (curl_off_t)
- ((double)data->progress.uploaded/
- (data->progress.timespent>0?data->progress.timespent:1));
+ (data->progress.uploaded/
+ (timespent>0?timespent:1));
/* Calculations done at most once a second, unless end is reached */
- if(data->progress.lastshow != (long)now.tv_sec) {
+ if(data->progress.lastshow != now.tv_sec) {
shownow = TRUE;
data->progress.lastshow = now.tv_sec;
- /* Let's do the "current speed" thing, which should use the fastest
- of the dl/ul speeds. Store the faster speed at entry 'nowindex'. */
+ /* Let's do the "current speed" thing, with the dl + ul speeds
+ combined. Store the speed at entry 'nowindex'. */
data->progress.speeder[ nowindex ] =
- data->progress.downloaded>data->progress.uploaded?
- data->progress.downloaded:data->progress.uploaded;
+ data->progress.downloaded + data->progress.uploaded;
/* remember the exact time for this moment */
data->progress.speeder_time [ nowindex ] = now;
@@ -313,24 +408,24 @@ int Curl_pgrsUpdate(struct connectdata *conn)
array. With N_ENTRIES filled in, we have about N_ENTRIES-1 seconds of
transfer. Imagine, after one second we have filled in two entries,
after two seconds we've filled in three entries etc. */
- countindex = ((data->progress.speeder_c>=CURR_TIME)?
+ countindex = ((data->progress.speeder_c >= CURR_TIME)?
CURR_TIME:data->progress.speeder_c) - 1;
/* first of all, we don't do this if there's no counted seconds yet */
if(countindex) {
- long span_ms;
+ timediff_t span_ms;
/* Get the index position to compare with the 'nowindex' position.
Get the oldest entry possible. While we have less than CURR_TIME
entries, the first entry will remain the oldest. */
- checkindex = (data->progress.speeder_c>=CURR_TIME)?
+ checkindex = (data->progress.speeder_c >= CURR_TIME)?
data->progress.speeder_c%CURR_TIME:0;
/* Figure out the exact time for the time span */
- span_ms = Curl_tvdiff(now,
- data->progress.speeder_time[checkindex]);
+ span_ms = Curl_timediff(now,
+ data->progress.speeder_time[checkindex]);
if(0 == span_ms)
- span_ms=1; /* at least one millisecond MUST have passed */
+ span_ms = 1; /* at least one millisecond MUST have passed */
/* Calculate the average speed the last 'span_ms' milliseconds */
{
@@ -349,10 +444,9 @@ int Curl_pgrsUpdate(struct connectdata *conn)
}
}
else
- /* the first second we use the main average */
+ /* the first second we use the average */
data->progress.current_speed =
- (data->progress.ulspeed>data->progress.dlspeed)?
- data->progress.ulspeed:data->progress.dlspeed;
+ data->progress.ulspeed + data->progress.dlspeed;
} /* Calculations end */
@@ -361,22 +455,22 @@ int Curl_pgrsUpdate(struct connectdata *conn)
if(data->set.fxferinfo) {
/* There's a callback set, call that */
- result= data->set.fxferinfo(data->set.progress_client,
- data->progress.size_dl,
- data->progress.downloaded,
- data->progress.size_ul,
- data->progress.uploaded);
+ result = data->set.fxferinfo(data->set.progress_client,
+ data->progress.size_dl,
+ data->progress.downloaded,
+ data->progress.size_ul,
+ data->progress.uploaded);
if(result)
failf(data, "Callback aborted");
return result;
}
- else if(data->set.fprogress) {
+ if(data->set.fprogress) {
/* The older deprecated callback is set, call that */
- result= data->set.fprogress(data->set.progress_client,
- (double)data->progress.size_dl,
- (double)data->progress.downloaded,
- (double)data->progress.size_ul,
- (double)data->progress.uploaded);
+ result = data->set.fprogress(data->set.progress_client,
+ (double)data->progress.size_dl,
+ (double)data->progress.downloaded,
+ (double)data->progress.size_ul,
+ (double)data->progress.uploaded);
if(result)
failf(data, "Callback aborted");
return result;
@@ -392,8 +486,8 @@ int Curl_pgrsUpdate(struct connectdata *conn)
if(!(data->progress.flags & PGRS_HEADERS_OUT)) {
if(data->state.resume_from) {
fprintf(data->set.err,
- "** Resuming transfer from byte position %" FORMAT_OFF_T "\n",
- data->state.resume_from);
+ "** Resuming transfer from byte position %"
+ CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from);
}
fprintf(data->set.err,
" %% Total %% Received %% Xferd Average Speed "
@@ -457,9 +551,9 @@ int Curl_pgrsUpdate(struct connectdata *conn)
fprintf(data->set.err,
"\r"
- "%3" FORMAT_OFF_T " %s "
- "%3" FORMAT_OFF_T " %s "
- "%3" FORMAT_OFF_T " %s %s %s %s %s %s %s",
+ "%3" CURL_FORMAT_CURL_OFF_T " %s "
+ "%3" CURL_FORMAT_CURL_OFF_T " %s "
+ "%3" CURL_FORMAT_CURL_OFF_T " %s %s %s %s %s %s %s",
total_percen, /* 3 letters */ /* total % */
max5data(total_expected_transfer, max5[2]), /* total size */
dlpercen, /* 3 letters */ /* rcvd % */
diff --git a/libs/libcurl/src/progress.h b/libs/libcurl/src/progress.h
index f97fef9961..9333ab25c2 100644
--- a/libs/libcurl/src/progress.h
+++ b/libs/libcurl/src/progress.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -27,28 +27,33 @@
typedef enum {
TIMER_NONE,
+ TIMER_STARTOP,
+ TIMER_STARTSINGLE,
TIMER_NAMELOOKUP,
TIMER_CONNECT,
TIMER_APPCONNECT,
TIMER_PRETRANSFER,
TIMER_STARTTRANSFER,
TIMER_POSTRANSFER,
- TIMER_STARTSINGLE,
TIMER_STARTACCEPT,
TIMER_REDIRECT,
TIMER_LAST /* must be last */
} timerid;
int Curl_pgrsDone(struct connectdata *);
-void Curl_pgrsStartNow(struct SessionHandle *data);
-void Curl_pgrsSetDownloadSize(struct SessionHandle *data, curl_off_t size);
-void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size);
-void Curl_pgrsSetDownloadCounter(struct SessionHandle *data, curl_off_t size);
-void Curl_pgrsSetUploadCounter(struct SessionHandle *data, curl_off_t size);
+void Curl_pgrsStartNow(struct Curl_easy *data);
+void Curl_pgrsSetDownloadSize(struct Curl_easy *data, curl_off_t size);
+void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size);
+void Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size);
+void Curl_pgrsSetUploadCounter(struct Curl_easy *data, curl_off_t size);
int Curl_pgrsUpdate(struct connectdata *);
-void Curl_pgrsResetTimesSizes(struct SessionHandle *data);
-void Curl_pgrsTime(struct SessionHandle *data, timerid timer);
-
+void Curl_pgrsResetTransferSizes(struct Curl_easy *data);
+void Curl_pgrsTime(struct Curl_easy *data, timerid timer);
+long Curl_pgrsLimitWaitTime(curl_off_t cursize,
+ curl_off_t startsize,
+ curl_off_t limit,
+ struct curltime start,
+ struct curltime now);
/* Don't show progress for sizes smaller than: */
#define LEAST_SIZE_PROGRESS BUFSIZE
diff --git a/libs/libcurl/src/qssl.c b/libs/libcurl/src/qssl.c
deleted file mode 100644
index b8a8daecac..0000000000
--- a/libs/libcurl/src/qssl.c
+++ /dev/null
@@ -1,521 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_QSOSSL
-
-#include <qsossl.h>
-
-#ifdef HAVE_LIMITS_H
-# include <limits.h>
-#endif
-
-#include <curl/curl.h>
-#include "urldata.h"
-#include "sendf.h"
-#include "qssl.h"
-#include "sslgen.h"
-#include "connect.h" /* for the connect timeout */
-#include "select.h"
-#include "x509asn1.h"
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-
-int Curl_qsossl_init(void)
-
-{
- /* Nothing to do here. We must have connection data to initialize ssl, so
- * defer.
- */
-
- return 1;
-}
-
-
-void Curl_qsossl_cleanup(void)
-
-{
- /* Nothing to do. */
-}
-
-
-static CURLcode Curl_qsossl_init_session(struct SessionHandle * data)
-
-{
- int rc;
- char * certname;
- SSLInit initstr;
- SSLInitApp initappstr;
-
- /* Initialize the job for SSL according to the current parameters.
- * QsoSSL offers two ways to do it: SSL_Init_Application() that uses an
- * application identifier to select certificates in the main certificate
- * store, and SSL_Init() that uses named keyring files and a password.
- * It is not possible to have different keyrings for the CAs and the
- * local certificate. We thus use the certificate name to identify the
- * keyring if given, else the CA file name.
- * If the key file name is given, it is taken as the password for the
- * keyring in certificate file.
- * We first try to SSL_Init_Application(), then SSL_Init() if it failed.
- */
-
- certname = data->set.str[STRING_CERT];
-
- if(!certname) {
- certname = data->set.str[STRING_SSL_CAFILE];
-
- if(!certname)
- return CURLE_OK; /* Use previous setup. */
- }
-
- memset((char *) &initappstr, 0, sizeof initappstr);
- initappstr.applicationID = certname;
- initappstr.applicationIDLen = strlen(certname);
- initappstr.protocol = SSL_VERSION_CURRENT; /* TLSV1 compat. SSLV[23]. */
- initappstr.sessionType = SSL_REGISTERED_AS_CLIENT;
- rc = SSL_Init_Application(&initappstr);
-
- if(rc == SSL_ERROR_NOT_REGISTERED) {
- initstr.keyringFileName = certname;
- initstr.keyringPassword = data->set.str[STRING_KEY];
- initstr.cipherSuiteList = NULL; /* Use default. */
- initstr.cipherSuiteListLen = 0;
- rc = SSL_Init(&initstr);
- }
-
- switch (rc) {
-
- case 0: /* No error. */
- break;
-
- case SSL_ERROR_IO:
- failf(data, "SSL_Init() I/O error: %s", strerror(errno));
- return CURLE_SSL_CONNECT_ERROR;
-
- case SSL_ERROR_BAD_CIPHER_SUITE:
- return CURLE_SSL_CIPHER;
-
- case SSL_ERROR_KEYPASSWORD_EXPIRED:
- case SSL_ERROR_NOT_REGISTERED:
- return CURLE_SSL_CONNECT_ERROR;
-
- case SSL_ERROR_NO_KEYRING:
- return CURLE_SSL_CACERT;
-
- case SSL_ERROR_CERT_EXPIRED:
- return CURLE_SSL_CERTPROBLEM;
-
- default:
- failf(data, "SSL_Init(): %s", SSL_Strerror(rc, NULL));
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- return CURLE_OK;
-}
-
-
-static CURLcode Curl_qsossl_create(struct connectdata * conn, int sockindex)
-
-{
- SSLHandle * h;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
-
- h = SSL_Create(conn->sock[sockindex], SSL_ENCRYPT);
-
- if(!h) {
- failf(conn->data, "SSL_Create() I/O error: %s", strerror(errno));
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- connssl->handle = h;
- return CURLE_OK;
-}
-
-
-static int Curl_qsossl_trap_cert(SSLHandle * h)
-
-{
- return 1; /* Accept certificate. */
-}
-
-
-static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
-
-{
- int rc;
- struct SessionHandle * data = conn->data;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- SSLHandle * h = connssl->handle;
- long timeout_ms;
-
- h->exitPgm = data->set.ssl.verifypeer? NULL: Curl_qsossl_trap_cert;
-
- /* figure out how long time we should wait at maximum */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* time-out, bail out, go home */
- failf(data, "Connection time-out");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- /* SSL_Handshake() timeout resolution is second, so round up. */
- h->timeout = (timeout_ms + 1000 - 1) / 1000;
-
- /* Set-up protocol. */
-
- switch (data->set.ssl.version) {
-
- default:
- case CURL_SSLVERSION_DEFAULT:
- h->protocol = SSL_VERSION_CURRENT; /* TLSV1 compat. SSLV[23]. */
- break;
-
- case CURL_SSLVERSION_TLSv1:
- h->protocol = TLS_VERSION_1;
- break;
-
- case CURL_SSLVERSION_SSLv2:
- h->protocol = SSL_VERSION_2;
- break;
-
- case CURL_SSLVERSION_SSLv3:
- h->protocol = SSL_VERSION_3;
- break;
- }
-
- h->peerCert = NULL;
- h->peerCertLen = 0;
- rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT);
-
- switch (rc) {
-
- case 0: /* No error. */
- break;
-
- case SSL_ERROR_BAD_CERTIFICATE:
- case SSL_ERROR_BAD_CERT_SIG:
- case SSL_ERROR_NOT_TRUSTED_ROOT:
- return CURLE_PEER_FAILED_VERIFICATION;
-
- case SSL_ERROR_BAD_CIPHER_SUITE:
- case SSL_ERROR_NO_CIPHERS:
- return CURLE_SSL_CIPHER;
-
- case SSL_ERROR_CERTIFICATE_REJECTED:
- case SSL_ERROR_CERT_EXPIRED:
- case SSL_ERROR_NO_CERTIFICATE:
- return CURLE_SSL_CERTPROBLEM;
-
- case SSL_ERROR_IO:
- failf(data, "SSL_Handshake() I/O error: %s", strerror(errno));
- return CURLE_SSL_CONNECT_ERROR;
-
- default:
- failf(data, "SSL_Handshake(): %s", SSL_Strerror(rc, NULL));
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- /* Verify host. */
- rc = Curl_verifyhost(conn, h->peerCert, h->peerCert + h->peerCertLen);
- if(rc != CURLE_OK)
- return rc;
-
- /* Gather certificate info. */
- if(data->set.ssl.certinfo) {
- if(Curl_ssl_init_certinfo(data, 1))
- return CURLE_OUT_OF_MEMORY;
- if(h->peerCert) {
- rc = Curl_extract_certinfo(conn, 0, h->peerCert,
- h->peerCert + h->peerCertLen);
- if(rc != CURLE_OK)
- return rc;
- }
- }
-
- return CURLE_OK;
-}
-
-
-static Curl_recv qsossl_recv;
-static Curl_send qsossl_send;
-
-CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex)
-
-{
- struct SessionHandle * data = conn->data;
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- int rc;
-
- rc = Curl_qsossl_init_session(data);
-
- if(rc == CURLE_OK) {
- rc = Curl_qsossl_create(conn, sockindex);
-
- if(rc == CURLE_OK) {
- rc = Curl_qsossl_handshake(conn, sockindex);
- if(rc != CURLE_OK)
- SSL_Destroy(connssl->handle);
- }
- }
-
- if(rc == CURLE_OK) {
- conn->recv[sockindex] = qsossl_recv;
- conn->send[sockindex] = qsossl_send;
- connssl->state = ssl_connection_complete;
- }
- else {
- connssl->handle = NULL;
- connssl->use = FALSE;
- connssl->state = ssl_connection_none;
- }
-
- return rc;
-}
-
-
-static int Curl_qsossl_close_one(struct ssl_connect_data * conn,
- struct SessionHandle * data)
-
-{
- int rc;
-
- if(!conn->handle)
- return 0;
-
- rc = SSL_Destroy(conn->handle);
-
- if(rc) {
- if(rc == SSL_ERROR_IO) {
- failf(data, "SSL_Destroy() I/O error: %s", strerror(errno));
- return -1;
- }
-
- /* An SSL error. */
- failf(data, "SSL_Destroy() returned error %s", SSL_Strerror(rc, NULL));
- return -1;
- }
-
- conn->handle = NULL;
- return 0;
-}
-
-
-void Curl_qsossl_close(struct connectdata *conn, int sockindex)
-
-{
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- if(connssl->use)
- (void) Curl_qsossl_close_one(connssl, data);
-}
-
-
-int Curl_qsossl_close_all(struct SessionHandle * data)
-
-{
- /* Unimplemented. */
- (void) data;
- return 0;
-}
-
-
-int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex)
-
-{
- struct ssl_connect_data * connssl = &conn->ssl[sockindex];
- struct SessionHandle *data = conn->data;
- ssize_t nread;
- int what;
- int rc;
- char buf[120];
-
- if(!connssl->handle)
- return 0;
-
- if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
- return 0;
-
- if(Curl_qsossl_close_one(connssl, data))
- return -1;
-
- rc = 0;
-
- what = Curl_socket_ready(conn->sock[sockindex],
- CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
-
- for(;;) {
- if(what < 0) {
- /* anything that gets here is fatally bad */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- rc = -1;
- break;
- }
-
- if(!what) { /* timeout */
- failf(data, "SSL shutdown timeout");
- break;
- }
-
- /* Something to read, let's do it and hope that it is the close
- notify alert from the server. No way to SSL_Read now, so use read(). */
-
- nread = read(conn->sock[sockindex], buf, sizeof(buf));
-
- if(nread < 0) {
- failf(data, "read: %s", strerror(errno));
- rc = -1;
- }
-
- if(nread <= 0)
- break;
-
- what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
- }
-
- return rc;
-}
-
-
-static ssize_t qsossl_send(struct connectdata * conn, int sockindex,
- const void * mem, size_t len, CURLcode * curlcode)
-
-{
- /* SSL_Write() is said to return 'int' while write() and send() returns
- 'size_t' */
- int rc;
-
- rc = SSL_Write(conn->ssl[sockindex].handle, (void *) mem, (int) len);
-
- if(rc < 0) {
- switch(rc) {
-
- case SSL_ERROR_BAD_STATE:
- /* The operation did not complete; the same SSL I/O function
- should be called again later. This is basically an EWOULDBLOCK
- equivalent. */
- *curlcode = CURLE_AGAIN;
- return -1;
-
- case SSL_ERROR_IO:
- switch (errno) {
- case EWOULDBLOCK:
- case EINTR:
- *curlcode = CURLE_AGAIN;
- return -1;
- }
-
- failf(conn->data, "SSL_Write() I/O error: %s", strerror(errno));
- *curlcode = CURLE_SEND_ERROR;
- return -1;
- }
-
- /* An SSL error. */
- failf(conn->data, "SSL_Write() returned error %s",
- SSL_Strerror(rc, NULL));
- *curlcode = CURLE_SEND_ERROR;
- return -1;
- }
-
- return (ssize_t) rc; /* number of bytes */
-}
-
-
-static ssize_t qsossl_recv(struct connectdata * conn, int num, char * buf,
- size_t buffersize, CURLcode * curlcode)
-
-{
- char error_buffer[120]; /* OpenSSL documents that this must be at
- least 120 bytes long. */
- unsigned long sslerror;
- int buffsize;
- int nread;
-
- buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
- nread = SSL_Read(conn->ssl[num].handle, buf, buffsize);
-
- if(nread < 0) {
- /* failed SSL_read */
-
- switch (nread) {
-
- case SSL_ERROR_BAD_STATE:
- /* there's data pending, re-invoke SSL_Read(). */
- *curlcode = CURLE_AGAIN;
- return -1;
-
- case SSL_ERROR_IO:
- switch (errno) {
- case EWOULDBLOCK:
- *curlcode = CURLE_AGAIN;
- return -1;
- }
-
- failf(conn->data, "SSL_Read() I/O error: %s", strerror(errno));
- *curlcode = CURLE_RECV_ERROR;
- return -1;
-
- default:
- failf(conn->data, "SSL read error: %s", SSL_Strerror(nread, NULL));
- *curlcode = CURLE_RECV_ERROR;
- return -1;
- }
- }
- return (ssize_t) nread;
-}
-
-
-size_t Curl_qsossl_version(char * buffer, size_t size)
-
-{
- strncpy(buffer, "IBM OS/400 SSL", size);
- return strlen(buffer);
-}
-
-
-int Curl_qsossl_check_cxn(struct connectdata * cxn)
-
-{
- int err;
- int errlen;
-
- /* The only thing that can be tested here is at the socket level. */
-
- if(!cxn->ssl[FIRSTSOCKET].handle)
- return 0; /* connection has been closed */
-
- err = 0;
- errlen = sizeof err;
-
- if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR,
- (unsigned char *) &err, &errlen) ||
- errlen != sizeof err || err)
- return 0; /* connection has been closed */
-
- return -1; /* connection status unknown */
-}
-
-#endif /* USE_QSOSSL */
diff --git a/libs/libcurl/src/qssl.h b/libs/libcurl/src/qssl.h
deleted file mode 100644
index 1fb47b8299..0000000000
--- a/libs/libcurl/src/qssl.h
+++ /dev/null
@@ -1,61 +0,0 @@
-#ifndef HEADER_CURL_QSSL_H
-#define HEADER_CURL_QSSL_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-/*
- * This header should only be needed to get included by sslgen.c and qssl.c
- */
-
-#include "urldata.h"
-
-#ifdef USE_QSOSSL
-int Curl_qsossl_init(void);
-void Curl_qsossl_cleanup(void);
-CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex);
-void Curl_qsossl_close(struct connectdata *conn, int sockindex);
-int Curl_qsossl_close_all(struct SessionHandle * data);
-int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex);
-
-size_t Curl_qsossl_version(char * buffer, size_t size);
-int Curl_qsossl_check_cxn(struct connectdata * cxn);
-
-/* API setup for QsoSSL */
-#define curlssl_init Curl_qsossl_init
-#define curlssl_cleanup Curl_qsossl_cleanup
-#define curlssl_connect Curl_qsossl_connect
-
-/* No session handling for QsoSSL */
-#define curlssl_session_free(x) Curl_nop_stmt
-#define curlssl_close_all Curl_qsossl_close_all
-#define curlssl_close Curl_qsossl_close
-#define curlssl_shutdown(x,y) Curl_qsossl_shutdown(x,y)
-#define curlssl_set_engine(x,y) CURLE_NOT_BUILT_IN
-#define curlssl_set_engine_default(x) CURLE_NOT_BUILT_IN
-#define curlssl_engines_list(x) NULL
-#define curlssl_version Curl_qsossl_version
-#define curlssl_check_cxn(x) Curl_qsossl_check_cxn(x)
-#define curlssl_data_pending(x,y) 0
-#endif /* USE_QSOSSL */
-
-#endif /* HEADER_CURL_QSSL_H */
diff --git a/libs/libcurl/src/rand.c b/libs/libcurl/src/rand.c
new file mode 100644
index 0000000000..2670af9d97
--- /dev/null
+++ b/libs/libcurl/src/rand.c
@@ -0,0 +1,179 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include <curl/curl.h>
+#include "vtls/vtls.h"
+#include "sendf.h"
+#include "rand.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+static CURLcode randit(struct Curl_easy *data, unsigned int *rnd)
+{
+ unsigned int r;
+ CURLcode result = CURLE_OK;
+ static unsigned int randseed;
+ static bool seeded = FALSE;
+
+#ifdef CURLDEBUG
+ char *force_entropy = getenv("CURL_ENTROPY");
+ if(force_entropy) {
+ if(!seeded) {
+ unsigned int seed = 0;
+ size_t elen = strlen(force_entropy);
+ size_t clen = sizeof(seed);
+ size_t min = elen < clen ? elen : clen;
+ memcpy((char *)&seed, force_entropy, min);
+ randseed = ntohl(seed);
+ seeded = TRUE;
+ }
+ else
+ randseed++;
+ *rnd = randseed;
+ return CURLE_OK;
+ }
+#endif
+
+ /* data may be NULL! */
+ result = Curl_ssl_random(data, (unsigned char *)rnd, sizeof(*rnd));
+ if(result != CURLE_NOT_BUILT_IN)
+ /* only if there is no random function in the TLS backend do the non crypto
+ version, otherwise return result */
+ return result;
+
+ /* ---- non-cryptographic version following ---- */
+
+#ifdef RANDOM_FILE
+ if(!seeded) {
+ /* if there's a random file to read a seed from, use it */
+ int fd = open(RANDOM_FILE, O_RDONLY);
+ if(fd > -1) {
+ /* read random data into the randseed variable */
+ ssize_t nread = read(fd, &randseed, sizeof(randseed));
+ if(nread == sizeof(randseed))
+ seeded = TRUE;
+ close(fd);
+ }
+ }
+#endif
+
+ if(!seeded) {
+ struct curltime now = Curl_now();
+ infof(data, "WARNING: Using weak random seed\n");
+ randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
+ randseed = randseed * 1103515245 + 12345;
+ randseed = randseed * 1103515245 + 12345;
+ randseed = randseed * 1103515245 + 12345;
+ seeded = TRUE;
+ }
+
+ /* Return an unsigned 32-bit pseudo-random number. */
+ r = randseed = randseed * 1103515245 + 12345;
+ *rnd = (r << 16) | ((r >> 16) & 0xFFFF);
+ return CURLE_OK;
+}
+
+/*
+ * Curl_rand() stores 'num' number of random unsigned integers in the buffer
+ * 'rndptr' points to.
+ *
+ * If libcurl is built without TLS support or with a TLS backend that lacks a
+ * proper random API (Gskit, PolarSSL or mbedTLS), this function will use
+ * "weak" random.
+ *
+ * When built *with* TLS support and a backend that offers strong random, it
+ * will return error if it cannot provide strong random values.
+ *
+ * NOTE: 'data' may be passed in as NULL when coming from external API without
+ * easy handle!
+ *
+ */
+
+CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num)
+{
+ CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
+
+ DEBUGASSERT(num > 0);
+
+ while(num) {
+ unsigned int r;
+ size_t left = num < sizeof(unsigned int) ? num : sizeof(unsigned int);
+
+ result = randit(data, &r);
+ if(result)
+ return result;
+
+ while(left) {
+ *rnd++ = (unsigned char)(r & 0xFF);
+ r >>= 8;
+ --num;
+ --left;
+ }
+ }
+
+ return result;
+}
+
+/*
+ * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random
+ * hexadecimal digits PLUS a zero terminating byte. It must be an odd number
+ * size.
+ */
+
+CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd,
+ size_t num)
+{
+ CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
+ const char *hex = "0123456789abcdef";
+ unsigned char buffer[128];
+ unsigned char *bufp = buffer;
+ DEBUGASSERT(num > 1);
+
+ if((num/2 >= sizeof(buffer)) || !(num&1))
+ /* make sure it fits in the local buffer and that it is an odd number! */
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ num--; /* save one for zero termination */
+
+ result = Curl_rand(data, buffer, num/2);
+ if(result)
+ return result;
+
+ while(num) {
+ *rnd++ = hex[(*bufp & 0xF0)>>4];
+ *rnd++ = hex[*bufp & 0x0F];
+ bufp++;
+ num -= 2;
+ }
+ *rnd = 0;
+
+ return result;
+}
diff --git a/libs/libcurl/src/rand.h b/libs/libcurl/src/rand.h
new file mode 100644
index 0000000000..c6fae35537
--- /dev/null
+++ b/libs/libcurl/src/rand.h
@@ -0,0 +1,47 @@
+#ifndef HEADER_CURL_RAND_H
+#define HEADER_CURL_RAND_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Curl_rand() stores 'num' number of random unsigned characters in the buffer
+ * 'rnd' points to.
+ *
+ * If libcurl is built without TLS support or with a TLS backend that lacks a
+ * proper random API (Gskit, PolarSSL or mbedTLS), this function will use
+ * "weak" random.
+ *
+ * When built *with* TLS support and a backend that offers strong random, it
+ * will return error if it cannot provide strong random values.
+ *
+ * NOTE: 'data' may be passed in as NULL when coming from external API without
+ * easy handle!
+ *
+ */
+CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num);
+
+/* Same as above but outputs only random lowercase hex characters.
+ Does NOT terminate.*/
+CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd,
+ size_t num);
+
+#endif /* HEADER_CURL_RAND_H */
diff --git a/libs/libcurl/src/rtsp.c b/libs/libcurl/src/rtsp.c
index f7c6562a7b..925da2c1a9 100644
--- a/libs/libcurl/src/rtsp.c
+++ b/libs/libcurl/src/rtsp.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -33,15 +33,13 @@
#include "url.h"
#include "progress.h"
#include "rtsp.h"
-#include "rawstr.h"
-#include "curl_memory.h"
+#include "strcase.h"
#include "select.h"
#include "connect.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+#include "strdup.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
/*
@@ -76,13 +74,16 @@ static int rtsp_getsock_do(struct connectdata *conn,
* data is parsed and k->str is moved up
* readmore: whether or not the RTP parser needs more data right away
*/
-static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
+static CURLcode rtsp_rtp_readwrite(struct Curl_easy *data,
struct connectdata *conn,
ssize_t *nread,
bool *readmore);
static CURLcode rtsp_setup_connection(struct connectdata *conn);
+bool rtsp_connisdead(struct connectdata *check);
+static unsigned int rtsp_conncheck(struct connectdata *check,
+ unsigned int checks_to_perform);
/* this returns the socket to wait for in the DO and DOING state for the multi
interface and then we're always _sending_ a request and thus we wait for
@@ -119,6 +120,7 @@ const struct Curl_handler Curl_handler_rtsp = {
ZERO_NULL, /* perform_getsock */
rtsp_disconnect, /* disconnect */
rtsp_rtp_readwrite, /* readwrite */
+ rtsp_conncheck, /* connection_check */
PORT_RTSP, /* defport */
CURLPROTO_RTSP, /* protocol */
PROTOPT_NONE /* flags */
@@ -142,15 +144,15 @@ static CURLcode rtsp_setup_connection(struct connectdata *conn)
* want to block the application forever while receiving a stream. Therefore,
* we cannot assume that an RTSP socket is dead just because it is readable.
*
- * Instead, if it is readable, run Curl_getconnectinfo() to peek at the socket
+ * Instead, if it is readable, run Curl_connalive() to peek at the socket
* and distinguish between closed and data.
*/
-bool Curl_rtsp_connisdead(struct connectdata *check)
+bool rtsp_connisdead(struct connectdata *check)
{
int sval;
bool ret_val = TRUE;
- sval = Curl_socket_ready(check->sock[FIRSTSOCKET], CURL_SOCKET_BAD, 0);
+ sval = SOCKET_READABLE(check->sock[FIRSTSOCKET], 0);
if(sval == 0) {
/* timeout */
ret_val = FALSE;
@@ -159,21 +161,35 @@ bool Curl_rtsp_connisdead(struct connectdata *check)
/* socket is in an error state */
ret_val = TRUE;
}
- else if((sval & CURL_CSELECT_IN) && check->data) {
- /* readable with no error. could be closed or could be alive but we can
- only check if we have a proper SessionHandle for the connection */
- curl_socket_t connectinfo = Curl_getconnectinfo(check->data, &check);
- if(connectinfo != CURL_SOCKET_BAD)
- ret_val = FALSE;
+ else if(sval & CURL_CSELECT_IN) {
+ /* readable with no error. could still be closed */
+ ret_val = !Curl_connalive(check);
+ }
+
+ return ret_val;
+}
+
+/*
+ * Function to check on various aspects of a connection.
+ */
+static unsigned int rtsp_conncheck(struct connectdata *check,
+ unsigned int checks_to_perform)
+{
+ unsigned int ret_val = CONNRESULT_NONE;
+
+ if(checks_to_perform & CONNCHECK_ISDEAD) {
+ if(rtsp_connisdead(check))
+ ret_val |= CONNRESULT_DEAD;
}
return ret_val;
}
+
static CURLcode rtsp_connect(struct connectdata *conn, bool *done)
{
CURLcode httpStatus;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
httpStatus = Curl_http_connect(conn, done);
@@ -199,7 +215,7 @@ static CURLcode rtsp_disconnect(struct connectdata *conn, bool dead)
static CURLcode rtsp_done(struct connectdata *conn,
CURLcode status, bool premature)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct RTSP *rtsp = data->req.protop;
CURLcode httpStatus;
long CSeq_sent;
@@ -221,7 +237,7 @@ static CURLcode rtsp_done(struct connectdata *conn,
CSeq_sent, CSeq_recv);
return CURLE_RTSP_CSEQ_ERROR;
}
- else if(data->set.rtspreq == RTSPREQ_RECEIVE &&
+ if(data->set.rtspreq == RTSPREQ_RECEIVE &&
(conn->proto.rtspc.rtp_channel == -1)) {
infof(data, "Got an RTP Receive with a CSeq of %ld\n", CSeq_recv);
/* TODO CPC: Server -> Client logic here */
@@ -233,8 +249,8 @@ static CURLcode rtsp_done(struct connectdata *conn,
static CURLcode rtsp_do(struct connectdata *conn, bool *done)
{
- struct SessionHandle *data = conn->data;
- CURLcode result=CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ CURLcode result = CURLE_OK;
Curl_RtspReq rtspreq = data->set.rtspreq;
struct RTSP *rtsp = data->req.protop;
struct HTTP *http;
@@ -251,6 +267,8 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
const char *p_stream_uri = NULL;
const char *p_transport = NULL;
const char *p_uagent = NULL;
+ const char *p_proxyuserpwd = NULL;
+ const char *p_userpwd = NULL;
*done = TRUE;
@@ -265,11 +283,10 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
* Since all RTSP requests are included here, there is no need to
* support custom requests like HTTP.
**/
- DEBUGASSERT((rtspreq > RTSPREQ_NONE && rtspreq < RTSPREQ_LAST));
data->set.opt_no_body = TRUE; /* most requests don't contain a body */
switch(rtspreq) {
- case RTSPREQ_NONE:
- failf(data, "Got invalid RTSP request: RTSPREQ_NONE");
+ default:
+ failf(data, "Got invalid RTSP request");
return CURLE_BAD_FUNCTION_ARGUMENT;
case RTSPREQ_OPTIONS:
p_request = "OPTIONS";
@@ -325,11 +342,10 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
if(!p_session_id &&
(rtspreq & ~(RTSPREQ_OPTIONS | RTSPREQ_DESCRIBE | RTSPREQ_SETUP))) {
failf(data, "Refusing to issue an RTSP request [%s] without a session ID.",
- p_request ? p_request : "");
+ p_request);
return CURLE_BAD_FUNCTION_ARGUMENT;
}
- /* TODO: auth? */
/* TODO: proxy? */
/* Stream URI. Default to server '*' if not specified */
@@ -341,7 +357,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
}
/* Transport Header for SETUP requests */
- p_transport = Curl_checkheaders(data, "Transport:");
+ p_transport = Curl_checkheaders(conn, "Transport:");
if(rtspreq == RTSPREQ_SETUP && !p_transport) {
/* New Transport: setting? */
if(data->set.str[STRING_RTSP_TRANSPORT]) {
@@ -365,11 +381,11 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
/* Accept Headers for DESCRIBE requests */
if(rtspreq == RTSPREQ_DESCRIBE) {
/* Accept Header */
- p_accept = Curl_checkheaders(data, "Accept:")?
+ p_accept = Curl_checkheaders(conn, "Accept:")?
NULL:"Accept: application/sdp\r\n";
/* Accept-Encoding header */
- if(!Curl_checkheaders(data, "Accept-Encoding:") &&
+ if(!Curl_checkheaders(conn, "Accept-Encoding:") &&
data->set.str[STRING_ENCODING]) {
Curl_safefree(conn->allocptr.accept_encoding);
conn->allocptr.accept_encoding =
@@ -386,18 +402,26 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
it might have been used in the proxy connect, but if we have got a header
with the user-agent string specified, we erase the previously made string
here. */
- if(Curl_checkheaders(data, "User-Agent:") && conn->allocptr.uagent) {
+ if(Curl_checkheaders(conn, "User-Agent:") && conn->allocptr.uagent) {
Curl_safefree(conn->allocptr.uagent);
conn->allocptr.uagent = NULL;
}
- else if(!Curl_checkheaders(data, "User-Agent:") &&
+ else if(!Curl_checkheaders(conn, "User-Agent:") &&
data->set.str[STRING_USERAGENT]) {
p_uagent = conn->allocptr.uagent;
}
+ /* setup the authentication headers */
+ result = Curl_http_output_auth(conn, p_request, p_stream_uri, FALSE);
+ if(result)
+ return result;
+
+ p_proxyuserpwd = conn->allocptr.proxyuserpwd;
+ p_userpwd = conn->allocptr.userpwd;
+
/* Referrer */
Curl_safefree(conn->allocptr.ref);
- if(data->change.referer && !Curl_checkheaders(data, "Referer:"))
+ if(data->change.referer && !Curl_checkheaders(conn, "Referer:"))
conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
else
conn->allocptr.ref = NULL;
@@ -414,7 +438,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
(rtspreq & (RTSPREQ_PLAY | RTSPREQ_PAUSE | RTSPREQ_RECORD))) {
/* Check to see if there is a range set in the custom headers */
- if(!Curl_checkheaders(data, "Range:") && data->state.range) {
+ if(!Curl_checkheaders(conn, "Range:") && data->state.range) {
Curl_safefree(conn->allocptr.rangeline);
conn->allocptr.rangeline = aprintf("Range: %s\r\n", data->state.range);
p_range = conn->allocptr.rangeline;
@@ -424,11 +448,11 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
/*
* Sanity check the custom headers
*/
- if(Curl_checkheaders(data, "CSeq:")) {
+ if(Curl_checkheaders(conn, "CSeq:")) {
failf(data, "CSeq cannot be set as a custom header.");
return CURLE_RTSP_CSEQ_ERROR;
}
- if(Curl_checkheaders(data, "Session:")) {
+ if(Curl_checkheaders(conn, "Session:")) {
failf(data, "Session ID cannot be set as a custom header.");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
@@ -443,8 +467,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
Curl_add_bufferf(req_buffer,
"%s %s RTSP/1.0\r\n" /* Request Stream-URI RTSP/1.0 */
"CSeq: %ld\r\n", /* CSeq */
- (p_request ? p_request : ""), p_stream_uri,
- rtsp->CSeq_sent);
+ p_request, p_stream_uri, rtsp->CSeq_sent);
if(result)
return result;
@@ -468,13 +491,25 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
"%s" /* range */
"%s" /* referrer */
"%s" /* user-agent */
+ "%s" /* proxyuserpwd */
+ "%s" /* userpwd */
,
p_transport ? p_transport : "",
p_accept ? p_accept : "",
p_accept_encoding ? p_accept_encoding : "",
p_range ? p_range : "",
p_referrer ? p_referrer : "",
- p_uagent ? p_uagent : "");
+ p_uagent ? p_uagent : "",
+ p_proxyuserpwd ? p_proxyuserpwd : "",
+ p_userpwd ? p_userpwd : "");
+
+ /*
+ * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM
+ * with basic and digest, it will be freed anyway by the next request
+ */
+ Curl_safefree(conn->allocptr.userpwd);
+ conn->allocptr.userpwd = NULL;
+
if(result)
return result;
@@ -484,7 +519,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
return result;
}
- result = Curl_add_custom_headers(conn, req_buffer);
+ result = Curl_add_custom_headers(conn, FALSE, req_buffer);
if(result)
return result;
@@ -493,13 +528,13 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
rtspreq == RTSPREQ_GET_PARAMETER) {
if(data->set.upload) {
- putsize = data->set.infilesize;
+ putsize = data->state.infilesize;
data->set.httpreq = HTTPREQ_PUT;
}
else {
- postsize = (data->set.postfieldsize != -1)?
- data->set.postfieldsize:
+ postsize = (data->state.infilesize != -1)?
+ data->state.infilesize:
(data->set.postfields? (curl_off_t)strlen(data->set.postfields):0);
data->set.httpreq = HTTPREQ_POST;
}
@@ -507,9 +542,9 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
if(putsize > 0 || postsize > 0) {
/* As stated in the http comments, it is probably not wise to
* actually set a custom Content-Length in the headers */
- if(!Curl_checkheaders(data, "Content-Length:")) {
+ if(!Curl_checkheaders(conn, "Content-Length:")) {
result = Curl_add_bufferf(req_buffer,
- "Content-Length: %" FORMAT_OFF_T"\r\n",
+ "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
(data->set.upload ? putsize : postsize));
if(result)
return result;
@@ -517,7 +552,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
if(rtspreq == RTSPREQ_SET_PARAMETER ||
rtspreq == RTSPREQ_GET_PARAMETER) {
- if(!Curl_checkheaders(data, "Content-Type:")) {
+ if(!Curl_checkheaders(conn, "Content-Type:")) {
result = Curl_add_bufferf(req_buffer,
"Content-Type: text/parameters\r\n");
if(result)
@@ -526,7 +561,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
}
if(rtspreq == RTSPREQ_ANNOUNCE) {
- if(!Curl_checkheaders(data, "Content-Type:")) {
+ if(!Curl_checkheaders(conn, "Content-Type:")) {
result = Curl_add_bufferf(req_buffer,
"Content-Type: application/sdp\r\n");
if(result)
@@ -584,7 +619,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
}
-static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
+static CURLcode rtsp_rtp_readwrite(struct Curl_easy *data,
struct connectdata *conn,
ssize_t *nread,
bool *readmore) {
@@ -598,9 +633,9 @@ static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
if(rtspc->rtp_buf) {
/* There was some leftover data the last time. Merge buffers */
- char *newptr = realloc(rtspc->rtp_buf, rtspc->rtp_bufsize + *nread);
+ char *newptr = Curl_saferealloc(rtspc->rtp_buf,
+ rtspc->rtp_bufsize + *nread);
if(!newptr) {
- Curl_safefree(rtspc->rtp_buf);
rtspc->rtp_buf = NULL;
rtspc->rtp_bufsize = 0;
return CURLE_OUT_OF_MEMORY;
@@ -634,31 +669,29 @@ static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
*readmore = TRUE;
break;
}
- else {
- /* We have the full RTP interleaved packet
- * Write out the header including the leading '$' */
- DEBUGF(infof(data, "RTP write channel %d rtp_length %d\n",
- rtspc->rtp_channel, rtp_length));
- result = rtp_client_write(conn, &rtp[0], rtp_length + 4);
- if(result) {
- failf(data, "Got an error writing an RTP packet");
- *readmore = FALSE;
- Curl_safefree(rtspc->rtp_buf);
- rtspc->rtp_buf = NULL;
- rtspc->rtp_bufsize = 0;
- return result;
- }
+ /* We have the full RTP interleaved packet
+ * Write out the header including the leading '$' */
+ DEBUGF(infof(data, "RTP write channel %d rtp_length %d\n",
+ rtspc->rtp_channel, rtp_length));
+ result = rtp_client_write(conn, &rtp[0], rtp_length + 4);
+ if(result) {
+ failf(data, "Got an error writing an RTP packet");
+ *readmore = FALSE;
+ Curl_safefree(rtspc->rtp_buf);
+ rtspc->rtp_buf = NULL;
+ rtspc->rtp_bufsize = 0;
+ return result;
+ }
- /* Move forward in the buffer */
- rtp_dataleft -= rtp_length + 4;
- rtp += rtp_length + 4;
+ /* Move forward in the buffer */
+ rtp_dataleft -= rtp_length + 4;
+ rtp += rtp_length + 4;
- if(data->set.rtspreq == RTSPREQ_RECEIVE) {
- /* If we are in a passive receive, give control back
- * to the app as often as we can.
- */
- k->keepon &= ~KEEP_RECV;
- }
+ if(data->set.rtspreq == RTSPREQ_RECEIVE) {
+ /* If we are in a passive receive, give control back
+ * to the app as often as we can.
+ */
+ k->keepon &= ~KEEP_RECV;
}
}
else {
@@ -689,20 +722,18 @@ static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
*nread = 0;
return CURLE_OK;
}
- else {
- /* Fix up k->str to point just after the last RTP packet */
- k->str += *nread - rtp_dataleft;
+ /* Fix up k->str to point just after the last RTP packet */
+ k->str += *nread - rtp_dataleft;
- /* either all of the data has been read or...
- * rtp now points at the next byte to parse
- */
- if(rtp_dataleft > 0)
- DEBUGASSERT(k->str[0] == rtp[0]);
+ /* either all of the data has been read or...
+ * rtp now points at the next byte to parse
+ */
+ if(rtp_dataleft > 0)
+ DEBUGASSERT(k->str[0] == rtp[0]);
- DEBUGASSERT(rtp_dataleft <= *nread); /* sanity check */
+ DEBUGASSERT(rtp_dataleft <= *nread); /* sanity check */
- *nread = rtp_dataleft;
- }
+ *nread = rtp_dataleft;
/* If we get here, we have finished with the leftover/merge buffer */
Curl_safefree(rtspc->rtp_buf);
@@ -715,25 +746,39 @@ static CURLcode rtsp_rtp_readwrite(struct SessionHandle *data,
static
CURLcode rtp_client_write(struct connectdata *conn, char *ptr, size_t len)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
size_t wrote;
curl_write_callback writeit;
+ void *user_ptr;
if(len == 0) {
- failf (data, "Cannot write a 0 size RTP packet.");
+ failf(data, "Cannot write a 0 size RTP packet.");
return CURLE_WRITE_ERROR;
}
- writeit = data->set.fwrite_rtp?data->set.fwrite_rtp:data->set.fwrite_func;
- wrote = writeit(ptr, 1, len, data->set.rtp_out);
+ /* If the user has configured CURLOPT_INTERLEAVEFUNCTION then use that
+ function and any configured CURLOPT_INTERLEAVEDATA to write out the RTP
+ data. Otherwise, use the CURLOPT_WRITEFUNCTION with the CURLOPT_WRITEDATA
+ pointer to write out the RTP data. */
+ if(data->set.fwrite_rtp) {
+ writeit = data->set.fwrite_rtp;
+ user_ptr = data->set.rtp_out;
+ }
+ else
+ {
+ writeit = data->set.fwrite_func;
+ user_ptr = data->set.out;
+ }
+
+ wrote = writeit(ptr, 1, len, user_ptr);
if(CURL_WRITEFUNC_PAUSE == wrote) {
- failf (data, "Cannot pause RTP");
+ failf(data, "Cannot pause RTP");
return CURLE_WRITE_ERROR;
}
if(wrote != len) {
- failf (data, "Failed writing RTP data");
+ failf(data, "Failed writing RTP data");
return CURLE_WRITE_ERROR;
}
@@ -743,7 +788,7 @@ CURLcode rtp_client_write(struct connectdata *conn, char *ptr, size_t len)
CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
char *header)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
long CSeq = 0;
if(checkprefix("CSeq:", header)) {
@@ -763,7 +808,7 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
char *start;
/* Find the first non-space letter */
- start = header + 9;
+ start = header + 8;
while(*start && ISSPACE(*start))
start++;
@@ -780,19 +825,15 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
}
}
else {
- /* If the Session ID is not set, and we find it in a response, then
- set it */
-
- /* The session ID can be an alphanumeric or a 'safe' character
+ /* If the Session ID is not set, and we find it in a response, then set
+ * it.
*
- * RFC 2326 15.1 Base Syntax:
- * safe = "\$" | "-" | "_" | "." | "+"
- * */
+ * Allow any non whitespace content, up to the field separator or end of
+ * line. RFC 2326 isn't 100% clear on the session ID and for example
+ * gstreamer does url-encoded session ID's not covered by the standard.
+ */
char *end = start;
- while(*end &&
- (ISALNUM(*end) || *end == '-' || *end == '_' || *end == '.' ||
- *end == '+' ||
- (*end == '\\' && *(end + 1) && *(end + 1) == '$' && (++end, 1))))
+ while(*end && *end != ';' && !ISSPACE(*end))
end++;
/* Copy the id substring into a new buffer */
diff --git a/libs/libcurl/src/rtsp.h b/libs/libcurl/src/rtsp.h
index 3ffa70cc6c..8375a5317a 100644
--- a/libs/libcurl/src/rtsp.h
+++ b/libs/libcurl/src/rtsp.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,13 +25,11 @@
extern const struct Curl_handler Curl_handler_rtsp;
-bool Curl_rtsp_connisdead(struct connectdata *check);
CURLcode Curl_rtsp_parseheader(struct connectdata *conn, char *header);
#else
/* disabled */
#define Curl_rtsp_parseheader(x,y) CURLE_NOT_BUILT_IN
-#define Curl_rtsp_connisdead(x) TRUE
#endif /* CURL_DISABLE_RTSP */
diff --git a/libs/libcurl/src/security.c b/libs/libcurl/src/security.c
index fa05207617..9b989681f3 100644
--- a/libs/libcurl/src/security.c
+++ b/libs/libcurl/src/security.c
@@ -7,10 +7,10 @@
* rewrite to work around the paragraph 2 in the BSD licenses as explained
* below.
*
- * Copyright (c) 1998, 1999, 2013 Kungliga Tekniska Högskolan
+ * Copyright (c) 1998, 1999, 2017 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
*
- * Copyright (C) 2001 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2001 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* All rights reserved.
*
@@ -60,9 +60,9 @@
#include "curl_sec.h"
#include "ftp.h"
#include "sendf.h"
-#include "rawstr.h"
+#include "strcase.h"
#include "warnless.h"
-
+#include "strdup.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -80,7 +80,7 @@ static enum protection_level
name_to_level(const char *name)
{
int i;
- for(i = 0; i < sizeof(level_names)/sizeof(level_names[0]); i++)
+ for(i = 0; i < (int)sizeof(level_names)/(int)sizeof(level_names[0]); i++)
if(checkprefix(name, level_names[i].name))
return level_names[i].level;
return PROT_NONE;
@@ -88,7 +88,8 @@ name_to_level(const char *name)
/* Convert a protocol |level| to its char representation.
We take an int to catch programming mistakes. */
-static char level_to_char(int level) {
+static char level_to_char(int level)
+{
switch(level) {
case PROT_CLEAR:
return 'C';
@@ -109,19 +110,12 @@ static char level_to_char(int level) {
return 'P';
}
-static const struct Curl_sec_client_mech * const mechs[] = {
-#ifdef HAVE_GSSAPI
- &Curl_krb5_client_mech,
-#endif
- NULL
-};
-
/* Send an FTP command defined by |message| and the optional arguments. The
function returns the ftp_code. If an error occurs, -1 is returned. */
static int ftp_send_command(struct connectdata *conn, const char *message, ...)
{
int ftp_code;
- ssize_t nread;
+ ssize_t nread = 0;
va_list args;
char print_buffer[50];
@@ -129,11 +123,11 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...)
vsnprintf(print_buffer, sizeof(print_buffer), message, args);
va_end(args);
- if(Curl_ftpsendf(conn, print_buffer) != CURLE_OK) {
+ if(Curl_ftpsend(conn, print_buffer)) {
ftp_code = -1;
}
else {
- if(Curl_GetFTPResponse(&nread, conn, &ftp_code) != CURLE_OK)
+ if(Curl_GetFTPResponse(&nread, conn, &ftp_code))
ftp_code = -1;
}
@@ -147,20 +141,20 @@ static CURLcode
socket_read(curl_socket_t fd, void *to, size_t len)
{
char *to_p = to;
- CURLcode code;
+ CURLcode result;
ssize_t nread;
while(len > 0) {
- code = Curl_read_plain(fd, to_p, len, &nread);
- if(code == CURLE_OK) {
+ result = Curl_read_plain(fd, to_p, len, &nread);
+ if(!result) {
len -= nread;
to_p += nread;
}
else {
/* FIXME: We are doing a busy wait */
- if(code == CURLE_AGAIN)
+ if(result == CURLE_AGAIN)
continue;
- return code;
+ return result;
}
}
return CURLE_OK;
@@ -175,20 +169,20 @@ socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
size_t len)
{
const char *to_p = to;
- CURLcode code;
+ CURLcode result;
ssize_t written;
while(len > 0) {
- code = Curl_write_plain(conn, fd, to_p, len, &written);
- if(code == CURLE_OK) {
+ result = Curl_write_plain(conn, fd, to_p, len, &written);
+ if(!result) {
len -= written;
to_p += written;
}
else {
/* FIXME: We are doing a busy wait */
- if(code == CURLE_AGAIN)
+ if(result == CURLE_AGAIN)
continue;
- return code;
+ return result;
}
}
return CURLE_OK;
@@ -199,22 +193,25 @@ static CURLcode read_data(struct connectdata *conn,
struct krb5buffer *buf)
{
int len;
- void* tmp;
- CURLcode ret;
+ void *tmp = NULL;
+ CURLcode result;
- ret = socket_read(fd, &len, sizeof(len));
- if(ret != CURLE_OK)
- return ret;
+ result = socket_read(fd, &len, sizeof(len));
+ if(result)
+ return result;
- len = ntohl(len);
- tmp = realloc(buf->data, len);
+ if(len) {
+ /* only realloc if there was a length */
+ len = ntohl(len);
+ tmp = Curl_saferealloc(buf->data, len);
+ }
if(tmp == NULL)
return CURLE_OUT_OF_MEMORY;
buf->data = tmp;
- ret = socket_read(fd, buf->data, len);
- if(ret != CURLE_OK)
- return ret;
+ result = socket_read(fd, buf->data, len);
+ if(result)
+ return result;
buf->size = conn->mech->decode(conn->app_data, buf->data, len,
conn->data_prot, conn);
buf->index = 0;
@@ -226,7 +223,7 @@ buffer_read(struct krb5buffer *buf, void *data, size_t len)
{
if(buf->size - buf->index < len)
len = buf->size - buf->index;
- memcpy(data, (char*)buf->data + buf->index, len);
+ memcpy(data, (char *)buf->data + buf->index, len);
buf->index += len;
return len;
}
@@ -256,7 +253,7 @@ static ssize_t sec_recv(struct connectdata *conn, int sockindex,
buffer += bytes_read;
while(len > 0) {
- if(read_data(conn, fd, &conn->in_buffer) != CURLE_OK)
+ if(read_data(conn, fd, &conn->in_buffer))
return -1;
if(conn->in_buffer.size == 0) {
if(bytes_read > 0)
@@ -295,7 +292,7 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd,
prot_level = conn->command_prot;
}
bytes = conn->mech->encode(conn->app_data, from, length, prot_level,
- (void**)&buffer, conn);
+ (void **)&buffer);
if(!buffer || bytes <= 0)
return; /* error */
@@ -332,7 +329,6 @@ static void do_sec_send(struct connectdata *conn, curl_socket_t fd,
static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd,
const char *buffer, size_t length)
{
- /* FIXME: Check for overflow */
ssize_t tx = 0, len = conn->buffer_size;
len -= conn->mech->overhead(conn->app_data, conn->data_prot,
@@ -340,10 +336,9 @@ static ssize_t sec_write(struct connectdata *conn, curl_socket_t fd,
if(len <= 0)
len = length;
while(length) {
- if(len >= 0 || length < (size_t)len) {
- /* FIXME: Check for overflow. */
+ if(length < (size_t)len)
len = length;
- }
+
do_sec_send(conn, fd, buffer, curlx_sztosi(len));
length -= len;
buffer += len;
@@ -368,10 +363,14 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
int */
int decoded_len;
char *buf;
- int ret_code;
+ int ret_code = 0;
size_t decoded_sz = 0;
CURLcode error;
+ if(!conn->mech)
+ /* not inititalized, return error */
+ return -1;
+
DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
error = Curl_base64_decode(buffer + 4, (unsigned char **)&buf, &decoded_sz);
@@ -397,13 +396,13 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
}
buf[decoded_len] = '\0';
- DEBUGASSERT(decoded_len > 3);
- if(buf[3] == '-')
- ret_code = 0;
- else {
- /* Check for error? */
- sscanf(buf, "%d", &ret_code);
- }
+ if(decoded_len <= 3)
+ /* suspiciously short */
+ return 0;
+
+ if(buf[3] != '-')
+ /* safe to ignore return code */
+ (void)sscanf(buf, "%d", &ret_code);
if(buf[decoded_len - 1] == '\n')
buf[decoded_len - 1] = '\0';
@@ -417,7 +416,7 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
static int sec_set_protection_level(struct connectdata *conn)
{
int code;
- char* pbsz;
+ char *pbsz;
static unsigned int buffer_size = 1 << 20; /* 1048576 */
enum protection_level level = conn->request_data_prot;
@@ -446,8 +445,8 @@ static int sec_set_protection_level(struct connectdata *conn)
pbsz = strstr(conn->data->state.buffer, "PBSZ=");
if(pbsz) {
- /* FIXME: Checks for errors in sscanf? */
- sscanf(pbsz, "PBSZ=%u", &buffer_size);
+ /* ignore return code, use default value if it fails */
+ (void)sscanf(pbsz, "PBSZ=%u", &buffer_size);
if(buffer_size < conn->buffer_size)
conn->buffer_size = buffer_size;
}
@@ -485,73 +484,64 @@ Curl_sec_request_prot(struct connectdata *conn, const char *level)
static CURLcode choose_mech(struct connectdata *conn)
{
int ret;
- struct SessionHandle *data = conn->data;
- const struct Curl_sec_client_mech * const *mech;
+ struct Curl_easy *data = conn->data;
void *tmp_allocation;
- const char *mech_name;
-
- for(mech = mechs; (*mech); ++mech) {
- mech_name = (*mech)->name;
- /* We have no mechanism with a NULL name but keep this check */
- DEBUGASSERT(mech_name != NULL);
- if(mech_name == NULL) {
- infof(data, "Skipping mechanism with empty name (%p)\n", (void *)mech);
- continue;
- }
- tmp_allocation = realloc(conn->app_data, (*mech)->size);
- if(tmp_allocation == NULL) {
- failf(data, "Failed realloc of size %u", (*mech)->size);
- mech = NULL;
- return CURLE_OUT_OF_MEMORY;
- }
- conn->app_data = tmp_allocation;
+ const struct Curl_sec_client_mech *mech = &Curl_krb5_client_mech;
- if((*mech)->init) {
- ret = (*mech)->init(conn->app_data);
- if(ret != 0) {
- infof(data, "Failed initialization for %s. Skipping it.\n", mech_name);
- continue;
- }
+ tmp_allocation = realloc(conn->app_data, mech->size);
+ if(tmp_allocation == NULL) {
+ failf(data, "Failed realloc of size %u", mech->size);
+ mech = NULL;
+ return CURLE_OUT_OF_MEMORY;
+ }
+ conn->app_data = tmp_allocation;
+
+ if(mech->init) {
+ ret = mech->init(conn->app_data);
+ if(ret) {
+ infof(data, "Failed initialization for %s. Skipping it.\n",
+ mech->name);
+ return CURLE_FAILED_INIT;
}
+ }
- infof(data, "Trying mechanism %s...\n", mech_name);
- ret = ftp_send_command(conn, "AUTH %s", mech_name);
- if(ret < 0)
- /* FIXME: This error is too generic but it is OK for now. */
- return CURLE_COULDNT_CONNECT;
-
- if(ret/100 != 3) {
- switch(ret) {
- case 504:
- infof(data, "Mechanism %s is not supported by the server (server "
- "returned ftp code: 504).\n", mech_name);
- break;
- case 534:
- infof(data, "Mechanism %s was rejected by the server (server returned "
- "ftp code: 534).\n", mech_name);
- break;
- default:
- if(ret/100 == 5) {
- infof(data, "server does not support the security extensions\n");
- return CURLE_USE_SSL_FAILED;
- }
- break;
+ infof(data, "Trying mechanism %s...\n", mech->name);
+ ret = ftp_send_command(conn, "AUTH %s", mech->name);
+ if(ret < 0)
+ /* FIXME: This error is too generic but it is OK for now. */
+ return CURLE_COULDNT_CONNECT;
+
+ if(ret/100 != 3) {
+ switch(ret) {
+ case 504:
+ infof(data, "Mechanism %s is not supported by the server (server "
+ "returned ftp code: 504).\n", mech->name);
+ break;
+ case 534:
+ infof(data, "Mechanism %s was rejected by the server (server returned "
+ "ftp code: 534).\n", mech->name);
+ break;
+ default:
+ if(ret/100 == 5) {
+ infof(data, "server does not support the security extensions\n");
+ return CURLE_USE_SSL_FAILED;
}
- continue;
+ break;
}
+ return CURLE_LOGIN_DENIED;
+ }
- /* Authenticate */
- ret = (*mech)->auth(conn->app_data, conn);
+ /* Authenticate */
+ ret = mech->auth(conn->app_data, conn);
- if(ret == AUTH_CONTINUE)
- continue;
- else if(ret != AUTH_OK) {
+ if(ret != AUTH_CONTINUE) {
+ if(ret != AUTH_OK) {
/* Mechanism has dumped the error to stderr, don't error here. */
return -1;
}
DEBUGASSERT(ret == AUTH_OK);
- conn->mech = *mech;
+ conn->mech = mech;
conn->sec_complete = 1;
conn->recv[FIRSTSOCKET] = sec_recv;
conn->send[FIRSTSOCKET] = sec_send;
@@ -561,10 +551,9 @@ static CURLcode choose_mech(struct connectdata *conn)
/* Set the requested protection level */
/* BLOCKING */
(void)sec_set_protection_level(conn);
- break;
}
- return mech != NULL ? CURLE_OK : CURLE_FAILED_INIT;
+ return CURLE_OK;
}
CURLcode
@@ -579,10 +568,8 @@ Curl_sec_end(struct connectdata *conn)
{
if(conn->mech != NULL && conn->mech->end)
conn->mech->end(conn->app_data);
- if(conn->app_data) {
- free(conn->app_data);
- conn->app_data = NULL;
- }
+ free(conn->app_data);
+ conn->app_data = NULL;
if(conn->in_buffer.data) {
free(conn->in_buffer.data);
conn->in_buffer.data = NULL;
diff --git a/libs/libcurl/src/select.c b/libs/libcurl/src/select.c
index db7fb6d43c..28390a4a6a 100644
--- a/libs/libcurl/src/select.c
+++ b/libs/libcurl/src/select.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -39,6 +39,10 @@
#include <dos.h> /* delay() */
#endif
+#ifdef __VXWORKS__
+#include <strings.h> /* bzero() in FD_SET */
+#endif
+
#include <curl/curl.h>
#include "urldata.h"
@@ -47,15 +51,14 @@
#include "warnless.h"
/* Convenience local macros */
-
-#define elapsed_ms (int)curlx_tvdiff(curlx_tvnow(), initial_tv)
+#define ELAPSED_MS() (int)Curl_timediff(Curl_now(), initial_tv)
int Curl_ack_eintr = 0;
-#define error_not_EINTR (Curl_ack_eintr || error != EINTR)
+#define ERROR_NOT_EINTR(error) (Curl_ack_eintr || error != EINTR)
/*
* Internal function used for waiting a specific amount of ms
- * in Curl_socket_ready() and Curl_poll() when no file descriptor
+ * in Curl_socket_check() and Curl_poll() when no file descriptor
* is provided to wait on, just being used to delay execution.
* WinSock select() and poll() timeout mechanisms need a valid
* socket descriptor in a not null file descriptor set to work.
@@ -75,7 +78,7 @@ int Curl_wait_ms(int timeout_ms)
#ifndef HAVE_POLL_FINE
struct timeval pending_tv;
#endif
- struct timeval initial_tv;
+ struct curltime initial_tv;
int pending_ms;
int error;
#endif
@@ -93,7 +96,7 @@ int Curl_wait_ms(int timeout_ms)
Sleep(timeout_ms);
#else
pending_ms = timeout_ms;
- initial_tv = curlx_tvnow();
+ initial_tv = Curl_now();
do {
#if defined(HAVE_POLL_FINE)
r = poll(NULL, 0, pending_ms);
@@ -105,11 +108,13 @@ int Curl_wait_ms(int timeout_ms)
if(r != -1)
break;
error = SOCKERRNO;
- if(error && error_not_EINTR)
+ if(error && ERROR_NOT_EINTR(error))
break;
- pending_ms = timeout_ms - elapsed_ms;
- if(pending_ms <= 0)
+ pending_ms = timeout_ms - ELAPSED_MS();
+ if(pending_ms <= 0) {
+ r = 0; /* Simulate a "call timed out" case */
break;
+ }
} while(r == -1);
#endif /* USE_WINSOCK */
if(r)
@@ -124,7 +129,7 @@ int Curl_wait_ms(int timeout_ms)
* and a file descriptor is too large for FD_SETSIZE.
*
* A negative timeout value makes this function wait indefinitely,
- * unles no valid file descriptor is given, when this happens the
+ * unless no valid file descriptor is given, when this happens the
* negative timeout is ignored and the function times out immediately.
*
* Return values:
@@ -140,7 +145,7 @@ int Curl_wait_ms(int timeout_ms)
int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
curl_socket_t readfd1,
curl_socket_t writefd, /* socket to write to */
- long timeout_ms) /* milliseconds to wait */
+ time_t timeout_ms) /* milliseconds to wait */
{
#ifdef HAVE_POLL_FINE
struct pollfd pfd[3];
@@ -153,12 +158,18 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
fd_set fds_err;
curl_socket_t maxfd;
#endif
- struct timeval initial_tv = {0,0};
+ struct curltime initial_tv = {0, 0};
int pending_ms = 0;
int error;
int r;
int ret;
+#if SIZEOF_TIME_T != SIZEOF_INT
+ /* wrap-around precaution */
+ if(timeout_ms >= INT_MAX)
+ timeout_ms = INT_MAX;
+#endif
+
if((readfd0 == CURL_SOCKET_BAD) && (readfd1 == CURL_SOCKET_BAD) &&
(writefd == CURL_SOCKET_BAD)) {
/* no sockets, just wait */
@@ -166,14 +177,14 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
return r;
}
- /* Avoid initial timestamp, avoid curlx_tvnow() call, when elapsed
+ /* Avoid initial timestamp, avoid Curl_now() call, when elapsed
time in this function does not need to be measured. This happens
when function is called with a zero timeout or a negative timeout
value indicating a blocking call should be performed. */
if(timeout_ms > 0) {
pending_ms = (int)timeout_ms;
- initial_tv = curlx_tvnow();
+ initial_tv = Curl_now();
}
#ifdef HAVE_POLL_FINE
@@ -207,10 +218,10 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
if(r != -1)
break;
error = SOCKERRNO;
- if(error && error_not_EINTR)
+ if(error && ERROR_NOT_EINTR(error))
break;
if(timeout_ms > 0) {
- pending_ms = (int)(timeout_ms - elapsed_ms);
+ pending_ms = (int)(timeout_ms - ELAPSED_MS());
if(pending_ms <= 0) {
r = 0; /* Simulate a "call timed out" case */
break;
@@ -288,14 +299,44 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
pending_tv.tv_sec = 0;
pending_tv.tv_usec = 0;
}
+
+ /* WinSock select() must not be called with an fd_set that contains zero
+ fd flags, or it will return WSAEINVAL. But, it also can't be called
+ with no fd_sets at all! From the documentation:
+
+ Any two of the parameters, readfds, writefds, or exceptfds, can be
+ given as null. At least one must be non-null, and any non-null
+ descriptor set must contain at least one handle to a socket.
+
+ We know that we have at least one bit set in at least two fd_sets in
+ this case, but we may have no bits set in either fds_read or fd_write,
+ so check for that and handle it. Luckily, with WinSock, we can _also_
+ ask how many bits are set on an fd_set.
+
+ It is unclear why WinSock doesn't just handle this for us instead of
+ calling this an error.
+
+ Note also that WinSock ignores the first argument, so we don't worry
+ about the fact that maxfd is computed incorrectly with WinSock (since
+ curl_socket_t is unsigned in such cases and thus -1 is the largest
+ value).
+ */
+#ifdef USE_WINSOCK
+ r = select((int)maxfd + 1,
+ fds_read.fd_count ? &fds_read : NULL,
+ fds_write.fd_count ? &fds_write : NULL,
+ &fds_err, ptimeout);
+#else
r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, ptimeout);
+#endif
+
if(r != -1)
break;
error = SOCKERRNO;
- if(error && error_not_EINTR)
+ if(error && ERROR_NOT_EINTR(error))
break;
if(timeout_ms > 0) {
- pending_ms = timeout_ms - elapsed_ms;
+ pending_ms = (int)(timeout_ms - ELAPSED_MS());
if(pending_ms <= 0) {
r = 0; /* Simulate a "call timed out" case */
break;
@@ -339,7 +380,7 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
* select() is used instead. An error is returned if select() is
* being used and a file descriptor is too large for FD_SETSIZE.
* A negative timeout value makes this function wait indefinitely,
- * unles no valid file descriptor is given, when this happens the
+ * unless no valid file descriptor is given, when this happens the
* negative timeout is ignored and the function times out immediately.
*
* Return values:
@@ -357,7 +398,7 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
fd_set fds_err;
curl_socket_t maxfd;
#endif
- struct timeval initial_tv = {0,0};
+ struct curltime initial_tv = {0, 0};
bool fds_none = TRUE;
unsigned int i;
int pending_ms = 0;
@@ -377,14 +418,14 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
return r;
}
- /* Avoid initial timestamp, avoid curlx_tvnow() call, when elapsed
+ /* Avoid initial timestamp, avoid Curl_now() call, when elapsed
time in this function does not need to be measured. This happens
when function is called with a zero timeout or a negative timeout
value indicating a blocking call should be performed. */
if(timeout_ms > 0) {
pending_ms = timeout_ms;
- initial_tv = curlx_tvnow();
+ initial_tv = Curl_now();
}
#ifdef HAVE_POLL_FINE
@@ -398,12 +439,14 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
if(r != -1)
break;
error = SOCKERRNO;
- if(error && error_not_EINTR)
+ if(error && ERROR_NOT_EINTR(error))
break;
if(timeout_ms > 0) {
- pending_ms = timeout_ms - elapsed_ms;
- if(pending_ms <= 0)
+ pending_ms = (int)(timeout_ms - ELAPSED_MS());
+ if(pending_ms <= 0) {
+ r = 0; /* Simulate a "call timed out" case */
break;
+ }
}
} while(r == -1);
@@ -446,6 +489,16 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
}
}
+#ifdef USE_WINSOCK
+ /* WinSock select() can't handle zero events. See the comment about this in
+ Curl_check_socket(). */
+ if(fds_read.fd_count == 0 && fds_write.fd_count == 0
+ && fds_err.fd_count == 0) {
+ r = Curl_wait_ms(timeout_ms);
+ return r;
+ }
+#endif
+
ptimeout = (timeout_ms < 0) ? NULL : &pending_tv;
do {
@@ -457,16 +510,30 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
pending_tv.tv_sec = 0;
pending_tv.tv_usec = 0;
}
+
+#ifdef USE_WINSOCK
+ r = select((int)maxfd + 1,
+ /* WinSock select() can't handle fd_sets with zero bits set, so
+ don't give it such arguments. See the comment about this in
+ Curl_check_socket().
+ */
+ fds_read.fd_count ? &fds_read : NULL,
+ fds_write.fd_count ? &fds_write : NULL,
+ fds_err.fd_count ? &fds_err : NULL, ptimeout);
+#else
r = select((int)maxfd + 1, &fds_read, &fds_write, &fds_err, ptimeout);
+#endif
if(r != -1)
break;
error = SOCKERRNO;
- if(error && error_not_EINTR)
+ if(error && ERROR_NOT_EINTR(error))
break;
if(timeout_ms > 0) {
- pending_ms = timeout_ms - elapsed_ms;
- if(pending_ms <= 0)
+ pending_ms = timeout_ms - ELAPSED_MS();
+ if(pending_ms <= 0) {
+ r = 0; /* Simulate a "call timed out" case */
break;
+ }
}
} while(r == -1);
@@ -504,13 +571,13 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms)
*
* Return values are the same as select's.
*/
-int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes,
- fd_set* excepts, struct timeval* tv)
+int tpf_select_libcurl(int maxfds, fd_set *reads, fd_set *writes,
+ fd_set *excepts, struct timeval *tv)
{
int rc;
rc = tpf_select_bsd(maxfds, reads, writes, excepts, tv);
tpf_process_signals();
- return(rc);
+ return rc;
}
#endif /* TPF */
diff --git a/libs/libcurl/src/select.h b/libs/libcurl/src/select.h
index c00afe166f..4351786c39 100644
--- a/libs/libcurl/src/select.h
+++ b/libs/libcurl/src/select.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,10 +24,10 @@
#include "curl_setup.h"
-#ifdef HAVE_SYS_POLL_H
-#include <sys/poll.h>
-#elif defined(HAVE_POLL_H)
+#ifdef HAVE_POLL_H
#include <poll.h>
+#elif defined(HAVE_SYS_POLL_H)
+#include <sys/poll.h>
#endif
/*
@@ -36,7 +36,8 @@
#if !defined(HAVE_STRUCT_POLLFD) && \
!defined(HAVE_SYS_POLL_H) && \
- !defined(HAVE_POLL_H)
+ !defined(HAVE_POLL_H) && \
+ !defined(POLLIN)
#define POLLIN 0x01
#define POLLPRI 0x02
@@ -73,11 +74,12 @@ struct pollfd
int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2,
curl_socket_t writefd,
- long timeout_ms);
+ time_t timeout_ms);
-/* provide the former API internally */
-#define Curl_socket_ready(x,y,z) \
- Curl_socket_check(x, CURL_SOCKET_BAD, y, z)
+#define SOCKET_READABLE(x,z) \
+ Curl_socket_check(x, CURL_SOCKET_BAD, CURL_SOCKET_BAD, z)
+#define SOCKET_WRITABLE(x,z) \
+ Curl_socket_check(CURL_SOCKET_BAD, CURL_SOCKET_BAD, x, z)
int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms);
diff --git a/libs/libcurl/src/sendf.c b/libs/libcurl/src/sendf.c
index 7b6fca6108..a1cb8e4788 100644
--- a/libs/libcurl/src/sendf.c
+++ b/libs/libcurl/src/sendf.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,23 +22,26 @@
#include "curl_setup.h"
+#ifdef HAVE_LINUX_TCP_H
+#include <linux/tcp.h>
+#endif
+
#include <curl/curl.h>
#include "urldata.h"
#include "sendf.h"
#include "connect.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "ssh.h"
#include "multiif.h"
#include "non-ascii.h"
-
-#define _MPRINTF_REPLACE /* use the internal *printf() functions */
-#include <curl/mprintf.h>
-
-#include "curl_memory.h"
#include "strerror.h"
+#include "select.h"
+#include "strdup.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#ifdef CURL_DO_LINEEND_CONV
@@ -48,14 +51,14 @@
* blocks of data. Remaining, bare CRs are changed to LFs. The possibly new
* size of the data is returned.
*/
-static size_t convert_lineends(struct SessionHandle *data,
+static size_t convert_lineends(struct Curl_easy *data,
char *startPtr, size_t size)
{
char *inPtr, *outPtr;
/* sanity check */
if((startPtr == NULL) || (size < 1)) {
- return(size);
+ return size;
}
if(data->state.prev_block_had_trailing_cr) {
@@ -64,7 +67,7 @@ static size_t convert_lineends(struct SessionHandle *data,
if(*startPtr == '\n') {
/* This block of incoming data starts with the
previous block's LF so get rid of it */
- memmove(startPtr, startPtr+1, size-1);
+ memmove(startPtr, startPtr + 1, size-1);
size--;
/* and it wasn't a bare CR but a CRLF conversion instead */
data->state.crlf_conversions++;
@@ -76,7 +79,7 @@ static size_t convert_lineends(struct SessionHandle *data,
inPtr = outPtr = memchr(startPtr, '\r', size);
if(inPtr) {
/* at least one CR, now look for CRLF */
- while(inPtr < (startPtr+size-1)) {
+ while(inPtr < (startPtr + size-1)) {
/* note that it's size-1, so we'll never look past the last byte */
if(memcmp(inPtr, "\r\n", 2) == 0) {
/* CRLF found, bump past the CR and copy the NL */
@@ -99,7 +102,7 @@ static size_t convert_lineends(struct SessionHandle *data,
inPtr++;
} /* end of while loop */
- if(inPtr < startPtr+size) {
+ if(inPtr < startPtr + size) {
/* handle last byte */
if(*inPtr == '\r') {
/* deal with a CR at the end of the buffer */
@@ -113,19 +116,116 @@ static size_t convert_lineends(struct SessionHandle *data,
}
outPtr++;
}
- if(outPtr < startPtr+size)
+ if(outPtr < startPtr + size)
/* tidy up by null terminating the now shorter data */
*outPtr = '\0';
- return(outPtr - startPtr);
+ return (outPtr - startPtr);
}
- return(size);
+ return size;
}
#endif /* CURL_DO_LINEEND_CONV */
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+bool Curl_recv_has_postponed_data(struct connectdata *conn, int sockindex)
+{
+ struct postponed_data * const psnd = &(conn->postponed[sockindex]);
+ return psnd->buffer && psnd->allocated_size &&
+ psnd->recv_size > psnd->recv_processed;
+}
+
+static void pre_receive_plain(struct connectdata *conn, int num)
+{
+ const curl_socket_t sockfd = conn->sock[num];
+ struct postponed_data * const psnd = &(conn->postponed[num]);
+ size_t bytestorecv = psnd->allocated_size - psnd->recv_size;
+ /* WinSock will destroy unread received data if send() is
+ failed.
+ To avoid lossage of received data, recv() must be
+ performed before every send() if any incoming data is
+ available. However, skip this, if buffer is already full. */
+ if((conn->handler->protocol&PROTO_FAMILY_HTTP) != 0 &&
+ conn->recv[num] == Curl_recv_plain &&
+ (!psnd->buffer || bytestorecv)) {
+ const int readymask = Curl_socket_check(sockfd, CURL_SOCKET_BAD,
+ CURL_SOCKET_BAD, 0);
+ if(readymask != -1 && (readymask & CURL_CSELECT_IN) != 0) {
+ /* Have some incoming data */
+ if(!psnd->buffer) {
+ /* Use buffer double default size for intermediate buffer */
+ psnd->allocated_size = 2 * conn->data->set.buffer_size;
+ psnd->buffer = malloc(psnd->allocated_size);
+ psnd->recv_size = 0;
+ psnd->recv_processed = 0;
+#ifdef DEBUGBUILD
+ psnd->bindsock = sockfd; /* Used only for DEBUGASSERT */
+#endif /* DEBUGBUILD */
+ bytestorecv = psnd->allocated_size;
+ }
+ if(psnd->buffer) {
+ ssize_t recvedbytes;
+ DEBUGASSERT(psnd->bindsock == sockfd);
+ recvedbytes = sread(sockfd, psnd->buffer + psnd->recv_size,
+ bytestorecv);
+ if(recvedbytes > 0)
+ psnd->recv_size += recvedbytes;
+ }
+ else
+ psnd->allocated_size = 0;
+ }
+ }
+}
+
+static ssize_t get_pre_recved(struct connectdata *conn, int num, char *buf,
+ size_t len)
+{
+ struct postponed_data * const psnd = &(conn->postponed[num]);
+ size_t copysize;
+ if(!psnd->buffer)
+ return 0;
+
+ DEBUGASSERT(psnd->allocated_size > 0);
+ DEBUGASSERT(psnd->recv_size <= psnd->allocated_size);
+ DEBUGASSERT(psnd->recv_processed <= psnd->recv_size);
+ /* Check and process data that already received and storied in internal
+ intermediate buffer */
+ if(psnd->recv_size > psnd->recv_processed) {
+ DEBUGASSERT(psnd->bindsock == conn->sock[num]);
+ copysize = CURLMIN(len, psnd->recv_size - psnd->recv_processed);
+ memcpy(buf, psnd->buffer + psnd->recv_processed, copysize);
+ psnd->recv_processed += copysize;
+ }
+ else
+ copysize = 0; /* buffer was allocated, but nothing was received */
+
+ /* Free intermediate buffer if it has no unprocessed data */
+ if(psnd->recv_processed == psnd->recv_size) {
+ free(psnd->buffer);
+ psnd->buffer = NULL;
+ psnd->allocated_size = 0;
+ psnd->recv_size = 0;
+ psnd->recv_processed = 0;
+#ifdef DEBUGBUILD
+ psnd->bindsock = CURL_SOCKET_BAD;
+#endif /* DEBUGBUILD */
+ }
+ return (ssize_t)copysize;
+}
+#else /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
+/* Use "do-nothing" macros instead of functions when workaround not used */
+bool Curl_recv_has_postponed_data(struct connectdata *conn, int sockindex)
+{
+ (void)conn;
+ (void)sockindex;
+ return false;
+}
+#define pre_receive_plain(c,n) do {} WHILE_FALSE
+#define get_pre_recved(c,n,b,l) 0
+#endif /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
+
/* Curl_infof() is for info message along the way */
-void Curl_infof(struct SessionHandle *data, const char *fmt, ...)
+void Curl_infof(struct Curl_easy *data, const char *fmt, ...)
{
if(data && data->set.verbose) {
va_list ap;
@@ -143,38 +243,37 @@ void Curl_infof(struct SessionHandle *data, const char *fmt, ...)
* The message SHALL NOT include any LF or CR.
*/
-void Curl_failf(struct SessionHandle *data, const char *fmt, ...)
+void Curl_failf(struct Curl_easy *data, const char *fmt, ...)
{
- va_list ap;
- size_t len;
- va_start(ap, fmt);
-
- vsnprintf(data->state.buffer, BUFSIZE, fmt, ap);
+ if(data->set.verbose || data->set.errorbuffer) {
+ va_list ap;
+ size_t len;
+ char error[CURL_ERROR_SIZE + 2];
+ va_start(ap, fmt);
+ vsnprintf(error, CURL_ERROR_SIZE, fmt, ap);
+ len = strlen(error);
- if(data->set.errorbuffer && !data->state.errorbuf) {
- snprintf(data->set.errorbuffer, CURL_ERROR_SIZE, "%s", data->state.buffer);
- data->state.errorbuf = TRUE; /* wrote error string */
- }
- if(data->set.verbose) {
- len = strlen(data->state.buffer);
- if(len < BUFSIZE - 1) {
- data->state.buffer[len] = '\n';
- data->state.buffer[++len] = '\0';
+ if(data->set.errorbuffer && !data->state.errorbuf) {
+ strcpy(data->set.errorbuffer, error);
+ data->state.errorbuf = TRUE; /* wrote error string */
+ }
+ if(data->set.verbose) {
+ error[len] = '\n';
+ error[++len] = '\0';
+ Curl_debug(data, CURLINFO_TEXT, error, len, NULL);
}
- Curl_debug(data, CURLINFO_TEXT, data->state.buffer, len, NULL);
+ va_end(ap);
}
-
- va_end(ap);
}
-/* Curl_sendf() sends formated data to the server */
+/* Curl_sendf() sends formatted data to the server */
CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *conn,
const char *fmt, ...)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
ssize_t bytes_written;
size_t write_len;
- CURLcode res = CURLE_OK;
+ CURLcode result = CURLE_OK;
char *s;
char *sptr;
va_list ap;
@@ -184,15 +283,15 @@ CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *conn,
if(!s)
return CURLE_OUT_OF_MEMORY; /* failure */
- bytes_written=0;
+ bytes_written = 0;
write_len = strlen(s);
sptr = s;
for(;;) {
/* Write the buffer to the socket */
- res = Curl_write(conn, sockfd, sptr, write_len, &bytes_written);
+ result = Curl_write(conn, sockfd, sptr, write_len, &bytes_written);
- if(CURLE_OK != res)
+ if(result)
break;
if(data->set.verbose)
@@ -210,7 +309,7 @@ CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *conn,
free(s); /* free the output string */
- return res;
+ return result;
}
/*
@@ -227,10 +326,10 @@ CURLcode Curl_write(struct connectdata *conn,
ssize_t *written)
{
ssize_t bytes_written;
- CURLcode curlcode = CURLE_OK;
+ CURLcode result = CURLE_OK;
int num = (sockfd == conn->sock[SECONDARYSOCKET]);
- bytes_written = conn->send[num](conn, num, mem, len, &curlcode);
+ bytes_written = conn->send[num](conn, num, mem, len, &result);
*written = bytes_written;
if(bytes_written >= 0)
@@ -238,7 +337,7 @@ CURLcode Curl_write(struct connectdata *conn,
return CURLE_OK;
/* handle CURLE_AGAIN or a send failure */
- switch(curlcode) {
+ switch(result) {
case CURLE_AGAIN:
*written = 0;
return CURLE_OK;
@@ -249,7 +348,7 @@ CURLcode Curl_write(struct connectdata *conn,
default:
/* we got a specific curlcode, forward it */
- return curlcode;
+ return result;
}
}
@@ -257,7 +356,23 @@ ssize_t Curl_send_plain(struct connectdata *conn, int num,
const void *mem, size_t len, CURLcode *code)
{
curl_socket_t sockfd = conn->sock[num];
- ssize_t bytes_written = swrite(sockfd, mem, len);
+ ssize_t bytes_written;
+ /* WinSock will destroy unread received data if send() is
+ failed.
+ To avoid lossage of received data, recv() must be
+ performed before every send() if any incoming data is
+ available. */
+ pre_receive_plain(conn, num);
+
+#if defined(MSG_FASTOPEN) && !defined(TCP_FASTOPEN_CONNECT) /* Linux */
+ if(conn->bits.tcp_fastopen) {
+ bytes_written = sendto(sockfd, mem, len, MSG_FASTOPEN,
+ conn->ip_addr->ai_addr, conn->ip_addr->ai_addrlen);
+ conn->bits.tcp_fastopen = FALSE;
+ }
+ else
+#endif
+ bytes_written = swrite(sockfd, mem, len);
*code = CURLE_OK;
if(-1 == bytes_written) {
@@ -271,11 +386,12 @@ ssize_t Curl_send_plain(struct connectdata *conn, int num,
/* errno may be EWOULDBLOCK or on some systems EAGAIN when it returned
due to its inability to send off data without blocking. We therefor
treat both error codes the same here */
- (EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err)
+ (EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err) ||
+ (EINPROGRESS == err)
#endif
) {
/* this is just a case of EWOULDBLOCK */
- bytes_written=0;
+ bytes_written = 0;
*code = CURLE_AGAIN;
}
else {
@@ -300,21 +416,30 @@ CURLcode Curl_write_plain(struct connectdata *conn,
ssize_t *written)
{
ssize_t bytes_written;
- CURLcode retcode;
+ CURLcode result;
int num = (sockfd == conn->sock[SECONDARYSOCKET]);
- bytes_written = Curl_send_plain(conn, num, mem, len, &retcode);
+ bytes_written = Curl_send_plain(conn, num, mem, len, &result);
*written = bytes_written;
- return retcode;
+ return result;
}
ssize_t Curl_recv_plain(struct connectdata *conn, int num, char *buf,
size_t len, CURLcode *code)
{
curl_socket_t sockfd = conn->sock[num];
- ssize_t nread = sread(sockfd, buf, len);
+ ssize_t nread;
+ /* Check and return data that already received and storied in internal
+ intermediate buffer */
+ nread = get_pre_recved(conn, num, buf, len);
+ if(nread > 0) {
+ *code = CURLE_OK;
+ return nread;
+ }
+
+ nread = sread(sockfd, buf, len);
*code = CURLE_OK;
if(-1 == nread) {
@@ -344,7 +469,7 @@ ssize_t Curl_recv_plain(struct connectdata *conn, int num, char *buf,
return nread;
}
-static CURLcode pausewrite(struct SessionHandle *data,
+static CURLcode pausewrite(struct Curl_easy *data,
int type, /* what type of data */
const char *ptr,
size_t len)
@@ -353,27 +478,144 @@ static CURLcode pausewrite(struct SessionHandle *data,
we want to send we need to dup it to save a copy for when the sending
is again enabled */
struct SingleRequest *k = &data->req;
- char *dupl = malloc(len);
- if(!dupl)
- return CURLE_OUT_OF_MEMORY;
+ struct UrlState *s = &data->state;
+ char *dupl;
+ unsigned int i;
+ bool newtype = TRUE;
+
+ if(s->tempcount) {
+ for(i = 0; i< s->tempcount; i++) {
+ if(s->tempwrite[i].type == type) {
+ /* data for this type exists */
+ newtype = FALSE;
+ break;
+ }
+ }
+ DEBUGASSERT(i < 3);
+ }
+ else
+ i = 0;
+
+ if(!newtype) {
+ /* append new data to old data */
+
+ /* figure out the new size of the data to save */
+ size_t newlen = len + s->tempwrite[i].len;
+ /* allocate the new memory area */
+ char *newptr = realloc(s->tempwrite[i].buf, newlen);
+ if(!newptr)
+ return CURLE_OUT_OF_MEMORY;
+ /* copy the new data to the end of the new area */
+ memcpy(newptr + s->tempwrite[i].len, ptr, len);
+
+ /* update the pointer and the size */
+ s->tempwrite[i].buf = newptr;
+ s->tempwrite[i].len = newlen;
+ }
+ else {
+ dupl = Curl_memdup(ptr, len);
+ if(!dupl)
+ return CURLE_OUT_OF_MEMORY;
- memcpy(dupl, ptr, len);
+ /* store this information in the state struct for later use */
+ s->tempwrite[i].buf = dupl;
+ s->tempwrite[i].len = len;
+ s->tempwrite[i].type = type;
- /* store this information in the state struct for later use */
- data->state.tempwrite = dupl;
- data->state.tempwritesize = len;
- data->state.tempwritetype = type;
+ if(newtype)
+ s->tempcount++;
+ }
/* mark the connection as RECV paused */
k->keepon |= KEEP_RECV_PAUSE;
- DEBUGF(infof(data, "Pausing with %zu bytes in buffer for type %02x\n",
+ DEBUGF(infof(data, "Paused %zu bytes in buffer for type %02x\n",
len, type));
return CURLE_OK;
}
+/* Curl_client_chop_write() writes chunks of data not larger than
+ * CURL_MAX_WRITE_SIZE via client write callback(s) and
+ * takes care of pause requests from the callbacks.
+ */
+CURLcode Curl_client_chop_write(struct connectdata *conn,
+ int type,
+ char *ptr,
+ size_t len)
+{
+ struct Curl_easy *data = conn->data;
+ curl_write_callback writeheader = NULL;
+ curl_write_callback writebody = NULL;
+
+ if(!len)
+ return CURLE_OK;
+
+ /* If reading is paused, append this data to the already held data for this
+ type. */
+ if(data->req.keepon & KEEP_RECV_PAUSE)
+ return pausewrite(data, type, ptr, len);
+
+ /* Determine the callback(s) to use. */
+ if(type & CLIENTWRITE_BODY)
+ writebody = data->set.fwrite_func;
+ if((type & CLIENTWRITE_HEADER) &&
+ (data->set.fwrite_header || data->set.writeheader)) {
+ /*
+ * Write headers to the same callback or to the especially setup
+ * header callback function (added after version 7.7.1).
+ */
+ writeheader =
+ data->set.fwrite_header? data->set.fwrite_header: data->set.fwrite_func;
+ }
+
+ /* Chop data, write chunks. */
+ while(len) {
+ size_t chunklen = len <= CURL_MAX_WRITE_SIZE? len: CURL_MAX_WRITE_SIZE;
+
+ if(writebody) {
+ size_t wrote = writebody(ptr, 1, chunklen, data->set.out);
+
+ if(CURL_WRITEFUNC_PAUSE == wrote) {
+ if(conn->handler->flags & PROTOPT_NONETWORK) {
+ /* Protocols that work without network cannot be paused. This is
+ actually only FILE:// just now, and it can't pause since the
+ transfer isn't done using the "normal" procedure. */
+ failf(data, "Write callback asked for PAUSE when not supported!");
+ return CURLE_WRITE_ERROR;
+ }
+ return pausewrite(data, type, ptr, len);
+ }
+ if(wrote != chunklen) {
+ failf(data, "Failed writing body (%zu != %zu)", wrote, chunklen);
+ return CURLE_WRITE_ERROR;
+ }
+ }
+
+ if(writeheader) {
+ size_t wrote = writeheader(ptr, 1, chunklen, data->set.writeheader);
+
+ if(CURL_WRITEFUNC_PAUSE == wrote)
+ /* here we pass in the HEADER bit only since if this was body as well
+ then it was passed already and clearly that didn't trigger the
+ pause, so this is saved for later with the HEADER bit only */
+ return pausewrite(data, CLIENTWRITE_HEADER, ptr, len);
+
+ if(wrote != chunklen) {
+ failf(data, "Failed writing header");
+ return CURLE_WRITE_ERROR;
+ }
+ }
+
+ ptr += chunklen;
+ len -= chunklen;
+ }
+
+ return CURLE_OK;
+}
+
+
/* Curl_client_write() sends data to the write callback(s)
The bit pattern defines to what "streams" to write to. Body and/or header.
@@ -388,97 +630,30 @@ CURLcode Curl_client_write(struct connectdata *conn,
char *ptr,
size_t len)
{
- struct SessionHandle *data = conn->data;
- size_t wrote;
+ struct Curl_easy *data = conn->data;
if(0 == len)
len = strlen(ptr);
- /* If reading is actually paused, we're forced to append this chunk of data
- to the already held data, but only if it is the same type as otherwise it
- can't work and it'll return error instead. */
- if(data->req.keepon & KEEP_RECV_PAUSE) {
- size_t newlen;
- char *newptr;
- if(type != data->state.tempwritetype)
- /* major internal confusion */
- return CURLE_RECV_ERROR;
-
- DEBUGASSERT(data->state.tempwrite);
-
- /* figure out the new size of the data to save */
- newlen = len + data->state.tempwritesize;
- /* allocate the new memory area */
- newptr = realloc(data->state.tempwrite, newlen);
- if(!newptr)
- return CURLE_OUT_OF_MEMORY;
- /* copy the new data to the end of the new area */
- memcpy(newptr + data->state.tempwritesize, ptr, len);
- /* update the pointer and the size */
- data->state.tempwrite = newptr;
- data->state.tempwritesize = newlen;
+ DEBUGASSERT(type <= 3);
- return CURLE_OK;
- }
-
- if(type & CLIENTWRITE_BODY) {
- if((conn->handler->protocol&CURLPROTO_FTP) &&
- conn->proto.ftpc.transfertype == 'A') {
- /* convert from the network encoding */
- CURLcode rc = Curl_convert_from_network(data, ptr, len);
- /* Curl_convert_from_network calls failf if unsuccessful */
- if(rc)
- return rc;
+ /* FTP data may need conversion. */
+ if((type & CLIENTWRITE_BODY) &&
+ (conn->handler->protocol & PROTO_FAMILY_FTP) &&
+ conn->proto.ftpc.transfertype == 'A') {
+ /* convert from the network encoding */
+ CURLcode result = Curl_convert_from_network(data, ptr, len);
+ /* Curl_convert_from_network calls failf if unsuccessful */
+ if(result)
+ return result;
#ifdef CURL_DO_LINEEND_CONV
- /* convert end-of-line markers */
- len = convert_lineends(data, ptr, len);
+ /* convert end-of-line markers */
+ len = convert_lineends(data, ptr, len);
#endif /* CURL_DO_LINEEND_CONV */
}
- /* If the previous block of data ended with CR and this block of data is
- just a NL, then the length might be zero */
- if(len) {
- wrote = data->set.fwrite_func(ptr, 1, len, data->set.out);
- }
- else {
- wrote = len;
- }
-
- if(CURL_WRITEFUNC_PAUSE == wrote)
- return pausewrite(data, type, ptr, len);
-
- if(wrote != len) {
- failf(data, "Failed writing body (%zu != %zu)", wrote, len);
- return CURLE_WRITE_ERROR;
- }
- }
- if((type & CLIENTWRITE_HEADER) &&
- (data->set.fwrite_header || data->set.writeheader) ) {
- /*
- * Write headers to the same callback or to the especially setup
- * header callback function (added after version 7.7.1).
- */
- curl_write_callback writeit=
- data->set.fwrite_header?data->set.fwrite_header:data->set.fwrite_func;
-
- /* Note: The header is in the host encoding
- regardless of the ftp transfer mode (ASCII/Image) */
-
- wrote = writeit(ptr, 1, len, data->set.writeheader);
- if(CURL_WRITEFUNC_PAUSE == wrote)
- /* here we pass in the HEADER bit only since if this was body as well
- then it was passed already and clearly that didn't trigger the pause,
- so this is saved for later with the HEADER bit only */
- return pausewrite(data, CLIENTWRITE_HEADER, ptr, len);
-
- if(wrote != len) {
- failf (data, "Failed writing header");
- return CURLE_WRITE_ERROR;
- }
- }
-
- return CURLE_OK;
+ return Curl_client_chop_write(conn, type, ptr, len);
}
CURLcode Curl_read_plain(curl_socket_t sockfd,
@@ -490,14 +665,15 @@ CURLcode Curl_read_plain(curl_socket_t sockfd,
if(-1 == nread) {
int err = SOCKERRNO;
+ int return_error;
#ifdef USE_WINSOCK
- if(WSAEWOULDBLOCK == err)
+ return_error = WSAEWOULDBLOCK == err;
#else
- if((EWOULDBLOCK == err) || (EAGAIN == err) || (EINTR == err))
+ return_error = EWOULDBLOCK == err || EAGAIN == err || EINTR == err;
#endif
+ if(return_error)
return CURLE_AGAIN;
- else
- return CURLE_RECV_ERROR;
+ return CURLE_RECV_ERROR;
}
/* we only return number of bytes read when we return OK */
@@ -517,18 +693,22 @@ CURLcode Curl_read(struct connectdata *conn, /* connection data */
size_t sizerequested, /* max amount to read */
ssize_t *n) /* amount bytes read */
{
- CURLcode curlcode = CURLE_RECV_ERROR;
+ CURLcode result = CURLE_RECV_ERROR;
ssize_t nread = 0;
size_t bytesfromsocket = 0;
char *buffertofill = NULL;
- bool pipelining = Curl_multi_pipeline_enabled(conn->data->multi);
+ struct Curl_easy *data = conn->data;
+
+ /* if HTTP/1 pipelining is both wanted and possible */
+ bool pipelining = Curl_pipeline_wanted(data->multi, CURLPIPE_HTTP1) &&
+ (conn->bundle->multiuse == BUNDLE_PIPELINING);
/* Set 'num' to 0 or 1, depending on which socket that has been sent here.
If it is the second socket, we set num to 1. Otherwise to 0. This lets
us use the correct ssl handle. */
int num = (sockfd == conn->sock[SECONDARYSOCKET]);
- *n=0; /* reset amount to zero */
+ *n = 0; /* reset amount to zero */
/* If session can pipeline, check connection buffer */
if(pipelining) {
@@ -546,19 +726,17 @@ CURLcode Curl_read(struct connectdata *conn, /* connection data */
}
/* If we come here, it means that there is no data to read from the buffer,
* so we read from the socket */
- bytesfromsocket = CURLMIN(sizerequested, BUFSIZE * sizeof (char));
+ bytesfromsocket = CURLMIN(sizerequested, MASTERBUF_SIZE);
buffertofill = conn->master_buffer;
}
else {
- bytesfromsocket = CURLMIN((long)sizerequested,
- conn->data->set.buffer_size ?
- conn->data->set.buffer_size : BUFSIZE);
+ bytesfromsocket = CURLMIN(sizerequested, (size_t)data->set.buffer_size);
buffertofill = buf;
}
- nread = conn->recv[num](conn, num, buffertofill, bytesfromsocket, &curlcode);
+ nread = conn->recv[num](conn, num, buffertofill, bytesfromsocket, &result);
if(nread < 0)
- return curlcode;
+ return result;
if(pipelining) {
memcpy(buf, conn->master_buffer, nread);
@@ -572,26 +750,24 @@ CURLcode Curl_read(struct connectdata *conn, /* connection data */
}
/* return 0 on success */
-static int showit(struct SessionHandle *data, curl_infotype type,
+static int showit(struct Curl_easy *data, curl_infotype type,
char *ptr, size_t size)
{
static const char s_infotype[CURLINFO_END][3] = {
"* ", "< ", "> ", "{ ", "} ", "{ ", "} " };
+ int rc = 0;
#ifdef CURL_DOES_CONVERSIONS
- char buf[BUFSIZE+1];
+ char *buf = NULL;
size_t conv_size = 0;
switch(type) {
case CURLINFO_HEADER_OUT:
- /* assume output headers are ASCII */
- /* copy the data into my buffer so the original is unchanged */
- if(size > BUFSIZE) {
- size = BUFSIZE; /* truncate if necessary */
- buf[BUFSIZE] = '\0';
- }
+ buf = Curl_memdup(ptr, size);
+ if(!buf)
+ return 1;
conv_size = size;
- memcpy(buf, ptr, size);
+
/* Special processing is needed for this block if it
* contains both headers and data (separated by CRLFCRLF).
* We want to convert just the headers, leaving the data as-is.
@@ -619,45 +795,50 @@ static int showit(struct SessionHandle *data, curl_infotype type,
#endif /* CURL_DOES_CONVERSIONS */
if(data->set.fdebug)
- return (*data->set.fdebug)(data, type, ptr, size,
- data->set.debugdata);
-
- switch(type) {
- case CURLINFO_TEXT:
- case CURLINFO_HEADER_OUT:
- case CURLINFO_HEADER_IN:
- fwrite(s_infotype[type], 2, 1, data->set.err);
- fwrite(ptr, size, 1, data->set.err);
+ rc = (*data->set.fdebug)(data, type, ptr, size, data->set.debugdata);
+ else {
+ switch(type) {
+ case CURLINFO_TEXT:
+ case CURLINFO_HEADER_OUT:
+ case CURLINFO_HEADER_IN:
+ fwrite(s_infotype[type], 2, 1, data->set.err);
+ fwrite(ptr, size, 1, data->set.err);
#ifdef CURL_DOES_CONVERSIONS
- if(size != conv_size) {
- /* we had untranslated data so we need an explicit newline */
- fwrite("\n", 1, 1, data->set.err);
- }
+ if(size != conv_size) {
+ /* we had untranslated data so we need an explicit newline */
+ fwrite("\n", 1, 1, data->set.err);
+ }
#endif
- break;
- default: /* nada */
- break;
+ break;
+ default: /* nada */
+ break;
+ }
}
- return 0;
+#ifdef CURL_DOES_CONVERSIONS
+ free(buf);
+#endif
+ return rc;
}
-int Curl_debug(struct SessionHandle *data, curl_infotype type,
+int Curl_debug(struct Curl_easy *data, curl_infotype type,
char *ptr, size_t size,
struct connectdata *conn)
{
int rc;
if(data->set.printhost && conn && conn->host.dispname) {
char buffer[160];
- const char *t=NULL;
- const char *w="Data";
- switch (type) {
+ const char *t = NULL;
+ const char *w = "Data";
+ switch(type) {
case CURLINFO_HEADER_IN:
w = "Header";
+ /* FALLTHROUGH */
case CURLINFO_DATA_IN:
t = "from";
break;
case CURLINFO_HEADER_OUT:
w = "Header";
+ /* FALLTHROUGH */
case CURLINFO_DATA_OUT:
t = "to";
break;
diff --git a/libs/libcurl/src/sendf.h b/libs/libcurl/src/sendf.h
index 39489e40fb..fbe4f99c87 100644
--- a/libs/libcurl/src/sendf.h
+++ b/libs/libcurl/src/sendf.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,8 +26,8 @@
CURLcode Curl_sendf(curl_socket_t sockfd, struct connectdata *,
const char *fmt, ...);
-void Curl_infof(struct SessionHandle *, const char *fmt, ...);
-void Curl_failf(struct SessionHandle *, const char *fmt, ...);
+void Curl_infof(struct Curl_easy *, const char *fmt, ...);
+void Curl_failf(struct Curl_easy *, const char *fmt, ...);
#if defined(CURL_DISABLE_VERBOSE_STRINGS)
@@ -51,8 +51,12 @@ void Curl_failf(struct SessionHandle *, const char *fmt, ...);
#define CLIENTWRITE_HEADER (1<<1)
#define CLIENTWRITE_BOTH (CLIENTWRITE_BODY|CLIENTWRITE_HEADER)
+CURLcode Curl_client_chop_write(struct connectdata *conn, int type, char *ptr,
+ size_t len) WARN_UNUSED_RESULT;
CURLcode Curl_client_write(struct connectdata *conn, int type, char *ptr,
- size_t len);
+ size_t len) WARN_UNUSED_RESULT;
+
+bool Curl_recv_has_postponed_data(struct connectdata *conn, int sockindex);
/* internal read-function, does plain socket only */
CURLcode Curl_read_plain(curl_socket_t sockfd,
@@ -82,7 +86,7 @@ CURLcode Curl_write_plain(struct connectdata *conn,
ssize_t *written);
/* the function used to output verbose information */
-int Curl_debug(struct SessionHandle *handle, curl_infotype type,
+int Curl_debug(struct Curl_easy *handle, curl_infotype type,
char *data, size_t size,
struct connectdata *conn);
diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c
new file mode 100644
index 0000000000..70466bffb8
--- /dev/null
+++ b/libs/libcurl/src/setopt.c
@@ -0,0 +1,2554 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifdef HAVE_LINUX_TCP_H
+#include <linux/tcp.h>
+#endif
+
+#include "urldata.h"
+#include "url.h"
+#include "progress.h"
+#include "content_encoding.h"
+#include "strcase.h"
+#include "share.h"
+#include "vtls/vtls.h"
+#include "warnless.h"
+#include "sendf.h"
+#include "http2.h"
+#include "setopt.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+CURLcode Curl_setstropt(char **charp, const char *s)
+{
+ /* Release the previous storage at `charp' and replace by a dynamic storage
+ copy of `s'. Return CURLE_OK or CURLE_OUT_OF_MEMORY. */
+
+ Curl_safefree(*charp);
+
+ if(s) {
+ char *str = strdup(s);
+
+ if(!str)
+ return CURLE_OUT_OF_MEMORY;
+
+ *charp = str;
+ }
+
+ return CURLE_OK;
+}
+
+static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp)
+{
+ CURLcode result = CURLE_OK;
+ char *user = NULL;
+ char *passwd = NULL;
+
+ /* Parse the login details if specified. It not then we treat NULL as a hint
+ to clear the existing data */
+ if(option) {
+ result = Curl_parse_login_details(option, strlen(option),
+ (userp ? &user : NULL),
+ (passwdp ? &passwd : NULL),
+ NULL);
+ }
+
+ if(!result) {
+ /* Store the username part of option if required */
+ if(userp) {
+ if(!user && option && option[0] == ':') {
+ /* Allocate an empty string instead of returning NULL as user name */
+ user = strdup("");
+ if(!user)
+ result = CURLE_OUT_OF_MEMORY;
+ }
+
+ Curl_safefree(*userp);
+ *userp = user;
+ }
+
+ /* Store the password part of option if required */
+ if(passwdp) {
+ Curl_safefree(*passwdp);
+ *passwdp = passwd;
+ }
+ }
+
+ return result;
+}
+
+#define C_SSLVERSION_VALUE(x) (x & 0xffff)
+#define C_SSLVERSION_MAX_VALUE(x) (x & 0xffff0000)
+
+static CURLcode setopt(struct Curl_easy *data, CURLoption option,
+ va_list param)
+{
+ char *argptr;
+ CURLcode result = CURLE_OK;
+ long arg;
+ curl_off_t bigsize;
+
+ switch(option) {
+ case CURLOPT_DNS_CACHE_TIMEOUT:
+ arg = va_arg(param, long);
+ if(arg < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.dns_cache_timeout = arg;
+ break;
+ case CURLOPT_DNS_USE_GLOBAL_CACHE:
+ /* remember we want this enabled */
+ arg = va_arg(param, long);
+ data->set.global_dns_cache = (0 != arg) ? TRUE : FALSE;
+ break;
+ case CURLOPT_SSL_CIPHER_LIST:
+ /* set a list of cipher we want to use in the SSL connection */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSL_CIPHER_LIST:
+ /* set a list of cipher we want to use in the SSL connection for proxy */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_RANDOM_FILE:
+ /*
+ * This is the path name to a file that contains random data to seed
+ * the random SSL stuff with. The file is only used for reading.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_RANDOM_FILE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_EGDSOCKET:
+ /*
+ * The Entropy Gathering Daemon socket pathname
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_EGDSOCKET],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_MAXCONNECTS:
+ /*
+ * Set the absolute number of maximum simultaneous alive connection that
+ * libcurl is allowed to have.
+ */
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.maxconnects = arg;
+ break;
+ case CURLOPT_FORBID_REUSE:
+ /*
+ * When this transfer is done, it must not be left to be reused by a
+ * subsequent transfer but shall be closed immediately.
+ */
+ data->set.reuse_forbid = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_FRESH_CONNECT:
+ /*
+ * This transfer shall not use a previously cached connection but
+ * should be made with a fresh new connect!
+ */
+ data->set.reuse_fresh = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_VERBOSE:
+ /*
+ * Verbose means infof() calls that give a lot of information about
+ * the connection and transfer procedures as well as internal choices.
+ */
+ data->set.verbose = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_HEADER:
+ /*
+ * Set to include the header in the general data output stream.
+ */
+ data->set.include_header = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_NOPROGRESS:
+ /*
+ * Shut off the internal supported progress meter
+ */
+ data->set.hide_progress = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ if(data->set.hide_progress)
+ data->progress.flags |= PGRS_HIDE;
+ else
+ data->progress.flags &= ~PGRS_HIDE;
+ break;
+ case CURLOPT_NOBODY:
+ /*
+ * Do not include the body part in the output data stream.
+ */
+ data->set.opt_no_body = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_FAILONERROR:
+ /*
+ * Don't output the >=400 error code HTML-page, but instead only
+ * return error.
+ */
+ data->set.http_fail_on_error = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_KEEP_SENDING_ON_ERROR:
+ data->set.http_keep_sending_on_error = (0 != va_arg(param, long)) ?
+ TRUE : FALSE;
+ break;
+ case CURLOPT_UPLOAD:
+ case CURLOPT_PUT:
+ /*
+ * We want to sent data to the remote host. If this is HTTP, that equals
+ * using the PUT request.
+ */
+ data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ if(data->set.upload) {
+ /* If this is HTTP, PUT is what's needed to "upload" */
+ data->set.httpreq = HTTPREQ_PUT;
+ data->set.opt_no_body = FALSE; /* this is implied */
+ }
+ else
+ /* In HTTP, the opposite of upload is GET (unless NOBODY is true as
+ then this can be changed to HEAD later on) */
+ data->set.httpreq = HTTPREQ_GET;
+ break;
+ case CURLOPT_REQUEST_TARGET:
+ result = Curl_setstropt(&data->set.str[STRING_TARGET],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_FILETIME:
+ /*
+ * Try to get the file time of the remote document. The time will
+ * later (possibly) become available using curl_easy_getinfo().
+ */
+ data->set.get_filetime = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_FTP_CREATE_MISSING_DIRS:
+ /*
+ * An FTP option that modifies an upload to create missing directories on
+ * the server.
+ */
+ switch(va_arg(param, long)) {
+ case 0:
+ data->set.ftp_create_missing_dirs = 0;
+ break;
+ case 1:
+ data->set.ftp_create_missing_dirs = 1;
+ break;
+ case 2:
+ data->set.ftp_create_missing_dirs = 2;
+ break;
+ default:
+ /* reserve other values for future use */
+ result = CURLE_UNKNOWN_OPTION;
+ break;
+ }
+ break;
+ case CURLOPT_SERVER_RESPONSE_TIMEOUT:
+ /*
+ * Option that specifies how quickly an server response must be obtained
+ * before it is considered failure. For pingpong protocols.
+ */
+ arg = va_arg(param, long);
+ if((arg >= 0) && (arg < (INT_MAX/1000)))
+ data->set.server_response_timeout = arg * 1000;
+ else
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ break;
+ case CURLOPT_TFTP_NO_OPTIONS:
+ /*
+ * Option that prevents libcurl from sending TFTP option requests to the
+ * server.
+ */
+ data->set.tftp_no_options = va_arg(param, long) != 0;
+ break;
+ case CURLOPT_TFTP_BLKSIZE:
+ /*
+ * TFTP option that specifies the block size to use for data transmission.
+ */
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.tftp_blksize = arg;
+ break;
+ case CURLOPT_DIRLISTONLY:
+ /*
+ * An option that changes the command to one that asks for a list
+ * only, no file info details.
+ */
+ data->set.ftp_list_only = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_APPEND:
+ /*
+ * We want to upload and append to an existing file.
+ */
+ data->set.ftp_append = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_FTP_FILEMETHOD:
+ /*
+ * How do access files over FTP.
+ */
+ arg = va_arg(param, long);
+ if((arg < CURLFTPMETHOD_DEFAULT) || (arg > CURLFTPMETHOD_SINGLECWD))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.ftp_filemethod = (curl_ftpfile)arg;
+ break;
+ case CURLOPT_NETRC:
+ /*
+ * Parse the $HOME/.netrc file
+ */
+ arg = va_arg(param, long);
+ if((arg < CURL_NETRC_IGNORED) || (arg > CURL_NETRC_REQUIRED))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.use_netrc = (enum CURL_NETRC_OPTION)arg;
+ break;
+ case CURLOPT_NETRC_FILE:
+ /*
+ * Use this file instead of the $HOME/.netrc file
+ */
+ result = Curl_setstropt(&data->set.str[STRING_NETRC_FILE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_TRANSFERTEXT:
+ /*
+ * This option was previously named 'FTPASCII'. Renamed to work with
+ * more protocols than merely FTP.
+ *
+ * Transfer using ASCII (instead of BINARY).
+ */
+ data->set.prefer_ascii = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_TIMECONDITION:
+ /*
+ * Set HTTP time condition. This must be one of the defines in the
+ * curl/curl.h header file.
+ */
+ arg = va_arg(param, long);
+ if((arg < CURL_TIMECOND_NONE) || (arg > CURL_TIMECOND_LASTMOD))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.timecondition = (curl_TimeCond)arg;
+ break;
+ case CURLOPT_TIMEVALUE:
+ /*
+ * This is the value to compare with the remote document with the
+ * method set with CURLOPT_TIMECONDITION
+ */
+ data->set.timevalue = (time_t)va_arg(param, long);
+ break;
+ case CURLOPT_SSLVERSION:
+ /*
+ * Set explicit SSL version to try to connect with, as some SSL
+ * implementations are lame.
+ */
+#ifdef USE_SSL
+ arg = va_arg(param, long);
+ if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.ssl.primary.version = C_SSLVERSION_VALUE(arg);
+ data->set.ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
+#else
+ result = CURLE_UNKNOWN_OPTION;
+#endif
+ break;
+ case CURLOPT_PROXY_SSLVERSION:
+ /*
+ * Set explicit SSL version to try to connect with for proxy, as some SSL
+ * implementations are lame.
+ */
+#ifdef USE_SSL
+ arg = va_arg(param, long);
+ if((arg < CURL_SSLVERSION_DEFAULT) || (arg > CURL_SSLVERSION_TLSv1_3))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.proxy_ssl.primary.version = C_SSLVERSION_VALUE(arg);
+ data->set.proxy_ssl.primary.version_max = C_SSLVERSION_MAX_VALUE(arg);
+#else
+ result = CURLE_UNKNOWN_OPTION;
+#endif
+ break;
+
+#ifndef CURL_DISABLE_HTTP
+ case CURLOPT_AUTOREFERER:
+ /*
+ * Switch on automatic referer that gets set if curl follows locations.
+ */
+ data->set.http_auto_referer = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_ACCEPT_ENCODING:
+ /*
+ * String to use at the value of Accept-Encoding header.
+ *
+ * If the encoding is set to "" we use an Accept-Encoding header that
+ * encompasses all the encodings we support.
+ * If the encoding is set to NULL we don't send an Accept-Encoding header
+ * and ignore an received Content-Encoding header.
+ *
+ */
+ argptr = va_arg(param, char *);
+ if(argptr && !*argptr) {
+ argptr = Curl_all_content_encodings();
+ if(!argptr)
+ result = CURLE_OUT_OF_MEMORY;
+ else {
+ result = Curl_setstropt(&data->set.str[STRING_ENCODING], argptr);
+ free(argptr);
+ }
+ }
+ else
+ result = Curl_setstropt(&data->set.str[STRING_ENCODING], argptr);
+ break;
+
+ case CURLOPT_TRANSFER_ENCODING:
+ data->set.http_transfer_encoding = (0 != va_arg(param, long)) ?
+ TRUE : FALSE;
+ break;
+
+ case CURLOPT_FOLLOWLOCATION:
+ /*
+ * Follow Location: header hints on a HTTP-server.
+ */
+ data->set.http_follow_location = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_UNRESTRICTED_AUTH:
+ /*
+ * Send authentication (user+password) when following locations, even when
+ * hostname changed.
+ */
+ data->set.http_disable_hostname_check_before_authentication =
+ (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_MAXREDIRS:
+ /*
+ * The maximum amount of hops you allow curl to follow Location:
+ * headers. This should mostly be used to detect never-ending loops.
+ */
+ arg = va_arg(param, long);
+ if(arg < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.maxredirs = arg;
+ break;
+
+ case CURLOPT_POSTREDIR:
+ /*
+ * Set the behaviour of POST when redirecting
+ * CURL_REDIR_GET_ALL - POST is changed to GET after 301 and 302
+ * CURL_REDIR_POST_301 - POST is kept as POST after 301
+ * CURL_REDIR_POST_302 - POST is kept as POST after 302
+ * CURL_REDIR_POST_303 - POST is kept as POST after 303
+ * CURL_REDIR_POST_ALL - POST is kept as POST after 301, 302 and 303
+ * other - POST is kept as POST after 301 and 302
+ */
+ arg = va_arg(param, long);
+ if(arg < CURL_REDIR_GET_ALL)
+ /* no return error on too high numbers since the bitmask could be
+ extended in a future */
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.keep_post = arg & CURL_REDIR_POST_ALL;
+ break;
+
+ case CURLOPT_POST:
+ /* Does this option serve a purpose anymore? Yes it does, when
+ CURLOPT_POSTFIELDS isn't used and the POST data is read off the
+ callback! */
+ if(va_arg(param, long)) {
+ data->set.httpreq = HTTPREQ_POST;
+ data->set.opt_no_body = FALSE; /* this is implied */
+ }
+ else
+ data->set.httpreq = HTTPREQ_GET;
+ break;
+
+ case CURLOPT_COPYPOSTFIELDS:
+ /*
+ * A string with POST data. Makes curl HTTP POST. Even if it is NULL.
+ * If needed, CURLOPT_POSTFIELDSIZE must have been set prior to
+ * CURLOPT_COPYPOSTFIELDS and not altered later.
+ */
+ argptr = va_arg(param, char *);
+
+ if(!argptr || data->set.postfieldsize == -1)
+ result = Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], argptr);
+ else {
+ /*
+ * Check that requested length does not overflow the size_t type.
+ */
+
+ if((data->set.postfieldsize < 0) ||
+ ((sizeof(curl_off_t) != sizeof(size_t)) &&
+ (data->set.postfieldsize > (curl_off_t)((size_t)-1))))
+ result = CURLE_OUT_OF_MEMORY;
+ else {
+ char *p;
+
+ (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+
+ /* Allocate even when size == 0. This satisfies the need of possible
+ later address compare to detect the COPYPOSTFIELDS mode, and
+ to mark that postfields is used rather than read function or
+ form data.
+ */
+ p = malloc((size_t)(data->set.postfieldsize?
+ data->set.postfieldsize:1));
+
+ if(!p)
+ result = CURLE_OUT_OF_MEMORY;
+ else {
+ if(data->set.postfieldsize)
+ memcpy(p, argptr, (size_t)data->set.postfieldsize);
+
+ data->set.str[STRING_COPYPOSTFIELDS] = p;
+ }
+ }
+ }
+
+ data->set.postfields = data->set.str[STRING_COPYPOSTFIELDS];
+ data->set.httpreq = HTTPREQ_POST;
+ break;
+
+ case CURLOPT_POSTFIELDS:
+ /*
+ * Like above, but use static data instead of copying it.
+ */
+ data->set.postfields = va_arg(param, void *);
+ /* Release old copied data. */
+ (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+ data->set.httpreq = HTTPREQ_POST;
+ break;
+
+ case CURLOPT_POSTFIELDSIZE:
+ /*
+ * The size of the POSTFIELD data to prevent libcurl to do strlen() to
+ * figure it out. Enables binary posts.
+ */
+ bigsize = va_arg(param, long);
+ if(bigsize < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ if(data->set.postfieldsize < bigsize &&
+ data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) {
+ /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */
+ (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+ data->set.postfields = NULL;
+ }
+
+ data->set.postfieldsize = bigsize;
+ break;
+
+ case CURLOPT_POSTFIELDSIZE_LARGE:
+ /*
+ * The size of the POSTFIELD data to prevent libcurl to do strlen() to
+ * figure it out. Enables binary posts.
+ */
+ bigsize = va_arg(param, curl_off_t);
+ if(bigsize < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ if(data->set.postfieldsize < bigsize &&
+ data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) {
+ /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */
+ (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
+ data->set.postfields = NULL;
+ }
+
+ data->set.postfieldsize = bigsize;
+ break;
+
+ case CURLOPT_HTTPPOST:
+ /*
+ * Set to make us do HTTP POST
+ */
+ data->set.httppost = va_arg(param, struct curl_httppost *);
+ data->set.httpreq = HTTPREQ_POST_FORM;
+ data->set.opt_no_body = FALSE; /* this is implied */
+ break;
+#endif /* CURL_DISABLE_HTTP */
+
+ case CURLOPT_MIMEPOST:
+ /*
+ * Set to make us do MIME/form POST
+ */
+ result = Curl_mime_set_subparts(&data->set.mimepost,
+ va_arg(param, curl_mime *), FALSE);
+ if(!result) {
+ data->set.httpreq = HTTPREQ_POST_MIME;
+ data->set.opt_no_body = FALSE; /* this is implied */
+ }
+ break;
+
+ case CURLOPT_REFERER:
+ /*
+ * String to set in the HTTP Referer: field.
+ */
+ if(data->change.referer_alloc) {
+ Curl_safefree(data->change.referer);
+ data->change.referer_alloc = FALSE;
+ }
+ result = Curl_setstropt(&data->set.str[STRING_SET_REFERER],
+ va_arg(param, char *));
+ data->change.referer = data->set.str[STRING_SET_REFERER];
+ break;
+
+ case CURLOPT_USERAGENT:
+ /*
+ * String to use in the HTTP User-Agent field
+ */
+ result = Curl_setstropt(&data->set.str[STRING_USERAGENT],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_HTTPHEADER:
+ /*
+ * Set a list with HTTP headers to use (or replace internals with)
+ */
+ data->set.headers = va_arg(param, struct curl_slist *);
+ break;
+
+#ifndef CURL_DISABLE_HTTP
+ case CURLOPT_PROXYHEADER:
+ /*
+ * Set a list with proxy headers to use (or replace internals with)
+ *
+ * Since CURLOPT_HTTPHEADER was the only way to set HTTP headers for a
+ * long time we remain doing it this way until CURLOPT_PROXYHEADER is
+ * used. As soon as this option has been used, if set to anything but
+ * NULL, custom headers for proxies are only picked from this list.
+ *
+ * Set this option to NULL to restore the previous behavior.
+ */
+ data->set.proxyheaders = va_arg(param, struct curl_slist *);
+ break;
+
+ case CURLOPT_HEADEROPT:
+ /*
+ * Set header option.
+ */
+ arg = va_arg(param, long);
+ data->set.sep_headers = (arg & CURLHEADER_SEPARATE)? TRUE: FALSE;
+ break;
+
+ case CURLOPT_HTTP200ALIASES:
+ /*
+ * Set a list of aliases for HTTP 200 in response header
+ */
+ data->set.http200aliases = va_arg(param, struct curl_slist *);
+ break;
+
+#if !defined(CURL_DISABLE_COOKIES)
+ case CURLOPT_COOKIE:
+ /*
+ * Cookie string to send to the remote server in the request.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_COOKIE],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_COOKIEFILE:
+ /*
+ * Set cookie file to read and parse. Can be used multiple times.
+ */
+ argptr = (char *)va_arg(param, void *);
+ if(argptr) {
+ struct curl_slist *cl;
+ /* append the cookie file name to the list of file names, and deal with
+ them later */
+ cl = curl_slist_append(data->change.cookielist, argptr);
+ if(!cl) {
+ curl_slist_free_all(data->change.cookielist);
+ data->change.cookielist = NULL;
+ return CURLE_OUT_OF_MEMORY;
+ }
+ data->change.cookielist = cl; /* store the list for later use */
+ }
+ break;
+
+ case CURLOPT_COOKIEJAR:
+ /*
+ * Set cookie file name to dump all cookies to when we're done.
+ */
+ {
+ struct CookieInfo *newcookies;
+ result = Curl_setstropt(&data->set.str[STRING_COOKIEJAR],
+ va_arg(param, char *));
+
+ /*
+ * Activate the cookie parser. This may or may not already
+ * have been made.
+ */
+ newcookies = Curl_cookie_init(data, NULL, data->cookies,
+ data->set.cookiesession);
+ if(!newcookies)
+ result = CURLE_OUT_OF_MEMORY;
+ data->cookies = newcookies;
+ }
+ break;
+
+ case CURLOPT_COOKIESESSION:
+ /*
+ * Set this option to TRUE to start a new "cookie session". It will
+ * prevent the forthcoming read-cookies-from-file actions to accept
+ * cookies that are marked as being session cookies, as they belong to a
+ * previous session.
+ *
+ * In the original Netscape cookie spec, "session cookies" are cookies
+ * with no expire date set. RFC2109 describes the same action if no
+ * 'Max-Age' is set and RFC2965 includes the RFC2109 description and adds
+ * a 'Discard' action that can enforce the discard even for cookies that
+ * have a Max-Age.
+ *
+ * We run mostly with the original cookie spec, as hardly anyone implements
+ * anything else.
+ */
+ data->set.cookiesession = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_COOKIELIST:
+ argptr = va_arg(param, char *);
+
+ if(argptr == NULL)
+ break;
+
+ if(strcasecompare(argptr, "ALL")) {
+ /* clear all cookies */
+ Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+ Curl_cookie_clearall(data->cookies);
+ Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+ }
+ else if(strcasecompare(argptr, "SESS")) {
+ /* clear session cookies */
+ Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+ Curl_cookie_clearsess(data->cookies);
+ Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+ }
+ else if(strcasecompare(argptr, "FLUSH")) {
+ /* flush cookies to file, takes care of the locking */
+ Curl_flush_cookies(data, 0);
+ }
+ else if(strcasecompare(argptr, "RELOAD")) {
+ /* reload cookies from file */
+ Curl_cookie_loadfiles(data);
+ break;
+ }
+ else {
+ if(!data->cookies)
+ /* if cookie engine was not running, activate it */
+ data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE);
+
+ argptr = strdup(argptr);
+ if(!argptr || !data->cookies) {
+ result = CURLE_OUT_OF_MEMORY;
+ free(argptr);
+ }
+ else {
+ Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+
+ if(checkprefix("Set-Cookie:", argptr))
+ /* HTTP Header format line */
+ Curl_cookie_add(data, data->cookies, TRUE, argptr + 11, NULL, NULL);
+
+ else
+ /* Netscape format line */
+ Curl_cookie_add(data, data->cookies, FALSE, argptr, NULL, NULL);
+
+ Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
+ free(argptr);
+ }
+ }
+
+ break;
+#endif /* !CURL_DISABLE_COOKIES */
+
+ case CURLOPT_HTTPGET:
+ /*
+ * Set to force us do HTTP GET
+ */
+ if(va_arg(param, long)) {
+ data->set.httpreq = HTTPREQ_GET;
+ data->set.upload = FALSE; /* switch off upload */
+ data->set.opt_no_body = FALSE; /* this is implied */
+ }
+ break;
+
+ case CURLOPT_HTTP_VERSION:
+ /*
+ * This sets a requested HTTP version to be used. The value is one of
+ * the listed enums in curl/curl.h.
+ */
+ arg = va_arg(param, long);
+ if(arg < CURL_HTTP_VERSION_NONE)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+#ifndef USE_NGHTTP2
+ if(arg >= CURL_HTTP_VERSION_2)
+ return CURLE_UNSUPPORTED_PROTOCOL;
+#else
+ if(arg > CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE)
+ return CURLE_UNSUPPORTED_PROTOCOL;
+#endif
+ data->set.httpversion = arg;
+ break;
+
+ case CURLOPT_EXPECT_100_TIMEOUT_MS:
+ /*
+ * Time to wait for a response to a HTTP request containing an
+ * Expect: 100-continue header before sending the data anyway.
+ */
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.expect_100_timeout = arg;
+ break;
+
+#endif /* CURL_DISABLE_HTTP */
+
+ case CURLOPT_HTTPAUTH:
+ /*
+ * Set HTTP Authentication type BITMASK.
+ */
+ {
+ int bitcheck;
+ bool authbits;
+ unsigned long auth = va_arg(param, unsigned long);
+
+ if(auth == CURLAUTH_NONE) {
+ data->set.httpauth = auth;
+ break;
+ }
+
+ /* the DIGEST_IE bit is only used to set a special marker, for all the
+ rest we need to handle it as normal DIGEST */
+ data->state.authhost.iestyle = (auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE;
+
+ if(auth & CURLAUTH_DIGEST_IE) {
+ auth |= CURLAUTH_DIGEST; /* set standard digest bit */
+ auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
+ }
+
+ /* switch off bits we can't support */
+#ifndef USE_NTLM
+ auth &= ~CURLAUTH_NTLM; /* no NTLM support */
+ auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#elif !defined(NTLM_WB_ENABLED)
+ auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#endif
+#ifndef USE_SPNEGO
+ auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+ GSS-API or SSPI */
+#endif
+
+ /* check if any auth bit lower than CURLAUTH_ONLY is still set */
+ bitcheck = 0;
+ authbits = FALSE;
+ while(bitcheck < 31) {
+ if(auth & (1UL << bitcheck++)) {
+ authbits = TRUE;
+ break;
+ }
+ }
+ if(!authbits)
+ return CURLE_NOT_BUILT_IN; /* no supported types left! */
+
+ data->set.httpauth = auth;
+ }
+ break;
+
+ case CURLOPT_CUSTOMREQUEST:
+ /*
+ * Set a custom string to use as request
+ */
+ result = Curl_setstropt(&data->set.str[STRING_CUSTOMREQUEST],
+ va_arg(param, char *));
+
+ /* we don't set
+ data->set.httpreq = HTTPREQ_CUSTOM;
+ here, we continue as if we were using the already set type
+ and this just changes the actual request keyword */
+ break;
+
+#ifndef CURL_DISABLE_PROXY
+ case CURLOPT_HTTPPROXYTUNNEL:
+ /*
+ * Tunnel operations through the proxy instead of normal proxy use
+ */
+ data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long)) ?
+ TRUE : FALSE;
+ break;
+
+ case CURLOPT_PROXYPORT:
+ /*
+ * Explicitly set HTTP proxy port number.
+ */
+ arg = va_arg(param, long);
+ if((arg < 0) || (arg > 65535))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.proxyport = arg;
+ break;
+
+ case CURLOPT_PROXYAUTH:
+ /*
+ * Set HTTP Authentication type BITMASK.
+ */
+ {
+ int bitcheck;
+ bool authbits;
+ unsigned long auth = va_arg(param, unsigned long);
+
+ if(auth == CURLAUTH_NONE) {
+ data->set.proxyauth = auth;
+ break;
+ }
+
+ /* the DIGEST_IE bit is only used to set a special marker, for all the
+ rest we need to handle it as normal DIGEST */
+ data->state.authproxy.iestyle = (auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE;
+
+ if(auth & CURLAUTH_DIGEST_IE) {
+ auth |= CURLAUTH_DIGEST; /* set standard digest bit */
+ auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
+ }
+ /* switch off bits we can't support */
+#ifndef USE_NTLM
+ auth &= ~CURLAUTH_NTLM; /* no NTLM support */
+ auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#elif !defined(NTLM_WB_ENABLED)
+ auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
+#endif
+#ifndef USE_SPNEGO
+ auth &= ~CURLAUTH_NEGOTIATE; /* no Negotiate (SPNEGO) auth without
+ GSS-API or SSPI */
+#endif
+
+ /* check if any auth bit lower than CURLAUTH_ONLY is still set */
+ bitcheck = 0;
+ authbits = FALSE;
+ while(bitcheck < 31) {
+ if(auth & (1UL << bitcheck++)) {
+ authbits = TRUE;
+ break;
+ }
+ }
+ if(!authbits)
+ return CURLE_NOT_BUILT_IN; /* no supported types left! */
+
+ data->set.proxyauth = auth;
+ }
+ break;
+
+ case CURLOPT_PROXY:
+ /*
+ * Set proxy server:port to use as proxy.
+ *
+ * If the proxy is set to "" (and CURLOPT_SOCKS_PROXY is set to "" or NULL)
+ * we explicitly say that we don't want to use a proxy
+ * (even though there might be environment variables saying so).
+ *
+ * Setting it to NULL, means no proxy but allows the environment variables
+ * to decide for us (if CURLOPT_SOCKS_PROXY setting it to NULL).
+ */
+ result = Curl_setstropt(&data->set.str[STRING_PROXY],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_PRE_PROXY:
+ /*
+ * Set proxy server:port to use as SOCKS proxy.
+ *
+ * If the proxy is set to "" or NULL we explicitly say that we don't want
+ * to use the socks proxy.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_PRE_PROXY],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_PROXYTYPE:
+ /*
+ * Set proxy type. HTTP/HTTP_1_0/SOCKS4/SOCKS4a/SOCKS5/SOCKS5_HOSTNAME
+ */
+ arg = va_arg(param, long);
+ if((arg < CURLPROXY_HTTP) || (arg > CURLPROXY_SOCKS5_HOSTNAME))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.proxytype = (curl_proxytype)arg;
+ break;
+
+ case CURLOPT_PROXY_TRANSFER_MODE:
+ /*
+ * set transfer mode (;type=<a|i>) when doing FTP via an HTTP proxy
+ */
+ switch(va_arg(param, long)) {
+ case 0:
+ data->set.proxy_transfer_mode = FALSE;
+ break;
+ case 1:
+ data->set.proxy_transfer_mode = TRUE;
+ break;
+ default:
+ /* reserve other values for future use */
+ result = CURLE_UNKNOWN_OPTION;
+ break;
+ }
+ break;
+#endif /* CURL_DISABLE_PROXY */
+
+ case CURLOPT_SOCKS5_AUTH:
+ data->set.socks5auth = va_arg(param, unsigned long);
+ if(data->set.socks5auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
+ result = CURLE_NOT_BUILT_IN;
+ break;
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+ case CURLOPT_SOCKS5_GSSAPI_NEC:
+ /*
+ * Set flag for NEC SOCK5 support
+ */
+ data->set.socks5_gssapi_nec = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_SOCKS5_GSSAPI_SERVICE:
+ case CURLOPT_PROXY_SERVICE_NAME:
+ /*
+ * Set proxy authentication service name for Kerberos 5 and SPNEGO
+ */
+ result = Curl_setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME],
+ va_arg(param, char *));
+ break;
+#endif
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
+ defined(USE_SPNEGO)
+ case CURLOPT_SERVICE_NAME:
+ /*
+ * Set authentication service name for DIGEST-MD5, Kerberos 5 and SPNEGO
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SERVICE_NAME],
+ va_arg(param, char *));
+ break;
+
+#endif
+
+ case CURLOPT_HEADERDATA:
+ /*
+ * Custom pointer to pass the header write callback function
+ */
+ data->set.writeheader = (void *)va_arg(param, void *);
+ break;
+ case CURLOPT_ERRORBUFFER:
+ /*
+ * Error buffer provided by the caller to get the human readable
+ * error string in.
+ */
+ data->set.errorbuffer = va_arg(param, char *);
+ break;
+ case CURLOPT_WRITEDATA:
+ /*
+ * FILE pointer to write to. Or possibly
+ * used as argument to the write callback.
+ */
+ data->set.out = va_arg(param, void *);
+ break;
+ case CURLOPT_FTPPORT:
+ /*
+ * Use FTP PORT, this also specifies which IP address to use
+ */
+ result = Curl_setstropt(&data->set.str[STRING_FTPPORT],
+ va_arg(param, char *));
+ data->set.ftp_use_port = (data->set.str[STRING_FTPPORT]) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_FTP_USE_EPRT:
+ data->set.ftp_use_eprt = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_FTP_USE_EPSV:
+ data->set.ftp_use_epsv = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_FTP_USE_PRET:
+ data->set.ftp_use_pret = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_FTP_SSL_CCC:
+ arg = va_arg(param, long);
+ if((arg < CURLFTPSSL_CCC_NONE) || (arg > CURLFTPSSL_CCC_ACTIVE))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.ftp_ccc = (curl_ftpccc)arg;
+ break;
+
+ case CURLOPT_FTP_SKIP_PASV_IP:
+ /*
+ * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the
+ * bypass of the IP address in PASV responses.
+ */
+ data->set.ftp_skip_ip = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_READDATA:
+ /*
+ * FILE pointer to read the file to be uploaded from. Or possibly
+ * used as argument to the read callback.
+ */
+ data->set.in_set = va_arg(param, void *);
+ break;
+ case CURLOPT_INFILESIZE:
+ /*
+ * If known, this should inform curl about the file size of the
+ * to-be-uploaded file.
+ */
+ arg = va_arg(param, long);
+ if(arg < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.filesize = arg;
+ break;
+ case CURLOPT_INFILESIZE_LARGE:
+ /*
+ * If known, this should inform curl about the file size of the
+ * to-be-uploaded file.
+ */
+ bigsize = va_arg(param, curl_off_t);
+ if(bigsize < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.filesize = bigsize;
+ break;
+ case CURLOPT_LOW_SPEED_LIMIT:
+ /*
+ * The low speed limit that if transfers are below this for
+ * CURLOPT_LOW_SPEED_TIME, the transfer is aborted.
+ */
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.low_speed_limit = arg;
+ break;
+ case CURLOPT_MAX_SEND_SPEED_LARGE:
+ /*
+ * When transfer uploads are faster then CURLOPT_MAX_SEND_SPEED_LARGE
+ * bytes per second the transfer is throttled..
+ */
+ bigsize = va_arg(param, curl_off_t);
+ if(bigsize < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.max_send_speed = bigsize;
+ break;
+ case CURLOPT_MAX_RECV_SPEED_LARGE:
+ /*
+ * When receiving data faster than CURLOPT_MAX_RECV_SPEED_LARGE bytes per
+ * second the transfer is throttled..
+ */
+ bigsize = va_arg(param, curl_off_t);
+ if(bigsize < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.max_recv_speed = bigsize;
+ break;
+ case CURLOPT_LOW_SPEED_TIME:
+ /*
+ * The low speed time that if transfers are below the set
+ * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted.
+ */
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.low_speed_time = arg;
+ break;
+ case CURLOPT_URL:
+ /*
+ * The URL to fetch.
+ */
+ if(data->change.url_alloc) {
+ /* the already set URL is allocated, free it first! */
+ Curl_safefree(data->change.url);
+ data->change.url_alloc = FALSE;
+ }
+ result = Curl_setstropt(&data->set.str[STRING_SET_URL],
+ va_arg(param, char *));
+ data->change.url = data->set.str[STRING_SET_URL];
+ break;
+ case CURLOPT_PORT:
+ /*
+ * The port number to use when getting the URL
+ */
+ arg = va_arg(param, long);
+ if((arg < 0) || (arg > 65535))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.use_port = arg;
+ break;
+ case CURLOPT_TIMEOUT:
+ /*
+ * The maximum time you allow curl to use for a single transfer
+ * operation.
+ */
+ arg = va_arg(param, long);
+ if((arg >= 0) && (arg < (INT_MAX/1000)))
+ data->set.timeout = arg * 1000;
+ else
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ break;
+
+ case CURLOPT_TIMEOUT_MS:
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.timeout = arg;
+ break;
+
+ case CURLOPT_CONNECTTIMEOUT:
+ /*
+ * The maximum time you allow curl to use to connect.
+ */
+ arg = va_arg(param, long);
+ if((arg >= 0) && (arg < (INT_MAX/1000)))
+ data->set.connecttimeout = arg * 1000;
+ else
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ break;
+
+ case CURLOPT_CONNECTTIMEOUT_MS:
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.connecttimeout = arg;
+ break;
+
+ case CURLOPT_ACCEPTTIMEOUT_MS:
+ /*
+ * The maximum time you allow curl to wait for server connect
+ */
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.accepttimeout = arg;
+ break;
+
+ case CURLOPT_USERPWD:
+ /*
+ * user:password to use in the operation
+ */
+ result = setstropt_userpwd(va_arg(param, char *),
+ &data->set.str[STRING_USERNAME],
+ &data->set.str[STRING_PASSWORD]);
+ break;
+
+ case CURLOPT_USERNAME:
+ /*
+ * authentication user name to use in the operation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_USERNAME],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_PASSWORD:
+ /*
+ * authentication password to use in the operation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_PASSWORD],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_LOGIN_OPTIONS:
+ /*
+ * authentication options to use in the operation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_OPTIONS],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_XOAUTH2_BEARER:
+ /*
+ * OAuth 2.0 bearer token to use in the operation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_BEARER],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_POSTQUOTE:
+ /*
+ * List of RAW FTP commands to use after a transfer
+ */
+ data->set.postquote = va_arg(param, struct curl_slist *);
+ break;
+ case CURLOPT_PREQUOTE:
+ /*
+ * List of RAW FTP commands to use prior to RETR (Wesley Laxton)
+ */
+ data->set.prequote = va_arg(param, struct curl_slist *);
+ break;
+ case CURLOPT_QUOTE:
+ /*
+ * List of RAW FTP commands to use before a transfer
+ */
+ data->set.quote = va_arg(param, struct curl_slist *);
+ break;
+ case CURLOPT_RESOLVE:
+ /*
+ * List of NAME:[address] names to populate the DNS cache with
+ * Prefix the NAME with dash (-) to _remove_ the name from the cache.
+ *
+ * Names added with this API will remain in the cache until explicitly
+ * removed or the handle is cleaned up.
+ *
+ * This API can remove any name from the DNS cache, but only entries
+ * that aren't actually in use right now will be pruned immediately.
+ */
+ data->set.resolve = va_arg(param, struct curl_slist *);
+ data->change.resolve = data->set.resolve;
+ break;
+ case CURLOPT_PROGRESSFUNCTION:
+ /*
+ * Progress callback function
+ */
+ data->set.fprogress = va_arg(param, curl_progress_callback);
+ if(data->set.fprogress)
+ data->progress.callback = TRUE; /* no longer internal */
+ else
+ data->progress.callback = FALSE; /* NULL enforces internal */
+ break;
+
+ case CURLOPT_XFERINFOFUNCTION:
+ /*
+ * Transfer info callback function
+ */
+ data->set.fxferinfo = va_arg(param, curl_xferinfo_callback);
+ if(data->set.fxferinfo)
+ data->progress.callback = TRUE; /* no longer internal */
+ else
+ data->progress.callback = FALSE; /* NULL enforces internal */
+
+ break;
+
+ case CURLOPT_PROGRESSDATA:
+ /*
+ * Custom client data to pass to the progress callback
+ */
+ data->set.progress_client = va_arg(param, void *);
+ break;
+
+#ifndef CURL_DISABLE_PROXY
+ case CURLOPT_PROXYUSERPWD:
+ /*
+ * user:password needed to use the proxy
+ */
+ result = setstropt_userpwd(va_arg(param, char *),
+ &data->set.str[STRING_PROXYUSERNAME],
+ &data->set.str[STRING_PROXYPASSWORD]);
+ break;
+ case CURLOPT_PROXYUSERNAME:
+ /*
+ * authentication user name to use in the operation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_PROXYUSERNAME],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXYPASSWORD:
+ /*
+ * authentication password to use in the operation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_PROXYPASSWORD],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_NOPROXY:
+ /*
+ * proxy exception list
+ */
+ result = Curl_setstropt(&data->set.str[STRING_NOPROXY],
+ va_arg(param, char *));
+ break;
+#endif
+
+ case CURLOPT_RANGE:
+ /*
+ * What range of the file you want to transfer
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SET_RANGE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_RESUME_FROM:
+ /*
+ * Resume transfer at the given file position
+ */
+ arg = va_arg(param, long);
+ if(arg < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.set_resume_from = arg;
+ break;
+ case CURLOPT_RESUME_FROM_LARGE:
+ /*
+ * Resume transfer at the given file position
+ */
+ bigsize = va_arg(param, curl_off_t);
+ if(bigsize < -1)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.set_resume_from = bigsize;
+ break;
+ case CURLOPT_DEBUGFUNCTION:
+ /*
+ * stderr write callback.
+ */
+ data->set.fdebug = va_arg(param, curl_debug_callback);
+ /*
+ * if the callback provided is NULL, it'll use the default callback
+ */
+ break;
+ case CURLOPT_DEBUGDATA:
+ /*
+ * Set to a void * that should receive all error writes. This
+ * defaults to CURLOPT_STDERR for normal operations.
+ */
+ data->set.debugdata = va_arg(param, void *);
+ break;
+ case CURLOPT_STDERR:
+ /*
+ * Set to a FILE * that should receive all error writes. This
+ * defaults to stderr for normal operations.
+ */
+ data->set.err = va_arg(param, FILE *);
+ if(!data->set.err)
+ data->set.err = stderr;
+ break;
+ case CURLOPT_HEADERFUNCTION:
+ /*
+ * Set header write callback
+ */
+ data->set.fwrite_header = va_arg(param, curl_write_callback);
+ break;
+ case CURLOPT_WRITEFUNCTION:
+ /*
+ * Set data write callback
+ */
+ data->set.fwrite_func = va_arg(param, curl_write_callback);
+ if(!data->set.fwrite_func) {
+ data->set.is_fwrite_set = 0;
+ /* When set to NULL, reset to our internal default function */
+ data->set.fwrite_func = (curl_write_callback)fwrite;
+ }
+ else
+ data->set.is_fwrite_set = 1;
+ break;
+ case CURLOPT_READFUNCTION:
+ /*
+ * Read data callback
+ */
+ data->set.fread_func_set = va_arg(param, curl_read_callback);
+ if(!data->set.fread_func_set) {
+ data->set.is_fread_set = 0;
+ /* When set to NULL, reset to our internal default function */
+ data->set.fread_func_set = (curl_read_callback)fread;
+ }
+ else
+ data->set.is_fread_set = 1;
+ break;
+ case CURLOPT_SEEKFUNCTION:
+ /*
+ * Seek callback. Might be NULL.
+ */
+ data->set.seek_func = va_arg(param, curl_seek_callback);
+ break;
+ case CURLOPT_SEEKDATA:
+ /*
+ * Seek control callback. Might be NULL.
+ */
+ data->set.seek_client = va_arg(param, void *);
+ break;
+ case CURLOPT_CONV_FROM_NETWORK_FUNCTION:
+ /*
+ * "Convert from network encoding" callback
+ */
+ data->set.convfromnetwork = va_arg(param, curl_conv_callback);
+ break;
+ case CURLOPT_CONV_TO_NETWORK_FUNCTION:
+ /*
+ * "Convert to network encoding" callback
+ */
+ data->set.convtonetwork = va_arg(param, curl_conv_callback);
+ break;
+ case CURLOPT_CONV_FROM_UTF8_FUNCTION:
+ /*
+ * "Convert from UTF-8 encoding" callback
+ */
+ data->set.convfromutf8 = va_arg(param, curl_conv_callback);
+ break;
+ case CURLOPT_IOCTLFUNCTION:
+ /*
+ * I/O control callback. Might be NULL.
+ */
+ data->set.ioctl_func = va_arg(param, curl_ioctl_callback);
+ break;
+ case CURLOPT_IOCTLDATA:
+ /*
+ * I/O control data pointer. Might be NULL.
+ */
+ data->set.ioctl_client = va_arg(param, void *);
+ break;
+ case CURLOPT_SSLCERT:
+ /*
+ * String that holds file name of the SSL certificate to use
+ */
+ result = Curl_setstropt(&data->set.str[STRING_CERT_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLCERT:
+ /*
+ * String that holds file name of the SSL certificate to use for proxy
+ */
+ result = Curl_setstropt(&data->set.str[STRING_CERT_PROXY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_SSLCERTTYPE:
+ /*
+ * String that holds file type of the SSL certificate to use
+ */
+ result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLCERTTYPE:
+ /*
+ * String that holds file type of the SSL certificate to use for proxy
+ */
+ result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_PROXY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_SSLKEY:
+ /*
+ * String that holds file name of the SSL key to use
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KEY_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLKEY:
+ /*
+ * String that holds file name of the SSL key to use for proxy
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KEY_PROXY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_SSLKEYTYPE:
+ /*
+ * String that holds file type of the SSL key to use
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_SSLKEYTYPE:
+ /*
+ * String that holds file type of the SSL key to use for proxy
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_PROXY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_KEYPASSWD:
+ /*
+ * String that holds the SSL or SSH private key password.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_KEYPASSWD:
+ /*
+ * String that holds the SSL private key password for proxy.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_PROXY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_SSLENGINE:
+ /*
+ * String that holds the SSL crypto engine.
+ */
+ argptr = va_arg(param, char *);
+ if(argptr && argptr[0])
+ result = Curl_ssl_set_engine(data, argptr);
+ break;
+
+ case CURLOPT_SSLENGINE_DEFAULT:
+ /*
+ * flag to set engine as default.
+ */
+ result = Curl_ssl_set_engine_default(data);
+ break;
+ case CURLOPT_CRLF:
+ /*
+ * Kludgy option to enable CRLF conversions. Subject for removal.
+ */
+ data->set.crlf = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_INTERFACE:
+ /*
+ * Set what interface or address/hostname to bind the socket to when
+ * performing an operation and thus what from-IP your connection will use.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_DEVICE],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_LOCALPORT:
+ /*
+ * Set what local port to bind the socket to when performing an operation.
+ */
+ arg = va_arg(param, long);
+ if((arg < 0) || (arg > 65535))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.localport = curlx_sltous(arg);
+ break;
+ case CURLOPT_LOCALPORTRANGE:
+ /*
+ * Set number of local ports to try, starting with CURLOPT_LOCALPORT.
+ */
+ arg = va_arg(param, long);
+ if((arg < 0) || (arg > 65535))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.localportrange = curlx_sltosi(arg);
+ break;
+ case CURLOPT_KRBLEVEL:
+ /*
+ * A string that defines the kerberos security level.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KRB_LEVEL],
+ va_arg(param, char *));
+ data->set.krb = (data->set.str[STRING_KRB_LEVEL]) ? TRUE : FALSE;
+ break;
+ case CURLOPT_GSSAPI_DELEGATION:
+ /*
+ * GSS-API credential delegation bitmask
+ */
+ arg = va_arg(param, long);
+ if(arg < CURLGSSAPI_DELEGATION_NONE)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.gssapi_delegation = arg;
+ break;
+ case CURLOPT_SSL_VERIFYPEER:
+ /*
+ * Enable peer SSL verifying.
+ */
+ data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)) ?
+ TRUE : FALSE;
+
+ /* Update the current connection ssl_config. */
+ if(data->easy_conn) {
+ data->easy_conn->ssl_config.verifypeer =
+ data->set.ssl.primary.verifypeer;
+ }
+ break;
+ case CURLOPT_PROXY_SSL_VERIFYPEER:
+ /*
+ * Enable peer SSL verifying for proxy.
+ */
+ data->set.proxy_ssl.primary.verifypeer =
+ (0 != va_arg(param, long))?TRUE:FALSE;
+
+ /* Update the current connection proxy_ssl_config. */
+ if(data->easy_conn) {
+ data->easy_conn->proxy_ssl_config.verifypeer =
+ data->set.proxy_ssl.primary.verifypeer;
+ }
+ break;
+ case CURLOPT_SSL_VERIFYHOST:
+ /*
+ * Enable verification of the host name in the peer certificate
+ */
+ arg = va_arg(param, long);
+
+ /* Obviously people are not reading documentation and too many thought
+ this argument took a boolean when it wasn't and misused it. We thus ban
+ 1 as a sensible input and we warn about its use. Then we only have the
+ 2 action internally stored as TRUE. */
+
+ if(1 == arg) {
+ failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+
+ data->set.ssl.primary.verifyhost = (0 != arg) ? TRUE : FALSE;
+
+ /* Update the current connection ssl_config. */
+ if(data->easy_conn) {
+ data->easy_conn->ssl_config.verifyhost =
+ data->set.ssl.primary.verifyhost;
+ }
+ break;
+ case CURLOPT_PROXY_SSL_VERIFYHOST:
+ /*
+ * Enable verification of the host name in the peer certificate for proxy
+ */
+ arg = va_arg(param, long);
+
+ /* Obviously people are not reading documentation and too many thought
+ this argument took a boolean when it wasn't and misused it. We thus ban
+ 1 as a sensible input and we warn about its use. Then we only have the
+ 2 action internally stored as TRUE. */
+
+ if(1 == arg) {
+ failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+
+ data->set.proxy_ssl.primary.verifyhost = (0 != arg)?TRUE:FALSE;
+
+ /* Update the current connection proxy_ssl_config. */
+ if(data->easy_conn) {
+ data->easy_conn->proxy_ssl_config.verifyhost =
+ data->set.proxy_ssl.primary.verifyhost;
+ }
+ break;
+ case CURLOPT_SSL_VERIFYSTATUS:
+ /*
+ * Enable certificate status verifying.
+ */
+ if(!Curl_ssl_cert_status_request()) {
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ }
+
+ data->set.ssl.primary.verifystatus = (0 != va_arg(param, long)) ?
+ TRUE : FALSE;
+
+ /* Update the current connection ssl_config. */
+ if(data->easy_conn) {
+ data->easy_conn->ssl_config.verifystatus =
+ data->set.ssl.primary.verifystatus;
+ }
+ break;
+ case CURLOPT_SSL_CTX_FUNCTION:
+ /*
+ * Set a SSL_CTX callback
+ */
+#ifdef USE_SSL
+ if(Curl_ssl->have_ssl_ctx)
+ data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
+ else
+#endif
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ case CURLOPT_SSL_CTX_DATA:
+ /*
+ * Set a SSL_CTX callback parameter pointer
+ */
+#ifdef USE_SSL
+ if(Curl_ssl->have_ssl_ctx)
+ data->set.ssl.fsslctxp = va_arg(param, void *);
+ else
+#endif
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ case CURLOPT_SSL_FALSESTART:
+ /*
+ * Enable TLS false start.
+ */
+ if(!Curl_ssl_false_start()) {
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ }
+
+ data->set.ssl.falsestart = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_CERTINFO:
+#ifdef USE_SSL
+ if(Curl_ssl->have_certinfo)
+ data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ else
+#endif
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ case CURLOPT_PINNEDPUBLICKEY:
+ /*
+ * Set pinned public key for SSL connection.
+ * Specify file name of the public key in DER format.
+ */
+#ifdef USE_SSL
+ if(Curl_ssl->have_pinnedpubkey)
+ result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG],
+ va_arg(param, char *));
+ else
+#endif
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ case CURLOPT_PROXY_PINNEDPUBLICKEY:
+ /*
+ * Set pinned public key for SSL connection.
+ * Specify file name of the public key in DER format.
+ */
+#ifdef USE_SSL
+ if(Curl_ssl->have_pinnedpubkey)
+ result = Curl_setstropt(&data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY],
+ va_arg(param, char *));
+ else
+#endif
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ case CURLOPT_CAINFO:
+ /*
+ * Set CA info for SSL connection. Specify file name of the CA certificate
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_CAINFO:
+ /*
+ * Set CA info SSL connection for proxy. Specify file name of the
+ * CA certificate
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_CAPATH:
+ /*
+ * Set CA path info for SSL connection. Specify directory name of the CA
+ * certificates which have been prepared using openssl c_rehash utility.
+ */
+#ifdef USE_SSL
+ if(Curl_ssl->have_ca_path)
+ /* This does not work on windows. */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_ORIG],
+ va_arg(param, char *));
+ else
+#endif
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ case CURLOPT_PROXY_CAPATH:
+ /*
+ * Set CA path info for SSL connection proxy. Specify directory name of the
+ * CA certificates which have been prepared using openssl c_rehash utility.
+ */
+#ifdef USE_SSL
+ if(Curl_ssl->have_ca_path)
+ /* This does not work on windows. */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CAPATH_PROXY],
+ va_arg(param, char *));
+ else
+#endif
+ result = CURLE_NOT_BUILT_IN;
+ break;
+ case CURLOPT_CRLFILE:
+ /*
+ * Set CRL file info for SSL connection. Specify file name of the CRL
+ * to check certificates revocation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_PROXY_CRLFILE:
+ /*
+ * Set CRL file info for SSL connection for proxy. Specify file name of the
+ * CRL to check certificates revocation
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_PROXY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_ISSUERCERT:
+ /*
+ * Set Issuer certificate file
+ * to check certificates issuer
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT_ORIG],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_TELNETOPTIONS:
+ /*
+ * Set a linked list of telnet options
+ */
+ data->set.telnet_options = va_arg(param, struct curl_slist *);
+ break;
+
+ case CURLOPT_BUFFERSIZE:
+ /*
+ * The application kindly asks for a differently sized receive buffer.
+ * If it seems reasonable, we'll use it.
+ */
+ arg = va_arg(param, long);
+
+ if(arg > READBUFFER_MAX)
+ arg = READBUFFER_MAX;
+ else if(arg < 1)
+ arg = READBUFFER_SIZE;
+ else if(arg < READBUFFER_MIN)
+ arg = READBUFFER_MIN;
+
+ /* Resize if new size */
+ if(arg != data->set.buffer_size) {
+ char *newbuff = realloc(data->state.buffer, arg + 1);
+ if(!newbuff) {
+ DEBUGF(fprintf(stderr, "Error: realloc of buffer failed\n"));
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ else
+ data->state.buffer = newbuff;
+ }
+ data->set.buffer_size = arg;
+
+ break;
+
+ case CURLOPT_NOSIGNAL:
+ /*
+ * The application asks not to set any signal() or alarm() handlers,
+ * even when using a timeout.
+ */
+ data->set.no_signal = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_SHARE:
+ {
+ struct Curl_share *set;
+ set = va_arg(param, struct Curl_share *);
+
+ /* disconnect from old share, if any */
+ if(data->share) {
+ Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
+
+ if(data->dns.hostcachetype == HCACHE_SHARED) {
+ data->dns.hostcache = NULL;
+ data->dns.hostcachetype = HCACHE_NONE;
+ }
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
+ if(data->share->cookies == data->cookies)
+ data->cookies = NULL;
+#endif
+
+ if(data->share->sslsession == data->state.session)
+ data->state.session = NULL;
+
+ data->share->dirty--;
+
+ Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
+ data->share = NULL;
+ }
+
+ /* use new share if it set */
+ data->share = set;
+ if(data->share) {
+
+ Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
+
+ data->share->dirty++;
+
+ if(data->share->specifier & (1<< CURL_LOCK_DATA_DNS)) {
+ /* use shared host cache */
+ data->dns.hostcache = &data->share->hostcache;
+ data->dns.hostcachetype = HCACHE_SHARED;
+ }
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
+ if(data->share->cookies) {
+ /* use shared cookie list, first free own one if any */
+ Curl_cookie_cleanup(data->cookies);
+ /* enable cookies since we now use a share that uses cookies! */
+ data->cookies = data->share->cookies;
+ }
+#endif /* CURL_DISABLE_HTTP */
+ if(data->share->sslsession) {
+ data->set.general_ssl.max_ssl_sessions = data->share->max_ssl_sessions;
+ data->state.session = data->share->sslsession;
+ }
+ Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
+
+ }
+ /* check for host cache not needed,
+ * it will be done by curl_easy_perform */
+ }
+ break;
+
+ case CURLOPT_PRIVATE:
+ /*
+ * Set private data pointer.
+ */
+ data->set.private_data = va_arg(param, void *);
+ break;
+
+ case CURLOPT_MAXFILESIZE:
+ /*
+ * Set the maximum size of a file to download.
+ */
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.max_filesize = arg;
+ break;
+
+#ifdef USE_SSL
+ case CURLOPT_USE_SSL:
+ /*
+ * Make transfers attempt to use SSL/TLS.
+ */
+ arg = va_arg(param, long);
+ if((arg < CURLUSESSL_NONE) || (arg > CURLUSESSL_ALL))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.use_ssl = (curl_usessl)arg;
+ break;
+
+ case CURLOPT_SSL_OPTIONS:
+ arg = va_arg(param, long);
+ data->set.ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
+ data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
+ break;
+
+ case CURLOPT_PROXY_SSL_OPTIONS:
+ arg = va_arg(param, long);
+ data->set.proxy_ssl.enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
+ data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
+ break;
+
+#endif
+ case CURLOPT_FTPSSLAUTH:
+ /*
+ * Set a specific auth for FTP-SSL transfers.
+ */
+ arg = va_arg(param, long);
+ if((arg < CURLFTPAUTH_DEFAULT) || (arg > CURLFTPAUTH_TLS))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.ftpsslauth = (curl_ftpauth)arg;
+ break;
+
+ case CURLOPT_IPRESOLVE:
+ arg = va_arg(param, long);
+ if((arg < CURL_IPRESOLVE_WHATEVER) || (arg > CURL_IPRESOLVE_V6))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.ipver = arg;
+ break;
+
+ case CURLOPT_MAXFILESIZE_LARGE:
+ /*
+ * Set the maximum size of a file to download.
+ */
+ bigsize = va_arg(param, curl_off_t);
+ if(bigsize < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.max_filesize = bigsize;
+ break;
+
+ case CURLOPT_TCP_NODELAY:
+ /*
+ * Enable or disable TCP_NODELAY, which will disable/enable the Nagle
+ * algorithm
+ */
+ data->set.tcp_nodelay = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_FTP_ACCOUNT:
+ result = Curl_setstropt(&data->set.str[STRING_FTP_ACCOUNT],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_IGNORE_CONTENT_LENGTH:
+ data->set.ignorecl = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_CONNECT_ONLY:
+ /*
+ * No data transfer, set up connection and let application use the socket
+ */
+ data->set.connect_only = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_FTP_ALTERNATIVE_TO_USER:
+ result = Curl_setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_SOCKOPTFUNCTION:
+ /*
+ * socket callback function: called after socket() but before connect()
+ */
+ data->set.fsockopt = va_arg(param, curl_sockopt_callback);
+ break;
+
+ case CURLOPT_SOCKOPTDATA:
+ /*
+ * socket callback data pointer. Might be NULL.
+ */
+ data->set.sockopt_client = va_arg(param, void *);
+ break;
+
+ case CURLOPT_OPENSOCKETFUNCTION:
+ /*
+ * open/create socket callback function: called instead of socket(),
+ * before connect()
+ */
+ data->set.fopensocket = va_arg(param, curl_opensocket_callback);
+ break;
+
+ case CURLOPT_OPENSOCKETDATA:
+ /*
+ * socket callback data pointer. Might be NULL.
+ */
+ data->set.opensocket_client = va_arg(param, void *);
+ break;
+
+ case CURLOPT_CLOSESOCKETFUNCTION:
+ /*
+ * close socket callback function: called instead of close()
+ * when shutting down a connection
+ */
+ data->set.fclosesocket = va_arg(param, curl_closesocket_callback);
+ break;
+
+ case CURLOPT_CLOSESOCKETDATA:
+ /*
+ * socket callback data pointer. Might be NULL.
+ */
+ data->set.closesocket_client = va_arg(param, void *);
+ break;
+
+ case CURLOPT_SSL_SESSIONID_CACHE:
+ data->set.ssl.primary.sessionid = (0 != va_arg(param, long)) ?
+ TRUE : FALSE;
+ data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid;
+ break;
+
+#ifdef USE_LIBSSH2
+ /* we only include SSH options if explicitly built to support SSH */
+ case CURLOPT_SSH_AUTH_TYPES:
+ data->set.ssh_auth_types = va_arg(param, long);
+ break;
+
+ case CURLOPT_SSH_PUBLIC_KEYFILE:
+ /*
+ * Use this file instead of the $HOME/.ssh/id_dsa.pub file
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSH_PUBLIC_KEY],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_SSH_PRIVATE_KEYFILE:
+ /*
+ * Use this file instead of the $HOME/.ssh/id_dsa file
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSH_PRIVATE_KEY],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5:
+ /*
+ * Option to allow for the MD5 of the host public key to be checked
+ * for validation purposes.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5],
+ va_arg(param, char *));
+ break;
+#ifdef HAVE_LIBSSH2_KNOWNHOST_API
+ case CURLOPT_SSH_KNOWNHOSTS:
+ /*
+ * Store the file name to read known hosts from.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_SSH_KEYFUNCTION:
+ /* setting to NULL is fine since the ssh.c functions themselves will
+ then rever to use the internal default */
+ data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback);
+ break;
+
+ case CURLOPT_SSH_KEYDATA:
+ /*
+ * Custom client data to pass to the SSH keyfunc callback
+ */
+ data->set.ssh_keyfunc_userp = va_arg(param, void *);
+ break;
+#endif /* HAVE_LIBSSH2_KNOWNHOST_API */
+
+#endif /* USE_LIBSSH2 */
+
+ case CURLOPT_HTTP_TRANSFER_DECODING:
+ /*
+ * disable libcurl transfer encoding is used
+ */
+ data->set.http_te_skip = (0 == va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_HTTP_CONTENT_DECODING:
+ /*
+ * raw data passed to the application when content encoding is used
+ */
+ data->set.http_ce_skip = (0 == va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_NEW_FILE_PERMS:
+ /*
+ * Uses these permissions instead of 0644
+ */
+ arg = va_arg(param, long);
+ if((arg < 0) || (arg > 0777))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.new_file_perms = arg;
+ break;
+
+ case CURLOPT_NEW_DIRECTORY_PERMS:
+ /*
+ * Uses these permissions instead of 0755
+ */
+ arg = va_arg(param, long);
+ if((arg < 0) || (arg > 0777))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.new_directory_perms = arg;
+ break;
+
+ case CURLOPT_ADDRESS_SCOPE:
+ /*
+ * We always get longs when passed plain numericals, but for this value we
+ * know that an unsigned int will always hold the value so we blindly
+ * typecast to this type
+ */
+ arg = va_arg(param, long);
+ if((arg < 0) || (arg > 0xf))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.scope_id = curlx_sltoui(arg);
+ break;
+
+ case CURLOPT_PROTOCOLS:
+ /* set the bitmask for the protocols that are allowed to be used for the
+ transfer, which thus helps the app which takes URLs from users or other
+ external inputs and want to restrict what protocol(s) to deal
+ with. Defaults to CURLPROTO_ALL. */
+ data->set.allowed_protocols = va_arg(param, long);
+ break;
+
+ case CURLOPT_REDIR_PROTOCOLS:
+ /* set the bitmask for the protocols that libcurl is allowed to follow to,
+ as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
+ to be set in both bitmasks to be allowed to get redirected to. Defaults
+ to all protocols except FILE and SCP. */
+ data->set.redir_protocols = va_arg(param, long);
+ break;
+
+ case CURLOPT_DEFAULT_PROTOCOL:
+ /* Set the protocol to use when the URL doesn't include any protocol */
+ result = Curl_setstropt(&data->set.str[STRING_DEFAULT_PROTOCOL],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_MAIL_FROM:
+ /* Set the SMTP mail originator */
+ result = Curl_setstropt(&data->set.str[STRING_MAIL_FROM],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_MAIL_AUTH:
+ /* Set the SMTP auth originator */
+ result = Curl_setstropt(&data->set.str[STRING_MAIL_AUTH],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_MAIL_RCPT:
+ /* Set the list of mail recipients */
+ data->set.mail_rcpt = va_arg(param, struct curl_slist *);
+ break;
+
+ case CURLOPT_SASL_IR:
+ /* Enable/disable SASL initial response */
+ data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_RTSP_REQUEST:
+ {
+ /*
+ * Set the RTSP request method (OPTIONS, SETUP, PLAY, etc...)
+ * Would this be better if the RTSPREQ_* were just moved into here?
+ */
+ long curl_rtspreq = va_arg(param, long);
+ Curl_RtspReq rtspreq = RTSPREQ_NONE;
+ switch(curl_rtspreq) {
+ case CURL_RTSPREQ_OPTIONS:
+ rtspreq = RTSPREQ_OPTIONS;
+ break;
+
+ case CURL_RTSPREQ_DESCRIBE:
+ rtspreq = RTSPREQ_DESCRIBE;
+ break;
+
+ case CURL_RTSPREQ_ANNOUNCE:
+ rtspreq = RTSPREQ_ANNOUNCE;
+ break;
+
+ case CURL_RTSPREQ_SETUP:
+ rtspreq = RTSPREQ_SETUP;
+ break;
+
+ case CURL_RTSPREQ_PLAY:
+ rtspreq = RTSPREQ_PLAY;
+ break;
+
+ case CURL_RTSPREQ_PAUSE:
+ rtspreq = RTSPREQ_PAUSE;
+ break;
+
+ case CURL_RTSPREQ_TEARDOWN:
+ rtspreq = RTSPREQ_TEARDOWN;
+ break;
+
+ case CURL_RTSPREQ_GET_PARAMETER:
+ rtspreq = RTSPREQ_GET_PARAMETER;
+ break;
+
+ case CURL_RTSPREQ_SET_PARAMETER:
+ rtspreq = RTSPREQ_SET_PARAMETER;
+ break;
+
+ case CURL_RTSPREQ_RECORD:
+ rtspreq = RTSPREQ_RECORD;
+ break;
+
+ case CURL_RTSPREQ_RECEIVE:
+ rtspreq = RTSPREQ_RECEIVE;
+ break;
+ default:
+ rtspreq = RTSPREQ_NONE;
+ }
+
+ data->set.rtspreq = rtspreq;
+ break;
+ }
+
+
+ case CURLOPT_RTSP_SESSION_ID:
+ /*
+ * Set the RTSP Session ID manually. Useful if the application is
+ * resuming a previously established RTSP session
+ */
+ result = Curl_setstropt(&data->set.str[STRING_RTSP_SESSION_ID],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_RTSP_STREAM_URI:
+ /*
+ * Set the Stream URI for the RTSP request. Unless the request is
+ * for generic server options, the application will need to set this.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_RTSP_STREAM_URI],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_RTSP_TRANSPORT:
+ /*
+ * The content of the Transport: header for the RTSP request
+ */
+ result = Curl_setstropt(&data->set.str[STRING_RTSP_TRANSPORT],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_RTSP_CLIENT_CSEQ:
+ /*
+ * Set the CSEQ number to issue for the next RTSP request. Useful if the
+ * application is resuming a previously broken connection. The CSEQ
+ * will increment from this new number henceforth.
+ */
+ data->state.rtsp_next_client_CSeq = va_arg(param, long);
+ break;
+
+ case CURLOPT_RTSP_SERVER_CSEQ:
+ /* Same as the above, but for server-initiated requests */
+ data->state.rtsp_next_client_CSeq = va_arg(param, long);
+ break;
+
+ case CURLOPT_INTERLEAVEDATA:
+ data->set.rtp_out = va_arg(param, void *);
+ break;
+ case CURLOPT_INTERLEAVEFUNCTION:
+ /* Set the user defined RTP write function */
+ data->set.fwrite_rtp = va_arg(param, curl_write_callback);
+ break;
+
+ case CURLOPT_WILDCARDMATCH:
+ data->set.wildcard_enabled = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_CHUNK_BGN_FUNCTION:
+ data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback);
+ break;
+ case CURLOPT_CHUNK_END_FUNCTION:
+ data->set.chunk_end = va_arg(param, curl_chunk_end_callback);
+ break;
+ case CURLOPT_FNMATCH_FUNCTION:
+ data->set.fnmatch = va_arg(param, curl_fnmatch_callback);
+ break;
+ case CURLOPT_CHUNK_DATA:
+ data->wildcard.customptr = va_arg(param, void *);
+ break;
+ case CURLOPT_FNMATCH_DATA:
+ data->set.fnmatch_data = va_arg(param, void *);
+ break;
+#ifdef USE_TLS_SRP
+ case CURLOPT_TLSAUTH_USERNAME:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_ORIG],
+ va_arg(param, char *));
+ if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype)
+ data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_PROXY_TLSAUTH_USERNAME:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY],
+ va_arg(param, char *));
+ if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
+ !data->set.proxy_ssl.authtype)
+ data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_TLSAUTH_PASSWORD:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_ORIG],
+ va_arg(param, char *));
+ if(data->set.str[STRING_TLSAUTH_USERNAME_ORIG] && !data->set.ssl.authtype)
+ data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_PROXY_TLSAUTH_PASSWORD:
+ result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY],
+ va_arg(param, char *));
+ if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] &&
+ !data->set.proxy_ssl.authtype)
+ data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
+ break;
+ case CURLOPT_TLSAUTH_TYPE:
+ argptr = va_arg(param, char *);
+ if(!argptr ||
+ strncasecompare(argptr, "SRP", strlen("SRP")))
+ data->set.ssl.authtype = CURL_TLSAUTH_SRP;
+ else
+ data->set.ssl.authtype = CURL_TLSAUTH_NONE;
+ break;
+ case CURLOPT_PROXY_TLSAUTH_TYPE:
+ argptr = va_arg(param, char *);
+ if(!argptr ||
+ strncasecompare(argptr, "SRP", strlen("SRP")))
+ data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP;
+ else
+ data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
+ break;
+#endif
+ case CURLOPT_DNS_SERVERS:
+ result = Curl_set_dns_servers(data, va_arg(param, char *));
+ break;
+ case CURLOPT_DNS_INTERFACE:
+ result = Curl_set_dns_interface(data, va_arg(param, char *));
+ break;
+ case CURLOPT_DNS_LOCAL_IP4:
+ result = Curl_set_dns_local_ip4(data, va_arg(param, char *));
+ break;
+ case CURLOPT_DNS_LOCAL_IP6:
+ result = Curl_set_dns_local_ip6(data, va_arg(param, char *));
+ break;
+
+ case CURLOPT_TCP_KEEPALIVE:
+ data->set.tcp_keepalive = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_TCP_KEEPIDLE:
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.tcp_keepidle = arg;
+ break;
+ case CURLOPT_TCP_KEEPINTVL:
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.tcp_keepintvl = arg;
+ break;
+ case CURLOPT_TCP_FASTOPEN:
+#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) || \
+ defined(TCP_FASTOPEN_CONNECT)
+ data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE;
+#else
+ result = CURLE_NOT_BUILT_IN;
+#endif
+ break;
+ case CURLOPT_SSL_ENABLE_NPN:
+ data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_SSL_ENABLE_ALPN:
+ data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+#ifdef USE_UNIX_SOCKETS
+ case CURLOPT_UNIX_SOCKET_PATH:
+ data->set.abstract_unix_socket = FALSE;
+ result = Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_ABSTRACT_UNIX_SOCKET:
+ data->set.abstract_unix_socket = TRUE;
+ result = Curl_setstropt(&data->set.str[STRING_UNIX_SOCKET_PATH],
+ va_arg(param, char *));
+ break;
+#endif
+
+ case CURLOPT_PATH_AS_IS:
+ data->set.path_as_is = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_PIPEWAIT:
+ data->set.pipewait = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_STREAM_WEIGHT:
+#ifndef USE_NGHTTP2
+ return CURLE_NOT_BUILT_IN;
+#else
+ arg = va_arg(param, long);
+ if((arg >= 1) && (arg <= 256))
+ data->set.stream_weight = (int)arg;
+ break;
+#endif
+ case CURLOPT_STREAM_DEPENDS:
+ case CURLOPT_STREAM_DEPENDS_E:
+ {
+#ifndef USE_NGHTTP2
+ return CURLE_NOT_BUILT_IN;
+#else
+ struct Curl_easy *dep = va_arg(param, struct Curl_easy *);
+ if(!dep || GOOD_EASY_HANDLE(dep)) {
+ if(data->set.stream_depends_on) {
+ Curl_http2_remove_child(data->set.stream_depends_on, data);
+ }
+ Curl_http2_add_child(dep, data, (option == CURLOPT_STREAM_DEPENDS_E));
+ }
+ break;
+#endif
+ }
+ case CURLOPT_CONNECT_TO:
+ data->set.connect_to = va_arg(param, struct curl_slist *);
+ break;
+ case CURLOPT_SUPPRESS_CONNECT_HEADERS:
+ data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE;
+ break;
+ case CURLOPT_SSH_COMPRESSION:
+ data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE;
+ break;
+ default:
+ /* unknown tag and its companion, just ignore: */
+ result = CURLE_UNKNOWN_OPTION;
+ break;
+ }
+
+ return result;
+}
+
+/*
+ * curl_easy_setopt() is the external interface for setting options on an
+ * easy handle.
+ */
+
+#undef curl_easy_setopt
+CURLcode curl_easy_setopt(struct Curl_easy *data, CURLoption tag, ...)
+{
+ va_list arg;
+ CURLcode result;
+
+ if(!data)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+
+ va_start(arg, tag);
+
+ result = setopt(data, tag, arg);
+
+ va_end(arg);
+ return result;
+}
+
diff --git a/libs/libcurl/src/setopt.h b/libs/libcurl/src/setopt.h
new file mode 100644
index 0000000000..35769440fa
--- /dev/null
+++ b/libs/libcurl/src/setopt.h
@@ -0,0 +1,27 @@
+#ifndef HEADER_CURL_SETOPT_H
+#define HEADER_CURL_SETOPT_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+CURLcode Curl_setstropt(char **charp, const char *s);
+
+#endif /* HEADER_CURL_SETOPT_H */
diff --git a/libs/libcurl/src/setup-os400.h b/libs/libcurl/src/setup-os400.h
index 319efec929..a3c2a7bdc9 100644
--- a/libs/libcurl/src/setup-os400.h
+++ b/libs/libcurl/src/setup-os400.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -33,43 +33,29 @@
typedef unsigned long u_int32_t;
-/* System API wrapper prototypes and definitions to support ASCII parameters. */
+/* System API wrapper prototypes & definitions to support ASCII parameters. */
#include <sys/socket.h>
#include <netdb.h>
-#include <qsossl.h>
#include <gskssl.h>
#include <qsoasync.h>
#include <gssapi.h>
-extern int Curl_getaddrinfo_a(const char * nodename, const char * servname,
- const struct addrinfo * hints,
- struct addrinfo * * res);
+extern int Curl_getaddrinfo_a(const char *nodename,
+ const char *servname,
+ const struct addrinfo *hints,
+ struct addrinfo **res);
#define getaddrinfo Curl_getaddrinfo_a
-extern int Curl_getnameinfo_a(const struct sockaddr * sa,
- curl_socklen_t salen,
- char * nodename, curl_socklen_t nodenamelen,
- char * servname, curl_socklen_t servnamelen,
- int flags);
+extern int Curl_getnameinfo_a(const struct sockaddr *sa,
+ curl_socklen_t salen,
+ char *nodename, curl_socklen_t nodenamelen,
+ char *servname, curl_socklen_t servnamelen,
+ int flags);
#define getnameinfo Curl_getnameinfo_a
-/* SSL wrappers. */
-
-extern int Curl_SSL_Init_Application_a(SSLInitApp * init_app);
-#define SSL_Init_Application Curl_SSL_Init_Application_a
-
-
-extern int Curl_SSL_Init_a(SSLInit * init);
-#define SSL_Init Curl_SSL_Init_a
-
-
-extern char * Curl_SSL_Strerror_a(int sslreturnvalue, SSLErrorMsg * serrmsgp);
-#define SSL_Strerror Curl_SSL_Strerror_a
-
-
/* GSKit wrappers. */
extern int Curl_gsk_environment_open(gsk_handle * my_env_handle);
@@ -93,7 +79,7 @@ extern int Curl_gsk_secure_soc_init(gsk_handle my_session_handle);
extern int Curl_gsk_attribute_set_buffer_a(gsk_handle my_gsk_handle,
GSK_BUF_ID bufID,
- const char * buffer,
+ const char *buffer,
int bufSize);
#define gsk_attribute_set_buffer Curl_gsk_attribute_set_buffer_a
@@ -109,29 +95,29 @@ extern int Curl_gsk_attribute_set_numeric_value(gsk_handle my_gsk_handle,
extern int Curl_gsk_attribute_set_callback(gsk_handle my_gsk_handle,
GSK_CALLBACK_ID callBackID,
- void * callBackAreaPtr);
+ void *callBackAreaPtr);
#define gsk_attribute_set_callback Curl_gsk_attribute_set_callback
extern int Curl_gsk_attribute_get_buffer_a(gsk_handle my_gsk_handle,
GSK_BUF_ID bufID,
- const char * * buffer,
- int * bufSize);
+ const char **buffer,
+ int *bufSize);
#define gsk_attribute_get_buffer Curl_gsk_attribute_get_buffer_a
extern int Curl_gsk_attribute_get_enum(gsk_handle my_gsk_handle,
GSK_ENUM_ID enumID,
- GSK_ENUM_VALUE * enumValue);
+ GSK_ENUM_VALUE *enumValue);
#define gsk_attribute_get_enum Curl_gsk_attribute_get_enum
extern int Curl_gsk_attribute_get_numeric_value(gsk_handle my_gsk_handle,
GSK_NUM_ID numID,
- int * numValue);
+ int *numValue);
#define gsk_attribute_get_numeric_value Curl_gsk_attribute_get_numeric_value
extern int Curl_gsk_attribute_get_cert_info(gsk_handle my_gsk_handle,
GSK_CERT_ID certID,
- const gsk_cert_data_elem * * certDataElem,
- int * certDataElementCount);
+ const gsk_cert_data_elem **certDataElem,
+ int *certDataElementCount);
#define gsk_attribute_get_cert_info Curl_gsk_attribute_get_cert_info
extern int Curl_gsk_secure_soc_misc(gsk_handle my_session_handle,
@@ -139,13 +125,13 @@ extern int Curl_gsk_secure_soc_misc(gsk_handle my_session_handle,
#define gsk_secure_soc_misc Curl_gsk_secure_soc_misc
extern int Curl_gsk_secure_soc_read(gsk_handle my_session_handle,
- char * readBuffer,
- int readBufSize, int * amtRead);
+ char *readBuffer,
+ int readBufSize, int *amtRead);
#define gsk_secure_soc_read Curl_gsk_secure_soc_read
extern int Curl_gsk_secure_soc_write(gsk_handle my_session_handle,
- char * writeBuffer,
- int writeBufSize, int * amtWritten);
+ char *writeBuffer,
+ int writeBufSize, int *amtWritten);
#define gsk_secure_soc_write Curl_gsk_secure_soc_write
extern const char * Curl_gsk_strerror_a(int gsk_return_value);
@@ -216,15 +202,22 @@ extern OM_uint32 Curl_gss_delete_sec_context_a(OM_uint32 * minor_status,
extern int Curl_os400_connect(int sd, struct sockaddr * destaddr, int addrlen);
extern int Curl_os400_bind(int sd, struct sockaddr * localaddr, int addrlen);
-extern int Curl_os400_sendto(int sd, char * buffer, int buflen, int flags,
- struct sockaddr * dstaddr, int addrlen);
-extern int Curl_os400_recvfrom(int sd, char * buffer, int buflen, int flags,
- struct sockaddr * fromaddr, int * addrlen);
+extern int Curl_os400_sendto(int sd, char *buffer, int buflen, int flags,
+ struct sockaddr * dstaddr, int addrlen);
+extern int Curl_os400_recvfrom(int sd, char *buffer, int buflen, int flags,
+ struct sockaddr *fromaddr, int *addrlen);
#define connect Curl_os400_connect
#define bind Curl_os400_bind
#define sendto Curl_os400_sendto
#define recvfrom Curl_os400_recvfrom
+#ifdef HAVE_LIBZ
+#define zlibVersion Curl_os400_zlibVersion
+#define inflateInit_ Curl_os400_inflateInit_
+#define inflateInit2_ Curl_os400_inflateInit2_
+#define inflate Curl_os400_inflate
+#define inflateEnd Curl_os400_inflateEnd
+#endif
#endif /* HEADER_CURL_SETUP_OS400_H */
diff --git a/libs/libcurl/src/setup-vms.h b/libs/libcurl/src/setup-vms.h
index f5eedf7566..6c454aee68 100644
--- a/libs/libcurl/src/setup-vms.h
+++ b/libs/libcurl/src/setup-vms.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -41,7 +41,7 @@
# endif
#endif
#include <stdlib.h>
- char * decc$getenv(const char * __name);
+char *decc$getenv(const char *__name);
#include <pwd.h>
#include <string.h>
@@ -79,23 +79,24 @@
# if __INITIAL_POINTER_SIZE == 32
/* Translate the path, but only if the path is a VMS file specification */
/* The translation is usually only needed for older versions of VMS */
-static char * vms_translate_path(const char * path) {
-char * unix_path;
-char * test_str;
-
- /* See if the result is in VMS format, if not, we are done */
- /* Assume that this is a PATH, not just some data */
- test_str = strpbrk(path, ":[<^");
- if(test_str == NULL) {
- return (char *)path;
- }
-
- unix_path = decc$translate_vms(path);
-
- if((int)unix_path <= 0) {
- /* We can not translate it, so return the original string */
- return (char *)path;
- }
+static char *vms_translate_path(const char *path)
+{
+ char *unix_path;
+ char *test_str;
+
+ /* See if the result is in VMS format, if not, we are done */
+ /* Assume that this is a PATH, not just some data */
+ test_str = strpbrk(path, ":[<^");
+ if(test_str == NULL) {
+ return (char *)path;
+ }
+
+ unix_path = decc$translate_vms(path);
+
+ if((int)unix_path <= 0) {
+ /* We can not translate it, so return the original string */
+ return (char *)path;
+ }
}
# else
/* VMS translate path is actually not needed on the current 64 bit */
@@ -111,74 +112,74 @@ char * test_str;
# endif
#endif
-static char * vms_getenv(const char * envvar) {
+static char *vms_getenv(const char *envvar)
+{
+ char *result;
+ char *vms_path;
-char * result;
-char * vms_path;
-
- /* first use the DECC getenv() function */
- result = decc$getenv(envvar);
- if(result == NULL) {
- return result;
- }
+ /* first use the DECC getenv() function */
+ result = decc$getenv(envvar);
+ if(result == NULL) {
+ return result;
+ }
- vms_path = result;
- result = vms_translate_path(vms_path);
+ vms_path = result;
+ result = vms_translate_path(vms_path);
- /* note that if you backport this to use VAX C RTL, that the VAX C RTL */
- /* may do a malloc(2048) for each call to getenv(), so you will need */
- /* to add a free(vms_path) */
- /* Do not do a free() for DEC C RTL builds, which should be used for */
- /* VMS 5.5-2 and later, even if using GCC */
+ /* note that if you backport this to use VAX C RTL, that the VAX C RTL */
+ /* may do a malloc(2048) for each call to getenv(), so you will need */
+ /* to add a free(vms_path) */
+ /* Do not do a free() for DEC C RTL builds, which should be used for */
+ /* VMS 5.5-2 and later, even if using GCC */
- return result;
+ return result;
}
static struct passwd vms_passwd_cache;
-static struct passwd * vms_getpwuid(uid_t uid) {
-
-struct passwd * my_passwd;
+static struct passwd * vms_getpwuid(uid_t uid)
+{
+ struct passwd * my_passwd;
/* Hack needed to support 64 bit builds, decc_getpwnam is 32 bit only */
#ifdef __DECC
# if __INITIAL_POINTER_SIZE
-__char_ptr32 unix_path;
+ __char_ptr32 unix_path;
# else
-char * unix_path;
+ char *unix_path;
# endif
#else
-char * unix_path;
+ char *unix_path;
#endif
- my_passwd = decc_getpwuid(uid);
- if(my_passwd == NULL) {
- return my_passwd;
- }
-
- unix_path = vms_translate_path(my_passwd->pw_dir);
-
- if((long)unix_path <= 0) {
- /* We can not translate it, so return the original string */
- return my_passwd;
- }
-
- /* If no changes needed just return it */
- if(unix_path == my_passwd->pw_dir) {
- return my_passwd;
- }
-
- /* Need to copy the structure returned */
- /* Since curl is only using pw_dir, no need to fix up *
- /* the pw_shell when running under Bash */
- vms_passwd_cache.pw_name = my_passwd->pw_name;
- vms_passwd_cache.pw_uid = my_passwd->pw_uid;
- vms_passwd_cache.pw_gid = my_passwd->pw_uid;
- vms_passwd_cache.pw_dir = unix_path;
- vms_passwd_cache.pw_shell = my_passwd->pw_shell;
-
- return &vms_passwd_cache;
+ my_passwd = decc_getpwuid(uid);
+ if(my_passwd == NULL) {
+ return my_passwd;
+ }
+
+ unix_path = vms_translate_path(my_passwd->pw_dir);
+
+ if((long)unix_path <= 0) {
+ /* We can not translate it, so return the original string */
+ return my_passwd;
+ }
+
+ /* If no changes needed just return it */
+ if(unix_path == my_passwd->pw_dir) {
+ return my_passwd;
+ }
+
+ /* Need to copy the structure returned */
+ /* Since curl is only using pw_dir, no need to fix up */
+ /* the pw_shell when running under Bash */
+ vms_passwd_cache.pw_name = my_passwd->pw_name;
+ vms_passwd_cache.pw_uid = my_passwd->pw_uid;
+ vms_passwd_cache.pw_gid = my_passwd->pw_uid;
+ vms_passwd_cache.pw_dir = unix_path;
+ vms_passwd_cache.pw_shell = my_passwd->pw_shell;
+
+ return &vms_passwd_cache;
}
#ifdef __DECC
@@ -203,6 +204,19 @@ char * unix_path;
#define CRYPTO_cleanup_all_ex_data CRYPTO_CLEANUP_ALL_EX_DATA
#define CRYPTO_free CRYPTO_FREE
#define CRYPTO_malloc CRYPTO_MALLOC
+#define CONF_modules_load_file CONF_MODULES_LOAD_FILE
+#ifdef __VAX
+# ifdef VMS_OLD_SSL
+ /* Ancient OpenSSL on VAX/VMS missing this constant */
+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+# undef CONF_modules_load_file
+ static int CONF_modules_load_file(const char *filename,
+ const char *appname,
+ unsigned long flags) {
+ return 1;
+ }
+# endif
+#endif
#define DES_ecb_encrypt DES_ECB_ENCRYPT
#define DES_set_key DES_SET_KEY
#define DES_set_odd_parity DES_SET_ODD_PARITY
@@ -228,6 +242,7 @@ char * unix_path;
#define EVP_PKEY_free EVP_PKEY_FREE
#define EVP_cleanup EVP_CLEANUP
#define GENERAL_NAMES_free GENERAL_NAMES_FREE
+#define i2d_X509_PUBKEY I2D_X509_PUBKEY
#define MD4_Final MD4_FINAL
#define MD4_Init MD4_INIT
#define MD4_Update MD4_UPDATE
@@ -235,6 +250,9 @@ char * unix_path;
#define MD5_Init MD5_INIT
#define MD5_Update MD5_UPDATE
#define OPENSSL_add_all_algo_noconf OPENSSL_ADD_ALL_ALGO_NOCONF
+#ifndef __VAX
+#define OPENSSL_load_builtin_modules OPENSSL_LOAD_BUILTIN_MODULES
+#endif
#define PEM_read_X509 PEM_READ_X509
#define PEM_write_bio_X509 PEM_WRITE_BIO_X509
#define PKCS12_PBE_add PKCS12_PBE_ADD
@@ -258,6 +276,7 @@ char * unix_path;
#define SSL_CTX_set_cipher_list SSL_CTX_SET_CIPHER_LIST
#define SSL_CTX_set_def_passwd_cb_ud SSL_CTX_SET_DEF_PASSWD_CB_UD
#define SSL_CTX_set_default_passwd_cb SSL_CTX_SET_DEFAULT_PASSWD_CB
+#define SSL_CTX_set_msg_callback SSL_CTX_SET_MSG_CALLBACK
#define SSL_CTX_set_verify SSL_CTX_SET_VERIFY
#define SSL_CTX_use_PrivateKey SSL_CTX_USE_PRIVATEKEY
#define SSL_CTX_use_PrivateKey_file SSL_CTX_USE_PRIVATEKEY_FILE
@@ -274,6 +293,7 @@ char * unix_path;
#define SSL_get_peer_cert_chain SSL_GET_PEER_CERT_CHAIN
#define SSL_get_peer_certificate SSL_GET_PEER_CERTIFICATE
#define SSL_get_privatekey SSL_GET_PRIVATEKEY
+#define SSL_get_session SSL_GET_SESSION
#define SSL_get_shutdown SSL_GET_SHUTDOWN
#define SSL_get_verify_result SSL_GET_VERIFY_RESULT
#define SSL_library_init SSL_LIBRARY_INIT
@@ -286,14 +306,32 @@ char * unix_path;
#define SSL_set_fd SSL_SET_FD
#define SSL_set_session SSL_SET_SESSION
#define SSL_shutdown SSL_SHUTDOWN
+#define SSL_version SSL_VERSION
#define SSL_write SSL_WRITE
#define SSLeay SSLEAY
#define SSLv23_client_method SSLV23_CLIENT_METHOD
#define SSLv3_client_method SSLV3_CLIENT_METHOD
#define TLSv1_client_method TLSV1_CLIENT_METHOD
+#define UI_create_method UI_CREATE_METHOD
+#define UI_destroy_method UI_DESTROY_METHOD
+#define UI_get0_user_data UI_GET0_USER_DATA
+#define UI_get_input_flags UI_GET_INPUT_FLAGS
+#define UI_get_string_type UI_GET_STRING_TYPE
+#define UI_create_method UI_CREATE_METHOD
+#define UI_destroy_method UI_DESTROY_METHOD
+#define UI_method_get_closer UI_METHOD_GET_CLOSER
+#define UI_method_get_opener UI_METHOD_GET_OPENER
+#define UI_method_get_reader UI_METHOD_GET_READER
+#define UI_method_get_writer UI_METHOD_GET_WRITER
+#define UI_method_set_closer UI_METHOD_SET_CLOSER
+#define UI_method_set_opener UI_METHOD_SET_OPENER
+#define UI_method_set_reader UI_METHOD_SET_READER
+#define UI_method_set_writer UI_METHOD_SET_WRITER
#define UI_OpenSSL UI_OPENSSL
+#define UI_set_result UI_SET_RESULT
#define X509V3_EXT_print X509V3_EXT_PRINT
#define X509_EXTENSION_get_critical X509_EXTENSION_GET_CRITICAL
+#define X509_EXTENSION_get_data X509_EXTENSION_GET_DATA
#define X509_EXTENSION_get_object X509_EXTENSION_GET_OBJECT
#define X509_LOOKUP_file X509_LOOKUP_FILE
#define X509_NAME_ENTRY_get_data X509_NAME_ENTRY_GET_DATA
@@ -318,6 +356,12 @@ char * unix_path;
#define sk_pop SK_POP
#define sk_pop_free SK_POP_FREE
#define sk_value SK_VALUE
+#ifdef __VAX
+#define OPENSSL_NO_SHA256
+#endif
+#define SHA256_Final SHA256_FINAL
+#define SHA256_Init SHA256_INIT
+#define SHA256_Update SHA256_UPDATE
#define USE_UPPERCASE_GSSAPI 1
#define gss_seal GSS_SEAL
@@ -383,7 +427,7 @@ char * unix_path;
static void des_ecb_encrypt(const_des_cblock *input,
des_cblock *output,
- des_key_schedule ks,int enc) {
+ des_key_schedule ks, int enc) {
DES_ECB_ENCRYPT(input, output, ks, enc);
}
#endif
diff --git a/libs/libcurl/src/sha256.c b/libs/libcurl/src/sha256.c
new file mode 100644
index 0000000000..cd81c02541
--- /dev/null
+++ b/libs/libcurl/src/sha256.c
@@ -0,0 +1,262 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Florin Petriuc, <petriuc.florin@gmail.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+
+#include "warnless.h"
+#include "curl_sha256.h"
+
+#if defined(USE_OPENSSL)
+
+/* When OpenSSL is available we use the SHA256-function from OpenSSL */
+#include <openssl/sha.h>
+
+#else
+
+/* When no other crypto library is available we use this code segment */
+
+/* ===== start - public domain SHA256 implementation ===== */
+/* This is based on SHA256 implementation in LibTomCrypt that was released into
+ * public domain by Tom St Denis. */
+
+#define WPA_GET_BE32(a) ((((unsigned long)(a)[0]) << 24) | \
+ (((unsigned long)(a)[1]) << 16) | \
+ (((unsigned long)(a)[2]) << 8) | \
+ ((unsigned long)(a)[3]))
+#define WPA_PUT_BE32(a, val) \
+do { \
+ (a)[0] = (unsigned char)((((unsigned long) (val)) >> 24) & 0xff); \
+ (a)[1] = (unsigned char)((((unsigned long) (val)) >> 16) & 0xff); \
+ (a)[2] = (unsigned char)((((unsigned long) (val)) >> 8) & 0xff); \
+ (a)[3] = (unsigned char)(((unsigned long) (val)) & 0xff); \
+} while(0)
+
+#ifdef HAVE_LONGLONG
+#define WPA_PUT_BE64(a, val) \
+do { \
+ (a)[0] = (unsigned char)(((unsigned long long)(val)) >> 56); \
+ (a)[1] = (unsigned char)(((unsigned long long)(val)) >> 48); \
+ (a)[2] = (unsigned char)(((unsigned long long)(val)) >> 40); \
+ (a)[3] = (unsigned char)(((unsigned long long)(val)) >> 32); \
+ (a)[4] = (unsigned char)(((unsigned long long)(val)) >> 24); \
+ (a)[5] = (unsigned char)(((unsigned long long)(val)) >> 16); \
+ (a)[6] = (unsigned char)(((unsigned long long)(val)) >> 8); \
+ (a)[7] = (unsigned char)(((unsigned long long)(val)) & 0xff); \
+} while(0)
+#else
+#define WPA_PUT_BE64(a, val) \
+do { \
+ (a)[0] = (unsigned char)(((unsigned __int64)(val)) >> 56); \
+ (a)[1] = (unsigned char)(((unsigned __int64)(val)) >> 48); \
+ (a)[2] = (unsigned char)(((unsigned __int64)(val)) >> 40); \
+ (a)[3] = (unsigned char)(((unsigned __int64)(val)) >> 32); \
+ (a)[4] = (unsigned char)(((unsigned __int64)(val)) >> 24); \
+ (a)[5] = (unsigned char)(((unsigned __int64)(val)) >> 16); \
+ (a)[6] = (unsigned char)(((unsigned __int64)(val)) >> 8); \
+ (a)[7] = (unsigned char)(((unsigned __int64)(val)) & 0xff); \
+} while(0)
+#endif
+
+typedef struct sha256_state {
+#ifdef HAVE_LONGLONG
+ unsigned long long length;
+#else
+ unsigned __int64 length;
+#endif
+ unsigned long state[8], curlen;
+ unsigned char buf[64];
+} SHA256_CTX;
+/* the K array */
+static const unsigned long K[64] = {
+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
+ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
+ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
+ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
+ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
+ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
+ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
+ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
+ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
+ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+/* Various logical functions */
+#define RORc(x, y) \
+(((((unsigned long)(x) & 0xFFFFFFFFUL) >> (unsigned long)((y) & 31)) | \
+ ((unsigned long)(x) << (unsigned long)(32 - ((y) & 31)))) & 0xFFFFFFFFUL)
+#define Ch(x,y,z) (z ^ (x & (y ^ z)))
+#define Maj(x,y,z) (((x | y) & z) | (x & y))
+#define S(x, n) RORc((x), (n))
+#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n))
+#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
+#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
+#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
+#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
+#ifndef MIN
+#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+#endif
+/* compress 512-bits */
+static int sha256_compress(struct sha256_state *md,
+ unsigned char *buf)
+{
+ unsigned long S[8], W[64], t0, t1;
+ unsigned long t;
+ int i;
+ /* copy state into S */
+ for(i = 0; i < 8; i++) {
+ S[i] = md->state[i];
+ }
+ /* copy the state into 512-bits into W[0..15] */
+ for(i = 0; i < 16; i++)
+ W[i] = WPA_GET_BE32(buf + (4 * i));
+ /* fill W[16..63] */
+ for(i = 16; i < 64; i++) {
+ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) +
+ W[i - 16];
+ }
+ /* Compress */
+#define RND(a,b,c,d,e,f,g,h,i) \
+ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
+ t1 = Sigma0(a) + Maj(a, b, c); \
+ d += t0; \
+ h = t0 + t1;
+ for(i = 0; i < 64; ++i) {
+ RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i);
+ t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4];
+ S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t;
+ }
+ /* feedback */
+ for(i = 0; i < 8; i++) {
+ md->state[i] = md->state[i] + S[i];
+ }
+ return 0;
+}
+/* Initialize the hash state */
+static void SHA256_Init(struct sha256_state *md)
+{
+ md->curlen = 0;
+ md->length = 0;
+ md->state[0] = 0x6A09E667UL;
+ md->state[1] = 0xBB67AE85UL;
+ md->state[2] = 0x3C6EF372UL;
+ md->state[3] = 0xA54FF53AUL;
+ md->state[4] = 0x510E527FUL;
+ md->state[5] = 0x9B05688CUL;
+ md->state[6] = 0x1F83D9ABUL;
+ md->state[7] = 0x5BE0CD19UL;
+}
+/**
+ Process a block of memory though the hash
+ @param md The hash state
+ @param in The data to hash
+ @param inlen The length of the data (octets)
+ @return CRYPT_OK if successful
+*/
+static int SHA256_Update(struct sha256_state *md,
+ const unsigned char *in,
+ unsigned long inlen)
+{
+ unsigned long n;
+#define block_size 64
+ if(md->curlen > sizeof(md->buf))
+ return -1;
+ while(inlen > 0) {
+ if(md->curlen == 0 && inlen >= block_size) {
+ if(sha256_compress(md, (unsigned char *)in) < 0)
+ return -1;
+ md->length += block_size * 8;
+ in += block_size;
+ inlen -= block_size;
+ }
+ else {
+ n = MIN(inlen, (block_size - md->curlen));
+ memcpy(md->buf + md->curlen, in, n);
+ md->curlen += n;
+ in += n;
+ inlen -= n;
+ if(md->curlen == block_size) {
+ if(sha256_compress(md, md->buf) < 0)
+ return -1;
+ md->length += 8 * block_size;
+ md->curlen = 0;
+ }
+ }
+ }
+ return 0;
+}
+/**
+ Terminate the hash to get the digest
+ @param md The hash state
+ @param out [out] The destination of the hash (32 bytes)
+ @return CRYPT_OK if successful
+*/
+static int SHA256_Final(unsigned char *out,
+ struct sha256_state *md)
+{
+ int i;
+ if(md->curlen >= sizeof(md->buf))
+ return -1;
+ /* increase the length of the message */
+ md->length += md->curlen * 8;
+ /* append the '1' bit */
+ md->buf[md->curlen++] = (unsigned char)0x80;
+ /* if the length is currently above 56 bytes we append zeros
+ * then compress. Then we can fall back to padding zeros and length
+ * encoding like normal.
+ */
+ if(md->curlen > 56) {
+ while(md->curlen < 64) {
+ md->buf[md->curlen++] = (unsigned char)0;
+ }
+ sha256_compress(md, md->buf);
+ md->curlen = 0;
+ }
+ /* pad upto 56 bytes of zeroes */
+ while(md->curlen < 56) {
+ md->buf[md->curlen++] = (unsigned char)0;
+ }
+ /* store length */
+ WPA_PUT_BE64(md->buf + 56, md->length);
+ sha256_compress(md, md->buf);
+ /* copy output */
+ for(i = 0; i < 8; i++)
+ WPA_PUT_BE32(out + (4 * i), md->state[i]);
+ return 0;
+}
+/* ===== end - public domain SHA256 implementation ===== */
+
+#endif
+
+void Curl_sha256it(unsigned char *outbuffer, /* 32 unsigned chars */
+ const unsigned char *input)
+{
+ SHA256_CTX ctx;
+ SHA256_Init(&ctx);
+ SHA256_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
+ SHA256_Final(outbuffer, &ctx);
+}
+
+#endif /* CURL_DISABLE_CRYPTO_AUTH */
diff --git a/libs/libcurl/src/share.c b/libs/libcurl/src/share.c
index b21c9f6852..870b191fc2 100644
--- a/libs/libcurl/src/share.c
+++ b/libs/libcurl/src/share.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,27 +25,32 @@
#include <curl/curl.h>
#include "urldata.h"
#include "share.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
-CURLSH *
+struct Curl_share *
curl_share_init(void)
{
struct Curl_share *share = calloc(1, sizeof(struct Curl_share));
- if(share)
+ if(share) {
share->specifier |= (1<<CURL_LOCK_DATA_SHARE);
+ if(Curl_mk_dnscache(&share->hostcache)) {
+ free(share);
+ return NULL;
+ }
+ }
+
return share;
}
#undef curl_share_setopt
CURLSHcode
-curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
+curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...)
{
- struct Curl_share *share = (struct Curl_share *)sh;
va_list param;
int type;
curl_lock_function lockfunc;
@@ -65,19 +70,14 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
/* this is a type this share will share */
type = va_arg(param, int);
share->specifier |= (1<<type);
- switch( type ) {
+ switch(type) {
case CURL_LOCK_DATA_DNS:
- if(!share->hostcache) {
- share->hostcache = Curl_mk_dnscache();
- if(!share->hostcache)
- res = CURLSHE_NOMEM;
- }
break;
case CURL_LOCK_DATA_COOKIE:
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
if(!share->cookies) {
- share->cookies = Curl_cookie_init(NULL, NULL, NULL, TRUE );
+ share->cookies = Curl_cookie_init(NULL, NULL, NULL, TRUE);
if(!share->cookies)
res = CURLSHE_NOMEM;
}
@@ -102,6 +102,8 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
break;
case CURL_LOCK_DATA_CONNECT: /* not supported (yet) */
+ if(Curl_conncache_init(&share->conn_cache, 103))
+ res = CURLSHE_NOMEM;
break;
default:
@@ -113,12 +115,8 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
/* this is a type this share will no longer share */
type = va_arg(param, int);
share->specifier &= ~(1<<type);
- switch( type ) {
+ switch(type) {
case CURL_LOCK_DATA_DNS:
- if(share->hostcache) {
- Curl_hash_destroy(share->hostcache);
- share->hostcache = NULL;
- }
break;
case CURL_LOCK_DATA_COOKIE:
@@ -175,10 +173,8 @@ curl_share_setopt(CURLSH *sh, CURLSHoption option, ...)
}
CURLSHcode
-curl_share_cleanup(CURLSH *sh)
+curl_share_cleanup(struct Curl_share *share)
{
- struct Curl_share *share = (struct Curl_share *)sh;
-
if(share == NULL)
return CURLSHE_INVALID;
@@ -192,14 +188,12 @@ curl_share_cleanup(CURLSH *sh)
return CURLSHE_IN_USE;
}
- if(share->hostcache) {
- Curl_hash_destroy(share->hostcache);
- share->hostcache = NULL;
- }
+ Curl_conncache_close_all_connections(&share->conn_cache);
+ Curl_conncache_destroy(&share->conn_cache);
+ Curl_hash_destroy(&share->hostcache);
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
- if(share->cookies)
- Curl_cookie_cleanup(share->cookies);
+ Curl_cookie_cleanup(share->cookies);
#endif
#ifdef USE_SSL
@@ -220,7 +214,7 @@ curl_share_cleanup(CURLSH *sh)
CURLSHcode
-Curl_share_lock(struct SessionHandle *data, curl_lock_data type,
+Curl_share_lock(struct Curl_easy *data, curl_lock_data type,
curl_lock_access accesstype)
{
struct Curl_share *share = data->share;
@@ -238,7 +232,7 @@ Curl_share_lock(struct SessionHandle *data, curl_lock_data type,
}
CURLSHcode
-Curl_share_unlock(struct SessionHandle *data, curl_lock_data type)
+Curl_share_unlock(struct Curl_easy *data, curl_lock_data type)
{
struct Curl_share *share = data->share;
diff --git a/libs/libcurl/src/share.h b/libs/libcurl/src/share.h
index 9a5128e931..4b13406d9f 100644
--- a/libs/libcurl/src/share.h
+++ b/libs/libcurl/src/share.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,6 +26,7 @@
#include <curl/curl.h>
#include "cookie.h"
#include "urldata.h"
+#include "conncache.h"
/* SalfordC says "A structure member may not be volatile". Hence:
*/
@@ -43,8 +44,8 @@ struct Curl_share {
curl_lock_function lockfunc;
curl_unlock_function unlockfunc;
void *clientdata;
-
- struct curl_hash *hostcache;
+ struct conncache conn_cache;
+ struct curl_hash hostcache;
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
struct CookieInfo *cookies;
#endif
@@ -54,8 +55,8 @@ struct Curl_share {
long sessionage;
};
-CURLSHcode Curl_share_lock (struct SessionHandle *, curl_lock_data,
- curl_lock_access);
-CURLSHcode Curl_share_unlock (struct SessionHandle *, curl_lock_data);
+CURLSHcode Curl_share_lock(struct Curl_easy *, curl_lock_data,
+ curl_lock_access);
+CURLSHcode Curl_share_unlock(struct Curl_easy *, curl_lock_data);
#endif /* HEADER_CURL_SHARE_H */
diff --git a/libs/libcurl/src/sigpipe.h b/libs/libcurl/src/sigpipe.h
new file mode 100644
index 0000000000..800f9d3b4d
--- /dev/null
+++ b/libs/libcurl/src/sigpipe.h
@@ -0,0 +1,78 @@
+#ifndef HEADER_CURL_SIGPIPE_H
+#define HEADER_CURL_SIGPIPE_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && defined(USE_OPENSSL)
+#include <signal.h>
+
+struct sigpipe_ignore {
+ struct sigaction old_pipe_act;
+ bool no_signal;
+};
+
+#define SIGPIPE_VARIABLE(x) struct sigpipe_ignore x
+
+/*
+ * sigpipe_ignore() makes sure we ignore SIGPIPE while running libcurl
+ * internals, and then sigpipe_restore() will restore the situation when we
+ * return from libcurl again.
+ */
+static void sigpipe_ignore(struct Curl_easy *data,
+ struct sigpipe_ignore *ig)
+{
+ /* get a local copy of no_signal because the Curl_easy might not be
+ around when we restore */
+ ig->no_signal = data->set.no_signal;
+ if(!data->set.no_signal) {
+ struct sigaction action;
+ /* first, extract the existing situation */
+ memset(&ig->old_pipe_act, 0, sizeof(struct sigaction));
+ sigaction(SIGPIPE, NULL, &ig->old_pipe_act);
+ action = ig->old_pipe_act;
+ /* ignore this signal */
+ action.sa_handler = SIG_IGN;
+ sigaction(SIGPIPE, &action, NULL);
+ }
+}
+
+/*
+ * sigpipe_restore() puts back the outside world's opinion of signal handler
+ * and SIGPIPE handling. It MUST only be called after a corresponding
+ * sigpipe_ignore() was used.
+ */
+static void sigpipe_restore(struct sigpipe_ignore *ig)
+{
+ if(!ig->no_signal)
+ /* restore the outside state */
+ sigaction(SIGPIPE, &ig->old_pipe_act, NULL);
+}
+
+#else
+/* for systems without sigaction */
+#define sigpipe_ignore(x,y) Curl_nop_stmt
+#define sigpipe_restore(x) Curl_nop_stmt
+#define SIGPIPE_VARIABLE(x)
+#endif
+
+#endif /* HEADER_CURL_SIGPIPE_H */
diff --git a/libs/libcurl/src/slist.c b/libs/libcurl/src/slist.c
index 3cac6ca21c..e5adc0e71a 100644
--- a/libs/libcurl/src/slist.c
+++ b/libs/libcurl/src/slist.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,10 +22,12 @@
#include "curl_setup.h"
-#include "curl_memory.h"
+#include <curl/curl.h>
+
#include "slist.h"
-/* The last #include file should be: */
+/* The last #include files should be: */
+#include "curl_memory.h"
#include "memdebug.h"
/* returns last node in linked list */
diff --git a/libs/libcurl/src/slist.h b/libs/libcurl/src/slist.h
index ea7dcc48b6..b3f498c35f 100644
--- a/libs/libcurl/src/slist.h
+++ b/libs/libcurl/src/slist.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/smb.c b/libs/libcurl/src/smb.c
new file mode 100644
index 0000000000..efcfd2da24
--- /dev/null
+++ b/libs/libcurl/src/smb.c
@@ -0,0 +1,1005 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
+ * Copyright (C) 2016-2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_SMB) && defined(USE_NTLM) && \
+ (CURL_SIZEOF_CURL_OFF_T > 4)
+
+#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
+
+#define BUILDING_CURL_SMB_C
+
+#ifdef HAVE_PROCESS_H
+#include <process.h>
+#ifdef CURL_WINDOWS_APP
+#define getpid GetCurrentProcessId
+#elif !defined(MSDOS)
+#define getpid _getpid
+#endif
+#endif
+
+#include "smb.h"
+#include "urldata.h"
+#include "sendf.h"
+#include "multiif.h"
+#include "connect.h"
+#include "progress.h"
+#include "transfer.h"
+#include "vtls/vtls.h"
+#include "curl_ntlm_core.h"
+#include "escape.h"
+#include "curl_endian.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/* Local API functions */
+static CURLcode smb_setup_connection(struct connectdata *conn);
+static CURLcode smb_connect(struct connectdata *conn, bool *done);
+static CURLcode smb_connection_state(struct connectdata *conn, bool *done);
+static CURLcode smb_request_state(struct connectdata *conn, bool *done);
+static CURLcode smb_done(struct connectdata *conn, CURLcode status,
+ bool premature);
+static CURLcode smb_disconnect(struct connectdata *conn, bool dead);
+static int smb_getsock(struct connectdata *conn, curl_socket_t *socks,
+ int numsocks);
+static CURLcode smb_parse_url_path(struct connectdata *conn);
+
+/*
+ * SMB handler interface
+ */
+const struct Curl_handler Curl_handler_smb = {
+ "SMB", /* scheme */
+ smb_setup_connection, /* setup_connection */
+ ZERO_NULL, /* do_it */
+ smb_done, /* done */
+ ZERO_NULL, /* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+ smb_request_state, /* doing */
+ smb_getsock, /* proto_getsock */
+ smb_getsock, /* doing_getsock */
+ ZERO_NULL, /* domore_getsock */
+ ZERO_NULL, /* perform_getsock */
+ smb_disconnect, /* disconnect */
+ ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
+ PORT_SMB, /* defport */
+ CURLPROTO_SMB, /* protocol */
+ PROTOPT_NONE /* flags */
+};
+
+#ifdef USE_SSL
+/*
+ * SMBS handler interface
+ */
+const struct Curl_handler Curl_handler_smbs = {
+ "SMBS", /* scheme */
+ smb_setup_connection, /* setup_connection */
+ ZERO_NULL, /* do_it */
+ smb_done, /* done */
+ ZERO_NULL, /* do_more */
+ smb_connect, /* connect_it */
+ smb_connection_state, /* connecting */
+ smb_request_state, /* doing */
+ smb_getsock, /* proto_getsock */
+ smb_getsock, /* doing_getsock */
+ ZERO_NULL, /* domore_getsock */
+ ZERO_NULL, /* perform_getsock */
+ smb_disconnect, /* disconnect */
+ ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
+ PORT_SMBS, /* defport */
+ CURLPROTO_SMBS, /* protocol */
+ PROTOPT_SSL /* flags */
+};
+#endif
+
+#define MAX_PAYLOAD_SIZE 0x8000
+#define MAX_MESSAGE_SIZE (MAX_PAYLOAD_SIZE + 0x1000)
+#define CLIENTNAME "curl"
+#define SERVICENAME "?????"
+
+/* Append a string to an SMB message */
+#define MSGCAT(str) \
+ strcpy(p, (str)); \
+ p += strlen(str);
+
+/* Append a null-terminated string to an SMB message */
+#define MSGCATNULL(str) \
+ strcpy(p, (str)); \
+ p += strlen(str) + 1;
+
+/* SMB is mostly little endian */
+#if (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || \
+ defined(__OS400__)
+static unsigned short smb_swap16(unsigned short x)
+{
+ return (unsigned short) ((x << 8) | ((x >> 8) & 0xff));
+}
+
+static unsigned int smb_swap32(unsigned int x)
+{
+ return (x << 24) | ((x << 8) & 0xff0000) | ((x >> 8) & 0xff00) |
+ ((x >> 24) & 0xff);
+}
+
+#ifdef HAVE_LONGLONG
+static unsigned long long smb_swap64(unsigned long long x)
+{
+ return ((unsigned long long) smb_swap32((unsigned int) x) << 32) |
+ smb_swap32((unsigned int) (x >> 32));
+}
+#else
+static unsigned __int64 smb_swap64(unsigned __int64 x)
+{
+ return ((unsigned __int64) smb_swap32((unsigned int) x) << 32) |
+ smb_swap32((unsigned int) (x >> 32));
+}
+#endif
+#else
+# define smb_swap16(x) (x)
+# define smb_swap32(x) (x)
+# define smb_swap64(x) (x)
+#endif
+
+/* SMB request state */
+enum smb_req_state {
+ SMB_REQUESTING,
+ SMB_TREE_CONNECT,
+ SMB_OPEN,
+ SMB_DOWNLOAD,
+ SMB_UPLOAD,
+ SMB_CLOSE,
+ SMB_TREE_DISCONNECT,
+ SMB_DONE
+};
+
+/* SMB request data */
+struct smb_request {
+ enum smb_req_state state;
+ char *share;
+ char *path;
+ unsigned short tid; /* Even if we connect to the same tree as another */
+ unsigned short fid; /* request, the tid will be different */
+ CURLcode result;
+};
+
+static void conn_state(struct connectdata *conn, enum smb_conn_state newstate)
+{
+ struct smb_conn *smb = &conn->proto.smbc;
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ /* For debug purposes */
+ static const char * const names[] = {
+ "SMB_NOT_CONNECTED",
+ "SMB_CONNECTING",
+ "SMB_NEGOTIATE",
+ "SMB_SETUP",
+ "SMB_CONNECTED",
+ /* LAST */
+ };
+
+ if(smb->state != newstate)
+ infof(conn->data, "SMB conn %p state change from %s to %s\n",
+ (void *)smb, names[smb->state], names[newstate]);
+#endif
+
+ smb->state = newstate;
+}
+
+static void request_state(struct connectdata *conn,
+ enum smb_req_state newstate)
+{
+ struct smb_request *req = conn->data->req.protop;
+#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
+ /* For debug purposes */
+ static const char * const names[] = {
+ "SMB_REQUESTING",
+ "SMB_TREE_CONNECT",
+ "SMB_OPEN",
+ "SMB_DOWNLOAD",
+ "SMB_UPLOAD",
+ "SMB_CLOSE",
+ "SMB_TREE_DISCONNECT",
+ "SMB_DONE",
+ /* LAST */
+ };
+
+ if(req->state != newstate)
+ infof(conn->data, "SMB request %p state change from %s to %s\n",
+ (void *)req, names[req->state], names[newstate]);
+#endif
+
+ req->state = newstate;
+}
+
+static CURLcode smb_setup_connection(struct connectdata *conn)
+{
+ struct smb_request *req;
+
+ /* Initialize the request state */
+ conn->data->req.protop = req = calloc(1, sizeof(struct smb_request));
+ if(!req)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Parse the URL path */
+ return smb_parse_url_path(conn);
+}
+
+static CURLcode smb_connect(struct connectdata *conn, bool *done)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ char *slash;
+
+ (void) done;
+
+ /* Check we have a username and password to authenticate with */
+ if(!conn->bits.user_passwd)
+ return CURLE_LOGIN_DENIED;
+
+ /* Initialize the connection state */
+ memset(smbc, 0, sizeof(*smbc));
+ smbc->state = SMB_CONNECTING;
+ smbc->recv_buf = malloc(MAX_MESSAGE_SIZE);
+ if(!smbc->recv_buf)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Multiple requests are allowed with this connection */
+ connkeep(conn, "SMB default");
+
+ /* Parse the username, domain, and password */
+ slash = strchr(conn->user, '/');
+ if(!slash)
+ slash = strchr(conn->user, '\\');
+
+ if(slash) {
+ smbc->user = slash + 1;
+ smbc->domain = strdup(conn->user);
+ if(!smbc->domain)
+ return CURLE_OUT_OF_MEMORY;
+ smbc->domain[slash - conn->user] = 0;
+ }
+ else {
+ smbc->user = conn->user;
+ smbc->domain = strdup(conn->host.name);
+ if(!smbc->domain)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ return CURLE_OK;
+}
+
+static CURLcode smb_recv_message(struct connectdata *conn, void **msg)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ char *buf = smbc->recv_buf;
+ ssize_t bytes_read;
+ size_t nbt_size;
+ size_t msg_size;
+ size_t len = MAX_MESSAGE_SIZE - smbc->got;
+ CURLcode result;
+
+ result = Curl_read(conn, FIRSTSOCKET, buf + smbc->got, len, &bytes_read);
+ if(result)
+ return result;
+
+ if(!bytes_read)
+ return CURLE_OK;
+
+ smbc->got += bytes_read;
+
+ /* Check for a 32-bit nbt header */
+ if(smbc->got < sizeof(unsigned int))
+ return CURLE_OK;
+
+ nbt_size = Curl_read16_be((const unsigned char *)
+ (buf + sizeof(unsigned short))) +
+ sizeof(unsigned int);
+ if(smbc->got < nbt_size)
+ return CURLE_OK;
+
+ msg_size = sizeof(struct smb_header);
+ if(nbt_size >= msg_size + 1) {
+ /* Add the word count */
+ msg_size += 1 + ((unsigned char) buf[msg_size]) * sizeof(unsigned short);
+ if(nbt_size >= msg_size + sizeof(unsigned short)) {
+ /* Add the byte count */
+ msg_size += sizeof(unsigned short) +
+ Curl_read16_le((const unsigned char *)&buf[msg_size]);
+ if(nbt_size < msg_size)
+ return CURLE_READ_ERROR;
+ }
+ }
+
+ *msg = buf;
+
+ return CURLE_OK;
+}
+
+static void smb_pop_message(struct connectdata *conn)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+
+ smbc->got = 0;
+}
+
+static void smb_format_message(struct connectdata *conn, struct smb_header *h,
+ unsigned char cmd, size_t len)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ struct smb_request *req = conn->data->req.protop;
+ unsigned int pid;
+
+ memset(h, 0, sizeof(*h));
+ h->nbt_length = htons((unsigned short) (sizeof(*h) - sizeof(unsigned int) +
+ len));
+ memcpy((char *)h->magic, "\xffSMB", 4);
+ h->command = cmd;
+ h->flags = SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES;
+ h->flags2 = smb_swap16(SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAME);
+ h->uid = smb_swap16(smbc->uid);
+ h->tid = smb_swap16(req->tid);
+ pid = getpid();
+ h->pid_high = smb_swap16((unsigned short)(pid >> 16));
+ h->pid = smb_swap16((unsigned short) pid);
+}
+
+static CURLcode smb_send(struct connectdata *conn, ssize_t len,
+ size_t upload_size)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ ssize_t bytes_written;
+ CURLcode result;
+
+ result = Curl_write(conn, FIRSTSOCKET, conn->data->state.uploadbuffer,
+ len, &bytes_written);
+ if(result)
+ return result;
+
+ if(bytes_written != len) {
+ smbc->send_size = len;
+ smbc->sent = bytes_written;
+ }
+
+ smbc->upload_size = upload_size;
+
+ return CURLE_OK;
+}
+
+static CURLcode smb_flush(struct connectdata *conn)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ ssize_t bytes_written;
+ ssize_t len = smbc->send_size - smbc->sent;
+ CURLcode result;
+
+ if(!smbc->send_size)
+ return CURLE_OK;
+
+ result = Curl_write(conn, FIRSTSOCKET,
+ conn->data->state.uploadbuffer + smbc->sent,
+ len, &bytes_written);
+ if(result)
+ return result;
+
+ if(bytes_written != len)
+ smbc->sent += bytes_written;
+ else
+ smbc->send_size = 0;
+
+ return CURLE_OK;
+}
+
+static CURLcode smb_send_message(struct connectdata *conn, unsigned char cmd,
+ const void *msg, size_t msg_len)
+{
+ smb_format_message(conn, (struct smb_header *)conn->data->state.uploadbuffer,
+ cmd, msg_len);
+ memcpy(conn->data->state.uploadbuffer + sizeof(struct smb_header),
+ msg, msg_len);
+
+ return smb_send(conn, sizeof(struct smb_header) + msg_len, 0);
+}
+
+static CURLcode smb_send_negotiate(struct connectdata *conn)
+{
+ const char *msg = "\x00\x0c\x00\x02NT LM 0.12";
+
+ return smb_send_message(conn, SMB_COM_NEGOTIATE, msg, 15);
+}
+
+static CURLcode smb_send_setup(struct connectdata *conn)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ struct smb_setup msg;
+ char *p = msg.bytes;
+ unsigned char lm_hash[21];
+ unsigned char lm[24];
+ unsigned char nt_hash[21];
+ unsigned char nt[24];
+
+ size_t byte_count = sizeof(lm) + sizeof(nt);
+ byte_count += strlen(smbc->user) + strlen(smbc->domain);
+ byte_count += strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */
+ if(byte_count > sizeof(msg.bytes))
+ return CURLE_FILESIZE_EXCEEDED;
+
+ Curl_ntlm_core_mk_lm_hash(conn->data, conn->passwd, lm_hash);
+ Curl_ntlm_core_lm_resp(lm_hash, smbc->challenge, lm);
+#ifdef USE_NTRESPONSES
+ Curl_ntlm_core_mk_nt_hash(conn->data, conn->passwd, nt_hash);
+ Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt);
+#else
+ memset(nt, 0, sizeof(nt));
+#endif
+
+ memset(&msg, 0, sizeof(msg));
+ msg.word_count = SMB_WC_SETUP_ANDX;
+ msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
+ msg.max_buffer_size = smb_swap16(MAX_MESSAGE_SIZE);
+ msg.max_mpx_count = smb_swap16(1);
+ msg.vc_number = smb_swap16(1);
+ msg.session_key = smb_swap32(smbc->session_key);
+ msg.capabilities = smb_swap32(SMB_CAP_LARGE_FILES);
+ msg.lengths[0] = smb_swap16(sizeof(lm));
+ msg.lengths[1] = smb_swap16(sizeof(nt));
+ memcpy(p, lm, sizeof(lm));
+ p += sizeof(lm);
+ memcpy(p, nt, sizeof(nt));
+ p += sizeof(nt);
+ MSGCATNULL(smbc->user);
+ MSGCATNULL(smbc->domain);
+ MSGCATNULL(OS);
+ MSGCATNULL(CLIENTNAME);
+ byte_count = p - msg.bytes;
+ msg.byte_count = smb_swap16((unsigned short)byte_count);
+
+ return smb_send_message(conn, SMB_COM_SETUP_ANDX, &msg,
+ sizeof(msg) - sizeof(msg.bytes) + byte_count);
+}
+
+static CURLcode smb_send_tree_connect(struct connectdata *conn)
+{
+ struct smb_request *req = conn->data->req.protop;
+ struct smb_tree_connect msg;
+ char *p = msg.bytes;
+
+ size_t byte_count = strlen(conn->host.name) + strlen(req->share);
+ byte_count += strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */
+ if(byte_count > sizeof(msg.bytes))
+ return CURLE_FILESIZE_EXCEEDED;
+
+ memset(&msg, 0, sizeof(msg));
+ msg.word_count = SMB_WC_TREE_CONNECT_ANDX;
+ msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
+ msg.pw_len = 0;
+ MSGCAT("\\\\");
+ MSGCAT(conn->host.name);
+ MSGCAT("\\");
+ MSGCATNULL(req->share);
+ MSGCATNULL(SERVICENAME); /* Match any type of service */
+ byte_count = p - msg.bytes;
+ msg.byte_count = smb_swap16((unsigned short)byte_count);
+
+ return smb_send_message(conn, SMB_COM_TREE_CONNECT_ANDX, &msg,
+ sizeof(msg) - sizeof(msg.bytes) + byte_count);
+}
+
+static CURLcode smb_send_open(struct connectdata *conn)
+{
+ struct smb_request *req = conn->data->req.protop;
+ struct smb_nt_create msg;
+ size_t byte_count;
+
+ if((strlen(req->path) + 1) > sizeof(msg.bytes))
+ return CURLE_FILESIZE_EXCEEDED;
+
+ memset(&msg, 0, sizeof(msg));
+ msg.word_count = SMB_WC_NT_CREATE_ANDX;
+ msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
+ byte_count = strlen(req->path);
+ msg.name_length = smb_swap16((unsigned short)byte_count);
+ msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
+ if(conn->data->set.upload) {
+ msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
+ msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
+ }
+ else {
+ msg.access = smb_swap32(SMB_GENERIC_READ);
+ msg.create_disposition = smb_swap32(SMB_FILE_OPEN);
+ }
+ msg.byte_count = smb_swap16((unsigned short) ++byte_count);
+ strcpy(msg.bytes, req->path);
+
+ return smb_send_message(conn, SMB_COM_NT_CREATE_ANDX, &msg,
+ sizeof(msg) - sizeof(msg.bytes) + byte_count);
+}
+
+static CURLcode smb_send_close(struct connectdata *conn)
+{
+ struct smb_request *req = conn->data->req.protop;
+ struct smb_close msg;
+
+ memset(&msg, 0, sizeof(msg));
+ msg.word_count = SMB_WC_CLOSE;
+ msg.fid = smb_swap16(req->fid);
+
+ return smb_send_message(conn, SMB_COM_CLOSE, &msg, sizeof(msg));
+}
+
+static CURLcode smb_send_tree_disconnect(struct connectdata *conn)
+{
+ struct smb_tree_disconnect msg;
+
+ memset(&msg, 0, sizeof(msg));
+
+ return smb_send_message(conn, SMB_COM_TREE_DISCONNECT, &msg, sizeof(msg));
+}
+
+static CURLcode smb_send_read(struct connectdata *conn)
+{
+ struct smb_request *req = conn->data->req.protop;
+ curl_off_t offset = conn->data->req.offset;
+ struct smb_read msg;
+
+ memset(&msg, 0, sizeof(msg));
+ msg.word_count = SMB_WC_READ_ANDX;
+ msg.andx.command = SMB_COM_NO_ANDX_COMMAND;
+ msg.fid = smb_swap16(req->fid);
+ msg.offset = smb_swap32((unsigned int) offset);
+ msg.offset_high = smb_swap32((unsigned int) (offset >> 32));
+ msg.min_bytes = smb_swap16(MAX_PAYLOAD_SIZE);
+ msg.max_bytes = smb_swap16(MAX_PAYLOAD_SIZE);
+
+ return smb_send_message(conn, SMB_COM_READ_ANDX, &msg, sizeof(msg));
+}
+
+static CURLcode smb_send_write(struct connectdata *conn)
+{
+ struct smb_write *msg = (struct smb_write *)conn->data->state.uploadbuffer;
+ struct smb_request *req = conn->data->req.protop;
+ curl_off_t offset = conn->data->req.offset;
+
+ curl_off_t upload_size = conn->data->req.size - conn->data->req.bytecount;
+ if(upload_size >= MAX_PAYLOAD_SIZE - 1) /* There is one byte of padding */
+ upload_size = MAX_PAYLOAD_SIZE - 1;
+
+ memset(msg, 0, sizeof(*msg));
+ msg->word_count = SMB_WC_WRITE_ANDX;
+ msg->andx.command = SMB_COM_NO_ANDX_COMMAND;
+ msg->fid = smb_swap16(req->fid);
+ msg->offset = smb_swap32((unsigned int) offset);
+ msg->offset_high = smb_swap32((unsigned int) (offset >> 32));
+ msg->data_length = smb_swap16((unsigned short) upload_size);
+ msg->data_offset = smb_swap16(sizeof(*msg) - sizeof(unsigned int));
+ msg->byte_count = smb_swap16((unsigned short) (upload_size + 1));
+
+ smb_format_message(conn, &msg->h, SMB_COM_WRITE_ANDX,
+ sizeof(*msg) - sizeof(msg->h) + (size_t) upload_size);
+
+ return smb_send(conn, sizeof(*msg), (size_t) upload_size);
+}
+
+static CURLcode smb_send_and_recv(struct connectdata *conn, void **msg)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ CURLcode result;
+
+ /* Check if there is data in the transfer buffer */
+ if(!smbc->send_size && smbc->upload_size) {
+ int nread = smbc->upload_size > UPLOAD_BUFSIZE ? UPLOAD_BUFSIZE :
+ (int) smbc->upload_size;
+ conn->data->req.upload_fromhere = conn->data->state.uploadbuffer;
+ result = Curl_fillreadbuffer(conn, nread, &nread);
+ if(result && result != CURLE_AGAIN)
+ return result;
+ if(!nread)
+ return CURLE_OK;
+
+ smbc->upload_size -= nread;
+ smbc->send_size = nread;
+ smbc->sent = 0;
+ }
+
+ /* Check if there is data to send */
+ if(smbc->send_size) {
+ result = smb_flush(conn);
+ if(result)
+ return result;
+ }
+
+ /* Check if there is still data to be sent */
+ if(smbc->send_size || smbc->upload_size)
+ return CURLE_AGAIN;
+
+ return smb_recv_message(conn, msg);
+}
+
+static CURLcode smb_connection_state(struct connectdata *conn, bool *done)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ struct smb_negotiate_response *nrsp;
+ struct smb_header *h;
+ CURLcode result;
+ void *msg = NULL;
+
+ if(smbc->state == SMB_CONNECTING) {
+#ifdef USE_SSL
+ if((conn->handler->flags & PROTOPT_SSL)) {
+ bool ssl_done = FALSE;
+ result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &ssl_done);
+ if(result && result != CURLE_AGAIN)
+ return result;
+ if(!ssl_done)
+ return CURLE_OK;
+ }
+#endif
+
+ result = smb_send_negotiate(conn);
+ if(result) {
+ connclose(conn, "SMB: failed to send negotiate message");
+ return result;
+ }
+
+ conn_state(conn, SMB_NEGOTIATE);
+ }
+
+ /* Send the previous message and check for a response */
+ result = smb_send_and_recv(conn, &msg);
+ if(result && result != CURLE_AGAIN) {
+ connclose(conn, "SMB: failed to communicate");
+ return result;
+ }
+
+ if(!msg)
+ return CURLE_OK;
+
+ h = msg;
+
+ switch(smbc->state) {
+ case SMB_NEGOTIATE:
+ if(h->status || smbc->got < sizeof(*nrsp) + sizeof(smbc->challenge) - 1) {
+ connclose(conn, "SMB: negotiation failed");
+ return CURLE_COULDNT_CONNECT;
+ }
+ nrsp = msg;
+ memcpy(smbc->challenge, nrsp->bytes, sizeof(smbc->challenge));
+ smbc->session_key = smb_swap32(nrsp->session_key);
+ result = smb_send_setup(conn);
+ if(result) {
+ connclose(conn, "SMB: failed to send setup message");
+ return result;
+ }
+ conn_state(conn, SMB_SETUP);
+ break;
+
+ case SMB_SETUP:
+ if(h->status) {
+ connclose(conn, "SMB: authentication failed");
+ return CURLE_LOGIN_DENIED;
+ }
+ smbc->uid = smb_swap16(h->uid);
+ conn_state(conn, SMB_CONNECTED);
+ *done = true;
+ break;
+
+ default:
+ smb_pop_message(conn);
+ return CURLE_OK; /* ignore */
+ }
+
+ smb_pop_message(conn);
+
+ return CURLE_OK;
+}
+
+/*
+ * Convert a timestamp from the Windows world (100 nsec units from
+ * 1 Jan 1601) to Posix time.
+ */
+static void get_posix_time(long *_out, const void *_in)
+{
+#ifdef HAVE_LONGLONG
+ long long timestamp = *(long long *) _in;
+#else
+ unsigned __int64 timestamp = *(unsigned __int64 *) _in;
+#endif
+
+ timestamp -= 116444736000000000ULL;
+ timestamp /= 10000000;
+ *_out = (long) timestamp;
+}
+
+static CURLcode smb_request_state(struct connectdata *conn, bool *done)
+{
+ struct smb_request *req = conn->data->req.protop;
+ struct smb_header *h;
+ struct smb_conn *smbc = &conn->proto.smbc;
+ enum smb_req_state next_state = SMB_DONE;
+ unsigned short len;
+ unsigned short off;
+ CURLcode result;
+ void *msg = NULL;
+ const struct smb_nt_create_response *smb_m;
+
+ /* Start the request */
+ if(req->state == SMB_REQUESTING) {
+ result = smb_send_tree_connect(conn);
+ if(result) {
+ connclose(conn, "SMB: failed to send tree connect message");
+ return result;
+ }
+
+ request_state(conn, SMB_TREE_CONNECT);
+ }
+
+ /* Send the previous message and check for a response */
+ result = smb_send_and_recv(conn, &msg);
+ if(result && result != CURLE_AGAIN) {
+ connclose(conn, "SMB: failed to communicate");
+ return result;
+ }
+
+ if(!msg)
+ return CURLE_OK;
+
+ h = msg;
+
+ switch(req->state) {
+ case SMB_TREE_CONNECT:
+ if(h->status) {
+ req->result = CURLE_REMOTE_FILE_NOT_FOUND;
+ if(h->status == smb_swap32(SMB_ERR_NOACCESS))
+ req->result = CURLE_REMOTE_ACCESS_DENIED;
+ break;
+ }
+ req->tid = smb_swap16(h->tid);
+ next_state = SMB_OPEN;
+ break;
+
+ case SMB_OPEN:
+ if(h->status || smbc->got < sizeof(struct smb_nt_create_response)) {
+ req->result = CURLE_REMOTE_FILE_NOT_FOUND;
+ next_state = SMB_TREE_DISCONNECT;
+ break;
+ }
+ smb_m = (const struct smb_nt_create_response*) msg;
+ req->fid = smb_swap16(smb_m->fid);
+ conn->data->req.offset = 0;
+ if(conn->data->set.upload) {
+ conn->data->req.size = conn->data->state.infilesize;
+ Curl_pgrsSetUploadSize(conn->data, conn->data->req.size);
+ next_state = SMB_UPLOAD;
+ }
+ else {
+ smb_m = (const struct smb_nt_create_response*) msg;
+ conn->data->req.size = smb_swap64(smb_m->end_of_file);
+ Curl_pgrsSetDownloadSize(conn->data, conn->data->req.size);
+ if(conn->data->set.get_filetime)
+ get_posix_time(&conn->data->info.filetime, &smb_m->last_change_time);
+ next_state = SMB_DOWNLOAD;
+ }
+ break;
+
+ case SMB_DOWNLOAD:
+ if(h->status || smbc->got < sizeof(struct smb_header) + 14) {
+ req->result = CURLE_RECV_ERROR;
+ next_state = SMB_CLOSE;
+ break;
+ }
+ len = Curl_read16_le(((const unsigned char *) msg) +
+ sizeof(struct smb_header) + 11);
+ off = Curl_read16_le(((const unsigned char *) msg) +
+ sizeof(struct smb_header) + 13);
+ if(len > 0) {
+ if(off + sizeof(unsigned int) + len > smbc->got) {
+ failf(conn->data, "Invalid input packet");
+ result = CURLE_RECV_ERROR;
+ }
+ else
+ result = Curl_client_write(conn, CLIENTWRITE_BODY,
+ (char *)msg + off + sizeof(unsigned int),
+ len);
+ if(result) {
+ req->result = result;
+ next_state = SMB_CLOSE;
+ break;
+ }
+ }
+ conn->data->req.bytecount += len;
+ conn->data->req.offset += len;
+ Curl_pgrsSetDownloadCounter(conn->data, conn->data->req.bytecount);
+ next_state = (len < MAX_PAYLOAD_SIZE) ? SMB_CLOSE : SMB_DOWNLOAD;
+ break;
+
+ case SMB_UPLOAD:
+ if(h->status || smbc->got < sizeof(struct smb_header) + 6) {
+ req->result = CURLE_UPLOAD_FAILED;
+ next_state = SMB_CLOSE;
+ break;
+ }
+ len = Curl_read16_le(((const unsigned char *) msg) +
+ sizeof(struct smb_header) + 5);
+ conn->data->req.bytecount += len;
+ conn->data->req.offset += len;
+ Curl_pgrsSetUploadCounter(conn->data, conn->data->req.bytecount);
+ if(conn->data->req.bytecount >= conn->data->req.size)
+ next_state = SMB_CLOSE;
+ else
+ next_state = SMB_UPLOAD;
+ break;
+
+ case SMB_CLOSE:
+ /* We don't care if the close failed, proceed to tree disconnect anyway */
+ next_state = SMB_TREE_DISCONNECT;
+ break;
+
+ case SMB_TREE_DISCONNECT:
+ next_state = SMB_DONE;
+ break;
+
+ default:
+ smb_pop_message(conn);
+ return CURLE_OK; /* ignore */
+ }
+
+ smb_pop_message(conn);
+
+ switch(next_state) {
+ case SMB_OPEN:
+ result = smb_send_open(conn);
+ break;
+
+ case SMB_DOWNLOAD:
+ result = smb_send_read(conn);
+ break;
+
+ case SMB_UPLOAD:
+ result = smb_send_write(conn);
+ break;
+
+ case SMB_CLOSE:
+ result = smb_send_close(conn);
+ break;
+
+ case SMB_TREE_DISCONNECT:
+ result = smb_send_tree_disconnect(conn);
+ break;
+
+ case SMB_DONE:
+ result = req->result;
+ *done = true;
+ break;
+
+ default:
+ break;
+ }
+
+ if(result) {
+ connclose(conn, "SMB: failed to send message");
+ return result;
+ }
+
+ request_state(conn, next_state);
+
+ return CURLE_OK;
+}
+
+static CURLcode smb_done(struct connectdata *conn, CURLcode status,
+ bool premature)
+{
+ struct smb_request *req = conn->data->req.protop;
+
+ (void) premature;
+
+ Curl_safefree(req->share);
+ Curl_safefree(conn->data->req.protop);
+
+ return status;
+}
+
+static CURLcode smb_disconnect(struct connectdata *conn, bool dead)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+ struct smb_request *req = conn->data->req.protop;
+
+ (void) dead;
+
+ Curl_safefree(smbc->domain);
+ Curl_safefree(smbc->recv_buf);
+
+ /* smb_done is not always called, so cleanup the request */
+ if(req) {
+ Curl_safefree(req->share);
+ }
+
+ return CURLE_OK;
+}
+
+static int smb_getsock(struct connectdata *conn, curl_socket_t *socks,
+ int numsocks)
+{
+ struct smb_conn *smbc = &conn->proto.smbc;
+
+ if(!numsocks)
+ return GETSOCK_BLANK;
+
+ socks[0] = conn->sock[FIRSTSOCKET];
+
+ if(smbc->send_size || smbc->upload_size)
+ return GETSOCK_WRITESOCK(0);
+
+ return GETSOCK_READSOCK(0);
+}
+
+static CURLcode smb_parse_url_path(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct smb_request *req = data->req.protop;
+ char *path;
+ char *slash;
+
+ /* URL decode the path */
+ result = Curl_urldecode(data, data->state.path, 0, &path, NULL, TRUE);
+ if(result)
+ return result;
+
+ /* Parse the path for the share */
+ req->share = strdup((*path == '/' || *path == '\\') ? path + 1 : path);
+ if(!req->share) {
+ free(path);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ slash = strchr(req->share, '/');
+ if(!slash)
+ slash = strchr(req->share, '\\');
+
+ /* The share must be present */
+ if(!slash) {
+ free(path);
+
+ return CURLE_URL_MALFORMAT;
+ }
+
+ /* Parse the path for the file path converting any forward slashes into
+ backslashes */
+ *slash++ = 0;
+ req->path = slash;
+ for(; *slash; slash++) {
+ if(*slash == '/')
+ *slash = '\\';
+ }
+
+ free(path);
+
+ return CURLE_OK;
+}
+
+#endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */
+
+#endif /* CURL_DISABLE_SMB && USE_NTLM && CURL_SIZEOF_CURL_OFF_T > 4 */
diff --git a/libs/libcurl/src/smb.h b/libs/libcurl/src/smb.h
new file mode 100644
index 0000000000..1a4f66e5a8
--- /dev/null
+++ b/libs/libcurl/src/smb.h
@@ -0,0 +1,271 @@
+#ifndef HEADER_CURL_SMB_H
+#define HEADER_CURL_SMB_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+enum smb_conn_state {
+ SMB_NOT_CONNECTED = 0,
+ SMB_CONNECTING,
+ SMB_NEGOTIATE,
+ SMB_SETUP,
+ SMB_CONNECTED
+};
+
+struct smb_conn {
+ enum smb_conn_state state;
+ char *user;
+ char *domain;
+ unsigned char challenge[8];
+ unsigned int session_key;
+ unsigned short uid;
+ char *recv_buf;
+ size_t upload_size;
+ size_t send_size;
+ size_t sent;
+ size_t got;
+};
+
+/*
+ * Definitions for SMB protocol data structures
+ */
+#ifdef BUILDING_CURL_SMB_C
+
+#if defined(_MSC_VER) || defined(__ILEC400__)
+# define PACK
+# pragma pack(push)
+# pragma pack(1)
+#elif defined(__GNUC__)
+# define PACK __attribute__((packed))
+#else
+# define PACK
+#endif
+
+#define SMB_COM_CLOSE 0x04
+#define SMB_COM_READ_ANDX 0x2e
+#define SMB_COM_WRITE_ANDX 0x2f
+#define SMB_COM_TREE_DISCONNECT 0x71
+#define SMB_COM_NEGOTIATE 0x72
+#define SMB_COM_SETUP_ANDX 0x73
+#define SMB_COM_TREE_CONNECT_ANDX 0x75
+#define SMB_COM_NT_CREATE_ANDX 0xa2
+#define SMB_COM_NO_ANDX_COMMAND 0xff
+
+#define SMB_WC_CLOSE 0x03
+#define SMB_WC_READ_ANDX 0x0c
+#define SMB_WC_WRITE_ANDX 0x0e
+#define SMB_WC_SETUP_ANDX 0x0d
+#define SMB_WC_TREE_CONNECT_ANDX 0x04
+#define SMB_WC_NT_CREATE_ANDX 0x18
+
+#define SMB_FLAGS_CANONICAL_PATHNAMES 0x10
+#define SMB_FLAGS_CASELESS_PATHNAMES 0x08
+#define SMB_FLAGS2_UNICODE_STRINGS 0x8000
+#define SMB_FLAGS2_IS_LONG_NAME 0x0040
+#define SMB_FLAGS2_KNOWS_LONG_NAME 0x0001
+
+#define SMB_CAP_LARGE_FILES 0x08
+#define SMB_GENERIC_WRITE 0x40000000
+#define SMB_GENERIC_READ 0x80000000
+#define SMB_FILE_SHARE_ALL 0x07
+#define SMB_FILE_OPEN 0x01
+#define SMB_FILE_OVERWRITE_IF 0x05
+
+#define SMB_ERR_NOACCESS 0x00050001
+
+struct smb_header {
+ unsigned char nbt_type;
+ unsigned char nbt_flags;
+ unsigned short nbt_length;
+ unsigned char magic[4];
+ unsigned char command;
+ unsigned int status;
+ unsigned char flags;
+ unsigned short flags2;
+ unsigned short pid_high;
+ unsigned char signature[8];
+ unsigned short pad;
+ unsigned short tid;
+ unsigned short pid;
+ unsigned short uid;
+ unsigned short mid;
+} PACK;
+
+struct smb_negotiate_response {
+ struct smb_header h;
+ unsigned char word_count;
+ unsigned short dialect_index;
+ unsigned char security_mode;
+ unsigned short max_mpx_count;
+ unsigned short max_number_vcs;
+ unsigned int max_buffer_size;
+ unsigned int max_raw_size;
+ unsigned int session_key;
+ unsigned int capabilities;
+ unsigned int system_time_low;
+ unsigned int system_time_high;
+ unsigned short server_time_zone;
+ unsigned char encryption_key_length;
+ unsigned short byte_count;
+ char bytes[1];
+} PACK;
+
+struct andx {
+ unsigned char command;
+ unsigned char pad;
+ unsigned short offset;
+} PACK;
+
+struct smb_setup {
+ unsigned char word_count;
+ struct andx andx;
+ unsigned short max_buffer_size;
+ unsigned short max_mpx_count;
+ unsigned short vc_number;
+ unsigned int session_key;
+ unsigned short lengths[2];
+ unsigned int pad;
+ unsigned int capabilities;
+ unsigned short byte_count;
+ char bytes[1024];
+} PACK;
+
+struct smb_tree_connect {
+ unsigned char word_count;
+ struct andx andx;
+ unsigned short flags;
+ unsigned short pw_len;
+ unsigned short byte_count;
+ char bytes[1024];
+} PACK;
+
+struct smb_nt_create {
+ unsigned char word_count;
+ struct andx andx;
+ unsigned char pad;
+ unsigned short name_length;
+ unsigned int flags;
+ unsigned int root_fid;
+ unsigned int access;
+#ifdef HAVE_LONGLONG
+ unsigned long long allocation_size;
+#else
+ unsigned __int64 allocation_size;
+#endif
+ unsigned int ext_file_attributes;
+ unsigned int share_access;
+ unsigned int create_disposition;
+ unsigned int create_options;
+ unsigned int impersonation_level;
+ unsigned char security_flags;
+ unsigned short byte_count;
+ char bytes[1024];
+} PACK;
+
+struct smb_nt_create_response {
+ struct smb_header h;
+ unsigned char word_count;
+ struct andx andx;
+ unsigned char op_lock_level;
+ unsigned short fid;
+ unsigned int create_disposition;
+#ifdef HAVE_LONGLONG
+ unsigned long long create_time;
+ unsigned long long last_access_time;
+ unsigned long long last_write_time;
+ unsigned long long last_change_time;
+#else
+ unsigned __int64 create_time;
+ unsigned __int64 last_access_time;
+ unsigned __int64 last_write_time;
+ unsigned __int64 last_change_time;
+#endif
+ unsigned int ext_file_attributes;
+#ifdef HAVE_LONGLONG
+ unsigned long long allocation_size;
+ unsigned long long end_of_file;
+#else
+ unsigned __int64 allocation_size;
+ unsigned __int64 end_of_file;
+#endif
+} PACK;
+
+struct smb_read {
+ unsigned char word_count;
+ struct andx andx;
+ unsigned short fid;
+ unsigned int offset;
+ unsigned short max_bytes;
+ unsigned short min_bytes;
+ unsigned int timeout;
+ unsigned short remaining;
+ unsigned int offset_high;
+ unsigned short byte_count;
+} PACK;
+
+struct smb_write {
+ struct smb_header h;
+ unsigned char word_count;
+ struct andx andx;
+ unsigned short fid;
+ unsigned int offset;
+ unsigned int timeout;
+ unsigned short write_mode;
+ unsigned short remaining;
+ unsigned short pad;
+ unsigned short data_length;
+ unsigned short data_offset;
+ unsigned int offset_high;
+ unsigned short byte_count;
+ unsigned char pad2;
+} PACK;
+
+struct smb_close {
+ unsigned char word_count;
+ unsigned short fid;
+ unsigned int last_mtime;
+ unsigned short byte_count;
+} PACK;
+
+struct smb_tree_disconnect {
+ unsigned char word_count;
+ unsigned short byte_count;
+} PACK;
+
+#if defined(_MSC_VER) || defined(__ILEC400__)
+# pragma pack(pop)
+#endif
+
+#endif /* BUILDING_CURL_SMB_C */
+
+#if !defined(CURL_DISABLE_SMB) && defined(USE_NTLM) && \
+ (CURL_SIZEOF_CURL_OFF_T > 4)
+
+#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
+
+extern const struct Curl_handler Curl_handler_smb;
+extern const struct Curl_handler Curl_handler_smbs;
+
+#endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */
+
+#endif /* CURL_DISABLE_SMB && USE_NTLM && CURL_SIZEOF_CURL_OFF_T > 4 */
+
+#endif /* HEADER_CURL_SMB_H */
diff --git a/libs/libcurl/src/smtp.c b/libs/libcurl/src/smtp.c
index 9626a30d83..44ee2e9f8f 100644
--- a/libs/libcurl/src/smtp.c
+++ b/libs/libcurl/src/smtp.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,10 +24,12 @@
* RFC3207 SMTP over TLS
* RFC4422 Simple Authentication and Security Layer (SASL)
* RFC4616 PLAIN authentication
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
* RFC4954 SMTP Authentication
* RFC5321 SMTP protocol
* RFC6749 OAuth 2.0 Authorization Framework
- * Draft SMTP URL Interface
+ * Draft SMTP URL Interface <draft-earhart-url-smtp-00.txt>
+ * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
***************************************************************************/
@@ -60,33 +62,28 @@
#include <curl/curl.h>
#include "urldata.h"
#include "sendf.h"
-#include "if2ip.h"
#include "hostip.h"
#include "progress.h"
#include "transfer.h"
#include "escape.h"
#include "http.h" /* for HTTP proxy tunnel stuff */
+#include "mime.h"
#include "socks.h"
#include "smtp.h"
-
#include "strtoofft.h"
-#include "strequal.h"
-#include "sslgen.h"
+#include "strcase.h"
+#include "vtls/vtls.h"
#include "connect.h"
#include "strerror.h"
#include "select.h"
#include "multiif.h"
#include "url.h"
-#include "rawstr.h"
#include "curl_gethostname.h"
#include "curl_sasl.h"
#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/* Local API functions */
@@ -103,6 +100,11 @@ static CURLcode smtp_doing(struct connectdata *conn, bool *dophase_done);
static CURLcode smtp_setup_connection(struct connectdata *conn);
static CURLcode smtp_parse_url_options(struct connectdata *conn);
static CURLcode smtp_parse_url_path(struct connectdata *conn);
+static CURLcode smtp_parse_custom_request(struct connectdata *conn);
+static CURLcode smtp_perform_auth(struct connectdata *conn, const char *mech,
+ const char *initresp);
+static CURLcode smtp_continue_auth(struct connectdata *conn, const char *resp);
+static void smtp_get_message(char *buffer, char **outptr);
/*
* SMTP protocol handler.
@@ -123,9 +125,11 @@ const struct Curl_handler Curl_handler_smtp = {
ZERO_NULL, /* perform_getsock */
smtp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_SMTP, /* defport */
CURLPROTO_SMTP, /* protocol */
- PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
+ PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY | /* flags */
+ PROTOPT_URLOPTIONS
};
#ifdef USE_SSL
@@ -148,69 +152,33 @@ const struct Curl_handler Curl_handler_smtps = {
ZERO_NULL, /* perform_getsock */
smtp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_SMTPS, /* defport */
- CURLPROTO_SMTP | CURLPROTO_SMTPS, /* protocol */
+ CURLPROTO_SMTPS, /* protocol */
PROTOPT_CLOSEACTION | PROTOPT_SSL
- | PROTOPT_NOURLQUERY /* flags */
+ | PROTOPT_NOURLQUERY | PROTOPT_URLOPTIONS /* flags */
};
#endif
-#ifndef CURL_DISABLE_HTTP
-/*
- * HTTP-proxyed SMTP protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_smtp_proxy = {
- "SMTP", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_SMTP, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
-};
-
-#ifdef USE_SSL
-/*
- * HTTP-proxyed SMTPS protocol handler.
- */
-
-static const struct Curl_handler Curl_handler_smtps_proxy = {
- "SMTPS", /* scheme */
- Curl_http_setup_conn, /* setup_connection */
- Curl_http, /* do_it */
- Curl_http_done, /* done */
- ZERO_NULL, /* do_more */
- ZERO_NULL, /* connect_it */
- ZERO_NULL, /* connecting */
- ZERO_NULL, /* doing */
- ZERO_NULL, /* proto_getsock */
- ZERO_NULL, /* doing_getsock */
- ZERO_NULL, /* domore_getsock */
- ZERO_NULL, /* perform_getsock */
- ZERO_NULL, /* disconnect */
- ZERO_NULL, /* readwrite */
- PORT_SMTPS, /* defport */
- CURLPROTO_HTTP, /* protocol */
- PROTOPT_NONE /* flags */
+/* SASL parameters for the smtp protocol */
+static const struct SASLproto saslsmtp = {
+ "smtp", /* The service name */
+ 334, /* Code received when continuation is expected */
+ 235, /* Code to receive upon authentication success */
+ 512 - 8, /* Maximum initial response length (no max) */
+ smtp_perform_auth, /* Send authentication command */
+ smtp_continue_auth, /* Send authentication continuation */
+ smtp_get_message /* Get SASL response message */
};
-#endif
-#endif
#ifdef USE_SSL
static void smtp_to_smtps(struct connectdata *conn)
{
+ /* Change the connection handler */
conn->handler = &Curl_handler_smtps;
+
+ /* Set the connection's upgraded to TLS flag */
+ conn->tls_upgraded = TRUE;
}
#else
#define smtp_to_smtps(x) Curl_nop_stmt
@@ -218,7 +186,7 @@ static void smtp_to_smtps(struct connectdata *conn)
/***********************************************************************
*
- * pop3_endofresp()
+ * smtp_endofresp()
*
* Checks for an ending SMTP status code at the start of the given string, but
* also detects various capabilities from the EHLO response including the
@@ -229,78 +197,60 @@ static bool smtp_endofresp(struct connectdata *conn, char *line, size_t len,
{
struct smtp_conn *smtpc = &conn->proto.smtpc;
bool result = FALSE;
- size_t wordlen;
+ /* Nothing for us */
if(len < 4 || !ISDIGIT(line[0]) || !ISDIGIT(line[1]) || !ISDIGIT(line[2]))
- return FALSE; /* Nothing for us */
-
- /* Do we have a command response? */
- result = (line[3] == ' ') ? TRUE : FALSE;
- if(result)
+ return FALSE;
+
+ /* Do we have a command response? This should be the response code followed
+ by a space and optionally some text as per RFC-5321 and as outlined in
+ Section 4. Examples of RFC-4954 but some e-mail servers ignore this and
+ only send the response code instead as per Section 4.2. */
+ if(line[3] == ' ' || len == 5) {
+ result = TRUE;
*resp = curlx_sltosi(strtol(line, NULL, 10));
- /* Are we processing EHLO command data? */
- if(smtpc->state == SMTP_EHLO && (!result || (result && *resp/100 == 2))) {
- line += 4;
- len -= 4;
-
- /* Does the server support the STARTTLS capability? */
- if(len >= 8 && !memcmp(line, "STARTTLS", 8))
- smtpc->tls_supported = TRUE;
-
- /* Does the server support the SIZE capability? */
- else if(len >= 4 && !memcmp(line, "SIZE", 4))
- smtpc->size_supported = TRUE;
-
- /* Do we have the authentication mechanism list? */
- else if(len >= 5 && !memcmp(line, "AUTH ", 5)) {
- line += 5;
- len -= 5;
-
- /* Loop through the data line */
- for(;;) {
- while(len &&
- (*line == ' ' || *line == '\t' ||
- *line == '\r' || *line == '\n')) {
+ /* Make sure real server never sends internal value */
+ if(*resp == 1)
+ *resp = 0;
+ }
+ /* Do we have a multiline (continuation) response? */
+ else if(line[3] == '-' &&
+ (smtpc->state == SMTP_EHLO || smtpc->state == SMTP_COMMAND)) {
+ result = TRUE;
+ *resp = 1; /* Internal response code */
+ }
- line++;
- len--;
- }
+ return result;
+}
- if(!len)
- break;
+/***********************************************************************
+ *
+ * smtp_get_message()
+ *
+ * Gets the authentication message from the response buffer.
+ */
+static void smtp_get_message(char *buffer, char **outptr)
+{
+ size_t len = 0;
+ char *message = NULL;
- /* Extract the word */
- for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
- line[wordlen] != '\t' && line[wordlen] != '\r' &&
- line[wordlen] != '\n';)
- wordlen++;
+ /* Find the start of the message */
+ for(message = buffer + 4; *message == ' ' || *message == '\t'; message++)
+ ;
- /* Test the word for a matching authentication mechanism */
- if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_LOGIN))
- smtpc->authmechs |= SASL_MECH_LOGIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_PLAIN))
- smtpc->authmechs |= SASL_MECH_PLAIN;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_CRAM_MD5))
- smtpc->authmechs |= SASL_MECH_CRAM_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_DIGEST_MD5))
- smtpc->authmechs |= SASL_MECH_DIGEST_MD5;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_GSSAPI))
- smtpc->authmechs |= SASL_MECH_GSSAPI;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_EXTERNAL))
- smtpc->authmechs |= SASL_MECH_EXTERNAL;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_NTLM))
- smtpc->authmechs |= SASL_MECH_NTLM;
- else if(sasl_mech_equal(line, wordlen, SASL_MECH_STRING_XOAUTH2))
- smtpc->authmechs |= SASL_MECH_XOAUTH2;
+ /* Find the end of the message */
+ for(len = strlen(message); len--;)
+ if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
+ message[len] != '\t')
+ break;
- line += wordlen;
- len -= wordlen;
- }
- }
+ /* Terminate the message */
+ if(++len) {
+ message[len] = '\0';
}
- return result;
+ *outptr = message;
}
/***********************************************************************
@@ -321,16 +271,8 @@ static void state(struct connectdata *conn, smtpstate newstate)
"HELO",
"STARTTLS",
"UPGRADETLS",
- "AUTH_PLAIN",
- "AUTH_LOGIN",
- "AUTH_LOGIN_PASSWD",
- "AUTH_CRAMMD5",
- "AUTH_DIGESTMD5",
- "AUTH_DIGESTMD5_RESP",
- "AUTH_NTLM",
- "AUTH_NTLM_TYPE2MSG",
- "AUTH_XOAUTH2",
- "AUTH_FINAL",
+ "AUTH",
+ "COMMAND",
"MAIL",
"RCPT",
"DATA",
@@ -359,10 +301,11 @@ static CURLcode smtp_perform_ehlo(struct connectdata *conn)
CURLcode result = CURLE_OK;
struct smtp_conn *smtpc = &conn->proto.smtpc;
- smtpc->authmechs = 0; /* No known authentication mechanisms yet */
- smtpc->authused = 0; /* Clear the authentication mechanism used
- for esmtp connections */
- smtpc->tls_supported = FALSE; /* Clear the TLS capability */
+ smtpc->sasl.authmechs = SASL_AUTH_NONE; /* No known auth. mechanism yet */
+ smtpc->sasl.authused = SASL_AUTH_NONE; /* Clear the authentication mechanism
+ used for esmtp connections */
+ smtpc->tls_supported = FALSE; /* Clear the TLS capability */
+ smtpc->auth_supported = FALSE; /* Clear the AUTH capability */
/* Send the EHLO command */
result = Curl_pp_sendf(&smtpc->pp, "EHLO %s", smtpc->domain);
@@ -384,8 +327,8 @@ static CURLcode smtp_perform_helo(struct connectdata *conn)
CURLcode result = CURLE_OK;
struct smtp_conn *smtpc = &conn->proto.smtpc;
- smtpc->authused = 0; /* No authentication mechanism used in smtp
- connections */
+ smtpc->sasl.authused = SASL_AUTH_NONE; /* No authentication mechanism used
+ in smtp connections */
/* Send the HELO command */
result = Curl_pp_sendf(&smtpc->pp, "HELO %s", smtpc->domain);
@@ -444,117 +387,70 @@ static CURLcode smtp_perform_upgrade_tls(struct connectdata *conn)
/***********************************************************************
*
- * smtp_perform_authenticate()
+ * smtp_perform_auth()
*
- * Sends an AUTH command allowing the client to login with the appropriate
- * SASL authentication mechanism.
+ * Sends an AUTH command allowing the client to login with the given SASL
+ * authentication mechanism.
*/
-static CURLcode smtp_perform_authenticate(struct connectdata *conn)
+static CURLcode smtp_perform_auth(struct connectdata *conn,
+ const char *mech,
+ const char *initresp)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
struct smtp_conn *smtpc = &conn->proto.smtpc;
- const char *mech = NULL;
- char *initresp = NULL;
- size_t len = 0;
- smtpstate state1 = SMTP_STOP;
- smtpstate state2 = SMTP_STOP;
- /* Check we have a username and password to authenticate with and end the
- connect phase if we don't */
- if(!conn->bits.user_passwd) {
- state(conn, SMTP_STOP);
+ if(initresp) { /* AUTH <mech> ...<crlf> */
+ /* Send the AUTH command with the initial response */
+ result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);
+ }
+ else {
+ /* Send the AUTH command */
+ result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);
+ }
+
+ return result;
+}
+
+/***********************************************************************
+ *
+ * smtp_continue_auth()
+ *
+ * Sends SASL continuation data or cancellation.
+ */
+static CURLcode smtp_continue_auth(struct connectdata *conn, const char *resp)
+{
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+
+ return Curl_pp_sendf(&smtpc->pp, "%s", resp);
+}
+
+/***********************************************************************
+ *
+ * smtp_perform_authentication()
+ *
+ * Initiates the authentication sequence, with the appropriate SASL
+ * authentication mechanism.
+ */
+static CURLcode smtp_perform_authentication(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+ saslprogress progress;
+ /* Check we have enough data to authenticate with, and the
+ server supports authentiation, and end the connect phase if not */
+ if(!smtpc->auth_supported ||
+ !Curl_sasl_can_authenticate(&smtpc->sasl, conn)) {
+ state(conn, SMTP_STOP);
return result;
}
- /* Calculate the supported authentication mechanism, by decreasing order of
- security, as well as the initial response where appropriate */
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- if((smtpc->authmechs & SASL_MECH_DIGEST_MD5) &&
- (smtpc->prefmech & SASL_MECH_DIGEST_MD5)) {
- mech = SASL_MECH_STRING_DIGEST_MD5;
- state1 = SMTP_AUTH_DIGESTMD5;
- smtpc->authused = SASL_MECH_DIGEST_MD5;
- }
- else if((smtpc->authmechs & SASL_MECH_CRAM_MD5) &&
- (smtpc->prefmech & SASL_MECH_CRAM_MD5)) {
- mech = SASL_MECH_STRING_CRAM_MD5;
- state1 = SMTP_AUTH_CRAMMD5;
- smtpc->authused = SASL_MECH_CRAM_MD5;
- }
- else
-#endif
-#ifdef USE_NTLM
- if((smtpc->authmechs & SASL_MECH_NTLM) &&
- (smtpc->prefmech & SASL_MECH_NTLM)) {
- mech = SASL_MECH_STRING_NTLM;
- state1 = SMTP_AUTH_NTLM;
- state2 = SMTP_AUTH_NTLM_TYPE2MSG;
- smtpc->authused = SASL_MECH_NTLM;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &initresp, &len);
- }
- else
-#endif
- if(((smtpc->authmechs & SASL_MECH_XOAUTH2) &&
- (smtpc->prefmech & SASL_MECH_XOAUTH2) &&
- (smtpc->prefmech != SASL_AUTH_ANY)) || conn->xoauth2_bearer) {
- mech = SASL_MECH_STRING_XOAUTH2;
- state1 = SMTP_AUTH_XOAUTH2;
- state2 = SMTP_AUTH_FINAL;
- smtpc->authused = SASL_MECH_XOAUTH2;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &initresp, &len);
- }
- else if((smtpc->authmechs & SASL_MECH_LOGIN) &&
- (smtpc->prefmech & SASL_MECH_LOGIN)) {
- mech = SASL_MECH_STRING_LOGIN;
- state1 = SMTP_AUTH_LOGIN;
- state2 = SMTP_AUTH_LOGIN_PASSWD;
- smtpc->authused = SASL_MECH_LOGIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_login_message(conn->data, conn->user,
- &initresp, &len);
- }
- else if((smtpc->authmechs & SASL_MECH_PLAIN) &&
- (smtpc->prefmech & SASL_MECH_PLAIN)) {
- mech = SASL_MECH_STRING_PLAIN;
- state1 = SMTP_AUTH_PLAIN;
- state2 = SMTP_AUTH_FINAL;
- smtpc->authused = SASL_MECH_PLAIN;
-
- if(data->set.sasl_ir)
- result = Curl_sasl_create_plain_message(conn->data, conn->user,
- conn->passwd, &initresp, &len);
- }
+ /* Calculate the SASL login details */
+ result = Curl_sasl_start(&smtpc->sasl, conn, FALSE, &progress);
if(!result) {
- if(mech) {
- /* Perform SASL based authentication */
- if(initresp &&
- 8 + strlen(mech) + len <= 512) { /* AUTH <mech> ...<crlf> */
- result = Curl_pp_sendf(&smtpc->pp, "AUTH %s %s", mech, initresp);
-
- if(!result)
- state(conn, state2);
- }
- else {
- result = Curl_pp_sendf(&smtpc->pp, "AUTH %s", mech);
-
- if(!result)
- state(conn, state1);
- }
-
- Curl_safefree(initresp);
- }
+ if(progress == SASL_INPROGRESS)
+ state(conn, SMTP_AUTH);
else {
/* Other mechanisms not supported */
infof(conn->data, "No known authentication mechanisms supported!\n");
@@ -567,6 +463,35 @@ static CURLcode smtp_perform_authenticate(struct connectdata *conn)
/***********************************************************************
*
+ * smtp_perform_command()
+ *
+ * Sends a SMTP based command.
+ */
+static CURLcode smtp_perform_command(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
+
+ /* Send the command */
+ if(smtp->rcpt)
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s %s",
+ smtp->custom && smtp->custom[0] != '\0' ?
+ smtp->custom : "VRFY",
+ smtp->rcpt->data);
+ else
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s",
+ smtp->custom && smtp->custom[0] != '\0' ?
+ smtp->custom : "HELP");
+
+ if(!result)
+ state(conn, SMTP_COMMAND);
+
+ return result;
+}
+
+/***********************************************************************
+ *
* smtp_perform_mail()
*
* Sends an MAIL command to initiate the upload of a message.
@@ -577,7 +502,7 @@ static CURLcode smtp_perform_mail(struct connectdata *conn)
char *auth = NULL;
char *size = NULL;
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* Calculate the FROM parameter */
if(!data->set.str[STRING_MAIL_FROM])
@@ -592,7 +517,7 @@ static CURLcode smtp_perform_mail(struct connectdata *conn)
return CURLE_OUT_OF_MEMORY;
/* Calculate the optional AUTH parameter */
- if(data->set.str[STRING_MAIL_AUTH] && conn->proto.smtpc.authused) {
+ if(data->set.str[STRING_MAIL_AUTH] && conn->proto.smtpc.sasl.authused) {
if(data->set.str[STRING_MAIL_AUTH][0] != '\0')
auth = aprintf("%s", data->set.str[STRING_MAIL_AUTH]);
else
@@ -600,19 +525,51 @@ static CURLcode smtp_perform_mail(struct connectdata *conn)
auth = strdup("<>");
if(!auth) {
- Curl_safefree(from);
+ free(from);
return CURLE_OUT_OF_MEMORY;
}
}
+ /* Prepare the mime data if some. */
+ if(data->set.mimepost.kind != MIMEKIND_NONE) {
+ /* Use the whole structure as data. */
+ data->set.mimepost.flags &= ~MIME_BODY_ONLY;
+
+ /* Add external headers and mime version. */
+ curl_mime_headers(&data->set.mimepost, data->set.headers, 0);
+ result = Curl_mime_prepare_headers(&data->set.mimepost, NULL,
+ NULL, MIMESTRATEGY_MAIL);
+
+ if(!result)
+ if(!Curl_checkheaders(conn, "Mime-Version"))
+ result = Curl_mime_add_header(&data->set.mimepost.curlheaders,
+ "Mime-Version: 1.0");
+
+ /* Make sure we will read the entire mime structure. */
+ if(!result)
+ result = Curl_mime_rewind(&data->set.mimepost);
+
+ if(result) {
+ free(from);
+ free(auth);
+ return result;
+ }
+
+ data->state.infilesize = Curl_mime_size(&data->set.mimepost);
+
+ /* Read from mime structure. */
+ data->state.fread_func = (curl_read_callback) Curl_mime_read;
+ data->state.in = (void *) &data->set.mimepost;
+ }
+
/* Calculate the optional SIZE parameter */
- if(conn->proto.smtpc.size_supported && conn->data->set.infilesize > 0) {
- size = aprintf("%" FORMAT_OFF_T, data->set.infilesize);
+ if(conn->proto.smtpc.size_supported && data->state.infilesize > 0) {
+ size = aprintf("%" CURL_FORMAT_CURL_OFF_T, data->state.infilesize);
if(!size) {
- Curl_safefree(from);
- Curl_safefree(auth);
+ free(from);
+ free(auth);
return CURLE_OUT_OF_MEMORY;
}
@@ -632,9 +589,9 @@ static CURLcode smtp_perform_mail(struct connectdata *conn)
result = Curl_pp_sendf(&conn->proto.smtpc.pp,
"MAIL FROM:%s SIZE=%s", from, size);
- Curl_safefree(from);
- Curl_safefree(auth);
- Curl_safefree(size);
+ free(from);
+ free(auth);
+ free(size);
if(!result)
state(conn, SMTP_MAIL);
@@ -652,20 +609,18 @@ static CURLcode smtp_perform_mail(struct connectdata *conn)
static CURLcode smtp_perform_rcpt_to(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SMTP *smtp = data->req.protop;
/* Send the RCPT TO command */
- if(smtp->rcpt) {
- if(smtp->rcpt->data[0] == '<')
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:%s",
- smtp->rcpt->data);
- else
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s>",
- smtp->rcpt->data);
- if(!result)
- state(conn, SMTP_RCPT);
- }
+ if(smtp->rcpt->data[0] == '<')
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:%s",
+ smtp->rcpt->data);
+ else
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "RCPT TO:<%s>",
+ smtp->rcpt->data);
+ if(!result)
+ state(conn, SMTP_RCPT);
return result;
}
@@ -695,13 +650,13 @@ static CURLcode smtp_state_servergreet_resp(struct connectdata *conn,
smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
if(smtpcode/100 != 2) {
failf(data, "Got unexpected smtp-server response: %d", smtpcode);
- result = CURLE_FTP_WEIRD_SERVER_REPLY;
+ result = CURLE_WEIRD_SERVER_REPLY;
}
else
result = smtp_perform_ehlo(conn);
@@ -715,17 +670,17 @@ static CURLcode smtp_state_starttls_resp(struct connectdata *conn,
smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
if(smtpcode != 220) {
if(data->set.use_ssl != CURLUSESSL_TRY) {
- failf(data, "STARTTLS denied. %c", smtpcode);
+ failf(data, "STARTTLS denied, code %d", smtpcode);
result = CURLE_USE_SSL_FAILED;
}
else
- result = smtp_perform_authenticate(conn);
+ result = smtp_perform_authentication(conn);
}
else
result = smtp_perform_upgrade_tls(conn);
@@ -738,451 +693,207 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn, int smtpcode,
smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct smtp_conn *smtpc = &conn->proto.smtpc;
+ const char *line = data->state.buffer;
+ size_t len = strlen(line);
+ size_t wordlen;
(void)instate; /* no use for this yet */
- if(smtpcode/100 != 2) {
- if((data->set.use_ssl <= CURLUSESSL_TRY || conn->ssl[FIRSTSOCKET].use) &&
- !conn->bits.user_passwd)
+ if(smtpcode/100 != 2 && smtpcode != 1) {
+ if(data->set.use_ssl <= CURLUSESSL_TRY || conn->ssl[FIRSTSOCKET].use)
result = smtp_perform_helo(conn);
else {
failf(data, "Remote access denied: %d", smtpcode);
result = CURLE_REMOTE_ACCESS_DENIED;
}
}
- else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
- /* We don't have a SSL/TLS connection yet, but SSL is requested */
- if(smtpc->tls_supported)
- /* Switch to TLS connection now */
- result = smtp_perform_starttls(conn);
- else if(data->set.use_ssl == CURLUSESSL_TRY)
- /* Fallback and carry on with authentication */
- result = smtp_perform_authenticate(conn);
- else {
- failf(data, "STARTTLS not supported.");
- result = CURLE_USE_SSL_FAILED;
- }
- }
- else
- result = smtp_perform_authenticate(conn);
-
- return result;
-}
-
-/* For HELO responses */
-static CURLcode smtp_state_helo_resp(struct connectdata *conn, int smtpcode,
- smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(smtpcode/100 != 2) {
- failf(data, "Remote access denied: %d", smtpcode);
- result = CURLE_REMOTE_ACCESS_DENIED;
- }
- else
- /* End of connect phase */
- state(conn, SMTP_STOP);
-
- return result;
-}
-
-/* For AUTH PLAIN (without initial response) responses */
-static CURLcode smtp_state_auth_plain_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *plainauth = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
- }
else {
- /* Create the authorisation message */
- result = Curl_sasl_create_plain_message(conn->data, conn->user,
- conn->passwd, &plainauth, &len);
-
- /* Send the message */
- if(!result) {
- if(plainauth) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", plainauth);
-
- if(!result)
- state(conn, SMTP_AUTH_FINAL);
- }
-
- Curl_safefree(plainauth);
- }
- }
-
- return result;
-}
-
-/* For AUTH LOGIN (without initial response) responses */
-static CURLcode smtp_state_auth_login_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *authuser = NULL;
+ line += 4;
+ len -= 4;
- (void)instate; /* no use for this yet */
+ /* Does the server support the STARTTLS capability? */
+ if(len >= 8 && !memcmp(line, "STARTTLS", 8))
+ smtpc->tls_supported = TRUE;
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the user message */
- result = Curl_sasl_create_login_message(conn->data, conn->user,
- &authuser, &len);
+ /* Does the server support the SIZE capability? */
+ else if(len >= 4 && !memcmp(line, "SIZE", 4))
+ smtpc->size_supported = TRUE;
- /* Send the user */
- if(!result) {
- if(authuser) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", authuser);
+ /* Does the server support authentication? */
+ else if(len >= 5 && !memcmp(line, "AUTH ", 5)) {
+ smtpc->auth_supported = TRUE;
- if(!result)
- state(conn, SMTP_AUTH_LOGIN_PASSWD);
- }
+ /* Advance past the AUTH keyword */
+ line += 5;
+ len -= 5;
- Curl_safefree(authuser);
- }
- }
+ /* Loop through the data line */
+ for(;;) {
+ size_t llen;
+ unsigned int mechbit;
- return result;
-}
+ while(len &&
+ (*line == ' ' || *line == '\t' ||
+ *line == '\r' || *line == '\n')) {
-/* For AUTH LOGIN user entry responses */
-static CURLcode smtp_state_auth_login_password_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *authpasswd = NULL;
+ line++;
+ len--;
+ }
- (void)instate; /* no use for this yet */
+ if(!len)
+ break;
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the password message */
- result = Curl_sasl_create_login_message(conn->data, conn->passwd,
- &authpasswd, &len);
+ /* Extract the word */
+ for(wordlen = 0; wordlen < len && line[wordlen] != ' ' &&
+ line[wordlen] != '\t' && line[wordlen] != '\r' &&
+ line[wordlen] != '\n';)
+ wordlen++;
- /* Send the password */
- if(!result) {
- if(authpasswd) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", authpasswd);
+ /* Test the word for a matching authentication mechanism */
+ mechbit = Curl_sasl_decode_mech(line, wordlen, &llen);
+ if(mechbit && llen == wordlen)
+ smtpc->sasl.authmechs |= mechbit;
- if(!result)
- state(conn, SMTP_AUTH_FINAL);
+ line += wordlen;
+ len -= wordlen;
}
-
- Curl_safefree(authpasswd);
- }
- }
-
- return result;
-}
-
-#ifndef CURL_DISABLE_CRYPTO_AUTH
-/* For AUTH CRAM-MD5 responses */
-static CURLcode smtp_state_auth_cram_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *chlg64 = data->state.buffer;
- size_t len = 0;
- char *rplyb64 = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- return CURLE_LOGIN_DENIED;
- }
-
- /* Get the challenge */
- for(chlg64 += 4; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
- ;
-
- /* Terminate the challenge */
- if(*chlg64 != '=') {
- for(len = strlen(chlg64); len--;)
- if(chlg64[len] != '\r' && chlg64[len] != '\n' && chlg64[len] != ' ' &&
- chlg64[len] != '\t')
- break;
-
- if(++len) {
- chlg64[len] = '\0';
- }
- }
-
- /* Create the response message */
- result = Curl_sasl_create_cram_md5_message(data, chlg64, conn->user,
- conn->passwd, &rplyb64, &len);
-
- /* Send the response */
- if(!result) {
- if(rplyb64) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
-
- if(!result)
- state(conn, SMTP_AUTH_FINAL);
}
- Curl_safefree(rplyb64);
- }
-
- return result;
-}
-
-/* For AUTH DIGEST-MD5 challenge responses */
-static CURLcode smtp_state_auth_digest_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *chlg64 = data->state.buffer;
- size_t len = 0;
- char *rplyb64 = NULL;
-
- (void)instate; /* no use for this yet */
-
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- return CURLE_LOGIN_DENIED;
- }
-
- /* Get the challenge */
- for(chlg64 += 4; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
- ;
-
- /* Create the response message */
- result = Curl_sasl_create_digest_md5_message(data, chlg64, conn->user,
- conn->passwd, "smtp",
- &rplyb64, &len);
-
- /* Send the response */
- if(!result) {
- if(rplyb64) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
-
- if(!result)
- state(conn, SMTP_AUTH_DIGESTMD5_RESP);
+ if(smtpcode != 1) {
+ if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+ /* We don't have a SSL/TLS connection yet, but SSL is requested */
+ if(smtpc->tls_supported)
+ /* Switch to TLS connection now */
+ result = smtp_perform_starttls(conn);
+ else if(data->set.use_ssl == CURLUSESSL_TRY)
+ /* Fallback and carry on with authentication */
+ result = smtp_perform_authentication(conn);
+ else {
+ failf(data, "STARTTLS not supported.");
+ result = CURLE_USE_SSL_FAILED;
+ }
+ }
+ else
+ result = smtp_perform_authentication(conn);
}
-
- Curl_safefree(rplyb64);
}
return result;
}
-/* For AUTH DIGEST-MD5 challenge-response responses */
-static CURLcode smtp_state_auth_digest_resp_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
+/* For HELO responses */
+static CURLcode smtp_state_helo_resp(struct connectdata *conn, int smtpcode,
+ smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
- if(smtpcode != 334) {
- failf(data, "Authentication failed: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Send an empty response */
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "");
-
- if(!result)
- state(conn, SMTP_AUTH_FINAL);
+ if(smtpcode/100 != 2) {
+ failf(data, "Remote access denied: %d", smtpcode);
+ result = CURLE_REMOTE_ACCESS_DENIED;
}
+ else
+ /* End of connect phase */
+ state(conn, SMTP_STOP);
return result;
}
-#endif
-
-#ifdef USE_NTLM
-/* For AUTH NTLM (without initial response) responses */
-static CURLcode smtp_state_auth_ntlm_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
+/* For SASL authentication responses */
+static CURLcode smtp_state_auth_resp(struct connectdata *conn,
+ int smtpcode,
+ smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *type1msg = NULL;
- size_t len = 0;
+ struct Curl_easy *data = conn->data;
+ struct smtp_conn *smtpc = &conn->proto.smtpc;
+ saslprogress progress;
(void)instate; /* no use for this yet */
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the type-1 message */
- result = Curl_sasl_create_ntlm_type1_message(conn->user, conn->passwd,
- &conn->ntlm,
- &type1msg, &len);
-
- /* Send the message */
- if(!result) {
- if(type1msg) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", type1msg);
-
- if(!result)
- state(conn, SMTP_AUTH_NTLM_TYPE2MSG);
- }
-
- Curl_safefree(type1msg);
+ result = Curl_sasl_continue(&smtpc->sasl, conn, smtpcode, &progress);
+ if(!result)
+ switch(progress) {
+ case SASL_DONE:
+ state(conn, SMTP_STOP); /* Authenticated */
+ break;
+ case SASL_IDLE: /* No mechanism left after cancellation */
+ failf(data, "Authentication cancelled");
+ result = CURLE_LOGIN_DENIED;
+ break;
+ default:
+ break;
}
- }
return result;
}
-/* For NTLM type-2 responses (sent in reponse to our type-1 message) */
-static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
+/* For command responses */
+static CURLcode smtp_state_command_resp(struct connectdata *conn, int smtpcode,
+ smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- char *type3msg = NULL;
- size_t len = 0;
+ struct Curl_easy *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
+ char *line = data->state.buffer;
+ size_t len = strlen(line);
(void)instate; /* no use for this yet */
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
+ if((smtp->rcpt && smtpcode/100 != 2 && smtpcode != 553 && smtpcode != 1) ||
+ (!smtp->rcpt && smtpcode/100 != 2 && smtpcode != 1)) {
+ failf(data, "Command failed: %d", smtpcode);
+ result = CURLE_RECV_ERROR;
}
else {
- /* Create the type-3 message */
- result = Curl_sasl_create_ntlm_type3_message(data,
- data->state.buffer + 4,
- conn->user, conn->passwd,
- &conn->ntlm,
- &type3msg, &len);
-
- /* Send the message */
- if(!result) {
- if(type3msg) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", type3msg);
-
- if(!result)
- state(conn, SMTP_AUTH_FINAL);
- }
-
- Curl_safefree(type3msg);
+ /* Temporarily add the LF character back and send as body to the client */
+ if(!data->set.opt_no_body) {
+ line[len] = '\n';
+ result = Curl_client_write(conn, CLIENTWRITE_BODY, line, len + 1);
+ line[len] = '\0';
}
- }
-
- return result;
-}
-#endif
-/* For AUTH XOAUTH2 (without initial response) responses */
-static CURLcode smtp_state_auth_xoauth2_resp(struct connectdata *conn,
- int smtpcode, smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- size_t len = 0;
- char *xoauth = NULL;
+ if(smtpcode != 1) {
+ if(smtp->rcpt) {
+ smtp->rcpt = smtp->rcpt->next;
- (void)instate; /* no use for this yet */
-
- if(smtpcode != 334) {
- failf(data, "Access denied: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
- }
- else {
- /* Create the authorisation message */
- result = Curl_sasl_create_xoauth2_message(conn->data, conn->user,
- conn->xoauth2_bearer,
- &xoauth, &len);
-
- /* Send the message */
- if(!result) {
- if(xoauth) {
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", xoauth);
-
- if(!result)
- state(conn, SMTP_AUTH_FINAL);
+ if(smtp->rcpt) {
+ /* Send the next command */
+ result = smtp_perform_command(conn);
+ }
+ else
+ /* End of DO phase */
+ state(conn, SMTP_STOP);
}
-
- Curl_safefree(xoauth);
+ else
+ /* End of DO phase */
+ state(conn, SMTP_STOP);
}
}
return result;
}
-/* For the final responses to the AUTH sequence */
-static CURLcode smtp_state_auth_final_resp(struct connectdata *conn,
- int smtpcode,
- smtpstate instate)
-{
- CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
-
- (void)instate; /* no use for this yet */
-
- if(smtpcode != 235) {
- failf(data, "Authentication failed: %d", smtpcode);
- result = CURLE_LOGIN_DENIED;
- }
- else
- /* End of connect phase */
- state(conn, SMTP_STOP);
-
- return result;
-}
-
/* For MAIL responses */
static CURLcode smtp_state_mail_resp(struct connectdata *conn, int smtpcode,
smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
- struct SMTP *smtp = data->req.protop;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
if(smtpcode/100 != 2) {
failf(data, "MAIL failed: %d", smtpcode);
result = CURLE_SEND_ERROR;
- state(conn, SMTP_STOP);
}
- else {
- smtp->rcpt = data->set.mail_rcpt;
-
+ else
+ /* Start the RCPT TO command */
result = smtp_perform_rcpt_to(conn);
- }
return result;
}
@@ -1192,7 +903,7 @@ static CURLcode smtp_state_rcpt_resp(struct connectdata *conn, int smtpcode,
smtpstate instate)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SMTP *smtp = data->req.protop;
(void)instate; /* no use for this yet */
@@ -1200,23 +911,20 @@ static CURLcode smtp_state_rcpt_resp(struct connectdata *conn, int smtpcode,
if(smtpcode/100 != 2) {
failf(data, "RCPT failed: %d", smtpcode);
result = CURLE_SEND_ERROR;
- state(conn, SMTP_STOP);
}
else {
- if(smtp->rcpt) {
- smtp->rcpt = smtp->rcpt->next;
+ smtp->rcpt = smtp->rcpt->next;
+
+ if(smtp->rcpt)
+ /* Send the next RCPT TO command */
result = smtp_perform_rcpt_to(conn);
+ else {
+ /* Send the DATA command */
+ result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "DATA");
- /* If we failed or still are sending RCPT data then return */
- if(result || smtp->rcpt)
- return result;
+ if(!result)
+ state(conn, SMTP_DATA);
}
-
- /* Send the DATA command */
- result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "DATA");
-
- if(!result)
- state(conn, SMTP_DATA);
}
return result;
@@ -1226,25 +934,27 @@ static CURLcode smtp_state_rcpt_resp(struct connectdata *conn, int smtpcode,
static CURLcode smtp_state_data_resp(struct connectdata *conn, int smtpcode,
smtpstate instate)
{
- struct SessionHandle *data = conn->data;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
(void)instate; /* no use for this yet */
if(smtpcode != 354) {
- state(conn, SMTP_STOP);
- return CURLE_SEND_ERROR;
+ failf(data, "DATA failed: %d", smtpcode);
+ result = CURLE_SEND_ERROR;
}
+ else {
+ /* Set the progress upload size */
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
- /* Set the progress upload size */
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
-
- /* SMTP upload */
- Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
+ /* SMTP upload */
+ Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
- /* End of DO phase */
- state(conn, SMTP_STOP);
+ /* End of DO phase */
+ state(conn, SMTP_STOP);
+ }
- return CURLE_OK;
+ return result;
}
/* For POSTDATA responses, which are received after the entire DATA
@@ -1270,7 +980,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
int smtpcode;
struct smtp_conn *smtpc = &conn->proto.smtpc;
struct pingpong *pp = &smtpc->pp;
@@ -1284,16 +994,19 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
if(pp->sendleft)
return Curl_pp_flushsend(pp);
- /* Read the response from the server */
- result = Curl_pp_readresp(sock, pp, &smtpcode, &nread);
- if(result)
- return result;
+ do {
+ /* Read the response from the server */
+ result = Curl_pp_readresp(sock, pp, &smtpcode, &nread);
+ if(result)
+ return result;
+
+ /* Store the latest response for later retrieval if necessary */
+ if(smtpc->state != SMTP_QUIT && smtpcode != 1)
+ data->info.httpcode = smtpcode;
- /* Store the latest response for later retrieval */
- if(smtpc->state != SMTP_QUIT)
- data->info.httpcode = smtpcode;
+ if(!smtpcode)
+ break;
- if(smtpcode) {
/* We have now received a full SMTP server response */
switch(smtpc->state) {
case SMTP_SERVERGREET:
@@ -1312,50 +1025,12 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
result = smtp_state_starttls_resp(conn, smtpcode, smtpc->state);
break;
- case SMTP_AUTH_PLAIN:
- result = smtp_state_auth_plain_resp(conn, smtpcode, smtpc->state);
- break;
-
- case SMTP_AUTH_LOGIN:
- result = smtp_state_auth_login_resp(conn, smtpcode, smtpc->state);
- break;
-
- case SMTP_AUTH_LOGIN_PASSWD:
- result = smtp_state_auth_login_password_resp(conn, smtpcode,
- smtpc->state);
- break;
-
-#ifndef CURL_DISABLE_CRYPTO_AUTH
- case SMTP_AUTH_CRAMMD5:
- result = smtp_state_auth_cram_resp(conn, smtpcode, smtpc->state);
- break;
-
- case SMTP_AUTH_DIGESTMD5:
- result = smtp_state_auth_digest_resp(conn, smtpcode, smtpc->state);
- break;
-
- case SMTP_AUTH_DIGESTMD5_RESP:
- result = smtp_state_auth_digest_resp_resp(conn, smtpcode, smtpc->state);
- break;
-#endif
-
-#ifdef USE_NTLM
- case SMTP_AUTH_NTLM:
- result = smtp_state_auth_ntlm_resp(conn, smtpcode, smtpc->state);
- break;
-
- case SMTP_AUTH_NTLM_TYPE2MSG:
- result = smtp_state_auth_ntlm_type2msg_resp(conn, smtpcode,
- smtpc->state);
- break;
-#endif
-
- case SMTP_AUTH_XOAUTH2:
- result = smtp_state_auth_xoauth2_resp(conn, smtpcode, smtpc->state);
+ case SMTP_AUTH:
+ result = smtp_state_auth_resp(conn, smtpcode, smtpc->state);
break;
- case SMTP_AUTH_FINAL:
- result = smtp_state_auth_final_resp(conn, smtpcode, smtpc->state);
+ case SMTP_COMMAND:
+ result = smtp_state_command_resp(conn, smtpcode, smtpc->state);
break;
case SMTP_MAIL:
@@ -1381,7 +1056,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
state(conn, SMTP_STOP);
break;
}
- }
+ } while(!result && smtpc->state != SMTP_STOP && Curl_pp_moredata(pp));
return result;
}
@@ -1415,12 +1090,12 @@ static CURLcode smtp_block_statemach(struct connectdata *conn)
return result;
}
-/* Allocate and initialize the SMTP struct for the current SessionHandle if
+/* Allocate and initialize the SMTP struct for the current Curl_easy if
required */
static CURLcode smtp_init(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SMTP *smtp;
smtp = data->req.protop = calloc(sizeof(struct SMTP), 1);
@@ -1456,7 +1131,7 @@ static CURLcode smtp_connect(struct connectdata *conn, bool *done)
*done = FALSE; /* default to not done yet */
/* We always support persistent connections in SMTP */
- conn->bits.close = FALSE;
+ connkeep(conn, "SMTP default");
/* Set the default response time-out */
pp->response_time = RESP_TIMEOUT;
@@ -1464,8 +1139,8 @@ static CURLcode smtp_connect(struct connectdata *conn, bool *done)
pp->endofresp = smtp_endofresp;
pp->conn = conn;
- /* Set the default preferred authentication mechanism */
- smtpc->prefmech = SASL_AUTH_ANY;
+ /* Initialize the SASL storage */
+ Curl_sasl_init(&smtpc->sasl, &saslsmtp);
/* Initialise the pingpong layer */
Curl_pp_init(pp);
@@ -1501,52 +1176,67 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
bool premature)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SMTP *smtp = data->req.protop;
struct pingpong *pp = &conn->proto.smtpc.pp;
- const char *eob;
+ char *eob;
ssize_t len;
ssize_t bytes_written;
(void)premature;
- if(!smtp)
- /* When the easy handle is removed from the multi interface while libcurl
- is still trying to resolve the host name, the SMTP struct is not yet
- initialized. However, the removal action calls Curl_done() which in
- turn calls this function, so we simply return success. */
+ if(!smtp || !pp->conn)
return CURLE_OK;
+ /* Cleanup our per-request based variables */
+ Curl_safefree(smtp->custom);
+
if(status) {
- conn->bits.close = TRUE; /* marked for closure */
+ connclose(conn, "SMTP done with bad status"); /* marked for closure */
result = status; /* use the already set error code */
}
- else if(!data->set.connect_only) {
+ else if(!data->set.connect_only && data->set.mail_rcpt &&
+ (data->set.upload || data->set.mimepost.kind)) {
/* Calculate the EOB taking into account any terminating CRLF from the
previous line of the email or the CRLF of the DATA command when there
- is "no mail data". RFC-5321, sect. 4.1.1.4. */
- eob = SMTP_EOB;
- len = SMTP_EOB_LEN;
- if(smtp->trailing_crlf || !conn->data->set.infilesize) {
- eob += 2;
- len -= 2;
+ is "no mail data". RFC-5321, sect. 4.1.1.4.
+
+ Note: As some SSL backends, such as OpenSSL, will cause Curl_write() to
+ fail when using a different pointer following a previous write, that
+ returned CURLE_AGAIN, we duplicate the EOB now rather than when the
+ bytes written doesn't equal len. */
+ if(smtp->trailing_crlf || !conn->data->state.infilesize) {
+ eob = strdup(SMTP_EOB + 2);
+ len = SMTP_EOB_LEN - 2;
}
+ else {
+ eob = strdup(SMTP_EOB);
+ len = SMTP_EOB_LEN;
+ }
+
+ if(!eob)
+ return CURLE_OUT_OF_MEMORY;
/* Send the end of block data */
result = Curl_write(conn, conn->writesockfd, eob, len, &bytes_written);
- if(result)
+ if(result) {
+ free(eob);
return result;
+ }
if(bytes_written != len) {
/* The whole chunk was not sent so keep it around and adjust the
pingpong structure accordingly */
- pp->sendthis = strdup(eob);
+ pp->sendthis = eob;
pp->sendsize = len;
pp->sendleft = len - bytes_written;
}
- else
+ else {
/* Successfully sent so adjust the response timeout relative to now */
- pp->response = Curl_tvnow();
+ pp->response = Curl_now();
+
+ free(eob);
+ }
state(conn, SMTP_POSTDATA);
@@ -1554,8 +1244,7 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
TODO: when the multi interface is used, this _really_ should be using
the smtp_multi_statemach function but we have no general support for
- non-blocking DONE operations, not in the multi state machine and with
- Curl_done() invokes on several places in the code!
+ non-blocking DONE operations!
*/
result = smtp_block_statemach(conn);
}
@@ -1570,31 +1259,41 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
*
* smtp_perform()
*
- * This is the actual DO function for SMTP. Send a mail according to the
- * options previously setup.
+ * This is the actual DO function for SMTP. Transfer a mail, send a command
+ * or get some data according to the options previously setup.
*/
static CURLcode smtp_perform(struct connectdata *conn, bool *connected,
bool *dophase_done)
{
/* This is SMTP and no proxy */
CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
DEBUGF(infof(conn->data, "DO phase starts\n"));
- if(conn->data->set.opt_no_body) {
+ if(data->set.opt_no_body) {
/* Requested no body means no transfer */
- struct SMTP *smtp = conn->data->req.protop;
smtp->transfer = FTPTRANSFER_INFO;
}
*dophase_done = FALSE; /* not done yet */
+ /* Store the first recipient (or NULL if not specified) */
+ smtp->rcpt = data->set.mail_rcpt;
+
/* Start the first command in the DO phase */
- result = smtp_perform_mail(conn);
+ if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
+ /* MAIL transfer */
+ result = smtp_perform_mail(conn);
+ else
+ /* SMTP based command (VRFY, EXPN, NOOP, RSET or HELP) */
+ result = smtp_perform_command(conn);
+
if(result)
return result;
- /* run the state-machine */
+ /* Run the state-machine */
result = smtp_multi_statemach(conn, dophase_done);
*connected = conn->bits.tcpconnect[FIRSTSOCKET];
@@ -1620,6 +1319,11 @@ static CURLcode smtp_do(struct connectdata *conn, bool *done)
*done = FALSE; /* default to false */
+ /* Parse the custom request */
+ result = smtp_parse_custom_request(conn);
+ if(result)
+ return result;
+
result = smtp_regular_transfer(conn, done);
return result;
@@ -1632,8 +1336,7 @@ static CURLcode smtp_do(struct connectdata *conn, bool *done)
* Disconnect from an SMTP server. Cleanup protocol-specific per-connection
* resources. BLOCKING.
*/
-static CURLcode smtp_disconnect(struct connectdata *conn,
- bool dead_connection)
+static CURLcode smtp_disconnect(struct connectdata *conn, bool dead_connection)
{
struct smtp_conn *smtpc = &conn->proto.smtpc;
@@ -1643,7 +1346,7 @@ static CURLcode smtp_disconnect(struct connectdata *conn,
/* The SMTP session may or may not have been allocated/setup at this
point! */
- if(!dead_connection && smtpc->pp.conn)
+ if(!dead_connection && smtpc->pp.conn && smtpc->pp.conn->bits.protoconnstart)
if(!smtp_perform_quit(conn))
(void)smtp_block_statemach(conn); /* ignore errors on QUIT */
@@ -1651,7 +1354,7 @@ static CURLcode smtp_disconnect(struct connectdata *conn,
Curl_pp_disconnect(&smtpc->pp);
/* Cleanup the SASL module */
- Curl_sasl_cleanup(conn, smtpc->authused);
+ Curl_sasl_cleanup(conn, smtpc->sasl.authused);
/* Cleanup our connection based variables */
Curl_safefree(smtpc->domain);
@@ -1703,7 +1406,7 @@ static CURLcode smtp_regular_transfer(struct connectdata *conn,
{
CURLcode result = CURLE_OK;
bool connected = FALSE;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
/* Make sure size is unknown at this point */
data->req.size = -1;
@@ -1711,8 +1414,8 @@ static CURLcode smtp_regular_transfer(struct connectdata *conn,
/* Set the progress data */
Curl_pgrsSetUploadCounter(data, 0);
Curl_pgrsSetDownloadCounter(data, 0);
- Curl_pgrsSetUploadSize(data, 0);
- Curl_pgrsSetDownloadSize(data, 0);
+ Curl_pgrsSetUploadSize(data, -1);
+ Curl_pgrsSetDownloadSize(data, -1);
/* Carry out the perform */
result = smtp_perform(conn, &connected, dophase_done);
@@ -1726,31 +1429,11 @@ static CURLcode smtp_regular_transfer(struct connectdata *conn,
static CURLcode smtp_setup_connection(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
CURLcode result;
- if(conn->bits.httpproxy && !data->set.tunnel_thru_httpproxy) {
- /* Unless we have asked to tunnel SMTP operations through the proxy, we
- switch and use HTTP operations only */
-#ifndef CURL_DISABLE_HTTP
- if(conn->handler == &Curl_handler_smtp)
- conn->handler = &Curl_handler_smtp_proxy;
- else {
-#ifdef USE_SSL
- conn->handler = &Curl_handler_smtps_proxy;
-#else
- failf(data, "SMTPS not supported!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
- /* set it up as a HTTP connection instead */
- return conn->handler->setup_connection(conn);
-
-#else
- failf(data, "SMTP over http proxy requires HTTP support built-in!");
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- }
+ /* Clear the TLS upgraded flag */
+ conn->tls_upgraded = FALSE;
/* Initialise the SMTP layer */
result = smtp_init(conn);
@@ -1772,39 +1455,30 @@ static CURLcode smtp_parse_url_options(struct connectdata *conn)
{
CURLcode result = CURLE_OK;
struct smtp_conn *smtpc = &conn->proto.smtpc;
- const char *options = conn->options;
- const char *ptr = options;
+ const char *ptr = conn->options;
+
+ smtpc->sasl.resetprefs = TRUE;
- if(options) {
+ while(!result && ptr && *ptr) {
const char *key = ptr;
+ const char *value;
while(*ptr && *ptr != '=')
- ptr++;
-
- if(strnequal(key, "AUTH", 4)) {
- const char *value = ptr + 1;
-
- if(strequal(value, "*"))
- smtpc->prefmech = SASL_AUTH_ANY;
- else if(strequal(value, SASL_MECH_STRING_LOGIN))
- smtpc->prefmech = SASL_MECH_LOGIN;
- else if(strequal(value, SASL_MECH_STRING_PLAIN))
- smtpc->prefmech = SASL_MECH_PLAIN;
- else if(strequal(value, SASL_MECH_STRING_CRAM_MD5))
- smtpc->prefmech = SASL_MECH_CRAM_MD5;
- else if(strequal(value, SASL_MECH_STRING_DIGEST_MD5))
- smtpc->prefmech = SASL_MECH_DIGEST_MD5;
- else if(strequal(value, SASL_MECH_STRING_GSSAPI))
- smtpc->prefmech = SASL_MECH_GSSAPI;
- else if(strequal(value, SASL_MECH_STRING_NTLM))
- smtpc->prefmech = SASL_MECH_NTLM;
- else if(strequal(value, SASL_MECH_STRING_XOAUTH2))
- smtpc->prefmech = SASL_MECH_XOAUTH2;
- else
- smtpc->prefmech = SASL_AUTH_NONE;
- }
+ ptr++;
+
+ value = ptr + 1;
+
+ while(*ptr && *ptr != ';')
+ ptr++;
+
+ if(strncasecompare(key, "AUTH=", 5))
+ result = Curl_sasl_parse_url_auth_option(&smtpc->sasl,
+ value, ptr - value);
else
result = CURLE_URL_MALFORMAT;
+
+ if(*ptr == ';')
+ ptr++;
}
return result;
@@ -1819,7 +1493,7 @@ static CURLcode smtp_parse_url_options(struct connectdata *conn)
static CURLcode smtp_parse_url_path(struct connectdata *conn)
{
/* The SMTP struct is already initialised in smtp_connect() */
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct smtp_conn *smtpc = &conn->proto.smtpc;
const char *path = data->state.path;
char localhost[HOSTNAME_MAX + 1];
@@ -1836,7 +1510,27 @@ static CURLcode smtp_parse_url_path(struct connectdata *conn)
return Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE);
}
-CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
+/***********************************************************************
+ *
+ * smtp_parse_custom_request()
+ *
+ * Parse the custom request.
+ */
+static CURLcode smtp_parse_custom_request(struct connectdata *conn)
+{
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct SMTP *smtp = data->req.protop;
+ const char *custom = data->set.str[STRING_CUSTOMREQUEST];
+
+ /* URL decode the custom request */
+ if(custom)
+ result = Curl_urldecode(data, custom, 0, &smtp->custom, NULL, TRUE);
+
+ return result;
+}
+
+CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread)
{
/* When sending a SMTP payload we must detect CRLF. sequences making sure
they are sent as CRLF.. instead, as a . on the beginning of a line will
@@ -1846,19 +1540,28 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
*/
ssize_t i;
ssize_t si;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SMTP *smtp = data->req.protop;
+ char *scratch = data->state.scratch;
+ char *newscratch = NULL;
+ char *oldscratch = NULL;
+ size_t eob_sent;
+
+ /* Do we need to allocate a scratch buffer? */
+ if(!scratch || data->set.crlf) {
+ oldscratch = scratch;
- /* Do we need to allocate the scatch buffer? */
- if(!data->state.scratch) {
- data->state.scratch = malloc(2 * BUFSIZE);
+ scratch = newscratch = malloc(2 * data->set.buffer_size);
+ if(!newscratch) {
+ failf(data, "Failed to alloc scratch buffer!");
- if(!data->state.scratch) {
- failf (data, "Failed to alloc scratch buffer!");
return CURLE_OUT_OF_MEMORY;
}
}
+ /* Have we already sent part of the EOB? */
+ eob_sent = smtp->eob;
+
/* This loop can be improved by some kind of Boyer-Moore style of
approach but that is saved for later... */
for(i = 0, si = 0; i < nread; i++) {
@@ -1873,8 +1576,8 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
}
else if(smtp->eob) {
/* A previous substring matched so output that first */
- memcpy(&data->state.scratch[si], SMTP_EOB, smtp->eob);
- si += smtp->eob;
+ memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent);
+ si += smtp->eob - eob_sent;
/* Then compare the first byte */
if(SMTP_EOB[0] == data->req.upload_fromhere[i])
@@ -1882,6 +1585,8 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
else
smtp->eob = 0;
+ eob_sent = 0;
+
/* Reset the trailing CRLF flag as there was more data */
smtp->trailing_crlf = FALSE;
}
@@ -1889,31 +1594,38 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
/* Do we have a match for CRLF. as per RFC-5321, sect. 4.5.2 */
if(SMTP_EOB_FIND_LEN == smtp->eob) {
/* Copy the replacement data to the target buffer */
- memcpy(&data->state.scratch[si], SMTP_EOB_REPL, SMTP_EOB_REPL_LEN);
- si += SMTP_EOB_REPL_LEN;
+ memcpy(&scratch[si], &SMTP_EOB_REPL[eob_sent],
+ SMTP_EOB_REPL_LEN - eob_sent);
+ si += SMTP_EOB_REPL_LEN - eob_sent;
smtp->eob = 0;
+ eob_sent = 0;
}
else if(!smtp->eob)
- data->state.scratch[si++] = data->req.upload_fromhere[i];
+ scratch[si++] = data->req.upload_fromhere[i];
}
- if(smtp->eob) {
+ if(smtp->eob - eob_sent) {
/* A substring matched before processing ended so output that now */
- memcpy(&data->state.scratch[si], SMTP_EOB, smtp->eob);
- si += smtp->eob;
- smtp->eob = 0;
+ memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent);
+ si += smtp->eob - eob_sent;
}
+ /* Only use the new buffer if we replaced something */
if(si != nread) {
- /* Only use the new buffer if we replaced something */
- nread = si;
-
/* Upload from the new (replaced) buffer instead */
- data->req.upload_fromhere = data->state.scratch;
+ data->req.upload_fromhere = scratch;
+
+ /* Save the buffer so it can be freed later */
+ data->state.scratch = scratch;
+
+ /* Free the old scratch buffer */
+ free(oldscratch);
/* Set the new amount too */
- data->req.upload_present = nread;
+ data->req.upload_present = si;
}
+ else
+ free(newscratch);
return CURLE_OK;
}
diff --git a/libs/libcurl/src/smtp.h b/libs/libcurl/src/smtp.h
index 14429a5e7e..b67340a40c 100644
--- a/libs/libcurl/src/smtp.h
+++ b/libs/libcurl/src/smtp.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2009 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2009 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,6 +23,7 @@
***************************************************************************/
#include "pingpong.h"
+#include "curl_sasl.h"
/****************************************************************************
* SMTP unique setup
@@ -36,16 +37,8 @@ typedef enum {
SMTP_STARTTLS,
SMTP_UPGRADETLS, /* asynchronously upgrade the connection to SSL/TLS
(multi mode only) */
- SMTP_AUTH_PLAIN,
- SMTP_AUTH_LOGIN,
- SMTP_AUTH_LOGIN_PASSWD,
- SMTP_AUTH_CRAMMD5,
- SMTP_AUTH_DIGESTMD5,
- SMTP_AUTH_DIGESTMD5_RESP,
- SMTP_AUTH_NTLM,
- SMTP_AUTH_NTLM_TYPE2MSG,
- SMTP_AUTH_XOAUTH2,
- SMTP_AUTH_FINAL,
+ SMTP_AUTH,
+ SMTP_COMMAND, /* VRFY, EXPN, NOOP, RSET and HELP */
SMTP_MAIL, /* MAIL FROM */
SMTP_RCPT, /* RCPT TO */
SMTP_DATA,
@@ -54,12 +47,13 @@ typedef enum {
SMTP_LAST /* never used */
} smtpstate;
-/* This SMTP struct is used in the SessionHandle. All SMTP data that is
+/* This SMTP struct is used in the Curl_easy. All SMTP data that is
connection-oriented must be in smtp_conn to properly deal with the fact that
- perhaps the SessionHandle is changed between the times the connection is
+ perhaps the Curl_easy is changed between the times the connection is
used. */
struct SMTP {
curl_pp_transfer transfer;
+ char *custom; /* Custom Request */
struct curl_slist *rcpt; /* Recipient list */
size_t eob; /* Number of bytes of the EOB (End Of Body) that
have been received so far */
@@ -73,12 +67,11 @@ struct smtp_conn {
smtpstate state; /* Always use smtp.c:state() to change state! */
bool ssldone; /* Is connect() over SSL done? */
char *domain; /* Client address/name to send in the EHLO */
- unsigned int authmechs; /* Accepted authentication mechanisms */
- unsigned int prefmech; /* Preferred authentication mechanism */
- unsigned int authused; /* Auth mechanism used for the connection */
+ struct SASL sasl; /* SASL-related storage */
bool tls_supported; /* StartTLS capability supported by server */
bool size_supported; /* If server supports SIZE extension according to
RFC 1870 */
+ bool auth_supported; /* AUTH capability supported by server */
};
extern const struct Curl_handler Curl_handler_smtp;
@@ -93,6 +86,6 @@ extern const struct Curl_handler Curl_handler_smtps;
#define SMTP_EOB_REPL "\x0d\x0a\x2e\x2e"
#define SMTP_EOB_REPL_LEN 4
-CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread);
+CURLcode Curl_smtp_escape_eob(struct connectdata *conn, const ssize_t nread);
#endif /* HEADER_CURL_SMTP_H */
diff --git a/libs/libcurl/src/sockaddr.h b/libs/libcurl/src/sockaddr.h
index 6a2151c9d2..95ba4c3c97 100644
--- a/libs/libcurl/src/sockaddr.h
+++ b/libs/libcurl/src/sockaddr.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/socks.c b/libs/libcurl/src/socks.c
index b101a0de48..ac4270eacf 100644
--- a/libs/libcurl/src/socks.c
+++ b/libs/libcurl/src/socks.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -33,7 +33,6 @@
#include "urldata.h"
#include "sendf.h"
-#include "strequal.h"
#include "select.h"
#include "connect.h"
#include "timeval.h"
@@ -58,7 +57,7 @@ int Curl_blockread_all(struct connectdata *conn, /* connection data */
ssize_t nread;
ssize_t allread = 0;
int result;
- long timeleft;
+ timediff_t timeleft;
*n = 0;
for(;;) {
timeleft = Curl_timeleft(conn->data, NULL, TRUE);
@@ -67,14 +66,14 @@ int Curl_blockread_all(struct connectdata *conn, /* connection data */
result = CURLE_OPERATION_TIMEDOUT;
break;
}
- if(Curl_socket_ready(sockfd, CURL_SOCKET_BAD, timeleft) <= 0) {
+ if(SOCKET_READABLE(sockfd, timeleft) <= 0) {
result = ~CURLE_OK;
break;
}
result = Curl_read_plain(sockfd, buf, buffersize, &nread);
if(CURLE_AGAIN == result)
continue;
- else if(result)
+ if(result)
break;
if(buffersize == nread) {
@@ -106,20 +105,21 @@ int Curl_blockread_all(struct connectdata *conn, /* connection data */
* Set protocol4a=true for "SOCKS 4A (Simple Extension to SOCKS 4 Protocol)"
* Nonsupport "Identification Protocol (RFC1413)"
*/
-CURLcode Curl_SOCKS4(const char *proxy_name,
+CURLcode Curl_SOCKS4(const char *proxy_user,
const char *hostname,
int remote_port,
int sockindex,
- struct connectdata *conn,
- bool protocol4a)
+ struct connectdata *conn)
{
+ const bool protocol4a =
+ (conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE;
#define SOCKS4REQLEN 262
unsigned char socksreq[SOCKS4REQLEN]; /* room for SOCKS4 request incl. user
id */
int result;
CURLcode code;
curl_socket_t sock = conn->sock[sockindex];
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(Curl_timeleft(data, NULL, TRUE) < 0) {
/* time-out, bail out, go home */
@@ -127,7 +127,13 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
return CURLE_OPERATION_TIMEDOUT;
}
- curlx_nonblock(sock, FALSE);
+ if(conn->bits.httpproxy)
+ infof(conn->data, "SOCKS4%s: connecting to HTTP proxy %s port %d\n",
+ protocol4a ? "a" : "", hostname, remote_port);
+
+ (void)curlx_nonblock(sock, FALSE);
+
+ infof(data, "SOCKS4 communication to %s:%d\n", hostname, remote_port);
/*
* Compose socks4 request
@@ -148,7 +154,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
/* DNS resolve only for SOCKS4, not SOCKS4a */
if(!protocol4a) {
struct Curl_dns_entry *dns;
- Curl_addrinfo *hp=NULL;
+ Curl_addrinfo *hp = NULL;
int rc;
rc = Curl_resolv(conn, hostname, remote_port, &dns);
@@ -165,25 +171,29 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
* returns a Curl_addrinfo pointer that may not always look the same.
*/
if(dns)
- hp=dns->addr;
+ hp = dns->addr;
if(hp) {
char buf[64];
- unsigned short ip[4];
Curl_printable_address(hp, buf, sizeof(buf));
- if(4 == sscanf( buf, "%hu.%hu.%hu.%hu",
- &ip[0], &ip[1], &ip[2], &ip[3])) {
- /* Set DSTIP */
- socksreq[4] = (unsigned char)ip[0];
- socksreq[5] = (unsigned char)ip[1];
- socksreq[6] = (unsigned char)ip[2];
- socksreq[7] = (unsigned char)ip[3];
+ if(hp->ai_family == AF_INET) {
+ struct sockaddr_in *saddr_in;
+
+ saddr_in = (struct sockaddr_in *)(void *)hp->ai_addr;
+ socksreq[4] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[0];
+ socksreq[5] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[1];
+ socksreq[6] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[2];
+ socksreq[7] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[3];
+
+ infof(data, "SOCKS4 connect to IPv4 %s (locally resolved)\n", buf);
}
- else
+ else {
hp = NULL; /* fail! */
- Curl_resolv_unlock(data, dns); /* not used anymore from now on */
+ failf(data, "SOCKS4 connection to %s not supported\n", buf);
+ }
+ Curl_resolv_unlock(data, dns); /* not used anymore from now on */
}
if(!hp) {
failf(data, "Failed to resolve \"%s\" for SOCKS4 connect.",
@@ -196,14 +206,14 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
* This is currently not supporting "Identification Protocol (RFC1413)".
*/
socksreq[8] = 0; /* ensure empty userid is NUL-terminated */
- if(proxy_name) {
- size_t plen = strlen(proxy_name);
+ if(proxy_user) {
+ size_t plen = strlen(proxy_user);
if(plen >= sizeof(socksreq) - 8) {
failf(data, "Too long SOCKS proxy name, can't use!\n");
return CURLE_COULDNT_CONNECT;
}
/* copy the proxy name WITH trailing zero */
- memcpy(socksreq + 8, proxy_name, plen+1);
+ memcpy(socksreq + 8, proxy_user, plen + 1);
}
/*
@@ -214,7 +224,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
ssize_t written;
ssize_t hostnamelen = 0;
int packetsize = 9 +
- (int)strlen((char*)socksreq + 8); /* size including NUL */
+ (int)strlen((char *)socksreq + 8); /* size including NUL */
/* If SOCKS4a, set special invalid IP address 0.0.0.x */
if(protocol4a) {
@@ -225,7 +235,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
/* If still enough room in buffer, also append hostname */
hostnamelen = (ssize_t)strlen(hostname) + 1; /* length including NUL */
if(packetsize + hostnamelen <= SOCKS4REQLEN)
- strcpy((char*)socksreq + packetsize, hostname);
+ strcpy((char *)socksreq + packetsize, hostname);
else
hostnamelen = 0; /* Flag: hostname did not fit in buffer */
}
@@ -234,7 +244,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
code = Curl_write_plain(conn, sock, (char *)socksreq,
packetsize + hostnamelen,
&written);
- if((code != CURLE_OK) || (written != packetsize + hostnamelen)) {
+ if(code || (written != packetsize + hostnamelen)) {
failf(data, "Failed to send SOCKS4 connect request.");
return CURLE_COULDNT_CONNECT;
}
@@ -243,7 +253,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
hostnamelen = (ssize_t)strlen(hostname) + 1;
code = Curl_write_plain(conn, sock, (char *)hostname, hostnamelen,
&written);
- if((code != CURLE_OK) || (written != hostnamelen)) {
+ if(code || (written != hostnamelen)) {
failf(data, "Failed to send SOCKS4 connect request.");
return CURLE_COULDNT_CONNECT;
}
@@ -254,7 +264,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
/* Receive response */
result = Curl_blockread_all(conn, sock, (char *)socksreq, packetsize,
&actualread);
- if((result != CURLE_OK) || (actualread != packetsize)) {
+ if(result || (actualread != packetsize)) {
failf(data, "Failed to receive SOCKS4 connect request ack.");
return CURLE_COULDNT_CONNECT;
}
@@ -296,8 +306,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
", request rejected or failed.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
- ((socksreq[8] << 8) | socksreq[9]),
- socksreq[1]);
+ (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
+ (unsigned char)socksreq[1]);
return CURLE_COULDNT_CONNECT;
case 92:
failf(data,
@@ -306,8 +316,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
"identd on the client.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
- ((socksreq[8] << 8) | socksreq[9]),
- socksreq[1]);
+ (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
+ (unsigned char)socksreq[1]);
return CURLE_COULDNT_CONNECT;
case 93:
failf(data,
@@ -316,8 +326,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
"report different user-ids.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
- ((socksreq[8] << 8) | socksreq[9]),
- socksreq[1]);
+ (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
+ (unsigned char)socksreq[1]);
return CURLE_COULDNT_CONNECT;
default:
failf(data,
@@ -325,13 +335,13 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
", Unknown.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
- ((socksreq[8] << 8) | socksreq[9]),
- socksreq[1]);
+ (((unsigned char)socksreq[2] << 8) | (unsigned char)socksreq[3]),
+ (unsigned char)socksreq[1]);
return CURLE_COULDNT_CONNECT;
}
}
- curlx_nonblock(sock, TRUE);
+ (void)curlx_nonblock(sock, TRUE);
return CURLE_OK; /* Proxy was successful! */
}
@@ -340,7 +350,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
* This function logs in to a SOCKS5 proxy and sends the specifics to the final
* destination server.
*/
-CURLcode Curl_SOCKS5(const char *proxy_name,
+CURLcode Curl_SOCKS5(const char *proxy_user,
const char *proxy_password,
const char *hostname,
int remote_port,
@@ -365,20 +375,28 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
*/
unsigned char socksreq[600]; /* room for large user/pw (255 max each) */
+ int idx;
ssize_t actualread;
ssize_t written;
int result;
CURLcode code;
curl_socket_t sock = conn->sock[sockindex];
- struct SessionHandle *data = conn->data;
- long timeout;
- bool socks5_resolve_local = (conn->proxytype == CURLPROXY_SOCKS5)?TRUE:FALSE;
+ struct Curl_easy *data = conn->data;
+ timediff_t timeout;
+ bool socks5_resolve_local =
+ (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE;
const size_t hostname_len = strlen(hostname);
ssize_t len = 0;
+ const unsigned long auth = data->set.socks5auth;
+ bool allow_gssapi = FALSE;
+
+ if(conn->bits.httpproxy)
+ infof(conn->data, "SOCKS5: connecting to HTTP proxy %s port %d\n",
+ hostname, remote_port);
/* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
if(!socks5_resolve_local && hostname_len > 255) {
- infof(conn->data,"SOCKS5: server resolving disabled for hostnames of "
+ infof(conn->data, "SOCKS5: server resolving disabled for hostnames of "
"length > 255 [actual len=%zu]\n", hostname_len);
socks5_resolve_local = TRUE;
}
@@ -392,16 +410,16 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
return CURLE_OPERATION_TIMEDOUT;
}
- curlx_nonblock(sock, TRUE);
+ (void)curlx_nonblock(sock, TRUE);
/* wait until socket gets connected */
- result = Curl_socket_ready(CURL_SOCKET_BAD, sock, timeout);
+ result = SOCKET_WRITABLE(sock, timeout);
if(-1 == result) {
failf(conn->data, "SOCKS5: no connection here");
return CURLE_COULDNT_CONNECT;
}
- else if(0 == result) {
+ if(0 == result) {
failf(conn->data, "SOCKS5: connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
@@ -411,36 +429,49 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
return CURLE_COULDNT_CONNECT;
}
- socksreq[0] = 5; /* version */
+ if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI))
+ infof(conn->data,
+ "warning: unsupported value passed to CURLOPT_SOCKS5_AUTH: %lu\n",
+ auth);
+ if(!(auth & CURLAUTH_BASIC))
+ /* disable username/password auth */
+ proxy_user = NULL;
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- socksreq[1] = (char)(proxy_name ? 3 : 2); /* number of methods (below) */
- socksreq[2] = 0; /* no authentication */
- socksreq[3] = 1; /* gssapi */
- socksreq[4] = 2; /* username/password */
-#else
- socksreq[1] = (char)(proxy_name ? 2 : 1); /* number of methods (below) */
- socksreq[2] = 0; /* no authentication */
- socksreq[3] = 2; /* username/password */
+ if(auth & CURLAUTH_GSSAPI)
+ allow_gssapi = TRUE;
#endif
- curlx_nonblock(sock, FALSE);
+ idx = 0;
+ socksreq[idx++] = 5; /* version */
+ idx++; /* reserve for the number of authentication methods */
+ socksreq[idx++] = 0; /* no authentication */
+ if(allow_gssapi)
+ socksreq[idx++] = 1; /* GSS-API */
+ if(proxy_user)
+ socksreq[idx++] = 2; /* username/password */
+ /* write the number of authentication methods */
+ socksreq[1] = (unsigned char) (idx - 2);
+
+ (void)curlx_nonblock(sock, FALSE);
+
+ infof(data, "SOCKS5 communication to %s:%d\n", hostname, remote_port);
code = Curl_write_plain(conn, sock, (char *)socksreq, (2 + (int)socksreq[1]),
&written);
- if((code != CURLE_OK) || (written != (2 + (int)socksreq[1]))) {
+ if(code || (written != (2 + (int)socksreq[1]))) {
failf(data, "Unable to send initial SOCKS5 request.");
return CURLE_COULDNT_CONNECT;
}
- curlx_nonblock(sock, TRUE);
+ (void)curlx_nonblock(sock, TRUE);
- result = Curl_socket_ready(sock, CURL_SOCKET_BAD, timeout);
+ result = SOCKET_READABLE(sock, timeout);
if(-1 == result) {
failf(conn->data, "SOCKS5 nothing to read");
return CURLE_COULDNT_CONNECT;
}
- else if(0 == result) {
+ if(0 == result) {
failf(conn->data, "SOCKS5 read timeout");
return CURLE_OPERATION_TIMEDOUT;
}
@@ -450,10 +481,10 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
return CURLE_RECV_ERROR;
}
- curlx_nonblock(sock, FALSE);
+ (void)curlx_nonblock(sock, FALSE);
- result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
- if((result != CURLE_OK) || (actualread != 2)) {
+ result = Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
+ if(result || (actualread != 2)) {
failf(data, "Unable to receive initial SOCKS5 response.");
return CURLE_COULDNT_CONNECT;
}
@@ -467,23 +498,23 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
;
}
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- else if(socksreq[1] == 1) {
+ else if(allow_gssapi && (socksreq[1] == 1)) {
code = Curl_SOCKS5_gssapi_negotiate(sockindex, conn);
- if(code != CURLE_OK) {
- failf(data, "Unable to negotiate SOCKS5 gssapi context.");
+ if(code) {
+ failf(data, "Unable to negotiate SOCKS5 GSS-API context.");
return CURLE_COULDNT_CONNECT;
}
}
#endif
else if(socksreq[1] == 2) {
/* Needs user name and password */
- size_t proxy_name_len, proxy_password_len;
- if(proxy_name && proxy_password) {
- proxy_name_len = strlen(proxy_name);
+ size_t proxy_user_len, proxy_password_len;
+ if(proxy_user && proxy_password) {
+ proxy_user_len = strlen(proxy_user);
proxy_password_len = strlen(proxy_password);
}
else {
- proxy_name_len = 0;
+ proxy_user_len = 0;
proxy_password_len = 0;
}
@@ -496,23 +527,23 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
*/
len = 0;
socksreq[len++] = 1; /* username/pw subnegotiation version */
- socksreq[len++] = (unsigned char) proxy_name_len;
- if(proxy_name && proxy_name_len)
- memcpy(socksreq + len, proxy_name, proxy_name_len);
- len += proxy_name_len;
+ socksreq[len++] = (unsigned char) proxy_user_len;
+ if(proxy_user && proxy_user_len)
+ memcpy(socksreq + len, proxy_user, proxy_user_len);
+ len += proxy_user_len;
socksreq[len++] = (unsigned char) proxy_password_len;
if(proxy_password && proxy_password_len)
memcpy(socksreq + len, proxy_password, proxy_password_len);
len += proxy_password_len;
code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written);
- if((code != CURLE_OK) || (len != written)) {
+ if(code || (len != written)) {
failf(data, "Failed to send SOCKS5 sub-negotiation request.");
return CURLE_COULDNT_CONNECT;
}
- result=Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
- if((result != CURLE_OK) || (actualread != 2)) {
+ result = Curl_blockread_all(conn, sock, (char *)socksreq, 2, &actualread);
+ if(result || (actualread != 2)) {
failf(data, "Unable to receive SOCKS5 sub-negotiation response.");
return CURLE_COULDNT_CONNECT;
}
@@ -528,17 +559,13 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
}
else {
/* error */
-#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- if(socksreq[1] == 255) {
-#else
- if(socksreq[1] == 1) {
+ if(!allow_gssapi && (socksreq[1] == 1)) {
failf(data,
"SOCKS5 GSSAPI per-message authentication is not supported.");
return CURLE_COULDNT_CONNECT;
}
- else if(socksreq[1] == 255) {
-#endif
- if(!proxy_name || !*proxy_name) {
+ if(socksreq[1] == 255) {
+ if(!proxy_user || !*proxy_user) {
failf(data,
"No authentication method was acceptable. (It is quite likely"
" that the SOCKS5 server wanted a username/password, since none"
@@ -579,7 +606,7 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
if(rc == CURLRESOLV_PENDING) {
/* this requires that we're in "wait for resolve" state */
code = Curl_resolver_wait_resolv(conn, &dns);
- if(code != CURLE_OK)
+ if(code)
return code;
}
@@ -588,36 +615,43 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
* returns a Curl_addrinfo pointer that may not always look the same.
*/
if(dns)
- hp=dns->addr;
+ hp = dns->addr;
if(hp) {
- struct sockaddr_in *saddr_in;
-#ifdef ENABLE_IPV6
- struct sockaddr_in6 *saddr_in6;
-#endif
int i;
+ char buf[64];
+ Curl_printable_address(hp, buf, sizeof(buf));
if(hp->ai_family == AF_INET) {
+ struct sockaddr_in *saddr_in;
socksreq[len++] = 1; /* ATYP: IPv4 = 1 */
- saddr_in = (struct sockaddr_in*)hp->ai_addr;
+ saddr_in = (struct sockaddr_in *)(void *)hp->ai_addr;
for(i = 0; i < 4; i++) {
- socksreq[len++] = ((unsigned char*)&saddr_in->sin_addr.s_addr)[i];
- infof(data, "%d\n", socksreq[len-1]);
+ socksreq[len++] = ((unsigned char *)&saddr_in->sin_addr.s_addr)[i];
}
+
+ infof(data, "SOCKS5 connect to IPv4 %s (locally resolved)\n", buf);
}
#ifdef ENABLE_IPV6
else if(hp->ai_family == AF_INET6) {
+ struct sockaddr_in6 *saddr_in6;
socksreq[len++] = 4; /* ATYP: IPv6 = 4 */
- saddr_in6 = (struct sockaddr_in6*)hp->ai_addr;
+ saddr_in6 = (struct sockaddr_in6 *)(void *)hp->ai_addr;
for(i = 0; i < 16; i++) {
- socksreq[len++] = ((unsigned char*)&saddr_in6->sin6_addr.s6_addr)[i];
+ socksreq[len++] =
+ ((unsigned char *)&saddr_in6->sin6_addr.s6_addr)[i];
}
+
+ infof(data, "SOCKS5 connect to IPv6 %s (locally resolved)\n", buf);
}
#endif
- else
+ else {
hp = NULL; /* fail! */
+ failf(data, "SOCKS5 connection to %s not supported\n", buf);
+ }
+
Curl_resolv_unlock(data, dns); /* not used anymore from now on */
}
if(!hp) {
@@ -632,13 +666,13 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
if(conn->socks5_gssapi_enctype) {
- failf(data, "SOCKS5 gssapi protection not yet implemented.");
+ failf(data, "SOCKS5 GSS-API protection not yet implemented.");
}
else
#endif
code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written);
- if((code != CURLE_OK) || (len != written)) {
+ if(code || (len != written)) {
failf(data, "Failed to send SOCKS5 connect request.");
return CURLE_COULDNT_CONNECT;
}
@@ -647,14 +681,14 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
if(conn->socks5_gssapi_enctype) {
- failf(data, "SOCKS5 gssapi protection not yet implemented.");
+ failf(data, "SOCKS5 GSS-API protection not yet implemented.");
}
else
#endif
result = Curl_blockread_all(conn, sock, (char *)socksreq,
len, &actualread);
- if((result != CURLE_OK) || (len != actualread)) {
+ if(result || (len != actualread)) {
failf(data, "Failed to receive SOCKS5 connect request ack.");
return CURLE_COULDNT_CONNECT;
}
@@ -664,39 +698,6 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
"SOCKS5 reply has wrong version, version should be 5.");
return CURLE_COULDNT_CONNECT;
}
- if(socksreq[1] != 0) { /* Anything besides 0 is an error */
- if(socksreq[3] == 1) {
- failf(data,
- "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
- (unsigned char)socksreq[4], (unsigned char)socksreq[5],
- (unsigned char)socksreq[6], (unsigned char)socksreq[7],
- ((socksreq[8] << 8) | socksreq[9]),
- socksreq[1]);
- }
- else if(socksreq[3] == 3) {
- failf(data,
- "Can't complete SOCKS5 connection to %s:%d. (%d)",
- hostname,
- ((socksreq[8] << 8) | socksreq[9]),
- socksreq[1]);
- }
- else if(socksreq[3] == 4) {
- failf(data,
- "Can't complete SOCKS5 connection to %02x%02x:%02x%02x:"
- "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%d. (%d)",
- (unsigned char)socksreq[4], (unsigned char)socksreq[5],
- (unsigned char)socksreq[6], (unsigned char)socksreq[7],
- (unsigned char)socksreq[8], (unsigned char)socksreq[9],
- (unsigned char)socksreq[10], (unsigned char)socksreq[11],
- (unsigned char)socksreq[12], (unsigned char)socksreq[13],
- (unsigned char)socksreq[14], (unsigned char)socksreq[15],
- (unsigned char)socksreq[16], (unsigned char)socksreq[17],
- (unsigned char)socksreq[18], (unsigned char)socksreq[19],
- ((socksreq[8] << 8) | socksreq[9]),
- socksreq[1]);
- }
- return CURLE_COULDNT_CONNECT;
- }
/* Fix: in general, returned BND.ADDR is variable length parameter by RFC
1928, so the reply packet should be read until the end to avoid errors at
@@ -731,10 +732,9 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
/* decrypt_gssapi_blockread already read the whole packet */
#endif
if(len > 10) {
- len -= 10;
result = Curl_blockread_all(conn, sock, (char *)&socksreq[10],
- len, &actualread);
- if((result != CURLE_OK) || (len != actualread)) {
+ len - 10, &actualread);
+ if(result || ((len - 10) != actualread)) {
failf(data, "Failed to receive SOCKS5 connect request ack.");
return CURLE_COULDNT_CONNECT;
}
@@ -743,7 +743,48 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
}
#endif
- curlx_nonblock(sock, TRUE);
+ if(socksreq[1] != 0) { /* Anything besides 0 is an error */
+ if(socksreq[3] == 1) {
+ failf(data,
+ "Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
+ (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+ (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+ (((unsigned char)socksreq[8] << 8) |
+ (unsigned char)socksreq[9]),
+ (unsigned char)socksreq[1]);
+ }
+ else if(socksreq[3] == 3) {
+ unsigned char port_upper = (unsigned char)socksreq[len - 2];
+ socksreq[len - 2] = 0;
+ failf(data,
+ "Can't complete SOCKS5 connection to %s:%d. (%d)",
+ (char *)&socksreq[5],
+ ((port_upper << 8) |
+ (unsigned char)socksreq[len - 1]),
+ (unsigned char)socksreq[1]);
+ socksreq[len - 2] = port_upper;
+ }
+ else if(socksreq[3] == 4) {
+ failf(data,
+ "Can't complete SOCKS5 connection to %02x%02x:%02x%02x:"
+ "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%d. (%d)",
+ (unsigned char)socksreq[4], (unsigned char)socksreq[5],
+ (unsigned char)socksreq[6], (unsigned char)socksreq[7],
+ (unsigned char)socksreq[8], (unsigned char)socksreq[9],
+ (unsigned char)socksreq[10], (unsigned char)socksreq[11],
+ (unsigned char)socksreq[12], (unsigned char)socksreq[13],
+ (unsigned char)socksreq[14], (unsigned char)socksreq[15],
+ (unsigned char)socksreq[16], (unsigned char)socksreq[17],
+ (unsigned char)socksreq[18], (unsigned char)socksreq[19],
+ (((unsigned char)socksreq[20] << 8) |
+ (unsigned char)socksreq[21]),
+ (unsigned char)socksreq[1]);
+ }
+ return CURLE_COULDNT_CONNECT;
+ }
+ infof(data, "SOCKS5 request granted.\n");
+
+ (void)curlx_nonblock(sock, TRUE);
return CURLE_OK; /* Proxy was successful! */
}
diff --git a/libs/libcurl/src/socks.h b/libs/libcurl/src/socks.h
index dc4670b249..348707e74d 100644
--- a/libs/libcurl/src/socks.h
+++ b/libs/libcurl/src/socks.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,7 +25,7 @@
#include "curl_setup.h"
#ifdef CURL_DISABLE_PROXY
-#define Curl_SOCKS4(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
+#define Curl_SOCKS4(a,b,c,d,e) CURLE_NOT_BUILT_IN
#define Curl_SOCKS5(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
#else
/*
@@ -49,8 +49,7 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
const char *hostname,
int remote_port,
int sockindex,
- struct connectdata *conn,
- bool protocol4a);
+ struct connectdata *conn);
/*
* This function logs in to a SOCKS5 proxy and sends the specifics to the
@@ -65,7 +64,7 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
/*
- * This function handles the sockss5 gssapie negotiation and initialisation
+ * This function handles the SOCKS5 GSS-API negotiation and initialisation
*/
CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
struct connectdata *conn);
diff --git a/libs/libcurl/src/socks_gssapi.c b/libs/libcurl/src/socks_gssapi.c
index 1f840bd4e0..96948ac4ba 100644
--- a/libs/libcurl/src/socks_gssapi.c
+++ b/libs/libcurl/src/socks_gssapi.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com>
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2009, Markus Moeller, <markus_moeller@compuserve.com>
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,16 +23,7 @@
#include "curl_setup.h"
-#ifndef CURL_DISABLE_PROXY
-
-#ifdef HAVE_GSSAPI
-#ifdef HAVE_OLD_GSSMIT
-#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
-#define NCOMPAT 1
-#endif
-#ifndef gss_nt_service_name
-#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
-#endif
+#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_PROXY)
#include "curl_gssapi.h"
#include "urldata.h"
@@ -42,25 +33,23 @@
#include "socks.h"
#include "warnless.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
static gss_ctx_id_t gss_context = GSS_C_NO_CONTEXT;
/*
- * Helper gssapi error functions.
+ * Helper GSS-API error functions.
*/
-static int check_gss_err(struct SessionHandle *data,
+static int check_gss_err(struct Curl_easy *data,
OM_uint32 major_status,
OM_uint32 minor_status,
- const char* function)
+ const char *function)
{
if(GSS_ERROR(major_status)) {
- OM_uint32 maj_stat,min_stat;
+ OM_uint32 maj_stat, min_stat;
OM_uint32 msg_ctx = 0;
gss_buffer_desc status_string;
char buf[1024];
@@ -76,7 +65,7 @@ static int check_gss_err(struct SessionHandle *data,
&msg_ctx, &status_string);
if(maj_stat == GSS_S_COMPLETE) {
if(sizeof(buf) > len + status_string.length + 1) {
- strcpy(buf+len, (char*) status_string.value);
+ strcpy(buf + len, (char *) status_string.value);
len += status_string.length;
}
gss_release_buffer(&min_stat, &status_string);
@@ -85,7 +74,7 @@ static int check_gss_err(struct SessionHandle *data,
gss_release_buffer(&min_stat, &status_string);
}
if(sizeof(buf) > len + 3) {
- strcpy(buf+len, ".\n");
+ strcpy(buf + len, ".\n");
len += 2;
}
msg_ctx = 0;
@@ -97,23 +86,23 @@ static int check_gss_err(struct SessionHandle *data,
&msg_ctx, &status_string);
if(maj_stat == GSS_S_COMPLETE) {
if(sizeof(buf) > len + status_string.length)
- strcpy(buf+len, (char*) status_string.value);
+ strcpy(buf + len, (char *) status_string.value);
gss_release_buffer(&min_stat, &status_string);
break;
}
gss_release_buffer(&min_stat, &status_string);
}
- failf(data, "GSSAPI error: %s failed:\n%s", function, buf);
- return(1);
+ failf(data, "GSS-API error: %s failed:\n%s", function, buf);
+ return 1;
}
- return(0);
+ return 0;
}
CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_socket_t sock = conn->sock[sockindex];
CURLcode code;
ssize_t actualread;
@@ -130,11 +119,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
gss_name_t server = GSS_C_NO_NAME;
gss_name_t gss_client_name = GSS_C_NO_NAME;
unsigned short us_length;
- char *user=NULL;
- unsigned char socksreq[4]; /* room for gssapi exchange header only */
- char *serviceptr = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+ char *user = NULL;
+ unsigned char socksreq[4]; /* room for GSS-API exchange header only */
+ const char *serviceptr = data->set.str[STRING_PROXY_SERVICE_NAME] ?
+ data->set.str[STRING_PROXY_SERVICE_NAME] : "rcmd";
+ const size_t serviceptr_length = strlen(serviceptr);
- /* GSSAPI request looks like
+ /* GSS-API request looks like
* +----+------+-----+----------------+
* |VER | MTYP | LEN | TOKEN |
* +----+------+----------------------+
@@ -143,32 +134,34 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
*/
/* prepare service name */
- if(strchr(serviceptr,'/')) {
- service.value = malloc(strlen(serviceptr));
+ if(strchr(serviceptr, '/')) {
+ service.length = serviceptr_length;
+ service.value = malloc(service.length);
if(!service.value)
return CURLE_OUT_OF_MEMORY;
- service.length = strlen(serviceptr);
memcpy(service.value, serviceptr, service.length);
gss_major_status = gss_import_name(&gss_minor_status, &service,
(gss_OID) GSS_C_NULL_OID, &server);
}
else {
- service.value = malloc(strlen(serviceptr) +strlen(conn->proxy.name)+2);
+ service.value = malloc(serviceptr_length +
+ strlen(conn->socks_proxy.host.name) + 2);
if(!service.value)
return CURLE_OUT_OF_MEMORY;
- service.length = strlen(serviceptr) +strlen(conn->proxy.name)+1;
- snprintf(service.value, service.length+1, "%s@%s",
- serviceptr, conn->proxy.name);
+ service.length = serviceptr_length +
+ strlen(conn->socks_proxy.host.name) + 1;
+ snprintf(service.value, service.length + 1, "%s@%s",
+ serviceptr, conn->socks_proxy.host.name);
gss_major_status = gss_import_name(&gss_minor_status, &service,
- gss_nt_service_name, &server);
+ GSS_C_NT_HOSTBASED_SERVICE, &server);
}
gss_release_buffer(&gss_status, &service); /* clear allocated memory */
- if(check_gss_err(data,gss_major_status,
- gss_minor_status,"gss_import_name()")) {
+ if(check_gss_err(data, gss_major_status,
+ gss_minor_status, "gss_import_name()")) {
failf(data, "Failed to create service name.");
gss_release_name(&gss_status, &server);
return CURLE_COULDNT_CONNECT;
@@ -181,32 +174,34 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
&gss_minor_status,
&gss_context,
server,
+ &Curl_krb5_mech_oid,
NULL,
gss_token,
&gss_send_token,
+ TRUE,
&gss_ret_flags);
if(gss_token != GSS_C_NO_BUFFER)
gss_release_buffer(&gss_status, &gss_recv_token);
- if(check_gss_err(data,gss_major_status,
- gss_minor_status,"gss_init_sec_context")) {
+ if(check_gss_err(data, gss_major_status,
+ gss_minor_status, "gss_init_sec_context")) {
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_send_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
- failf(data, "Failed to initial GSSAPI token.");
+ failf(data, "Failed to initial GSS-API token.");
return CURLE_COULDNT_CONNECT;
}
if(gss_send_token.length != 0) {
- socksreq[0] = 1; /* gssapi subnegotiation version */
+ socksreq[0] = 1; /* GSS-API subnegotiation version */
socksreq[1] = 1; /* authentication message type */
us_length = htons((short)gss_send_token.length);
- memcpy(socksreq+2,&us_length,sizeof(short));
+ memcpy(socksreq + 2, &us_length, sizeof(short));
code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
- if((code != CURLE_OK) || (4 != written)) {
- failf(data, "Failed to send GSSAPI authentication request.");
+ if(code || (4 != written)) {
+ failf(data, "Failed to send GSS-API authentication request.");
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_send_token);
@@ -217,8 +212,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
code = Curl_write_plain(conn, sock, (char *)gss_send_token.value,
gss_send_token.length, &written);
- if((code != CURLE_OK) || ((ssize_t)gss_send_token.length != written)) {
- failf(data, "Failed to send GSSAPI authentication token.");
+ if(code || ((ssize_t)gss_send_token.length != written)) {
+ failf(data, "Failed to send GSS-API authentication token.");
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_send_token);
@@ -234,7 +229,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
/* analyse response */
- /* GSSAPI response looks like
+ /* GSS-API response looks like
* +----+------+-----+----------------+
* |VER | MTYP | LEN | TOKEN |
* +----+------+----------------------+
@@ -242,9 +237,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
* +----+------+-----+----------------+
*/
- result=Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
- if(result != CURLE_OK || actualread != 4) {
- failf(data, "Failed to receive GSSAPI authentication response.");
+ result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
+ if(result || (actualread != 4)) {
+ failf(data, "Failed to receive GSS-API authentication response.");
gss_release_name(&gss_status, &server);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
@@ -260,32 +255,32 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
}
if(socksreq[1] != 1) { /* status / messgae type */
- failf(data, "Invalid GSSAPI authentication response type (%d %d).",
+ failf(data, "Invalid GSS-API authentication response type (%d %d).",
socksreq[0], socksreq[1]);
gss_release_name(&gss_status, &server);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
- memcpy(&us_length, socksreq+2, sizeof(short));
+ memcpy(&us_length, socksreq + 2, sizeof(short));
us_length = ntohs(us_length);
- gss_recv_token.length=us_length;
- gss_recv_token.value=malloc(us_length);
+ gss_recv_token.length = us_length;
+ gss_recv_token.value = malloc(us_length);
if(!gss_recv_token.value) {
failf(data,
- "Could not allocate memory for GSSAPI authentication "
+ "Could not allocate memory for GSS-API authentication "
"response token.");
gss_release_name(&gss_status, &server);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OUT_OF_MEMORY;
}
- result=Curl_blockread_all(conn, sock, (char *)gss_recv_token.value,
- gss_recv_token.length, &actualread);
+ result = Curl_blockread_all(conn, sock, (char *)gss_recv_token.value,
+ gss_recv_token.length, &actualread);
- if(result != CURLE_OK || actualread != us_length) {
- failf(data, "Failed to receive GSSAPI authentication token.");
+ if(result || (actualread != us_length)) {
+ failf(data, "Failed to receive GSS-API authentication token.");
gss_release_name(&gss_status, &server);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
@@ -298,11 +293,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
gss_release_name(&gss_status, &server);
/* Everything is good so far, user was authenticated! */
- gss_major_status = gss_inquire_context (&gss_minor_status, gss_context,
- &gss_client_name, NULL, NULL, NULL,
- NULL, NULL, NULL);
- if(check_gss_err(data,gss_major_status,
- gss_minor_status,"gss_inquire_context")) {
+ gss_major_status = gss_inquire_context(&gss_minor_status, gss_context,
+ &gss_client_name, NULL, NULL, NULL,
+ NULL, NULL, NULL);
+ if(check_gss_err(data, gss_major_status,
+ gss_minor_status, "gss_inquire_context")) {
gss_delete_sec_context(&gss_status, &gss_context, NULL);
gss_release_name(&gss_status, &gss_client_name);
failf(data, "Failed to determine user name.");
@@ -310,15 +305,15 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
}
gss_major_status = gss_display_name(&gss_minor_status, gss_client_name,
&gss_send_token, NULL);
- if(check_gss_err(data,gss_major_status,
- gss_minor_status,"gss_display_name")) {
+ if(check_gss_err(data, gss_major_status,
+ gss_minor_status, "gss_display_name")) {
gss_delete_sec_context(&gss_status, &gss_context, NULL);
gss_release_name(&gss_status, &gss_client_name);
gss_release_buffer(&gss_status, &gss_send_token);
failf(data, "Failed to determine user name.");
return CURLE_COULDNT_CONNECT;
}
- user=malloc(gss_send_token.length+1);
+ user = malloc(gss_send_token.length + 1);
if(!user) {
gss_delete_sec_context(&gss_status, &gss_context, NULL);
gss_release_name(&gss_status, &gss_client_name);
@@ -330,12 +325,12 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
user[gss_send_token.length] = '\0';
gss_release_name(&gss_status, &gss_client_name);
gss_release_buffer(&gss_status, &gss_send_token);
- infof(data, "SOCKS5 server authencticated user %s with gssapi.\n",user);
+ infof(data, "SOCKS5 server authencticated user %s with GSS-API.\n",user);
free(user);
- user=NULL;
+ user = NULL;
/* Do encryption */
- socksreq[0] = 1; /* gssapi subnegotiation version */
+ socksreq[0] = 1; /* GSS-API subnegotiation version */
socksreq[1] = 2; /* encryption message type */
gss_enc = 0; /* no data protection */
@@ -346,8 +341,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
else if(gss_ret_flags & GSS_C_INTEG_FLAG)
gss_enc = 1;
- infof(data, "SOCKS5 server supports gssapi %s data protection.\n",
- (gss_enc==0)?"no":((gss_enc==1)?"integrity":"confidentiality"));
+ infof(data, "SOCKS5 server supports GSS-API %s data protection.\n",
+ (gss_enc == 0)?"no":((gss_enc==1)?"integrity":"confidentiality"));
/* force for the moment to no data protection */
gss_enc = 0;
/*
@@ -382,7 +377,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
*/
if(data->set.socks5_gssapi_nec) {
us_length = htons((short)1);
- memcpy(socksreq+2,&us_length,sizeof(short));
+ memcpy(socksreq + 2, &us_length, sizeof(short));
}
else {
gss_send_token.length = 1;
@@ -397,22 +392,22 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
GSS_C_QOP_DEFAULT, &gss_send_token,
&gss_conf_state, &gss_w_token);
- if(check_gss_err(data,gss_major_status,gss_minor_status,"gss_wrap")) {
+ if(check_gss_err(data, gss_major_status, gss_minor_status, "gss_wrap")) {
gss_release_buffer(&gss_status, &gss_send_token);
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
- failf(data, "Failed to wrap GSSAPI encryption value into token.");
+ failf(data, "Failed to wrap GSS-API encryption value into token.");
return CURLE_COULDNT_CONNECT;
}
gss_release_buffer(&gss_status, &gss_send_token);
us_length = htons((short)gss_w_token.length);
- memcpy(socksreq+2,&us_length,sizeof(short));
+ memcpy(socksreq + 2, &us_length, sizeof(short));
}
code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
- if((code != CURLE_OK) || (4 != written)) {
- failf(data, "Failed to send GSSAPI encryption request.");
+ if(code || (4 != written)) {
+ failf(data, "Failed to send GSS-API encryption request.");
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
@@ -421,8 +416,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
if(data->set.socks5_gssapi_nec) {
memcpy(socksreq, &gss_enc, 1);
code = Curl_write_plain(conn, sock, socksreq, 1, &written);
- if((code != CURLE_OK) || ( 1 != written)) {
- failf(data, "Failed to send GSSAPI encryption type.");
+ if(code || ( 1 != written)) {
+ failf(data, "Failed to send GSS-API encryption type.");
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -430,8 +425,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
else {
code = Curl_write_plain(conn, sock, (char *)gss_w_token.value,
gss_w_token.length, &written);
- if((code != CURLE_OK) || ((ssize_t)gss_w_token.length != written)) {
- failf(data, "Failed to send GSSAPI encryption type.");
+ if(code || ((ssize_t)gss_w_token.length != written)) {
+ failf(data, "Failed to send GSS-API encryption type.");
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
@@ -439,9 +434,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
gss_release_buffer(&gss_status, &gss_w_token);
}
- result=Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
- if(result != CURLE_OK || actualread != 4) {
- failf(data, "Failed to receive GSSAPI encryption response.");
+ result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
+ if(result || (actualread != 4)) {
+ failf(data, "Failed to receive GSS-API encryption response.");
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
@@ -455,26 +450,26 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
}
if(socksreq[1] != 2) { /* status / messgae type */
- failf(data, "Invalid GSSAPI encryption response type (%d %d).",
+ failf(data, "Invalid GSS-API encryption response type (%d %d).",
socksreq[0], socksreq[1]);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
- memcpy(&us_length, socksreq+2, sizeof(short));
+ memcpy(&us_length, socksreq + 2, sizeof(short));
us_length = ntohs(us_length);
- gss_recv_token.length= us_length;
- gss_recv_token.value=malloc(gss_recv_token.length);
+ gss_recv_token.length = us_length;
+ gss_recv_token.value = malloc(gss_recv_token.length);
if(!gss_recv_token.value) {
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OUT_OF_MEMORY;
}
- result=Curl_blockread_all(conn, sock, (char *)gss_recv_token.value,
- gss_recv_token.length, &actualread);
+ result = Curl_blockread_all(conn, sock, (char *)gss_recv_token.value,
+ gss_recv_token.length, &actualread);
- if(result != CURLE_OK || actualread != us_length) {
- failf(data, "Failed to receive GSSAPI encryptrion type.");
+ if(result || (actualread != us_length)) {
+ failf(data, "Failed to receive GSS-API encryptrion type.");
gss_release_buffer(&gss_status, &gss_recv_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
@@ -485,42 +480,42 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
&gss_recv_token, &gss_w_token,
0, GSS_C_QOP_DEFAULT);
- if(check_gss_err(data,gss_major_status,gss_minor_status,"gss_unwrap")) {
+ if(check_gss_err(data, gss_major_status, gss_minor_status, "gss_unwrap")) {
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
- failf(data, "Failed to unwrap GSSAPI encryption value into token.");
+ failf(data, "Failed to unwrap GSS-API encryption value into token.");
return CURLE_COULDNT_CONNECT;
}
gss_release_buffer(&gss_status, &gss_recv_token);
if(gss_w_token.length != 1) {
- failf(data, "Invalid GSSAPI encryption response length (%d).",
+ failf(data, "Invalid GSS-API encryption response length (%d).",
gss_w_token.length);
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
- memcpy(socksreq,gss_w_token.value,gss_w_token.length);
+ memcpy(socksreq, gss_w_token.value, gss_w_token.length);
gss_release_buffer(&gss_status, &gss_w_token);
}
else {
if(gss_recv_token.length != 1) {
- failf(data, "Invalid GSSAPI encryption response length (%d).",
+ failf(data, "Invalid GSS-API encryption response length (%d).",
gss_recv_token.length);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
- memcpy(socksreq,gss_recv_token.value,gss_recv_token.length);
+ memcpy(socksreq, gss_recv_token.value, gss_recv_token.length);
gss_release_buffer(&gss_status, &gss_recv_token);
}
infof(data, "SOCKS5 access with%s protection granted.\n",
- (socksreq[0]==0)?"out gssapi data":
- ((socksreq[0]==1)?" gssapi integrity":" gssapi confidentiality"));
+ (socksreq[0] == 0)?"out GSS-API data":
+ ((socksreq[0] == 1)?" GSS-API integrity":" GSS-API confidentiality"));
conn->socks5_gssapi_enctype = socksreq[0];
if(socksreq[0] == 0)
@@ -528,6 +523,5 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
return CURLE_OK;
}
-#endif
-#endif /* CURL_DISABLE_PROXY */
+#endif /* HAVE_GSSAPI && !CURL_DISABLE_PROXY */
diff --git a/libs/libcurl/src/socks_sspi.c b/libs/libcurl/src/socks_sspi.c
index ed5024cd27..34699d3742 100644
--- a/libs/libcurl/src/socks_sspi.c
+++ b/libs/libcurl/src/socks_sspi.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com>
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -34,26 +34,18 @@
#include "curl_sspi.h"
#include "curl_multibyte.h"
#include "warnless.h"
-
-#define _MPRINTF_REPLACE /* use the internal *printf() functions */
-#include <curl/mprintf.h>
-
+#include "strdup.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/*
- * Definitions required from ntsecapi.h are directly provided below this point
- * to avoid including ntsecapi.h due to a conflict with OpenSSL's safestack.h
- */
-#define KERB_WRAP_NO_ENCRYPT 0x80000001
-
-/*
* Helper sspi error functions.
*/
static int check_sspi_err(struct connectdata *conn,
SECURITY_STATUS status,
- const char* function)
+ const char *function)
{
if(status != SEC_E_OK &&
status != SEC_I_COMPLETE_AND_CONTINUE &&
@@ -70,16 +62,16 @@ static int check_sspi_err(struct connectdata *conn,
CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_socket_t sock = conn->sock[sockindex];
CURLcode code;
ssize_t actualread;
ssize_t written;
int result;
- /* Needs GSSAPI authentication */
+ /* Needs GSS-API authentication */
SECURITY_STATUS status;
unsigned long sspi_ret_flags = 0;
- int gss_enc;
+ unsigned char gss_enc;
SecBuffer sspi_send_token, sspi_recv_token, sspi_w_token[3];
SecBufferDesc input_desc, output_desc, wrap_desc;
SecPkgContext_Sizes sspi_sizes;
@@ -91,10 +83,12 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
char *service_name = NULL;
unsigned short us_length;
unsigned long qop;
- unsigned char socksreq[4]; /* room for gssapi exchange header only */
- char *service = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
+ unsigned char socksreq[4]; /* room for GSS-API exchange header only */
+ const char *service = data->set.str[STRING_PROXY_SERVICE_NAME] ?
+ data->set.str[STRING_PROXY_SERVICE_NAME] : "rcmd";
+ const size_t service_length = strlen(service);
- /* GSSAPI request looks like
+ /* GSS-API request looks like
* +----+------+-----+----------------+
* |VER | MTYP | LEN | TOKEN |
* +----+------+----------------------+
@@ -104,17 +98,18 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
/* prepare service name */
if(strchr(service, '/')) {
- service_name = malloc(strlen(service));
+ service_name = strdup(service);
if(!service_name)
return CURLE_OUT_OF_MEMORY;
- memcpy(service_name, service, strlen(service));
}
else {
- service_name = malloc(strlen(service) + strlen(conn->proxy.name) + 2);
+ service_name = malloc(service_length +
+ strlen(conn->socks_proxy.host.name) + 2);
if(!service_name)
return CURLE_OUT_OF_MEMORY;
- snprintf(service_name,strlen(service) +strlen(conn->proxy.name)+2,"%s/%s",
- service,conn->proxy.name);
+ snprintf(service_name, service_length +
+ strlen(conn->socks_proxy.host.name) + 2, "%s/%s",
+ service, conn->socks_proxy.host.name);
}
input_desc.cBuffers = 1;
@@ -141,7 +136,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
cred_handle.dwUpper = 0;
status = s_pSecFn->AcquireCredentialsHandle(NULL,
- (wchar_t *) TEXT("Kerberos"),
+ (TCHAR *) TEXT("Kerberos"),
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
@@ -152,7 +147,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
if(check_sspi_err(conn, status, "AcquireCredentialsHandle")) {
failf(data, "Failed to acquire credentials.");
- Curl_safefree(service_name);
+ free(service_name);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
return CURLE_COULDNT_CONNECT;
}
@@ -160,7 +155,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
/* As long as we need to keep sending some context info, and there's no */
/* errors, keep sending it... */
for(;;) {
- wchar_t *sname;
+ TCHAR *sname;
sname = Curl_convert_UTF8_to_tchar(service_name);
if(!sname)
@@ -191,26 +186,29 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
}
if(check_sspi_err(conn, status, "InitializeSecurityContext")) {
- Curl_safefree(service_name);
+ free(service_name);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
- s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+ if(sspi_recv_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
failf(data, "Failed to initialise security context.");
return CURLE_COULDNT_CONNECT;
}
if(sspi_send_token.cbBuffer != 0) {
- socksreq[0] = 1; /* gssapi subnegotiation version */
+ socksreq[0] = 1; /* GSS-API subnegotiation version */
socksreq[1] = 1; /* authentication message type */
us_length = htons((short)sspi_send_token.cbBuffer);
- memcpy(socksreq+2, &us_length, sizeof(short));
+ memcpy(socksreq + 2, &us_length, sizeof(short));
code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
- if((code != CURLE_OK) || (4 != written)) {
+ if(code || (4 != written)) {
failf(data, "Failed to send SSPI authentication request.");
- Curl_safefree(service_name);
- s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
- s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+ free(service_name);
+ if(sspi_send_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+ if(sspi_recv_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
@@ -218,11 +216,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
code = Curl_write_plain(conn, sock, (char *)sspi_send_token.pvBuffer,
sspi_send_token.cbBuffer, &written);
- if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
+ if(code || (sspi_send_token.cbBuffer != (size_t)written)) {
failf(data, "Failed to send SSPI authentication token.");
- Curl_safefree(service_name);
- s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
- s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+ free(service_name);
+ if(sspi_send_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+ if(sspi_recv_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
@@ -230,18 +230,24 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
}
- s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
- sspi_send_token.pvBuffer = NULL;
+ if(sspi_send_token.pvBuffer) {
+ s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+ sspi_send_token.pvBuffer = NULL;
+ }
sspi_send_token.cbBuffer = 0;
- s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
- sspi_recv_token.pvBuffer = NULL;
+
+ if(sspi_recv_token.pvBuffer) {
+ s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+ sspi_recv_token.pvBuffer = NULL;
+ }
sspi_recv_token.cbBuffer = 0;
+
if(status != SEC_I_CONTINUE_NEEDED)
break;
/* analyse response */
- /* GSSAPI response looks like
+ /* GSS-API response looks like
* +----+------+-----+----------------+
* |VER | MTYP | LEN | TOKEN |
* +----+------+----------------------+
@@ -250,9 +256,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
*/
result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
- if(result != CURLE_OK || actualread != 4) {
+ if(result || (actualread != 4)) {
failf(data, "Failed to receive SSPI authentication response.");
- Curl_safefree(service_name);
+ free(service_name);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
@@ -262,7 +268,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
if(socksreq[1] == 255) { /* status / message type */
failf(data, "User was rejected by the SOCKS5 server (%u %u).",
(unsigned int)socksreq[0], (unsigned int)socksreq[1]);
- Curl_safefree(service_name);
+ free(service_name);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
@@ -271,20 +277,20 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
if(socksreq[1] != 1) { /* status / messgae type */
failf(data, "Invalid SSPI authentication response type (%u %u).",
(unsigned int)socksreq[0], (unsigned int)socksreq[1]);
- Curl_safefree(service_name);
+ free(service_name);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
}
- memcpy(&us_length, socksreq+2, sizeof(short));
+ memcpy(&us_length, socksreq + 2, sizeof(short));
us_length = ntohs(us_length);
sspi_recv_token.cbBuffer = us_length;
sspi_recv_token.pvBuffer = malloc(us_length);
if(!sspi_recv_token.pvBuffer) {
- Curl_safefree(service_name);
+ free(service_name);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_OUT_OF_MEMORY;
@@ -292,10 +298,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
result = Curl_blockread_all(conn, sock, (char *)sspi_recv_token.pvBuffer,
sspi_recv_token.cbBuffer, &actualread);
- if(result != CURLE_OK || actualread != us_length) {
+ if(result || (actualread != us_length)) {
failf(data, "Failed to receive SSPI authentication token.");
- Curl_safefree(service_name);
- s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
+ free(service_name);
+ if(sspi_recv_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);
s_pSecFn->FreeCredentialsHandle(&cred_handle);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
@@ -304,7 +311,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
context_handle = &sspi_context;
}
- Curl_safefree(service_name);
+ free(service_name);
/* Everything is good so far, user was authenticated! */
status = s_pSecFn->QueryCredentialsAttributes(&cred_handle,
@@ -317,12 +324,12 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
failf(data, "Failed to determine user name.");
return CURLE_COULDNT_CONNECT;
}
- infof(data, "SOCKS5 server authencticated user %s with gssapi.\n",
+ infof(data, "SOCKS5 server authencticated user %s with GSS-API.\n",
names.sUserName);
s_pSecFn->FreeContextBuffer(names.sUserName);
/* Do encryption */
- socksreq[0] = 1; /* gssapi subnegotiation version */
+ socksreq[0] = 1; /* GSS-API subnegotiation version */
socksreq[1] = 2; /* encryption message type */
gss_enc = 0; /* no data protection */
@@ -333,8 +340,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
else if(sspi_ret_flags & ISC_REQ_INTEGRITY)
gss_enc = 1;
- infof(data, "SOCKS5 server supports gssapi %s data protection.\n",
- (gss_enc==0)?"no":((gss_enc==1)?"integrity":"confidentiality") );
+ infof(data, "SOCKS5 server supports GSS-API %s data protection.\n",
+ (gss_enc == 0)?"no":((gss_enc == 1)?"integrity":"confidentiality") );
/* force to no data protection, avoid encryption/decryption for now */
gss_enc = 0;
/*
@@ -370,7 +377,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
if(data->set.socks5_gssapi_nec) {
us_length = htons((short)1);
- memcpy(socksreq+2, &us_length, sizeof(short));
+ memcpy(socksreq + 2, &us_length, sizeof(short));
}
else {
status = s_pSecFn->QueryContextAttributes(&sspi_context,
@@ -399,7 +406,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
return CURLE_OUT_OF_MEMORY;
}
- memcpy(sspi_w_token[1].pvBuffer,&gss_enc,1);
+ memcpy(sspi_w_token[1].pvBuffer, &gss_enc, 1);
sspi_w_token[2].BufferType = SECBUFFER_PADDING;
sspi_w_token[2].cbBuffer = sspi_sizes.cbBlockSize;
sspi_w_token[2].pvBuffer = malloc(sspi_sizes.cbBlockSize);
@@ -438,8 +445,8 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
memcpy((PUCHAR) sspi_send_token.pvBuffer +(int)sspi_w_token[0].cbBuffer,
sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer);
memcpy((PUCHAR) sspi_send_token.pvBuffer
- +sspi_w_token[0].cbBuffer
- +sspi_w_token[1].cbBuffer,
+ + sspi_w_token[0].cbBuffer
+ + sspi_w_token[1].cbBuffer,
sspi_w_token[2].pvBuffer, sspi_w_token[2].cbBuffer);
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
@@ -453,21 +460,22 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
sspi_w_token[2].cbBuffer = 0;
us_length = htons((short)sspi_send_token.cbBuffer);
- memcpy(socksreq+2,&us_length,sizeof(short));
+ memcpy(socksreq + 2, &us_length, sizeof(short));
}
code = Curl_write_plain(conn, sock, (char *)socksreq, 4, &written);
- if((code != CURLE_OK) || (4 != written)) {
+ if(code || (4 != written)) {
failf(data, "Failed to send SSPI encryption request.");
- s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+ if(sspi_send_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
}
if(data->set.socks5_gssapi_nec) {
- memcpy(socksreq,&gss_enc,1);
+ memcpy(socksreq, &gss_enc, 1);
code = Curl_write_plain(conn, sock, (char *)socksreq, 1, &written);
- if((code != CURLE_OK) || (1 != written)) {
+ if(code || (1 != written)) {
failf(data, "Failed to send SSPI encryption type.");
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
@@ -476,17 +484,19 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
else {
code = Curl_write_plain(conn, sock, (char *)sspi_send_token.pvBuffer,
sspi_send_token.cbBuffer, &written);
- if((code != CURLE_OK) || (sspi_send_token.cbBuffer != (size_t)written)) {
+ if(code || (sspi_send_token.cbBuffer != (size_t)written)) {
failf(data, "Failed to send SSPI encryption type.");
- s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+ if(sspi_send_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
}
- s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
+ if(sspi_send_token.pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_send_token.pvBuffer);
}
result = Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
- if(result != CURLE_OK || actualread != 4) {
+ if(result || (actualread != 4)) {
failf(data, "Failed to receive SSPI encryption response.");
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
@@ -507,7 +517,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
return CURLE_COULDNT_CONNECT;
}
- memcpy(&us_length, socksreq+2, sizeof(short));
+ memcpy(&us_length, socksreq + 2, sizeof(short));
us_length = ntohs(us_length);
sspi_w_token[0].cbBuffer = us_length;
@@ -520,7 +530,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
result = Curl_blockread_all(conn, sock, (char *)sspi_w_token[0].pvBuffer,
sspi_w_token[0].cbBuffer, &actualread);
- if(result != CURLE_OK || actualread != us_length) {
+ if(result || (actualread != us_length)) {
failf(data, "Failed to receive SSPI encryption type.");
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
s_pSecFn->DeleteSecurityContext(&sspi_context);
@@ -541,8 +551,10 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
&qop);
if(check_sspi_err(conn, status, "DecryptMessage")) {
- s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
- s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+ if(sspi_w_token[0].pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+ if(sspi_w_token[1].pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
s_pSecFn->DeleteSecurityContext(&sspi_context);
failf(data, "Failed to query security context attributes.");
return CURLE_COULDNT_CONNECT;
@@ -551,13 +563,15 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
if(sspi_w_token[1].cbBuffer != 1) {
failf(data, "Invalid SSPI encryption response length (%lu).",
(unsigned long)sspi_w_token[1].cbBuffer);
- s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
- s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
+ if(sspi_w_token[0].pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
+ if(sspi_w_token[1].pvBuffer)
+ s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
}
- memcpy(socksreq,sspi_w_token[1].pvBuffer,sspi_w_token[1].cbBuffer);
+ memcpy(socksreq, sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer);
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
s_pSecFn->FreeContextBuffer(sspi_w_token[1].pvBuffer);
}
@@ -569,13 +583,13 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
s_pSecFn->DeleteSecurityContext(&sspi_context);
return CURLE_COULDNT_CONNECT;
}
- memcpy(socksreq,sspi_w_token[0].pvBuffer,sspi_w_token[0].cbBuffer);
+ memcpy(socksreq, sspi_w_token[0].pvBuffer, sspi_w_token[0].cbBuffer);
s_pSecFn->FreeContextBuffer(sspi_w_token[0].pvBuffer);
}
infof(data, "SOCKS5 access with%s protection granted.\n",
- (socksreq[0]==0)?"out gssapi data":
- ((socksreq[0]==1)?" gssapi integrity":" gssapi confidentiality"));
+ (socksreq[0] == 0)?"out GSS-API data":
+ ((socksreq[0] == 1)?" GSS-API integrity":" GSS-API confidentiality"));
/* For later use if encryption is required
conn->socks5_gssapi_enctype = socksreq[0];
diff --git a/libs/libcurl/src/speedcheck.c b/libs/libcurl/src/speedcheck.c
index ea17a59754..3aeea9111b 100644
--- a/libs/libcurl/src/speedcheck.c
+++ b/libs/libcurl/src/speedcheck.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -28,47 +28,46 @@
#include "multiif.h"
#include "speedcheck.h"
-void Curl_speedinit(struct SessionHandle *data)
+void Curl_speedinit(struct Curl_easy *data)
{
- memset(&data->state.keeps_speed, 0, sizeof(struct timeval));
+ memset(&data->state.keeps_speed, 0, sizeof(struct curltime));
}
-CURLcode Curl_speedcheck(struct SessionHandle *data,
- struct timeval now)
+/*
+ * @unittest: 1606
+ */
+CURLcode Curl_speedcheck(struct Curl_easy *data,
+ struct curltime now)
{
- if((data->progress.current_speed >= 0) &&
- data->set.low_speed_time &&
- (Curl_tvlong(data->state.keeps_speed) != 0) &&
- (data->progress.current_speed < data->set.low_speed_limit)) {
- long howlong = Curl_tvdiff(now, data->state.keeps_speed);
- long nextcheck = (data->set.low_speed_time * 1000) - howlong;
+ if((data->progress.current_speed >= 0) && data->set.low_speed_time) {
+ if(data->progress.current_speed < data->set.low_speed_limit) {
+ if(!data->state.keeps_speed.tv_sec)
+ /* under the limit at this very moment */
+ data->state.keeps_speed = now;
+ else {
+ /* how long has it been under the limit */
+ timediff_t howlong = Curl_timediff(now, data->state.keeps_speed);
- /* We are now below the "low speed limit". If we are below it
- for "low speed time" seconds we consider that enough reason
- to abort the download. */
- if(nextcheck <= 0) {
- /* we have been this slow for long enough, now die */
- failf(data,
- "Operation too slow. "
- "Less than %ld bytes/sec transferred the last %ld seconds",
- data->set.low_speed_limit,
- data->set.low_speed_time);
- return CURLE_OPERATION_TIMEDOUT;
- }
- else {
- /* wait complete low_speed_time */
- Curl_expire(data, nextcheck);
+ if(howlong >= data->set.low_speed_time * 1000) {
+ /* too long */
+ failf(data,
+ "Operation too slow. "
+ "Less than %ld bytes/sec transferred the last %ld seconds",
+ data->set.low_speed_limit,
+ data->set.low_speed_time);
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ }
}
+ else
+ /* faster right now */
+ data->state.keeps_speed.tv_sec = 0;
}
- else {
- /* we keep up the required speed all right */
- data->state.keeps_speed = now;
- if(data->set.low_speed_limit)
- /* if there is a low speed limit enabled, we set the expire timer to
- make this connection's speed get checked again no later than when
- this time is up */
- Curl_expire(data, data->set.low_speed_time*1000);
- }
+ if(data->set.low_speed_limit)
+ /* if low speed limit is enabled, set the expire timer to make this
+ connection's speed get checked again in a second */
+ Curl_expire(data, 1000, EXPIRE_SPEEDCHECK);
+
return CURLE_OK;
}
diff --git a/libs/libcurl/src/speedcheck.h b/libs/libcurl/src/speedcheck.h
index 786cd1215a..5c2dc9a226 100644
--- a/libs/libcurl/src/speedcheck.h
+++ b/libs/libcurl/src/speedcheck.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,8 +26,8 @@
#include "timeval.h"
-void Curl_speedinit(struct SessionHandle *data);
-CURLcode Curl_speedcheck(struct SessionHandle *data,
- struct timeval now);
+void Curl_speedinit(struct Curl_easy *data);
+CURLcode Curl_speedcheck(struct Curl_easy *data,
+ struct curltime now);
#endif /* HEADER_CURL_SPEEDCHECK_H */
diff --git a/libs/libcurl/src/splay.c b/libs/libcurl/src/splay.c
index 3570712d43..69af446eb5 100644
--- a/libs/libcurl/src/splay.c
+++ b/libs/libcurl/src/splay.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1997 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1997 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -37,7 +37,7 @@
* Splay using the key i (which may or may not be in the tree.) The starting
* root is t.
*/
-struct Curl_tree *Curl_splay(struct timeval i,
+struct Curl_tree *Curl_splay(struct curltime i,
struct Curl_tree *t)
{
struct Curl_tree N, *l, *r, *y;
@@ -97,35 +97,32 @@ struct Curl_tree *Curl_splay(struct timeval i,
*
* @unittest: 1309
*/
-struct Curl_tree *Curl_splayinsert(struct timeval i,
+struct Curl_tree *Curl_splayinsert(struct curltime i,
struct Curl_tree *t,
struct Curl_tree *node)
{
- static struct timeval KEY_NOTUSED = {-1,-1}; /* will *NEVER* appear */
+ static const struct curltime KEY_NOTUSED = {
+ (time_t)-1, (unsigned int)-1
+ }; /* will *NEVER* appear */
if(node == NULL)
return t;
if(t != NULL) {
- t = Curl_splay(i,t);
- if(compare(i, t->key)==0) {
+ t = Curl_splay(i, t);
+ if(compare(i, t->key) == 0) {
/* There already exists a node in the tree with the very same key. Build
- a linked list of nodes. We make the new 'node' struct the new master
- node and make the previous node the first one in the 'same' list. */
+ a doubly-linked circular list of nodes. We add the new 'node' struct
+ to the end of this list. */
- node->same = t;
- node->key = i;
- node->smaller = t->smaller;
- node->larger = t->larger;
+ node->key = KEY_NOTUSED; /* we set the key in the sub node to NOTUSED
+ to quickly identify this node as a subnode */
+ node->samen = t;
+ node->samep = t->samep;
+ t->samep->samen = node;
+ t->samep = node;
- t->smaller = node; /* in the sub node for this same key, we use the
- smaller pointer to point back to the master
- node */
-
- t->key = KEY_NOTUSED; /* and we set the key in the sub node to NOTUSED
- to quickly identify this node as a subnode */
-
- return node; /* new root node */
+ return t; /* the root node always stays the same */
}
}
@@ -145,16 +142,20 @@ struct Curl_tree *Curl_splayinsert(struct timeval i,
}
node->key = i;
- node->same = NULL; /* no identical node (yet) */
+ /* no identical nodes (yet), we are the only one in the list of nodes */
+ node->samen = node;
+ node->samep = node;
return node;
}
/* Finds and deletes the best-fit node from the tree. Return a pointer to the
- resulting tree. best-fit means the node with the given or lower key */
-struct Curl_tree *Curl_splaygetbest(struct timeval i,
+ resulting tree. best-fit means the smallest node if it is not larger than
+ the key */
+struct Curl_tree *Curl_splaygetbest(struct curltime i,
struct Curl_tree *t,
struct Curl_tree **removed)
{
+ static struct curltime tv_zero = {0, 0};
struct Curl_tree *x;
if(!t) {
@@ -162,49 +163,36 @@ struct Curl_tree *Curl_splaygetbest(struct timeval i,
return NULL;
}
- t = Curl_splay(i,t);
+ /* find smallest */
+ t = Curl_splay(tv_zero, t);
if(compare(i, t->key) < 0) {
- /* too big node, try the smaller chain */
- if(t->smaller)
- t=Curl_splay(t->smaller->key, t);
- else {
- /* fail */
- *removed = NULL;
- return t;
- }
+ /* even the smallest is too big */
+ *removed = NULL;
+ return t;
}
- if(compare(i, t->key) >= 0) { /* found it */
- /* FIRST! Check if there is a list with identical keys */
- x = t->same;
- if(x) {
- /* there is, pick one from the list */
+ /* FIRST! Check if there is a list with identical keys */
+ x = t->samen;
+ if(x != t) {
+ /* there is, pick one from the list */
- /* 'x' is the new root node */
+ /* 'x' is the new root node */
- x->key = t->key;
- x->larger = t->larger;
- x->smaller = t->smaller;
-
- *removed = t;
- return x; /* new root */
- }
+ x->key = t->key;
+ x->larger = t->larger;
+ x->smaller = t->smaller;
+ x->samep = t->samep;
+ t->samep->samen = x;
- if(t->smaller == NULL) {
- x = t->larger;
- }
- else {
- x = Curl_splay(i, t->smaller);
- x->larger = t->larger;
- }
*removed = t;
-
- return x;
- }
- else {
- *removed = NULL; /* no match */
- return t; /* It wasn't there */
+ return x; /* new root */
}
+
+ /* we splayed the tree to the smallest element, there is no smaller */
+ x = t->larger;
+ *removed = t;
+
+ return x;
}
@@ -223,7 +211,9 @@ int Curl_splayremovebyaddr(struct Curl_tree *t,
struct Curl_tree *removenode,
struct Curl_tree **newroot)
{
- static struct timeval KEY_NOTUSED = {-1,-1}; /* will *NEVER* appear */
+ static const struct curltime KEY_NOTUSED = {
+ (time_t)-1, (unsigned int)-1
+ }; /* will *NEVER* appear */
struct Curl_tree *x;
if(!t || !removenode)
@@ -231,19 +221,17 @@ int Curl_splayremovebyaddr(struct Curl_tree *t,
if(compare(KEY_NOTUSED, removenode->key) == 0) {
/* Key set to NOTUSED means it is a subnode within a 'same' linked list
- and thus we can unlink it easily. The 'smaller' link of a subnode
- links to the parent node. */
- if(removenode->smaller == NULL)
+ and thus we can unlink it easily. */
+ if(removenode->samen == removenode)
+ /* A non-subnode should never be set to KEY_NOTUSED */
return 3;
- removenode->smaller->same = removenode->same;
- if(removenode->same)
- removenode->same->smaller = removenode->smaller;
+ removenode->samep->samen = removenode->samen;
+ removenode->samen->samep = removenode->samep;
/* Ensures that double-remove gets caught. */
- removenode->smaller = NULL;
+ removenode->samen = removenode;
- /* voila, we're done! */
*newroot = t; /* return the same root */
return 0;
}
@@ -262,14 +250,16 @@ int Curl_splayremovebyaddr(struct Curl_tree *t,
/* Check if there is a list with identical sizes, as then we're trying to
remove the root node of a list of nodes with identical keys. */
- x = t->same;
- if(x) {
+ x = t->samen;
+ if(x != t) {
/* 'x' is the new root node, we just make it use the root node's
smaller/larger links */
x->key = t->key;
x->larger = t->larger;
x->smaller = t->smaller;
+ x->samep = t->samep;
+ t->samep->samen = x;
}
else {
/* Remove the root node */
diff --git a/libs/libcurl/src/splay.h b/libs/libcurl/src/splay.h
index 5f9ef24cc6..4612ec271f 100644
--- a/libs/libcurl/src/splay.h
+++ b/libs/libcurl/src/splay.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1997 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1997 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,29 +22,31 @@
*
***************************************************************************/
#include "curl_setup.h"
+#include "timeval.h"
struct Curl_tree {
struct Curl_tree *smaller; /* smaller node */
struct Curl_tree *larger; /* larger node */
- struct Curl_tree *same; /* points to a node with identical key */
- struct timeval key; /* this node's "sort" key */
+ struct Curl_tree *samen; /* points to the next node with identical key */
+ struct Curl_tree *samep; /* points to the prev node with identical key */
+ struct curltime key; /* this node's "sort" key */
void *payload; /* data the splay code doesn't care about */
};
-struct Curl_tree *Curl_splay(struct timeval i,
+struct Curl_tree *Curl_splay(struct curltime i,
struct Curl_tree *t);
-struct Curl_tree *Curl_splayinsert(struct timeval key,
+struct Curl_tree *Curl_splayinsert(struct curltime key,
struct Curl_tree *t,
struct Curl_tree *newnode);
#if 0
-struct Curl_tree *Curl_splayremove(struct timeval key,
+struct Curl_tree *Curl_splayremove(struct curltime key,
struct Curl_tree *t,
struct Curl_tree **removed);
#endif
-struct Curl_tree *Curl_splaygetbest(struct timeval key,
+struct Curl_tree *Curl_splaygetbest(struct curltime key,
struct Curl_tree *t,
struct Curl_tree **removed);
@@ -52,10 +54,10 @@ int Curl_splayremovebyaddr(struct Curl_tree *t,
struct Curl_tree *removenode,
struct Curl_tree **newroot);
-#define Curl_splaycomparekeys(i,j) ( ((i.tv_sec) < (j.tv_sec)) ? -1 : \
- ( ((i.tv_sec) > (j.tv_sec)) ? 1 : \
+#define Curl_splaycomparekeys(i,j) ( ((i.tv_sec) < (j.tv_sec)) ? -1 : \
+ ( ((i.tv_sec) > (j.tv_sec)) ? 1 : \
( ((i.tv_usec) < (j.tv_usec)) ? -1 : \
- ( ((i.tv_usec) > (j.tv_usec)) ? 1 : 0 ))))
+ ( ((i.tv_usec) > (j.tv_usec)) ? 1 : 0))))
#ifdef DEBUGBUILD
void Curl_splayprint(struct Curl_tree * t, int d, char output);
diff --git a/libs/libcurl/src/ssh.c b/libs/libcurl/src/ssh.c
index c213225db4..2496e7cff3 100644
--- a/libs/libcurl/src/ssh.c
+++ b/libs/libcurl/src/ssh.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -71,9 +71,9 @@
#include "url.h"
#include "speedcheck.h"
#include "getinfo.h"
-
-#include "strequal.h"
-#include "sslgen.h"
+#include "strdup.h"
+#include "strcase.h"
+#include "vtls/vtls.h"
#include "connect.h"
#include "strerror.h"
#include "inet_ntop.h"
@@ -84,16 +84,17 @@
#include "select.h"
#include "warnless.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
#ifdef WIN32
# undef PATH_MAX
# define PATH_MAX MAX_PATH
+# ifndef R_OK
+# define R_OK 4
+# endif
#endif
#ifndef PATH_MAX
@@ -101,12 +102,18 @@
have their definition hidden well */
#endif
+#if LIBSSH2_VERSION_NUM >= 0x010206
+/* libssh2_sftp_statvfs and friends were added in 1.2.6 */
+#define HAS_STATVFS_SUPPORT 1
+#endif
+
#define sftp_libssh2_last_error(s) curlx_ultosi(libssh2_sftp_last_error(s))
#define sftp_libssh2_realpath(s,p,t,m) \
libssh2_sftp_symlink_ex((s), (p), curlx_uztoui(strlen(p)), \
(t), (m), LIBSSH2_SFTP_REALPATH)
+
/* Local functions: */
static const char *sftp_libssh2_strerror(int err);
static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc);
@@ -170,6 +177,7 @@ const struct Curl_handler Curl_handler_scp = {
ssh_perform_getsock, /* perform_getsock */
scp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_SSH, /* defport */
CURLPROTO_SCP, /* protocol */
PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION
@@ -196,6 +204,7 @@ const struct Curl_handler Curl_handler_sftp = {
ssh_perform_getsock, /* perform_getsock */
sftp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_SSH, /* defport */
CURLPROTO_SFTP, /* protocol */
PROTOPT_DIRLOCK | PROTOPT_CLOSEACTION
@@ -233,7 +242,7 @@ kbd_callback(const char *name, int name_len, const char *instruction,
static CURLcode sftp_libssh2_error_to_CURLE(int err)
{
- switch (err) {
+ switch(err) {
case LIBSSH2_FX_OK:
return CURLE_OK;
@@ -265,7 +274,7 @@ static CURLcode sftp_libssh2_error_to_CURLE(int err)
static CURLcode libssh2_session_error_to_CURLE(int err)
{
- switch (err) {
+ switch(err) {
/* Ordered by order of appearance in libssh2.h */
case LIBSSH2_ERROR_NONE:
return CURLE_OK;
@@ -328,6 +337,7 @@ static LIBSSH2_FREE_FUNC(my_libssh2_free)
/* This is the ONLY way to change SSH state! */
static void state(struct connectdata *conn, sshstate nowstate)
{
+ struct ssh_conn *sshc = &conn->proto.sshc;
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
/* for debug purposes */
static const char * const names[] = {
@@ -361,6 +371,9 @@ static void state(struct connectdata *conn, sshstate nowstate)
"SSH_SFTP_QUOTE_RENAME",
"SSH_SFTP_QUOTE_RMDIR",
"SSH_SFTP_QUOTE_UNLINK",
+ "SSH_SFTP_QUOTE_STATVFS",
+ "SSH_SFTP_GETINFO",
+ "SSH_SFTP_FILETIME",
"SSH_SFTP_TRANS_INIT",
"SSH_SFTP_UPLOAD_INIT",
"SSH_SFTP_CREATE_DIRS_INIT",
@@ -387,10 +400,7 @@ static void state(struct connectdata *conn, sshstate nowstate)
"SSH_SESSION_FREE",
"QUIT"
};
-#endif
- struct ssh_conn *sshc = &conn->proto.sshc;
-#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
if(sshc->state != nowstate) {
infof(conn->data, "SFTP %p state change from %s to %s\n",
(void *)sshc, names[sshc->state], names[nowstate]);
@@ -406,26 +416,26 @@ static CURLcode ssh_getworkingpath(struct connectdata *conn,
char **path) /* returns the allocated
real path to work with */
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
char *real_path = NULL;
char *working_path;
- int working_path_len;
-
- working_path = curl_easy_unescape(data, data->state.path, 0,
- &working_path_len);
- if(!working_path)
- return CURLE_OUT_OF_MEMORY;
-
- /* Check for /~/ , indicating relative to the user's home directory */
+ size_t working_path_len;
+ CURLcode result =
+ Curl_urldecode(data, data->state.path, 0, &working_path,
+ &working_path_len, FALSE);
+ if(result)
+ return result;
+
+ /* Check for /~/, indicating relative to the user's home directory */
if(conn->handler->protocol & CURLPROTO_SCP) {
- real_path = malloc(working_path_len+1);
+ real_path = malloc(working_path_len + 1);
if(real_path == NULL) {
free(working_path);
return CURLE_OUT_OF_MEMORY;
}
if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
/* It is referenced to the home directory, so strip the leading '/~/' */
- memcpy(real_path, working_path+3, 4 + working_path_len-3);
+ memcpy(real_path, working_path + 3, 4 + working_path_len-3);
else
memcpy(real_path, working_path, 1 + working_path_len);
}
@@ -441,19 +451,19 @@ static CURLcode ssh_getworkingpath(struct connectdata *conn,
leading '/' */
memcpy(real_path, homedir, homelen);
real_path[homelen] = '/';
- real_path[homelen+1] = '\0';
+ real_path[homelen + 1] = '\0';
if(working_path_len > 3) {
- memcpy(real_path+homelen+1, working_path + 3,
+ memcpy(real_path + homelen + 1, working_path + 3,
1 + working_path_len -3);
}
}
else {
- real_path = malloc(working_path_len+1);
+ real_path = malloc(working_path_len + 1);
if(real_path == NULL) {
free(working_path);
return CURLE_OUT_OF_MEMORY;
}
- memcpy(real_path, working_path, 1+working_path_len);
+ memcpy(real_path, working_path, 1 + working_path_len);
}
}
@@ -466,7 +476,7 @@ static CURLcode ssh_getworkingpath(struct connectdata *conn,
}
#ifdef HAVE_LIBSSH2_KNOWNHOST_API
-static int sshkeycallback(CURL *easy,
+static int sshkeycallback(struct Curl_easy *easy,
const struct curl_khkey *knownkey, /* known */
const struct curl_khkey *foundkey, /* found */
enum curl_khmatch match,
@@ -515,7 +525,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
CURLcode result = CURLE_OK;
#ifdef HAVE_LIBSSH2_KNOWNHOST_API
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
/* we're asked to verify the host against a file */
@@ -545,6 +555,17 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS;
+#ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP
+ keycheck = libssh2_knownhost_checkp(sshc->kh,
+ conn->host.name,
+ (conn->remote_port != PORT_SSH)?
+ conn->remote_port:-1,
+ remotekey, keylen,
+ LIBSSH2_KNOWNHOST_TYPE_PLAIN|
+ LIBSSH2_KNOWNHOST_KEYENC_RAW|
+ keybit,
+ &host);
+#else
keycheck = libssh2_knownhost_check(sshc->kh,
conn->host.name,
remotekey, keylen,
@@ -552,6 +573,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
LIBSSH2_KNOWNHOST_KEYENC_RAW|
keybit,
&host);
+#endif
infof(data, "SSH host check: %d, key: %s\n", keycheck,
(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
@@ -590,8 +612,10 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
switch(rc) {
default: /* unknown return codes will equal reject */
+ /* FALLTHROUGH */
case CURLKHSTAT_REJECT:
state(conn, SSH_SESSION_FREE);
+ /* FALLTHROUGH */
case CURLKHSTAT_DEFER:
/* DEFER means bail out but keep the SSH_HOSTKEY state */
result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
@@ -636,7 +660,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
static CURLcode ssh_check_fingerprint(struct connectdata *conn)
{
struct ssh_conn *sshc = &conn->proto.sshc;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
char md5buffer[33];
int i;
@@ -655,7 +679,7 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
* against a known fingerprint, if available.
*/
if(pubkey_md5 && strlen(pubkey_md5) == 32) {
- if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
+ if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) {
if(fingerprint)
failf(data,
"Denied establishing ssh session: mismatch md5 fingerprint. "
@@ -667,14 +691,11 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
return sshc->actualcode;
}
- else {
- infof(data, "MD5 checksum match!\n");
- /* as we already matched, we skip the check for known hosts */
- return CURLE_OK;
- }
+ infof(data, "MD5 checksum match!\n");
+ /* as we already matched, we skip the check for known hosts */
+ return CURLE_OK;
}
- else
- return ssh_knownhost(conn);
+ return ssh_knownhost(conn);
}
/*
@@ -687,7 +708,7 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct SSHPROTO *sftp_scp = data->req.protop;
struct ssh_conn *sshc = &conn->proto.sshc;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
@@ -717,7 +738,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc) {
+ if(rc) {
failf(data, "Failure establishing ssh session");
state(conn, SSH_SESSION_FREE);
sshc->actualcode = CURLE_FAILED_INIT;
@@ -734,8 +755,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
* whatever) is up to us.
*/
result = ssh_check_fingerprint(conn);
- if(result == CURLE_OK)
+ if(!result)
state(conn, SSH_AUTHLIST);
+ /* ssh_check_fingerprint sets state appropriately on error */
break;
case SSH_AUTHLIST:
@@ -754,16 +776,20 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
curlx_uztoui(strlen(conn->user)));
if(!sshc->authlist) {
- if((err = libssh2_session_last_errno(sshc->ssh_session)) ==
- LIBSSH2_ERROR_EAGAIN) {
- rc = LIBSSH2_ERROR_EAGAIN;
+ if(libssh2_userauth_authenticated(sshc->ssh_session)) {
+ sshc->authed = TRUE;
+ infof(data, "SSH user accepted with no authentication\n");
+ state(conn, SSH_AUTH_DONE);
break;
}
+ err = libssh2_session_last_errno(sshc->ssh_session);
+ if(err == LIBSSH2_ERROR_EAGAIN)
+ rc = LIBSSH2_ERROR_EAGAIN;
else {
state(conn, SSH_SESSION_FREE);
sshc->actualcode = libssh2_session_error_to_CURLE(err);
- break;
}
+ break;
}
infof(data, "SSH authentication methods available: %s\n",
sshc->authlist);
@@ -781,7 +807,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
(strstr(sshc->authlist, "publickey") != NULL)) {
char *home = NULL;
- bool rsa_pub_empty_but_ok = FALSE;
+ bool out_of_memory = FALSE;
sshc->rsa_pub = sshc->rsa = NULL;
@@ -789,48 +815,72 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
HOME environment variable etc? */
home = curl_getenv("HOME");
- if(data->set.str[STRING_SSH_PUBLIC_KEY] &&
- !*data->set.str[STRING_SSH_PUBLIC_KEY])
- rsa_pub_empty_but_ok = true;
- else if(data->set.str[STRING_SSH_PUBLIC_KEY])
- sshc->rsa_pub = aprintf("%s", data->set.str[STRING_SSH_PUBLIC_KEY]);
- else if(home)
- sshc->rsa_pub = aprintf("%s/.ssh/id_dsa.pub", home);
- else
- /* as a final resort, try current dir! */
- sshc->rsa_pub = strdup("id_dsa.pub");
-
- if(!rsa_pub_empty_but_ok && (sshc->rsa_pub == NULL)) {
- Curl_safefree(home);
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_OUT_OF_MEMORY;
- break;
+ if(data->set.str[STRING_SSH_PRIVATE_KEY])
+ sshc->rsa = strdup(data->set.str[STRING_SSH_PRIVATE_KEY]);
+ else {
+ /* If no private key file is specified, try some common paths. */
+ if(home) {
+ /* Try ~/.ssh first. */
+ sshc->rsa = aprintf("%s/.ssh/id_rsa", home);
+ if(!sshc->rsa)
+ out_of_memory = TRUE;
+ else if(access(sshc->rsa, R_OK) != 0) {
+ Curl_safefree(sshc->rsa);
+ sshc->rsa = aprintf("%s/.ssh/id_dsa", home);
+ if(!sshc->rsa)
+ out_of_memory = TRUE;
+ else if(access(sshc->rsa, R_OK) != 0) {
+ Curl_safefree(sshc->rsa);
+ }
+ }
+ }
+ if(!out_of_memory && !sshc->rsa) {
+ /* Nothing found; try the current dir. */
+ sshc->rsa = strdup("id_rsa");
+ if(sshc->rsa && access(sshc->rsa, R_OK) != 0) {
+ Curl_safefree(sshc->rsa);
+ sshc->rsa = strdup("id_dsa");
+ if(sshc->rsa && access(sshc->rsa, R_OK) != 0) {
+ Curl_safefree(sshc->rsa);
+ /* Out of guesses. Set to the empty string to avoid
+ * surprising info messages. */
+ sshc->rsa = strdup("");
+ }
+ }
+ }
}
- if(data->set.str[STRING_SSH_PRIVATE_KEY])
- sshc->rsa = aprintf("%s", data->set.str[STRING_SSH_PRIVATE_KEY]);
- else if(home)
- sshc->rsa = aprintf("%s/.ssh/id_dsa", home);
- else
- /* as a final resort, try current dir! */
- sshc->rsa = strdup("id_dsa");
+ /*
+ * Unless the user explicitly specifies a public key file, let
+ * libssh2 extract the public key from the private key file.
+ * This is done by simply passing sshc->rsa_pub = NULL.
+ */
+ if(data->set.str[STRING_SSH_PUBLIC_KEY]
+ /* treat empty string the same way as NULL */
+ && data->set.str[STRING_SSH_PUBLIC_KEY][0]) {
+ sshc->rsa_pub = strdup(data->set.str[STRING_SSH_PUBLIC_KEY]);
+ if(!sshc->rsa_pub)
+ out_of_memory = TRUE;
+ }
- if(sshc->rsa == NULL) {
- Curl_safefree(home);
+ if(out_of_memory || sshc->rsa == NULL) {
+ free(home);
+ Curl_safefree(sshc->rsa);
Curl_safefree(sshc->rsa_pub);
state(conn, SSH_SESSION_FREE);
sshc->actualcode = CURLE_OUT_OF_MEMORY;
break;
}
- sshc->passphrase = data->set.str[STRING_KEY_PASSWD];
+ sshc->passphrase = data->set.ssl.key_passwd;
if(!sshc->passphrase)
sshc->passphrase = "";
- Curl_safefree(home);
+ free(home);
- infof(data, "Using ssh public key file %s\n", sshc->rsa_pub);
- infof(data, "Using ssh private key file %s\n", sshc->rsa);
+ if(sshc->rsa_pub)
+ infof(data, "Using SSH public key file '%s'\n", sshc->rsa_pub);
+ infof(data, "Using SSH private key file '%s'\n", sshc->rsa);
state(conn, SSH_AUTH_PKEY);
}
@@ -866,6 +916,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
&err_msg, NULL, 0);
infof(data, "SSH public key authentication failed: %s\n", err_msg);
state(conn, SSH_AUTH_PASS_INIT);
+ rc = 0; /* clear rc and continue */
}
break;
@@ -876,6 +927,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
else {
state(conn, SSH_AUTH_HOST_INIT);
+ rc = 0; /* clear rc and continue */
}
break;
@@ -888,13 +940,14 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc == 0) {
+ if(rc == 0) {
sshc->authed = TRUE;
infof(data, "Initialized password authentication\n");
state(conn, SSH_AUTH_DONE);
}
else {
state(conn, SSH_AUTH_HOST_INIT);
+ rc = 0; /* clear rc and continue */
}
break;
@@ -926,6 +979,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
infof(data, "Could not create agent object\n");
state(conn, SSH_AUTH_KEY_INIT);
+ break;
}
}
@@ -935,6 +989,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc < 0) {
infof(data, "Failure connecting to agent\n");
state(conn, SSH_AUTH_KEY_INIT);
+ rc = 0; /* clear rc and continue */
}
else {
state(conn, SSH_AUTH_AGENT_LIST);
@@ -954,6 +1009,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc < 0) {
infof(data, "Failure requesting identities to agent\n");
state(conn, SSH_AUTH_KEY_INIT);
+ rc = 0; /* clear rc and continue */
}
else {
state(conn, SSH_AUTH_AGENT);
@@ -978,11 +1034,11 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
sshc->sshagent_identity);
if(rc < 0) {
- if(rc != LIBSSH2_ERROR_EAGAIN) {
+ if(rc != LIBSSH2_ERROR_EAGAIN)
/* tried and failed? go to next identity */
sshc->sshagent_prev_identity = sshc->sshagent_identity;
- }
- break;
+ else
+ break;
}
}
@@ -996,8 +1052,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
infof(data, "Agent based authentication successful\n");
state(conn, SSH_AUTH_DONE);
}
- else
+ else {
state(conn, SSH_AUTH_KEY_INIT);
+ rc = 0; /* clear rc and continue */
+ }
#endif
break;
@@ -1021,7 +1079,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc == 0) {
+ if(rc == 0) {
sshc->authed = TRUE;
infof(data, "Initialized keyboard interactive authentication\n");
}
@@ -1060,21 +1118,19 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
*/
sshc->sftp_session = libssh2_sftp_init(sshc->ssh_session);
if(!sshc->sftp_session) {
+ char *err_msg;
if(libssh2_session_last_errno(sshc->ssh_session) ==
LIBSSH2_ERROR_EAGAIN) {
rc = LIBSSH2_ERROR_EAGAIN;
break;
}
- else {
- char *err_msg;
- (void)libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0);
- failf(data, "Failure initializing sftp session: %s", err_msg);
- state(conn, SSH_SESSION_FREE);
- sshc->actualcode = CURLE_FAILED_INIT;
- break;
- }
+ (void)libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0);
+ failf(data, "Failure initializing sftp session: %s", err_msg);
+ state(conn, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_FAILED_INIT;
+ break;
}
state(conn, SSH_SFTP_REALPATH);
break;
@@ -1091,7 +1147,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc > 0) {
+ if(rc > 0) {
/* It seems that this string is not always NULL terminated */
tempHome[rc] = '\0';
sshc->homedir = strdup(tempHome);
@@ -1105,8 +1161,13 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
else {
/* Return the error type */
err = sftp_libssh2_last_error(sshc->sftp_session);
- result = sftp_libssh2_error_to_CURLE(err);
- sshc->actualcode = result?result:CURLE_SSH;
+ if(err)
+ result = sftp_libssh2_error_to_CURLE(err);
+ else
+ /* in this case, the error wasn't in the SFTP level but for example
+ a time-out or similar */
+ result = CURLE_SSH;
+ sshc->actualcode = result;
DEBUGF(infof(data, "error = %d makes libcurl = %d\n",
err, (int)result));
state(conn, SSH_STOP);
@@ -1136,7 +1197,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
state(conn, SSH_SFTP_QUOTE);
}
else {
- state(conn, SSH_SFTP_TRANS_INIT);
+ state(conn, SSH_SFTP_GETINFO);
}
break;
@@ -1172,7 +1233,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
sshc->acceptfail = TRUE;
}
- if(curl_strequal("pwd", cmd)) {
+ if(strcasecompare("pwd", cmd)) {
/* output debug output if that is requested */
char *tmp = aprintf("257 \"%s\" is current directory.\n",
sftp_scp->path);
@@ -1191,10 +1252,16 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
using ordinary FTP. */
result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
free(tmp);
- state(conn, SSH_SFTP_NEXT_QUOTE);
+ if(result) {
+ state(conn, SSH_SFTP_CLOSE);
+ sshc->nextstate = SSH_NO_STATE;
+ sshc->actualcode = result;
+ }
+ else
+ state(conn, SSH_SFTP_NEXT_QUOTE);
break;
}
- else if(cmd) {
+ if(cmd) {
/*
* the arguments following the command must be separated from the
* command with a space so we can check for it unconditionally
@@ -1225,14 +1292,14 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
/*
- * SFTP is a binary protocol, so we don't send text commands to
- * the server. Instead, we scan for commands for commands used by
+ * SFTP is a binary protocol, so we don't send text commands
+ * to the server. Instead, we scan for commands used by
* OpenSSH's sftp program and call the appropriate libssh2
* functions.
*/
- if(curl_strnequal(cmd, "chgrp ", 6) ||
- curl_strnequal(cmd, "chmod ", 6) ||
- curl_strnequal(cmd, "chown ", 6) ) {
+ if(strncasecompare(cmd, "chgrp ", 6) ||
+ strncasecompare(cmd, "chmod ", 6) ||
+ strncasecompare(cmd, "chown ", 6) ) {
/* attribute change */
/* sshc->quote_path1 contains the mode to set */
@@ -1254,8 +1321,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
state(conn, SSH_SFTP_QUOTE_STAT);
break;
}
- else if(curl_strnequal(cmd, "ln ", 3) ||
- curl_strnequal(cmd, "symlink ", 8)) {
+ if(strncasecompare(cmd, "ln ", 3) ||
+ strncasecompare(cmd, "symlink ", 8)) {
/* symbolic linking */
/* sshc->quote_path1 is the source */
/* get the destination */
@@ -1275,12 +1342,12 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
state(conn, SSH_SFTP_QUOTE_SYMLINK);
break;
}
- else if(curl_strnequal(cmd, "mkdir ", 6)) {
+ else if(strncasecompare(cmd, "mkdir ", 6)) {
/* create dir */
state(conn, SSH_SFTP_QUOTE_MKDIR);
break;
}
- else if(curl_strnequal(cmd, "rename ", 7)) {
+ else if(strncasecompare(cmd, "rename ", 7)) {
/* rename file */
/* first param is the source path */
/* second param is the dest. path */
@@ -1299,15 +1366,21 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
state(conn, SSH_SFTP_QUOTE_RENAME);
break;
}
- else if(curl_strnequal(cmd, "rmdir ", 6)) {
+ else if(strncasecompare(cmd, "rmdir ", 6)) {
/* delete dir */
state(conn, SSH_SFTP_QUOTE_RMDIR);
break;
}
- else if(curl_strnequal(cmd, "rm ", 3)) {
+ else if(strncasecompare(cmd, "rm ", 3)) {
state(conn, SSH_SFTP_QUOTE_UNLINK);
break;
}
+#ifdef HAS_STATVFS_SUPPORT
+ else if(strncasecompare(cmd, "statvfs ", 8)) {
+ state(conn, SSH_SFTP_QUOTE_STATVFS);
+ break;
+ }
+#endif
failf(data, "Unknown SFTP command");
Curl_safefree(sshc->quote_path1);
@@ -1319,7 +1392,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
}
if(!sshc->quote_item) {
- state(conn, SSH_SFTP_TRANS_INIT);
+ state(conn, SSH_SFTP_GETINFO);
}
break;
@@ -1338,7 +1411,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
sshc->nextstate = SSH_NO_STATE;
}
else {
- state(conn, SSH_SFTP_TRANS_INIT);
+ state(conn, SSH_SFTP_GETINFO);
}
}
break;
@@ -1358,7 +1431,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
sshc->acceptfail = TRUE;
}
- if(!curl_strnequal(cmd, "chmod", 5)) {
+ if(!strncasecompare(cmd, "chmod", 5)) {
/* Since chown and chgrp only set owner OR group but libssh2 wants to
* set them both at once, we need to obtain the current ownership
* first. This takes an extra protocol round trip.
@@ -1370,7 +1443,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc != 0 && !sshc->acceptfail) { /* get those attributes */
+ if(rc != 0 && !sshc->acceptfail) { /* get those attributes */
err = sftp_libssh2_last_error(sshc->sftp_session);
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
@@ -1384,7 +1457,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
/* Now set the new attributes... */
- if(curl_strnequal(cmd, "chgrp", 5)) {
+ if(strncasecompare(cmd, "chgrp", 5)) {
sshc->quote_attrs.gid = strtoul(sshc->quote_path1, NULL, 10);
sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
if(sshc->quote_attrs.gid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
@@ -1398,7 +1471,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
break;
}
}
- else if(curl_strnequal(cmd, "chmod", 5)) {
+ else if(strncasecompare(cmd, "chmod", 5)) {
sshc->quote_attrs.permissions = strtoul(sshc->quote_path1, NULL, 8);
sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_PERMISSIONS;
/* permissions are octal */
@@ -1413,7 +1486,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
break;
}
}
- else if(curl_strnequal(cmd, "chown", 5)) {
+ else if(strncasecompare(cmd, "chown", 5)) {
sshc->quote_attrs.uid = strtoul(sshc->quote_path1, NULL, 10);
sshc->quote_attrs.flags = LIBSSH2_SFTP_ATTR_UIDGID;
if(sshc->quote_attrs.uid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
@@ -1441,7 +1514,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc != 0 && !sshc->acceptfail) {
+ if(rc != 0 && !sshc->acceptfail) {
err = sftp_libssh2_last_error(sshc->sftp_session);
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
@@ -1464,7 +1537,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc != 0 && !sshc->acceptfail) {
+ if(rc != 0 && !sshc->acceptfail) {
err = sftp_libssh2_last_error(sshc->sftp_session);
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
@@ -1485,7 +1558,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc != 0 && !sshc->acceptfail) {
+ if(rc != 0 && !sshc->acceptfail) {
err = sftp_libssh2_last_error(sshc->sftp_session);
Curl_safefree(sshc->quote_path1);
failf(data, "mkdir command failed: %s", sftp_libssh2_strerror(err));
@@ -1509,7 +1582,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc != 0 && !sshc->acceptfail) {
+ if(rc != 0 && !sshc->acceptfail) {
err = sftp_libssh2_last_error(sshc->sftp_session);
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
@@ -1528,7 +1601,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc != 0 && !sshc->acceptfail) {
+ if(rc != 0 && !sshc->acceptfail) {
err = sftp_libssh2_last_error(sshc->sftp_session);
Curl_safefree(sshc->quote_path1);
failf(data, "rmdir command failed: %s", sftp_libssh2_strerror(err));
@@ -1546,7 +1619,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc != 0 && !sshc->acceptfail) {
+ if(rc != 0 && !sshc->acceptfail) {
err = sftp_libssh2_last_error(sshc->sftp_session);
Curl_safefree(sshc->quote_path1);
failf(data, "rm command failed: %s", sftp_libssh2_strerror(err));
@@ -1558,13 +1631,93 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
state(conn, SSH_SFTP_NEXT_QUOTE);
break;
+#ifdef HAS_STATVFS_SUPPORT
+ case SSH_SFTP_QUOTE_STATVFS:
+ {
+ LIBSSH2_SFTP_STATVFS statvfs;
+ rc = libssh2_sftp_statvfs(sshc->sftp_session, sshc->quote_path1,
+ curlx_uztoui(strlen(sshc->quote_path1)),
+ &statvfs);
+
+ if(rc == LIBSSH2_ERROR_EAGAIN) {
+ break;
+ }
+ if(rc != 0 && !sshc->acceptfail) {
+ err = sftp_libssh2_last_error(sshc->sftp_session);
+ Curl_safefree(sshc->quote_path1);
+ failf(data, "statvfs command failed: %s", sftp_libssh2_strerror(err));
+ state(conn, SSH_SFTP_CLOSE);
+ sshc->nextstate = SSH_NO_STATE;
+ sshc->actualcode = CURLE_QUOTE_ERROR;
+ break;
+ }
+ else if(rc == 0) {
+ char *tmp = aprintf("statvfs:\n"
+ "f_bsize: %llu\n" "f_frsize: %llu\n"
+ "f_blocks: %llu\n" "f_bfree: %llu\n"
+ "f_bavail: %llu\n" "f_files: %llu\n"
+ "f_ffree: %llu\n" "f_favail: %llu\n"
+ "f_fsid: %llu\n" "f_flag: %llu\n"
+ "f_namemax: %llu\n",
+ statvfs.f_bsize, statvfs.f_frsize,
+ statvfs.f_blocks, statvfs.f_bfree,
+ statvfs.f_bavail, statvfs.f_files,
+ statvfs.f_ffree, statvfs.f_favail,
+ statvfs.f_fsid, statvfs.f_flag,
+ statvfs.f_namemax);
+ if(!tmp) {
+ result = CURLE_OUT_OF_MEMORY;
+ state(conn, SSH_SFTP_CLOSE);
+ sshc->nextstate = SSH_NO_STATE;
+ break;
+ }
+
+ result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
+ free(tmp);
+ if(result) {
+ state(conn, SSH_SFTP_CLOSE);
+ sshc->nextstate = SSH_NO_STATE;
+ sshc->actualcode = result;
+ }
+ }
+ state(conn, SSH_SFTP_NEXT_QUOTE);
+ break;
+ }
+#endif
+ case SSH_SFTP_GETINFO:
+ {
+ if(data->set.get_filetime) {
+ state(conn, SSH_SFTP_FILETIME);
+ }
+ else {
+ state(conn, SSH_SFTP_TRANS_INIT);
+ }
+ break;
+ }
+
+ case SSH_SFTP_FILETIME:
+ {
+ LIBSSH2_SFTP_ATTRIBUTES attrs;
+
+ rc = libssh2_sftp_stat_ex(sshc->sftp_session, sftp_scp->path,
+ curlx_uztoui(strlen(sftp_scp->path)),
+ LIBSSH2_SFTP_STAT, &attrs);
+ if(rc == LIBSSH2_ERROR_EAGAIN) {
+ break;
+ }
+ if(rc == 0) {
+ data->info.filetime = (long)attrs.mtime;
+ }
+
+ state(conn, SSH_SFTP_TRANS_INIT);
+ break;
+ }
+
case SSH_SFTP_TRANS_INIT:
if(data->set.upload)
state(conn, SSH_SFTP_UPLOAD_INIT);
else {
- if(data->set.opt_no_body)
- state(conn, SSH_STOP);
- else if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
+ if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
state(conn, SSH_SFTP_READDIR_INIT);
else
state(conn, SSH_SFTP_DOWNLOAD_INIT);
@@ -1590,13 +1743,13 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc) {
+ if(rc) {
data->state.resume_from = 0;
}
else {
curl_off_t size = attrs.filesize;
if(size < 0) {
- failf(data, "Bad file size (%" FORMAT_OFF_T ")", size);
+ failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size);
return CURLE_BAD_DOWNLOAD_RESUME;
}
data->state.resume_from = attrs.filesize;
@@ -1625,50 +1778,50 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(LIBSSH2_ERROR_EAGAIN == rc)
break;
- else {
- if(LIBSSH2_ERROR_SFTP_PROTOCOL == rc)
- /* only when there was an SFTP protocol error can we extract
- the sftp error! */
- err = sftp_libssh2_last_error(sshc->sftp_session);
- else
- err = -1; /* not an sftp error at all */
- if(sshc->secondCreateDirs) {
- state(conn, SSH_SFTP_CLOSE);
- sshc->actualcode = err>= LIBSSH2_FX_OK?
- sftp_libssh2_error_to_CURLE(err):CURLE_SSH;
- failf(data, "Creating the dir/file failed: %s",
- sftp_libssh2_strerror(err));
- break;
- }
- else if(((err == LIBSSH2_FX_NO_SUCH_FILE) ||
- (err == LIBSSH2_FX_FAILURE) ||
- (err == LIBSSH2_FX_NO_SUCH_PATH)) &&
- (data->set.ftp_create_missing_dirs &&
- (strlen(sftp_scp->path) > 1))) {
- /* try to create the path remotely */
- sshc->secondCreateDirs = 1;
- state(conn, SSH_SFTP_CREATE_DIRS_INIT);
- break;
- }
+ if(LIBSSH2_ERROR_SFTP_PROTOCOL == rc)
+ /* only when there was an SFTP protocol error can we extract
+ the sftp error! */
+ err = sftp_libssh2_last_error(sshc->sftp_session);
+ else
+ err = -1; /* not an sftp error at all */
+
+ if(sshc->secondCreateDirs) {
state(conn, SSH_SFTP_CLOSE);
sshc->actualcode = err>= LIBSSH2_FX_OK?
sftp_libssh2_error_to_CURLE(err):CURLE_SSH;
- if(!sshc->actualcode) {
- /* Sometimes, for some reason libssh2_sftp_last_error() returns
- zero even though libssh2_sftp_open() failed previously! We need
- to work around that! */
- sshc->actualcode = CURLE_SSH;
- err=-1;
- }
- failf(data, "Upload failed: %s (%d/%d)",
- err>= LIBSSH2_FX_OK?sftp_libssh2_strerror(err):"ssh error",
- err, rc);
+ failf(data, "Creating the dir/file failed: %s",
+ sftp_libssh2_strerror(err));
+ break;
+ }
+ if(((err == LIBSSH2_FX_NO_SUCH_FILE) ||
+ (err == LIBSSH2_FX_FAILURE) ||
+ (err == LIBSSH2_FX_NO_SUCH_PATH)) &&
+ (data->set.ftp_create_missing_dirs &&
+ (strlen(sftp_scp->path) > 1))) {
+ /* try to create the path remotely */
+ rc = 0; /* clear rc and continue */
+ sshc->secondCreateDirs = 1;
+ state(conn, SSH_SFTP_CREATE_DIRS_INIT);
break;
}
+ state(conn, SSH_SFTP_CLOSE);
+ sshc->actualcode = err>= LIBSSH2_FX_OK?
+ sftp_libssh2_error_to_CURLE(err):CURLE_SSH;
+ if(!sshc->actualcode) {
+ /* Sometimes, for some reason libssh2_sftp_last_error() returns
+ zero even though libssh2_sftp_open() failed previously! We need
+ to work around that! */
+ sshc->actualcode = CURLE_SSH;
+ err = -1;
+ }
+ failf(data, "Upload failed: %s (%d/%d)",
+ err>= LIBSSH2_FX_OK?sftp_libssh2_strerror(err):"ssh error",
+ err, rc);
+ break;
}
- /* If we have restart point then we need to seek to the correct
+ /* If we have a restart point then we need to seek to the correct
position. */
if(data->state.resume_from > 0) {
/* Let's read off the proper amount of bytes from the input. */
@@ -1678,46 +1831,45 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
if(seekerr != CURL_SEEKFUNC_OK) {
+ curl_off_t passed = 0;
if(seekerr != CURL_SEEKFUNC_CANTSEEK) {
failf(data, "Could not seek stream");
return CURLE_FTP_COULDNT_USE_REST;
}
/* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */
- else {
- curl_off_t passed=0;
- do {
- size_t readthisamountnow =
- (data->state.resume_from - passed > CURL_OFF_T_C(BUFSIZE)) ?
- BUFSIZE : curlx_sotouz(data->state.resume_from - passed);
-
- size_t actuallyread =
- conn->fread_func(data->state.buffer, 1, readthisamountnow,
- conn->fread_in);
-
- passed += actuallyread;
- if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
- /* this checks for greater-than only to make sure that the
- CURL_READFUNC_ABORT return code still aborts */
- failf(data, "Failed to read data");
- return CURLE_FTP_COULDNT_USE_REST;
- }
- } while(passed < data->state.resume_from);
- }
+ do {
+ size_t readthisamountnow =
+ (data->state.resume_from - passed > data->set.buffer_size) ?
+ (size_t)data->set.buffer_size :
+ curlx_sotouz(data->state.resume_from - passed);
+
+ size_t actuallyread =
+ data->state.fread_func(data->state.buffer, 1,
+ readthisamountnow, data->state.in);
+
+ passed += actuallyread;
+ if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
+ /* this checks for greater-than only to make sure that the
+ CURL_READFUNC_ABORT return code still aborts */
+ failf(data, "Failed to read data");
+ return CURLE_FTP_COULDNT_USE_REST;
+ }
+ } while(passed < data->state.resume_from);
}
/* now, decrease the size of the read */
- if(data->set.infilesize > 0) {
- data->set.infilesize -= data->state.resume_from;
- data->req.size = data->set.infilesize;
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
+ if(data->state.infilesize > 0) {
+ data->state.infilesize -= data->state.resume_from;
+ data->req.size = data->state.infilesize;
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
}
SFTP_SEEK(sshc->sftp_handle, data->state.resume_from);
}
- if(data->set.infilesize > 0) {
- data->req.size = data->set.infilesize;
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
+ if(data->state.infilesize > 0) {
+ data->req.size = data->state.infilesize;
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
}
/* upload data */
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
@@ -1742,7 +1894,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
/* since we don't really wait for anything at this point, we want the
state machine to move on as soon as possible so we set a very short
timeout here */
- Curl_expire(data, 1);
+ Curl_expire(data, 0, EXPIRE_RUN_NOW);
state(conn, SSH_STOP);
}
@@ -1760,16 +1912,15 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
break;
case SSH_SFTP_CREATE_DIRS:
- if((sshc->slash_pos = strchr(sshc->slash_pos, '/')) != NULL) {
+ sshc->slash_pos = strchr(sshc->slash_pos, '/');
+ if(sshc->slash_pos) {
*sshc->slash_pos = 0;
infof(data, "Creating directory '%s'\n", sftp_scp->path);
state(conn, SSH_SFTP_CREATE_DIRS_MKDIR);
break;
}
- else {
- state(conn, SSH_SFTP_UPLOAD_INIT);
- }
+ state(conn, SSH_SFTP_UPLOAD_INIT);
break;
case SSH_SFTP_CREATE_DIRS_MKDIR:
@@ -1782,7 +1933,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
*sshc->slash_pos = '/';
++sshc->slash_pos;
- if(rc == -1) {
+ if(rc < 0) {
/*
* Abort if failure wasn't that the dir already exists or the
* permission was denied (creation might succeed further down the
@@ -1797,11 +1948,18 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
sshc->actualcode = result?result:CURLE_SSH;
break;
}
+ rc = 0; /* clear rc and continue */
}
state(conn, SSH_SFTP_CREATE_DIRS);
break;
case SSH_SFTP_READDIR_INIT:
+ Curl_pgrsSetDownloadSize(data, -1);
+ if(data->set.opt_no_body) {
+ state(conn, SSH_STOP);
+ break;
+ }
+
/*
* This is a directory that we are trying to get, so produce a directory
* listing
@@ -1817,22 +1975,22 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
rc = LIBSSH2_ERROR_EAGAIN;
break;
}
- else {
- err = sftp_libssh2_last_error(sshc->sftp_session);
- failf(data, "Could not open directory for reading: %s",
- sftp_libssh2_strerror(err));
- state(conn, SSH_SFTP_CLOSE);
- result = sftp_libssh2_error_to_CURLE(err);
- sshc->actualcode = result?result:CURLE_SSH;
- break;
- }
+ err = sftp_libssh2_last_error(sshc->sftp_session);
+ failf(data, "Could not open directory for reading: %s",
+ sftp_libssh2_strerror(err));
+ state(conn, SSH_SFTP_CLOSE);
+ result = sftp_libssh2_error_to_CURLE(err);
+ sshc->actualcode = result?result:CURLE_SSH;
+ break;
}
- if((sshc->readdir_filename = malloc(PATH_MAX+1)) == NULL) {
+ sshc->readdir_filename = malloc(PATH_MAX + 1);
+ if(!sshc->readdir_filename) {
state(conn, SSH_SFTP_CLOSE);
sshc->actualcode = CURLE_OUT_OF_MEMORY;
break;
}
- if((sshc->readdir_longentry = malloc(PATH_MAX+1)) == NULL) {
+ sshc->readdir_longentry = malloc(PATH_MAX + 1);
+ if(!sshc->readdir_longentry) {
Curl_safefree(sshc->readdir_filename);
state(conn, SSH_SFTP_CLOSE);
sshc->actualcode = CURLE_OUT_OF_MEMORY;
@@ -1865,8 +2023,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
break;
}
result = Curl_client_write(conn, CLIENTWRITE_BODY,
- tmpLine, sshc->readdir_len+1);
- Curl_safefree(tmpLine);
+ tmpLine, sshc->readdir_len + 1);
+ free(tmpLine);
if(result) {
state(conn, SSH_STOP);
@@ -1874,7 +2032,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
/* since this counts what we send to the client, we include the
newline in this counter */
- data->req.bytecount += sshc->readdir_len+1;
+ data->req.bytecount += sshc->readdir_len + 1;
/* output debug output if that is requested */
if(data->set.verbose) {
@@ -1952,9 +2110,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
/* get room for the filename and extra output */
sshc->readdir_totalLen += 4 + sshc->readdir_len;
- new_readdir_line = realloc(sshc->readdir_line, sshc->readdir_totalLen);
+ new_readdir_line = Curl_saferealloc(sshc->readdir_line,
+ sshc->readdir_totalLen);
if(!new_readdir_line) {
- Curl_safefree(sshc->readdir_line);
+ sshc->readdir_line = NULL;
Curl_safefree(sshc->readdir_filename);
Curl_safefree(sshc->readdir_longentry);
state(conn, SSH_SFTP_CLOSE);
@@ -1982,7 +2141,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
sshc->readdir_line,
sshc->readdir_currLen);
- if(result == CURLE_OK) {
+ if(!result) {
/* output debug output if that is requested */
if(data->set.verbose) {
@@ -2029,15 +2188,13 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
rc = LIBSSH2_ERROR_EAGAIN;
break;
}
- else {
- err = sftp_libssh2_last_error(sshc->sftp_session);
- failf(data, "Could not open remote file for reading: %s",
- sftp_libssh2_strerror(err));
- state(conn, SSH_SFTP_CLOSE);
- result = sftp_libssh2_error_to_CURLE(err);
- sshc->actualcode = result?result:CURLE_SSH;
- break;
- }
+ err = sftp_libssh2_last_error(sshc->sftp_session);
+ failf(data, "Could not open remote file for reading: %s",
+ sftp_libssh2_strerror(err));
+ state(conn, SSH_SFTP_CLOSE);
+ result = sftp_libssh2_error_to_CURLE(err);
+ sshc->actualcode = result?result:CURLE_SSH;
+ break;
}
state(conn, SSH_SFTP_DOWNLOAD_STAT);
break;
@@ -2052,42 +2209,54 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc) {
+ if(rc ||
+ !(attrs.flags & LIBSSH2_SFTP_ATTR_SIZE) ||
+ (attrs.filesize == 0)) {
/*
* libssh2_sftp_open() didn't return an error, so maybe the server
* just doesn't support stat()
+ * OR the server doesn't return a file size with a stat()
+ * OR file size is 0
*/
data->req.size = -1;
data->req.maxdownload = -1;
+ Curl_pgrsSetDownloadSize(data, -1);
}
else {
curl_off_t size = attrs.filesize;
if(size < 0) {
- failf(data, "Bad file size (%" FORMAT_OFF_T ")", size);
+ failf(data, "Bad file size (%" CURL_FORMAT_CURL_OFF_T ")", size);
return CURLE_BAD_DOWNLOAD_RESUME;
}
if(conn->data->state.use_range) {
curl_off_t from, to;
char *ptr;
char *ptr2;
+ CURLofft to_t;
+ CURLofft from_t;
- from=curlx_strtoofft(conn->data->state.range, &ptr, 0);
- while(*ptr && (ISSPACE(*ptr) || (*ptr=='-')))
+ from_t = curlx_strtoofft(conn->data->state.range, &ptr, 0, &from);
+ if(from_t == CURL_OFFT_FLOW)
+ return CURLE_RANGE_ERROR;
+ while(*ptr && (ISSPACE(*ptr) || (*ptr == '-')))
ptr++;
- to=curlx_strtoofft(ptr, &ptr2, 0);
- if((ptr == ptr2) /* no "to" value given */
+ to_t = curlx_strtoofft(ptr, &ptr2, 0, &to);
+ if(to_t == CURL_OFFT_FLOW)
+ return CURLE_RANGE_ERROR;
+ if((to_t == CURL_OFFT_INVAL) /* no "to" value given */
|| (to >= size)) {
to = size - 1;
}
- if(from < 0) {
+ if(from_t) {
/* from is relative to end of file */
- from += size;
+ from = size - to;
+ to = size - 1;
}
- if(from >= size) {
+ if(from > size) {
failf(data, "Offset (%"
- FORMAT_OFF_T ") was beyond file size (%" FORMAT_OFF_T ")",
- from, attrs.filesize);
+ CURL_FORMAT_CURL_OFF_T ") was beyond file size (%"
+ CURL_FORMAT_CURL_OFF_T ")", from, attrs.filesize);
return CURLE_BAD_DOWNLOAD_RESUME;
}
if(from > to) {
@@ -2111,7 +2280,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
/* We're supposed to download the last abs(from) bytes */
if((curl_off_t)attrs.filesize < -data->state.resume_from) {
failf(data, "Offset (%"
- FORMAT_OFF_T ") was beyond file size (%" FORMAT_OFF_T ")",
+ CURL_FORMAT_CURL_OFF_T ") was beyond file size (%"
+ CURL_FORMAT_CURL_OFF_T ")",
data->state.resume_from, attrs.filesize);
return CURLE_BAD_DOWNLOAD_RESUME;
}
@@ -2120,8 +2290,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
else {
if((curl_off_t)attrs.filesize < data->state.resume_from) {
- failf(data, "Offset (%" FORMAT_OFF_T
- ") was beyond file size (%" FORMAT_OFF_T ")",
+ failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+ ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
data->state.resume_from, attrs.filesize);
return CURLE_BAD_DOWNLOAD_RESUME;
}
@@ -2135,6 +2305,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
SFTP_SEEK(sshc->sftp_handle, data->state.resume_from);
}
}
+
/* Setup the actual download */
if(data->req.size == 0) {
/* no data to transfer */
@@ -2143,19 +2314,20 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
state(conn, SSH_STOP);
break;
}
- else {
- Curl_setup_transfer(conn, FIRSTSOCKET, data->req.size,
- FALSE, NULL, -1, NULL);
+ Curl_setup_transfer(conn, FIRSTSOCKET, data->req.size,
+ FALSE, NULL, -1, NULL);
- /* not set by Curl_setup_transfer to preserve keepon bits */
- conn->writesockfd = conn->sockfd;
+ /* not set by Curl_setup_transfer to preserve keepon bits */
+ conn->writesockfd = conn->sockfd;
+
+ /* we want to use the _receiving_ function even when the socket turns
+ out writableable as the underlying libssh2 recv function will deal
+ with both accordingly */
+ conn->cselect_bits = CURL_CSELECT_IN;
- /* we want to use the _receiving_ function even when the socket turns
- out writableable as the underlying libssh2 recv function will deal
- with both accordingly */
- conn->cselect_bits = CURL_CSELECT_IN;
- }
if(result) {
+ /* this should never occur; the close state should be entered
+ at the time the error occurs */
state(conn, SSH_SFTP_CLOSE);
sshc->actualcode = result;
}
@@ -2170,20 +2342,21 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to close libssh2 file\n");
}
sshc->sftp_handle = NULL;
}
- if(sftp_scp)
- Curl_safefree(sftp_scp->path);
+
+ Curl_safefree(sftp_scp->path);
DEBUGF(infof(data, "SFTP DONE done\n"));
/* Check if nextstate is set and move .nextstate could be POSTQUOTE_INIT
- After nextstate is executed,the control should come back to
+ After nextstate is executed, the control should come back to
SSH_SFTP_CLOSE to pass the correct result back */
- if(sshc->nextstate != SSH_NO_STATE) {
+ if(sshc->nextstate != SSH_NO_STATE &&
+ sshc->nextstate != SSH_SFTP_CLOSE) {
state(conn, sshc->nextstate);
sshc->nextstate = SSH_SFTP_CLOSE;
}
@@ -2203,7 +2376,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to close libssh2 file\n");
}
sshc->sftp_handle = NULL;
@@ -2213,7 +2386,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to stop libssh2 sftp subsystem\n");
}
sshc->sftp_session = NULL;
@@ -2234,7 +2407,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
if(data->set.upload) {
- if(data->set.infilesize < 0) {
+ if(data->state.infilesize < 0) {
failf(data, "SCP requires a known file size for upload");
sshc->actualcode = CURLE_UPLOAD_FAILED;
state(conn, SSH_SCP_CHANNEL_FREE);
@@ -2256,24 +2429,23 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
*/
sshc->ssh_channel =
SCP_SEND(sshc->ssh_session, sftp_scp->path, data->set.new_file_perms,
- data->set.infilesize);
+ data->state.infilesize);
if(!sshc->ssh_channel) {
+ int ssh_err;
+ char *err_msg;
+
if(libssh2_session_last_errno(sshc->ssh_session) ==
LIBSSH2_ERROR_EAGAIN) {
rc = LIBSSH2_ERROR_EAGAIN;
break;
}
- else {
- int ssh_err;
- char *err_msg;
- ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0));
- failf(conn->data, "%s", err_msg);
- state(conn, SSH_SCP_CHANNEL_FREE);
- sshc->actualcode = libssh2_session_error_to_CURLE(ssh_err);
- break;
- }
+ ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0));
+ failf(conn->data, "%s", err_msg);
+ state(conn, SSH_SCP_CHANNEL_FREE);
+ sshc->actualcode = libssh2_session_error_to_CURLE(ssh_err);
+ break;
}
/* upload data */
@@ -2303,36 +2475,47 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
case SSH_SCP_DOWNLOAD_INIT:
{
+ curl_off_t bytecount;
+
/*
* We must check the remote file; if it is a directory no values will
* be set in sb
*/
- struct stat sb;
- curl_off_t bytecount;
- /* clear the struct scp recv will fill in */
- memset(&sb, 0, sizeof(struct stat));
+ /*
+ * If support for >2GB files exists, use it.
+ */
/* get a fresh new channel from the ssh layer */
+#if LIBSSH2_VERSION_NUM < 0x010700
+ struct stat sb;
+ memset(&sb, 0, sizeof(struct stat));
sshc->ssh_channel = libssh2_scp_recv(sshc->ssh_session,
sftp_scp->path, &sb);
+#else
+ libssh2_struct_stat sb;
+ memset(&sb, 0, sizeof(libssh2_struct_stat));
+ sshc->ssh_channel = libssh2_scp_recv2(sshc->ssh_session,
+ sftp_scp->path, &sb);
+#endif
+
if(!sshc->ssh_channel) {
+ int ssh_err;
+ char *err_msg;
+
if(libssh2_session_last_errno(sshc->ssh_session) ==
LIBSSH2_ERROR_EAGAIN) {
rc = LIBSSH2_ERROR_EAGAIN;
break;
}
- else {
- int ssh_err;
- char *err_msg;
- ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
- &err_msg, NULL, 0));
- failf(conn->data, "%s", err_msg);
- state(conn, SSH_SCP_CHANNEL_FREE);
- sshc->actualcode = libssh2_session_error_to_CURLE(ssh_err);
- break;
- }
+
+ ssh_err = (int)(libssh2_session_last_error(sshc->ssh_session,
+ &err_msg, NULL, 0));
+ failf(conn->data, "%s", err_msg);
+ state(conn, SSH_SCP_CHANNEL_FREE);
+ sshc->actualcode = libssh2_session_error_to_CURLE(ssh_err);
+ break;
}
/* download data */
@@ -2370,7 +2553,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc) {
+ if(rc) {
infof(data, "Failed to send libssh2 channel EOF\n");
}
}
@@ -2383,7 +2566,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc) {
+ if(rc) {
infof(data, "Failed to get channel EOF: %d\n", rc);
}
}
@@ -2396,7 +2579,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc) {
+ if(rc) {
infof(data, "Channel failed to close: %d\n", rc);
}
}
@@ -2409,7 +2592,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to free libssh2 scp subsystem\n");
}
sshc->ssh_channel = NULL;
@@ -2431,7 +2614,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to free libssh2 scp subsystem\n");
}
sshc->ssh_channel = NULL;
@@ -2442,7 +2625,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to disconnect libssh2 session\n");
}
}
@@ -2467,10 +2650,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to disconnect from libssh2 agent\n");
}
- libssh2_agent_free (sshc->ssh_agent);
+ libssh2_agent_free(sshc->ssh_agent);
sshc->ssh_agent = NULL;
/* NB: there is no need to free identities, they are part of internal
@@ -2485,7 +2668,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(rc == LIBSSH2_ERROR_EAGAIN) {
break;
}
- else if(rc < 0) {
+ if(rc < 0) {
infof(data, "Failed to free libssh2 session\n");
}
sshc->ssh_session = NULL;
@@ -2522,7 +2705,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
memset(sshc, 0, sizeof(struct ssh_conn));
- conn->bits.close = TRUE;
+ connclose(conn, "SSH session free");
sshc->state = SSH_SESSION_FREE; /* current */
sshc->nextstate = SSH_NO_STATE;
state(conn, SSH_STOP);
@@ -2607,13 +2790,16 @@ static int ssh_getsock(struct connectdata *conn,
static void ssh_block2waitfor(struct connectdata *conn, bool block)
{
struct ssh_conn *sshc = &conn->proto.sshc;
- int dir;
- if(block && (dir = libssh2_session_block_directions(sshc->ssh_session))) {
- /* translate the libssh2 define bits into our own bit defines */
- conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
- ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0);
+ int dir = 0;
+ if(block) {
+ dir = libssh2_session_block_directions(sshc->ssh_session);
+ if(dir) {
+ /* translate the libssh2 define bits into our own bit defines */
+ conn->waitfor = ((dir&LIBSSH2_SESSION_BLOCK_INBOUND)?KEEP_RECV:0) |
+ ((dir&LIBSSH2_SESSION_BLOCK_OUTBOUND)?KEEP_SEND:0);
+ }
}
- else
+ if(!dir)
/* It didn't block or libssh2 didn't reveal in which direction, put back
the original set */
conn->waitfor = sshc->orig_waitfor;
@@ -2639,37 +2825,38 @@ static CURLcode ssh_multi_statemach(struct connectdata *conn, bool *done)
}
static CURLcode ssh_block_statemach(struct connectdata *conn,
- bool duringconnect)
+ bool disconnect)
{
struct ssh_conn *sshc = &conn->proto.sshc;
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
while((sshc->state != SSH_STOP) && !result) {
bool block;
- long left;
+ timediff_t left = 1000;
+ struct curltime now = Curl_now();
result = ssh_statemach_act(conn, &block);
if(result)
break;
- if(Curl_pgrsUpdate(conn))
- return CURLE_ABORTED_BY_CALLBACK;
- else {
- struct timeval now = Curl_tvnow();
+ if(!disconnect) {
+ if(Curl_pgrsUpdate(conn))
+ return CURLE_ABORTED_BY_CALLBACK;
+
result = Curl_speedcheck(data, now);
if(result)
break;
- }
- left = Curl_timeleft(data, NULL, duringconnect);
- if(left < 0) {
- failf(data, "Operation timed out");
- return CURLE_OPERATION_TIMEDOUT;
+ left = Curl_timeleft(data, NULL, FALSE);
+ if(left < 0) {
+ failf(data, "Operation timed out");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
}
#ifdef HAVE_LIBSSH2_SESSION_BLOCK_DIRECTION
- if((CURLE_OK == result) && block) {
+ if(!result && block) {
int dir = libssh2_session_block_directions(sshc->ssh_session);
curl_socket_t sock = conn->sock[FIRSTSOCKET];
curl_socket_t fd_read = CURL_SOCKET_BAD;
@@ -2679,8 +2866,8 @@ static CURLcode ssh_block_statemach(struct connectdata *conn,
if(LIBSSH2_SESSION_BLOCK_OUTBOUND & dir)
fd_write = sock;
/* wait for the socket to become ready */
- Curl_socket_ready(fd_read, fd_write,
- left>1000?1000:left); /* ignore result */
+ (void)Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write,
+ left>1000?1000:left); /* ignore result */
}
#endif
@@ -2717,11 +2904,15 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done)
#endif
struct ssh_conn *ssh;
CURLcode result;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
+
+ /* initialize per-handle data if not already */
+ if(!data->req.protop)
+ ssh_setup_connection(conn);
/* We default to persistent connections. We set this already in this connect
function to make the re-use checks properly be able to check this bit. */
- conn->bits.close = FALSE;
+ connkeep(conn, "SSH default");
if(conn->handler->protocol & CURLPROTO_SCP) {
conn->recv[FIRSTSOCKET] = scp_recv;
@@ -2751,6 +2942,13 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done)
return CURLE_FAILED_INIT;
}
+ if(data->set.ssh_compression) {
+#if LIBSSH2_VERSION_NUM >= 0x010208
+ if(libssh2_session_flag(ssh->ssh_session, LIBSSH2_FLAG_COMPRESS, 1) < 0)
+#endif
+ infof(data, "Failed to enable compression for ssh session\n");
+ }
+
#ifdef HAVE_LIBSSH2_KNOWNHOST_API
if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
int rc;
@@ -2837,9 +3035,9 @@ static CURLcode scp_doing(struct connectdata *conn,
static CURLcode ssh_do(struct connectdata *conn, bool *done)
{
- CURLcode res;
+ CURLcode result;
bool connected = 0;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ssh_conn *sshc = &conn->proto.sshc;
*done = FALSE; /* default to false */
@@ -2847,20 +3045,20 @@ static CURLcode ssh_do(struct connectdata *conn, bool *done)
data->req.size = -1; /* make sure this is unknown at this point */
sshc->actualcode = CURLE_OK; /* reset error code */
- sshc->secondCreateDirs =0; /* reset the create dir attempt state
- variable */
+ sshc->secondCreateDirs = 0; /* reset the create dir attempt state
+ variable */
Curl_pgrsSetUploadCounter(data, 0);
Curl_pgrsSetDownloadCounter(data, 0);
- Curl_pgrsSetUploadSize(data, 0);
- Curl_pgrsSetDownloadSize(data, 0);
+ Curl_pgrsSetUploadSize(data, -1);
+ Curl_pgrsSetDownloadSize(data, -1);
if(conn->handler->protocol & CURLPROTO_SCP)
- res = scp_perform(conn, &connected, done);
+ result = scp_perform(conn, &connected, done);
else
- res = sftp_perform(conn, &connected, done);
+ result = sftp_perform(conn, &connected, done);
- return res;
+ return result;
}
/* BLOCKING, but the function is using the state machine so the only reason
@@ -2872,14 +3070,12 @@ static CURLcode scp_disconnect(struct connectdata *conn, bool dead_connection)
struct ssh_conn *ssh = &conn->proto.sshc;
(void) dead_connection;
- Curl_safefree(conn->data->req.protop);
-
if(ssh->ssh_session) {
/* only if there's a session still around to use! */
state(conn, SSH_SESSION_DISCONNECT);
- result = ssh_block_statemach(conn, FALSE);
+ result = ssh_block_statemach(conn, TRUE);
}
return result;
@@ -2892,13 +3088,12 @@ static CURLcode ssh_done(struct connectdata *conn, CURLcode status)
CURLcode result = CURLE_OK;
struct SSHPROTO *sftp_scp = conn->data->req.protop;
- if(status == CURLE_OK) {
+ if(!status) {
/* run the state-machine
TODO: when the multi interface is used, this _really_ should be using
the ssh_multi_statemach function but we have no general support for
- non-blocking DONE operations, not in the multi state machine and with
- Curl_done() invokes on several places in the code!
+ non-blocking DONE operations!
*/
result = ssh_block_statemach(conn, FALSE);
}
@@ -2920,14 +3115,13 @@ static CURLcode scp_done(struct connectdata *conn, CURLcode status,
{
(void)premature; /* not used */
- if(status == CURLE_OK)
+ if(!status)
state(conn, SSH_SCP_DONE);
return ssh_done(conn, status);
}
-/* return number of received (decrypted) bytes */
static ssize_t scp_send(struct connectdata *conn, int sockindex,
const void *mem, size_t len, CURLcode *err)
{
@@ -2952,10 +3146,6 @@ static ssize_t scp_send(struct connectdata *conn, int sockindex,
return nwrite;
}
-/*
- * If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
- * a regular CURLcode value.
- */
static ssize_t scp_recv(struct connectdata *conn, int sockindex,
char *mem, size_t len, CURLcode *err)
{
@@ -3018,8 +3208,7 @@ CURLcode sftp_perform(struct connectdata *conn,
static CURLcode sftp_doing(struct connectdata *conn,
bool *dophase_done)
{
- CURLcode result;
- result = ssh_multi_statemach(conn, dophase_done);
+ CURLcode result = ssh_multi_statemach(conn, dophase_done);
if(*dophase_done) {
DEBUGF(infof(conn->data, "DO phase is complete\n"));
@@ -3037,12 +3226,10 @@ static CURLcode sftp_disconnect(struct connectdata *conn, bool dead_connection)
DEBUGF(infof(conn->data, "SSH DISCONNECT starts now\n"));
- Curl_safefree(conn->data->req.protop);
-
if(conn->proto.sshc.ssh_session) {
/* only if there's a session still around to use! */
state(conn, SSH_SFTP_SHUTDOWN);
- result = ssh_block_statemach(conn, FALSE);
+ result = ssh_block_statemach(conn, TRUE);
}
DEBUGF(infof(conn->data, "SSH DISCONNECT is done\n"));
@@ -3056,7 +3243,7 @@ static CURLcode sftp_done(struct connectdata *conn, CURLcode status,
{
struct ssh_conn *sshc = &conn->proto.sshc;
- if(status == CURLE_OK) {
+ if(!status) {
/* Post quote commands are executed after the SFTP_CLOSE state to avoid
errors that could happen due to open file handles during POSTQUOTE
operation */
@@ -3097,6 +3284,7 @@ static ssize_t sftp_send(struct connectdata *conn, int sockindex,
/*
* Return number of received (decrypted) bytes
+ * or <0 on error
*/
static ssize_t sftp_recv(struct connectdata *conn, int sockindex,
char *mem, size_t len, CURLcode *err)
@@ -3111,6 +3299,10 @@ static ssize_t sftp_recv(struct connectdata *conn, int sockindex,
if(nread == LIBSSH2_ERROR_EAGAIN) {
*err = CURLE_AGAIN;
nread = -1;
+
+ }
+ else if(nread < 0) {
+ *err = libssh2_session_error_to_CURLE((int)nread);
}
return nread;
}
@@ -3197,14 +3389,14 @@ get_pathname(const char **cpp, char **path)
return CURLE_OK;
fail:
- Curl_safefree(*path);
- return CURLE_QUOTE_ERROR;
+ Curl_safefree(*path);
+ return CURLE_QUOTE_ERROR;
}
static const char *sftp_libssh2_strerror(int err)
{
- switch (err) {
+ switch(err) {
case LIBSSH2_FX_NO_SUCH_FILE:
return "No such file or directory";
diff --git a/libs/libcurl/src/ssh.h b/libs/libcurl/src/ssh.h
index ff2e16be94..b350dcf3a5 100644
--- a/libs/libcurl/src/ssh.h
+++ b/libs/libcurl/src/ssh.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -44,9 +44,9 @@ typedef enum {
SSH_AUTH_PKEY,
SSH_AUTH_PASS_INIT,
SSH_AUTH_PASS,
- SSH_AUTH_AGENT_INIT,/* initialize then wait for connection to agent */
- SSH_AUTH_AGENT_LIST,/* ask for list then wait for entire list to come */
- SSH_AUTH_AGENT, /* attempt one key at a time */
+ SSH_AUTH_AGENT_INIT, /* initialize then wait for connection to agent */
+ SSH_AUTH_AGENT_LIST, /* ask for list then wait for entire list to come */
+ SSH_AUTH_AGENT, /* attempt one key at a time */
SSH_AUTH_HOST_INIT,
SSH_AUTH_HOST,
SSH_AUTH_KEY_INIT,
@@ -66,6 +66,9 @@ typedef enum {
SSH_SFTP_QUOTE_RENAME,
SSH_SFTP_QUOTE_RMDIR,
SSH_SFTP_QUOTE_UNLINK,
+ SSH_SFTP_QUOTE_STATVFS,
+ SSH_SFTP_GETINFO,
+ SSH_SFTP_FILETIME,
SSH_SFTP_TRANS_INIT,
SSH_SFTP_UPLOAD_INIT,
SSH_SFTP_CREATE_DIRS_INIT,
@@ -95,7 +98,7 @@ typedef enum {
} sshstate;
/* this struct is used in the HandleData struct which is part of the
- SessionHandle, which means this is used on a per-easy handle basis.
+ Curl_easy, which means this is used on a per-easy handle basis.
Everything that is strictly related to a connection is banned from this
struct. */
struct SSHPROTO {
@@ -158,22 +161,34 @@ struct ssh_conn {
#ifdef USE_LIBSSH2
+/* Feature detection based on version numbers to better work with
+ non-configure platforms */
+
#if !defined(LIBSSH2_VERSION_NUM) || (LIBSSH2_VERSION_NUM < 0x001000)
# error "SCP/SFTP protocols require libssh2 0.16 or later"
#endif
-#if defined(LIBSSH2_VERSION_NUM) && (LIBSSH2_VERSION_NUM >= 0x010000)
-# define HAVE_LIBSSH2_SFTP_SEEK64 1
-#else
-# undef HAVE_LIBSSH2_SFTP_SEEK64
+#if LIBSSH2_VERSION_NUM >= 0x010000
+#define HAVE_LIBSSH2_SFTP_SEEK64 1
+#endif
+
+#if LIBSSH2_VERSION_NUM >= 0x010100
+#define HAVE_LIBSSH2_VERSION 1
#endif
-#if defined(LIBSSH2_VERSION_NUM) && (LIBSSH2_VERSION_NUM >= 0x010206)
-# define HAVE_LIBSSH2_SCP_SEND64 1
-#else
-# undef HAVE_LIBSSH2_SCP_SEND64
+#if LIBSSH2_VERSION_NUM >= 0x010205
+#define HAVE_LIBSSH2_INIT 1
+#define HAVE_LIBSSH2_EXIT 1
#endif
+#if LIBSSH2_VERSION_NUM >= 0x010206
+#define HAVE_LIBSSH2_KNOWNHOST_CHECKP 1
+#define HAVE_LIBSSH2_SCP_SEND64 1
+#endif
+
+#if LIBSSH2_VERSION_NUM >= 0x010208
+#define HAVE_LIBSSH2_SESSION_HANDSHAKE 1
+#endif
extern const struct Curl_handler Curl_handler_scp;
extern const struct Curl_handler Curl_handler_sftp;
diff --git a/libs/libcurl/src/sslgen.c b/libs/libcurl/src/sslgen.c
deleted file mode 100644
index d2d0e303ec..0000000000
--- a/libs/libcurl/src/sslgen.c
+++ /dev/null
@@ -1,676 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/* This file is for implementing all "generic" SSL functions that all libcurl
- internals should use. It is then responsible for calling the proper
- "backend" function.
-
- SSL-functions in libcurl should call functions in this source file, and not
- to any specific SSL-layer.
-
- Curl_ssl_ - prefix for generic ones
- Curl_ossl_ - prefix for OpenSSL ones
- Curl_gtls_ - prefix for GnuTLS ones
- Curl_nss_ - prefix for NSS ones
- Curl_qssl_ - prefix for QsoSSL ones
- Curl_gskit_ - prefix for GSKit ones
- Curl_polarssl_ - prefix for PolarSSL ones
- Curl_cyassl_ - prefix for CyaSSL ones
- Curl_schannel_ - prefix for Schannel SSPI ones
- Curl_darwinssl_ - prefix for SecureTransport (Darwin) ones
-
- Note that this source code uses curlssl_* functions, and they are all
- defines/macros #defined by the lib-specific header files.
-
- "SSL/TLS Strong Encryption: An Introduction"
- http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html
-*/
-
-#include "curl_setup.h"
-
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-#include <sys/stat.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-
-#include "urldata.h"
-#define SSLGEN_C
-#include "sslgen.h" /* generic SSL protos etc */
-#include "ssluse.h" /* OpenSSL versions */
-#include "gtls.h" /* GnuTLS versions */
-#include "nssg.h" /* NSS versions */
-#include "qssl.h" /* QSOSSL versions */
-#include "gskit.h" /* Global Secure ToolKit versions */
-#include "polarssl.h" /* PolarSSL versions */
-#include "axtls.h" /* axTLS versions */
-#include "cyassl.h" /* CyaSSL versions */
-#include "curl_schannel.h" /* Schannel SSPI version */
-#include "curl_darwinssl.h" /* SecureTransport (Darwin) version */
-#include "slist.h"
-#include "sendf.h"
-#include "rawstr.h"
-#include "url.h"
-#include "curl_memory.h"
-#include "progress.h"
-#include "share.h"
-#include "timeval.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-/* convenience macro to check if this handle is using a shared SSL session */
-#define SSLSESSION_SHARED(data) (data->share && \
- (data->share->specifier & \
- (1<<CURL_LOCK_DATA_SSL_SESSION)))
-
-static bool safe_strequal(char* str1, char* str2)
-{
- if(str1 && str2)
- /* both pointers point to something then compare them */
- return (0 != Curl_raw_equal(str1, str2)) ? TRUE : FALSE;
- else
- /* if both pointers are NULL then treat them as equal */
- return (!str1 && !str2) ? TRUE : FALSE;
-}
-
-bool
-Curl_ssl_config_matches(struct ssl_config_data* data,
- struct ssl_config_data* needle)
-{
- if((data->version == needle->version) &&
- (data->verifypeer == needle->verifypeer) &&
- (data->verifyhost == needle->verifyhost) &&
- safe_strequal(data->CApath, needle->CApath) &&
- safe_strequal(data->CAfile, needle->CAfile) &&
- safe_strequal(data->random_file, needle->random_file) &&
- safe_strequal(data->egdsocket, needle->egdsocket) &&
- safe_strequal(data->cipher_list, needle->cipher_list))
- return TRUE;
-
- return FALSE;
-}
-
-bool
-Curl_clone_ssl_config(struct ssl_config_data *source,
- struct ssl_config_data *dest)
-{
- dest->sessionid = source->sessionid;
- dest->verifyhost = source->verifyhost;
- dest->verifypeer = source->verifypeer;
- dest->version = source->version;
-
- if(source->CAfile) {
- dest->CAfile = strdup(source->CAfile);
- if(!dest->CAfile)
- return FALSE;
- }
- else
- dest->CAfile = NULL;
-
- if(source->CApath) {
- dest->CApath = strdup(source->CApath);
- if(!dest->CApath)
- return FALSE;
- }
- else
- dest->CApath = NULL;
-
- if(source->cipher_list) {
- dest->cipher_list = strdup(source->cipher_list);
- if(!dest->cipher_list)
- return FALSE;
- }
- else
- dest->cipher_list = NULL;
-
- if(source->egdsocket) {
- dest->egdsocket = strdup(source->egdsocket);
- if(!dest->egdsocket)
- return FALSE;
- }
- else
- dest->egdsocket = NULL;
-
- if(source->random_file) {
- dest->random_file = strdup(source->random_file);
- if(!dest->random_file)
- return FALSE;
- }
- else
- dest->random_file = NULL;
-
- return TRUE;
-}
-
-void Curl_free_ssl_config(struct ssl_config_data* sslc)
-{
- Curl_safefree(sslc->CAfile);
- Curl_safefree(sslc->CApath);
- Curl_safefree(sslc->cipher_list);
- Curl_safefree(sslc->egdsocket);
- Curl_safefree(sslc->random_file);
-}
-
-
-/*
- * Curl_rand() returns a random unsigned integer, 32bit.
- *
- * This non-SSL function is put here only because this file is the only one
- * with knowledge of what the underlying SSL libraries provide in terms of
- * randomizers.
- *
- * NOTE: 'data' may be passed in as NULL when coming from external API without
- * easy handle!
- *
- */
-
-unsigned int Curl_rand(struct SessionHandle *data)
-{
- unsigned int r;
- static unsigned int randseed;
- static bool seeded = FALSE;
-
-#ifndef have_curlssl_random
- (void)data;
-#else
- if(data) {
- Curl_ssl_random(data, (unsigned char *)&r, sizeof(r));
- return r;
- }
-#endif
-
-#ifdef RANDOM_FILE
- if(!seeded) {
- /* if there's a random file to read a seed from, use it */
- int fd = open(RANDOM_FILE, O_RDONLY);
- if(fd > -1) {
- /* read random data into the randseed variable */
- ssize_t nread = read(fd, &randseed, sizeof(randseed));
- if(nread == sizeof(randseed))
- seeded = TRUE;
- close(fd);
- }
- }
-#endif
-
- if(!seeded) {
- struct timeval now = curlx_tvnow();
- randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec;
- randseed = randseed * 1103515245 + 12345;
- randseed = randseed * 1103515245 + 12345;
- randseed = randseed * 1103515245 + 12345;
- seeded = TRUE;
- }
-
- /* Return an unsigned 32-bit pseudo-random number. */
- r = randseed = randseed * 1103515245 + 12345;
- return (r << 16) | ((r >> 16) & 0xFFFF);
-}
-
-#ifdef USE_SSL
-
-/* "global" init done? */
-static bool init_ssl=FALSE;
-
-/**
- * Global SSL init
- *
- * @retval 0 error initializing SSL
- * @retval 1 SSL initialized successfully
- */
-int Curl_ssl_init(void)
-{
- /* make sure this is only done once */
- if(init_ssl)
- return 1;
- init_ssl = TRUE; /* never again */
-
- return curlssl_init();
-}
-
-
-/* Global cleanup */
-void Curl_ssl_cleanup(void)
-{
- if(init_ssl) {
- /* only cleanup if we did a previous init */
- curlssl_cleanup();
- init_ssl = FALSE;
- }
-}
-
-CURLcode
-Curl_ssl_connect(struct connectdata *conn, int sockindex)
-{
- CURLcode res;
- /* mark this is being ssl-enabled from here on. */
- conn->ssl[sockindex].use = TRUE;
- conn->ssl[sockindex].state = ssl_connection_negotiating;
-
- res = curlssl_connect(conn, sockindex);
-
- if(!res)
- Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
-
- return res;
-}
-
-CURLcode
-Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
- bool *done)
-{
- CURLcode res;
- /* mark this is being ssl requested from here on. */
- conn->ssl[sockindex].use = TRUE;
-#ifdef curlssl_connect_nonblocking
- res = curlssl_connect_nonblocking(conn, sockindex, done);
-#else
- *done = TRUE; /* fallback to BLOCKING */
- res = curlssl_connect(conn, sockindex);
-#endif /* non-blocking connect support */
- if(!res && *done)
- Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
- return res;
-}
-
-/*
- * Check if there's a session ID for the given connection in the cache, and if
- * there's one suitable, it is provided. Returns TRUE when no entry matched.
- */
-int Curl_ssl_getsessionid(struct connectdata *conn,
- void **ssl_sessionid,
- size_t *idsize) /* set 0 if unknown */
-{
- struct curl_ssl_session *check;
- struct SessionHandle *data = conn->data;
- size_t i;
- long *general_age;
- bool no_match = TRUE;
-
- *ssl_sessionid = NULL;
-
- if(!conn->ssl_config.sessionid)
- /* session ID re-use is disabled */
- return TRUE;
-
- /* Lock if shared */
- if(SSLSESSION_SHARED(data)) {
- Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
- general_age = &data->share->sessionage;
- }
- else
- general_age = &data->state.sessionage;
-
- for(i = 0; i < data->set.ssl.max_ssl_sessions; i++) {
- check = &data->state.session[i];
- if(!check->sessionid)
- /* not session ID means blank entry */
- continue;
- if(Curl_raw_equal(conn->host.name, check->name) &&
- (conn->remote_port == check->remote_port) &&
- Curl_ssl_config_matches(&conn->ssl_config, &check->ssl_config)) {
- /* yes, we have a session ID! */
- (*general_age)++; /* increase general age */
- check->age = *general_age; /* set this as used in this age */
- *ssl_sessionid = check->sessionid;
- if(idsize)
- *idsize = check->idsize;
- no_match = FALSE;
- break;
- }
- }
-
- /* Unlock */
- if(SSLSESSION_SHARED(data))
- Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
-
- return no_match;
-}
-
-/*
- * Kill a single session ID entry in the cache.
- */
-void Curl_ssl_kill_session(struct curl_ssl_session *session)
-{
- if(session->sessionid) {
- /* defensive check */
-
- /* free the ID the SSL-layer specific way */
- curlssl_session_free(session->sessionid);
-
- session->sessionid = NULL;
- session->age = 0; /* fresh */
-
- Curl_free_ssl_config(&session->ssl_config);
-
- Curl_safefree(session->name);
- }
-}
-
-/*
- * Delete the given session ID from the cache.
- */
-void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
-{
- size_t i;
- struct SessionHandle *data=conn->data;
-
- if(SSLSESSION_SHARED(data))
- Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
-
- for(i = 0; i < data->set.ssl.max_ssl_sessions; i++) {
- struct curl_ssl_session *check = &data->state.session[i];
-
- if(check->sessionid == ssl_sessionid) {
- Curl_ssl_kill_session(check);
- break;
- }
- }
-
- if(SSLSESSION_SHARED(data))
- Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
-}
-
-/*
- * Store session id in the session cache. The ID passed on to this function
- * must already have been extracted and allocated the proper way for the SSL
- * layer. Curl_XXXX_session_free() will be called to free/kill the session ID
- * later on.
- */
-CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
- void *ssl_sessionid,
- size_t idsize)
-{
- size_t i;
- struct SessionHandle *data=conn->data; /* the mother of all structs */
- struct curl_ssl_session *store = &data->state.session[0];
- long oldest_age=data->state.session[0].age; /* zero if unused */
- char *clone_host;
- long *general_age;
-
- /* Even though session ID re-use might be disabled, that only disables USING
- IT. We still store it here in case the re-using is again enabled for an
- upcoming transfer */
-
- clone_host = strdup(conn->host.name);
- if(!clone_host)
- return CURLE_OUT_OF_MEMORY; /* bail out */
-
- /* Now we should add the session ID and the host name to the cache, (remove
- the oldest if necessary) */
-
- /* If using shared SSL session, lock! */
- if(SSLSESSION_SHARED(data)) {
- Curl_share_lock(data, CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
- general_age = &data->share->sessionage;
- }
- else {
- general_age = &data->state.sessionage;
- }
-
- /* find an empty slot for us, or find the oldest */
- for(i = 1; (i < data->set.ssl.max_ssl_sessions) &&
- data->state.session[i].sessionid; i++) {
- if(data->state.session[i].age < oldest_age) {
- oldest_age = data->state.session[i].age;
- store = &data->state.session[i];
- }
- }
- if(i == data->set.ssl.max_ssl_sessions)
- /* cache is full, we must "kill" the oldest entry! */
- Curl_ssl_kill_session(store);
- else
- store = &data->state.session[i]; /* use this slot */
-
- /* now init the session struct wisely */
- store->sessionid = ssl_sessionid;
- store->idsize = idsize;
- store->age = *general_age; /* set current age */
- if(store->name)
- /* free it if there's one already present */
- free(store->name);
- store->name = clone_host; /* clone host name */
- store->remote_port = conn->remote_port; /* port number */
-
-
- /* Unlock */
- if(SSLSESSION_SHARED(data))
- Curl_share_unlock(data, CURL_LOCK_DATA_SSL_SESSION);
-
- if(!Curl_clone_ssl_config(&conn->ssl_config, &store->ssl_config)) {
- store->sessionid = NULL; /* let caller free sessionid */
- free(clone_host);
- return CURLE_OUT_OF_MEMORY;
- }
-
- return CURLE_OK;
-}
-
-
-void Curl_ssl_close_all(struct SessionHandle *data)
-{
- size_t i;
- /* kill the session ID cache if not shared */
- if(data->state.session && !SSLSESSION_SHARED(data)) {
- for(i = 0; i < data->set.ssl.max_ssl_sessions; i++)
- /* the single-killer function handles empty table slots */
- Curl_ssl_kill_session(&data->state.session[i]);
-
- /* free the cache data */
- Curl_safefree(data->state.session);
- }
-
- curlssl_close_all(data);
-}
-
-void Curl_ssl_close(struct connectdata *conn, int sockindex)
-{
- DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
- curlssl_close(conn, sockindex);
-}
-
-CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
-{
- if(curlssl_shutdown(conn, sockindex))
- return CURLE_SSL_SHUTDOWN_FAILED;
-
- conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
- conn->ssl[sockindex].state = ssl_connection_none;
-
- conn->recv[sockindex] = Curl_recv_plain;
- conn->send[sockindex] = Curl_send_plain;
-
- return CURLE_OK;
-}
-
-/* Selects an SSL crypto engine
- */
-CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
-{
- return curlssl_set_engine(data, engine);
-}
-
-/* Selects the default SSL crypto engine
- */
-CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
-{
- return curlssl_set_engine_default(data);
-}
-
-/* Return list of OpenSSL crypto engine names. */
-struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
-{
- return curlssl_engines_list(data);
-}
-
-/*
- * This sets up a session ID cache to the specified size. Make sure this code
- * is agnostic to what underlying SSL technology we use.
- */
-CURLcode Curl_ssl_initsessions(struct SessionHandle *data, size_t amount)
-{
- struct curl_ssl_session *session;
-
- if(data->state.session)
- /* this is just a precaution to prevent multiple inits */
- return CURLE_OK;
-
- session = calloc(amount, sizeof(struct curl_ssl_session));
- if(!session)
- return CURLE_OUT_OF_MEMORY;
-
- /* store the info in the SSL section */
- data->set.ssl.max_ssl_sessions = amount;
- data->state.session = session;
- data->state.sessionage = 1; /* this is brand new */
- return CURLE_OK;
-}
-
-size_t Curl_ssl_version(char *buffer, size_t size)
-{
- return curlssl_version(buffer, size);
-}
-
-/*
- * This function tries to determine connection status.
- *
- * Return codes:
- * 1 means the connection is still in place
- * 0 means the connection has been closed
- * -1 means the connection status is unknown
- */
-int Curl_ssl_check_cxn(struct connectdata *conn)
-{
- return curlssl_check_cxn(conn);
-}
-
-bool Curl_ssl_data_pending(const struct connectdata *conn,
- int connindex)
-{
- return curlssl_data_pending(conn, connindex);
-}
-
-void Curl_ssl_free_certinfo(struct SessionHandle *data)
-{
- int i;
- struct curl_certinfo *ci = &data->info.certs;
- if(ci->num_of_certs) {
- /* free all individual lists used */
- for(i=0; i<ci->num_of_certs; i++) {
- curl_slist_free_all(ci->certinfo[i]);
- ci->certinfo[i] = NULL;
- }
- free(ci->certinfo); /* free the actual array too */
- ci->certinfo = NULL;
- ci->num_of_certs = 0;
- }
-}
-
-int Curl_ssl_init_certinfo(struct SessionHandle * data,
- int num)
-{
- struct curl_certinfo * ci = &data->info.certs;
- struct curl_slist * * table;
-
- /* Initialize the certificate information structures. Return 0 if OK, else 1.
- */
- Curl_ssl_free_certinfo(data);
- ci->num_of_certs = num;
- table = calloc((size_t) num, sizeof(struct curl_slist *));
- if(!table)
- return 1;
-
- ci->certinfo = table;
- return 0;
-}
-
-CURLcode Curl_ssl_push_certinfo_len(struct SessionHandle *data,
- int certnum,
- const char *label,
- const char *value,
- size_t valuelen)
-{
- struct curl_certinfo * ci = &data->info.certs;
- char * output;
- struct curl_slist * nl;
- CURLcode res = CURLE_OK;
-
- /* Add an information record for a particular certificate. */
- output = curl_maprintf("%s:%.*s", label, valuelen, value);
- if(!output)
- return CURLE_OUT_OF_MEMORY;
-
- nl = Curl_slist_append_nodup(ci->certinfo[certnum], output);
- if(!nl) {
- free(output);
- curl_slist_free_all(ci->certinfo[certnum]);
- res = CURLE_OUT_OF_MEMORY;
- }
-
- ci->certinfo[certnum] = nl;
- return res;
-}
-
-/*
- * This is a convenience function for push_certinfo_len that takes a zero
- * terminated value.
- */
-CURLcode Curl_ssl_push_certinfo(struct SessionHandle *data,
- int certnum,
- const char *label,
- const char *value)
-{
- size_t valuelen = strlen(value);
-
- return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
-}
-
-/* these functions are only provided by some SSL backends */
-
-#ifdef have_curlssl_random
-void Curl_ssl_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length)
-{
- curlssl_random(data, entropy, length);
-}
-#endif
-
-#ifdef have_curlssl_md5sum
-void Curl_ssl_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len)
-{
- curlssl_md5sum(tmp, tmplen, md5sum, md5len);
-}
-#endif
-
-#endif /* USE_SSL */
diff --git a/libs/libcurl/src/sslgen.h b/libs/libcurl/src/sslgen.h
deleted file mode 100644
index c7f5f0092d..0000000000
--- a/libs/libcurl/src/sslgen.h
+++ /dev/null
@@ -1,126 +0,0 @@
-#ifndef HEADER_CURL_SSLGEN_H
-#define HEADER_CURL_SSLGEN_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "curl_setup.h"
-
-#ifndef MD5_DIGEST_LENGTH
-#define MD5_DIGEST_LENGTH 16 /* fixed size */
-#endif
-
-bool Curl_ssl_config_matches(struct ssl_config_data* data,
- struct ssl_config_data* needle);
-bool Curl_clone_ssl_config(struct ssl_config_data* source,
- struct ssl_config_data* dest);
-void Curl_free_ssl_config(struct ssl_config_data* sslc);
-
-unsigned int Curl_rand(struct SessionHandle *);
-
-#ifdef USE_SSL
-int Curl_ssl_init(void);
-void Curl_ssl_cleanup(void);
-CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
-CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-/* tell the SSL stuff to close down all open information regarding
- connections (and thus session ID caching etc) */
-void Curl_ssl_close_all(struct SessionHandle *data);
-void Curl_ssl_close(struct connectdata *conn, int sockindex);
-CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
-CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine);
-/* Sets engine as default for all SSL operations */
-CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data);
-struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);
-
-/* init the SSL session ID cache */
-CURLcode Curl_ssl_initsessions(struct SessionHandle *, size_t);
-size_t Curl_ssl_version(char *buffer, size_t size);
-bool Curl_ssl_data_pending(const struct connectdata *conn,
- int connindex);
-int Curl_ssl_check_cxn(struct connectdata *conn);
-
-/* Certificate information list handling. */
-
-void Curl_ssl_free_certinfo(struct SessionHandle *data);
-int Curl_ssl_init_certinfo(struct SessionHandle * data, int num);
-CURLcode Curl_ssl_push_certinfo_len(struct SessionHandle * data, int certnum,
- const char * label, const char * value,
- size_t valuelen);
-CURLcode Curl_ssl_push_certinfo(struct SessionHandle * data, int certnum,
- const char * label, const char * value);
-
-/* Functions to be used by SSL library adaptation functions */
-
-/* extract a session ID */
-int Curl_ssl_getsessionid(struct connectdata *conn,
- void **ssl_sessionid,
- size_t *idsize) /* set 0 if unknown */;
-/* add a new session ID */
-CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
- void *ssl_sessionid,
- size_t idsize);
-/* Kill a single session ID entry in the cache */
-void Curl_ssl_kill_session(struct curl_ssl_session *session);
-/* delete a session from the cache */
-void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid);
-
-/* get N random bytes into the buffer */
-void Curl_ssl_random(struct SessionHandle *data, unsigned char *buffer,
- size_t length);
-void Curl_ssl_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len);
-
-#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
-
-#ifdef have_curlssl_random
-#define HAVE_CURL_SSL_RANDOM
-#endif
-#ifdef have_curlssl_md5sum
-#define HAVE_CURL_SSL_MD5SUM
-#endif
-
-#else
-/* When SSL support is not present, just define away these function calls */
-#define Curl_ssl_init() 1
-#define Curl_ssl_cleanup() Curl_nop_stmt
-#define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN
-#define Curl_ssl_close_all(x) Curl_nop_stmt
-#define Curl_ssl_close(x,y) Curl_nop_stmt
-#define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN
-#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
-#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
-#define Curl_ssl_engines_list(x) NULL
-#define Curl_ssl_send(a,b,c,d,e) -1
-#define Curl_ssl_recv(a,b,c,d,e) -1
-#define Curl_ssl_initsessions(x,y) CURLE_OK
-#define Curl_ssl_version(x,y) 0
-#define Curl_ssl_data_pending(x,y) 0
-#define Curl_ssl_check_cxn(x) 0
-#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
-#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN
-#define Curl_ssl_kill_session(x) Curl_nop_stmt
-#endif
-
-#endif /* HEADER_CURL_SSLGEN_H */
diff --git a/libs/libcurl/src/ssluse.c b/libs/libcurl/src/ssluse.c
deleted file mode 100644
index 25ece337a1..0000000000
--- a/libs/libcurl/src/ssluse.c
+++ /dev/null
@@ -1,2696 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/*
- * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
- */
-
-/*
- * The original SSLeay-using code for curl was written by Linas Vepstas and
- * Sampo Kellomaki 1998.
- */
-
-#include "curl_setup.h"
-
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-
-#include "urldata.h"
-#include "sendf.h"
-#include "formdata.h" /* for the boundary function */
-#include "url.h" /* for the ssl config check function */
-#include "inet_pton.h"
-#include "ssluse.h"
-#include "connect.h"
-#include "slist.h"
-#include "strequal.h"
-#include "select.h"
-#include "sslgen.h"
-#include "rawstr.h"
-#include "hostcheck.h"
-
-#define _MPRINTF_REPLACE /* use the internal *printf() functions */
-#include <curl/mprintf.h>
-
-#ifdef USE_SSLEAY
-
-#ifdef USE_OPENSSL
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#else
-#include <rand.h>
-#include <x509v3.h>
-#include <md5.h>
-#endif
-
-#include "warnless.h"
-#include "curl_memory.h"
-#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-#ifndef OPENSSL_VERSION_NUMBER
-#error "OPENSSL_VERSION_NUMBER not defined"
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x0090581fL
-#define HAVE_SSL_GET1_SESSION 1
-#else
-#undef HAVE_SSL_GET1_SESSION
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00904100L
-#define HAVE_USERDATA_IN_PWD_CALLBACK 1
-#else
-#undef HAVE_USERDATA_IN_PWD_CALLBACK
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907001L
-/* ENGINE_load_private_key() takes four arguments */
-#define HAVE_ENGINE_LOAD_FOUR_ARGS
-#include <openssl/ui.h>
-#else
-/* ENGINE_load_private_key() takes three arguments */
-#undef HAVE_ENGINE_LOAD_FOUR_ARGS
-#endif
-
-#if (OPENSSL_VERSION_NUMBER >= 0x00903001L) && defined(HAVE_OPENSSL_PKCS12_H)
-/* OpenSSL has PKCS 12 support */
-#define HAVE_PKCS12_SUPPORT
-#else
-/* OpenSSL/SSLEay does not have PKCS12 support */
-#undef HAVE_PKCS12_SUPPORT
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00906001L
-#define HAVE_ERR_ERROR_STRING_N 1
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
-#define SSL_METHOD_QUAL const
-#else
-#define SSL_METHOD_QUAL
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-/* 0.9.6 didn't have X509_STORE_set_flags() */
-#define HAVE_X509_STORE_SET_FLAGS 1
-#else
-#define X509_STORE_set_flags(x,y) Curl_nop_stmt
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-#define HAVE_ERR_REMOVE_THREAD_STATE 1
-#endif
-
-#ifndef HAVE_SSLV2_CLIENT_METHOD
-#undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
-#define OPENSSL_NO_SSL2
-#endif
-
-/*
- * Number of bytes to read from the random number seed file. This must be
- * a finite value (because some entropy "files" like /dev/urandom have
- * an infinite length), but must be large enough to provide enough
- * entopy to properly seed OpenSSL's PRNG.
- */
-#define RAND_LOAD_LENGTH 1024
-
-#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
-static char global_passwd[64];
-#endif
-
-static int passwd_callback(char *buf, int num, int encrypting
-#ifdef HAVE_USERDATA_IN_PWD_CALLBACK
- /* This was introduced in 0.9.4, we can set this
- using SSL_CTX_set_default_passwd_cb_userdata()
- */
- , void *global_passwd
-#endif
- )
-{
- DEBUGASSERT(0 == encrypting);
-
- if(!encrypting) {
- int klen = curlx_uztosi(strlen((char *)global_passwd));
- if(num > klen) {
- memcpy(buf, global_passwd, klen+1);
- return klen;
- }
- }
- return 0;
-}
-
-/*
- * rand_enough() is a function that returns TRUE if we have seeded the random
- * engine properly. We use some preprocessor magic to provide a seed_enough()
- * macro to use, just to prevent a compiler warning on this function if we
- * pass in an argument that is never used.
- */
-
-#ifdef HAVE_RAND_STATUS
-#define seed_enough(x) rand_enough()
-static bool rand_enough(void)
-{
- return (0 != RAND_status()) ? TRUE : FALSE;
-}
-#else
-#define seed_enough(x) rand_enough(x)
-static bool rand_enough(int nread)
-{
- /* this is a very silly decision to make */
- return (nread > 500) ? TRUE : FALSE;
-}
-#endif
-
-static int ossl_seed(struct SessionHandle *data)
-{
- char *buf = data->state.buffer; /* point to the big buffer */
- int nread=0;
-
- /* Q: should we add support for a random file name as a libcurl option?
- A: Yes, it is here */
-
-#ifndef RANDOM_FILE
- /* if RANDOM_FILE isn't defined, we only perform this if an option tells
- us to! */
- if(data->set.ssl.random_file)
-#define RANDOM_FILE "" /* doesn't matter won't be used */
-#endif
- {
- /* let the option override the define */
- nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
- data->set.str[STRING_SSL_RANDOM_FILE]:
- RANDOM_FILE),
- RAND_LOAD_LENGTH);
- if(seed_enough(nread))
- return nread;
- }
-
-#if defined(HAVE_RAND_EGD)
- /* only available in OpenSSL 0.9.5 and later */
- /* EGD_SOCKET is set at configure time or not at all */
-#ifndef EGD_SOCKET
- /* If we don't have the define set, we only do this if the egd-option
- is set */
- if(data->set.str[STRING_SSL_EGDSOCKET])
-#define EGD_SOCKET "" /* doesn't matter won't be used */
-#endif
- {
- /* If there's an option and a define, the option overrides the
- define */
- int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
- data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
- if(-1 != ret) {
- nread += ret;
- if(seed_enough(nread))
- return nread;
- }
- }
-#endif
-
- /* If we get here, it means we need to seed the PRNG using a "silly"
- approach! */
- do {
- unsigned char randb[64];
- int len = sizeof(randb);
- RAND_bytes(randb, len);
- RAND_add(randb, len, (len >> 1));
- } while(!RAND_status());
-
- /* generates a default path for the random seed file */
- buf[0]=0; /* blank it first */
- RAND_file_name(buf, BUFSIZE);
- if(buf[0]) {
- /* we got a file name to try */
- nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
- if(seed_enough(nread))
- return nread;
- }
-
- infof(data, "libcurl is now using a weak random seed!\n");
- return nread;
-}
-
-int Curl_ossl_seed(struct SessionHandle *data)
-{
- /* we have the "SSL is seeded" boolean static to prevent multiple
- time-consuming seedings in vain */
- static bool ssl_seeded = FALSE;
-
- if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
- data->set.str[STRING_SSL_EGDSOCKET]) {
- ossl_seed(data);
- ssl_seeded = TRUE;
- }
- return 0;
-}
-
-
-#ifndef SSL_FILETYPE_ENGINE
-#define SSL_FILETYPE_ENGINE 42
-#endif
-#ifndef SSL_FILETYPE_PKCS12
-#define SSL_FILETYPE_PKCS12 43
-#endif
-static int do_file_type(const char *type)
-{
- if(!type || !type[0])
- return SSL_FILETYPE_PEM;
- if(Curl_raw_equal(type, "PEM"))
- return SSL_FILETYPE_PEM;
- if(Curl_raw_equal(type, "DER"))
- return SSL_FILETYPE_ASN1;
- if(Curl_raw_equal(type, "ENG"))
- return SSL_FILETYPE_ENGINE;
- if(Curl_raw_equal(type, "P12"))
- return SSL_FILETYPE_PKCS12;
- return -1;
-}
-
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_FOUR_ARGS)
-/*
- * Supply default password to the engine user interface conversation.
- * The password is passed by OpenSSL engine from ENGINE_load_private_key()
- * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
- */
-static int ssl_ui_reader(UI *ui, UI_STRING *uis)
-{
- const char *password;
- switch(UI_get_string_type(uis)) {
- case UIT_PROMPT:
- case UIT_VERIFY:
- password = (const char*)UI_get0_user_data(ui);
- if(NULL != password &&
- UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
- UI_set_result(ui, uis, password);
- return 1;
- }
- default:
- break;
- }
- return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
-}
-
-/*
- * Suppress interactive request for a default password if available.
- */
-static int ssl_ui_writer(UI *ui, UI_STRING *uis)
-{
- switch(UI_get_string_type(uis)) {
- case UIT_PROMPT:
- case UIT_VERIFY:
- if(NULL != UI_get0_user_data(ui) &&
- UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD) {
- return 1;
- }
- default:
- break;
- }
- return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
-}
-#endif
-
-static
-int cert_stuff(struct connectdata *conn,
- SSL_CTX* ctx,
- char *cert_file,
- const char *cert_type,
- char *key_file,
- const char *key_type)
-{
- struct SessionHandle *data = conn->data;
-
- int file_type = do_file_type(cert_type);
-
- if(cert_file != NULL || file_type == SSL_FILETYPE_ENGINE) {
- SSL *ssl;
- X509 *x509;
- int cert_done = 0;
-
- if(data->set.str[STRING_KEY_PASSWD]) {
-#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
- /*
- * If password has been given, we store that in the global
- * area (*shudder*) for a while:
- */
- size_t len = strlen(data->set.str[STRING_KEY_PASSWD]);
- if(len < sizeof(global_passwd))
- memcpy(global_passwd, data->set.str[STRING_KEY_PASSWD], len+1);
- else
- global_passwd[0] = '\0';
-#else
- /*
- * We set the password in the callback userdata
- */
- SSL_CTX_set_default_passwd_cb_userdata(ctx,
- data->set.str[STRING_KEY_PASSWD]);
-#endif
- /* Set passwd callback: */
- SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
- }
-
-
-#define SSL_CLIENT_CERT_ERR \
- "unable to use client certificate (no key found or wrong pass phrase?)"
-
- switch(file_type) {
- case SSL_FILETYPE_PEM:
- /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
- if(SSL_CTX_use_certificate_chain_file(ctx,
- cert_file) != 1) {
- failf(data, SSL_CLIENT_CERT_ERR);
- return 0;
- }
- break;
-
- case SSL_FILETYPE_ASN1:
- /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
- we use the case above for PEM so this can only be performed with
- ASN1 files. */
- if(SSL_CTX_use_certificate_file(ctx,
- cert_file,
- file_type) != 1) {
- failf(data, SSL_CLIENT_CERT_ERR);
- return 0;
- }
- break;
- case SSL_FILETYPE_ENGINE:
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
- {
- if(data->state.engine) {
- const char *cmd_name = "LOAD_CERT_CTRL";
- struct {
- const char *cert_id;
- X509 *cert;
- } params;
-
- params.cert_id = cert_file;
- params.cert = NULL;
-
- /* Does the engine supports LOAD_CERT_CTRL ? */
- if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name, NULL)) {
- failf(data, "ssl engine does not support loading certificates");
- return 0;
- }
-
- /* Load the certificate from the engine */
- if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
- 0, &params, NULL, 1)) {
- failf(data, "ssl engine cannot load client cert with id"
- " '%s' [%s]", cert_file,
- ERR_error_string(ERR_get_error(), NULL));
- return 0;
- }
-
- if(!params.cert) {
- failf(data, "ssl engine didn't initialized the certificate "
- "properly.");
- return 0;
- }
-
- if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
- failf(data, "unable to set client certificate");
- X509_free(params.cert);
- return 0;
- }
- X509_free(params.cert); /* we don't need the handle any more... */
- }
- else {
- failf(data, "crypto engine not set, can't load certificate");
- return 0;
- }
- }
- break;
-#else
- failf(data, "file type ENG for certificate not implemented");
- return 0;
-#endif
-
- case SSL_FILETYPE_PKCS12:
- {
-#ifdef HAVE_PKCS12_SUPPORT
- FILE *f;
- PKCS12 *p12;
- EVP_PKEY *pri;
- STACK_OF(X509) *ca = NULL;
- int i;
-
- f = fopen(cert_file,"rb");
- if(!f) {
- failf(data, "could not open PKCS12 file '%s'", cert_file);
- return 0;
- }
- p12 = d2i_PKCS12_fp(f, NULL);
- fclose(f);
-
- if(!p12) {
- failf(data, "error reading PKCS12 file '%s'", cert_file );
- return 0;
- }
-
- PKCS12_PBE_add();
-
- if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
- &ca)) {
- failf(data,
- "could not parse PKCS12 file, check password, OpenSSL error %s",
- ERR_error_string(ERR_get_error(), NULL) );
- PKCS12_free(p12);
- return 0;
- }
-
- PKCS12_free(p12);
-
- if(SSL_CTX_use_certificate(ctx, x509) != 1) {
- failf(data, SSL_CLIENT_CERT_ERR);
- goto fail;
- }
-
- if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
- failf(data, "unable to use private key from PKCS12 file '%s'",
- cert_file);
- goto fail;
- }
-
- if(!SSL_CTX_check_private_key (ctx)) {
- failf(data, "private key from PKCS12 file '%s' "
- "does not match certificate in same file", cert_file);
- goto fail;
- }
- /* Set Certificate Verification chain */
- if(ca && sk_X509_num(ca)) {
- for(i = 0; i < sk_X509_num(ca); i++) {
- /*
- * Note that sk_X509_pop() is used below to make sure the cert is
- * removed from the stack properly before getting passed to
- * SSL_CTX_add_extra_chain_cert(). Previously we used
- * sk_X509_value() instead, but then we'd clean it in the subsequent
- * sk_X509_pop_free() call.
- */
- X509 *x = sk_X509_pop(ca);
- if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
- failf(data, "cannot add certificate to certificate chain");
- goto fail;
- }
- /* SSL_CTX_add_client_CA() seems to work with either sk_* function,
- * presumably because it duplicates what we pass to it.
- */
- if(!SSL_CTX_add_client_CA(ctx, x)) {
- failf(data, "cannot add certificate to client CA list");
- goto fail;
- }
- }
- }
-
- cert_done = 1;
- fail:
- EVP_PKEY_free(pri);
- X509_free(x509);
- sk_X509_pop_free(ca, X509_free);
-
- if(!cert_done)
- return 0; /* failure! */
-#else
- failf(data, "file type P12 for certificate not supported");
- return 0;
-#endif
- }
- default:
- failf(data, "not supported file type '%s' for certificate", cert_type);
- return 0;
- }
-
- file_type = do_file_type(key_type);
-
- switch(file_type) {
- case SSL_FILETYPE_PEM:
- if(cert_done)
- break;
- if(key_file == NULL)
- /* cert & key can only be in PEM case in the same file */
- key_file=cert_file;
- case SSL_FILETYPE_ASN1:
- if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
- failf(data, "unable to set private key file: '%s' type %s",
- key_file, key_type?key_type:"PEM");
- return 0;
- }
- break;
- case SSL_FILETYPE_ENGINE:
-#ifdef HAVE_OPENSSL_ENGINE_H
- { /* XXXX still needs some work */
- EVP_PKEY *priv_key = NULL;
- if(data->state.engine) {
-#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
- UI_METHOD *ui_method =
- UI_create_method((char *)"cURL user interface");
- if(NULL == ui_method) {
- failf(data, "unable do create OpenSSL user-interface method");
- return 0;
- }
- UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
- UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
- UI_method_set_reader(ui_method, ssl_ui_reader);
- UI_method_set_writer(ui_method, ssl_ui_writer);
-#endif
- /* the typecast below was added to please mingw32 */
- priv_key = (EVP_PKEY *)
- ENGINE_load_private_key(data->state.engine,key_file,
-#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
- ui_method,
-#endif
- data->set.str[STRING_KEY_PASSWD]);
-#ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
- UI_destroy_method(ui_method);
-#endif
- if(!priv_key) {
- failf(data, "failed to load private key from crypto engine");
- return 0;
- }
- if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
- failf(data, "unable to set private key");
- EVP_PKEY_free(priv_key);
- return 0;
- }
- EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
- }
- else {
- failf(data, "crypto engine not set, can't load private key");
- return 0;
- }
- }
- break;
-#else
- failf(data, "file type ENG for private key not supported");
- return 0;
-#endif
- case SSL_FILETYPE_PKCS12:
- if(!cert_done) {
- failf(data, "file type P12 for private key not supported");
- return 0;
- }
- break;
- default:
- failf(data, "not supported file type for private key");
- return 0;
- }
-
- ssl=SSL_new(ctx);
- if(NULL == ssl) {
- failf(data,"unable to create an SSL structure");
- return 0;
- }
-
- x509=SSL_get_certificate(ssl);
-
- /* This version was provided by Evan Jordan and is supposed to not
- leak memory as the previous version: */
- if(x509 != NULL) {
- EVP_PKEY *pktmp = X509_get_pubkey(x509);
- EVP_PKEY_copy_parameters(pktmp,SSL_get_privatekey(ssl));
- EVP_PKEY_free(pktmp);
- }
-
- SSL_free(ssl);
-
- /* If we are using DSA, we can copy the parameters from
- * the private key */
-
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
- if(!SSL_CTX_check_private_key(ctx)) {
- failf(data, "Private key does not match the certificate public key");
- return 0;
- }
-#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
- /* erase it now */
- memset(global_passwd, 0, sizeof(global_passwd));
-#endif
- }
- return 1;
-}
-
-/* returns non-zero on failure */
-static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
-{
-#if 0
- return X509_NAME_oneline(a, buf, size);
-#else
- BIO *bio_out = BIO_new(BIO_s_mem());
- BUF_MEM *biomem;
- int rc;
-
- if(!bio_out)
- return 1; /* alloc failed! */
-
- rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
- BIO_get_mem_ptr(bio_out, &biomem);
-
- if((size_t)biomem->length < size)
- size = biomem->length;
- else
- size--; /* don't overwrite the buffer end */
-
- memcpy(buf, biomem->data, size);
- buf[size]=0;
-
- BIO_free(bio_out);
-
- return !rc;
-#endif
-}
-
-static
-int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
-{
- X509 *err_cert;
- char buf[256];
-
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- (void)x509_name_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
- return ok;
-}
-
-/* Return error string for last OpenSSL error
- */
-static char *SSL_strerror(unsigned long error, char *buf, size_t size)
-{
-#ifdef HAVE_ERR_ERROR_STRING_N
- /* OpenSSL 0.9.6 and later has a function named
- ERRO_error_string_n() that takes the size of the buffer as a
- third argument */
- ERR_error_string_n(error, buf, size);
-#else
- (void) size;
- ERR_error_string(error, buf);
-#endif
- return buf;
-}
-
-#endif /* USE_SSLEAY */
-
-#ifdef USE_SSLEAY
-/**
- * Global SSL init
- *
- * @retval 0 error initializing SSL
- * @retval 1 SSL initialized successfully
- */
-int Curl_ossl_init(void)
-{
-#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
- ENGINE_load_builtin_engines();
-#endif
-
- /* Lets get nice error messages */
- SSL_load_error_strings();
-
- /* Init the global ciphers and digests */
- if(!SSLeay_add_ssl_algorithms())
- return 0;
-
- OpenSSL_add_all_algorithms();
-
- return 1;
-}
-
-#endif /* USE_SSLEAY */
-
-#ifdef USE_SSLEAY
-
-/* Global cleanup */
-void Curl_ossl_cleanup(void)
-{
- /* Free ciphers and digests lists */
- EVP_cleanup();
-
-#ifdef HAVE_ENGINE_CLEANUP
- /* Free engine list */
- ENGINE_cleanup();
-#endif
-
-#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
- /* Free OpenSSL ex_data table */
- CRYPTO_cleanup_all_ex_data();
-#endif
-
- /* Free OpenSSL error strings */
- ERR_free_strings();
-
- /* Free thread local error state, destroying hash upon zero refcount */
-#ifdef HAVE_ERR_REMOVE_THREAD_STATE
- ERR_remove_thread_state(NULL);
-#else
- ERR_remove_state(0);
-#endif
-}
-
-/*
- * This function uses SSL_peek to determine connection status.
- *
- * Return codes:
- * 1 means the connection is still in place
- * 0 means the connection has been closed
- * -1 means the connection status is unknown
- */
-int Curl_ossl_check_cxn(struct connectdata *conn)
-{
- int rc;
- char buf;
-
- rc = SSL_peek(conn->ssl[FIRSTSOCKET].handle, (void*)&buf, 1);
- if(rc > 0)
- return 1; /* connection still in place */
-
- if(rc == 0)
- return 0; /* connection has been closed */
-
- return -1; /* connection status unknown */
-}
-
-/* Selects an OpenSSL crypto engine
- */
-CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine)
-{
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
- ENGINE *e;
-
-#if OPENSSL_VERSION_NUMBER >= 0x00909000L
- e = ENGINE_by_id(engine);
-#else
- /* avoid memory leak */
- for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
- const char *e_id = ENGINE_get_id(e);
- if(!strcmp(engine, e_id))
- break;
- }
-#endif
-
- if(!e) {
- failf(data, "SSL Engine '%s' not found", engine);
- return CURLE_SSL_ENGINE_NOTFOUND;
- }
-
- if(data->state.engine) {
- ENGINE_finish(data->state.engine);
- ENGINE_free(data->state.engine);
- data->state.engine = NULL;
- }
- if(!ENGINE_init(e)) {
- char buf[256];
-
- ENGINE_free(e);
- failf(data, "Failed to initialise SSL Engine '%s':\n%s",
- engine, SSL_strerror(ERR_get_error(), buf, sizeof(buf)));
- return CURLE_SSL_ENGINE_INITFAILED;
- }
- data->state.engine = e;
- return CURLE_OK;
-#else
- (void)engine;
- failf(data, "SSL Engine not supported");
- return CURLE_SSL_ENGINE_NOTFOUND;
-#endif
-}
-
-/* Sets engine as default for all SSL operations
- */
-CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data)
-{
-#ifdef HAVE_OPENSSL_ENGINE_H
- if(data->state.engine) {
- if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
- infof(data,"set default crypto engine '%s'\n",
- ENGINE_get_id(data->state.engine));
- }
- else {
- failf(data, "set default crypto engine '%s' failed",
- ENGINE_get_id(data->state.engine));
- return CURLE_SSL_ENGINE_SETFAILED;
- }
- }
-#else
- (void) data;
-#endif
- return CURLE_OK;
-}
-
-/* Return list of OpenSSL crypto engine names.
- */
-struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
-{
- struct curl_slist *list = NULL;
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
- struct curl_slist *beg;
- ENGINE *e;
-
- for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
- beg = curl_slist_append(list, ENGINE_get_id(e));
- if(!beg) {
- curl_slist_free_all(list);
- return NULL;
- }
- list = beg;
- }
-#endif
- (void) data;
- return list;
-}
-
-
-/*
- * This function is called when an SSL connection is closed.
- */
-void Curl_ossl_close(struct connectdata *conn, int sockindex)
-{
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- if(connssl->handle) {
- (void)SSL_shutdown(connssl->handle);
- SSL_set_connect_state(connssl->handle);
-
- SSL_free (connssl->handle);
- connssl->handle = NULL;
- }
- if(connssl->ctx) {
- SSL_CTX_free (connssl->ctx);
- connssl->ctx = NULL;
- }
-}
-
-/*
- * This function is called to shut down the SSL layer but keep the
- * socket open (CCC - Clear Command Channel)
- */
-int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
-{
- int retval = 0;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct SessionHandle *data = conn->data;
- char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
- to be at least 120 bytes long. */
- unsigned long sslerror;
- ssize_t nread;
- int buffsize;
- int err;
- int done = 0;
-
- /* This has only been tested on the proftpd server, and the mod_tls code
- sends a close notify alert without waiting for a close notify alert in
- response. Thus we wait for a close notify alert from the server, but
- we do not send one. Let's hope other servers do the same... */
-
- if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
- (void)SSL_shutdown(connssl->handle);
-
- if(connssl->handle) {
- buffsize = sizeof(buf);
- while(!done) {
- int what = Curl_socket_ready(conn->sock[sockindex],
- CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
- if(what > 0) {
- ERR_clear_error();
-
- /* Something to read, let's do it and hope that it is the close
- notify alert from the server */
- nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
- buffsize);
- err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
-
- switch(err) {
- case SSL_ERROR_NONE: /* this is not an error */
- case SSL_ERROR_ZERO_RETURN: /* no more data */
- /* This is the expected response. There was no data but only
- the close notify alert */
- done = 1;
- break;
- case SSL_ERROR_WANT_READ:
- /* there's data pending, re-invoke SSL_read() */
- infof(data, "SSL_ERROR_WANT_READ\n");
- break;
- case SSL_ERROR_WANT_WRITE:
- /* SSL wants a write. Really odd. Let's bail out. */
- infof(data, "SSL_ERROR_WANT_WRITE\n");
- done = 1;
- break;
- default:
- /* openssl/ssl.h says "look at error stack/return value/errno" */
- sslerror = ERR_get_error();
- failf(conn->data, "SSL read: %s, errno %d",
- ERR_error_string(sslerror, buf),
- SOCKERRNO);
- done = 1;
- break;
- }
- }
- else if(0 == what) {
- /* timeout */
- failf(data, "SSL shutdown timeout");
- done = 1;
- }
- else {
- /* anything that gets here is fatally bad */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- retval = -1;
- done = 1;
- }
- } /* while()-loop for the select() */
-
- if(data->set.verbose) {
-#ifdef HAVE_SSL_GET_SHUTDOWN
- switch(SSL_get_shutdown(connssl->handle)) {
- case SSL_SENT_SHUTDOWN:
- infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
- break;
- case SSL_RECEIVED_SHUTDOWN:
- infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
- break;
- case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
- infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
- "SSL_RECEIVED__SHUTDOWN\n");
- break;
- }
-#endif
- }
-
- SSL_free (connssl->handle);
- connssl->handle = NULL;
- }
- return retval;
-}
-
-void Curl_ossl_session_free(void *ptr)
-{
- /* free the ID */
- SSL_SESSION_free(ptr);
-}
-
-/*
- * This function is called when the 'data' struct is going away. Close
- * down everything and free all resources!
- */
-int Curl_ossl_close_all(struct SessionHandle *data)
-{
-#ifdef HAVE_OPENSSL_ENGINE_H
- if(data->state.engine) {
- ENGINE_finish(data->state.engine);
- ENGINE_free(data->state.engine);
- data->state.engine = NULL;
- }
-#else
- (void)data;
-#endif
- return 0;
-}
-
-static int asn1_output(const ASN1_UTCTIME *tm,
- char *buf,
- size_t sizeofbuf)
-{
- const char *asn1_string;
- int gmt=FALSE;
- int i;
- int year=0,month=0,day=0,hour=0,minute=0,second=0;
-
- i=tm->length;
- asn1_string=(const char *)tm->data;
-
- if(i < 10)
- return 1;
- if(asn1_string[i-1] == 'Z')
- gmt=TRUE;
- for(i=0; i<10; i++)
- if((asn1_string[i] > '9') || (asn1_string[i] < '0'))
- return 2;
-
- year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
- if(year < 50)
- year+=100;
-
- month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
- if((month > 12) || (month < 1))
- return 3;
-
- day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
- hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
- minute= (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
-
- if((asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
- (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
- second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
-
- snprintf(buf, sizeofbuf,
- "%04d-%02d-%02d %02d:%02d:%02d %s",
- year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
-
- return 0;
-}
-
-/* ====================================================== */
-
-
-/* Quote from RFC2818 section 3.1 "Server Identity"
-
- If a subjectAltName extension of type dNSName is present, that MUST
- be used as the identity. Otherwise, the (most specific) Common Name
- field in the Subject field of the certificate MUST be used. Although
- the use of the Common Name is existing practice, it is deprecated and
- Certification Authorities are encouraged to use the dNSName instead.
-
- Matching is performed using the matching rules specified by
- [RFC2459]. If more than one identity of a given type is present in
- the certificate (e.g., more than one dNSName name, a match in any one
- of the set is considered acceptable.) Names may contain the wildcard
- character * which is considered to match any single domain name
- component or component fragment. E.g., *.a.com matches foo.a.com but
- not bar.foo.a.com. f*.com matches foo.com but not bar.com.
-
- In some cases, the URI is specified as an IP address rather than a
- hostname. In this case, the iPAddress subjectAltName must be present
- in the certificate and must exactly match the IP in the URI.
-
-*/
-static CURLcode verifyhost(struct connectdata *conn,
- X509 *server_cert)
-{
- int matched = -1; /* -1 is no alternative match yet, 1 means match and 0
- means mismatch */
- int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
- size_t addrlen = 0;
- struct SessionHandle *data = conn->data;
- STACK_OF(GENERAL_NAME) *altnames;
-#ifdef ENABLE_IPV6
- struct in6_addr addr;
-#else
- struct in_addr addr;
-#endif
- CURLcode res = CURLE_OK;
-
-#ifdef ENABLE_IPV6
- if(conn->bits.ipv6_ip &&
- Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
- target = GEN_IPADD;
- addrlen = sizeof(struct in6_addr);
- }
- else
-#endif
- if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
- target = GEN_IPADD;
- addrlen = sizeof(struct in_addr);
- }
-
- /* get a "list" of alternative names */
- altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
-
- if(altnames) {
- int numalts;
- int i;
-
- /* get amount of alternatives, RFC2459 claims there MUST be at least
- one, but we don't depend on it... */
- numalts = sk_GENERAL_NAME_num(altnames);
-
- /* loop through all alternatives while none has matched */
- for(i=0; (i<numalts) && (matched != 1); i++) {
- /* get a handle to alternative name number i */
- const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
-
- /* only check alternatives of the same type the target is */
- if(check->type == target) {
- /* get data and length */
- const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
- size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
-
- switch(target) {
- case GEN_DNS: /* name/pattern comparison */
- /* The OpenSSL man page explicitly says: "In general it cannot be
- assumed that the data returned by ASN1_STRING_data() is null
- terminated or does not contain embedded nulls." But also that
- "The actual format of the data will depend on the actual string
- type itself: for example for and IA5String the data will be ASCII"
-
- Gisle researched the OpenSSL sources:
- "I checked the 0.9.6 and 0.9.8 sources before my patch and
- it always 0-terminates an IA5String."
- */
- if((altlen == strlen(altptr)) &&
- /* if this isn't true, there was an embedded zero in the name
- string and we cannot match it. */
- Curl_cert_hostcheck(altptr, conn->host.name))
- matched = 1;
- else
- matched = 0;
- break;
-
- case GEN_IPADD: /* IP address comparison */
- /* compare alternative IP address if the data chunk is the same size
- our server IP address is */
- if((altlen == addrlen) && !memcmp(altptr, &addr, altlen))
- matched = 1;
- else
- matched = 0;
- break;
- }
- }
- }
- GENERAL_NAMES_free(altnames);
- }
-
- if(matched == 1)
- /* an alternative name matched the server hostname */
- infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
- else if(matched == 0) {
- /* an alternative name field existed, but didn't match and then
- we MUST fail */
- infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
- failf(data, "SSL: no alternative certificate subject name matches "
- "target host name '%s'", conn->host.dispname);
- res = CURLE_PEER_FAILED_VERIFICATION;
- }
- else {
- /* we have to look to the last occurrence of a commonName in the
- distinguished one to get the most significant one. */
- int j,i=-1 ;
-
-/* The following is done because of a bug in 0.9.6b */
-
- unsigned char *nulstr = (unsigned char *)"";
- unsigned char *peer_CN = nulstr;
-
- X509_NAME *name = X509_get_subject_name(server_cert) ;
- if(name)
- while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
- i=j;
-
- /* we have the name entry and we will now convert this to a string
- that we can use for comparison. Doing this we support BMPstring,
- UTF8 etc. */
-
- if(i>=0) {
- ASN1_STRING *tmp = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
-
- /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
- is already UTF-8 encoded. We check for this case and copy the raw
- string manually to avoid the problem. This code can be made
- conditional in the future when OpenSSL has been fixed. Work-around
- brought by Alexis S. L. Carvalho. */
- if(tmp) {
- if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
- j = ASN1_STRING_length(tmp);
- if(j >= 0) {
- peer_CN = OPENSSL_malloc(j+1);
- if(peer_CN) {
- memcpy(peer_CN, ASN1_STRING_data(tmp), j);
- peer_CN[j] = '\0';
- }
- }
- }
- else /* not a UTF8 name */
- j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
-
- if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
- /* there was a terminating zero before the end of string, this
- cannot match and we return failure! */
- failf(data, "SSL: illegal cert name field");
- res = CURLE_PEER_FAILED_VERIFICATION;
- }
- }
- }
-
- if(peer_CN == nulstr)
- peer_CN = NULL;
- else {
- /* convert peer_CN from UTF8 */
- CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
- /* Curl_convert_from_utf8 calls failf if unsuccessful */
- if(rc) {
- OPENSSL_free(peer_CN);
- return rc;
- }
- }
-
- if(res)
- /* error already detected, pass through */
- ;
- else if(!peer_CN) {
- failf(data,
- "SSL: unable to obtain common name from peer certificate");
- res = CURLE_PEER_FAILED_VERIFICATION;
- }
- else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
- failf(data, "SSL: certificate subject name '%s' does not match "
- "target host name '%s'", peer_CN, conn->host.dispname);
- res = CURLE_PEER_FAILED_VERIFICATION;
- }
- else {
- infof(data, "\t common name: %s (matched)\n", peer_CN);
- }
- if(peer_CN)
- OPENSSL_free(peer_CN);
- }
- return res;
-}
-#endif /* USE_SSLEAY */
-
-/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
- and thus this cannot be done there. */
-#ifdef SSL_CTRL_SET_MSG_CALLBACK
-
-static const char *ssl_msg_type(int ssl_ver, int msg)
-{
- if(ssl_ver == SSL2_VERSION_MAJOR) {
- switch (msg) {
- case SSL2_MT_ERROR:
- return "Error";
- case SSL2_MT_CLIENT_HELLO:
- return "Client hello";
- case SSL2_MT_CLIENT_MASTER_KEY:
- return "Client key";
- case SSL2_MT_CLIENT_FINISHED:
- return "Client finished";
- case SSL2_MT_SERVER_HELLO:
- return "Server hello";
- case SSL2_MT_SERVER_VERIFY:
- return "Server verify";
- case SSL2_MT_SERVER_FINISHED:
- return "Server finished";
- case SSL2_MT_REQUEST_CERTIFICATE:
- return "Request CERT";
- case SSL2_MT_CLIENT_CERTIFICATE:
- return "Client CERT";
- }
- }
- else if(ssl_ver == SSL3_VERSION_MAJOR) {
- switch (msg) {
- case SSL3_MT_HELLO_REQUEST:
- return "Hello request";
- case SSL3_MT_CLIENT_HELLO:
- return "Client hello";
- case SSL3_MT_SERVER_HELLO:
- return "Server hello";
- case SSL3_MT_CERTIFICATE:
- return "CERT";
- case SSL3_MT_SERVER_KEY_EXCHANGE:
- return "Server key exchange";
- case SSL3_MT_CLIENT_KEY_EXCHANGE:
- return "Client key exchange";
- case SSL3_MT_CERTIFICATE_REQUEST:
- return "Request CERT";
- case SSL3_MT_SERVER_DONE:
- return "Server finished";
- case SSL3_MT_CERTIFICATE_VERIFY:
- return "CERT verify";
- case SSL3_MT_FINISHED:
- return "Finished";
- }
- }
- return "Unknown";
-}
-
-static const char *tls_rt_type(int type)
-{
- return (
- type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " :
- type == SSL3_RT_ALERT ? "TLS alert, " :
- type == SSL3_RT_HANDSHAKE ? "TLS handshake, " :
- type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " :
- "TLS Unknown, ");
-}
-
-
-/*
- * Our callback from the SSL/TLS layers.
- */
-static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
- const void *buf, size_t len, const SSL *ssl,
- struct connectdata *conn)
-{
- struct SessionHandle *data;
- const char *msg_name, *tls_rt_name;
- char ssl_buf[1024];
- int ver, msg_type, txt_len;
-
- if(!conn || !conn->data || !conn->data->set.fdebug ||
- (direction != 0 && direction != 1))
- return;
-
- data = conn->data;
- ssl_ver >>= 8;
- ver = (ssl_ver == SSL2_VERSION_MAJOR ? '2' :
- ssl_ver == SSL3_VERSION_MAJOR ? '3' : '?');
-
- /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
- * always pass-up content-type as 0. But the interesting message-type
- * is at 'buf[0]'.
- */
- if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0)
- tls_rt_name = tls_rt_type(content_type);
- else
- tls_rt_name = "";
-
- msg_type = *(char*)buf;
- msg_name = ssl_msg_type(ssl_ver, msg_type);
-
- txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "SSLv%c, %s%s (%d):\n",
- ver, tls_rt_name, msg_name, msg_type);
- Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
-
- Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
- CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
- (void) ssl;
-}
-#endif
-
-#ifdef USE_SSLEAY
-/* ====================================================== */
-
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
-# define use_sni(x) sni = (x)
-#else
-# define use_sni(x) Curl_nop_stmt
-#endif
-
-static CURLcode
-ossl_connect_step1(struct connectdata *conn,
- int sockindex)
-{
- CURLcode retcode = CURLE_OK;
-
- struct SessionHandle *data = conn->data;
- SSL_METHOD_QUAL SSL_METHOD *req_method=NULL;
- void *ssl_sessionid=NULL;
- X509_LOOKUP *lookup=NULL;
- curl_socket_t sockfd = conn->sock[sockindex];
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- long ctx_options;
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- bool sni;
-#ifdef ENABLE_IPV6
- struct in6_addr addr;
-#else
- struct in_addr addr;
-#endif
-#endif
-
- DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
-
- /* Make funny stuff to get random input */
- Curl_ossl_seed(data);
-
- /* check to see if we've been told to use an explicit SSL/TLS version */
-
- switch(data->set.ssl.version) {
- default:
- case CURL_SSLVERSION_DEFAULT:
-#ifdef USE_TLS_SRP
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
- infof(data, "Set version TLSv1 for SRP authorisation\n");
- req_method = TLSv1_client_method() ;
- }
- else
-#endif
- /* we try to figure out version */
- req_method = SSLv23_client_method();
- use_sni(TRUE);
- break;
- case CURL_SSLVERSION_TLSv1:
- req_method = TLSv1_client_method();
- use_sni(TRUE);
- break;
- case CURL_SSLVERSION_SSLv2:
-#ifdef OPENSSL_NO_SSL2
- failf(data, "OpenSSL was built without SSLv2 support");
- return CURLE_NOT_BUILT_IN;
-#else
-#ifdef USE_TLS_SRP
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
- return CURLE_SSL_CONNECT_ERROR;
-#endif
- req_method = SSLv2_client_method();
- use_sni(FALSE);
- break;
-#endif
- case CURL_SSLVERSION_SSLv3:
-#ifdef USE_TLS_SRP
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
- return CURLE_SSL_CONNECT_ERROR;
-#endif
- req_method = SSLv3_client_method();
- use_sni(FALSE);
- break;
- }
-
- if(connssl->ctx)
- SSL_CTX_free(connssl->ctx);
- connssl->ctx = SSL_CTX_new(req_method);
-
- if(!connssl->ctx) {
- failf(data, "SSL: couldn't create a context: %s",
- ERR_error_string(ERR_peek_error(), NULL));
- return CURLE_OUT_OF_MEMORY;
- }
-
-#ifdef SSL_MODE_RELEASE_BUFFERS
- SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS);
-#endif
-
-#ifdef SSL_CTRL_SET_MSG_CALLBACK
- if(data->set.fdebug && data->set.verbose) {
- /* the SSL trace callback is only used for verbose logging so we only
- inform about failures of setting it */
- if(!SSL_CTX_callback_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK,
- (void (*)(void))ssl_tls_trace)) {
- infof(data, "SSL: couldn't set callback!\n");
- }
- else if(!SSL_CTX_ctrl(connssl->ctx, SSL_CTRL_SET_MSG_CALLBACK_ARG, 0,
- conn)) {
- infof(data, "SSL: couldn't set callback argument!\n");
- }
- }
-#endif
-
- /* OpenSSL contains code to work-around lots of bugs and flaws in various
- SSL-implementations. SSL_CTX_set_options() is used to enabled those
- work-arounds. The man page for this option states that SSL_OP_ALL enables
- all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
- enable the bug workaround options if compatibility with somewhat broken
- implementations is desired."
-
- The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
- disable "rfc4507bis session ticket support". rfc4507bis was later turned
- into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077
-
- The enabled extension concerns the session management. I wonder how often
- libcurl stops a connection and then resumes a TLS session. also, sending
- the session data is some overhead. .I suggest that you just use your
- proposed patch (which explicitly disables TICKET).
-
- If someone writes an application with libcurl and openssl who wants to
- enable the feature, one can do this in the SSL callback.
-
- SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
- interoperability with web server Netscape Enterprise Server 2.0.1 which
- was released back in 1996.
-
- Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
- become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
- CVE-2010-4180 when using previous OpenSSL versions we no longer enable
- this option regardless of OpenSSL version and SSL_OP_ALL definition.
-
- OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
- (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
- SSL_OP_ALL that _disables_ that work-around despite the fact that
- SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
- keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
- must not be set.
- */
-
- ctx_options = SSL_OP_ALL;
-
-#ifdef SSL_OP_NO_TICKET
- ctx_options |= SSL_OP_NO_TICKET;
-#endif
-
-#ifdef SSL_OP_NO_COMPRESSION
- ctx_options |= SSL_OP_NO_COMPRESSION;
-#endif
-
-#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- /* mitigate CVE-2010-4180 */
- ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
-#endif
-
-#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
- /* unless the user explicitly ask to allow the protocol vulnerability we
- use the work-around */
- if(!conn->data->set.ssl_enable_beast)
- ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
-#endif
-
- /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */
- if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT)
- ctx_options |= SSL_OP_NO_SSLv2;
-
- SSL_CTX_set_options(connssl->ctx, ctx_options);
-
- if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) {
- if(!cert_stuff(conn,
- connssl->ctx,
- data->set.str[STRING_CERT],
- data->set.str[STRING_CERT_TYPE],
- data->set.str[STRING_KEY],
- data->set.str[STRING_KEY_TYPE])) {
- /* failf() is already done in cert_stuff() */
- return CURLE_SSL_CERTPROBLEM;
- }
- }
-
- if(data->set.str[STRING_SSL_CIPHER_LIST]) {
- if(!SSL_CTX_set_cipher_list(connssl->ctx,
- data->set.str[STRING_SSL_CIPHER_LIST])) {
- failf(data, "failed setting cipher list");
- return CURLE_SSL_CIPHER;
- }
- }
-
-#ifdef USE_TLS_SRP
- if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
- infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
-
- if(!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
- failf(data, "Unable to set SRP user name");
- return CURLE_BAD_FUNCTION_ARGUMENT;
- }
- if(!SSL_CTX_set_srp_password(connssl->ctx,data->set.ssl.password)) {
- failf(data, "failed setting SRP password");
- return CURLE_BAD_FUNCTION_ARGUMENT;
- }
- if(!data->set.str[STRING_SSL_CIPHER_LIST]) {
- infof(data, "Setting cipher list SRP\n");
-
- if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) {
- failf(data, "failed setting SRP cipher list");
- return CURLE_SSL_CIPHER;
- }
- }
- }
-#endif
- if(data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) {
- /* tell SSL where to find CA certificates that are used to verify
- the servers certificate. */
- if(!SSL_CTX_load_verify_locations(connssl->ctx,
- data->set.str[STRING_SSL_CAFILE],
- data->set.str[STRING_SSL_CAPATH])) {
- if(data->set.ssl.verifypeer) {
- /* Fail if we insist on successfully verifying the server. */
- failf(data,"error setting certificate verify locations:\n"
- " CAfile: %s\n CApath: %s",
- data->set.str[STRING_SSL_CAFILE]?
- data->set.str[STRING_SSL_CAFILE]: "none",
- data->set.str[STRING_SSL_CAPATH]?
- data->set.str[STRING_SSL_CAPATH] : "none");
- return CURLE_SSL_CACERT_BADFILE;
- }
- else {
- /* Just continue with a warning if no strict certificate verification
- is required. */
- infof(data, "error setting certificate verify locations,"
- " continuing anyway:\n");
- }
- }
- else {
- /* Everything is fine. */
- infof(data, "successfully set certificate verify locations:\n");
- }
- infof(data,
- " CAfile: %s\n"
- " CApath: %s\n",
- data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
- "none",
- data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
- "none");
- }
-
- if(data->set.str[STRING_SSL_CRLFILE]) {
- /* tell SSL where to find CRL file that is used to check certificate
- * revocation */
- lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx),
- X509_LOOKUP_file());
- if(!lookup ||
- (!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
- X509_FILETYPE_PEM)) ) {
- failf(data,"error loading CRL file: %s",
- data->set.str[STRING_SSL_CRLFILE]);
- return CURLE_SSL_CRL_BADFILE;
- }
- else {
- /* Everything is fine. */
- infof(data, "successfully load CRL file:\n");
- X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
- X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
- }
- infof(data,
- " CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE] ?
- data->set.str[STRING_SSL_CRLFILE]: "none");
- }
-
- /* SSL always tries to verify the peer, this only says whether it should
- * fail to connect if the verification fails, or if it should continue
- * anyway. In the latter case the result of the verification is checked with
- * SSL_get_verify_result() below. */
- SSL_CTX_set_verify(connssl->ctx,
- data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
- cert_verify_callback);
-
- /* give application a chance to interfere with SSL set up. */
- if(data->set.ssl.fsslctx) {
- retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx,
- data->set.ssl.fsslctxp);
- if(retcode) {
- failf(data,"error signaled by ssl ctx callback");
- return retcode;
- }
- }
-
- /* Lets make an SSL structure */
- if(connssl->handle)
- SSL_free(connssl->handle);
- connssl->handle = SSL_new(connssl->ctx);
- if(!connssl->handle) {
- failf(data, "SSL: couldn't create a context (handle)!");
- return CURLE_OUT_OF_MEMORY;
- }
- SSL_set_connect_state(connssl->handle);
-
- connssl->server_cert = 0x0;
-
-#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
- if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
-#ifdef ENABLE_IPV6
- (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
-#endif
- sni &&
- !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
- infof(data, "WARNING: failed to configure server name indication (SNI) "
- "TLS extension\n");
-#endif
-
- /* Check if there's a cached ID we can/should use here! */
- if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
- /* we got a session id, use it! */
- if(!SSL_set_session(connssl->handle, ssl_sessionid)) {
- failf(data, "SSL: SSL_set_session failed: %s",
- ERR_error_string(ERR_get_error(),NULL));
- return CURLE_SSL_CONNECT_ERROR;
- }
- /* Informational message */
- infof (data, "SSL re-using session ID\n");
- }
-
- /* pass the raw socket into the SSL layers */
- if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
- failf(data, "SSL: SSL_set_fd failed: %s",
- ERR_error_string(ERR_get_error(),NULL));
- return CURLE_SSL_CONNECT_ERROR;
- }
-
- connssl->connecting_state = ssl_connect_2;
- return CURLE_OK;
-}
-
-static CURLcode
-ossl_connect_step2(struct connectdata *conn, int sockindex)
-{
- struct SessionHandle *data = conn->data;
- int err;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
- || ssl_connect_2_reading == connssl->connecting_state
- || ssl_connect_2_writing == connssl->connecting_state);
-
- ERR_clear_error();
-
- err = SSL_connect(connssl->handle);
-
- /* 1 is fine
- 0 is "not successful but was shut down controlled"
- <0 is "handshake was not successful, because a fatal error occurred" */
- if(1 != err) {
- int detail = SSL_get_error(connssl->handle, err);
-
- if(SSL_ERROR_WANT_READ == detail) {
- connssl->connecting_state = ssl_connect_2_reading;
- return CURLE_OK;
- }
- else if(SSL_ERROR_WANT_WRITE == detail) {
- connssl->connecting_state = ssl_connect_2_writing;
- return CURLE_OK;
- }
- else {
- /* untreated error */
- unsigned long errdetail;
- char error_buffer[256]; /* OpenSSL documents that this must be at least
- 256 bytes long. */
- CURLcode rc;
- const char *cert_problem = NULL;
- long lerr;
-
- connssl->connecting_state = ssl_connect_2; /* the connection failed,
- we're not waiting for
- anything else. */
-
- errdetail = ERR_get_error(); /* Gets the earliest error code from the
- thread's error queue and removes the
- entry. */
-
- switch(errdetail) {
- case 0x1407E086:
- /* 1407E086:
- SSL routines:
- SSL2_SET_CERTIFICATE:
- certificate verify failed */
- /* fall-through */
- case 0x14090086:
- /* 14090086:
- SSL routines:
- SSL3_GET_SERVER_CERTIFICATE:
- certificate verify failed */
- rc = CURLE_SSL_CACERT;
-
- lerr = SSL_get_verify_result(connssl->handle);
- if(lerr != X509_V_OK) {
- snprintf(error_buffer, sizeof(error_buffer),
- "SSL certificate problem: %s",
- X509_verify_cert_error_string(lerr));
- }
- else
- cert_problem = "SSL certificate problem, verify that the CA cert is"
- " OK.";
-
- break;
- default:
- rc = CURLE_SSL_CONNECT_ERROR;
- SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
- break;
- }
-
- /* detail is already set to the SSL error above */
-
- /* If we e.g. use SSLv2 request-method and the server doesn't like us
- * (RST connection etc.), OpenSSL gives no explanation whatsoever and
- * the SO_ERROR is also lost.
- */
- if(CURLE_SSL_CONNECT_ERROR == rc && errdetail == 0) {
- failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
- conn->host.name, conn->remote_port);
- return rc;
- }
- /* Could be a CERT problem */
-
- failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
- return rc;
- }
- }
- else {
- /* we have been connected fine, we're not waiting for anything else. */
- connssl->connecting_state = ssl_connect_3;
-
- /* Informational message */
- infof (data, "SSL connection using %s\n",
- SSL_get_cipher(connssl->handle));
-
- return CURLE_OK;
- }
-}
-
-static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
-{
- int i, ilen;
-
- if((ilen = (int)len) < 0)
- return 1; /* buffer too big */
-
- i = i2t_ASN1_OBJECT(buf, ilen, a);
-
- if(i >= ilen)
- return 1; /* buffer too small */
-
- return 0;
-}
-
-static void pubkey_show(struct SessionHandle *data,
- int num,
- const char *type,
- const char *name,
- unsigned char *raw,
- int len)
-{
- size_t left;
- int i;
- char namebuf[32];
- char *buffer;
-
- left = len*3 + 1;
- buffer = malloc(left);
- if(buffer) {
- char *ptr=buffer;
- snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
- for(i=0; i< len; i++) {
- snprintf(ptr, left, "%02x:", raw[i]);
- ptr += 3;
- left -= 3;
- }
- infof(data, " %s: %s\n", namebuf, buffer);
- Curl_ssl_push_certinfo(data, num, namebuf, buffer);
- free(buffer);
- }
-}
-
-#define print_pubkey_BN(_type, _name, _num) \
-do { \
- if(pubkey->pkey._type->_name != NULL) { \
- int len = BN_num_bytes(pubkey->pkey._type->_name); \
- if(len < CERTBUFFERSIZE) { \
- BN_bn2bin(pubkey->pkey._type->_name, (unsigned char*)bufp); \
- bufp[len] = 0; \
- pubkey_show(data, _num, #_type, #_name, (unsigned char*)bufp, len); \
- } \
- } \
-} WHILE_FALSE
-
-static int X509V3_ext(struct SessionHandle *data,
- int certnum,
- STACK_OF(X509_EXTENSION) *exts)
-{
- int i;
- size_t j;
-
- if(sk_X509_EXTENSION_num(exts) <= 0)
- /* no extensions, bail out */
- return 1;
-
- for(i=0; i<sk_X509_EXTENSION_num(exts); i++) {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
- BUF_MEM *biomem;
- char buf[512];
- char *ptr=buf;
- char namebuf[128];
- BIO *bio_out = BIO_new(BIO_s_mem());
-
- if(!bio_out)
- return 1;
-
- obj = X509_EXTENSION_get_object(ext);
-
- asn1_object_dump(obj, namebuf, sizeof(namebuf));
-
- infof(data, "%s: %s\n", namebuf,
- X509_EXTENSION_get_critical(ext)?"(critical)":"");
-
- if(!X509V3_EXT_print(bio_out, ext, 0, 0))
- M_ASN1_OCTET_STRING_print(bio_out, ext->value);
-
- BIO_get_mem_ptr(bio_out, &biomem);
-
- /* biomem->length bytes at biomem->data, this little loop here is only
- done for the infof() call, we send the "raw" data to the certinfo
- function */
- for(j=0; j<(size_t)biomem->length; j++) {
- const char *sep="";
- if(biomem->data[j] == '\n') {
- sep=", ";
- j++; /* skip the newline */
- };
- while((biomem->data[j] == ' ') && (j<(size_t)biomem->length))
- j++;
- if(j<(size_t)biomem->length)
- ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
- biomem->data[j]);
- }
- infof(data, " %s\n", buf);
-
- Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
-
- BIO_free(bio_out);
-
- }
- return 0; /* all is fine */
-}
-
-
-static void X509_signature(struct SessionHandle *data,
- int numcert,
- ASN1_STRING *sig)
-{
- char buf[1024];
- char *ptr = buf;
- int i;
- for(i=0; i<sig->length; i++)
- ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%02x:", sig->data[i]);
-
- infof(data, " Signature: %s\n", buf);
- Curl_ssl_push_certinfo(data, numcert, "Signature", buf);
-}
-
-static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
-{
- BIO *bio_out = BIO_new(BIO_s_mem());
- BUF_MEM *biomem;
-
- /* this outputs the cert in this 64 column wide style with newlines and
- -----BEGIN CERTIFICATE----- texts and more */
- PEM_write_bio_X509(bio_out, x);
-
- BIO_get_mem_ptr(bio_out, &biomem);
-
- infof(data, "%s\n", biomem->data);
-
- Curl_ssl_push_certinfo_len(data, numcert,
- "Cert", biomem->data, biomem->length);
-
- BIO_free(bio_out);
-
-}
-
-/*
- * This size was previously 512 which has been reported "too small" without
- * any specifics, so it was enlarged to allow more data to get shown uncut.
- * The "perfect" size is yet to figure out.
- */
-#define CERTBUFFERSIZE 8192
-
-static CURLcode get_cert_chain(struct connectdata *conn,
- struct ssl_connect_data *connssl)
-
-{
- STACK_OF(X509) *sk;
- int i;
- char *bufp;
- struct SessionHandle *data = conn->data;
- int numcerts;
-
- bufp = malloc(CERTBUFFERSIZE);
- if(!bufp)
- return CURLE_OUT_OF_MEMORY;
-
- sk = SSL_get_peer_cert_chain(connssl->handle);
- if(!sk) {
- free(bufp);
- return CURLE_OUT_OF_MEMORY;
- }
-
- numcerts = sk_X509_num(sk);
- if(Curl_ssl_init_certinfo(data, numcerts)) {
- free(bufp);
- return CURLE_OUT_OF_MEMORY;
- }
-
- infof(data, "--- Certificate chain\n");
- for(i=0; i<numcerts; i++) {
- long value;
- ASN1_INTEGER *num;
- ASN1_TIME *certdate;
-
- /* get the certs in "importance order" */
-#if 0
- X509 *x = sk_X509_value(sk, numcerts - i - 1);
-#else
- X509 *x = sk_X509_value(sk, i);
-#endif
-
- X509_CINF *cinf;
- EVP_PKEY *pubkey=NULL;
- int j;
- char *ptr;
-
- (void)x509_name_oneline(X509_get_subject_name(x), bufp, CERTBUFFERSIZE);
- infof(data, "%2d Subject: %s\n", i, bufp);
- Curl_ssl_push_certinfo(data, i, "Subject", bufp);
-
- (void)x509_name_oneline(X509_get_issuer_name(x), bufp, CERTBUFFERSIZE);
- infof(data, " Issuer: %s\n", bufp);
- Curl_ssl_push_certinfo(data, i, "Issuer", bufp);
-
- value = X509_get_version(x);
- infof(data, " Version: %lu (0x%lx)\n", value+1, value);
- snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
- Curl_ssl_push_certinfo(data, i, "Version", bufp); /* hex */
-
- num=X509_get_serialNumber(x);
- if(num->length <= 4) {
- value = ASN1_INTEGER_get(num);
- infof(data," Serial Number: %ld (0x%lx)\n", value, value);
- snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
- }
- else {
- int left = CERTBUFFERSIZE;
-
- ptr = bufp;
- *ptr++ = 0;
- if(num->type == V_ASN1_NEG_INTEGER)
- *ptr++='-';
-
- for(j=0; (j<num->length) && (left>=4); j++) {
- /* TODO: length restrictions */
- snprintf(ptr, 3, "%02x%c",num->data[j],
- ((j+1 == num->length)?'\n':':'));
- ptr += 3;
- left-=4;
- }
- if(num->length)
- infof(data," Serial Number: %s\n", bufp);
- else
- bufp[0]=0;
- }
- if(bufp[0])
- Curl_ssl_push_certinfo(data, i, "Serial Number", bufp); /* hex */
-
- cinf = x->cert_info;
-
- j = asn1_object_dump(cinf->signature->algorithm, bufp, CERTBUFFERSIZE);
- if(!j) {
- infof(data, " Signature Algorithm: %s\n", bufp);
- Curl_ssl_push_certinfo(data, i, "Signature Algorithm", bufp);
- }
-
- certdate = X509_get_notBefore(x);
- asn1_output(certdate, bufp, CERTBUFFERSIZE);
- infof(data, " Start date: %s\n", bufp);
- Curl_ssl_push_certinfo(data, i, "Start date", bufp);
-
- certdate = X509_get_notAfter(x);
- asn1_output(certdate, bufp, CERTBUFFERSIZE);
- infof(data, " Expire date: %s\n", bufp);
- Curl_ssl_push_certinfo(data, i, "Expire date", bufp);
-
- j = asn1_object_dump(cinf->key->algor->algorithm, bufp, CERTBUFFERSIZE);
- if(!j) {
- infof(data, " Public Key Algorithm: %s\n", bufp);
- Curl_ssl_push_certinfo(data, i, "Public Key Algorithm", bufp);
- }
-
- pubkey = X509_get_pubkey(x);
- if(!pubkey)
- infof(data, " Unable to load public key\n");
- else {
- switch(pubkey->type) {
- case EVP_PKEY_RSA:
- infof(data, " RSA Public Key (%d bits)\n",
- BN_num_bits(pubkey->pkey.rsa->n));
- snprintf(bufp, CERTBUFFERSIZE, "%d", BN_num_bits(pubkey->pkey.rsa->n));
- Curl_ssl_push_certinfo(data, i, "RSA Public Key", bufp);
-
- print_pubkey_BN(rsa, n, i);
- print_pubkey_BN(rsa, e, i);
- print_pubkey_BN(rsa, d, i);
- print_pubkey_BN(rsa, p, i);
- print_pubkey_BN(rsa, q, i);
- print_pubkey_BN(rsa, dmp1, i);
- print_pubkey_BN(rsa, dmq1, i);
- print_pubkey_BN(rsa, iqmp, i);
- break;
- case EVP_PKEY_DSA:
- print_pubkey_BN(dsa, p, i);
- print_pubkey_BN(dsa, q, i);
- print_pubkey_BN(dsa, g, i);
- print_pubkey_BN(dsa, priv_key, i);
- print_pubkey_BN(dsa, pub_key, i);
- break;
- case EVP_PKEY_DH:
- print_pubkey_BN(dh, p, i);
- print_pubkey_BN(dh, g, i);
- print_pubkey_BN(dh, priv_key, i);
- print_pubkey_BN(dh, pub_key, i);
- break;
-#if 0
- case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
- /* left TODO */
- break;
-#endif
- }
- EVP_PKEY_free(pubkey);
- }
-
- X509V3_ext(data, i, cinf->extensions);
-
- X509_signature(data, i, x->signature);
-
- dumpcert(data, x, i);
- }
-
- free(bufp);
-
- return CURLE_OK;
-}
-
-/*
- * Get the server cert, verify it and show it etc, only call failf() if the
- * 'strict' argument is TRUE as otherwise all this is for informational
- * purposes only!
- *
- * We check certificates to authenticate the server; otherwise we risk
- * man-in-the-middle attack.
- */
-static CURLcode servercert(struct connectdata *conn,
- struct ssl_connect_data *connssl,
- bool strict)
-{
- CURLcode retcode = CURLE_OK;
- int rc;
- long lerr;
- ASN1_TIME *certdate;
- struct SessionHandle *data = conn->data;
- X509 *issuer;
- FILE *fp;
- char *buffer = data->state.buffer;
-
- if(data->set.ssl.certinfo)
- /* we've been asked to gather certificate info! */
- (void)get_cert_chain(conn, connssl);
-
- data->set.ssl.certverifyresult = !X509_V_OK;
-
- connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
- if(!connssl->server_cert) {
- if(strict)
- failf(data, "SSL: couldn't get peer certificate!");
- return CURLE_PEER_FAILED_VERIFICATION;
- }
- infof (data, "Server certificate:\n");
-
- rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
- buffer, BUFSIZE);
- infof(data, "\t subject: %s\n", rc?"[NONE]":buffer);
-
- certdate = X509_get_notBefore(connssl->server_cert);
- asn1_output(certdate, buffer, BUFSIZE);
- infof(data, "\t start date: %s\n", buffer);
-
- certdate = X509_get_notAfter(connssl->server_cert);
- asn1_output(certdate, buffer, BUFSIZE);
- infof(data, "\t expire date: %s\n", buffer);
-
- if(data->set.ssl.verifyhost) {
- retcode = verifyhost(conn, connssl->server_cert);
- if(retcode) {
- X509_free(connssl->server_cert);
- connssl->server_cert = NULL;
- return retcode;
- }
- }
-
- rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
- buffer, BUFSIZE);
- if(rc) {
- if(strict)
- failf(data, "SSL: couldn't get X509-issuer name!");
- retcode = CURLE_SSL_CONNECT_ERROR;
- }
- else {
- infof(data, "\t issuer: %s\n", buffer);
-
- /* We could do all sorts of certificate verification stuff here before
- deallocating the certificate. */
-
- /* e.g. match issuer name with provided issuer certificate */
- if(data->set.str[STRING_SSL_ISSUERCERT]) {
- fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
- if(!fp) {
- if(strict)
- failf(data, "SSL: Unable to open issuer cert (%s)",
- data->set.str[STRING_SSL_ISSUERCERT]);
- X509_free(connssl->server_cert);
- connssl->server_cert = NULL;
- return CURLE_SSL_ISSUER_ERROR;
- }
- issuer = PEM_read_X509(fp,NULL,ZERO_NULL,NULL);
- if(!issuer) {
- if(strict)
- failf(data, "SSL: Unable to read issuer cert (%s)",
- data->set.str[STRING_SSL_ISSUERCERT]);
- X509_free(connssl->server_cert);
- X509_free(issuer);
- fclose(fp);
- return CURLE_SSL_ISSUER_ERROR;
- }
- fclose(fp);
- if(X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) {
- if(strict)
- failf(data, "SSL: Certificate issuer check failed (%s)",
- data->set.str[STRING_SSL_ISSUERCERT]);
- X509_free(connssl->server_cert);
- X509_free(issuer);
- connssl->server_cert = NULL;
- return CURLE_SSL_ISSUER_ERROR;
- }
- infof(data, "\t SSL certificate issuer check ok (%s)\n",
- data->set.str[STRING_SSL_ISSUERCERT]);
- X509_free(issuer);
- }
-
- lerr = data->set.ssl.certverifyresult=
- SSL_get_verify_result(connssl->handle);
- if(data->set.ssl.certverifyresult != X509_V_OK) {
- if(data->set.ssl.verifypeer) {
- /* We probably never reach this, because SSL_connect() will fail
- and we return earlier if verifypeer is set? */
- if(strict)
- failf(data, "SSL certificate verify result: %s (%ld)",
- X509_verify_cert_error_string(lerr), lerr);
- retcode = CURLE_PEER_FAILED_VERIFICATION;
- }
- else
- infof(data, "\t SSL certificate verify result: %s (%ld),"
- " continuing anyway.\n",
- X509_verify_cert_error_string(lerr), lerr);
- }
- else
- infof(data, "\t SSL certificate verify ok.\n");
- }
-
- X509_free(connssl->server_cert);
- connssl->server_cert = NULL;
- connssl->connecting_state = ssl_connect_done;
-
- return retcode;
-}
-
-
-static CURLcode
-ossl_connect_step3(struct connectdata *conn,
- int sockindex)
-{
- CURLcode retcode = CURLE_OK;
- void *old_ssl_sessionid=NULL;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- int incache;
- SSL_SESSION *our_ssl_sessionid;
-
- DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
-
-#ifdef HAVE_SSL_GET1_SESSION
- our_ssl_sessionid = SSL_get1_session(connssl->handle);
-
- /* SSL_get1_session() will increment the reference
- count and the session will stay in memory until explicitly freed with
- SSL_SESSION_free(3), regardless of its state.
- This function was introduced in openssl 0.9.5a. */
-#else
- our_ssl_sessionid = SSL_get_session(connssl->handle);
-
- /* if SSL_get1_session() is unavailable, use SSL_get_session().
- This is an inferior option because the session can be flushed
- at any time by openssl. It is included only so curl compiles
- under versions of openssl < 0.9.5a.
-
- WARNING: How curl behaves if it's session is flushed is
- untested.
- */
-#endif
-
- incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
- if(incache) {
- if(old_ssl_sessionid != our_ssl_sessionid) {
- infof(data, "old SSL session ID is stale, removing\n");
- Curl_ssl_delsessionid(conn, old_ssl_sessionid);
- incache = FALSE;
- }
- }
- if(!incache) {
- retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
- 0 /* unknown size */);
- if(retcode) {
- failf(data, "failed to store ssl session");
- return retcode;
- }
- }
-#ifdef HAVE_SSL_GET1_SESSION
- else {
- /* Session was incache, so refcount already incremented earlier.
- * Avoid further increments with each SSL_get1_session() call.
- * This does not free the session as refcount remains > 0
- */
- SSL_SESSION_free(our_ssl_sessionid);
- }
-#endif
-
- /*
- * We check certificates to authenticate the server; otherwise we risk
- * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
- * verify the peer ignore faults and failures from the server cert
- * operations.
- */
-
- if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
- (void)servercert(conn, connssl, FALSE);
- else
- retcode = servercert(conn, connssl, TRUE);
-
- if(CURLE_OK == retcode)
- connssl->connecting_state = ssl_connect_done;
- return retcode;
-}
-
-static Curl_recv ossl_recv;
-static Curl_send ossl_send;
-
-static CURLcode
-ossl_connect_common(struct connectdata *conn,
- int sockindex,
- bool nonblocking,
- bool *done)
-{
- CURLcode retcode;
- struct SessionHandle *data = conn->data;
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- curl_socket_t sockfd = conn->sock[sockindex];
- long timeout_ms;
- int what;
-
- /* check if the connection has already been established */
- if(ssl_connection_complete == connssl->state) {
- *done = TRUE;
- return CURLE_OK;
- }
-
- if(ssl_connect_1==connssl->connecting_state) {
- /* Find out how much more time we're allowed */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
- retcode = ossl_connect_step1(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- while(ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state) {
-
- /* check allowed time left */
- timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
- if(timeout_ms < 0) {
- /* no need to continue if time already is up */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
-
- /* if ssl is expecting something, check if it's available. */
- if(connssl->connecting_state == ssl_connect_2_reading
- || connssl->connecting_state == ssl_connect_2_writing) {
-
- curl_socket_t writefd = ssl_connect_2_writing==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
- curl_socket_t readfd = ssl_connect_2_reading==
- connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
-
- what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
- if(what < 0) {
- /* fatal error */
- failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
- return CURLE_SSL_CONNECT_ERROR;
- }
- else if(0 == what) {
- if(nonblocking) {
- *done = FALSE;
- return CURLE_OK;
- }
- else {
- /* timeout */
- failf(data, "SSL connection timeout");
- return CURLE_OPERATION_TIMEDOUT;
- }
- }
- /* socket is readable or writable */
- }
-
- /* Run transaction, and return to the caller if it failed or if this
- * connection is done nonblocking and this loop would execute again. This
- * permits the owner of a multi handle to abort a connection attempt
- * before step2 has completed while ensuring that a client using select()
- * or epoll() will always have a valid fdset to wait on.
- */
- retcode = ossl_connect_step2(conn, sockindex);
- if(retcode || (nonblocking &&
- (ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state)))
- return retcode;
-
- } /* repeat step2 until all transactions are done. */
-
-
- if(ssl_connect_3==connssl->connecting_state) {
- retcode = ossl_connect_step3(conn, sockindex);
- if(retcode)
- return retcode;
- }
-
- if(ssl_connect_done==connssl->connecting_state) {
- connssl->state = ssl_connection_complete;
- conn->recv[sockindex] = ossl_recv;
- conn->send[sockindex] = ossl_send;
- *done = TRUE;
- }
- else
- *done = FALSE;
-
- /* Reset our connect state machine */
- connssl->connecting_state = ssl_connect_1;
-
- return CURLE_OK;
-}
-
-CURLcode
-Curl_ossl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done)
-{
- return ossl_connect_common(conn, sockindex, TRUE, done);
-}
-
-CURLcode
-Curl_ossl_connect(struct connectdata *conn,
- int sockindex)
-{
- CURLcode retcode;
- bool done = FALSE;
-
- retcode = ossl_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- return retcode;
-
- DEBUGASSERT(done);
-
- return CURLE_OK;
-}
-
-bool Curl_ossl_data_pending(const struct connectdata *conn,
- int connindex)
-{
- if(conn->ssl[connindex].handle)
- /* SSL is in use */
- return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
- else
- return FALSE;
-}
-
-static ssize_t ossl_send(struct connectdata *conn,
- int sockindex,
- const void *mem,
- size_t len,
- CURLcode *curlcode)
-{
- /* SSL_write() is said to return 'int' while write() and send() returns
- 'size_t' */
- int err;
- char error_buffer[120]; /* OpenSSL documents that this must be at least 120
- bytes long. */
- unsigned long sslerror;
- int memlen;
- int rc;
-
- ERR_clear_error();
-
- memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
- rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
-
- if(rc <= 0) {
- err = SSL_get_error(conn->ssl[sockindex].handle, rc);
-
- switch(err) {
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- /* The operation did not complete; the same TLS/SSL I/O function
- should be called again later. This is basically an EWOULDBLOCK
- equivalent. */
- *curlcode = CURLE_AGAIN;
- return -1;
- case SSL_ERROR_SYSCALL:
- failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
- SOCKERRNO);
- *curlcode = CURLE_SEND_ERROR;
- return -1;
- case SSL_ERROR_SSL:
- /* A failure in the SSL library occurred, usually a protocol error.
- The OpenSSL error queue contains more information on the error. */
- sslerror = ERR_get_error();
- failf(conn->data, "SSL_write() error: %s",
- ERR_error_string(sslerror, error_buffer));
- *curlcode = CURLE_SEND_ERROR;
- return -1;
- }
- /* a true error */
- failf(conn->data, "SSL_write() return error %d", err);
- *curlcode = CURLE_SEND_ERROR;
- return -1;
- }
- return (ssize_t)rc; /* number of bytes */
-}
-
-static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
- int num, /* socketindex */
- char *buf, /* store read data here */
- size_t buffersize, /* max amount to read */
- CURLcode *curlcode)
-{
- char error_buffer[120]; /* OpenSSL documents that this must be at
- least 120 bytes long. */
- unsigned long sslerror;
- ssize_t nread;
- int buffsize;
-
- ERR_clear_error();
-
- buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
- nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
- if(nread <= 0) {
- /* failed SSL_read */
- int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
-
- switch(err) {
- case SSL_ERROR_NONE: /* this is not an error */
- case SSL_ERROR_ZERO_RETURN: /* no more data */
- break;
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- /* there's data pending, re-invoke SSL_read() */
- *curlcode = CURLE_AGAIN;
- return -1;
- default:
- /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
- value/errno" */
- /* http://www.openssl.org/docs/crypto/ERR_get_error.html */
- sslerror = ERR_get_error();
- if((nread < 0) || sslerror) {
- /* If the return code was negative or there actually is an error in the
- queue */
- failf(conn->data, "SSL read: %s, errno %d",
- ERR_error_string(sslerror, error_buffer),
- SOCKERRNO);
- *curlcode = CURLE_RECV_ERROR;
- return -1;
- }
- }
- }
- return nread;
-}
-
-size_t Curl_ossl_version(char *buffer, size_t size)
-{
-#ifdef YASSL_VERSION
- /* yassl provides an OpenSSL API compatibility layer so it looks identical
- to OpenSSL in all other aspects */
- return snprintf(buffer, size, "yassl/%s", YASSL_VERSION);
-#else /* YASSL_VERSION */
-
-#if(SSLEAY_VERSION_NUMBER >= 0x905000)
- {
- char sub[2];
- unsigned long ssleay_value;
- sub[1]='\0';
- ssleay_value=SSLeay();
- if(ssleay_value < 0x906000) {
- ssleay_value=SSLEAY_VERSION_NUMBER;
- sub[0]='\0';
- }
- else {
- if(ssleay_value&0xff0) {
- sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
- }
- else
- sub[0]='\0';
- }
-
- return snprintf(buffer, size, "OpenSSL/%lx.%lx.%lx%s",
- (ssleay_value>>28)&0xf,
- (ssleay_value>>20)&0xff,
- (ssleay_value>>12)&0xff,
- sub);
- }
-
-#else /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
-
-#if(SSLEAY_VERSION_NUMBER >= 0x900000)
- return snprintf(buffer, size, "OpenSSL/%lx.%lx.%lx",
- (SSLEAY_VERSION_NUMBER>>28)&0xff,
- (SSLEAY_VERSION_NUMBER>>20)&0xff,
- (SSLEAY_VERSION_NUMBER>>12)&0xf);
-
-#else /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
- {
- char sub[2];
- sub[1]='\0';
- if(SSLEAY_VERSION_NUMBER&0x0f) {
- sub[0]=(SSLEAY_VERSION_NUMBER&0x0f) + 'a' -1;
- }
- else
- sub[0]='\0';
-
- return snprintf(buffer, size, "SSL/%x.%x.%x%s",
- (SSLEAY_VERSION_NUMBER>>12)&0xff,
- (SSLEAY_VERSION_NUMBER>>8)&0xf,
- (SSLEAY_VERSION_NUMBER>>4)&0xf, sub);
- }
-#endif /* (SSLEAY_VERSION_NUMBER >= 0x900000) */
-#endif /* SSLEAY_VERSION_NUMBER is less than 0.9.5 */
-
-#endif /* YASSL_VERSION */
-}
-
-void Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
- size_t length)
-{
- Curl_ossl_seed(data); /* Initiate the seed if not already done */
- RAND_bytes(entropy, curlx_uztosi(length));
-}
-
-void Curl_ossl_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum /* output */,
- size_t unused)
-{
- MD5_CTX MD5pw;
- (void)unused;
- MD5_Init(&MD5pw);
- MD5_Update(&MD5pw, tmp, tmplen);
- MD5_Final(md5sum, &MD5pw);
-}
-#endif /* USE_SSLEAY */
diff --git a/libs/libcurl/src/ssluse.h b/libs/libcurl/src/ssluse.h
deleted file mode 100644
index d6efcb2717..0000000000
--- a/libs/libcurl/src/ssluse.h
+++ /dev/null
@@ -1,99 +0,0 @@
-#ifndef HEADER_CURL_SSLUSE_H
-#define HEADER_CURL_SSLUSE_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef USE_SSLEAY
-/*
- * This header should only be needed to get included by sslgen.c and ssluse.c
- */
-
-#include "urldata.h"
-
-CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex);
-CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done);
-
-/* close a SSL connection */
-void Curl_ossl_close(struct connectdata *conn, int sockindex);
-
-/* tell OpenSSL to close down all open information regarding connections (and
- thus session ID caching etc) */
-int Curl_ossl_close_all(struct SessionHandle *data);
-
-/* Sets an OpenSSL engine */
-CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine);
-
-/* function provided for the generic SSL-layer, called when a session id
- should be freed */
-void Curl_ossl_session_free(void *ptr);
-
-/* Sets engine as default for all SSL operations */
-CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data);
-
-/* Build list of OpenSSL engines */
-struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data);
-
-int Curl_ossl_init(void);
-void Curl_ossl_cleanup(void);
-
-size_t Curl_ossl_version(char *buffer, size_t size);
-int Curl_ossl_check_cxn(struct connectdata *cxn);
-int Curl_ossl_seed(struct SessionHandle *data);
-
-int Curl_ossl_shutdown(struct connectdata *conn, int sockindex);
-bool Curl_ossl_data_pending(const struct connectdata *conn,
- int connindex);
-void Curl_ossl_random(struct SessionHandle *data, unsigned char *entropy,
- size_t length);
-void Curl_ossl_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum /* output */,
- size_t unused);
-
-/* this backend provides these functions: */
-#define have_curlssl_random 1
-#define have_curlssl_md5sum 1
-
-/* API setup for OpenSSL */
-#define curlssl_init Curl_ossl_init
-#define curlssl_cleanup Curl_ossl_cleanup
-#define curlssl_connect Curl_ossl_connect
-#define curlssl_connect_nonblocking Curl_ossl_connect_nonblocking
-#define curlssl_session_free(x) Curl_ossl_session_free(x)
-#define curlssl_close_all Curl_ossl_close_all
-#define curlssl_close Curl_ossl_close
-#define curlssl_shutdown(x,y) Curl_ossl_shutdown(x,y)
-#define curlssl_set_engine(x,y) Curl_ossl_set_engine(x,y)
-#define curlssl_set_engine_default(x) Curl_ossl_set_engine_default(x)
-#define curlssl_engines_list(x) Curl_ossl_engines_list(x)
-#define curlssl_version Curl_ossl_version
-#define curlssl_check_cxn Curl_ossl_check_cxn
-#define curlssl_data_pending(x,y) Curl_ossl_data_pending(x,y)
-#define curlssl_random(x,y,z) Curl_ossl_random(x,y,z)
-#define curlssl_md5sum(a,b,c,d) Curl_ossl_md5sum(a,b,c,d)
-
-#endif /* USE_SSLEAY */
-#endif /* HEADER_CURL_SSLUSE_H */
diff --git a/libs/libcurl/src/rawstr.c b/libs/libcurl/src/strcase.c
index e27dac4a80..24bcca9327 100644
--- a/libs/libcurl/src/rawstr.c
+++ b/libs/libcurl/src/strcase.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,13 +22,19 @@
#include "curl_setup.h"
-#include "rawstr.h"
+#include <curl/curl.h>
+
+#include "strcase.h"
/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because
its behavior is altered by the current locale. */
char Curl_raw_toupper(char in)
{
- switch (in) {
+#if !defined(CURL_DOES_CONVERSIONS)
+ if(in >= 'a' && in <= 'z')
+ return (char)('A' + in - 'a');
+#else
+ switch(in) {
case 'a':
return 'A';
case 'b':
@@ -82,20 +88,25 @@ char Curl_raw_toupper(char in)
case 'z':
return 'Z';
}
+#endif
+
return in;
}
/*
- * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
- * to be locale independent and only compare strings we know are safe for
- * this. See http://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for
- * some further explanation to why this function is necessary.
+ * Curl_strcasecompare() is for doing "raw" case insensitive strings. This is
+ * meant to be locale independent and only compare strings we know are safe
+ * for this. See
+ * https://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for some
+ * further explanation to why this function is necessary.
*
* The function is capable of comparing a-z case insensitively even for
* non-ascii.
+ *
+ * @unittest: 1301
*/
-int Curl_raw_equal(const char *first, const char *second)
+int Curl_strcasecompare(const char *first, const char *second)
{
while(*first && *second) {
if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second))
@@ -110,7 +121,20 @@ int Curl_raw_equal(const char *first, const char *second)
return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
}
-int Curl_raw_nequal(const char *first, const char *second, size_t max)
+int Curl_safe_strcasecompare(const char *first, const char *second)
+{
+ if(first && second)
+ /* both pointers point to something then compare them */
+ return Curl_strcasecompare(first, second);
+
+ /* if both pointers are NULL then treat them as equal */
+ return (NULL == first && NULL == second);
+}
+
+/*
+ * @unittest: 1301
+ */
+int Curl_strncasecompare(const char *first, const char *second, size_t max)
{
while(*first && *second && max) {
if(Curl_raw_toupper(*first) != Curl_raw_toupper(*second)) {
@@ -140,3 +164,14 @@ void Curl_strntoupper(char *dest, const char *src, size_t n)
*dest++ = Curl_raw_toupper(*src);
} while(*src++ && --n);
}
+
+/* --- public functions --- */
+
+int curl_strequal(const char *first, const char *second)
+{
+ return Curl_strcasecompare(first, second);
+}
+int curl_strnequal(const char *first, const char *second, size_t max)
+{
+ return Curl_strncasecompare(first, second, max);
+}
diff --git a/libs/libcurl/src/rawstr.h b/libs/libcurl/src/strcase.h
index b491460d0f..ea2abc8b60 100644
--- a/libs/libcurl/src/rawstr.h
+++ b/libs/libcurl/src/strcase.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_RAWSTR_H
-#define HEADER_CURL_RAWSTR_H
+#ifndef HEADER_CURL_STRCASE_H
+#define HEADER_CURL_STRCASE_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,23 +25,27 @@
#include <curl/curl.h>
/*
- * Curl_raw_equal() is for doing "raw" case insensitive strings. This is meant
- * to be locale independent and only compare strings we know are safe for
- * this.
+ * Only "raw" case insensitive strings. This is meant to be locale independent
+ * and only compare strings we know are safe for this.
*
* The function is capable of comparing a-z case insensitively even for
* non-ascii.
*/
-int Curl_raw_equal(const char *first, const char *second);
-int Curl_raw_nequal(const char *first, const char *second, size_t max);
+
+#define strcasecompare(a,b) Curl_strcasecompare(a,b)
+#define strncasecompare(a,b,c) Curl_strncasecompare(a,b,c)
+
+int Curl_strcasecompare(const char *first, const char *second);
+int Curl_safe_strcasecompare(const char *first, const char *second);
+int Curl_strncasecompare(const char *first, const char *second, size_t max);
char Curl_raw_toupper(char in);
/* checkprefix() is a shorter version of the above, used when the first
argument is zero-byte terminated */
-#define checkprefix(a,b) Curl_raw_nequal(a,b,strlen(a))
+#define checkprefix(a,b) curl_strnequal(a,b,strlen(a))
void Curl_strntoupper(char *dest, const char *src, size_t n);
+char Curl_raw_toupper(char in);
-#endif /* HEADER_CURL_RAWSTR_H */
-
+#endif /* HEADER_CURL_STRCASE_H */
diff --git a/libs/libcurl/src/strdup.c b/libs/libcurl/src/strdup.c
index 3b776b1845..19cb044162 100644
--- a/libs/libcurl/src/strdup.c
+++ b/libs/libcurl/src/strdup.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -19,12 +19,16 @@
* KIND, either express or implied.
*
***************************************************************************/
-/*
- * This file is 'mem-include-scan' clean. See test 1132.
- */
+
#include "curl_setup.h"
+#include <curl/curl.h>
+
#include "strdup.h"
+#include "curl_memory.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
#ifndef HAVE_STRDUP
char *curlx_strdup(const char *str)
@@ -40,13 +44,57 @@ char *curlx_strdup(const char *str)
if(len >= ((size_t)-1) / sizeof(char))
return (char *)NULL;
- newstr = malloc((len+1)*sizeof(char));
+ newstr = malloc((len + 1)*sizeof(char));
if(!newstr)
return (char *)NULL;
- memcpy(newstr,str,(len+1)*sizeof(char));
+ memcpy(newstr, str, (len + 1)*sizeof(char));
return newstr;
}
#endif
+
+/***************************************************************************
+ *
+ * Curl_memdup(source, length)
+ *
+ * Copies the 'source' data to a newly allocated buffer (that is
+ * returned). Copies 'length' bytes.
+ *
+ * Returns the new pointer or NULL on failure.
+ *
+ ***************************************************************************/
+void *Curl_memdup(const void *src, size_t length)
+{
+ void *buffer = malloc(length);
+ if(!buffer)
+ return NULL; /* fail */
+
+ memcpy(buffer, src, length);
+
+ return buffer;
+}
+
+/***************************************************************************
+ *
+ * Curl_saferealloc(ptr, size)
+ *
+ * Does a normal realloc(), but will free the data pointer if the realloc
+ * fails. If 'size' is zero, it will free the data and return a failure.
+ *
+ * This convenience function is provided and used to help us avoid a common
+ * mistake pattern when we could pass in a zero, catch the NULL return and end
+ * up free'ing the memory twice.
+ *
+ * Returns the new pointer or NULL on failure.
+ *
+ ***************************************************************************/
+void *Curl_saferealloc(void *ptr, size_t size)
+{
+ void *datap = realloc(ptr, size);
+ if(size && !datap)
+ /* only free 'ptr' if size was non-zero */
+ free(ptr);
+ return datap;
+}
diff --git a/libs/libcurl/src/strdup.h b/libs/libcurl/src/strdup.h
index 49af9117ee..ae3d5d0115 100644
--- a/libs/libcurl/src/strdup.h
+++ b/libs/libcurl/src/strdup.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,5 +26,7 @@
#ifndef HAVE_STRDUP
extern char *curlx_strdup(const char *str);
#endif
+void *Curl_memdup(const void *src, size_t buffer_length);
+void *Curl_saferealloc(void *ptr, size_t size);
#endif /* HEADER_CURL_STRDUP_H */
diff --git a/libs/libcurl/src/strequal.c b/libs/libcurl/src/strequal.c
deleted file mode 100644
index 5f2f508e21..0000000000
--- a/libs/libcurl/src/strequal.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-
-#include "strequal.h"
-
-/*
- * @unittest: 1301
- */
-int curl_strequal(const char *first, const char *second)
-{
-#if defined(HAVE_STRCASECMP)
- return !(strcasecmp)(first, second);
-#elif defined(HAVE_STRCMPI)
- return !(strcmpi)(first, second);
-#elif defined(HAVE_STRICMP)
- return !(stricmp)(first, second);
-#else
- while(*first && *second) {
- if(toupper(*first) != toupper(*second)) {
- break;
- }
- first++;
- second++;
- }
- return toupper(*first) == toupper(*second);
-#endif
-}
-
-/*
- * @unittest: 1301
- */
-int curl_strnequal(const char *first, const char *second, size_t max)
-{
-#if defined(HAVE_STRNCASECMP)
- return !strncasecmp(first, second, max);
-#elif defined(HAVE_STRNCMPI)
- return !strncmpi(first, second, max);
-#elif defined(HAVE_STRNICMP)
- return !strnicmp(first, second, max);
-#else
- while(*first && *second && max) {
- if(toupper(*first) != toupper(*second)) {
- break;
- }
- max--;
- first++;
- second++;
- }
- if(0 == max)
- return 1; /* they are equal this far */
-
- return toupper(*first) == toupper(*second);
-#endif
-}
diff --git a/libs/libcurl/src/strerror.c b/libs/libcurl/src/strerror.c
index 9e8c83f726..83a96dda19 100644
--- a/libs/libcurl/src/strerror.c
+++ b/libs/libcurl/src/strerror.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2004 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2004 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -35,24 +35,29 @@
#include <curl/curl.h>
-#ifdef USE_LIBIDN
-#include <idna.h>
+#ifdef USE_LIBIDN2
+#include <idn2.h>
#endif
-#include "strerror.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#ifdef USE_WINDOWS_SSPI
+#include "curl_sspi.h"
+#endif
+#include "strerror.h"
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
+#if defined(WIN32) || defined(_WIN32_WCE)
+#define PRESERVE_WINDOWS_ERROR_CODE
+#endif
+
const char *
curl_easy_strerror(CURLcode error)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
- switch (error) {
+ switch(error) {
case CURLE_OK:
return "No error";
@@ -78,8 +83,8 @@ curl_easy_strerror(CURLcode error)
case CURLE_COULDNT_CONNECT:
return "Couldn't connect to server";
- case CURLE_FTP_WEIRD_SERVER_REPLY:
- return "FTP: weird server reply";
+ case CURLE_WEIRD_SERVER_REPLY:
+ return "Weird server reply";
case CURLE_REMOTE_ACCESS_DENIED:
return "Access denied to remote resource";
@@ -105,6 +110,9 @@ curl_easy_strerror(CURLcode error)
case CURLE_FTP_CANT_GET_HOST:
return "FTP: can't figure out the host in the PASV response";
+ case CURLE_HTTP2:
+ return "Error in the HTTP2 framing layer";
+
case CURLE_FTP_COULDNT_SET_TYPE:
return "FTP: couldn't set file type";
@@ -295,8 +303,16 @@ curl_easy_strerror(CURLcode error)
case CURLE_NO_CONNECTION_AVAILABLE:
return "The max connection limit is reached";
+ case CURLE_SSL_PINNEDPUBKEYNOTMATCH:
+ return "SSL public key does not match pinned public key";
+
+ case CURLE_SSL_INVALIDCERTSTATUS:
+ return "SSL server certificate status verification FAILED";
+
+ case CURLE_HTTP2_STREAM:
+ return "Stream error in the HTTP/2 framing layer";
+
/* error codes not used by current libcurl */
- case CURLE_OBSOLETE16:
case CURLE_OBSOLETE20:
case CURLE_OBSOLETE24:
case CURLE_OBSOLETE29:
@@ -325,7 +341,7 @@ curl_easy_strerror(CURLcode error)
*/
return "Unknown error";
#else
- if(error == CURLE_OK)
+ if(!error)
return "No error";
else
return "Error";
@@ -336,7 +352,7 @@ const char *
curl_multi_strerror(CURLMcode error)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
- switch (error) {
+ switch(error) {
case CURLM_CALL_MULTI_PERFORM:
return "Please call curl_multi_perform() soon";
@@ -381,7 +397,7 @@ const char *
curl_share_strerror(CURLSHcode error)
{
#ifndef CURL_DISABLE_VERBOSE_STRINGS
- switch (error) {
+ switch(error) {
case CURLSHE_OK:
return "No error";
@@ -415,15 +431,19 @@ curl_share_strerror(CURLSHcode error)
#ifdef USE_WINSOCK
-/* This function handles most / all (?) Winsock errors cURL is able to produce.
+/* This function handles most / all (?) Winsock errors curl is able to produce.
*/
static const char *
get_winsock_error (int err, char *buf, size_t len)
{
+#ifdef PRESERVE_WINDOWS_ERROR_CODE
+ DWORD old_win_err = GetLastError();
+#endif
+ int old_errno = errno;
const char *p;
#ifndef CURL_DISABLE_VERBOSE_STRINGS
- switch (err) {
+ switch(err) {
case WSAEINTR:
p = "Call interrupted";
break;
@@ -592,13 +612,22 @@ get_winsock_error (int err, char *buf, size_t len)
return NULL;
}
#else
- if(err == CURLE_OK)
+ if(!err)
return NULL;
else
p = "error";
#endif
- strncpy (buf, p, len);
+ strncpy(buf, p, len);
buf [len-1] = '\0';
+
+ if(errno != old_errno)
+ errno = old_errno;
+
+#ifdef PRESERVE_WINDOWS_ERROR_CODE
+ if(old_win_err != GetLastError())
+ SetLastError(old_win_err);
+#endif
+
return buf;
}
#endif /* USE_WINSOCK */
@@ -616,9 +645,12 @@ get_winsock_error (int err, char *buf, size_t len)
*/
const char *Curl_strerror(struct connectdata *conn, int err)
{
+#ifdef PRESERVE_WINDOWS_ERROR_CODE
+ DWORD old_win_err = GetLastError();
+#endif
+ int old_errno = errno;
char *buf, *p;
size_t max;
- int old_errno = ERRNO;
DEBUGASSERT(conn);
DEBUGASSERT(err >= 0);
@@ -636,7 +668,7 @@ const char *Curl_strerror(struct connectdata *conn, int err)
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err,
LANG_NEUTRAL, wbuf, sizeof(wbuf)/sizeof(wchar_t), NULL);
- wcstombs(buf,wbuf,max);
+ wcstombs(buf, wbuf, max);
}
#else
/* 'sys_nerr' is the maximum errno number, it is not widely portable */
@@ -679,7 +711,7 @@ const char *Curl_strerror(struct connectdata *conn, int err)
#elif defined(HAVE_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)
/*
* The vxworks-style strerror_r() does use the buffer we pass to the function.
- * The buffer size should be at least MAXERRSTR_SIZE (150) defined in rtsold.h
+ * The buffer size should be at least NAME_MAX (256)
*/
{
char buffer[256];
@@ -703,107 +735,40 @@ const char *Curl_strerror(struct connectdata *conn, int err)
buf[max] = '\0'; /* make sure the string is zero terminated */
/* strip trailing '\r\n' or '\n'. */
- if((p = strrchr(buf,'\n')) != NULL && (p - buf) >= 2)
- *p = '\0';
- if((p = strrchr(buf,'\r')) != NULL && (p - buf) >= 1)
- *p = '\0';
-
- if(old_errno != ERRNO)
- SET_ERRNO(old_errno);
+ p = strrchr(buf, '\n');
+ if(p && (p - buf) >= 2)
+ *p = '\0';
+ p = strrchr(buf, '\r');
+ if(p && (p - buf) >= 1)
+ *p = '\0';
+
+ if(errno != old_errno)
+ errno = old_errno;
+
+#ifdef PRESERVE_WINDOWS_ERROR_CODE
+ if(old_win_err != GetLastError())
+ SetLastError(old_win_err);
+#endif
return buf;
}
-#ifdef USE_LIBIDN
-/*
- * Return error-string for libidn status as returned from idna_to_ascii_lz().
- */
-const char *Curl_idn_strerror (struct connectdata *conn, int err)
-{
-#ifdef HAVE_IDNA_STRERROR
- (void)conn;
- return idna_strerror((Idna_rc) err);
-#else
- const char *str;
- char *buf;
- size_t max;
-
- DEBUGASSERT(conn);
-
- buf = conn->syserr_buf;
- max = sizeof(conn->syserr_buf)-1;
- *buf = '\0';
-
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
- switch ((Idna_rc)err) {
- case IDNA_SUCCESS:
- str = "No error";
- break;
- case IDNA_STRINGPREP_ERROR:
- str = "Error in string preparation";
- break;
- case IDNA_PUNYCODE_ERROR:
- str = "Error in Punycode operation";
- break;
- case IDNA_CONTAINS_NON_LDH:
- str = "Illegal ASCII characters";
- break;
- case IDNA_CONTAINS_MINUS:
- str = "Contains minus";
- break;
- case IDNA_INVALID_LENGTH:
- str = "Invalid output length";
- break;
- case IDNA_NO_ACE_PREFIX:
- str = "No ACE prefix (\"xn--\")";
- break;
- case IDNA_ROUNDTRIP_VERIFY_ERROR:
- str = "Round trip verify error";
- break;
- case IDNA_CONTAINS_ACE_PREFIX:
- str = "Already have ACE prefix (\"xn--\")";
- break;
- case IDNA_ICONV_ERROR:
- str = "Locale conversion failed";
- break;
- case IDNA_MALLOC_ERROR:
- str = "Allocation failed";
- break;
- case IDNA_DLOPEN_ERROR:
- str = "dlopen() error";
- break;
- default:
- snprintf(buf, max, "error %d", err);
- str = NULL;
- break;
- }
-#else
- if((Idna_rc)err == IDNA_SUCCESS)
- str = "No error";
- else
- str = "Error";
-#endif
- if(str)
- strncpy(buf, str, max);
- buf[max] = '\0';
- return (buf);
-#endif
-}
-#endif /* USE_LIBIDN */
-
#ifdef USE_WINDOWS_SSPI
const char *Curl_sspi_strerror (struct connectdata *conn, int err)
{
+#ifdef PRESERVE_WINDOWS_ERROR_CODE
+ DWORD old_win_err = GetLastError();
+#endif
+ int old_errno = errno;
+ const char *txt;
+ char *outbuf;
+ size_t outmax;
#ifndef CURL_DISABLE_VERBOSE_STRINGS
char txtbuf[80];
char msgbuf[sizeof(conn->syserr_buf)];
char *p, *str, *msg = NULL;
bool msg_formatted = FALSE;
- int old_errno;
#endif
- const char *txt;
- char *outbuf;
- size_t outmax;
DEBUGASSERT(conn);
@@ -813,12 +778,13 @@ const char *Curl_sspi_strerror (struct connectdata *conn, int err)
#ifndef CURL_DISABLE_VERBOSE_STRINGS
- old_errno = ERRNO;
-
- switch (err) {
+ switch(err) {
case SEC_E_OK:
txt = "No error";
break;
+ case CRYPT_E_REVOKED:
+ txt = "CRYPT_E_REVOKED";
+ break;
case SEC_E_ALGORITHM_MISMATCH:
txt = "SEC_E_ALGORITHM_MISMATCH";
break;
@@ -1062,10 +1028,15 @@ const char *Curl_sspi_strerror (struct connectdata *conn, int err)
if(err == SEC_E_OK)
strncpy(outbuf, txt, outmax);
+ else if(err == SEC_E_ILLEGAL_MESSAGE)
+ snprintf(outbuf, outmax,
+ "SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs "
+ "when a fatal SSL/TLS alert is received (e.g. handshake failed). "
+ "More detail may be available in the Windows System event log.",
+ err);
else {
str = txtbuf;
- snprintf(txtbuf, sizeof(txtbuf), "%s (0x%04X%04X)",
- txt, (err >> 16) & 0xffff, err & 0xffff);
+ snprintf(txtbuf, sizeof(txtbuf), "%s (0x%08X)", txt, err);
txtbuf[sizeof(txtbuf)-1] = '\0';
#ifdef _WIN32_WCE
@@ -1077,7 +1048,7 @@ const char *Curl_sspi_strerror (struct connectdata *conn, int err)
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, err, LANG_NEUTRAL,
wbuf, sizeof(wbuf)/sizeof(wchar_t), NULL)) {
- wcstombs(msgbuf,wbuf,sizeof(msgbuf)-1);
+ wcstombs(msgbuf, wbuf, sizeof(msgbuf)-1);
msg_formatted = TRUE;
}
}
@@ -1092,10 +1063,12 @@ const char *Curl_sspi_strerror (struct connectdata *conn, int err)
if(msg_formatted) {
msgbuf[sizeof(msgbuf)-1] = '\0';
/* strip trailing '\r\n' or '\n' */
- if((p = strrchr(msgbuf,'\n')) != NULL && (p - msgbuf) >= 2)
- *p = '\0';
- if((p = strrchr(msgbuf,'\r')) != NULL && (p - msgbuf) >= 1)
- *p = '\0';
+ p = strrchr(msgbuf, '\n');
+ if(p && (p - msgbuf) >= 2)
+ *p = '\0';
+ p = strrchr(msgbuf, '\r');
+ if(p && (p - msgbuf) >= 1)
+ *p = '\0';
msg = msgbuf;
}
if(msg)
@@ -1104,9 +1077,6 @@ const char *Curl_sspi_strerror (struct connectdata *conn, int err)
strncpy(outbuf, str, outmax);
}
- if(old_errno != ERRNO)
- SET_ERRNO(old_errno);
-
#else
if(err == SEC_E_OK)
@@ -1120,6 +1090,14 @@ const char *Curl_sspi_strerror (struct connectdata *conn, int err)
outbuf[outmax] = '\0';
+ if(errno != old_errno)
+ errno = old_errno;
+
+#ifdef PRESERVE_WINDOWS_ERROR_CODE
+ if(old_win_err != GetLastError())
+ SetLastError(old_win_err);
+#endif
+
return outbuf;
}
#endif /* USE_WINDOWS_SSPI */
diff --git a/libs/libcurl/src/strerror.h b/libs/libcurl/src/strerror.h
index f1b22210ac..627273eb26 100644
--- a/libs/libcurl/src/strerror.h
+++ b/libs/libcurl/src/strerror.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,7 +26,7 @@
const char *Curl_strerror (struct connectdata *conn, int err);
-#ifdef USE_LIBIDN
+#ifdef USE_LIBIDN2
const char *Curl_idn_strerror (struct connectdata *conn, int err);
#endif
diff --git a/libs/libcurl/src/strtok.c b/libs/libcurl/src/strtok.c
index 0d31351f48..460eb87e51 100644
--- a/libs/libcurl/src/strtok.c
+++ b/libs/libcurl/src/strtok.c
@@ -9,7 +9,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/strtok.h b/libs/libcurl/src/strtok.h
index 1147d70d3c..90b831eb67 100644
--- a/libs/libcurl/src/strtok.h
+++ b/libs/libcurl/src/strtok.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/strtoofft.c b/libs/libcurl/src/strtoofft.c
index 03a97e8c4d..363647737f 100644
--- a/libs/libcurl/src/strtoofft.c
+++ b/libs/libcurl/src/strtoofft.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -20,6 +20,7 @@
*
***************************************************************************/
+#include <errno.h>
#include "curl_setup.h"
#include "strtoofft.h"
@@ -29,10 +30,32 @@
*
* In the ISO C standard (IEEE Std 1003.1), there is a strtoimax() function we
* could use in case strtoll() doesn't exist... See
- * http://www.opengroup.org/onlinepubs/009695399/functions/strtoimax.html
+ * https://www.opengroup.org/onlinepubs/009695399/functions/strtoimax.html
*/
-#ifdef NEED_CURL_STRTOLL
+#if (SIZEOF_CURL_OFF_T > SIZEOF_LONG)
+# ifdef HAVE_STRTOLL
+# define strtooff strtoll
+# else
+# if defined(_MSC_VER) && (_MSC_VER >= 1300) && (_INTEGRAL_MAX_BITS >= 64)
+# if defined(_SAL_VERSION)
+ _Check_return_ _CRTIMP __int64 __cdecl _strtoi64(
+ _In_z_ const char *_String,
+ _Out_opt_ _Deref_post_z_ char **_EndPtr, _In_ int _Radix);
+# else
+ _CRTIMP __int64 __cdecl _strtoi64(const char *_String,
+ char **_EndPtr, int _Radix);
+# endif
+# define strtooff _strtoi64
+# else
+# define PRIVATE_STRTOOFF 1
+# endif
+# endif
+#else
+# define strtooff strtol
+#endif
+
+#ifdef PRIVATE_STRTOOFF
/* Range tests can be used for alphanum decoding if characters are consecutive,
like in ASCII. Else an array is scanned. Determine this condition now. */
@@ -48,11 +71,10 @@ static const char valchars[] =
static int get_char(char c, int base);
/**
- * Emulated version of the strtoll function. This extracts a long long
+ * Custom version of the strtooff function. This extracts a curl_off_t
* value from the given input string and returns it.
*/
-curl_off_t
-curlx_strtoll(const char *nptr, char **endptr, int base)
+static curl_off_t strtooff(const char *nptr, char **endptr, int base)
{
char *end;
int is_negative = 0;
@@ -132,7 +154,7 @@ curlx_strtoll(const char *nptr, char **endptr, int base)
else
value = CURL_OFF_T_MAX;
- SET_ERRNO(ERANGE);
+ errno = ERANGE;
}
if(endptr)
@@ -165,7 +187,7 @@ static int get_char(char c, int base)
value = c - 'a' + 10;
}
#else
- const char * cp;
+ const char *cp;
int value;
cp = memchr(valchars, c, 10 + 26 + 26);
@@ -186,3 +208,37 @@ static int get_char(char c, int base)
return value;
}
#endif /* Only present if we need strtoll, but don't have it. */
+
+/*
+ * Parse a *positive* up to 64 bit number written in ascii.
+ */
+CURLofft curlx_strtoofft(const char *str, char **endp, int base,
+ curl_off_t *num)
+{
+ char *end;
+ curl_off_t number;
+ errno = 0;
+ *num = 0; /* clear by default */
+
+ DEBUGASSERT(str);
+
+ while(*str && ISSPACE(*str))
+ str++;
+ if('-' == *str) {
+ if(endp)
+ *endp = (char *)str; /* didn't actually move */
+ return CURL_OFFT_INVAL; /* nothing parsed */
+ }
+ number = strtooff(str, &end, base);
+ if(endp)
+ *endp = end;
+ if(errno == ERANGE)
+ /* overflow/underflow */
+ return CURL_OFFT_FLOW;
+ else if(str == end)
+ /* nothing parsed */
+ return CURL_OFFT_INVAL;
+
+ *num = number;
+ return CURL_OFFT_OK;
+}
diff --git a/libs/libcurl/src/strtoofft.h b/libs/libcurl/src/strtoofft.h
index b812a67a0a..244411a870 100644
--- a/libs/libcurl/src/strtoofft.h
+++ b/libs/libcurl/src/strtoofft.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -40,24 +40,7 @@
* of 'long' the conversion function to use is strtol().
*/
-#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
-# ifdef HAVE_STRTOLL
-# define curlx_strtoofft strtoll
-# else
-# if defined(_MSC_VER) && (_MSC_VER >= 1300) && (_INTEGRAL_MAX_BITS >= 64)
- _CRTIMP __int64 __cdecl _strtoi64(const char *, char **, int);
-# define curlx_strtoofft _strtoi64
-# else
- curl_off_t curlx_strtoll(const char *nptr, char **endptr, int base);
-# define curlx_strtoofft curlx_strtoll
-# define NEED_CURL_STRTOLL 1
-# endif
-# endif
-#else
-# define curlx_strtoofft strtol
-#endif
-
-#if (CURL_SIZEOF_CURL_OFF_T == 4)
+#if (SIZEOF_CURL_OFF_T == 4)
# define CURL_OFF_T_MAX CURL_OFF_T_C(0x7FFFFFFF)
#else
/* assume CURL_SIZEOF_CURL_OFF_T == 8 */
@@ -65,4 +48,13 @@
#endif
#define CURL_OFF_T_MIN (-CURL_OFF_T_MAX - CURL_OFF_T_C(1))
+typedef enum {
+ CURL_OFFT_OK, /* parsed fine */
+ CURL_OFFT_FLOW, /* over or underflow */
+ CURL_OFFT_INVAL /* nothing was parsed */
+} CURLofft;
+
+CURLofft curlx_strtoofft(const char *str, char **endp, int base,
+ curl_off_t *num);
+
#endif /* HEADER_CURL_STRTOOFFT_H */
diff --git a/libs/libcurl/src/system_win32.c b/libs/libcurl/src/system_win32.c
new file mode 100644
index 0000000000..cfbbf32797
--- /dev/null
+++ b/libs/libcurl/src/system_win32.c
@@ -0,0 +1,329 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2016 - 2017, Steve Holme, <steve_holme@hotmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(WIN32)
+
+#include <curl/curl.h>
+#include "system_win32.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \
+ defined(USE_WINSOCK))
+
+
+#if !defined(LOAD_WITH_ALTERED_SEARCH_PATH)
+#define LOAD_WITH_ALTERED_SEARCH_PATH 0x00000008
+#endif
+
+#if !defined(LOAD_LIBRARY_SEARCH_SYSTEM32)
+#define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800
+#endif
+
+/* We use our own typedef here since some headers might lack these */
+typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD);
+
+/* See function definitions in winbase.h */
+#ifdef UNICODE
+# ifdef _WIN32_WCE
+# define LOADLIBARYEX L"LoadLibraryExW"
+# else
+# define LOADLIBARYEX "LoadLibraryExW"
+# endif
+#else
+# define LOADLIBARYEX "LoadLibraryExA"
+#endif
+
+#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */
+
+/*
+ * Curl_verify_windows_version()
+ *
+ * This is used to verify if we are running on a specific windows version.
+ *
+ * Parameters:
+ *
+ * majorVersion [in] - The major version number.
+ * minorVersion [in] - The minor version number.
+ * platform [in] - The optional platform identifier.
+ * condition [in] - The test condition used to specifier whether we are
+ * checking a version less then, equal to or greater than
+ * what is specified in the major and minor version
+ * numbers.
+ *
+ * Returns TRUE if matched; otherwise FALSE.
+ */
+bool Curl_verify_windows_version(const unsigned int majorVersion,
+ const unsigned int minorVersion,
+ const PlatformIdentifier platform,
+ const VersionCondition condition)
+{
+ bool matched = FALSE;
+
+#if defined(CURL_WINDOWS_APP)
+ /* We have no way to determine the Windows version from Windows apps,
+ so let's assume we're running on the target Windows version. */
+ const WORD fullVersion = MAKEWORD(minorVersion, majorVersion);
+ const WORD targetVersion = (WORD)_WIN32_WINNT;
+
+ switch(condition) {
+ case VERSION_LESS_THAN:
+ matched = targetVersion < fullVersion;
+ break;
+
+ case VERSION_LESS_THAN_EQUAL:
+ matched = targetVersion <= fullVersion;
+ break;
+
+ case VERSION_EQUAL:
+ matched = targetVersion == fullVersion;
+ break;
+
+ case VERSION_GREATER_THAN_EQUAL:
+ matched = targetVersion >= fullVersion;
+ break;
+
+ case VERSION_GREATER_THAN:
+ matched = targetVersion > fullVersion;
+ break;
+ }
+
+ if(matched && (platform == PLATFORM_WINDOWS)) {
+ /* we're always running on PLATFORM_WINNT */
+ matched = FALSE;
+ }
+#elif !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
+ (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
+ OSVERSIONINFO osver;
+
+ memset(&osver, 0, sizeof(osver));
+ osver.dwOSVersionInfoSize = sizeof(osver);
+
+ /* Find out Windows version */
+ if(GetVersionEx(&osver)) {
+ /* Verify the Operating System version number */
+ switch(condition) {
+ case VERSION_LESS_THAN:
+ if(osver.dwMajorVersion < majorVersion ||
+ (osver.dwMajorVersion == majorVersion &&
+ osver.dwMinorVersion < minorVersion))
+ matched = TRUE;
+ break;
+
+ case VERSION_LESS_THAN_EQUAL:
+ if(osver.dwMajorVersion <= majorVersion &&
+ osver.dwMinorVersion <= minorVersion)
+ matched = TRUE;
+ break;
+
+ case VERSION_EQUAL:
+ if(osver.dwMajorVersion == majorVersion &&
+ osver.dwMinorVersion == minorVersion)
+ matched = TRUE;
+ break;
+
+ case VERSION_GREATER_THAN_EQUAL:
+ if(osver.dwMajorVersion >= majorVersion &&
+ osver.dwMinorVersion >= minorVersion)
+ matched = TRUE;
+ break;
+
+ case VERSION_GREATER_THAN:
+ if(osver.dwMajorVersion > majorVersion ||
+ (osver.dwMajorVersion == majorVersion &&
+ osver.dwMinorVersion > minorVersion))
+ matched = TRUE;
+ break;
+ }
+
+ /* Verify the platform identifier (if necessary) */
+ if(matched) {
+ switch(platform) {
+ case PLATFORM_WINDOWS:
+ if(osver.dwPlatformId != VER_PLATFORM_WIN32_WINDOWS)
+ matched = FALSE;
+ break;
+
+ case PLATFORM_WINNT:
+ if(osver.dwPlatformId != VER_PLATFORM_WIN32_NT)
+ matched = FALSE;
+
+ default: /* like platform == PLATFORM_DONT_CARE */
+ break;
+ }
+ }
+ }
+#else
+ ULONGLONG cm = 0;
+ OSVERSIONINFOEX osver;
+ BYTE majorCondition;
+ BYTE minorCondition;
+ BYTE spMajorCondition;
+ BYTE spMinorCondition;
+
+ switch(condition) {
+ case VERSION_LESS_THAN:
+ majorCondition = VER_LESS;
+ minorCondition = VER_LESS;
+ spMajorCondition = VER_LESS_EQUAL;
+ spMinorCondition = VER_LESS_EQUAL;
+ break;
+
+ case VERSION_LESS_THAN_EQUAL:
+ majorCondition = VER_LESS_EQUAL;
+ minorCondition = VER_LESS_EQUAL;
+ spMajorCondition = VER_LESS_EQUAL;
+ spMinorCondition = VER_LESS_EQUAL;
+ break;
+
+ case VERSION_EQUAL:
+ majorCondition = VER_EQUAL;
+ minorCondition = VER_EQUAL;
+ spMajorCondition = VER_GREATER_EQUAL;
+ spMinorCondition = VER_GREATER_EQUAL;
+ break;
+
+ case VERSION_GREATER_THAN_EQUAL:
+ majorCondition = VER_GREATER_EQUAL;
+ minorCondition = VER_GREATER_EQUAL;
+ spMajorCondition = VER_GREATER_EQUAL;
+ spMinorCondition = VER_GREATER_EQUAL;
+ break;
+
+ case VERSION_GREATER_THAN:
+ majorCondition = VER_GREATER;
+ minorCondition = VER_GREATER;
+ spMajorCondition = VER_GREATER_EQUAL;
+ spMinorCondition = VER_GREATER_EQUAL;
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ memset(&osver, 0, sizeof(osver));
+ osver.dwOSVersionInfoSize = sizeof(osver);
+ osver.dwMajorVersion = majorVersion;
+ osver.dwMinorVersion = minorVersion;
+ if(platform == PLATFORM_WINDOWS)
+ osver.dwPlatformId = VER_PLATFORM_WIN32_WINDOWS;
+ else if(platform == PLATFORM_WINNT)
+ osver.dwPlatformId = VER_PLATFORM_WIN32_NT;
+
+ cm = VerSetConditionMask(cm, VER_MAJORVERSION, majorCondition);
+ cm = VerSetConditionMask(cm, VER_MINORVERSION, minorCondition);
+ cm = VerSetConditionMask(cm, VER_SERVICEPACKMAJOR, spMajorCondition);
+ cm = VerSetConditionMask(cm, VER_SERVICEPACKMINOR, spMinorCondition);
+ if(platform != PLATFORM_DONT_CARE)
+ cm = VerSetConditionMask(cm, VER_PLATFORMID, VER_EQUAL);
+
+ if(VerifyVersionInfo(&osver, (VER_MAJORVERSION | VER_MINORVERSION |
+ VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR),
+ cm))
+ matched = TRUE;
+#endif
+
+ return matched;
+}
+
+#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \
+ defined(USE_WINSOCK))
+
+/*
+ * Curl_load_library()
+ *
+ * This is used to dynamically load DLLs using the most secure method available
+ * for the version of Windows that we are running on.
+ *
+ * Parameters:
+ *
+ * filename [in] - The filename or full path of the DLL to load. If only the
+ * filename is passed then the DLL will be loaded from the
+ * Windows system directory.
+ *
+ * Returns the handle of the module on success; otherwise NULL.
+ */
+HMODULE Curl_load_library(LPCTSTR filename)
+{
+ HMODULE hModule = NULL;
+ LOADLIBRARYEX_FN pLoadLibraryEx = NULL;
+
+ /* Get a handle to kernel32 so we can access it's functions at runtime */
+ HMODULE hKernel32 = GetModuleHandle(TEXT("kernel32"));
+ if(!hKernel32)
+ return NULL;
+
+ /* Attempt to find LoadLibraryEx() which is only available on Windows 2000
+ and above */
+ pLoadLibraryEx = (LOADLIBRARYEX_FN) GetProcAddress(hKernel32, LOADLIBARYEX);
+
+ /* Detect if there's already a path in the filename and load the library if
+ there is. Note: Both back slashes and forward slashes have been supported
+ since the earlier days of DOS at an API level although they are not
+ supported by command prompt */
+ if(_tcspbrk(filename, TEXT("\\/"))) {
+ /** !checksrc! disable BANNEDFUNC 1 **/
+ hModule = pLoadLibraryEx ?
+ pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
+ LoadLibrary(filename);
+ }
+ /* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only
+ supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
+ Server 2008 R2 with this patch or natively on Windows 8 and above */
+ else if(pLoadLibraryEx && GetProcAddress(hKernel32, "AddDllDirectory")) {
+ /* Load the DLL from the Windows system directory */
+ hModule = pLoadLibraryEx(filename, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
+ }
+ else {
+ /* Attempt to get the Windows system path */
+ UINT systemdirlen = GetSystemDirectory(NULL, 0);
+ if(systemdirlen) {
+ /* Allocate space for the full DLL path (Room for the null terminator
+ is included in systemdirlen) */
+ size_t filenamelen = _tcslen(filename);
+ TCHAR *path = malloc(sizeof(TCHAR) * (systemdirlen + 1 + filenamelen));
+ if(path && GetSystemDirectory(path, systemdirlen)) {
+ /* Calculate the full DLL path */
+ _tcscpy(path + _tcslen(path), TEXT("\\"));
+ _tcscpy(path + _tcslen(path), filename);
+
+ /* Load the DLL from the Windows system directory */
+ /** !checksrc! disable BANNEDFUNC 1 **/
+ hModule = pLoadLibraryEx ?
+ pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
+ LoadLibrary(path);
+
+ }
+ free(path);
+ }
+ }
+
+ return hModule;
+}
+
+#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */
+
+#endif /* WIN32 */
diff --git a/libs/libcurl/src/system_win32.h b/libs/libcurl/src/system_win32.h
new file mode 100644
index 0000000000..1e772856b2
--- /dev/null
+++ b/libs/libcurl/src/system_win32.h
@@ -0,0 +1,61 @@
+#ifndef HEADER_CURL_SYSTEM_WIN32_H
+#define HEADER_CURL_SYSTEM_WIN32_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2016, Steve Holme, <steve_holme@hotmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(WIN32)
+
+/* Version condition */
+typedef enum {
+ VERSION_LESS_THAN,
+ VERSION_LESS_THAN_EQUAL,
+ VERSION_EQUAL,
+ VERSION_GREATER_THAN_EQUAL,
+ VERSION_GREATER_THAN
+} VersionCondition;
+
+/* Platform identifier */
+typedef enum {
+ PLATFORM_DONT_CARE,
+ PLATFORM_WINDOWS,
+ PLATFORM_WINNT
+} PlatformIdentifier;
+
+/* This is used to verify if we are running on a specific windows version */
+bool Curl_verify_windows_version(const unsigned int majorVersion,
+ const unsigned int minorVersion,
+ const PlatformIdentifier platform,
+ const VersionCondition condition);
+
+#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \
+ defined(USE_WINSOCK))
+
+/* This is used to dynamically load DLLs */
+HMODULE Curl_load_library(LPCTSTR filename);
+
+#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */
+
+#endif /* WIN32 */
+
+#endif /* HEADER_CURL_SYSTEM_WIN32_H */
diff --git a/libs/libcurl/src/telnet.c b/libs/libcurl/src/telnet.c
index 366825078c..48b134ee34 100644
--- a/libs/libcurl/src/telnet.c
+++ b/libs/libcurl/src/telnet.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -51,21 +51,19 @@
#include "telnet.h"
#include "connect.h"
#include "progress.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include "system_win32.h"
#define TELOPTS
#define TELCMDS
#include "arpa_telnet.h"
-#include "curl_memory.h"
#include "select.h"
-#include "strequal.h"
-#include "rawstr.h"
+#include "strcase.h"
#include "warnless.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
#define SUBBUFSIZE 512
@@ -78,22 +76,24 @@
} WHILE_FALSE
#define CURL_SB_ACCUM(x,c) \
do { \
- if(x->subpointer < (x->subbuffer+sizeof x->subbuffer)) \
+ if(x->subpointer < (x->subbuffer + sizeof x->subbuffer)) \
*x->subpointer++ = (c); \
} WHILE_FALSE
#define CURL_SB_GET(x) ((*x->subpointer++)&0xff)
-#define CURL_SB_PEEK(x) ((*x->subpointer)&0xff)
-#define CURL_SB_EOF(x) (x->subpointer >= x->subend)
#define CURL_SB_LEN(x) (x->subend - x->subpointer)
+/* For posterity:
+#define CURL_SB_PEEK(x) ((*x->subpointer)&0xff)
+#define CURL_SB_EOF(x) (x->subpointer >= x->subend) */
+
#ifdef CURL_DISABLE_VERBOSE_STRINGS
#define printoption(a,b,c,d) Curl_nop_stmt
#endif
#ifdef USE_WINSOCK
typedef FARPROC WSOCK2_FUNC;
-static CURLcode check_wsock2 ( struct SessionHandle *data );
+static CURLcode check_wsock2(struct Curl_easy *data);
#endif
static
@@ -102,7 +102,7 @@ CURLcode telrcv(struct connectdata *,
ssize_t count); /* Number of bytes received */
#ifndef CURL_DISABLE_VERBOSE_STRINGS
-static void printoption(struct SessionHandle *data,
+static void printoption(struct Curl_easy *data,
const char *direction,
int cmd, int option);
#endif
@@ -112,7 +112,7 @@ static void send_negotiation(struct connectdata *, int cmd, int option);
static void set_local_option(struct connectdata *, int cmd, int option);
static void set_remote_option(struct connectdata *, int cmd, int option);
-static void printsub(struct SessionHandle *data,
+static void printsub(struct Curl_easy *data,
int direction, unsigned char *pointer,
size_t length);
static void suboption(struct connectdata *);
@@ -192,6 +192,7 @@ const struct Curl_handler Curl_handler_telnet = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_TELNET, /* defport */
CURLPROTO_TELNET, /* protocol */
PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */
@@ -200,7 +201,7 @@ const struct Curl_handler Curl_handler_telnet = {
#ifdef USE_WINSOCK
static CURLcode
-check_wsock2 ( struct SessionHandle *data )
+check_wsock2(struct Curl_easy *data)
{
int err;
WORD wVersionRequested;
@@ -228,9 +229,9 @@ check_wsock2 ( struct SessionHandle *data )
if(LOBYTE(wsaData.wVersion) != LOBYTE(wVersionRequested) ||
HIBYTE(wsaData.wVersion) != HIBYTE(wVersionRequested)) {
/* Our version isn't supported */
- failf(data,"insufficient winsock version to support "
- "telnet");
- return CURLE_FAILED_INIT;
+ failf(data, "insufficient winsock version to support "
+ "telnet");
+ return CURLE_FAILED_INIT;
}
/* Our version is supported */
@@ -294,8 +295,8 @@ static void negotiate(struct connectdata *conn)
int i;
struct TELNET *tn = (struct TELNET *) conn->data->req.protop;
- for(i = 0;i < CURL_NTELOPTS;i++) {
- if(i==CURL_TELOPT_ECHO)
+ for(i = 0; i < CURL_NTELOPTS; i++) {
+ if(i == CURL_TELOPT_ECHO)
continue;
if(tn->us_preferred[i] == CURL_YES)
@@ -307,7 +308,7 @@ static void negotiate(struct connectdata *conn)
}
#ifndef CURL_DISABLE_VERBOSE_STRINGS
-static void printoption(struct SessionHandle *data,
+static void printoption(struct Curl_easy *data,
const char *direction, int cmd, int option)
{
const char *fmt;
@@ -348,7 +349,7 @@ static void send_negotiation(struct connectdata *conn, int cmd, int option)
unsigned char buf[3];
ssize_t bytes_written;
int err;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
buf[0] = CURL_IAC;
buf[1] = (unsigned char)cmd;
@@ -704,13 +705,12 @@ void rec_dont(struct connectdata *conn, int option)
}
-static void printsub(struct SessionHandle *data,
+static void printsub(struct Curl_easy *data,
int direction, /* '<' or '>' */
unsigned char *pointer, /* where suboption data is */
size_t length) /* length of suboption data */
{
unsigned int i = 0;
- unsigned short *pval;
if(data->set.verbose) {
if(direction) {
@@ -763,9 +763,9 @@ static void printsub(struct SessionHandle *data,
switch(pointer[0]) {
case CURL_TELOPT_NAWS:
- pval = (unsigned short*)(pointer+1);
- infof(data, "Width: %hu ; Height: %hu",
- ntohs(pval[0]), ntohs(pval[1]));
+ if(length > 4)
+ infof(data, "Width: %hu ; Height: %hu", (pointer[1]<<8) | pointer[2],
+ (pointer[3]<<8) | pointer[4]);
break;
default:
switch(pointer[1]) {
@@ -792,7 +792,7 @@ static void printsub(struct SessionHandle *data,
case CURL_TELOPT_NEW_ENVIRON:
if(pointer[1] == CURL_TELQUAL_IS) {
infof(data, " ");
- for(i = 3;i < length;i++) {
+ for(i = 3; i < length; i++) {
switch(pointer[i]) {
case CURL_NEW_ENV_VAR:
infof(data, ", ");
@@ -822,9 +822,9 @@ static CURLcode check_telnet_options(struct connectdata *conn)
{
struct curl_slist *head;
struct curl_slist *beg;
- char option_keyword[128];
- char option_arg[256];
- struct SessionHandle *data = conn->data;
+ char option_keyword[128] = "";
+ char option_arg[256] = "";
+ struct Curl_easy *data = conn->data;
struct TELNET *tn = (struct TELNET *)conn->data->req.protop;
CURLcode result = CURLE_OK;
int binary_option;
@@ -843,12 +843,12 @@ static CURLcode check_telnet_options(struct connectdata *conn)
tn->us_preferred[CURL_TELOPT_NEW_ENVIRON] = CURL_YES;
}
- for(head = data->set.telnet_options; head; head=head->next) {
+ for(head = data->set.telnet_options; head; head = head->next) {
if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
option_keyword, option_arg) == 2) {
/* Terminal type */
- if(Curl_raw_equal(option_keyword, "TTYPE")) {
+ if(strcasecompare(option_keyword, "TTYPE")) {
strncpy(tn->subopt_ttype, option_arg, 31);
tn->subopt_ttype[31] = 0; /* String termination */
tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES;
@@ -856,7 +856,7 @@ static CURLcode check_telnet_options(struct connectdata *conn)
}
/* Display variable */
- if(Curl_raw_equal(option_keyword, "XDISPLOC")) {
+ if(strcasecompare(option_keyword, "XDISPLOC")) {
strncpy(tn->subopt_xdisploc, option_arg, 127);
tn->subopt_xdisploc[127] = 0; /* String termination */
tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES;
@@ -864,7 +864,7 @@ static CURLcode check_telnet_options(struct connectdata *conn)
}
/* Environment variable */
- if(Curl_raw_equal(option_keyword, "NEW_ENV")) {
+ if(strcasecompare(option_keyword, "NEW_ENV")) {
beg = curl_slist_append(tn->telnet_vars, option_arg);
if(!beg) {
result = CURLE_OUT_OF_MEMORY;
@@ -875,8 +875,8 @@ static CURLcode check_telnet_options(struct connectdata *conn)
continue;
}
- /* Window Size */
- if(Curl_raw_equal(option_keyword, "WS")) {
+ /* Window Size */
+ if(strcasecompare(option_keyword, "WS")) {
if(sscanf(option_arg, "%hu%*[xX]%hu",
&tn->subopt_wsx, &tn->subopt_wsy) == 2)
tn->us_preferred[CURL_TELOPT_NAWS] = CURL_YES;
@@ -889,9 +889,9 @@ static CURLcode check_telnet_options(struct connectdata *conn)
}
/* To take care or not of the 8th bit in data exchange */
- if(Curl_raw_equal(option_keyword, "BINARY")) {
- binary_option=atoi(option_arg);
- if(binary_option!=1) {
+ if(strcasecompare(option_keyword, "BINARY")) {
+ binary_option = atoi(option_arg);
+ if(binary_option != 1) {
tn->us_preferred[CURL_TELOPT_BINARY] = CURL_NO;
tn->him_preferred[CURL_TELOPT_BINARY] = CURL_NO;
}
@@ -899,14 +899,12 @@ static CURLcode check_telnet_options(struct connectdata *conn)
}
failf(data, "Unknown telnet option %s", head->data);
- result = CURLE_UNKNOWN_TELNET_OPTION;
- break;
- }
- else {
- failf(data, "Syntax error in telnet option: %s", head->data);
- result = CURLE_TELNET_OPTION_SYNTAX;
+ result = CURLE_UNKNOWN_OPTION;
break;
}
+ failf(data, "Syntax error in telnet option: %s", head->data);
+ result = CURLE_TELNET_OPTION_SYNTAX;
+ break;
}
if(result) {
@@ -932,13 +930,13 @@ static void suboption(struct connectdata *conn)
size_t len;
size_t tmplen;
int err;
- char varname[128];
- char varval[128];
- struct SessionHandle *data = conn->data;
+ char varname[128] = "";
+ char varval[128] = "";
+ struct Curl_easy *data = conn->data;
struct TELNET *tn = (struct TELNET *)data->req.protop;
- printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn)+2);
- switch (CURL_SB_GET(tn)) {
+ printsub(data, '<', (unsigned char *)tn->subbuffer, CURL_SB_LEN(tn) + 2);
+ switch(CURL_SB_GET(tn)) {
case CURL_TELOPT_TTYPE:
len = strlen(tn->subopt_ttype) + 4 + 2;
snprintf((char *)temp, sizeof(temp),
@@ -969,15 +967,16 @@ static void suboption(struct connectdata *conn)
CURL_TELQUAL_IS);
len = 4;
- for(v = tn->telnet_vars;v;v = v->next) {
+ for(v = tn->telnet_vars; v; v = v->next) {
tmplen = (strlen(v->data) + 1);
/* Add the variable only if it fits */
- if(len + tmplen < sizeof(temp)-6) {
- sscanf(v->data, "%127[^,],%127s", varname, varval);
- snprintf((char *)&temp[len], sizeof(temp) - len,
- "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
- CURL_NEW_ENV_VALUE, varval);
- len += tmplen;
+ if(len + tmplen < (int)sizeof(temp)-6) {
+ if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
+ snprintf((char *)&temp[len], sizeof(temp) - len,
+ "%c%s%c%s", CURL_NEW_ENV_VAR, varname,
+ CURL_NEW_ENV_VALUE, varval);
+ len += tmplen;
+ }
}
}
snprintf((char *)&temp[len], sizeof(temp) - len,
@@ -1006,24 +1005,24 @@ static void sendsuboption(struct connectdata *conn, int option)
ssize_t bytes_written;
int err;
unsigned short x, y;
- unsigned char*uc1, *uc2;
+ unsigned char *uc1, *uc2;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct TELNET *tn = (struct TELNET *)data->req.protop;
- switch (option) {
+ switch(option) {
case CURL_TELOPT_NAWS:
/* We prepare data to be sent */
CURL_SB_CLEAR(tn);
CURL_SB_ACCUM(tn, CURL_IAC);
CURL_SB_ACCUM(tn, CURL_SB);
CURL_SB_ACCUM(tn, CURL_TELOPT_NAWS);
- /* We must deal either with litte or big endien processors */
+ /* We must deal either with litte or big endian processors */
/* Window size must be sent according to the 'network order' */
- x=htons(tn->subopt_wsx);
- y=htons(tn->subopt_wsy);
- uc1 = (unsigned char*)&x;
- uc2 = (unsigned char*)&y;
+ x = htons(tn->subopt_wsx);
+ y = htons(tn->subopt_wsy);
+ uc1 = (unsigned char *)&x;
+ uc2 = (unsigned char *)&y;
CURL_SB_ACCUM(tn, uc1[0]);
CURL_SB_ACCUM(tn, uc1[1]);
CURL_SB_ACCUM(tn, uc2[0]);
@@ -1034,7 +1033,7 @@ static void sendsuboption(struct connectdata *conn, int option)
CURL_SB_TERM(tn);
/* data suboption is now ready */
- printsub(data, '>', (unsigned char *)tn->subbuffer+2,
+ printsub(data, '>', (unsigned char *)tn->subbuffer + 2,
CURL_SB_LEN(tn)-2);
/* we send the header of the suboption... */
@@ -1045,9 +1044,9 @@ static void sendsuboption(struct connectdata *conn, int option)
}
/* ... then the window size with the send_telnet_data() function
to deal with 0xFF cases ... */
- send_telnet_data(conn, (char *)tn->subbuffer+3, 4);
+ send_telnet_data(conn, (char *)tn->subbuffer + 3, 4);
/* ... and the footer */
- bytes_written = swrite(conn->sock[FIRSTSOCKET], tn->subbuffer+7, 2);
+ bytes_written = swrite(conn->sock[FIRSTSOCKET], tn->subbuffer + 7, 2);
if(bytes_written < 0) {
err = SOCKERRNO;
failf(data, "Sending data failed (%d)", err);
@@ -1065,8 +1064,8 @@ CURLcode telrcv(struct connectdata *conn,
unsigned char c;
CURLcode result;
int in = 0;
- int startwrite=-1;
- struct SessionHandle *data = conn->data;
+ int startwrite = -1;
+ struct Curl_easy *data = conn->data;
struct TELNET *tn = (struct TELNET *)data->req.protop;
#define startskipping() \
@@ -1075,7 +1074,7 @@ CURLcode telrcv(struct connectdata *conn,
CLIENTWRITE_BODY, \
(char *)&inbuf[startwrite], \
in-startwrite); \
- if(result != CURLE_OK) \
+ if(result) \
return result; \
} \
startwrite = -1
@@ -1089,7 +1088,7 @@ CURLcode telrcv(struct connectdata *conn,
while(count--) {
c = inbuf[in];
- switch (tn->telrcv_state) {
+ switch(tn->telrcv_state) {
case CURL_TS_CR:
tn->telrcv_state = CURL_TS_DATA;
if(c == '\0') {
@@ -1113,7 +1112,7 @@ CURLcode telrcv(struct connectdata *conn,
case CURL_TS_IAC:
process_iac:
DEBUGASSERT(startwrite < 0);
- switch (c) {
+ switch(c) {
case CURL_WILL:
tn->telrcv_state = CURL_TS_WILL;
break;
@@ -1176,7 +1175,7 @@ CURLcode telrcv(struct connectdata *conn,
if(c == CURL_IAC)
tn->telrcv_state = CURL_TS_SE;
else
- CURL_SB_ACCUM(tn,c);
+ CURL_SB_ACCUM(tn, c);
break;
case CURL_TS_SE:
@@ -1188,7 +1187,7 @@ CURLcode telrcv(struct connectdata *conn,
* IAC SE was left off, or another option got inserted into the
* suboption are all possibilities. If we assume that the IAC was
* not doubled, and really the IAC SE was left off, we could get
- * into an infinate loop here. So, instead, we terminate the
+ * into an infinite loop here. So, instead, we terminate the
* suboption, and process the partial suboption if we can.
*/
CURL_SB_ACCUM(tn, CURL_IAC);
@@ -1201,7 +1200,7 @@ CURLcode telrcv(struct connectdata *conn,
tn->telrcv_state = CURL_TS_IAC;
goto process_iac;
}
- CURL_SB_ACCUM(tn,c);
+ CURL_SB_ACCUM(tn, c);
tn->telrcv_state = CURL_TS_SB;
}
else
@@ -1222,43 +1221,64 @@ CURLcode telrcv(struct connectdata *conn,
}
/* Escape and send a telnet data block */
-/* TODO: write large chunks of data instead of one byte at a time */
static CURLcode send_telnet_data(struct connectdata *conn,
char *buffer, ssize_t nread)
{
- unsigned char outbuf[2];
+ ssize_t escapes, i, j, outlen;
+ unsigned char *outbuf = NULL;
+ CURLcode result = CURLE_OK;
ssize_t bytes_written, total_written;
- int out_count;
- CURLcode rc = CURLE_OK;
-
- while(rc == CURLE_OK && nread--) {
- outbuf[0] = *buffer++;
- out_count = 1;
- if(outbuf[0] == CURL_IAC)
- outbuf[out_count++] = CURL_IAC;
-
- total_written = 0;
- do {
- /* Make sure socket is writable to avoid EWOULDBLOCK condition */
- struct pollfd pfd[1];
- pfd[0].fd = conn->sock[FIRSTSOCKET];
- pfd[0].events = POLLOUT;
- switch (Curl_poll(pfd, 1, -1)) {
- case -1: /* error, abort writing */
- case 0: /* timeout (will never happen) */
- rc = CURLE_SEND_ERROR;
- break;
- default: /* write! */
- bytes_written = 0;
- rc = Curl_write(conn, conn->sock[FIRSTSOCKET], outbuf+total_written,
- out_count-total_written, &bytes_written);
- total_written += bytes_written;
- break;
- }
- /* handle partial write */
- } while(rc == CURLE_OK && total_written < out_count);
+
+ /* Determine size of new buffer after escaping */
+ escapes = 0;
+ for(i = 0; i < nread; i++)
+ if((unsigned char)buffer[i] == CURL_IAC)
+ escapes++;
+ outlen = nread + escapes;
+
+ if(outlen == nread)
+ outbuf = (unsigned char *)buffer;
+ else {
+ outbuf = malloc(nread + escapes + 1);
+ if(!outbuf)
+ return CURLE_OUT_OF_MEMORY;
+
+ j = 0;
+ for(i = 0; i < nread; i++) {
+ outbuf[j++] = buffer[i];
+ if((unsigned char)buffer[i] == CURL_IAC)
+ outbuf[j++] = CURL_IAC;
+ }
+ outbuf[j] = '\0';
}
- return rc;
+
+ total_written = 0;
+ while(!result && total_written < outlen) {
+ /* Make sure socket is writable to avoid EWOULDBLOCK condition */
+ struct pollfd pfd[1];
+ pfd[0].fd = conn->sock[FIRSTSOCKET];
+ pfd[0].events = POLLOUT;
+ switch(Curl_poll(pfd, 1, -1)) {
+ case -1: /* error, abort writing */
+ case 0: /* timeout (will never happen) */
+ result = CURLE_SEND_ERROR;
+ break;
+ default: /* write! */
+ bytes_written = 0;
+ result = Curl_write(conn, conn->sock[FIRSTSOCKET],
+ outbuf + total_written,
+ outlen - total_written,
+ &bytes_written);
+ total_written += bytes_written;
+ break;
+ }
+ }
+
+ /* Free malloc copy if escaped */
+ if(outbuf != (unsigned char *)buffer)
+ free(outbuf);
+
+ return result;
}
static CURLcode telnet_done(struct connectdata *conn,
@@ -1281,8 +1301,8 @@ static CURLcode telnet_done(struct connectdata *conn,
static CURLcode telnet_do(struct connectdata *conn, bool *done)
{
- CURLcode code;
- struct SessionHandle *data = conn->data;
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
curl_socket_t sockfd = conn->sock[FIRSTSOCKET];
#ifdef USE_WINSOCK
HMODULE wsock2;
@@ -1307,72 +1327,69 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
curl_off_t total_ul = 0;
#endif
ssize_t nread;
- struct timeval now;
+ struct curltime now;
bool keepon = TRUE;
char *buf = data->state.buffer;
struct TELNET *tn;
*done = TRUE; /* unconditionally */
- code = init_telnet(conn);
- if(code)
- return code;
+ result = init_telnet(conn);
+ if(result)
+ return result;
tn = (struct TELNET *)data->req.protop;
- code = check_telnet_options(conn);
- if(code)
- return code;
+ result = check_telnet_options(conn);
+ if(result)
+ return result;
#ifdef USE_WINSOCK
/*
** This functionality only works with WinSock >= 2.0. So,
- ** make sure have it.
+ ** make sure we have it.
*/
- code = check_wsock2(data);
- if(code)
- return code;
+ result = check_wsock2(data);
+ if(result)
+ return result;
/* OK, so we have WinSock 2.0. We need to dynamically */
/* load ws2_32.dll and get the function pointers we need. */
- wsock2 = LoadLibrary(TEXT("WS2_32.DLL"));
+ wsock2 = Curl_load_library(TEXT("WS2_32.DLL"));
if(wsock2 == NULL) {
- failf(data,"failed to load WS2_32.DLL (%d)", ERRNO);
+ failf(data, "failed to load WS2_32.DLL (%u)", GetLastError());
return CURLE_FAILED_INIT;
}
/* Grab a pointer to WSACreateEvent */
- create_event_func = GetProcAddress(wsock2,"WSACreateEvent");
+ create_event_func = GetProcAddress(wsock2, "WSACreateEvent");
if(create_event_func == NULL) {
- failf(data,"failed to find WSACreateEvent function (%d)",
- ERRNO);
+ failf(data, "failed to find WSACreateEvent function (%u)", GetLastError());
FreeLibrary(wsock2);
return CURLE_FAILED_INIT;
}
/* And WSACloseEvent */
- close_event_func = GetProcAddress(wsock2,"WSACloseEvent");
+ close_event_func = GetProcAddress(wsock2, "WSACloseEvent");
if(close_event_func == NULL) {
- failf(data,"failed to find WSACloseEvent function (%d)",
- ERRNO);
+ failf(data, "failed to find WSACloseEvent function (%u)", GetLastError());
FreeLibrary(wsock2);
return CURLE_FAILED_INIT;
}
/* And WSAEventSelect */
- event_select_func = GetProcAddress(wsock2,"WSAEventSelect");
+ event_select_func = GetProcAddress(wsock2, "WSAEventSelect");
if(event_select_func == NULL) {
- failf(data,"failed to find WSAEventSelect function (%d)",
- ERRNO);
+ failf(data, "failed to find WSAEventSelect function (%u)", GetLastError());
FreeLibrary(wsock2);
return CURLE_FAILED_INIT;
}
/* And WSAEnumNetworkEvents */
- enum_netevents_func = GetProcAddress(wsock2,"WSAEnumNetworkEvents");
+ enum_netevents_func = GetProcAddress(wsock2, "WSAEnumNetworkEvents");
if(enum_netevents_func == NULL) {
- failf(data,"failed to find WSAEnumNetworkEvents function (%d)",
- ERRNO);
+ failf(data, "failed to find WSAEnumNetworkEvents function (%u)",
+ GetLastError());
FreeLibrary(wsock2);
return CURLE_FAILED_INIT;
}
@@ -1385,7 +1402,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
/* First, create a sockets event object */
event_handle = (WSAEVENT)create_event_func();
if(event_handle == WSA_INVALID_EVENT) {
- failf(data,"WSACreateEvent failed (%d)", SOCKERRNO);
+ failf(data, "WSACreateEvent failed (%d)", SOCKERRNO);
FreeLibrary(wsock2);
return CURLE_FAILED_INIT;
}
@@ -1421,50 +1438,52 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
/* Keep on listening and act on events */
while(keepon) {
+ const DWORD buf_size = (DWORD)data->set.buffer_size;
waitret = WaitForMultipleObjects(obj_count, objs, FALSE, wait_timeout);
switch(waitret) {
case WAIT_TIMEOUT:
{
for(;;) {
- if(obj_count == 1) {
+ if(data->set.is_fread_set) {
+ size_t n;
/* read from user-supplied method */
- code = (int)conn->fread_func(buf, 1, BUFSIZE - 1, conn->fread_in);
- if(code == CURL_READFUNC_ABORT) {
+ n = data->state.fread_func(buf, 1, buf_size, data->state.in);
+ if(n == CURL_READFUNC_ABORT) {
keepon = FALSE;
- code = CURLE_READ_ERROR;
+ result = CURLE_READ_ERROR;
break;
}
- if(code == CURL_READFUNC_PAUSE)
+ if(n == CURL_READFUNC_PAUSE)
break;
- if(code == 0) /* no bytes */
+ if(n == 0) /* no bytes */
break;
- readfile_read = code; /* fall thru with number of bytes read */
+ readfile_read = (DWORD)n; /* fall thru with number of bytes read */
}
else {
/* read from stdin */
if(!PeekNamedPipe(stdin_handle, NULL, 0, NULL,
&readfile_read, NULL)) {
keepon = FALSE;
- code = CURLE_READ_ERROR;
+ result = CURLE_READ_ERROR;
break;
}
if(!readfile_read)
break;
- if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
+ if(!ReadFile(stdin_handle, buf, buf_size,
&readfile_read, NULL)) {
keepon = FALSE;
- code = CURLE_READ_ERROR;
+ result = CURLE_READ_ERROR;
break;
}
}
- code = send_telnet_data(conn, buf, readfile_read);
- if(code) {
+ result = send_telnet_data(conn, buf, readfile_read);
+ if(result) {
keepon = FALSE;
break;
}
@@ -1474,15 +1493,15 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
case WAIT_OBJECT_0 + 1:
{
- if(!ReadFile(stdin_handle, buf, sizeof(data->state.buffer),
+ if(!ReadFile(stdin_handle, buf, buf_size,
&readfile_read, NULL)) {
keepon = FALSE;
- code = CURLE_READ_ERROR;
+ result = CURLE_READ_ERROR;
break;
}
- code = send_telnet_data(conn, buf, readfile_read);
- if(code) {
+ result = send_telnet_data(conn, buf, readfile_read);
+ if(result) {
keepon = FALSE;
break;
}
@@ -1491,22 +1510,24 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
case WAIT_OBJECT_0:
+ events.lNetworkEvents = 0;
if(SOCKET_ERROR == enum_netevents_func(sockfd, event_handle, &events)) {
- if((err = SOCKERRNO) != EINPROGRESS) {
- infof(data,"WSAEnumNetworkEvents failed (%d)", err);
+ err = SOCKERRNO;
+ if(err != EINPROGRESS) {
+ infof(data, "WSAEnumNetworkEvents failed (%d)", err);
keepon = FALSE;
- code = CURLE_READ_ERROR;
+ result = CURLE_READ_ERROR;
}
break;
}
if(events.lNetworkEvents & FD_READ) {
/* read data from network */
- code = Curl_read(conn, sockfd, buf, BUFSIZE - 1, &nread);
+ result = Curl_read(conn, sockfd, buf, data->set.buffer_size, &nread);
/* read would've blocked. Loop again */
- if(code == CURLE_AGAIN)
+ if(result == CURLE_AGAIN)
break;
/* returned not-zero, this an error */
- else if(code) {
+ else if(result) {
keepon = FALSE;
break;
}
@@ -1517,8 +1538,8 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
break;
}
- code = telrcv(conn, (unsigned char *)buf, nread);
- if(code) {
+ result = telrcv(conn, (unsigned char *) buf, nread);
+ if(result) {
keepon = FALSE;
break;
}
@@ -1539,10 +1560,10 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
}
if(data->set.timeout) {
- now = Curl_tvnow();
- if(Curl_tvdiff(now, conn->created) >= data->set.timeout) {
+ now = Curl_now();
+ if(Curl_timediff(now, conn->created) >= data->set.timeout) {
failf(data, "Time-out");
- code = CURLE_OPERATION_TIMEDOUT;
+ result = CURLE_OPERATION_TIMEDOUT;
keepon = FALSE;
}
}
@@ -1550,7 +1571,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
/* We called WSACreateEvent, so call WSACloseEvent */
if(!close_event_func(event_handle)) {
- infof(data,"WSACloseEvent failed (%d)", SOCKERRNO);
+ infof(data, "WSACloseEvent failed (%d)", SOCKERRNO);
}
/* "Forget" pointers into the library we're about to free */
@@ -1561,25 +1582,25 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
/* We called LoadLibrary, so call FreeLibrary */
if(!FreeLibrary(wsock2))
- infof(data,"FreeLibrary(wsock2) failed (%d)", ERRNO);
+ infof(data, "FreeLibrary(wsock2) failed (%u)", GetLastError());
#else
pfd[0].fd = sockfd;
pfd[0].events = POLLIN;
- if(conn->fread_func != (curl_read_callback)fread) {
+ if(data->set.is_fread_set) {
poll_cnt = 1;
interval_ms = 100; /* poll user-supplied read function */
}
else {
/* really using fread, so infile is a FILE* */
- pfd[1].fd = fileno((FILE *)conn->fread_in);
+ pfd[1].fd = fileno((FILE *)data->state.in);
pfd[1].events = POLLIN;
poll_cnt = 2;
interval_ms = 1 * 1000;
}
while(keepon) {
- switch (Curl_poll(pfd, poll_cnt, interval_ms)) {
+ switch(Curl_poll(pfd, poll_cnt, interval_ms)) {
case -1: /* error, stop reading */
keepon = FALSE;
continue;
@@ -1590,12 +1611,12 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
default: /* read! */
if(pfd[0].revents & POLLIN) {
/* read data from network */
- code = Curl_read(conn, sockfd, buf, BUFSIZE - 1, &nread);
+ result = Curl_read(conn, sockfd, buf, data->set.buffer_size, &nread);
/* read would've blocked. Loop again */
- if(code == CURLE_AGAIN)
+ if(result == CURLE_AGAIN)
break;
/* returned not-zero, this an error */
- else if(code) {
+ if(result) {
keepon = FALSE;
break;
}
@@ -1608,8 +1629,8 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
total_dl += nread;
Curl_pgrsSetDownloadCounter(data, total_dl);
- code = telrcv(conn, (unsigned char *)buf, nread);
- if(code) {
+ result = telrcv(conn, (unsigned char *)buf, nread);
+ if(result) {
keepon = FALSE;
break;
}
@@ -1626,12 +1647,13 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
nread = 0;
if(poll_cnt == 2) {
if(pfd[1].revents & POLLIN) { /* read from in file */
- nread = read(pfd[1].fd, buf, BUFSIZE - 1);
+ nread = read(pfd[1].fd, buf, data->set.buffer_size);
}
}
else {
/* read from user-supplied method */
- nread = (int)conn->fread_func(buf, 1, BUFSIZE - 1, conn->fread_in);
+ nread = (int)data->state.fread_func(buf, 1, data->set.buffer_size,
+ data->state.in);
if(nread == CURL_READFUNC_ABORT) {
keepon = FALSE;
break;
@@ -1641,8 +1663,8 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
}
if(nread > 0) {
- code = send_telnet_data(conn, buf, nread);
- if(code) {
+ result = send_telnet_data(conn, buf, nread);
+ if(result) {
keepon = FALSE;
break;
}
@@ -1656,16 +1678,16 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
} /* poll switch statement */
if(data->set.timeout) {
- now = Curl_tvnow();
- if(Curl_tvdiff(now, conn->created) >= data->set.timeout) {
+ now = Curl_now();
+ if(Curl_timediff(now, conn->created) >= data->set.timeout) {
failf(data, "Time-out");
- code = CURLE_OPERATION_TIMEDOUT;
+ result = CURLE_OPERATION_TIMEDOUT;
keepon = FALSE;
}
}
if(Curl_pgrsUpdate(conn)) {
- code = CURLE_ABORTED_BY_CALLBACK;
+ result = CURLE_ABORTED_BY_CALLBACK;
break;
}
}
@@ -1673,6 +1695,6 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
/* mark this as "no further transfer wanted" */
Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
- return code;
+ return result;
}
#endif
diff --git a/libs/libcurl/src/telnet.h b/libs/libcurl/src/telnet.h
index ddb9e5473d..419a399b7b 100644
--- a/libs/libcurl/src/telnet.h
+++ b/libs/libcurl/src/telnet.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/tftp.c b/libs/libcurl/src/tftp.c
index f1ffd2a3ad..20dc600409 100644
--- a/libs/libcurl/src/tftp.c
+++ b/libs/libcurl/src/tftp.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -55,16 +55,14 @@
#include "sockaddr.h" /* required for Curl_sockaddr_storage */
#include "multiif.h"
#include "url.h"
-#include "rawstr.h"
+#include "strcase.h"
#include "speedcheck.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-#include "curl_memory.h"
#include "select.h"
+#include "escape.h"
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
/* RFC2348 allows the block size to be negotiated */
@@ -78,12 +76,12 @@
#define TFTP_OPTION_INTERVAL "timeout"
typedef enum {
- TFTP_MODE_NETASCII=0,
+ TFTP_MODE_NETASCII = 0,
TFTP_MODE_OCTET
} tftp_mode_t;
typedef enum {
- TFTP_STATE_START=0,
+ TFTP_STATE_START = 0,
TFTP_STATE_RX,
TFTP_STATE_TX,
TFTP_STATE_FIN
@@ -102,7 +100,7 @@ typedef enum {
} tftp_event_t;
typedef enum {
- TFTP_ERR_UNDEF=0,
+ TFTP_ERR_UNDEF = 0,
TFTP_ERR_NOTFOUND,
TFTP_ERR_PERM,
TFTP_ERR_DISKFULL,
@@ -148,8 +146,8 @@ typedef struct tftp_state_data {
/* Forward declarations */
-static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event) ;
-static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event) ;
+static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event);
+static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event);
static CURLcode tftp_connect(struct connectdata *conn, bool *done);
static CURLcode tftp_disconnect(struct connectdata *conn,
bool dead_connection);
@@ -183,6 +181,7 @@ const struct Curl_handler Curl_handler_tftp = {
ZERO_NULL, /* perform_getsock */
tftp_disconnect, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
PORT_TFTP, /* defport */
CURLPROTO_TFTP, /* protocol */
PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */
@@ -201,7 +200,7 @@ const struct Curl_handler Curl_handler_tftp = {
static CURLcode tftp_set_timeouts(tftp_state_data_t *state)
{
time_t maxtime, timeout;
- long timeout_ms;
+ timediff_t timeout_ms;
bool start = (state->state == TFTP_STATE_START) ? TRUE : FALSE;
time(&state->start_time);
@@ -218,10 +217,10 @@ static CURLcode tftp_set_timeouts(tftp_state_data_t *state)
if(start) {
maxtime = (time_t)(timeout_ms + 500) / 1000;
- state->max_time = state->start_time+maxtime;
+ state->max_time = state->start_time + maxtime;
/* Set per-block timeout to total */
- timeout = maxtime ;
+ timeout = maxtime;
/* Average restart after 5 seconds */
state->retry_max = (int)timeout/5;
@@ -233,7 +232,7 @@ static CURLcode tftp_set_timeouts(tftp_state_data_t *state)
/* Compute the re-start interval to suit the timeout */
state->retry_time = (int)timeout/state->retry_max;
if(state->retry_time<1)
- state->retry_time=1;
+ state->retry_time = 1;
}
else {
@@ -242,7 +241,7 @@ static CURLcode tftp_set_timeouts(tftp_state_data_t *state)
else
maxtime = 3600;
- state->max_time = state->start_time+maxtime;
+ state->max_time = state->start_time + maxtime;
/* Set per-block timeout to total */
timeout = maxtime;
@@ -252,15 +251,15 @@ static CURLcode tftp_set_timeouts(tftp_state_data_t *state)
}
/* But bound the total number */
if(state->retry_max<3)
- state->retry_max=3;
+ state->retry_max = 3;
if(state->retry_max>50)
- state->retry_max=50;
+ state->retry_max = 50;
/* Compute the re-ACK interval to suit the timeout */
state->retry_time = (int)(timeout/state->retry_max);
if(state->retry_time<1)
- state->retry_time=1;
+ state->retry_time = 1;
infof(state->conn->data,
"set timeouts for state %d; Total %ld, retry %d maxtry %d\n",
@@ -306,7 +305,7 @@ static unsigned short getrpacketblock(const tftp_packet_t *packet)
static size_t Curl_strnlen(const char *string, size_t maxlen)
{
- const char *end = memchr (string, '\0', maxlen);
+ const char *end = memchr(string, '\0', maxlen);
return end ? (size_t) (end - string) : maxlen;
}
@@ -315,14 +314,14 @@ static const char *tftp_option_get(const char *buf, size_t len,
{
size_t loc;
- loc = Curl_strnlen( buf, len );
+ loc = Curl_strnlen(buf, len);
loc++; /* NULL term */
if(loc >= len)
return NULL;
*option = buf;
- loc += Curl_strnlen( buf+loc, len-loc );
+ loc += Curl_strnlen(buf + loc, len-loc);
loc++; /* NULL term */
if(loc > len)
@@ -336,7 +335,7 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
const char *ptr, int len)
{
const char *tmp = ptr;
- struct SessionHandle *data = state->conn->data;
+ struct Curl_easy *data = state->conn->data;
/* if OACK doesn't contain blksize option, the default (512) must be used */
state->blksize = TFTP_BLKSIZE_DEFAULT;
@@ -355,13 +354,13 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
if(checkprefix(option, TFTP_OPTION_BLKSIZE)) {
long blksize;
- blksize = strtol( value, NULL, 10 );
+ blksize = strtol(value, NULL, 10);
if(!blksize) {
failf(data, "invalid blocksize value in OACK packet");
return CURLE_TFTP_ILLEGAL;
}
- else if(blksize > TFTP_BLKSIZE_MAX) {
+ if(blksize > TFTP_BLKSIZE_MAX) {
failf(data, "%s (%d)", "blksize is larger than max supported",
TFTP_BLKSIZE_MAX);
return CURLE_TFTP_ILLEGAL;
@@ -387,7 +386,7 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
else if(checkprefix(option, TFTP_OPTION_TSIZE)) {
long tsize = 0;
- tsize = strtol( value, NULL, 10 );
+ tsize = strtol(value, NULL, 10);
infof(data, "%s (%ld)\n", "tsize parsed from OACK", tsize);
/* tsize should be ignored on upload: Who cares about the size of the
@@ -408,41 +407,41 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
static size_t tftp_option_add(tftp_state_data_t *state, size_t csize,
char *buf, const char *option)
{
- if(( strlen(option) + csize + 1 ) > (size_t)state->blksize)
+ if(( strlen(option) + csize + 1) > (size_t)state->blksize)
return 0;
strcpy(buf, option);
- return( strlen(option) + 1 );
+ return strlen(option) + 1;
}
static CURLcode tftp_connect_for_tx(tftp_state_data_t *state,
tftp_event_t event)
{
- CURLcode res;
+ CURLcode result;
#ifndef CURL_DISABLE_VERBOSE_STRINGS
- struct SessionHandle *data = state->conn->data;
+ struct Curl_easy *data = state->conn->data;
infof(data, "%s\n", "Connected for transmit");
#endif
state->state = TFTP_STATE_TX;
- res = tftp_set_timeouts(state);
- if(res != CURLE_OK)
- return(res);
+ result = tftp_set_timeouts(state);
+ if(result)
+ return result;
return tftp_tx(state, event);
}
static CURLcode tftp_connect_for_rx(tftp_state_data_t *state,
tftp_event_t event)
{
- CURLcode res;
+ CURLcode result;
#ifndef CURL_DISABLE_VERBOSE_STRINGS
- struct SessionHandle *data = state->conn->data;
+ struct Curl_easy *data = state->conn->data;
infof(data, "%s\n", "Connected for receive");
#endif
state->state = TFTP_STATE_RX;
- res = tftp_set_timeouts(state);
- if(res != CURLE_OK)
- return(res);
+ result = tftp_set_timeouts(state);
+ if(result)
+ return result;
return tftp_rx(state, event);
}
@@ -453,8 +452,8 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
const char *mode = "octet";
char *filename;
char buf[64];
- struct SessionHandle *data = state->conn->data;
- CURLcode res = CURLE_OK;
+ struct Curl_easy *data = state->conn->data;
+ CURLcode result = CURLE_OK;
/* Set ascii mode if -B flag was used */
if(data->set.prefer_ascii)
@@ -469,16 +468,16 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
if(state->retries>state->retry_max) {
state->error = TFTP_ERR_NORESPONSE;
state->state = TFTP_STATE_FIN;
- return res;
+ return result;
}
if(data->set.upload) {
/* If we are uploading, send an WRQ */
setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
state->conn->data->req.upload_fromhere =
- (char *)state->spacket.data+4;
- if(data->set.infilesize != -1)
- Curl_pgrsSetUploadSize(data, data->set.infilesize);
+ (char *)state->spacket.data + 4;
+ if(data->state.infilesize != -1)
+ Curl_pgrsSetUploadSize(data, data->state.infilesize);
}
else {
/* If we are downloading, send an RRQ */
@@ -487,42 +486,52 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
/* As RFC3617 describes the separator slash is not actually part of the
file name so we skip the always-present first letter of the path
string. */
- filename = curl_easy_unescape(data, &state->conn->data->state.path[1], 0,
- NULL);
- if(!filename)
- return CURLE_OUT_OF_MEMORY;
+ result = Curl_urldecode(data, &state->conn->data->state.path[1], 0,
+ &filename, NULL, FALSE);
+ if(result)
+ return result;
+
+ if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
+ failf(data, "TFTP file name too long\n");
+ free(filename);
+ return CURLE_TFTP_ILLEGAL; /* too long file name field */
+ }
- snprintf((char *)state->spacket.data+2,
+ snprintf((char *)state->spacket.data + 2,
state->blksize,
"%s%c%s%c", filename, '\0', mode, '\0');
sbytes = 4 + strlen(filename) + strlen(mode);
- /* add tsize option */
- if(data->set.upload && (data->set.infilesize != -1))
- snprintf( buf, sizeof(buf), "%" FORMAT_OFF_T, data->set.infilesize );
- else
- strcpy(buf, "0"); /* the destination is large enough */
-
- sbytes += tftp_option_add(state, sbytes,
- (char *)state->spacket.data+sbytes,
- TFTP_OPTION_TSIZE);
- sbytes += tftp_option_add(state, sbytes,
- (char *)state->spacket.data+sbytes, buf);
- /* add blksize option */
- snprintf( buf, sizeof(buf), "%d", state->requested_blksize );
- sbytes += tftp_option_add(state, sbytes,
- (char *)state->spacket.data+sbytes,
- TFTP_OPTION_BLKSIZE);
- sbytes += tftp_option_add(state, sbytes,
- (char *)state->spacket.data+sbytes, buf );
-
- /* add timeout option */
- snprintf( buf, sizeof(buf), "%d", state->retry_time);
- sbytes += tftp_option_add(state, sbytes,
- (char *)state->spacket.data+sbytes,
- TFTP_OPTION_INTERVAL);
- sbytes += tftp_option_add(state, sbytes,
- (char *)state->spacket.data+sbytes, buf );
+ /* optional addition of TFTP options */
+ if(!data->set.tftp_no_options) {
+ /* add tsize option */
+ if(data->set.upload && (data->state.infilesize != -1))
+ snprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
+ data->state.infilesize);
+ else
+ strcpy(buf, "0"); /* the destination is large enough */
+
+ sbytes += tftp_option_add(state, sbytes,
+ (char *)state->spacket.data + sbytes,
+ TFTP_OPTION_TSIZE);
+ sbytes += tftp_option_add(state, sbytes,
+ (char *)state->spacket.data + sbytes, buf);
+ /* add blksize option */
+ snprintf(buf, sizeof(buf), "%d", state->requested_blksize);
+ sbytes += tftp_option_add(state, sbytes,
+ (char *)state->spacket.data + sbytes,
+ TFTP_OPTION_BLKSIZE);
+ sbytes += tftp_option_add(state, sbytes,
+ (char *)state->spacket.data + sbytes, buf);
+
+ /* add timeout option */
+ snprintf(buf, sizeof(buf), "%d", state->retry_time);
+ sbytes += tftp_option_add(state, sbytes,
+ (char *)state->spacket.data + sbytes,
+ TFTP_OPTION_INTERVAL);
+ sbytes += tftp_option_add(state, sbytes,
+ (char *)state->spacket.data + sbytes, buf);
+ }
/* the typecase for the 3rd argument is mostly for systems that do
not have a size_t argument, like older unixes that want an 'int' */
@@ -533,24 +542,24 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
if(senddata != (ssize_t)sbytes) {
failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
}
- Curl_safefree(filename);
+ free(filename);
break;
case TFTP_EVENT_OACK:
if(data->set.upload) {
- res = tftp_connect_for_tx(state, event);
+ result = tftp_connect_for_tx(state, event);
}
else {
- res = tftp_connect_for_rx(state, event);
+ result = tftp_connect_for_rx(state, event);
}
break;
case TFTP_EVENT_ACK: /* Connected for transmit */
- res = tftp_connect_for_tx(state, event);
+ result = tftp_connect_for_tx(state, event);
break;
case TFTP_EVENT_DATA: /* Connected for receive */
- res = tftp_connect_for_rx(state, event);
+ result = tftp_connect_for_rx(state, event);
break;
case TFTP_EVENT_ERROR:
@@ -561,12 +570,13 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
failf(state->conn->data, "tftp_send_first: internal error");
break;
}
- return res;
+
+ return result;
}
/* the next blocknum is x + 1 but it needs to wrap at an unsigned 16bit
boundary */
-#define NEXT_BLOCKNUM(x) (((x)+1)&0xffff)
+#define NEXT_BLOCKNUM(x) (((x) + 1)&0xffff)
/**********************************************************
*
@@ -579,7 +589,7 @@ static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event)
{
ssize_t sbytes;
int rblock;
- struct SessionHandle *data = state->conn->data;
+ struct Curl_easy *data = state->conn->data;
switch(event) {
@@ -617,7 +627,7 @@ static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event)
}
/* Check if completed (That is, a less than full packet is received) */
- if(state->rbytes < (ssize_t)state->blksize+4) {
+ if(state->rbytes < (ssize_t)state->blksize + 4) {
state->state = TFTP_STATE_FIN;
}
else {
@@ -698,11 +708,12 @@ static CURLcode tftp_rx(tftp_state_data_t *state, tftp_event_t event)
**********************************************************/
static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
{
- struct SessionHandle *data = state->conn->data;
+ struct Curl_easy *data = state->conn->data;
ssize_t sbytes;
int rblock;
- CURLcode res = CURLE_OK;
+ CURLcode result = CURLE_OK;
struct SingleRequest *k = &data->req;
+ int cb; /* Bytes currently read */
switch(event) {
@@ -727,21 +738,22 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
if(state->retries>state->retry_max) {
failf(data, "tftp_tx: giving up waiting for block %d ack",
state->block);
- res = CURLE_SEND_ERROR;
+ result = CURLE_SEND_ERROR;
}
else {
/* Re-send the data packet */
sbytes = sendto(state->sockfd, (void *)state->spacket.data,
- 4+state->sbytes, SEND_4TH_ARG,
+ 4 + state->sbytes, SEND_4TH_ARG,
(struct sockaddr *)&state->remote_addr,
state->remote_addrlen);
/* Check all sbytes were sent */
if(sbytes<0) {
failf(data, "%s", Curl_strerror(state->conn, SOCKERRNO));
- res = CURLE_SEND_ERROR;
+ result = CURLE_SEND_ERROR;
}
}
- return res;
+
+ return result;
}
/* This is the expected packet. Reset the counters and send the next
block */
@@ -758,11 +770,24 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
state->state = TFTP_STATE_FIN;
return CURLE_OK;
}
- res = Curl_fillreadbuffer(state->conn, state->blksize, &state->sbytes);
- if(res)
- return res;
- sbytes = sendto(state->sockfd, (void *)state->spacket.data,
- 4+state->sbytes, SEND_4TH_ARG,
+
+ /* TFTP considers data block size < 512 bytes as an end of session. So
+ * in some cases we must wait for additional data to build full (512 bytes)
+ * data block.
+ * */
+ state->sbytes = 0;
+ state->conn->data->req.upload_fromhere = (char *)state->spacket.data + 4;
+ do {
+ result = Curl_fillreadbuffer(state->conn, state->blksize - state->sbytes,
+ &cb);
+ if(result)
+ return result;
+ state->sbytes += cb;
+ state->conn->data->req.upload_fromhere += cb;
+ } while(state->sbytes < state->blksize && cb != 0);
+
+ sbytes = sendto(state->sockfd, (void *) state->spacket.data,
+ 4 + state->sbytes, SEND_4TH_ARG,
(struct sockaddr *)&state->remote_addr,
state->remote_addrlen);
/* Check all sbytes were sent */
@@ -788,7 +813,7 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
else {
/* Re-send the data packet */
sbytes = sendto(state->sockfd, (void *)state->spacket.data,
- 4+state->sbytes, SEND_4TH_ARG,
+ 4 + state->sbytes, SEND_4TH_ARG,
(struct sockaddr *)&state->remote_addr,
state->remote_addrlen);
/* Check all sbytes were sent */
@@ -818,7 +843,7 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
break;
}
- return res;
+ return result;
}
/**********************************************************
@@ -830,48 +855,47 @@ static CURLcode tftp_tx(tftp_state_data_t *state, tftp_event_t event)
**********************************************************/
static CURLcode tftp_translate_code(tftp_error_t error)
{
- CURLcode code = CURLE_OK;
+ CURLcode result = CURLE_OK;
if(error != TFTP_ERR_NONE) {
switch(error) {
case TFTP_ERR_NOTFOUND:
- code = CURLE_TFTP_NOTFOUND;
+ result = CURLE_TFTP_NOTFOUND;
break;
case TFTP_ERR_PERM:
- code = CURLE_TFTP_PERM;
+ result = CURLE_TFTP_PERM;
break;
case TFTP_ERR_DISKFULL:
- code = CURLE_REMOTE_DISK_FULL;
+ result = CURLE_REMOTE_DISK_FULL;
break;
case TFTP_ERR_UNDEF:
case TFTP_ERR_ILLEGAL:
- code = CURLE_TFTP_ILLEGAL;
+ result = CURLE_TFTP_ILLEGAL;
break;
case TFTP_ERR_UNKNOWNID:
- code = CURLE_TFTP_UNKNOWNID;
+ result = CURLE_TFTP_UNKNOWNID;
break;
case TFTP_ERR_EXISTS:
- code = CURLE_REMOTE_FILE_EXISTS;
+ result = CURLE_REMOTE_FILE_EXISTS;
break;
case TFTP_ERR_NOSUCHUSER:
- code = CURLE_TFTP_NOSUCHUSER;
+ result = CURLE_TFTP_NOSUCHUSER;
break;
case TFTP_ERR_TIMEOUT:
- code = CURLE_OPERATION_TIMEDOUT;
+ result = CURLE_OPERATION_TIMEDOUT;
break;
case TFTP_ERR_NORESPONSE:
- code = CURLE_COULDNT_CONNECT;
+ result = CURLE_COULDNT_CONNECT;
break;
default:
- code= CURLE_ABORTED_BY_CALLBACK;
+ result = CURLE_ABORTED_BY_CALLBACK;
break;
}
}
- else {
- code = CURLE_OK;
- }
+ else
+ result = CURLE_OK;
- return(code);
+ return result;
}
/**********************************************************
@@ -884,20 +908,21 @@ static CURLcode tftp_translate_code(tftp_error_t error)
static CURLcode tftp_state_machine(tftp_state_data_t *state,
tftp_event_t event)
{
- CURLcode res = CURLE_OK;
- struct SessionHandle *data = state->conn->data;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = state->conn->data;
+
switch(state->state) {
case TFTP_STATE_START:
DEBUGF(infof(data, "TFTP_STATE_START\n"));
- res = tftp_send_first(state, event);
+ result = tftp_send_first(state, event);
break;
case TFTP_STATE_RX:
DEBUGF(infof(data, "TFTP_STATE_RX\n"));
- res = tftp_rx(state, event);
+ result = tftp_rx(state, event);
break;
case TFTP_STATE_TX:
DEBUGF(infof(data, "TFTP_STATE_TX\n"));
- res = tftp_tx(state, event);
+ result = tftp_tx(state, event);
break;
case TFTP_STATE_FIN:
infof(data, "%s\n", "TFTP finished");
@@ -905,10 +930,11 @@ static CURLcode tftp_state_machine(tftp_state_data_t *state,
default:
DEBUGF(infof(data, "STATE: %d\n", state->state));
failf(data, "%s", "Internal state machine error");
- res = CURLE_TFTP_ILLEGAL;
+ result = CURLE_TFTP_ILLEGAL;
break;
}
- return res;
+
+ return result;
}
/**********************************************************
@@ -942,7 +968,6 @@ static CURLcode tftp_disconnect(struct connectdata *conn, bool dead_connection)
**********************************************************/
static CURLcode tftp_connect(struct connectdata *conn, bool *done)
{
- CURLcode code;
tftp_state_data_t *state;
int blksize, rc;
@@ -955,7 +980,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
/* alloc pkt buffers based on specified blksize */
if(conn->data->set.tftp_blksize) {
blksize = (int)conn->data->set.tftp_blksize;
- if(blksize > TFTP_BLKSIZE_MAX || blksize < TFTP_BLKSIZE_MIN )
+ if(blksize > TFTP_BLKSIZE_MAX || blksize < TFTP_BLKSIZE_MIN)
return CURLE_TFTP_ILLEGAL;
}
@@ -973,9 +998,9 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
return CURLE_OUT_OF_MEMORY;
}
- conn->bits.close = TRUE; /* we don't keep TFTP connections up bascially
- because there's none or very little gain for UDP
- */
+ /* we don't keep TFTP connections up basically because there's none or very
+ * little gain for UDP */
+ connclose(conn, "TFTP");
state->conn = conn;
state->sockfd = state->conn->sock[FIRSTSOCKET];
@@ -1016,8 +1041,8 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
Curl_pgrsStartNow(conn->data);
*done = TRUE;
- code = CURLE_OK;
- return(code);
+
+ return CURLE_OK;
}
/**********************************************************
@@ -1030,7 +1055,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
static CURLcode tftp_done(struct connectdata *conn, CURLcode status,
bool premature)
{
- CURLcode code = CURLE_OK;
+ CURLcode result = CURLE_OK;
tftp_state_data_t *state = (tftp_state_data_t *)conn->proto.tftpc;
(void)status; /* unused */
@@ -1040,9 +1065,10 @@ static CURLcode tftp_done(struct connectdata *conn, CURLcode status,
return CURLE_ABORTED_BY_CALLBACK;
/* If we have encountered an error */
- code = tftp_translate_code(state->error);
+ if(state)
+ result = tftp_translate_code(state->error);
- return code;
+ return result;
}
/**********************************************************
@@ -1075,7 +1101,7 @@ static CURLcode tftp_receive_packet(struct connectdata *conn)
struct Curl_sockaddr_storage fromaddr;
curl_socklen_t fromlen;
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
tftp_state_data_t *state = (tftp_state_data_t *)conn->proto.tftpc;
struct SingleRequest *k = &data->req;
@@ -1083,11 +1109,11 @@ static CURLcode tftp_receive_packet(struct connectdata *conn)
fromlen = sizeof(fromaddr);
state->rbytes = (int)recvfrom(state->sockfd,
(void *)state->rpacket.data,
- state->blksize+4,
+ state->blksize + 4,
0,
(struct sockaddr *)&fromaddr,
&fromlen);
- if(state->remote_addrlen==0) {
+ if(state->remote_addrlen == 0) {
memcpy(&state->remote_addr, &fromaddr, fromlen);
state->remote_addrlen = fromlen;
}
@@ -1100,7 +1126,8 @@ static CURLcode tftp_receive_packet(struct connectdata *conn)
}
else {
/* The event is given by the TFTP packet time */
- state->event = (tftp_event_t)getrpacketevent(&state->rpacket);
+ unsigned short event = getrpacketevent(&state->rpacket);
+ state->event = (tftp_event_t)event;
switch(state->event) {
case TFTP_EVENT_DATA:
@@ -1108,7 +1135,7 @@ static CURLcode tftp_receive_packet(struct connectdata *conn)
if(state->rbytes > 4 &&
(NEXT_BLOCKNUM(state->block) == getrpacketblock(&state->rpacket))) {
result = Curl_client_write(conn, CLIENTWRITE_BODY,
- (char *)state->rpacket.data+4,
+ (char *)state->rpacket.data + 4,
state->rbytes-4);
if(result) {
tftp_state_machine(state, TFTP_EVENT_ERROR);
@@ -1119,14 +1146,17 @@ static CURLcode tftp_receive_packet(struct connectdata *conn)
}
break;
case TFTP_EVENT_ERROR:
- state->error = (tftp_error_t)getrpacketblock(&state->rpacket);
- infof(data, "%s\n", (const char *)state->rpacket.data+4);
+ {
+ unsigned short error = getrpacketblock(&state->rpacket);
+ state->error = (tftp_error_t)error;
+ infof(data, "%s\n", (const char *)state->rpacket.data + 4);
break;
+ }
case TFTP_EVENT_ACK:
break;
case TFTP_EVENT_OACK:
result = tftp_parse_option_ack(state,
- (const char *)state->rpacket.data+2,
+ (const char *)state->rpacket.data + 2,
state->rbytes-2);
if(result)
return result;
@@ -1170,7 +1200,7 @@ static long tftp_state_timeout(struct connectdata *conn, tftp_event_t *event)
state->state = TFTP_STATE_FIN;
return 0;
}
- else if(current > state->rx_time+state->retry_time) {
+ if(current > state->rx_time + state->retry_time) {
if(event)
*event = TFTP_EVENT_TIMEOUT;
time(&state->rx_time); /* update even though we received nothing */
@@ -1194,7 +1224,7 @@ static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done)
int rc;
tftp_event_t event;
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
tftp_state_data_t *state = (tftp_state_data_t *)conn->proto.tftpc;
long timeout_ms = tftp_state_timeout(conn, &event);
@@ -1204,10 +1234,10 @@ static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done)
failf(data, "TFTP response timeout");
return CURLE_OPERATION_TIMEDOUT;
}
- else if(event != TFTP_EVENT_NONE) {
+ if(event != TFTP_EVENT_NONE) {
result = tftp_state_machine(state, event);
- if(result != CURLE_OK)
- return(result);
+ if(result)
+ return result;
*done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE;
if(*done)
/* Tell curl we're done */
@@ -1215,7 +1245,7 @@ static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done)
}
else {
/* no timeouts to handle, check our socket */
- rc = Curl_socket_ready(state->sockfd, CURL_SOCKET_BAD, 0);
+ rc = SOCKET_READABLE(state->sockfd, 0);
if(rc == -1) {
/* bail out */
@@ -1225,11 +1255,11 @@ static CURLcode tftp_multi_statemach(struct connectdata *conn, bool *done)
}
else if(rc != 0) {
result = tftp_receive_packet(conn);
- if(result != CURLE_OK)
- return(result);
+ if(result)
+ return result;
result = tftp_state_machine(state, state->event);
- if(result != CURLE_OK)
- return(result);
+ if(result)
+ return result;
*done = (state->state == TFTP_STATE_FIN) ? TRUE : FALSE;
if(*done)
/* Tell curl we're done */
@@ -1256,14 +1286,14 @@ static CURLcode tftp_doing(struct connectdata *conn, bool *dophase_done)
if(*dophase_done) {
DEBUGF(infof(conn->data, "DO phase is complete\n"));
}
- else {
+ else if(!result) {
/* The multi code doesn't have this logic for the DOING state so we
provide it for TFTP since it may do the entire transfer in this
state. */
if(Curl_pgrsUpdate(conn))
result = CURLE_ABORTED_BY_CALLBACK;
else
- result = Curl_speedcheck(conn->data, Curl_tvnow());
+ result = Curl_speedcheck(conn->data, Curl_now());
}
return result;
}
@@ -1284,8 +1314,8 @@ static CURLcode tftp_perform(struct connectdata *conn, bool *dophase_done)
result = tftp_state_machine(state, TFTP_EVENT_INIT);
- if(state->state == TFTP_STATE_FIN || result != CURLE_OK)
- return(result);
+ if((state->state == TFTP_STATE_FIN) || result)
+ return result;
tftp_multi_statemach(conn, dophase_done);
@@ -1308,33 +1338,36 @@ static CURLcode tftp_perform(struct connectdata *conn, bool *dophase_done)
static CURLcode tftp_do(struct connectdata *conn, bool *done)
{
- tftp_state_data_t *state;
- CURLcode code;
+ tftp_state_data_t *state;
+ CURLcode result;
*done = FALSE;
if(!conn->proto.tftpc) {
- code = tftp_connect(conn, done);
- if(code)
- return code;
+ result = tftp_connect(conn, done);
+ if(result)
+ return result;
}
+
state = (tftp_state_data_t *)conn->proto.tftpc;
+ if(!state)
+ return CURLE_TFTP_ILLEGAL;
- code = tftp_perform(conn, done);
+ result = tftp_perform(conn, done);
/* If tftp_perform() returned an error, use that for return code. If it
was OK, see if tftp_translate_code() has an error. */
- if(code == CURLE_OK)
+ if(!result)
/* If we have encountered an internal tftp error, translate it. */
- code = tftp_translate_code(state->error);
+ result = tftp_translate_code(state->error);
- return code;
+ return result;
}
static CURLcode tftp_setup_connection(struct connectdata * conn)
{
- struct SessionHandle *data = conn->data;
- char * type;
+ struct Curl_easy *data = conn->data;
+ char *type;
char command;
conn->socktype = SOCK_DGRAM; /* UDP datagram based */
@@ -1350,7 +1383,7 @@ static CURLcode tftp_setup_connection(struct connectdata * conn)
*type = 0; /* it was in the middle of the hostname */
command = Curl_raw_toupper(type[6]);
- switch (command) {
+ switch(command) {
case 'A': /* ASCII mode */
case 'N': /* NETASCII mode */
data->set.prefer_ascii = TRUE;
diff --git a/libs/libcurl/src/tftp.h b/libs/libcurl/src/tftp.h
index 117b40f62d..c2325b2327 100644
--- a/libs/libcurl/src/tftp.h
+++ b/libs/libcurl/src/tftp.h
@@ -11,7 +11,7 @@
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
diff --git a/libs/libcurl/src/timeval.c b/libs/libcurl/src/timeval.c
index 2fd7201448..66f923a8ee 100644
--- a/libs/libcurl/src/timeval.c
+++ b/libs/libcurl/src/timeval.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,23 +24,31 @@
#if defined(WIN32) && !defined(MSDOS)
-struct timeval curlx_tvnow(void)
+struct curltime Curl_now(void)
{
/*
** GetTickCount() is available on _all_ Windows versions from W95 up
** to nowadays. Returns milliseconds elapsed since last system boot,
** increases monotonically and wraps once 49.7 days have elapsed.
*/
- struct timeval now;
+ struct curltime now;
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_VISTA) || \
+ (_WIN32_WINNT < _WIN32_WINNT_VISTA)
DWORD milliseconds = GetTickCount();
now.tv_sec = milliseconds / 1000;
now.tv_usec = (milliseconds % 1000) * 1000;
+#else
+ ULONGLONG milliseconds = GetTickCount64();
+ now.tv_sec = (time_t) (milliseconds / 1000);
+ now.tv_usec = (unsigned int) (milliseconds % 1000) * 1000;
+#endif
+
return now;
}
#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC)
-struct timeval curlx_tvnow(void)
+struct curltime Curl_now(void)
{
/*
** clock_gettime() is granted to be increased monotonically when the
@@ -50,10 +58,11 @@ struct timeval curlx_tvnow(void)
** system has started up.
*/
struct timeval now;
+ struct curltime cnow;
struct timespec tsnow;
if(0 == clock_gettime(CLOCK_MONOTONIC, &tsnow)) {
- now.tv_sec = tsnow.tv_sec;
- now.tv_usec = tsnow.tv_nsec / 1000;
+ cnow.tv_sec = tsnow.tv_sec;
+ cnow.tv_usec = (unsigned int)(tsnow.tv_nsec / 1000);
}
/*
** Even when the configure process has truly detected monotonic clock
@@ -61,20 +70,54 @@ struct timeval curlx_tvnow(void)
** run-time. When this occurs simply fallback to other time source.
*/
#ifdef HAVE_GETTIMEOFDAY
- else
+ else {
(void)gettimeofday(&now, NULL);
+ cnow.tv_sec = now.tv_sec;
+ cnow.tv_usec = (unsigned int)now.tv_usec;
+ }
#else
else {
- now.tv_sec = (long)time(NULL);
- now.tv_usec = 0;
+ cnow.tv_sec = time(NULL);
+ cnow.tv_usec = 0;
}
#endif
- return now;
+ return cnow;
+}
+
+#elif defined(HAVE_MACH_ABSOLUTE_TIME)
+
+#include <stdint.h>
+#include <mach/mach_time.h>
+
+struct curltime Curl_now(void)
+{
+ /*
+ ** Monotonic timer on Mac OS is provided by mach_absolute_time(), which
+ ** returns time in Mach "absolute time units," which are platform-dependent.
+ ** To convert to nanoseconds, one must use conversion factors specified by
+ ** mach_timebase_info().
+ */
+ static mach_timebase_info_data_t timebase;
+ struct curltime cnow;
+ uint64_t usecs;
+
+ if(0 == timebase.denom)
+ (void) mach_timebase_info(&timebase);
+
+ usecs = mach_absolute_time();
+ usecs *= timebase.numer;
+ usecs /= timebase.denom;
+ usecs /= 1000;
+
+ cnow.tv_sec = usecs / 1000000;
+ cnow.tv_usec = usecs % 1000000;
+
+ return cnow;
}
#elif defined(HAVE_GETTIMEOFDAY)
-struct timeval curlx_tvnow(void)
+struct curltime Curl_now(void)
{
/*
** gettimeofday() is not granted to be increased monotonically, due to
@@ -82,53 +125,62 @@ struct timeval curlx_tvnow(void)
** forward or backward in time.
*/
struct timeval now;
+ struct curltime ret;
(void)gettimeofday(&now, NULL);
- return now;
+ ret.tv_sec = now.tv_sec;
+ ret.tv_usec = now.tv_usec;
+ return ret;
}
#else
-struct timeval curlx_tvnow(void)
+struct curltime Curl_now(void)
{
/*
** time() returns the value of time in seconds since the Epoch.
*/
- struct timeval now;
- now.tv_sec = (long)time(NULL);
+ struct curltime now;
+ now.tv_sec = time(NULL);
now.tv_usec = 0;
return now;
}
#endif
+#if SIZEOF_TIME_T < 8
+#define TIME_MAX INT_MAX
+#define TIME_MIN INT_MIN
+#else
+#define TIME_MAX 9223372036854775807LL
+#define TIME_MIN -9223372036854775807LL
+#endif
+
/*
- * Make sure that the first argument is the more recent time, as otherwise
- * we'll get a weird negative time-diff back...
+ * Returns: time difference in number of milliseconds. For too large diffs it
+ * returns max value.
*
- * Returns: the time difference in number of milliseconds.
+ * @unittest: 1323
*/
-long curlx_tvdiff(struct timeval newer, struct timeval older)
+timediff_t Curl_timediff(struct curltime newer, struct curltime older)
{
- return (newer.tv_sec-older.tv_sec)*1000+
- (newer.tv_usec-older.tv_usec)/1000;
+ timediff_t diff = newer.tv_sec-older.tv_sec;
+ if(diff >= (TIME_MAX/1000))
+ return TIME_MAX;
+ else if(diff <= (TIME_MIN/1000))
+ return TIME_MIN;
+ return diff * 1000 + (newer.tv_usec-older.tv_usec)/1000;
}
/*
- * Same as curlx_tvdiff but with full usec resolution.
- *
- * Returns: the time difference in seconds with subsecond resolution.
+ * Returns: time difference in number of microseconds. For too large diffs it
+ * returns max value.
*/
-double curlx_tvdiff_secs(struct timeval newer, struct timeval older)
-{
- if(newer.tv_sec != older.tv_sec)
- return (double)(newer.tv_sec-older.tv_sec)+
- (double)(newer.tv_usec-older.tv_usec)/1000000.0;
- else
- return (double)(newer.tv_usec-older.tv_usec)/1000000.0;
-}
-
-/* return the number of seconds in the given input timeval struct */
-long Curl_tvlong(struct timeval t1)
+timediff_t Curl_timediff_us(struct curltime newer, struct curltime older)
{
- return t1.tv_sec;
+ timediff_t diff = newer.tv_sec-older.tv_sec;
+ if(diff >= (TIME_MAX/1000000))
+ return TIME_MAX;
+ else if(diff <= (TIME_MIN/1000000))
+ return TIME_MIN;
+ return diff * 1000000 + newer.tv_usec-older.tv_usec;
}
diff --git a/libs/libcurl/src/timeval.h b/libs/libcurl/src/timeval.h
index 3f1b9ea70d..fb3f680c40 100644
--- a/libs/libcurl/src/timeval.h
+++ b/libs/libcurl/src/timeval.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,14 +22,20 @@
*
***************************************************************************/
-/*
- * CAUTION: this header is designed to work when included by the app-side
- * as well as the library. Do not mix with library internals!
- */
-
#include "curl_setup.h"
-struct timeval curlx_tvnow(void);
+#if SIZEOF_TIME_T < 8
+typedef int timediff_t;
+#else
+typedef curl_off_t timediff_t;
+#endif
+
+struct curltime {
+ time_t tv_sec; /* seconds */
+ int tv_usec; /* microseconds */
+};
+
+struct curltime Curl_now(void);
/*
* Make sure that the first argument (t1) is the more recent time and t2 is
@@ -37,22 +43,14 @@ struct timeval curlx_tvnow(void);
*
* Returns: the time difference in number of milliseconds.
*/
-long curlx_tvdiff(struct timeval t1, struct timeval t2);
+timediff_t Curl_timediff(struct curltime t1, struct curltime t2);
/*
- * Same as curlx_tvdiff but with full usec resolution.
+ * Make sure that the first argument (t1) is the more recent time and t2 is
+ * the older time, as otherwise you get a weird negative time-diff back...
*
- * Returns: the time difference in seconds with subsecond resolution.
+ * Returns: the time difference in number of microseconds.
*/
-double curlx_tvdiff_secs(struct timeval t1, struct timeval t2);
-
-long Curl_tvlong(struct timeval t1);
-
-/* These two defines below exist to provide the older API for library
- internals only. */
-#define Curl_tvnow() curlx_tvnow()
-#define Curl_tvdiff(x,y) curlx_tvdiff(x,y)
-#define Curl_tvdiff_secs(x,y) curlx_tvdiff_secs(x,y)
+timediff_t Curl_timediff_us(struct curltime newer, struct curltime older);
#endif /* HEADER_CURL_TIMEVAL_H */
-
diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c
index 533e394b6b..8f15b1a152 100644
--- a/libs/libcurl/src/transfer.c
+++ b/libs/libcurl/src/transfer.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -21,10 +21,7 @@
***************************************************************************/
#include "curl_setup.h"
-
#include "strtoofft.h"
-#include "strequal.h"
-#include "rawstr.h"
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
@@ -70,24 +67,43 @@
#include "http.h"
#include "url.h"
#include "getinfo.h"
-#include "sslgen.h"
-#include "http_digest.h"
-#include "curl_ntlm.h"
-#include "http_negotiate.h"
-#include "share.h"
-#include "curl_memory.h"
+#include "vtls/vtls.h"
#include "select.h"
#include "multiif.h"
#include "connect.h"
#include "non-ascii.h"
+#include "http2.h"
+#include "mime.h"
+#include "strcase.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
#include "memdebug.h"
-#define CURL_TIMEOUT_EXPECT_100 1000 /* counting ms here */
+#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) || \
+ !defined(CURL_DISABLE_IMAP)
+/*
+ * checkheaders() checks the linked list of custom headers for a
+ * particular header (prefix).
+ *
+ * Returns a pointer to the first matching header or NULL if none matched.
+ */
+char *Curl_checkheaders(const struct connectdata *conn,
+ const char *thisheader)
+{
+ struct curl_slist *head;
+ size_t thislen = strlen(thisheader);
+ struct Curl_easy *data = conn->data;
+
+ for(head = data->set.headers; head; head = head->next) {
+ if(strncasecompare(head->data, thisheader, thislen))
+ return head->data;
+ }
+
+ return NULL;
+}
+#endif
/*
* This function will call the read callback to fill our buffer with data
@@ -95,13 +111,13 @@
*/
CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
size_t buffersize = (size_t)bytes;
int nread;
#ifdef CURL_DOES_CONVERSIONS
bool sending_http_headers = FALSE;
- if(conn->handler->protocol&(CURLPROTO_HTTP|CURLPROTO_RTSP)) {
+ if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) {
const struct HTTP *http = data->req.protop;
if(http->sending == HTTPSEND_REQUEST)
@@ -119,23 +135,33 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
/* this function returns a size_t, so we typecast to int to prevent warnings
with picky compilers */
- nread = (int)conn->fread_func(data->req.upload_fromhere, 1,
- buffersize, conn->fread_in);
+ nread = (int)data->state.fread_func(data->req.upload_fromhere, 1,
+ buffersize, data->state.in);
if(nread == CURL_READFUNC_ABORT) {
failf(data, "operation aborted by callback");
*nreadp = 0;
return CURLE_ABORTED_BY_CALLBACK;
}
- else if(nread == CURL_READFUNC_PAUSE) {
+ if(nread == CURL_READFUNC_PAUSE) {
struct SingleRequest *k = &data->req;
+
+ if(conn->handler->flags & PROTOPT_NONETWORK) {
+ /* protocols that work without network cannot be paused. This is
+ actually only FILE:// just now, and it can't pause since the transfer
+ isn't done using the "normal" procedure. */
+ failf(data, "Read callback asked for PAUSE when not supported!");
+ return CURLE_READ_ERROR;
+ }
+
/* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */
k->keepon |= KEEP_SEND_PAUSE; /* mark socket send as paused */
if(data->req.upload_chunky) {
- /* Back out the preallocation done above */
+ /* Back out the preallocation done above */
data->req.upload_fromhere -= (8 + 2);
}
*nreadp = 0;
+
return CURLE_OK; /* nothing was read */
}
else if((size_t)nread > buffersize) {
@@ -195,35 +221,38 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
strlen(endofline_network));
#ifdef CURL_DOES_CONVERSIONS
- CURLcode res;
- int length;
- if(data->set.prefer_ascii) {
- /* translate the protocol and data */
- length = nread;
- }
- else {
- /* just translate the protocol portion */
- length = strlen(hexbuffer);
+ {
+ CURLcode result;
+ int length;
+ if(data->set.prefer_ascii)
+ /* translate the protocol and data */
+ length = nread;
+ else
+ /* just translate the protocol portion */
+ length = (int)strlen(hexbuffer);
+ result = Curl_convert_to_network(data, data->req.upload_fromhere,
+ length);
+ /* Curl_convert_to_network calls failf if unsuccessful */
+ if(result)
+ return result;
}
- res = Curl_convert_to_network(data, data->req.upload_fromhere, length);
- /* Curl_convert_to_network calls failf if unsuccessful */
- if(res)
- return(res);
#endif /* CURL_DOES_CONVERSIONS */
- if((nread - hexlen) == 0)
+ if((nread - hexlen) == 0) {
/* mark this as done once this chunk is transferred */
data->req.upload_done = TRUE;
+ infof(data, "Signaling end of chunked upload via terminating chunk.\n");
+ }
- nread+=(int)strlen(endofline_native); /* for the added end of line */
+ nread += (int)strlen(endofline_native); /* for the added end of line */
}
#ifdef CURL_DOES_CONVERSIONS
else if((data->set.prefer_ascii) && (!sending_http_headers)) {
- CURLcode res;
- res = Curl_convert_to_network(data, data->req.upload_fromhere, nread);
+ CURLcode result;
+ result = Curl_convert_to_network(data, data->req.upload_fromhere, nread);
/* Curl_convert_to_network calls failf if unsuccessful */
- if(res != CURLE_OK)
- return(res);
+ if(result)
+ return result;
}
#endif /* CURL_DOES_CONVERSIONS */
@@ -240,7 +269,8 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
*/
CURLcode Curl_readrewind(struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
+ curl_mimepart *mimepart = &data->set.mimepost;
conn->bits.rewindaftersend = FALSE; /* we rewind now */
@@ -253,9 +283,21 @@ CURLcode Curl_readrewind(struct connectdata *conn)
/* We have sent away data. If not using CURLOPT_POSTFIELDS or
CURLOPT_HTTPPOST, call app to rewind
*/
- if(data->set.postfields ||
- (data->set.httpreq == HTTPREQ_POST_FORM))
+ if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
+ struct HTTP *http = data->req.protop;
+
+ if(http->sendit)
+ mimepart = http->sendit;
+ }
+ if(data->set.postfields)
; /* do nothing */
+ else if(data->set.httpreq == HTTPREQ_POST_MIME ||
+ data->set.httpreq == HTTPREQ_POST_FORM) {
+ if(Curl_mime_rewind(mimepart)) {
+ failf(data, "Cannot rewind mime/post data");
+ return CURLE_SEND_FAIL_REWIND;
+ }
+ }
else {
if(data->set.seek_func) {
int err;
@@ -283,8 +325,8 @@ CURLcode Curl_readrewind(struct connectdata *conn)
/* If no CURLOPT_READFUNCTION is used, we know that we operate on a
given FILE * stream and we can actually attempt to rewind that
ourselves with fseek() */
- if(data->set.fread_func == (curl_read_callback)fread) {
- if(-1 != fseek(data->set.in, 0, SEEK_SET))
+ if(data->state.fread_func == (curl_read_callback)fread) {
+ if(-1 != fseek(data->state.in, 0, SEEK_SET))
/* successful rewind */
return CURLE_OK;
}
@@ -302,7 +344,19 @@ static int data_pending(const struct connectdata *conn)
/* in the case of libssh2, we can never be really sure that we have emptied
its internal buffers so we MUST always try until we get EAGAIN back */
return conn->handler->protocol&(CURLPROTO_SCP|CURLPROTO_SFTP) ||
+#if defined(USE_NGHTTP2)
+ Curl_ssl_data_pending(conn, FIRSTSOCKET) ||
+ /* For HTTP/2, we may read up everything including responde body
+ with header fields in Curl_http_readwrite_headers. If no
+ content-length is provided, curl waits for the connection
+ close, which we emulate it using conn->proto.httpc.closed =
+ TRUE. The thing is if we read everything, then http2_recv won't
+ be called and we cannot signal the HTTP/2 stream has closed. As
+ a workaround, we return nonzero here to call http2_recv. */
+ ((conn->handler->protocol&PROTO_FAMILY_HTTP) && conn->httpversion == 20);
+#else
Curl_ssl_data_pending(conn, FIRSTSOCKET);
+#endif
}
static void read_rewind(struct connectdata *conn,
@@ -338,7 +392,7 @@ static void read_rewind(struct connectdata *conn,
* Check to see if CURLOPT_TIMECONDITION was met by comparing the time of the
* remote document with the time provided by CURLOPT_TIMEVAL
*/
-bool Curl_meets_timecondition(struct SessionHandle *data, time_t timeofdoc)
+bool Curl_meets_timecondition(struct Curl_easy *data, time_t timeofdoc)
{
if((timeofdoc == 0) || (data->set.timevalue == 0))
return TRUE;
@@ -370,28 +424,44 @@ bool Curl_meets_timecondition(struct SessionHandle *data, time_t timeofdoc)
* Go ahead and do a read if we have a readable socket or if
* the stream was rewound (in which case we have data in a
* buffer)
+ *
+ * return '*comeback' TRUE if we didn't properly drain the socket so this
+ * function should get called again without select() or similar in between!
*/
-static CURLcode readwrite_data(struct SessionHandle *data,
+static CURLcode readwrite_data(struct Curl_easy *data,
struct connectdata *conn,
struct SingleRequest *k,
- int *didwhat, bool *done)
+ int *didwhat, bool *done,
+ bool *comeback)
{
CURLcode result = CURLE_OK;
ssize_t nread; /* number of bytes read */
size_t excess = 0; /* excess bytes read */
bool is_empty_data = FALSE;
bool readmore = FALSE; /* used by RTP to signal for more data */
+ int maxloops = 100;
*done = FALSE;
+ *comeback = FALSE;
/* This is where we loop until we have read everything there is to
read or we get a CURLE_AGAIN */
do {
- size_t buffersize = data->set.buffer_size?
- data->set.buffer_size : BUFSIZE;
+ size_t buffersize = data->set.buffer_size;
size_t bytestoread = buffersize;
- if(k->size != -1 && !k->header) {
+ if(
+#if defined(USE_NGHTTP2)
+ /* For HTTP/2, read data without caring about the content
+ length. This is safe because body in HTTP/2 is always
+ segmented thanks to its framing layer. Meanwhile, we have to
+ call Curl_read to ensure that http2_handle_stream_close is
+ called when we read all incoming bytes for a particular
+ stream. */
+ !((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+ conn->httpversion == 20) &&
+#endif
+ k->size != -1 && !k->header) {
/* make sure we don't read "too much" if we can help it since we
might be pipelining and then someone else might want to read what
follows! */
@@ -414,6 +484,7 @@ static CURLcode readwrite_data(struct SessionHandle *data,
else {
/* read nothing but since we wanted nothing we consider this an OK
situation to proceed from */
+ DEBUGF(infof(data, "readwrite_data: we're done!\n"));
nread = 0;
}
@@ -421,7 +492,7 @@ static CURLcode readwrite_data(struct SessionHandle *data,
Curl_pgrsTime(data, TIMER_STARTTRANSFER);
if(k->exp100 > EXP100_SEND_DATA)
/* set time stamp to compare with when waiting for the 100 */
- k->start100 = Curl_tvnow();
+ k->start100 = Curl_now();
}
*didwhat |= KEEP_RECV;
@@ -475,7 +546,7 @@ static CURLcode readwrite_data(struct SessionHandle *data,
/* We've stopped dealing with input, get out of the do-while loop */
if(nread > 0) {
- if(Curl_multi_pipeline_enabled(conn->data->multi)) {
+ if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) {
infof(data,
"Rewinding stream by : %zd"
" bytes on url %s (zero-length body)\n",
@@ -502,11 +573,18 @@ static CURLcode readwrite_data(struct SessionHandle *data,
is non-headers. */
if(k->str && !k->header && (nread > 0 || is_empty_data)) {
+ if(data->set.opt_no_body) {
+ /* data arrives although we want none, bail out */
+ streamclose(conn, "ignoring body");
+ *done = TRUE;
+ return CURLE_WEIRD_SERVER_REPLY;
+ }
+
#ifndef CURL_DISABLE_HTTP
if(0 == k->bodywrites && !is_empty_data) {
/* These checks are only made the first time we are about to
write a piece of the body */
- if(conn->handler->protocol&(CURLPROTO_HTTP|CURLPROTO_RTSP)) {
+ if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) {
/* HTTP-only checks */
if(data->req.newurl) {
@@ -524,8 +602,20 @@ static CURLcode readwrite_data(struct SessionHandle *data,
infof(data, "Ignoring the response-body\n");
}
if(data->state.resume_from && !k->content_range &&
- (data->set.httpreq==HTTPREQ_GET) &&
+ (data->set.httpreq == HTTPREQ_GET) &&
!k->ignorebody) {
+
+ if(k->size == data->state.resume_from) {
+ /* The resume point is at the end of file, consider this fine
+ even if it doesn't allow resume from here. */
+ infof(data, "The entire document is already downloaded");
+ connclose(conn, "already downloaded");
+ /* Abort download */
+ k->keepon &= ~KEEP_RECV;
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
/* we wanted to resume a download, although the server doesn't
* seem to support this and we did this with a GET (if it
* wasn't a GET we did a POST or PUT resume) */
@@ -548,7 +638,7 @@ static CURLcode readwrite_data(struct SessionHandle *data,
infof(data, "Simulate a HTTP 304 response!\n");
/* we abort the transfer before it is completed == we ruin the
re-use ability. Close the connection */
- conn->bits.close = TRUE;
+ connclose(conn, "Simulated 304 handling");
return CURLE_OK;
}
} /* we have a time condition */
@@ -590,10 +680,10 @@ static CURLcode readwrite_data(struct SessionHandle *data,
failf(data, "Failed writing data");
return CURLE_WRITE_ERROR;
}
- failf(data, "Problem (%d) in the Chunked-Encoded data", (int)res);
+ failf(data, "%s in chunked-encoding", Curl_chunked_strerror(res));
return CURLE_RECV_ERROR;
}
- else if(CHUNKE_STOP == res) {
+ if(CHUNKE_STOP == res) {
size_t dataleft;
/* we're done reading chunks! */
k->keepon &= ~KEEP_RECV; /* read no more */
@@ -608,7 +698,7 @@ static CURLcode readwrite_data(struct SessionHandle *data,
if(dataleft != 0) {
infof(conn->data, "Leftovers after chunking: %zu bytes\n",
dataleft);
- if(Curl_multi_pipeline_enabled(conn->data->multi)) {
+ if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) {
/* only attempt the rewind if we truly are pipelining */
infof(conn->data, "Rewinding %zu bytes\n",dataleft);
read_rewind(conn, dataleft);
@@ -631,14 +721,12 @@ static CURLcode readwrite_data(struct SessionHandle *data,
excess = (size_t)(k->bytecount + nread - k->maxdownload);
if(excess > 0 && !k->ignorebody) {
- if(Curl_multi_pipeline_enabled(conn->data->multi)) {
- /* The 'excess' amount below can't be more than BUFSIZE which
- always will fit in a size_t */
+ if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) {
infof(data,
"Rewinding stream by : %zu"
- " bytes on url %s (size = %" FORMAT_OFF_T
- ", maxdownload = %" FORMAT_OFF_T
- ", bytecount = %" FORMAT_OFF_T ", nread = %zd)\n",
+ " bytes on url %s (size = %" CURL_FORMAT_CURL_OFF_T
+ ", maxdownload = %" CURL_FORMAT_CURL_OFF_T
+ ", bytecount = %" CURL_FORMAT_CURL_OFF_T ", nread = %zd)\n",
excess, data->state.path,
k->size, k->maxdownload, k->bytecount, nread);
read_rewind(conn, excess);
@@ -647,15 +735,15 @@ static CURLcode readwrite_data(struct SessionHandle *data,
infof(data,
"Excess found in a non pipelined read:"
" excess = %zu"
- ", size = %" FORMAT_OFF_T
- ", maxdownload = %" FORMAT_OFF_T
- ", bytecount = %" FORMAT_OFF_T "\n",
+ ", size = %" CURL_FORMAT_CURL_OFF_T
+ ", maxdownload = %" CURL_FORMAT_CURL_OFF_T
+ ", bytecount = %" CURL_FORMAT_CURL_OFF_T "\n",
excess, k->size, k->maxdownload, k->bytecount);
}
}
nread = (ssize_t) (k->maxdownload - k->bytecount);
- if(nread < 0 ) /* this should be unusual */
+ if(nread < 0) /* this should be unusual */
nread = 0;
k->keepon &= ~KEEP_RECV; /* we're done reading */
@@ -691,49 +779,19 @@ static CURLcode readwrite_data(struct SessionHandle *data,
in http_chunks.c.
Make sure that ALL_CONTENT_ENCODINGS contains all the
encodings handled here. */
-#ifdef HAVE_LIBZ
- switch (conn->data->set.http_ce_skip ?
- IDENTITY : k->auto_decoding) {
- case IDENTITY:
-#endif
- /* This is the default when the server sends no
- Content-Encoding header. See Curl_readwrite_init; the
- memset() call initializes k->auto_decoding to zero. */
+ if(conn->data->set.http_ce_skip || !k->writer_stack) {
if(!k->ignorebody) {
-
#ifndef CURL_DISABLE_POP3
- if(conn->handler->protocol&CURLPROTO_POP3)
+ if(conn->handler->protocol & PROTO_FAMILY_POP3)
result = Curl_pop3_write(conn, k->str, nread);
else
#endif /* CURL_DISABLE_POP3 */
-
result = Curl_client_write(conn, CLIENTWRITE_BODY, k->str,
nread);
}
-#ifdef HAVE_LIBZ
- break;
-
- case DEFLATE:
- /* Assume CLIENTWRITE_BODY; headers are not encoded. */
- if(!k->ignorebody)
- result = Curl_unencode_deflate_write(conn, k, nread);
- break;
-
- case GZIP:
- /* Assume CLIENTWRITE_BODY; headers are not encoded. */
- if(!k->ignorebody)
- result = Curl_unencode_gzip_write(conn, k, nread);
- break;
-
- case COMPRESS:
- default:
- failf (data, "Unrecognized content encoding type. "
- "libcurl understands `identity', `deflate' and `gzip' "
- "content encodings.");
- result = CURLE_BAD_CONTENT_ENCODING;
- break;
}
-#endif
+ else
+ result = Curl_unencode_write(conn, k->writer_stack, k->str, nread);
}
k->badheader = HEADER_NORMAL; /* taken care of now */
@@ -741,7 +799,7 @@ static CURLcode readwrite_data(struct SessionHandle *data,
return result;
}
- } /* if(! header and data to read ) */
+ } /* if(!header and data to read) */
if(conn->handler->readwrite &&
(excess > 0 && !conn->bits.stream_was_rewound)) {
@@ -764,10 +822,16 @@ static CURLcode readwrite_data(struct SessionHandle *data,
k->keepon &= ~KEEP_RECV;
}
- } while(data_pending(conn));
+ } while(data_pending(conn) && maxloops--);
+
+ if(maxloops <= 0) {
+ /* we mark it as read-again-please */
+ conn->cselect_bits = CURL_CSELECT_IN;
+ *comeback = TRUE;
+ }
if(((k->keepon & (KEEP_RECV|KEEP_SEND)) == KEEP_SEND) &&
- conn->bits.close ) {
+ conn->bits.close) {
/* When we've read the entire thing and the close bit is set, the server
may now close the connection. If there's now any kind of sending going
on from our side, we need to stop that immediately. */
@@ -778,12 +842,27 @@ static CURLcode readwrite_data(struct SessionHandle *data,
return CURLE_OK;
}
+static CURLcode done_sending(struct connectdata *conn,
+ struct SingleRequest *k)
+{
+ k->keepon &= ~KEEP_SEND; /* we're done writing */
+
+ Curl_http2_done_sending(conn);
+
+ if(conn->bits.rewindaftersend) {
+ CURLcode result = Curl_readrewind(conn);
+ if(result)
+ return result;
+ }
+ return CURLE_OK;
+}
+
+
/*
* Send data to upload to the server, when the socket is writable.
*/
-static CURLcode readwrite_upload(struct SessionHandle *data,
+static CURLcode readwrite_upload(struct Curl_easy *data,
struct connectdata *conn,
- struct SingleRequest *k,
int *didwhat)
{
ssize_t i, si;
@@ -791,32 +870,26 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
CURLcode result;
ssize_t nread; /* number of bytes read */
bool sending_http_headers = FALSE;
+ struct SingleRequest *k = &data->req;
if((k->bytecount == 0) && (k->writebytecount == 0))
Curl_pgrsTime(data, TIMER_STARTTRANSFER);
*didwhat |= KEEP_SEND;
- /*
- * We loop here to do the READ and SEND loop until we run out of
- * data to send or until we get EWOULDBLOCK back
- *
- * FIXME: above comment is misleading. Currently no looping is
- * actually done in do-while loop below.
- */
do {
/* only read more data if there's no upload data already
present in the upload buffer */
- if(0 == data->req.upload_present) {
+ if(0 == k->upload_present) {
/* init the "upload from here" pointer */
- data->req.upload_fromhere = k->uploadbuf;
+ k->upload_fromhere = data->state.uploadbuffer;
if(!k->upload_done) {
/* HTTP pollution, this should be written nicer to become more
protocol agnostic. */
int fillcount;
- struct HTTP *http = data->req.protop;
+ struct HTTP *http = k->protop;
if((k->exp100 == EXP100_SENDING_REQUEST) &&
(http->sending == HTTPSEND_BODY)) {
@@ -825,15 +898,15 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
go into the Expect: 100 state and await such a header */
k->exp100 = EXP100_AWAITING_CONTINUE; /* wait for the header */
k->keepon &= ~KEEP_SEND; /* disable writing */
- k->start100 = Curl_tvnow(); /* timeout count starts now */
+ k->start100 = Curl_now(); /* timeout count starts now */
*didwhat &= ~KEEP_SEND; /* we didn't write anything actually */
/* set a timeout for the multi interface */
- Curl_expire(data, CURL_TIMEOUT_EXPECT_100);
+ Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT);
break;
}
- if(conn->handler->protocol&(CURLPROTO_HTTP|CURLPROTO_RTSP)) {
+ if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) {
if(http->sending == HTTPSEND_REQUEST)
/* We're sending the HTTP request headers, not the data.
Remember that so we don't change the line endings. */
@@ -842,7 +915,7 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
sending_http_headers = FALSE;
}
- result = Curl_fillreadbuffer(conn, BUFSIZE, &fillcount);
+ result = Curl_fillreadbuffer(conn, UPLOAD_BUFSIZE, &fillcount);
if(result)
return result;
@@ -855,29 +928,15 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
/* this is a paused transfer */
break;
}
- else if(nread<=0) {
- /* done */
- k->keepon &= ~KEEP_SEND; /* we're done writing */
-
- if(conn->bits.rewindaftersend) {
- result = Curl_readrewind(conn);
- if(result)
- return result;
- }
+ if(nread <= 0) {
+ result = done_sending(conn, k);
+ if(result)
+ return result;
break;
}
/* store number of bytes available for upload */
- data->req.upload_present = nread;
-
-#ifndef CURL_DISABLE_SMTP
- if(conn->handler->protocol & CURLPROTO_SMTP) {
- result = Curl_smtp_escape_eob(conn, nread);
- if(result)
- return result;
- }
- else
-#endif /* CURL_DISABLE_SMTP */
+ k->upload_present = nread;
/* convert LF to CRLF if so asked */
if((!sending_http_headers) && (
@@ -886,12 +945,16 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
(data->set.prefer_ascii) ||
#endif
(data->set.crlf))) {
- if(data->state.scratch == NULL)
- data->state.scratch = malloc(2*BUFSIZE);
- if(data->state.scratch == NULL) {
- failf (data, "Failed to alloc scratch buffer!");
- return CURLE_OUT_OF_MEMORY;
+ /* Do we need to allocate a scratch buffer? */
+ if(!data->state.scratch) {
+ data->state.scratch = malloc(2 * data->set.buffer_size);
+ if(!data->state.scratch) {
+ failf(data, "Failed to alloc scratch buffer!");
+
+ return CURLE_OUT_OF_MEMORY;
+ }
}
+
/*
* ASCII/EBCDIC Note: This is presumably a text (not binary)
* transfer so the data should already be in ASCII.
@@ -899,31 +962,41 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
* must be used instead of the escape sequences \r & \n.
*/
for(i = 0, si = 0; i < nread; i++, si++) {
- if(data->req.upload_fromhere[i] == 0x0a) {
+ if(k->upload_fromhere[i] == 0x0a) {
data->state.scratch[si++] = 0x0d;
data->state.scratch[si] = 0x0a;
if(!data->set.crlf) {
/* we're here only because FTP is in ASCII mode...
bump infilesize for the LF we just added */
- data->set.infilesize++;
+ if(data->state.infilesize != -1)
+ data->state.infilesize++;
}
}
else
- data->state.scratch[si] = data->req.upload_fromhere[i];
+ data->state.scratch[si] = k->upload_fromhere[i];
}
+
if(si != nread) {
/* only perform the special operation if we really did replace
anything */
nread = si;
/* upload from the new (replaced) buffer instead */
- data->req.upload_fromhere = data->state.scratch;
+ k->upload_fromhere = data->state.scratch;
/* set the new amount too */
- data->req.upload_present = nread;
+ k->upload_present = nread;
}
}
- } /* if 0 == data->req.upload_present */
+
+#ifndef CURL_DISABLE_SMTP
+ if(conn->handler->protocol & PROTO_FAMILY_SMTP) {
+ result = Curl_smtp_escape_eob(conn, nread);
+ if(result)
+ return result;
+ }
+#endif /* CURL_DISABLE_SMTP */
+ } /* if 0 == k->upload_present */
else {
/* We have a partial buffer left from a previous "round". Use
that instead of reading more data */
@@ -931,45 +1004,47 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
/* write to socket (send away data) */
result = Curl_write(conn,
- conn->writesockfd, /* socket to send to */
- data->req.upload_fromhere, /* buffer pointer */
- data->req.upload_present, /* buffer size */
- &bytes_written); /* actually sent */
+ conn->writesockfd, /* socket to send to */
+ k->upload_fromhere, /* buffer pointer */
+ k->upload_present, /* buffer size */
+ &bytes_written); /* actually sent */
if(result)
return result;
if(data->set.verbose)
/* show the data before we change the pointer upload_fromhere */
- Curl_debug(data, CURLINFO_DATA_OUT, data->req.upload_fromhere,
+ Curl_debug(data, CURLINFO_DATA_OUT, k->upload_fromhere,
(size_t)bytes_written, conn);
k->writebytecount += bytes_written;
- if(k->writebytecount == data->set.infilesize) {
+ if((!k->upload_chunky || k->forbidchunk) &&
+ (k->writebytecount == data->state.infilesize)) {
/* we have sent all data we were supposed to */
k->upload_done = TRUE;
infof(data, "We are completely uploaded and fine\n");
}
- if(data->req.upload_present != bytes_written) {
+ if(k->upload_present != bytes_written) {
/* we only wrote a part of the buffer (if anything), deal with it! */
/* store the amount of bytes left in the buffer to write */
- data->req.upload_present -= bytes_written;
+ k->upload_present -= bytes_written;
/* advance the pointer where to find the buffer when the next send
is to happen */
- data->req.upload_fromhere += bytes_written;
+ k->upload_fromhere += bytes_written;
}
else {
/* we've uploaded that buffer now */
- data->req.upload_fromhere = k->uploadbuf;
- data->req.upload_present = 0; /* no more bytes left */
+ k->upload_fromhere = data->state.uploadbuffer;
+ k->upload_present = 0; /* no more bytes left */
if(k->upload_done) {
- /* switch off writing, we're done! */
- k->keepon &= ~KEEP_SEND; /* we're done writing */
+ result = done_sending(conn, k);
+ if(result)
+ return result;
}
}
@@ -983,14 +1058,18 @@ static CURLcode readwrite_upload(struct SessionHandle *data,
/*
* Curl_readwrite() is the low-level function to be called when data is to
* be read and written to/from the connection.
+ *
+ * return '*comeback' TRUE if we didn't properly drain the socket so this
+ * function should get called again without select() or similar in between!
*/
CURLcode Curl_readwrite(struct connectdata *conn,
- bool *done)
+ struct Curl_easy *data,
+ bool *done,
+ bool *comeback)
{
- struct SessionHandle *data = conn->data;
struct SingleRequest *k = &data->req;
CURLcode result;
- int didwhat=0;
+ int didwhat = 0;
curl_socket_t fd_read;
curl_socket_t fd_write;
@@ -1011,9 +1090,14 @@ CURLcode Curl_readwrite(struct connectdata *conn,
else
fd_write = CURL_SOCKET_BAD;
+ if(conn->data->state.drain) {
+ select_res |= CURL_CSELECT_IN;
+ DEBUGF(infof(data, "Curl_readwrite: forcibly told to drain data\n"));
+ }
+
if(!select_res) /* Call for select()/poll() only, if read/write/error
status is not known. */
- select_res = Curl_socket_ready(fd_read, fd_write, 0);
+ select_res = Curl_socket_check(fd_read, CURL_SOCKET_BAD, fd_write, 0);
if(select_res == CURL_CSELECT_ERR) {
failf(data, "select/poll returned error");
@@ -1026,7 +1110,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
if((k->keepon & KEEP_RECV) &&
((select_res & CURL_CSELECT_IN) || conn->bits.stream_was_rewound)) {
- result = readwrite_data(data, conn, k, &didwhat, done);
+ result = readwrite_data(data, conn, k, &didwhat, done, comeback);
if(result || *done)
return result;
}
@@ -1035,12 +1119,12 @@ CURLcode Curl_readwrite(struct connectdata *conn,
if((k->keepon & KEEP_SEND) && (select_res & CURL_CSELECT_OUT)) {
/* write */
- result = readwrite_upload(data, conn, k, &didwhat);
+ result = readwrite_upload(data, conn, &didwhat);
if(result)
return result;
}
- k->now = Curl_tvnow();
+ k->now = Curl_now();
if(didwhat) {
/* Update read/write counters */
if(k->bytecountp)
@@ -1064,11 +1148,12 @@ CURLcode Curl_readwrite(struct connectdata *conn,
*/
- long ms = Curl_tvdiff(k->now, k->start100);
- if(ms > CURL_TIMEOUT_EXPECT_100) {
+ timediff_t ms = Curl_timediff(k->now, k->start100);
+ if(ms >= data->set.expect_100_timeout) {
/* we've waited long enough, continue anyway */
k->exp100 = EXP100_SEND_DATA;
k->keepon |= KEEP_SEND;
+ Curl_expire_done(data, EXPIRE_100_TIMEOUT);
infof(data, "Done waiting for 100-continue\n");
}
}
@@ -1085,14 +1170,16 @@ CURLcode Curl_readwrite(struct connectdata *conn,
if(0 > Curl_timeleft(data, &k->now, FALSE)) {
if(k->size != -1) {
failf(data, "Operation timed out after %ld milliseconds with %"
- FORMAT_OFF_T " out of %" FORMAT_OFF_T " bytes received",
- Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount,
- k->size);
+ CURL_FORMAT_CURL_OFF_T " out of %"
+ CURL_FORMAT_CURL_OFF_T " bytes received",
+ Curl_timediff(k->now, data->progress.t_startsingle),
+ k->bytecount, k->size);
}
else {
failf(data, "Operation timed out after %ld milliseconds with %"
- FORMAT_OFF_T " bytes received",
- Curl_tvdiff(k->now, data->progress.t_startsingle), k->bytecount);
+ CURL_FORMAT_CURL_OFF_T " bytes received",
+ Curl_timediff(k->now, data->progress.t_startsingle),
+ k->bytecount);
}
return CURLE_OPERATION_TIMEDOUT;
}
@@ -1112,15 +1199,13 @@ CURLcode Curl_readwrite(struct connectdata *conn,
*/
(k->bytecount != (k->size + data->state.crlf_conversions)) &&
#endif /* CURL_DO_LINEEND_CONV */
- !data->req.newurl) {
- failf(data, "transfer closed with %" FORMAT_OFF_T
- " bytes remaining to read",
- k->size - k->bytecount);
+ !k->newurl) {
+ failf(data, "transfer closed with %" CURL_FORMAT_CURL_OFF_T
+ " bytes remaining to read", k->size - k->bytecount);
return CURLE_PARTIAL_FILE;
}
- else if(!(data->set.opt_no_body) &&
- k->chunk &&
- (conn->chunk.state != CHUNK_STOP)) {
+ if(!(data->set.opt_no_body) && k->chunk &&
+ (conn->chunk.state != CHUNK_STOP)) {
/*
* In chunked mode, return an error if the connection is closed prior to
* the empty (terminating) chunk is read.
@@ -1156,7 +1241,7 @@ int Curl_single_getsock(const struct connectdata *conn,
of sockets */
int numsocks)
{
- const struct SessionHandle *data = conn->data;
+ const struct Curl_easy *data = conn->data;
int bitmap = GETSOCK_BLANK;
unsigned sockindex = 0;
@@ -1180,10 +1265,10 @@ int Curl_single_getsock(const struct connectdata *conn,
if((data->req.keepon & KEEP_SENDBITS) == KEEP_SEND) {
if((conn->sockfd != conn->writesockfd) ||
- !(data->req.keepon & KEEP_RECV)) {
- /* only if they are not the same socket or we didn't have a readable
+ bitmap == GETSOCK_BLANK) {
+ /* only if they are not the same socket and we have a readable
one, we increase index */
- if(data->req.keepon & KEEP_RECV)
+ if(bitmap != GETSOCK_BLANK)
sockindex++; /* increase index if we need two entries */
DEBUGASSERT(conn->writesockfd != CURL_SOCKET_BAD);
@@ -1197,101 +1282,71 @@ int Curl_single_getsock(const struct connectdata *conn,
return bitmap;
}
-/*
- * Determine optimum sleep time based on configured rate, current rate,
- * and packet size.
- * Returns value in milliseconds.
- *
- * The basic idea is to adjust the desired rate up/down in this method
- * based on whether we are running too slow or too fast. Then, calculate
- * how many milliseconds to wait for the next packet to achieve this new
- * rate.
- */
-long Curl_sleep_time(curl_off_t rate_bps, curl_off_t cur_rate_bps,
- int pkt_size)
+/* Curl_init_CONNECT() gets called each time the handle switches to CONNECT
+ which means this gets called once for each subsequent redirect etc */
+void Curl_init_CONNECT(struct Curl_easy *data)
{
- curl_off_t min_sleep = 0;
- curl_off_t rv = 0;
-
- if(rate_bps == 0)
- return 0;
-
- /* If running faster than about .1% of the desired speed, slow
- * us down a bit. Use shift instead of division as the 0.1%
- * cutoff is arbitrary anyway.
- */
- if(cur_rate_bps > (rate_bps + (rate_bps >> 10))) {
- /* running too fast, decrease target rate by 1/64th of rate */
- rate_bps -= rate_bps >> 6;
- min_sleep = 1;
- }
- else if(cur_rate_bps < (rate_bps - (rate_bps >> 10))) {
- /* running too slow, increase target rate by 1/64th of rate */
- rate_bps += rate_bps >> 6;
- }
-
- /* Determine number of milliseconds to wait until we do
- * the next packet at the adjusted rate. We should wait
- * longer when using larger packets, for instance.
- */
- rv = ((curl_off_t)((pkt_size * 8) * 1000) / rate_bps);
-
- /* Catch rounding errors and always slow down at least 1ms if
- * we are running too fast.
- */
- if(rv < min_sleep)
- rv = min_sleep;
-
- /* Bound value to fit in 'long' on 32-bit platform. That's
- * plenty long enough anyway!
- */
- if(rv > 0x7fffffff)
- rv = 0x7fffffff;
-
- return (long)rv;
+ data->state.fread_func = data->set.fread_func_set;
+ data->state.in = data->set.in_set;
}
/*
- * Curl_pretransfer() is called immediately before a transfer starts.
+ * Curl_pretransfer() is called immediately before a transfer starts, and only
+ * once for one transfer no matter if it has redirects or do multi-pass
+ * authentication etc.
*/
-CURLcode Curl_pretransfer(struct SessionHandle *data)
+CURLcode Curl_pretransfer(struct Curl_easy *data)
{
- CURLcode res;
+ CURLcode result;
if(!data->change.url) {
/* we can't do anything without URL */
failf(data, "No URL set!");
return CURLE_URL_MALFORMAT;
}
+ /* since the URL may have been redirected in a previous use of this handle */
+ if(data->change.url_alloc) {
+ /* the already set URL is allocated, free it first! */
+ Curl_safefree(data->change.url);
+ data->change.url_alloc = FALSE;
+ }
+ data->change.url = data->set.str[STRING_SET_URL];
/* Init the SSL session ID cache here. We do it here since we want to do it
after the *_setopt() calls (that could specify the size of the cache) but
before any transfer takes place. */
- res = Curl_ssl_initsessions(data, data->set.ssl.max_ssl_sessions);
- if(res)
- return res;
+ result = Curl_ssl_initsessions(data, data->set.general_ssl.max_ssl_sessions);
+ if(result)
+ return result;
- data->set.followlocation=0; /* reset the location-follow counter */
+ data->state.wildcardmatch = data->set.wildcard_enabled;
+ data->set.followlocation = 0; /* reset the location-follow counter */
data->state.this_is_a_follow = FALSE; /* reset this */
data->state.errorbuf = FALSE; /* no error has occurred */
data->state.httpversion = 0; /* don't assume any particular server version */
- data->state.ssl_connect_retry = FALSE;
-
data->state.authproblem = FALSE;
data->state.authhost.want = data->set.httpauth;
data->state.authproxy.want = data->set.proxyauth;
Curl_safefree(data->info.wouldredirect);
data->info.wouldredirect = NULL;
+ if(data->set.httpreq == HTTPREQ_PUT)
+ data->state.infilesize = data->set.filesize;
+ else {
+ data->state.infilesize = data->set.postfieldsize;
+ if(data->set.postfields && (data->state.infilesize == -1))
+ data->state.infilesize = (curl_off_t)strlen(data->set.postfields);
+ }
+
/* If there is a list of cookie files to read, do it now! */
if(data->change.cookielist)
Curl_cookie_loadfiles(data);
/* If there is a list of host pairs to deal with */
if(data->change.resolve)
- res = Curl_loadhostpairs(data);
+ result = Curl_loadhostpairs(data);
- if(!res) {
+ if(!result) {
/* Allow data->set.use_port to set which port to use. This needs to be
* disabled for example when we follow Location: headers to URLs using
* different ports! */
@@ -1306,28 +1361,38 @@ CURLcode Curl_pretransfer(struct SessionHandle *data)
#endif
Curl_initinfo(data); /* reset session-specific information "variables" */
+ Curl_pgrsResetTransferSizes(data);
Curl_pgrsStartNow(data);
if(data->set.timeout)
- Curl_expire(data, data->set.timeout);
+ Curl_expire(data, data->set.timeout, EXPIRE_TIMEOUT);
if(data->set.connecttimeout)
- Curl_expire(data, data->set.connecttimeout);
+ Curl_expire(data, data->set.connecttimeout, EXPIRE_CONNECTTIMEOUT);
/* In case the handle is re-used and an authentication method was picked
in the session we need to make sure we only use the one(s) we now
consider to be fine */
data->state.authhost.picked &= data->state.authhost.want;
data->state.authproxy.picked &= data->state.authproxy.want;
+
+ if(data->state.wildcardmatch) {
+ struct WildcardData *wc = &data->wildcard;
+ if(wc->state < CURLWC_INIT) {
+ result = Curl_wildcard_init(wc); /* init wildcard structures */
+ if(result)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
}
- return res;
+ return result;
}
/*
* Curl_posttransfer() is called immediately after a transfer ends
*/
-CURLcode Curl_posttransfer(struct SessionHandle *data)
+CURLcode Curl_posttransfer(struct Curl_easy *data)
{
#if defined(HAVE_SIGNAL) && defined(SIGPIPE) && !defined(HAVE_MSG_NOSIGNAL)
/* restore the signal handler for SIGPIPE before we get back */
@@ -1342,26 +1407,68 @@ CURLcode Curl_posttransfer(struct SessionHandle *data)
#ifndef CURL_DISABLE_HTTP
/*
+ * Find the separator at the end of the host name, or the '?' in cases like
+ * http://www.url.com?id=2380
+ */
+static const char *find_host_sep(const char *url)
+{
+ const char *sep;
+ const char *query;
+
+ /* Find the start of the hostname */
+ sep = strstr(url, "//");
+ if(!sep)
+ sep = url;
+ else
+ sep += 2;
+
+ query = strchr(sep, '?');
+ sep = strchr(sep, '/');
+
+ if(!sep)
+ sep = url + strlen(url);
+
+ if(!query)
+ query = url + strlen(url);
+
+ return sep < query ? sep : query;
+}
+
+/*
* strlen_url() returns the length of the given URL if the spaces within the
* URL were properly URL encoded.
+ * URL encoding should be skipped for host names, otherwise IDN resolution
+ * will fail.
*/
-static size_t strlen_url(const char *url)
+static size_t strlen_url(const char *url, bool relative)
{
- const char *ptr;
- size_t newlen=0;
- bool left=TRUE; /* left side of the ? */
+ const unsigned char *ptr;
+ size_t newlen = 0;
+ bool left = TRUE; /* left side of the ? */
+ const unsigned char *host_sep = (const unsigned char *) url;
+
+ if(!relative)
+ host_sep = (const unsigned char *) find_host_sep(url);
+
+ for(ptr = (unsigned char *)url; *ptr; ptr++) {
+
+ if(ptr < host_sep) {
+ ++newlen;
+ continue;
+ }
- for(ptr=url; *ptr; ptr++) {
switch(*ptr) {
case '?':
- left=FALSE;
+ left = FALSE;
/* fall through */
default:
+ if(*ptr >= 0x80)
+ newlen += 2;
newlen++;
break;
case ' ':
if(left)
- newlen+=3;
+ newlen += 3;
else
newlen++;
break;
@@ -1372,22 +1479,40 @@ static size_t strlen_url(const char *url)
/* strcpy_url() copies a url to a output buffer and URL-encodes the spaces in
* the source URL accordingly.
+ * URL encoding should be skipped for host names, otherwise IDN resolution
+ * will fail.
*/
-static void strcpy_url(char *output, const char *url)
+static void strcpy_url(char *output, const char *url, bool relative)
{
/* we must add this with whitespace-replacing */
- bool left=TRUE;
- const char *iptr;
+ bool left = TRUE;
+ const unsigned char *iptr;
char *optr = output;
- for(iptr = url; /* read from here */
+ const unsigned char *host_sep = (const unsigned char *) url;
+
+ if(!relative)
+ host_sep = (const unsigned char *) find_host_sep(url);
+
+ for(iptr = (unsigned char *)url; /* read from here */
*iptr; /* until zero byte */
iptr++) {
+
+ if(iptr < host_sep) {
+ *optr++ = *iptr;
+ continue;
+ }
+
switch(*iptr) {
case '?':
- left=FALSE;
+ left = FALSE;
/* fall through */
default:
- *optr++=*iptr;
+ if(*iptr >= 0x80) {
+ snprintf(optr, 4, "%%%02x", *iptr);
+ optr += 3;
+ }
+ else
+ *optr++=*iptr;
break;
case ' ':
if(left) {
@@ -1400,7 +1525,7 @@ static void strcpy_url(char *output, const char *url)
break;
}
}
- *optr=0; /* zero terminate output buffer */
+ *optr = 0; /* zero terminate output buffer */
}
@@ -1432,32 +1557,33 @@ static char *concat_url(const char *base, const char *relurl)
char *protsep;
char *pathsep;
size_t newlen;
+ bool host_changed = FALSE;
const char *useurl = relurl;
size_t urllen;
/* we must make our own copy of the URL to play with, as it may
point to read-only data */
- char *url_clone=strdup(base);
+ char *url_clone = strdup(base);
if(!url_clone)
return NULL; /* skip out of this NOW */
/* protsep points to the start of the host name */
- protsep=strstr(url_clone, "//");
+ protsep = strstr(url_clone, "//");
if(!protsep)
- protsep=url_clone;
+ protsep = url_clone;
else
- protsep+=2; /* pass the slashes */
+ protsep += 2; /* pass the slashes */
if('/' != relurl[0]) {
- int level=0;
+ int level = 0;
/* First we need to find out if there's a ?-letter in the URL,
and cut it and the right-side of that off */
pathsep = strchr(protsep, '?');
if(pathsep)
- *pathsep=0;
+ *pathsep = 0;
/* we have a relative path to append to the last slash if there's one
available, or if the new URL is just a query string (starts with a
@@ -1466,14 +1592,14 @@ static char *concat_url(const char *base, const char *relurl)
if(useurl[0] != '?') {
pathsep = strrchr(protsep, '/');
if(pathsep)
- *pathsep=0;
+ *pathsep = 0;
}
/* Check if there's any slash after the host name, and if so, remember
that position instead */
pathsep = strchr(protsep, '/');
if(pathsep)
- protsep = pathsep+1;
+ protsep = pathsep + 1;
else
protsep = NULL;
@@ -1481,13 +1607,13 @@ static char *concat_url(const char *base, const char *relurl)
and act accordingly */
if((useurl[0] == '.') && (useurl[1] == '/'))
- useurl+=2; /* just skip the "./" */
+ useurl += 2; /* just skip the "./" */
while((useurl[0] == '.') &&
(useurl[1] == '.') &&
(useurl[2] == '/')) {
level++;
- useurl+=3; /* pass the "../" */
+ useurl += 3; /* pass the "../" */
}
if(protsep) {
@@ -1495,9 +1621,9 @@ static char *concat_url(const char *base, const char *relurl)
/* cut off one more level from the right of the original URL */
pathsep = strrchr(protsep, '/');
if(pathsep)
- *pathsep=0;
+ *pathsep = 0;
else {
- *protsep=0;
+ *protsep = 0;
break;
}
}
@@ -1509,9 +1635,10 @@ static char *concat_url(const char *base, const char *relurl)
if((relurl[0] == '/') && (relurl[1] == '/')) {
/* the new URL starts with //, just keep the protocol part from the
original one */
- *protsep=0;
+ *protsep = 0;
useurl = &relurl[2]; /* we keep the slashes from the original, so we
skip the new ones */
+ host_changed = TRUE;
}
else {
/* cut off the original URL from the first slash, or deal with URLs
@@ -1524,7 +1651,7 @@ static char *concat_url(const char *base, const char *relurl)
char *sep = strchr(protsep, '?');
if(sep && (sep < pathsep))
pathsep = sep;
- *pathsep=0;
+ *pathsep = 0;
}
else {
/* There was no slash. Now, since we might be operating on a badly
@@ -1533,7 +1660,7 @@ static char *concat_url(const char *base, const char *relurl)
?-letter as well! */
pathsep = strchr(protsep, '?');
if(pathsep)
- *pathsep=0;
+ *pathsep = 0;
}
}
}
@@ -1543,7 +1670,7 @@ static char *concat_url(const char *base, const char *relurl)
letter we replace each space with %20 while it is replaced with '+'
on the right side of the '?' letter.
*/
- newlen = strlen_url(useurl);
+ newlen = strlen_url(useurl, !host_changed);
urllen = strlen(url_clone);
@@ -1565,7 +1692,7 @@ static char *concat_url(const char *base, const char *relurl)
newest[urllen++]='/';
/* then append the new piece on the right side */
- strcpy_url(&newest[urllen], useurl);
+ strcpy_url(&newest[urllen], useurl, !host_changed);
free(url_clone);
@@ -1577,10 +1704,8 @@ static char *concat_url(const char *base, const char *relurl)
* Curl_follow() handles the URL redirect magic. Pass in the 'newurl' string
* as given by the remote server and set up the new URL to request.
*/
-CURLcode Curl_follow(struct SessionHandle *data,
- char *newurl, /* this 'newurl' is the Location: string,
- and it must be malloc()ed before passed
- here */
+CURLcode Curl_follow(struct Curl_easy *data,
+ char *newurl, /* the Location: string */
followtype type) /* see transfer.h */
{
#ifdef CURL_DISABLE_HTTP
@@ -1593,37 +1718,40 @@ CURLcode Curl_follow(struct SessionHandle *data,
/* Location: redirect */
bool disallowport = FALSE;
+ bool reachedmax = FALSE;
if(type == FOLLOW_REDIR) {
if((data->set.maxredirs != -1) &&
- (data->set.followlocation >= data->set.maxredirs)) {
- failf(data,"Maximum (%ld) redirects followed", data->set.maxredirs);
- return CURLE_TOO_MANY_REDIRECTS;
+ (data->set.followlocation >= data->set.maxredirs)) {
+ reachedmax = TRUE;
+ type = FOLLOW_FAKE; /* switch to fake to store the would-be-redirected
+ to URL */
}
+ else {
+ /* mark the next request as a followed location: */
+ data->state.this_is_a_follow = TRUE;
- /* mark the next request as a followed location: */
- data->state.this_is_a_follow = TRUE;
+ data->set.followlocation++; /* count location-followers */
- data->set.followlocation++; /* count location-followers */
+ if(data->set.http_auto_referer) {
+ /* We are asked to automatically set the previous URL as the referer
+ when we get the next URL. We pick the ->url field, which may or may
+ not be 100% correct */
- if(data->set.http_auto_referer) {
- /* We are asked to automatically set the previous URL as the referer
- when we get the next URL. We pick the ->url field, which may or may
- not be 100% correct */
+ if(data->change.referer_alloc) {
+ Curl_safefree(data->change.referer);
+ data->change.referer_alloc = FALSE;
+ }
- if(data->change.referer_alloc) {
- Curl_safefree(data->change.referer);
- data->change.referer_alloc = FALSE;
+ data->change.referer = strdup(data->change.url);
+ if(!data->change.referer)
+ return CURLE_OUT_OF_MEMORY;
+ data->change.referer_alloc = TRUE; /* yes, free this later */
}
-
- data->change.referer = strdup(data->change.url);
- if(!data->change.referer)
- return CURLE_OUT_OF_MEMORY;
- data->change.referer_alloc = TRUE; /* yes, free this later */
}
}
- if(!is_absolute_url(newurl)) {
+ if(!is_absolute_url(newurl)) {
/***
*DANG* this is an RFC 2068 violation. The URL is supposed
to be absolute and this doesn't seem to be that!
@@ -1631,27 +1759,23 @@ CURLcode Curl_follow(struct SessionHandle *data,
char *absolute = concat_url(data->change.url, newurl);
if(!absolute)
return CURLE_OUT_OF_MEMORY;
- free(newurl);
newurl = absolute;
}
else {
+ /* The new URL MAY contain space or high byte values, that means a mighty
+ stupid redirect URL but we still make an effort to do "right". */
+ char *newest;
+ size_t newlen = strlen_url(newurl, FALSE);
+
/* This is an absolute URL, don't allow the custom port number */
disallowport = TRUE;
- if(strchr(newurl, ' ')) {
- /* This new URL contains at least one space, this is a mighty stupid
- redirect but we still make an effort to do "right". */
- char *newest;
- size_t newlen = strlen_url(newurl);
-
- newest = malloc(newlen+1); /* get memory for this */
- if(!newest)
- return CURLE_OUT_OF_MEMORY;
- strcpy_url(newest, newurl); /* create a space-free URL */
+ newest = malloc(newlen + 1); /* get memory for this */
+ if(!newest)
+ return CURLE_OUT_OF_MEMORY;
- free(newurl); /* that was no good */
- newurl = newest; /* use this instead now */
- }
+ strcpy_url(newest, newurl, FALSE); /* create a space-free URL */
+ newurl = newest; /* use this instead now */
}
@@ -1659,6 +1783,11 @@ CURLcode Curl_follow(struct SessionHandle *data,
/* we're only figuring out the new url if we would've followed locations
but now we're done so we can get out! */
data->info.wouldredirect = newurl;
+
+ if(reachedmax) {
+ failf(data, "Maximum (%ld) redirects followed", data->set.maxredirs);
+ return CURLE_TOO_MANY_REDIRECTS;
+ }
return CURLE_OK;
}
@@ -1672,7 +1801,6 @@ CURLcode Curl_follow(struct SessionHandle *data,
data->change.url = newurl;
data->change.url_alloc = TRUE;
- newurl = NULL; /* don't free! */
infof(data, "Issue another request to this URL: '%s'\n", data->change.url);
@@ -1697,60 +1825,58 @@ CURLcode Curl_follow(struct SessionHandle *data,
*/
break;
case 301: /* Moved Permanently */
- /* (quote from RFC2616, section 10.3.2):
+ /* (quote from RFC7231, section 6.4.2)
*
- * When automatically redirecting a POST request after receiving a 301
- * status code, some existing HTTP/1.0 user agents will erroneously change
- * it into a GET request.
+ * Note: For historical reasons, a user agent MAY change the request
+ * method from POST to GET for the subsequent request. If this
+ * behavior is undesired, the 307 (Temporary Redirect) status code
+ * can be used instead.
*
* ----
*
- * As most of the important user agents do this obvious RFC2616 violation,
- * many webservers expect this. So these servers often answers to a POST
- * request with an error page. To be sure that libcurl gets the page that
+ * Many webservers expect this, so these servers often answers to a POST
+ * request with an error page. To be sure that libcurl gets the page that
* most user agents would get, libcurl has to force GET.
*
- * This behavior can be overridden with CURLOPT_POSTREDIR.
+ * This behaviour is forbidden by RFC1945 and the obsolete RFC2616, and
+ * can be overridden with CURLOPT_POSTREDIR.
*/
if((data->set.httpreq == HTTPREQ_POST
- || data->set.httpreq == HTTPREQ_POST_FORM)
+ || data->set.httpreq == HTTPREQ_POST_FORM
+ || data->set.httpreq == HTTPREQ_POST_MIME)
&& !(data->set.keep_post & CURL_REDIR_POST_301)) {
- infof(data,
- "Violate RFC 2616/10.3.2 and switch from POST to GET\n");
+ infof(data, "Switch from POST to GET\n");
data->set.httpreq = HTTPREQ_GET;
}
break;
case 302: /* Found */
- /* (From 10.3.3)
-
- Note: RFC 1945 and RFC 2068 specify that the client is not allowed
- to change the method on the redirected request. However, most
- existing user agent implementations treat 302 as if it were a 303
- response, performing a GET on the Location field-value regardless
- of the original request method. The status codes 303 and 307 have
- been added for servers that wish to make unambiguously clear which
- kind of reaction is expected of the client.
-
- (From 10.3.4)
-
- Note: Many pre-HTTP/1.1 user agents do not understand the 303
- status. When interoperability with such clients is a concern, the
- 302 status code may be used instead, since most user agents react
- to a 302 response as described here for 303.
-
- This behavior can be overridden with CURLOPT_POSTREDIR
- */
+ /* (quote from RFC7231, section 6.4.3)
+ *
+ * Note: For historical reasons, a user agent MAY change the request
+ * method from POST to GET for the subsequent request. If this
+ * behavior is undesired, the 307 (Temporary Redirect) status code
+ * can be used instead.
+ *
+ * ----
+ *
+ * Many webservers expect this, so these servers often answers to a POST
+ * request with an error page. To be sure that libcurl gets the page that
+ * most user agents would get, libcurl has to force GET.
+ *
+ * This behaviour is forbidden by RFC1945 and the obsolete RFC2616, and
+ * can be overridden with CURLOPT_POSTREDIR.
+ */
if((data->set.httpreq == HTTPREQ_POST
- || data->set.httpreq == HTTPREQ_POST_FORM)
+ || data->set.httpreq == HTTPREQ_POST_FORM
+ || data->set.httpreq == HTTPREQ_POST_MIME)
&& !(data->set.keep_post & CURL_REDIR_POST_302)) {
- infof(data,
- "Violate RFC 2616/10.3.3 and switch from POST to GET\n");
+ infof(data, "Switch from POST to GET\n");
data->set.httpreq = HTTPREQ_GET;
}
break;
case 303: /* See Other */
- /* Disable both types of POSTs, unless the user explicitely
+ /* Disable both types of POSTs, unless the user explicitly
asks for POST after POST */
if(data->set.httpreq != HTTPREQ_GET
&& !(data->set.keep_post & CURL_REDIR_POST_303)) {
@@ -1775,93 +1901,38 @@ CURLcode Curl_follow(struct SessionHandle *data,
break;
}
Curl_pgrsTime(data, TIMER_REDIRECT);
- Curl_pgrsResetTimesSizes(data);
+ Curl_pgrsResetTransferSizes(data);
return CURLE_OK;
#endif /* CURL_DISABLE_HTTP */
}
-CURLcode
-Curl_reconnect_request(struct connectdata **connp)
-{
- CURLcode result = CURLE_OK;
- struct connectdata *conn = *connp;
- struct SessionHandle *data = conn->data;
-
- /* This was a re-use of a connection and we got a write error in the
- * DO-phase. Then we DISCONNECT this connection and have another attempt to
- * CONNECT and then DO again! The retry cannot possibly find another
- * connection to re-use, since we only keep one possible connection for
- * each. */
-
- infof(data, "Re-used connection seems dead, get a new one\n");
-
- conn->bits.close = TRUE; /* enforce close of this connection */
- result = Curl_done(&conn, result, FALSE); /* we are so done with this */
-
- /* conn may no longer be a good pointer, clear it to avoid mistakes by
- parent functions */
- *connp = NULL;
-
- /*
- * According to bug report #1330310. We need to check for CURLE_SEND_ERROR
- * here as well. I figure this could happen when the request failed on a FTP
- * connection and thus Curl_done() itself tried to use the connection
- * (again). Slight Lack of feedback in the report, but I don't think this
- * extra check can do much harm.
- */
- if((CURLE_OK == result) || (CURLE_SEND_ERROR == result)) {
- bool async;
- bool protocol_done = TRUE;
-
- /* Now, redo the connect and get a new connection */
- result = Curl_connect(data, connp, &async, &protocol_done);
- if(CURLE_OK == result) {
- /* We have connected or sent away a name resolve query fine */
-
- conn = *connp; /* setup conn to again point to something nice */
- if(async) {
- /* Now, if async is TRUE here, we need to wait for the name
- to resolve */
- result = Curl_resolver_wait_resolv(conn, NULL);
- if(result)
- return result;
-
- /* Resolved, continue with the connection */
- result = Curl_async_resolved(conn, &protocol_done);
- if(result)
- return result;
- }
- }
- }
-
- return result;
-}
-
/* Returns CURLE_OK *and* sets '*url' if a request retry is wanted.
NOTE: that the *url is malloc()ed. */
CURLcode Curl_retry_request(struct connectdata *conn,
char **url)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
*url = NULL;
/* if we're talking upload, we can't do the checks below, unless the protocol
is HTTP as when uploading over HTTP we will still get a response */
if(data->set.upload &&
- !(conn->handler->protocol&(CURLPROTO_HTTP|CURLPROTO_RTSP)))
+ !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
return CURLE_OK;
- if(/* workaround for broken TLS servers */ data->state.ssl_connect_retry ||
- ((data->req.bytecount +
- data->req.headerbytecount == 0) &&
- conn->bits.reuse &&
- !data->set.opt_no_body &&
- data->set.rtspreq != RTSPREQ_RECEIVE)) {
- /* We got no data, we attempted to re-use a connection and yet we want a
- "body". This might happen if the connection was left alive when we were
+ if((data->req.bytecount + data->req.headerbytecount == 0) &&
+ conn->bits.reuse &&
+ (!data->set.opt_no_body
+ || (conn->handler->protocol & PROTO_FAMILY_HTTP)) &&
+ (data->set.rtspreq != RTSPREQ_RECEIVE)) {
+ /* We got no data, we attempted to re-use a connection. For HTTP this
+ can be a retry so we try again regardless if we expected a body.
+ For other protocols we only try again only if we expected a body.
+
+ This might happen if the connection was left alive when we were
done using it before, but that was closed when we wanted to read from
it again. Bad luck. Retry the same request on a fresh connect! */
infof(conn->data, "Connection died, retrying a fresh connect\n");
@@ -1869,7 +1940,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
if(!*url)
return CURLE_OUT_OF_MEMORY;
- conn->bits.close = TRUE; /* close this connection */
+ connclose(conn, "retry"); /* close this connection */
conn->bits.retry = TRUE; /* mark this as a connection we're about
to retry. Marking it this way should
prevent i.e HTTP transfers to return
@@ -1877,7 +1948,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
transferred! */
- if(conn->handler->protocol&CURLPROTO_HTTP) {
+ if(conn->handler->protocol&PROTO_FAMILY_HTTP) {
struct HTTP *http = data->req.protop;
if(http->writebytecount)
return Curl_readrewind(conn);
@@ -1902,7 +1973,7 @@ Curl_setup_transfer(
curl_off_t *writecountp /* return number of bytes written or NULL */
)
{
- struct SessionHandle *data;
+ struct Curl_easy *data;
struct SingleRequest *k;
DEBUGASSERT(conn != NULL);
@@ -1950,16 +2021,15 @@ Curl_setup_transfer(
state info where we wait for the 100-return code
*/
if((data->state.expect100header) &&
- (conn->handler->protocol&CURLPROTO_HTTP) &&
+ (conn->handler->protocol&PROTO_FAMILY_HTTP) &&
(http->sending == HTTPSEND_BODY)) {
/* wait with write until we either got 100-continue or a timeout */
k->exp100 = EXP100_AWAITING_CONTINUE;
- k->start100 = Curl_tvnow();
+ k->start100 = Curl_now();
/* Set a timeout for the multi interface. Add the inaccuracy margin so
that we don't fire slightly too early and get denied to run. */
- Curl_expire(data, CURL_TIMEOUT_EXPECT_100 +
- MULTI_TIMEOUT_INACCURACY / 1000);
+ Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT);
}
else {
if(data->state.expect100header)
diff --git a/libs/libcurl/src/transfer.h b/libs/libcurl/src/transfer.h
index ad4a3acd67..72526a8348 100644
--- a/libs/libcurl/src/transfer.h
+++ b/libs/libcurl/src/transfer.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,9 +22,14 @@
*
***************************************************************************/
-CURLcode Curl_pretransfer(struct SessionHandle *data);
+char *Curl_checkheaders(const struct connectdata *conn,
+ const char *thisheader);
+
+void Curl_init_CONNECT(struct Curl_easy *data);
+
+CURLcode Curl_pretransfer(struct Curl_easy *data);
CURLcode Curl_second_connect(struct connectdata *conn);
-CURLcode Curl_posttransfer(struct SessionHandle *data);
+CURLcode Curl_posttransfer(struct Curl_easy *data);
typedef enum {
FOLLOW_NONE, /* not used within the function, just a placeholder to
@@ -36,19 +41,18 @@ typedef enum {
FOLLOW_LAST /* never used */
} followtype;
-CURLcode Curl_follow(struct SessionHandle *data, char *newurl,
+CURLcode Curl_follow(struct Curl_easy *data, char *newurl,
followtype type);
-
-
-CURLcode Curl_readwrite(struct connectdata *conn, bool *done);
+CURLcode Curl_readwrite(struct connectdata *conn,
+ struct Curl_easy *data, bool *done,
+ bool *comeback);
int Curl_single_getsock(const struct connectdata *conn,
curl_socket_t *socks,
int numsocks);
CURLcode Curl_readrewind(struct connectdata *conn);
CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp);
-CURLcode Curl_reconnect_request(struct connectdata **connp);
CURLcode Curl_retry_request(struct connectdata *conn, char **url);
-bool Curl_meets_timecondition(struct SessionHandle *data, time_t timeofdoc);
+bool Curl_meets_timecondition(struct Curl_easy *data, time_t timeofdoc);
/* This sets up a forthcoming transfer */
void
@@ -63,8 +67,5 @@ Curl_setup_transfer (struct connectdata *data,
curl_off_t *writecountp /* return number of bytes written */
);
-long Curl_sleep_time(curl_off_t rate_bps, curl_off_t cur_rate_bps,
- int pkt_size);
-
#endif /* HEADER_CURL_TRANSFER_H */
diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c
index c1672d08bc..47f69c9f14 100644
--- a/libs/libcurl/src/url.c
+++ b/libs/libcurl/src/url.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -47,6 +47,10 @@
#include <inet.h>
#endif
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+
#ifndef HAVE_SOCKET
#error "We can't compile without socket() support!"
#endif
@@ -55,36 +59,26 @@
#include <limits.h>
#endif
-#ifdef USE_LIBIDN
-#include <idna.h>
-#include <tld.h>
-#include <stringprep.h>
-#ifdef HAVE_IDN_FREE_H
-#include <idn-free.h>
-#else
-/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */
-void idn_free (void *ptr);
-#endif
-#ifndef HAVE_IDN_FREE
-/* if idn_free() was not found in this version of libidn use free() instead */
-#define idn_free(x) (free)(x)
-#endif
+#ifdef USE_LIBIDN2
+#include <idn2.h>
+
#elif defined(USE_WIN32_IDN)
/* prototype for curl_win32_idn_to_ascii() */
-int curl_win32_idn_to_ascii(const char *in, char **out);
-#endif /* USE_LIBIDN */
+bool curl_win32_idn_to_ascii(const char *in, char **out);
+#endif /* USE_LIBIDN2 */
#include "urldata.h"
#include "netrc.h"
#include "formdata.h"
-#include "sslgen.h"
+#include "mime.h"
+#include "vtls/vtls.h"
#include "hostip.h"
#include "transfer.h"
#include "sendf.h"
#include "progress.h"
#include "cookie.h"
-#include "strequal.h"
+#include "strcase.h"
#include "strerror.h"
#include "escape.h"
#include "strtok.h"
@@ -96,10 +90,10 @@ int curl_win32_idn_to_ascii(const char *in, char **out);
#include "multiif.h"
#include "easyif.h"
#include "speedcheck.h"
-#include "rawstr.h"
#include "warnless.h"
#include "non-ascii.h"
#include "inet_pton.h"
+#include "getinfo.h"
/* And now for the protocols */
#include "ftp.h"
@@ -107,6 +101,7 @@ int curl_win32_idn_to_ascii(const char *in, char **out);
#include "telnet.h"
#include "tftp.h"
#include "http.h"
+#include "http2.h"
#include "file.h"
#include "curl_ldap.h"
#include "ssh.h"
@@ -114,41 +109,46 @@ int curl_win32_idn_to_ascii(const char *in, char **out);
#include "url.h"
#include "connect.h"
#include "inet_ntop.h"
-#include "curl_ntlm.h"
+#include "http_ntlm.h"
#include "curl_ntlm_wb.h"
#include "socks.h"
#include "curl_rtmp.h"
#include "gopher.h"
#include "http_proxy.h"
-#include "bundles.h"
#include "conncache.h"
#include "multihandle.h"
#include "pipeline.h"
#include "dotdot.h"
+#include "strdup.h"
+#include "setopt.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
/* Local static prototypes */
static struct connectdata *
-find_oldest_idle_connection(struct SessionHandle *data);
-static struct connectdata *
-find_oldest_idle_connection_in_bundle(struct SessionHandle *data,
+find_oldest_idle_connection_in_bundle(struct Curl_easy *data,
struct connectbundle *bundle);
static void conn_free(struct connectdata *conn);
+static void free_fixed_hostname(struct hostname *host);
static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke);
-static CURLcode do_init(struct connectdata *conn);
-static CURLcode parse_url_login(struct SessionHandle *data,
+static CURLcode parse_url_login(struct Curl_easy *data,
struct connectdata *conn,
char **userptr, char **passwdptr,
char **optionsptr);
-static CURLcode parse_login_details(const char *login, const size_t len,
- char **userptr, char **passwdptr,
- char **optionsptr);
+static unsigned int get_protocol_family(unsigned int protocol);
+
+/* Some parts of the code (e.g. chunked encoding) assume this buffer has at
+ * more than just a few bytes to play with. Don't let it become too small or
+ * bad things will happen.
+ */
+#if READBUFFER_SIZE < READBUFFER_MIN
+# error READBUFFER_SIZE is too small
+#endif
+
+
/*
* Protocol table.
*/
@@ -215,6 +215,15 @@ static const struct Curl_handler * const protocols[] = {
#endif
#endif
+#if !defined(CURL_DISABLE_SMB) && defined(USE_NTLM) && \
+ (CURL_SIZEOF_CURL_OFF_T > 4) && \
+ (!defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO))
+ &Curl_handler_smb,
+#ifdef USE_SSL
+ &Curl_handler_smbs,
+#endif
+#endif
+
#ifndef CURL_DISABLE_SMTP
&Curl_handler_smtp,
#ifdef USE_SSL
@@ -261,112 +270,30 @@ static const struct Curl_handler Curl_handler_dummy = {
ZERO_NULL, /* perform_getsock */
ZERO_NULL, /* disconnect */
ZERO_NULL, /* readwrite */
+ ZERO_NULL, /* connection_check */
0, /* defport */
0, /* protocol */
PROTOPT_NONE /* flags */
};
-void Curl_freeset(struct SessionHandle *data)
+void Curl_freeset(struct Curl_easy *data)
{
/* Free all dynamic strings stored in the data->set substructure. */
enum dupstring i;
- for(i=(enum dupstring)0; i < STRING_LAST; i++)
+ for(i = (enum dupstring)0; i < STRING_LAST; i++) {
Curl_safefree(data->set.str[i]);
+ }
if(data->change.referer_alloc) {
Curl_safefree(data->change.referer);
data->change.referer_alloc = FALSE;
}
data->change.referer = NULL;
-}
-
-static CURLcode setstropt(char **charp, char *s)
-{
- /* Release the previous storage at `charp' and replace by a dynamic storage
- copy of `s'. Return CURLE_OK or CURLE_OUT_OF_MEMORY. */
-
- Curl_safefree(*charp);
-
- if(s) {
- s = strdup(s);
-
- if(!s)
- return CURLE_OUT_OF_MEMORY;
-
- *charp = s;
- }
-
- return CURLE_OK;
-}
-
-static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp,
- char **optionsp)
-{
- CURLcode result = CURLE_OK;
- char *user = NULL;
- char *passwd = NULL;
- char *options = NULL;
-
- /* Parse the login details if specified. It not then we treat NULL as a hint
- to clear the existing data */
- if(option) {
- result = parse_login_details(option, strlen(option),
- (userp ? &user : NULL),
- (passwdp ? &passwd : NULL),
- (optionsp ? &options : NULL));
- }
-
- if(!result) {
- /* Store the username part of option if required */
- if(userp) {
- if(!user && option && option[0] == ':') {
- /* Allocate an empty string instead of returning NULL as user name */
- user = strdup("");
- if(!user)
- result = CURLE_OUT_OF_MEMORY;
- }
-
- Curl_safefree(*userp);
- *userp = user;
- }
-
- /* Store the password part of option if required */
- if(passwdp) {
- Curl_safefree(*passwdp);
- *passwdp = passwd;
- }
-
- /* Store the options part of option if required */
- if(optionsp) {
- Curl_safefree(*optionsp);
- *optionsp = options;
- }
- }
-
- return result;
-}
-
-CURLcode Curl_dupset(struct SessionHandle *dst, struct SessionHandle *src)
-{
- CURLcode r = CURLE_OK;
- enum dupstring i;
-
- /* Copy src->set into dst->set first, then deal with the strings
- afterwards */
- dst->set = src->set;
-
- /* clear all string pointers first */
- memset(dst->set.str, 0, STRING_LAST * sizeof(char *));
-
- /* duplicate all strings */
- for(i=(enum dupstring)0; i< STRING_LAST; i++) {
- r = setstropt(&dst->set.str[i], src->set.str[i]);
- if(r != CURLE_OK)
- break;
+ if(data->change.url_alloc) {
+ Curl_safefree(data->change.url);
+ data->change.url_alloc = FALSE;
}
-
- /* If a failure occurred, freeing has to be performed externally. */
- return r;
+ data->change.url = NULL;
}
/*
@@ -378,14 +305,14 @@ CURLcode Curl_dupset(struct SessionHandle *dst, struct SessionHandle *src)
* when curl_easy_perform() is invoked.
*/
-CURLcode Curl_close(struct SessionHandle *data)
+CURLcode Curl_close(struct Curl_easy *data)
{
struct Curl_multi *m;
if(!data)
return CURLE_OK;
- Curl_expire(data, 0); /* shut off timers */
+ Curl_expire_clear(data); /* shut off timers */
m = data->multi;
@@ -402,10 +329,7 @@ CURLcode Curl_close(struct SessionHandle *data)
/* Destroy the timeout list that is held in the easy handle. It is
/normally/ done by curl_multi_remove_handle() but this is "just in
case" */
- if(data->state.timeoutlist) {
- Curl_llist_destroy(data->state.timeoutlist, NULL);
- data->state.timeoutlist = NULL;
- }
+ Curl_llist_destroy(&data->state.timeoutlist, NULL);
data->magic = 0; /* force a clear AFTER the possibly enforced removal from
the multi handle, since that function uses the magic
@@ -427,6 +351,10 @@ CURLcode Curl_close(struct SessionHandle *data)
Curl_safefree(data->state.scratch);
Curl_ssl_free_certinfo(data);
+ /* Cleanup possible redirect junk */
+ free(data->req.newurl);
+ data->req.newurl = NULL;
+
if(data->change.referer_alloc) {
Curl_safefree(data->change.referer);
data->change.referer_alloc = FALSE;
@@ -439,6 +367,7 @@ CURLcode Curl_close(struct SessionHandle *data)
}
data->change.url = NULL;
+ Curl_safefree(data->state.buffer);
Curl_safefree(data->state.headerbuff);
Curl_flush_cookies(data, 1);
@@ -451,8 +380,11 @@ CURLcode Curl_close(struct SessionHandle *data)
/* this destroys the channel and we cannot use it anymore after this */
Curl_resolver_cleanup(data->state.resolver);
+ Curl_http2_cleanup_dependencies(data);
Curl_convert_close(data);
+ Curl_mime_cleanpart(&data->set.mimepost);
+
/* No longer a dirty share, if it exists */
if(data->share) {
Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
@@ -460,28 +392,30 @@ CURLcode Curl_close(struct SessionHandle *data)
Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
}
+ /* destruct wildcard structures if it is needed */
+ Curl_wildcard_dtor(&data->wildcard);
Curl_freeset(data);
free(data);
return CURLE_OK;
}
/*
- * Initialize the UserDefined fields within a SessionHandle.
- * This may be safely called on a new or existing SessionHandle.
+ * Initialize the UserDefined fields within a Curl_easy.
+ * This may be safely called on a new or existing Curl_easy.
*/
CURLcode Curl_init_userdefined(struct UserDefined *set)
{
- CURLcode res = CURLE_OK;
+ CURLcode result = CURLE_OK;
set->out = stdout; /* default output to stdout */
- set->in = stdin; /* default input from stdin */
+ set->in_set = stdin; /* default input from stdin */
set->err = stderr; /* default stderr to stderr */
/* use fwrite as default function to store output */
set->fwrite_func = (curl_write_callback)fwrite;
/* use fread as default function to read input */
- set->fread_func = (curl_read_callback)fread;
+ set->fread_func_set = (curl_read_callback)fread;
set->is_fread_set = 0;
set->is_fwrite_set = 0;
@@ -493,7 +427,7 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
set->convtonetwork = ZERO_NULL;
set->convfromutf8 = ZERO_NULL;
- set->infilesize = -1; /* we don't know any size */
+ set->filesize = -1; /* we don't know the size */
set->postfieldsize = -1; /* unknown size */
set->maxredirs = -1; /* allow any amount by default */
@@ -507,13 +441,16 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
/* Set the default size of the SSL session ID cache */
- set->ssl.max_ssl_sessions = 5;
+ set->general_ssl.max_ssl_sessions = 5;
- set->proxyport = CURL_DEFAULT_PROXY_PORT; /* from url.h */
+ set->proxyport = 0;
set->proxytype = CURLPROXY_HTTP; /* defaults to HTTP proxy */
set->httpauth = CURLAUTH_BASIC; /* defaults to basic */
set->proxyauth = CURLAUTH_BASIC; /* defaults to basic */
+ /* SOCKS5 proxy auth defaults to username/password + GSS-API */
+ set->socks5auth = CURLAUTH_BASIC | CURLAUTH_GSSAPI;
+
/* make libcurl quiet by default: */
set->hide_progress = TRUE; /* CURLOPT_NOPROGRESS changes these */
@@ -521,14 +458,16 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
* libcurl 7.10 introduced SSL verification *by default*! This needs to be
* switched off unless wanted.
*/
- set->ssl.verifypeer = TRUE;
- set->ssl.verifyhost = TRUE;
+ set->ssl.primary.verifypeer = TRUE;
+ set->ssl.primary.verifyhost = TRUE;
#ifdef USE_TLS_SRP
set->ssl.authtype = CURL_TLSAUTH_NONE;
#endif
set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
type */
- set->ssl.sessionid = TRUE; /* session ID caching enabled by default */
+ set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by
+ default */
+ set->proxy_ssl = set->ssl;
set->new_file_perms = 0644; /* Default permissions */
set->new_directory_perms = 0755; /* Default permissions */
@@ -537,8 +476,9 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
define since we internally only use the lower 16 bits for the passed
in bitmask to not conflict with the private bits */
set->allowed_protocols = CURLPROTO_ALL;
- set->redir_protocols =
- CURLPROTO_ALL & ~(CURLPROTO_FILE|CURLPROTO_SCP); /* not FILE or SCP */
+ set->redir_protocols = CURLPROTO_ALL & /* All except FILE, SCP and SMB */
+ ~(CURLPROTO_FILE | CURLPROTO_SCP | CURLPROTO_SMB |
+ CURLPROTO_SMBS);
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
/*
@@ -546,21 +486,29 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
* seem not to follow rfc1961 section 4.3/4.4
*/
set->socks5_gssapi_nec = FALSE;
- /* set default gssapi service name */
- res = setstropt(&set->str[STRING_SOCKS5_GSSAPI_SERVICE],
- (char *) CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE);
- if(res != CURLE_OK)
- return res;
#endif
/* This is our preferred CA cert bundle/path since install time */
#if defined(CURL_CA_BUNDLE)
- res = setstropt(&set->str[STRING_SSL_CAFILE], (char *) CURL_CA_BUNDLE);
-#elif defined(CURL_CA_PATH)
- res = setstropt(&set->str[STRING_SSL_CAPATH], (char *) CURL_CA_PATH);
+ result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
+ if(result)
+ return result;
+
+ result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE);
+ if(result)
+ return result;
#endif
+#if defined(CURL_CA_PATH)
+ result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_ORIG], CURL_CA_PATH);
+ if(result)
+ return result;
- set->wildcardmatch = FALSE;
+ result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
+ if(result)
+ return result;
+#endif
+
+ set->wildcard_enabled = FALSE;
set->chunk_bgn = ZERO_NULL;
set->chunk_end = ZERO_NULL;
@@ -570,8 +518,18 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
set->tcp_keepalive = FALSE;
set->tcp_keepintvl = 60;
set->tcp_keepidle = 60;
+ set->tcp_fastopen = FALSE;
+ set->tcp_nodelay = TRUE;
+
+ set->ssl_enable_npn = TRUE;
+ set->ssl_enable_alpn = TRUE;
+
+ set->expect_100_timeout = 1000L; /* Wait for a second by default. */
+ set->sep_headers = TRUE; /* separated header lists by default */
+ set->buffer_size = READBUFFER_SIZE;
- return res;
+ Curl_http2_init_userset(set);
+ return result;
}
/**
@@ -582,59 +540,66 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
* @return CURLcode
*/
-CURLcode Curl_open(struct SessionHandle **curl)
+CURLcode Curl_open(struct Curl_easy **curl)
{
- CURLcode res = CURLE_OK;
- struct SessionHandle *data;
- CURLcode status;
+ CURLcode result;
+ struct Curl_easy *data;
/* Very simple start-up: alloc the struct, init it with zeroes and return */
- data = calloc(1, sizeof(struct SessionHandle));
+ data = calloc(1, sizeof(struct Curl_easy));
if(!data) {
/* this is a very serious error */
- DEBUGF(fprintf(stderr, "Error: calloc of SessionHandle failed\n"));
+ DEBUGF(fprintf(stderr, "Error: calloc of Curl_easy failed\n"));
return CURLE_OUT_OF_MEMORY;
}
data->magic = CURLEASY_MAGIC_NUMBER;
- status = Curl_resolver_init(&data->state.resolver);
- if(status) {
+ result = Curl_resolver_init(&data->state.resolver);
+ if(result) {
DEBUGF(fprintf(stderr, "Error: resolver_init failed\n"));
free(data);
- return status;
+ return result;
}
/* We do some initial setup here, all those fields that can't be just 0 */
- data->state.headerbuff = malloc(HEADERSIZE);
- if(!data->state.headerbuff) {
- DEBUGF(fprintf(stderr, "Error: malloc of headerbuff failed\n"));
- res = CURLE_OUT_OF_MEMORY;
+ data->state.buffer = malloc(READBUFFER_SIZE + 1);
+ if(!data->state.buffer) {
+ DEBUGF(fprintf(stderr, "Error: malloc of buffer failed\n"));
+ result = CURLE_OUT_OF_MEMORY;
}
else {
- res = Curl_init_userdefined(&data->set);
+ Curl_mime_initpart(&data->set.mimepost, data);
- data->state.headersize=HEADERSIZE;
+ data->state.headerbuff = malloc(HEADERSIZE);
+ if(!data->state.headerbuff) {
+ DEBUGF(fprintf(stderr, "Error: malloc of headerbuff failed\n"));
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ else {
+ result = Curl_init_userdefined(&data->set);
- Curl_convert_init(data);
+ data->state.headersize = HEADERSIZE;
+ Curl_convert_init(data);
+ Curl_initinfo(data);
- /* most recent connection is not yet defined */
- data->state.lastconnect = NULL;
+ /* most recent connection is not yet defined */
+ data->state.lastconnect = NULL;
- data->progress.flags |= PGRS_HIDE;
- data->state.current_speed = -1; /* init to negative == impossible */
+ data->progress.flags |= PGRS_HIDE;
+ data->state.current_speed = -1; /* init to negative == impossible */
+ data->set.fnmatch = ZERO_NULL;
+ data->set.maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */
- data->wildcard.state = CURLWC_INIT;
- data->wildcard.filelist = NULL;
- data->set.fnmatch = ZERO_NULL;
- data->set.maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */
+ Curl_http2_init_state(&data->state);
+ }
}
- if(res) {
+ if(result) {
Curl_resolver_cleanup(data->state.resolver);
- if(data->state.headerbuff)
- free(data->state.headerbuff);
+ free(data->state.buffer);
+ free(data->state.headerbuff);
Curl_freeset(data);
free(data);
data = NULL;
@@ -642,1847 +607,46 @@ CURLcode Curl_open(struct SessionHandle **curl)
else
*curl = data;
- return res;
+ return result;
}
-CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
- va_list param)
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+static void conn_reset_postponed_data(struct connectdata *conn, int num)
{
- char *argptr;
- CURLcode result = CURLE_OK;
- long arg;
-#ifndef CURL_DISABLE_HTTP
- curl_off_t bigsize;
-#endif
-
- switch(option) {
- case CURLOPT_DNS_CACHE_TIMEOUT:
- data->set.dns_cache_timeout = va_arg(param, long);
- break;
- case CURLOPT_DNS_USE_GLOBAL_CACHE:
- /* remember we want this enabled */
- arg = va_arg(param, long);
- data->set.global_dns_cache = (0 != arg)?TRUE:FALSE;
- break;
- case CURLOPT_SSL_CIPHER_LIST:
- /* set a list of cipher we want to use in the SSL connection */
- result = setstropt(&data->set.str[STRING_SSL_CIPHER_LIST],
- va_arg(param, char *));
- break;
-
- case CURLOPT_RANDOM_FILE:
- /*
- * This is the path name to a file that contains random data to seed
- * the random SSL stuff with. The file is only used for reading.
- */
- result = setstropt(&data->set.str[STRING_SSL_RANDOM_FILE],
- va_arg(param, char *));
- break;
- case CURLOPT_EGDSOCKET:
- /*
- * The Entropy Gathering Daemon socket pathname
- */
- result = setstropt(&data->set.str[STRING_SSL_EGDSOCKET],
- va_arg(param, char *));
- break;
- case CURLOPT_MAXCONNECTS:
- /*
- * Set the absolute number of maximum simultaneous alive connection that
- * libcurl is allowed to have.
- */
- data->set.maxconnects = va_arg(param, long);
- break;
- case CURLOPT_FORBID_REUSE:
- /*
- * When this transfer is done, it must not be left to be reused by a
- * subsequent transfer but shall be closed immediately.
- */
- data->set.reuse_forbid = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_FRESH_CONNECT:
- /*
- * This transfer shall not use a previously cached connection but
- * should be made with a fresh new connect!
- */
- data->set.reuse_fresh = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_VERBOSE:
- /*
- * Verbose means infof() calls that give a lot of information about
- * the connection and transfer procedures as well as internal choices.
- */
- data->set.verbose = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_HEADER:
- /*
- * Set to include the header in the general data output stream.
- */
- data->set.include_header = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_NOPROGRESS:
- /*
- * Shut off the internal supported progress meter
- */
- data->set.hide_progress = (0 != va_arg(param, long))?TRUE:FALSE;
- if(data->set.hide_progress)
- data->progress.flags |= PGRS_HIDE;
- else
- data->progress.flags &= ~PGRS_HIDE;
- break;
- case CURLOPT_NOBODY:
- /*
- * Do not include the body part in the output data stream.
- */
- data->set.opt_no_body = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_FAILONERROR:
- /*
- * Don't output the >=300 error code HTML-page, but instead only
- * return error.
- */
- data->set.http_fail_on_error = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_UPLOAD:
- case CURLOPT_PUT:
- /*
- * We want to sent data to the remote host. If this is HTTP, that equals
- * using the PUT request.
- */
- data->set.upload = (0 != va_arg(param, long))?TRUE:FALSE;
- if(data->set.upload) {
- /* If this is HTTP, PUT is what's needed to "upload" */
- data->set.httpreq = HTTPREQ_PUT;
- data->set.opt_no_body = FALSE; /* this is implied */
- }
- else
- /* In HTTP, the opposite of upload is GET (unless NOBODY is true as
- then this can be changed to HEAD later on) */
- data->set.httpreq = HTTPREQ_GET;
- break;
- case CURLOPT_FILETIME:
- /*
- * Try to get the file time of the remote document. The time will
- * later (possibly) become available using curl_easy_getinfo().
- */
- data->set.get_filetime = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_FTP_CREATE_MISSING_DIRS:
- /*
- * An FTP option that modifies an upload to create missing directories on
- * the server.
- */
- switch(va_arg(param, long)) {
- case 0:
- data->set.ftp_create_missing_dirs = 0;
- break;
- case 1:
- data->set.ftp_create_missing_dirs = 1;
- break;
- case 2:
- data->set.ftp_create_missing_dirs = 2;
- break;
- default:
- /* reserve other values for future use */
- result = CURLE_UNKNOWN_OPTION;
- break;
- }
- break;
- case CURLOPT_SERVER_RESPONSE_TIMEOUT:
- /*
- * Option that specifies how quickly an server response must be obtained
- * before it is considered failure. For pingpong protocols.
- */
- data->set.server_response_timeout = va_arg( param , long ) * 1000;
- break;
- case CURLOPT_TFTP_BLKSIZE:
- /*
- * TFTP option that specifies the block size to use for data transmission
- */
- data->set.tftp_blksize = va_arg(param, long);
- break;
- case CURLOPT_DIRLISTONLY:
- /*
- * An option that changes the command to one that asks for a list
- * only, no file info details.
- */
- data->set.ftp_list_only = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_APPEND:
- /*
- * We want to upload and append to an existing file.
- */
- data->set.ftp_append = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_FTP_FILEMETHOD:
- /*
- * How do access files over FTP.
- */
- data->set.ftp_filemethod = (curl_ftpfile)va_arg(param, long);
- break;
- case CURLOPT_NETRC:
- /*
- * Parse the $HOME/.netrc file
- */
- data->set.use_netrc = (enum CURL_NETRC_OPTION)va_arg(param, long);
- break;
- case CURLOPT_NETRC_FILE:
- /*
- * Use this file instead of the $HOME/.netrc file
- */
- result = setstropt(&data->set.str[STRING_NETRC_FILE],
- va_arg(param, char *));
- break;
- case CURLOPT_TRANSFERTEXT:
- /*
- * This option was previously named 'FTPASCII'. Renamed to work with
- * more protocols than merely FTP.
- *
- * Transfer using ASCII (instead of BINARY).
- */
- data->set.prefer_ascii = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_TIMECONDITION:
- /*
- * Set HTTP time condition. This must be one of the defines in the
- * curl/curl.h header file.
- */
- data->set.timecondition = (curl_TimeCond)va_arg(param, long);
- break;
- case CURLOPT_TIMEVALUE:
- /*
- * This is the value to compare with the remote document with the
- * method set with CURLOPT_TIMECONDITION
- */
- data->set.timevalue = (time_t)va_arg(param, long);
- break;
- case CURLOPT_SSLVERSION:
- /*
- * Set explicit SSL version to try to connect with, as some SSL
- * implementations are lame.
- */
- data->set.ssl.version = va_arg(param, long);
- break;
-
-#ifndef CURL_DISABLE_HTTP
- case CURLOPT_AUTOREFERER:
- /*
- * Switch on automatic referer that gets set if curl follows locations.
- */
- data->set.http_auto_referer = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_ACCEPT_ENCODING:
- /*
- * String to use at the value of Accept-Encoding header.
- *
- * If the encoding is set to "" we use an Accept-Encoding header that
- * encompasses all the encodings we support.
- * If the encoding is set to NULL we don't send an Accept-Encoding header
- * and ignore an received Content-Encoding header.
- *
- */
- argptr = va_arg(param, char *);
- result = setstropt(&data->set.str[STRING_ENCODING],
- (argptr && !*argptr)?
- (char *) ALL_CONTENT_ENCODINGS: argptr);
- break;
-
- case CURLOPT_TRANSFER_ENCODING:
- data->set.http_transfer_encoding = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_FOLLOWLOCATION:
- /*
- * Follow Location: header hints on a HTTP-server.
- */
- data->set.http_follow_location = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_UNRESTRICTED_AUTH:
- /*
- * Send authentication (user+password) when following locations, even when
- * hostname changed.
- */
- data->set.http_disable_hostname_check_before_authentication =
- (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_MAXREDIRS:
- /*
- * The maximum amount of hops you allow curl to follow Location:
- * headers. This should mostly be used to detect never-ending loops.
- */
- data->set.maxredirs = va_arg(param, long);
- break;
-
- case CURLOPT_POSTREDIR:
- {
- /*
- * Set the behaviour of POST when redirecting
- * CURL_REDIR_GET_ALL - POST is changed to GET after 301 and 302
- * CURL_REDIR_POST_301 - POST is kept as POST after 301
- * CURL_REDIR_POST_302 - POST is kept as POST after 302
- * CURL_REDIR_POST_303 - POST is kept as POST after 303
- * CURL_REDIR_POST_ALL - POST is kept as POST after 301, 302 and 303
- * other - POST is kept as POST after 301 and 302
- */
- int postRedir = curlx_sltosi(va_arg(param, long));
- data->set.keep_post = postRedir & CURL_REDIR_POST_ALL;
- }
- break;
-
- case CURLOPT_POST:
- /* Does this option serve a purpose anymore? Yes it does, when
- CURLOPT_POSTFIELDS isn't used and the POST data is read off the
- callback! */
- if(va_arg(param, long)) {
- data->set.httpreq = HTTPREQ_POST;
- data->set.opt_no_body = FALSE; /* this is implied */
- }
- else
- data->set.httpreq = HTTPREQ_GET;
- break;
-
- case CURLOPT_COPYPOSTFIELDS:
- /*
- * A string with POST data. Makes curl HTTP POST. Even if it is NULL.
- * If needed, CURLOPT_POSTFIELDSIZE must have been set prior to
- * CURLOPT_COPYPOSTFIELDS and not altered later.
- */
- argptr = va_arg(param, char *);
-
- if(!argptr || data->set.postfieldsize == -1)
- result = setstropt(&data->set.str[STRING_COPYPOSTFIELDS], argptr);
- else {
- /*
- * Check that requested length does not overflow the size_t type.
- */
-
- if((data->set.postfieldsize < 0) ||
- ((sizeof(curl_off_t) != sizeof(size_t)) &&
- (data->set.postfieldsize > (curl_off_t)((size_t)-1))))
- result = CURLE_OUT_OF_MEMORY;
- else {
- char * p;
-
- (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
-
- /* Allocate even when size == 0. This satisfies the need of possible
- later address compare to detect the COPYPOSTFIELDS mode, and
- to mark that postfields is used rather than read function or
- form data.
- */
- p = malloc((size_t)(data->set.postfieldsize?
- data->set.postfieldsize:1));
-
- if(!p)
- result = CURLE_OUT_OF_MEMORY;
- else {
- if(data->set.postfieldsize)
- memcpy(p, argptr, (size_t)data->set.postfieldsize);
-
- data->set.str[STRING_COPYPOSTFIELDS] = p;
- }
- }
- }
-
- data->set.postfields = data->set.str[STRING_COPYPOSTFIELDS];
- data->set.httpreq = HTTPREQ_POST;
- break;
-
- case CURLOPT_POSTFIELDS:
- /*
- * Like above, but use static data instead of copying it.
- */
- data->set.postfields = va_arg(param, void *);
- /* Release old copied data. */
- (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
- data->set.httpreq = HTTPREQ_POST;
- break;
-
- case CURLOPT_POSTFIELDSIZE:
- /*
- * The size of the POSTFIELD data to prevent libcurl to do strlen() to
- * figure it out. Enables binary posts.
- */
- bigsize = va_arg(param, long);
-
- if(data->set.postfieldsize < bigsize &&
- data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) {
- /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */
- (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
- data->set.postfields = NULL;
- }
-
- data->set.postfieldsize = bigsize;
- break;
-
- case CURLOPT_POSTFIELDSIZE_LARGE:
- /*
- * The size of the POSTFIELD data to prevent libcurl to do strlen() to
- * figure it out. Enables binary posts.
- */
- bigsize = va_arg(param, curl_off_t);
-
- if(data->set.postfieldsize < bigsize &&
- data->set.postfields == data->set.str[STRING_COPYPOSTFIELDS]) {
- /* Previous CURLOPT_COPYPOSTFIELDS is no longer valid. */
- (void) setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL);
- data->set.postfields = NULL;
- }
-
- data->set.postfieldsize = bigsize;
- break;
-
- case CURLOPT_HTTPPOST:
- /*
- * Set to make us do HTTP POST
- */
- data->set.httppost = va_arg(param, struct curl_httppost *);
- data->set.httpreq = HTTPREQ_POST_FORM;
- data->set.opt_no_body = FALSE; /* this is implied */
- break;
-
- case CURLOPT_REFERER:
- /*
- * String to set in the HTTP Referer: field.
- */
- if(data->change.referer_alloc) {
- Curl_safefree(data->change.referer);
- data->change.referer_alloc = FALSE;
- }
- result = setstropt(&data->set.str[STRING_SET_REFERER],
- va_arg(param, char *));
- data->change.referer = data->set.str[STRING_SET_REFERER];
- break;
-
- case CURLOPT_USERAGENT:
- /*
- * String to use in the HTTP User-Agent field
- */
- result = setstropt(&data->set.str[STRING_USERAGENT],
- va_arg(param, char *));
- break;
-
- case CURLOPT_HTTPHEADER:
- /*
- * Set a list with HTTP headers to use (or replace internals with)
- */
- data->set.headers = va_arg(param, struct curl_slist *);
- break;
-
- case CURLOPT_HTTP200ALIASES:
- /*
- * Set a list of aliases for HTTP 200 in response header
- */
- data->set.http200aliases = va_arg(param, struct curl_slist *);
- break;
-
-#if !defined(CURL_DISABLE_COOKIES)
- case CURLOPT_COOKIE:
- /*
- * Cookie string to send to the remote server in the request.
- */
- result = setstropt(&data->set.str[STRING_COOKIE],
- va_arg(param, char *));
- break;
-
- case CURLOPT_COOKIEFILE:
- /*
- * Set cookie file to read and parse. Can be used multiple times.
- */
- argptr = (char *)va_arg(param, void *);
- if(argptr) {
- struct curl_slist *cl;
- /* append the cookie file name to the list of file names, and deal with
- them later */
- cl = curl_slist_append(data->change.cookielist, argptr);
- if(!cl) {
- curl_slist_free_all(data->change.cookielist);
- data->change.cookielist = NULL;
- return CURLE_OUT_OF_MEMORY;
- }
- data->change.cookielist = cl; /* store the list for later use */
- }
- break;
-
- case CURLOPT_COOKIEJAR:
- /*
- * Set cookie file name to dump all cookies to when we're done.
- */
- result = setstropt(&data->set.str[STRING_COOKIEJAR],
- va_arg(param, char *));
-
- /*
- * Activate the cookie parser. This may or may not already
- * have been made.
- */
- data->cookies = Curl_cookie_init(data, NULL, data->cookies,
- data->set.cookiesession);
- break;
-
- case CURLOPT_COOKIESESSION:
- /*
- * Set this option to TRUE to start a new "cookie session". It will
- * prevent the forthcoming read-cookies-from-file actions to accept
- * cookies that are marked as being session cookies, as they belong to a
- * previous session.
- *
- * In the original Netscape cookie spec, "session cookies" are cookies
- * with no expire date set. RFC2109 describes the same action if no
- * 'Max-Age' is set and RFC2965 includes the RFC2109 description and adds
- * a 'Discard' action that can enforce the discard even for cookies that
- * have a Max-Age.
- *
- * We run mostly with the original cookie spec, as hardly anyone implements
- * anything else.
- */
- data->set.cookiesession = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_COOKIELIST:
- argptr = va_arg(param, char *);
-
- if(argptr == NULL)
- break;
-
- Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
-
- if(Curl_raw_equal(argptr, "ALL")) {
- /* clear all cookies */
- Curl_cookie_clearall(data->cookies);
- }
- else if(Curl_raw_equal(argptr, "SESS")) {
- /* clear session cookies */
- Curl_cookie_clearsess(data->cookies);
- }
- else if(Curl_raw_equal(argptr, "FLUSH")) {
- /* flush cookies to file */
- Curl_flush_cookies(data, 0);
- }
- else {
- if(!data->cookies)
- /* if cookie engine was not running, activate it */
- data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE);
-
- argptr = strdup(argptr);
- if(!argptr) {
- result = CURLE_OUT_OF_MEMORY;
- }
- else {
-
- if(checkprefix("Set-Cookie:", argptr))
- /* HTTP Header format line */
- Curl_cookie_add(data, data->cookies, TRUE, argptr + 11, NULL, NULL);
-
- else
- /* Netscape format line */
- Curl_cookie_add(data, data->cookies, FALSE, argptr, NULL, NULL);
-
- free(argptr);
- }
- }
- Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
-
- break;
-#endif /* CURL_DISABLE_COOKIES */
-
- case CURLOPT_HTTPGET:
- /*
- * Set to force us do HTTP GET
- */
- if(va_arg(param, long)) {
- data->set.httpreq = HTTPREQ_GET;
- data->set.upload = FALSE; /* switch off upload */
- data->set.opt_no_body = FALSE; /* this is implied */
- }
- break;
-
- case CURLOPT_HTTP_VERSION:
- /*
- * This sets a requested HTTP version to be used. The value is one of
- * the listed enums in curl/curl.h.
- */
- arg = va_arg(param, long);
-#ifndef USE_NGHTTP2
- if(arg == CURL_HTTP_VERSION_2_0)
- return CURLE_UNSUPPORTED_PROTOCOL;
-#endif
- data->set.httpversion = arg;
- break;
-
- case CURLOPT_HTTPAUTH:
- /*
- * Set HTTP Authentication type BITMASK.
- */
- {
- int bitcheck;
- bool authbits;
- unsigned long auth = va_arg(param, unsigned long);
-
- if(auth == CURLAUTH_NONE) {
- data->set.httpauth = auth;
- break;
- }
-
- /* the DIGEST_IE bit is only used to set a special marker, for all the
- rest we need to handle it as normal DIGEST */
- data->state.authhost.iestyle = (auth & CURLAUTH_DIGEST_IE)?TRUE:FALSE;
-
- if(auth & CURLAUTH_DIGEST_IE) {
- auth |= CURLAUTH_DIGEST; /* set standard digest bit */
- auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
- }
-
- /* switch off bits we can't support */
-#ifndef USE_NTLM
- auth &= ~CURLAUTH_NTLM; /* no NTLM support */
- auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
-#elif !defined(NTLM_WB_ENABLED)
- auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
-#endif
-#ifndef USE_HTTP_NEGOTIATE
- auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
- WINDOWS_SSPI */
-#endif
-
- /* check if any auth bit lower than CURLAUTH_ONLY is still set */
- bitcheck = 0;
- authbits = FALSE;
- while(bitcheck < 31) {
- if(auth & (1UL << bitcheck++)) {
- authbits = TRUE;
- break;
- }
- }
- if(!authbits)
- return CURLE_NOT_BUILT_IN; /* no supported types left! */
-
- data->set.httpauth = auth;
- }
- break;
-
-#endif /* CURL_DISABLE_HTTP */
-
- case CURLOPT_CUSTOMREQUEST:
- /*
- * Set a custom string to use as request
- */
- result = setstropt(&data->set.str[STRING_CUSTOMREQUEST],
- va_arg(param, char *));
-
- /* we don't set
- data->set.httpreq = HTTPREQ_CUSTOM;
- here, we continue as if we were using the already set type
- and this just changes the actual request keyword */
- break;
-
-#ifndef CURL_DISABLE_PROXY
- case CURLOPT_HTTPPROXYTUNNEL:
- /*
- * Tunnel operations through the proxy instead of normal proxy use
- */
- data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_PROXYPORT:
- /*
- * Explicitly set HTTP proxy port number.
- */
- data->set.proxyport = va_arg(param, long);
- break;
-
- case CURLOPT_PROXYAUTH:
- /*
- * Set HTTP Authentication type BITMASK.
- */
- {
- int bitcheck;
- bool authbits;
- unsigned long auth = va_arg(param, unsigned long);
-
- if(auth == CURLAUTH_NONE) {
- data->set.proxyauth = auth;
- break;
- }
-
- /* the DIGEST_IE bit is only used to set a special marker, for all the
- rest we need to handle it as normal DIGEST */
- data->state.authproxy.iestyle = (auth & CURLAUTH_DIGEST_IE)?TRUE:FALSE;
-
- if(auth & CURLAUTH_DIGEST_IE) {
- auth |= CURLAUTH_DIGEST; /* set standard digest bit */
- auth &= ~CURLAUTH_DIGEST_IE; /* unset ie digest bit */
- }
- /* switch off bits we can't support */
-#ifndef USE_NTLM
- auth &= ~CURLAUTH_NTLM; /* no NTLM support */
- auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
-#elif !defined(NTLM_WB_ENABLED)
- auth &= ~CURLAUTH_NTLM_WB; /* no NTLM_WB support */
-#endif
-#ifndef USE_HTTP_NEGOTIATE
- auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
- WINDOWS_SSPI */
-#endif
-
- /* check if any auth bit lower than CURLAUTH_ONLY is still set */
- bitcheck = 0;
- authbits = FALSE;
- while(bitcheck < 31) {
- if(auth & (1UL << bitcheck++)) {
- authbits = TRUE;
- break;
- }
- }
- if(!authbits)
- return CURLE_NOT_BUILT_IN; /* no supported types left! */
-
- data->set.proxyauth = auth;
- }
- break;
-
- case CURLOPT_PROXY:
- /*
- * Set proxy server:port to use as HTTP proxy.
- *
- * If the proxy is set to "" we explicitly say that we don't want to use a
- * proxy (even though there might be environment variables saying so).
- *
- * Setting it to NULL, means no proxy but allows the environment variables
- * to decide for us.
- */
- result = setstropt(&data->set.str[STRING_PROXY],
- va_arg(param, char *));
- break;
-
- case CURLOPT_PROXYTYPE:
- /*
- * Set proxy type. HTTP/HTTP_1_0/SOCKS4/SOCKS4a/SOCKS5/SOCKS5_HOSTNAME
- */
- data->set.proxytype = (curl_proxytype)va_arg(param, long);
- break;
-
- case CURLOPT_PROXY_TRANSFER_MODE:
- /*
- * set transfer mode (;type=<a|i>) when doing FTP via an HTTP proxy
- */
- switch (va_arg(param, long)) {
- case 0:
- data->set.proxy_transfer_mode = FALSE;
- break;
- case 1:
- data->set.proxy_transfer_mode = TRUE;
- break;
- default:
- /* reserve other values for future use */
- result = CURLE_UNKNOWN_OPTION;
- break;
- }
- break;
-#endif /* CURL_DISABLE_PROXY */
-
-#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- case CURLOPT_SOCKS5_GSSAPI_SERVICE:
- /*
- * Set gssapi service name
- */
- result = setstropt(&data->set.str[STRING_SOCKS5_GSSAPI_SERVICE],
- va_arg(param, char *));
- break;
-
- case CURLOPT_SOCKS5_GSSAPI_NEC:
- /*
- * set flag for nec socks5 support
- */
- data->set.socks5_gssapi_nec = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-#endif
-
- case CURLOPT_WRITEHEADER:
- /*
- * Custom pointer to pass the header write callback function
- */
- data->set.writeheader = (void *)va_arg(param, void *);
- break;
- case CURLOPT_ERRORBUFFER:
- /*
- * Error buffer provided by the caller to get the human readable
- * error string in.
- */
- data->set.errorbuffer = va_arg(param, char *);
- break;
- case CURLOPT_FILE:
- /*
- * FILE pointer to write to. Or possibly
- * used as argument to the write callback.
- */
- data->set.out = va_arg(param, void *);
- break;
- case CURLOPT_FTPPORT:
- /*
- * Use FTP PORT, this also specifies which IP address to use
- */
- result = setstropt(&data->set.str[STRING_FTPPORT],
- va_arg(param, char *));
- data->set.ftp_use_port = (NULL != data->set.str[STRING_FTPPORT]) ?
- TRUE:FALSE;
- break;
-
- case CURLOPT_FTP_USE_EPRT:
- data->set.ftp_use_eprt = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_FTP_USE_EPSV:
- data->set.ftp_use_epsv = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_FTP_USE_PRET:
- data->set.ftp_use_pret = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_FTP_SSL_CCC:
- data->set.ftp_ccc = (curl_ftpccc)va_arg(param, long);
- break;
-
- case CURLOPT_FTP_SKIP_PASV_IP:
- /*
- * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the
- * bypass of the IP address in PASV responses.
- */
- data->set.ftp_skip_ip = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_INFILE:
- /*
- * FILE pointer to read the file to be uploaded from. Or possibly
- * used as argument to the read callback.
- */
- data->set.in = va_arg(param, void *);
- break;
- case CURLOPT_INFILESIZE:
- /*
- * If known, this should inform curl about the file size of the
- * to-be-uploaded file.
- */
- data->set.infilesize = va_arg(param, long);
- break;
- case CURLOPT_INFILESIZE_LARGE:
- /*
- * If known, this should inform curl about the file size of the
- * to-be-uploaded file.
- */
- data->set.infilesize = va_arg(param, curl_off_t);
- break;
- case CURLOPT_LOW_SPEED_LIMIT:
- /*
- * The low speed limit that if transfers are below this for
- * CURLOPT_LOW_SPEED_TIME, the transfer is aborted.
- */
- data->set.low_speed_limit=va_arg(param, long);
- break;
- case CURLOPT_MAX_SEND_SPEED_LARGE:
- /*
- * When transfer uploads are faster then CURLOPT_MAX_SEND_SPEED_LARGE
- * bytes per second the transfer is throttled..
- */
- data->set.max_send_speed=va_arg(param, curl_off_t);
- break;
- case CURLOPT_MAX_RECV_SPEED_LARGE:
- /*
- * When receiving data faster than CURLOPT_MAX_RECV_SPEED_LARGE bytes per
- * second the transfer is throttled..
- */
- data->set.max_recv_speed=va_arg(param, curl_off_t);
- break;
- case CURLOPT_LOW_SPEED_TIME:
- /*
- * The low speed time that if transfers are below the set
- * CURLOPT_LOW_SPEED_LIMIT during this time, the transfer is aborted.
- */
- data->set.low_speed_time=va_arg(param, long);
- break;
- case CURLOPT_URL:
- /*
- * The URL to fetch.
- */
- if(data->change.url_alloc) {
- /* the already set URL is allocated, free it first! */
- Curl_safefree(data->change.url);
- data->change.url_alloc = FALSE;
- }
- result = setstropt(&data->set.str[STRING_SET_URL],
- va_arg(param, char *));
- data->change.url = data->set.str[STRING_SET_URL];
- break;
- case CURLOPT_PORT:
- /*
- * The port number to use when getting the URL
- */
- data->set.use_port = va_arg(param, long);
- break;
- case CURLOPT_TIMEOUT:
- /*
- * The maximum time you allow curl to use for a single transfer
- * operation.
- */
- data->set.timeout = va_arg(param, long) * 1000L;
- break;
-
- case CURLOPT_TIMEOUT_MS:
- data->set.timeout = va_arg(param, long);
- break;
-
- case CURLOPT_CONNECTTIMEOUT:
- /*
- * The maximum time you allow curl to use to connect.
- */
- data->set.connecttimeout = va_arg(param, long) * 1000L;
- break;
-
- case CURLOPT_CONNECTTIMEOUT_MS:
- data->set.connecttimeout = va_arg(param, long);
- break;
-
- case CURLOPT_ACCEPTTIMEOUT_MS:
- /*
- * The maximum time you allow curl to wait for server connect
- */
- data->set.accepttimeout = va_arg(param, long);
- break;
-
- case CURLOPT_USERPWD:
- /*
- * user:password;options to use in the operation
- */
- result = setstropt_userpwd(va_arg(param, char *),
- &data->set.str[STRING_USERNAME],
- &data->set.str[STRING_PASSWORD],
- &data->set.str[STRING_OPTIONS]);
- break;
- case CURLOPT_USERNAME:
- /*
- * authentication user name to use in the operation
- */
- result = setstropt(&data->set.str[STRING_USERNAME],
- va_arg(param, char *));
- break;
- case CURLOPT_PASSWORD:
- /*
- * authentication password to use in the operation
- */
- result = setstropt(&data->set.str[STRING_PASSWORD],
- va_arg(param, char *));
- break;
- case CURLOPT_XOAUTH2_BEARER:
- /*
- * XOAUTH2 bearer token to use in the operation
- */
- result = setstropt(&data->set.str[STRING_BEARER],
- va_arg(param, char *));
- break;
- case CURLOPT_POSTQUOTE:
- /*
- * List of RAW FTP commands to use after a transfer
- */
- data->set.postquote = va_arg(param, struct curl_slist *);
- break;
- case CURLOPT_PREQUOTE:
- /*
- * List of RAW FTP commands to use prior to RETR (Wesley Laxton)
- */
- data->set.prequote = va_arg(param, struct curl_slist *);
- break;
- case CURLOPT_QUOTE:
- /*
- * List of RAW FTP commands to use before a transfer
- */
- data->set.quote = va_arg(param, struct curl_slist *);
- break;
- case CURLOPT_RESOLVE:
- /*
- * List of NAME:[address] names to populate the DNS cache with
- * Prefix the NAME with dash (-) to _remove_ the name from the cache.
- *
- * Names added with this API will remain in the cache until explicitly
- * removed or the handle is cleaned up.
- *
- * This API can remove any name from the DNS cache, but only entries
- * that aren't actually in use right now will be pruned immediately.
- */
- data->set.resolve = va_arg(param, struct curl_slist *);
- data->change.resolve = data->set.resolve;
- break;
- case CURLOPT_PROGRESSFUNCTION:
- /*
- * Progress callback function
- */
- data->set.fprogress = va_arg(param, curl_progress_callback);
- if(data->set.fprogress)
- data->progress.callback = TRUE; /* no longer internal */
- else
- data->progress.callback = FALSE; /* NULL enforces internal */
- break;
-
- case CURLOPT_XFERINFOFUNCTION:
- /*
- * Transfer info callback function
- */
- data->set.fxferinfo = va_arg(param, curl_xferinfo_callback);
- if(data->set.fxferinfo)
- data->progress.callback = TRUE; /* no longer internal */
- else
- data->progress.callback = FALSE; /* NULL enforces internal */
-
- break;
-
- case CURLOPT_PROGRESSDATA:
- /*
- * Custom client data to pass to the progress callback
- */
- data->set.progress_client = va_arg(param, void *);
- break;
-
-#ifndef CURL_DISABLE_PROXY
- case CURLOPT_PROXYUSERPWD:
- /*
- * user:password needed to use the proxy
- */
- result = setstropt_userpwd(va_arg(param, char *),
- &data->set.str[STRING_PROXYUSERNAME],
- &data->set.str[STRING_PROXYPASSWORD], NULL);
- break;
- case CURLOPT_PROXYUSERNAME:
- /*
- * authentication user name to use in the operation
- */
- result = setstropt(&data->set.str[STRING_PROXYUSERNAME],
- va_arg(param, char *));
- break;
- case CURLOPT_PROXYPASSWORD:
- /*
- * authentication password to use in the operation
- */
- result = setstropt(&data->set.str[STRING_PROXYPASSWORD],
- va_arg(param, char *));
- break;
- case CURLOPT_NOPROXY:
- /*
- * proxy exception list
- */
- result = setstropt(&data->set.str[STRING_NOPROXY],
- va_arg(param, char *));
- break;
-#endif
-
- case CURLOPT_RANGE:
- /*
- * What range of the file you want to transfer
- */
- result = setstropt(&data->set.str[STRING_SET_RANGE],
- va_arg(param, char *));
- break;
- case CURLOPT_RESUME_FROM:
- /*
- * Resume transfer at the give file position
- */
- data->set.set_resume_from = va_arg(param, long);
- break;
- case CURLOPT_RESUME_FROM_LARGE:
- /*
- * Resume transfer at the give file position
- */
- data->set.set_resume_from = va_arg(param, curl_off_t);
- break;
- case CURLOPT_DEBUGFUNCTION:
- /*
- * stderr write callback.
- */
- data->set.fdebug = va_arg(param, curl_debug_callback);
- /*
- * if the callback provided is NULL, it'll use the default callback
- */
- break;
- case CURLOPT_DEBUGDATA:
- /*
- * Set to a void * that should receive all error writes. This
- * defaults to CURLOPT_STDERR for normal operations.
- */
- data->set.debugdata = va_arg(param, void *);
- break;
- case CURLOPT_STDERR:
- /*
- * Set to a FILE * that should receive all error writes. This
- * defaults to stderr for normal operations.
- */
- data->set.err = va_arg(param, FILE *);
- if(!data->set.err)
- data->set.err = stderr;
- break;
- case CURLOPT_HEADERFUNCTION:
- /*
- * Set header write callback
- */
- data->set.fwrite_header = va_arg(param, curl_write_callback);
- break;
- case CURLOPT_WRITEFUNCTION:
- /*
- * Set data write callback
- */
- data->set.fwrite_func = va_arg(param, curl_write_callback);
- if(!data->set.fwrite_func) {
- data->set.is_fwrite_set = 0;
- /* When set to NULL, reset to our internal default function */
- data->set.fwrite_func = (curl_write_callback)fwrite;
- }
- else
- data->set.is_fwrite_set = 1;
- break;
- case CURLOPT_READFUNCTION:
- /*
- * Read data callback
- */
- data->set.fread_func = va_arg(param, curl_read_callback);
- if(!data->set.fread_func) {
- data->set.is_fread_set = 0;
- /* When set to NULL, reset to our internal default function */
- data->set.fread_func = (curl_read_callback)fread;
- }
- else
- data->set.is_fread_set = 1;
- break;
- case CURLOPT_SEEKFUNCTION:
- /*
- * Seek callback. Might be NULL.
- */
- data->set.seek_func = va_arg(param, curl_seek_callback);
- break;
- case CURLOPT_SEEKDATA:
- /*
- * Seek control callback. Might be NULL.
- */
- data->set.seek_client = va_arg(param, void *);
- break;
- case CURLOPT_CONV_FROM_NETWORK_FUNCTION:
- /*
- * "Convert from network encoding" callback
- */
- data->set.convfromnetwork = va_arg(param, curl_conv_callback);
- break;
- case CURLOPT_CONV_TO_NETWORK_FUNCTION:
- /*
- * "Convert to network encoding" callback
- */
- data->set.convtonetwork = va_arg(param, curl_conv_callback);
- break;
- case CURLOPT_CONV_FROM_UTF8_FUNCTION:
- /*
- * "Convert from UTF-8 encoding" callback
- */
- data->set.convfromutf8 = va_arg(param, curl_conv_callback);
- break;
- case CURLOPT_IOCTLFUNCTION:
- /*
- * I/O control callback. Might be NULL.
- */
- data->set.ioctl_func = va_arg(param, curl_ioctl_callback);
- break;
- case CURLOPT_IOCTLDATA:
- /*
- * I/O control data pointer. Might be NULL.
- */
- data->set.ioctl_client = va_arg(param, void *);
- break;
- case CURLOPT_SSLCERT:
- /*
- * String that holds file name of the SSL certificate to use
- */
- result = setstropt(&data->set.str[STRING_CERT],
- va_arg(param, char *));
- break;
- case CURLOPT_SSLCERTTYPE:
- /*
- * String that holds file type of the SSL certificate to use
- */
- result = setstropt(&data->set.str[STRING_CERT_TYPE],
- va_arg(param, char *));
- break;
- case CURLOPT_SSLKEY:
- /*
- * String that holds file name of the SSL key to use
- */
- result = setstropt(&data->set.str[STRING_KEY],
- va_arg(param, char *));
- break;
- case CURLOPT_SSLKEYTYPE:
- /*
- * String that holds file type of the SSL key to use
- */
- result = setstropt(&data->set.str[STRING_KEY_TYPE],
- va_arg(param, char *));
- break;
- case CURLOPT_KEYPASSWD:
- /*
- * String that holds the SSL or SSH private key password.
- */
- result = setstropt(&data->set.str[STRING_KEY_PASSWD],
- va_arg(param, char *));
- break;
- case CURLOPT_SSLENGINE:
- /*
- * String that holds the SSL crypto engine.
- */
- argptr = va_arg(param, char *);
- if(argptr && argptr[0])
- result = Curl_ssl_set_engine(data, argptr);
- break;
-
- case CURLOPT_SSLENGINE_DEFAULT:
- /*
- * flag to set engine as default.
- */
- result = Curl_ssl_set_engine_default(data);
- break;
- case CURLOPT_CRLF:
- /*
- * Kludgy option to enable CRLF conversions. Subject for removal.
- */
- data->set.crlf = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_INTERFACE:
- /*
- * Set what interface or address/hostname to bind the socket to when
- * performing an operation and thus what from-IP your connection will use.
- */
- result = setstropt(&data->set.str[STRING_DEVICE],
- va_arg(param, char *));
- break;
- case CURLOPT_LOCALPORT:
- /*
- * Set what local port to bind the socket to when performing an operation.
- */
- data->set.localport = curlx_sltous(va_arg(param, long));
- break;
- case CURLOPT_LOCALPORTRANGE:
- /*
- * Set number of local ports to try, starting with CURLOPT_LOCALPORT.
- */
- data->set.localportrange = curlx_sltosi(va_arg(param, long));
- break;
- case CURLOPT_KRBLEVEL:
- /*
- * A string that defines the kerberos security level.
- */
- result = setstropt(&data->set.str[STRING_KRB_LEVEL],
- va_arg(param, char *));
- data->set.krb = (NULL != data->set.str[STRING_KRB_LEVEL])?TRUE:FALSE;
- break;
- case CURLOPT_GSSAPI_DELEGATION:
- /*
- * GSSAPI credential delegation
- */
- data->set.gssapi_delegation = va_arg(param, long);
- break;
- case CURLOPT_SSL_VERIFYPEER:
- /*
- * Enable peer SSL verifying.
- */
- data->set.ssl.verifypeer = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_SSL_VERIFYHOST:
- /*
- * Enable verification of the host name in the peer certificate
- */
- arg = va_arg(param, long);
-
- /* Obviously people are not reading documentation and too many thought
- this argument took a boolean when it wasn't and misused it. We thus ban
- 1 as a sensible input and we warn about its use. Then we only have the
- 2 action internally stored as TRUE. */
-
- if(1 == arg) {
- failf(data, "CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!");
- return CURLE_BAD_FUNCTION_ARGUMENT;
- }
-
- data->set.ssl.verifyhost = (0 != arg)?TRUE:FALSE;
- break;
-#ifdef USE_SSLEAY
- /* since these two options are only possible to use on an OpenSSL-
- powered libcurl we #ifdef them on this condition so that libcurls
- built against other SSL libs will return a proper error when trying
- to set this option! */
- case CURLOPT_SSL_CTX_FUNCTION:
- /*
- * Set a SSL_CTX callback
- */
- data->set.ssl.fsslctx = va_arg(param, curl_ssl_ctx_callback);
- break;
- case CURLOPT_SSL_CTX_DATA:
- /*
- * Set a SSL_CTX callback parameter pointer
- */
- data->set.ssl.fsslctxp = va_arg(param, void *);
- break;
-#endif
-#if defined(USE_SSLEAY) || defined(USE_QSOSSL) || defined(USE_GSKIT)
- case CURLOPT_CERTINFO:
- data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-#endif
- case CURLOPT_CAINFO:
- /*
- * Set CA info for SSL connection. Specify file name of the CA certificate
- */
- result = setstropt(&data->set.str[STRING_SSL_CAFILE],
- va_arg(param, char *));
- break;
- case CURLOPT_CAPATH:
- /*
- * Set CA path info for SSL connection. Specify directory name of the CA
- * certificates which have been prepared using openssl c_rehash utility.
- */
- /* This does not work on windows. */
- result = setstropt(&data->set.str[STRING_SSL_CAPATH],
- va_arg(param, char *));
- break;
- case CURLOPT_CRLFILE:
- /*
- * Set CRL file info for SSL connection. Specify file name of the CRL
- * to check certificates revocation
- */
- result = setstropt(&data->set.str[STRING_SSL_CRLFILE],
- va_arg(param, char *));
- break;
- case CURLOPT_ISSUERCERT:
- /*
- * Set Issuer certificate file
- * to check certificates issuer
- */
- result = setstropt(&data->set.str[STRING_SSL_ISSUERCERT],
- va_arg(param, char *));
- break;
- case CURLOPT_TELNETOPTIONS:
- /*
- * Set a linked list of telnet options
- */
- data->set.telnet_options = va_arg(param, struct curl_slist *);
- break;
-
- case CURLOPT_BUFFERSIZE:
- /*
- * The application kindly asks for a differently sized receive buffer.
- * If it seems reasonable, we'll use it.
- */
- data->set.buffer_size = va_arg(param, long);
-
- if((data->set.buffer_size> (BUFSIZE -1 )) ||
- (data->set.buffer_size < 1))
- data->set.buffer_size = 0; /* huge internal default */
-
- break;
-
- case CURLOPT_NOSIGNAL:
- /*
- * The application asks not to set any signal() or alarm() handlers,
- * even when using a timeout.
- */
- data->set.no_signal = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_SHARE:
- {
- struct Curl_share *set;
- set = va_arg(param, struct Curl_share *);
-
- /* disconnect from old share, if any */
- if(data->share) {
- Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
-
- if(data->dns.hostcachetype == HCACHE_SHARED) {
- data->dns.hostcache = NULL;
- data->dns.hostcachetype = HCACHE_NONE;
- }
-
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
- if(data->share->cookies == data->cookies)
- data->cookies = NULL;
-#endif
-
- if(data->share->sslsession == data->state.session)
- data->state.session = NULL;
-
- data->share->dirty--;
-
- Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
- data->share = NULL;
- }
-
- /* use new share if it set */
- data->share = set;
- if(data->share) {
-
- Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
-
- data->share->dirty++;
-
- if(data->share->hostcache) {
- /* use shared host cache */
- data->dns.hostcache = data->share->hostcache;
- data->dns.hostcachetype = HCACHE_SHARED;
- }
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
- if(data->share->cookies) {
- /* use shared cookie list, first free own one if any */
- if(data->cookies)
- Curl_cookie_cleanup(data->cookies);
- /* enable cookies since we now use a share that uses cookies! */
- data->cookies = data->share->cookies;
- }
-#endif /* CURL_DISABLE_HTTP */
- if(data->share->sslsession) {
- data->set.ssl.max_ssl_sessions = data->share->max_ssl_sessions;
- data->state.session = data->share->sslsession;
- }
- Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
-
- }
- /* check for host cache not needed,
- * it will be done by curl_easy_perform */
+ struct postponed_data * const psnd = &(conn->postponed[num]);
+ if(psnd->buffer) {
+ DEBUGASSERT(psnd->allocated_size > 0);
+ DEBUGASSERT(psnd->recv_size <= psnd->allocated_size);
+ DEBUGASSERT(psnd->recv_size ?
+ (psnd->recv_processed < psnd->recv_size) :
+ (psnd->recv_processed == 0));
+ DEBUGASSERT(psnd->bindsock != CURL_SOCKET_BAD);
+ free(psnd->buffer);
+ psnd->buffer = NULL;
+ psnd->allocated_size = 0;
+ psnd->recv_size = 0;
+ psnd->recv_processed = 0;
+#ifdef DEBUGBUILD
+ psnd->bindsock = CURL_SOCKET_BAD; /* used only for DEBUGASSERT */
+#endif /* DEBUGBUILD */
}
- break;
-
- case CURLOPT_PRIVATE:
- /*
- * Set private data pointer.
- */
- data->set.private_data = va_arg(param, void *);
- break;
-
- case CURLOPT_MAXFILESIZE:
- /*
- * Set the maximum size of a file to download.
- */
- data->set.max_filesize = va_arg(param, long);
- break;
-
-#ifdef USE_SSL
- case CURLOPT_USE_SSL:
- /*
- * Make transfers attempt to use SSL/TLS.
- */
- data->set.use_ssl = (curl_usessl)va_arg(param, long);
- break;
-
- case CURLOPT_SSL_OPTIONS:
- arg = va_arg(param, long);
- data->set.ssl_enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
- break;
-
-#endif
- case CURLOPT_FTPSSLAUTH:
- /*
- * Set a specific auth for FTP-SSL transfers.
- */
- data->set.ftpsslauth = (curl_ftpauth)va_arg(param, long);
- break;
-
- case CURLOPT_IPRESOLVE:
- data->set.ipver = va_arg(param, long);
- break;
-
- case CURLOPT_MAXFILESIZE_LARGE:
- /*
- * Set the maximum size of a file to download.
- */
- data->set.max_filesize = va_arg(param, curl_off_t);
- break;
-
- case CURLOPT_TCP_NODELAY:
- /*
- * Enable or disable TCP_NODELAY, which will disable/enable the Nagle
- * algorithm
- */
- data->set.tcp_nodelay = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_FTP_ACCOUNT:
- result = setstropt(&data->set.str[STRING_FTP_ACCOUNT],
- va_arg(param, char *));
- break;
-
- case CURLOPT_IGNORE_CONTENT_LENGTH:
- data->set.ignorecl = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_CONNECT_ONLY:
- /*
- * No data transfer, set up connection and let application use the socket
- */
- data->set.connect_only = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_FTP_ALTERNATIVE_TO_USER:
- result = setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER],
- va_arg(param, char *));
- break;
-
- case CURLOPT_SOCKOPTFUNCTION:
- /*
- * socket callback function: called after socket() but before connect()
- */
- data->set.fsockopt = va_arg(param, curl_sockopt_callback);
- break;
-
- case CURLOPT_SOCKOPTDATA:
- /*
- * socket callback data pointer. Might be NULL.
- */
- data->set.sockopt_client = va_arg(param, void *);
- break;
-
- case CURLOPT_OPENSOCKETFUNCTION:
- /*
- * open/create socket callback function: called instead of socket(),
- * before connect()
- */
- data->set.fopensocket = va_arg(param, curl_opensocket_callback);
- break;
-
- case CURLOPT_OPENSOCKETDATA:
- /*
- * socket callback data pointer. Might be NULL.
- */
- data->set.opensocket_client = va_arg(param, void *);
- break;
-
- case CURLOPT_CLOSESOCKETFUNCTION:
- /*
- * close socket callback function: called instead of close()
- * when shutting down a connection
- */
- data->set.fclosesocket = va_arg(param, curl_closesocket_callback);
- break;
-
- case CURLOPT_CLOSESOCKETDATA:
- /*
- * socket callback data pointer. Might be NULL.
- */
- data->set.closesocket_client = va_arg(param, void *);
- break;
-
- case CURLOPT_SSL_SESSIONID_CACHE:
- data->set.ssl.sessionid = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
-
-#ifdef USE_LIBSSH2
- /* we only include SSH options if explicitly built to support SSH */
- case CURLOPT_SSH_AUTH_TYPES:
- data->set.ssh_auth_types = va_arg(param, long);
- break;
-
- case CURLOPT_SSH_PUBLIC_KEYFILE:
- /*
- * Use this file instead of the $HOME/.ssh/id_dsa.pub file
- */
- result = setstropt(&data->set.str[STRING_SSH_PUBLIC_KEY],
- va_arg(param, char *));
- break;
-
- case CURLOPT_SSH_PRIVATE_KEYFILE:
- /*
- * Use this file instead of the $HOME/.ssh/id_dsa file
- */
- result = setstropt(&data->set.str[STRING_SSH_PRIVATE_KEY],
- va_arg(param, char *));
- break;
- case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5:
- /*
- * Option to allow for the MD5 of the host public key to be checked
- * for validation purposes.
- */
- result = setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5],
- va_arg(param, char *));
- break;
-#ifdef HAVE_LIBSSH2_KNOWNHOST_API
- case CURLOPT_SSH_KNOWNHOSTS:
- /*
- * Store the file name to read known hosts from.
- */
- result = setstropt(&data->set.str[STRING_SSH_KNOWNHOSTS],
- va_arg(param, char *));
- break;
-
- case CURLOPT_SSH_KEYFUNCTION:
- /* setting to NULL is fine since the ssh.c functions themselves will
- then rever to use the internal default */
- data->set.ssh_keyfunc = va_arg(param, curl_sshkeycallback);
- break;
-
- case CURLOPT_SSH_KEYDATA:
- /*
- * Custom client data to pass to the SSH keyfunc callback
- */
- data->set.ssh_keyfunc_userp = va_arg(param, void *);
- break;
-#endif /* HAVE_LIBSSH2_KNOWNHOST_API */
-
-#endif /* USE_LIBSSH2 */
-
- case CURLOPT_HTTP_TRANSFER_DECODING:
- /*
- * disable libcurl transfer encoding is used
- */
- data->set.http_te_skip = (0 == va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_HTTP_CONTENT_DECODING:
- /*
- * raw data passed to the application when content encoding is used
- */
- data->set.http_ce_skip = (0 == va_arg(param, long))?TRUE:FALSE;
- break;
-
- case CURLOPT_NEW_FILE_PERMS:
- /*
- * Uses these permissions instead of 0644
- */
- data->set.new_file_perms = va_arg(param, long);
- break;
-
- case CURLOPT_NEW_DIRECTORY_PERMS:
- /*
- * Uses these permissions instead of 0755
- */
- data->set.new_directory_perms = va_arg(param, long);
- break;
-
- case CURLOPT_ADDRESS_SCOPE:
- /*
- * We always get longs when passed plain numericals, but for this value we
- * know that an unsigned int will always hold the value so we blindly
- * typecast to this type
- */
- data->set.scope = curlx_sltoui(va_arg(param, long));
- break;
-
- case CURLOPT_PROTOCOLS:
- /* set the bitmask for the protocols that are allowed to be used for the
- transfer, which thus helps the app which takes URLs from users or other
- external inputs and want to restrict what protocol(s) to deal
- with. Defaults to CURLPROTO_ALL. */
- data->set.allowed_protocols = va_arg(param, long);
- break;
-
- case CURLOPT_REDIR_PROTOCOLS:
- /* set the bitmask for the protocols that libcurl is allowed to follow to,
- as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs
- to be set in both bitmasks to be allowed to get redirected to. Defaults
- to all protocols except FILE and SCP. */
- data->set.redir_protocols = va_arg(param, long);
- break;
-
- case CURLOPT_MAIL_FROM:
- /* Set the SMTP mail originator */
- result = setstropt(&data->set.str[STRING_MAIL_FROM],
- va_arg(param, char *));
- break;
-
- case CURLOPT_MAIL_AUTH:
- /* Set the SMTP auth originator */
- result = setstropt(&data->set.str[STRING_MAIL_AUTH],
- va_arg(param, char *));
- break;
-
- case CURLOPT_MAIL_RCPT:
- /* Set the list of mail recipients */
- data->set.mail_rcpt = va_arg(param, struct curl_slist *);
- break;
-
- case CURLOPT_SASL_IR:
- /* Enable/disable SASL initial response */
- data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE;
- break;
-
- case CURLOPT_RTSP_REQUEST:
- {
- /*
- * Set the RTSP request method (OPTIONS, SETUP, PLAY, etc...)
- * Would this be better if the RTSPREQ_* were just moved into here?
- */
- long curl_rtspreq = va_arg(param, long);
- Curl_RtspReq rtspreq = RTSPREQ_NONE;
- switch(curl_rtspreq) {
- case CURL_RTSPREQ_OPTIONS:
- rtspreq = RTSPREQ_OPTIONS;
- break;
-
- case CURL_RTSPREQ_DESCRIBE:
- rtspreq = RTSPREQ_DESCRIBE;
- break;
-
- case CURL_RTSPREQ_ANNOUNCE:
- rtspreq = RTSPREQ_ANNOUNCE;
- break;
-
- case CURL_RTSPREQ_SETUP:
- rtspreq = RTSPREQ_SETUP;
- break;
-
- case CURL_RTSPREQ_PLAY:
- rtspreq = RTSPREQ_PLAY;
- break;
-
- case CURL_RTSPREQ_PAUSE:
- rtspreq = RTSPREQ_PAUSE;
- break;
-
- case CURL_RTSPREQ_TEARDOWN:
- rtspreq = RTSPREQ_TEARDOWN;
- break;
-
- case CURL_RTSPREQ_GET_PARAMETER:
- rtspreq = RTSPREQ_GET_PARAMETER;
- break;
-
- case CURL_RTSPREQ_SET_PARAMETER:
- rtspreq = RTSPREQ_SET_PARAMETER;
- break;
-
- case CURL_RTSPREQ_RECORD:
- rtspreq = RTSPREQ_RECORD;
- break;
-
- case CURL_RTSPREQ_RECEIVE:
- rtspreq = RTSPREQ_RECEIVE;
- break;
- default:
- rtspreq = RTSPREQ_NONE;
- }
-
- data->set.rtspreq = rtspreq;
- break;
- }
-
-
- case CURLOPT_RTSP_SESSION_ID:
- /*
- * Set the RTSP Session ID manually. Useful if the application is
- * resuming a previously established RTSP session
- */
- result = setstropt(&data->set.str[STRING_RTSP_SESSION_ID],
- va_arg(param, char *));
- break;
-
- case CURLOPT_RTSP_STREAM_URI:
- /*
- * Set the Stream URI for the RTSP request. Unless the request is
- * for generic server options, the application will need to set this.
- */
- result = setstropt(&data->set.str[STRING_RTSP_STREAM_URI],
- va_arg(param, char *));
- break;
-
- case CURLOPT_RTSP_TRANSPORT:
- /*
- * The content of the Transport: header for the RTSP request
- */
- result = setstropt(&data->set.str[STRING_RTSP_TRANSPORT],
- va_arg(param, char *));
- break;
-
- case CURLOPT_RTSP_CLIENT_CSEQ:
- /*
- * Set the CSEQ number to issue for the next RTSP request. Useful if the
- * application is resuming a previously broken connection. The CSEQ
- * will increment from this new number henceforth.
- */
- data->state.rtsp_next_client_CSeq = va_arg(param, long);
- break;
-
- case CURLOPT_RTSP_SERVER_CSEQ:
- /* Same as the above, but for server-initiated requests */
- data->state.rtsp_next_client_CSeq = va_arg(param, long);
- break;
-
- case CURLOPT_INTERLEAVEDATA:
- data->set.rtp_out = va_arg(param, void *);
- break;
- case CURLOPT_INTERLEAVEFUNCTION:
- /* Set the user defined RTP write function */
- data->set.fwrite_rtp = va_arg(param, curl_write_callback);
- break;
-
- case CURLOPT_WILDCARDMATCH:
- data->set.wildcardmatch = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_CHUNK_BGN_FUNCTION:
- data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback);
- break;
- case CURLOPT_CHUNK_END_FUNCTION:
- data->set.chunk_end = va_arg(param, curl_chunk_end_callback);
- break;
- case CURLOPT_FNMATCH_FUNCTION:
- data->set.fnmatch = va_arg(param, curl_fnmatch_callback);
- break;
- case CURLOPT_CHUNK_DATA:
- data->wildcard.customptr = va_arg(param, void *);
- break;
- case CURLOPT_FNMATCH_DATA:
- data->set.fnmatch_data = va_arg(param, void *);
- break;
-#ifdef USE_TLS_SRP
- case CURLOPT_TLSAUTH_USERNAME:
- result = setstropt(&data->set.str[STRING_TLSAUTH_USERNAME],
- va_arg(param, char *));
- if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
- break;
- case CURLOPT_TLSAUTH_PASSWORD:
- result = setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD],
- va_arg(param, char *));
- if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype)
- data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */
- break;
- case CURLOPT_TLSAUTH_TYPE:
- if(strnequal((char *)va_arg(param, char *), "SRP", strlen("SRP")))
- data->set.ssl.authtype = CURL_TLSAUTH_SRP;
- else
- data->set.ssl.authtype = CURL_TLSAUTH_NONE;
- break;
-#endif
- case CURLOPT_DNS_SERVERS:
- result = Curl_set_dns_servers(data, va_arg(param, char *));
- break;
- case CURLOPT_DNS_INTERFACE:
- result = Curl_set_dns_interface(data, va_arg(param, char *));
- break;
- case CURLOPT_DNS_LOCAL_IP4:
- result = Curl_set_dns_local_ip4(data, va_arg(param, char *));
- break;
- case CURLOPT_DNS_LOCAL_IP6:
- result = Curl_set_dns_local_ip6(data, va_arg(param, char *));
- break;
-
- case CURLOPT_TCP_KEEPALIVE:
- data->set.tcp_keepalive = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
- case CURLOPT_TCP_KEEPIDLE:
- data->set.tcp_keepidle = va_arg(param, long);
- break;
- case CURLOPT_TCP_KEEPINTVL:
- data->set.tcp_keepintvl = va_arg(param, long);
- break;
-
- default:
- /* unknown tag and its companion, just ignore: */
- result = CURLE_UNKNOWN_OPTION;
- break;
+ else {
+ DEBUGASSERT(psnd->allocated_size == 0);
+ DEBUGASSERT(psnd->recv_size == 0);
+ DEBUGASSERT(psnd->recv_processed == 0);
+ DEBUGASSERT(psnd->bindsock == CURL_SOCKET_BAD);
}
+}
- return result;
+static void conn_reset_all_postponed_data(struct connectdata *conn)
+{
+ conn_reset_postponed_data(conn, 0);
+ conn_reset_postponed_data(conn, 1);
}
+#else /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
+/* Use "do-nothing" macro instead of function when workaround not used */
+#define conn_reset_all_postponed_data(c) do {} WHILE_FALSE
+#endif /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
static void conn_free(struct connectdata *conn)
{
@@ -2502,17 +666,24 @@ static void conn_free(struct connectdata *conn)
Curl_closesocket(conn, conn->sock[SECONDARYSOCKET]);
if(CURL_SOCKET_BAD != conn->sock[FIRSTSOCKET])
Curl_closesocket(conn, conn->sock[FIRSTSOCKET]);
+ if(CURL_SOCKET_BAD != conn->tempsock[0])
+ Curl_closesocket(conn, conn->tempsock[0]);
+ if(CURL_SOCKET_BAD != conn->tempsock[1])
+ Curl_closesocket(conn, conn->tempsock[1]);
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
+ defined(NTLM_WB_ENABLED)
Curl_ntlm_wb_cleanup(conn);
#endif
Curl_safefree(conn->user);
Curl_safefree(conn->passwd);
- Curl_safefree(conn->xoauth2_bearer);
+ Curl_safefree(conn->oauth_bearer);
Curl_safefree(conn->options);
- Curl_safefree(conn->proxyuser);
- Curl_safefree(conn->proxypasswd);
+ Curl_safefree(conn->http_proxy.user);
+ Curl_safefree(conn->socks_proxy.user);
+ Curl_safefree(conn->http_proxy.passwd);
+ Curl_safefree(conn->socks_proxy.passwd);
Curl_safefree(conn->allocptr.proxyuserpwd);
Curl_safefree(conn->allocptr.uagent);
Curl_safefree(conn->allocptr.userpwd);
@@ -2525,24 +696,42 @@ static void conn_free(struct connectdata *conn)
Curl_safefree(conn->allocptr.rtsp_transport);
Curl_safefree(conn->trailer);
Curl_safefree(conn->host.rawalloc); /* host name buffer */
- Curl_safefree(conn->proxy.rawalloc); /* proxy name buffer */
+ Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
+ Curl_safefree(conn->secondaryhostname);
+ Curl_safefree(conn->http_proxy.host.rawalloc); /* http proxy name buffer */
+ Curl_safefree(conn->socks_proxy.host.rawalloc); /* socks proxy name buffer */
Curl_safefree(conn->master_buffer);
+ Curl_safefree(conn->connect_state);
- Curl_llist_destroy(conn->send_pipe, NULL);
- Curl_llist_destroy(conn->recv_pipe, NULL);
+ conn_reset_all_postponed_data(conn);
- conn->send_pipe = NULL;
- conn->recv_pipe = NULL;
+ Curl_llist_destroy(&conn->send_pipe, NULL);
+ Curl_llist_destroy(&conn->recv_pipe, NULL);
Curl_safefree(conn->localdev);
- Curl_free_ssl_config(&conn->ssl_config);
+ Curl_free_primary_ssl_config(&conn->ssl_config);
+ Curl_free_primary_ssl_config(&conn->proxy_ssl_config);
+
+#ifdef USE_UNIX_SOCKETS
+ Curl_safefree(conn->unix_domain_socket);
+#endif
free(conn); /* free all the connection oriented data */
}
+/*
+ * Disconnects the given connection. Note the connection may not be the
+ * primary connection, like when freeing room in the connection cache or
+ * killing of a dead old connection.
+ *
+ * This function MUST NOT reset state in the Curl_easy struct if that
+ * isn't strictly bound to the life-time of *this* particular connection.
+ *
+ */
+
CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
{
- struct SessionHandle *data;
+ struct Curl_easy *data;
if(!conn)
return CURLE_OK; /* this is closed and fine already */
data = conn->data;
@@ -2552,6 +741,17 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
return CURLE_OK;
}
+ /*
+ * If this connection isn't marked to force-close, leave it open if there
+ * are other users of it
+ */
+ if(!conn->bits.close &&
+ (conn->send_pipe.size + conn->recv_pipe.size)) {
+ DEBUGF(infof(data, "Curl_disconnect, usecounter: %d\n",
+ conn->send_pipe.size + conn->recv_pipe.size));
+ return CURLE_OK;
+ }
+
if(conn->dns_entry != NULL) {
Curl_resolv_unlock(data, conn->dns_entry);
conn->dns_entry = NULL;
@@ -2559,38 +759,10 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
Curl_hostcache_prune(data); /* kill old DNS cache entries */
- {
- int has_host_ntlm = (conn->ntlm.state != NTLMSTATE_NONE);
- int has_proxy_ntlm = (conn->proxyntlm.state != NTLMSTATE_NONE);
-
- /* Authentication data is a mix of connection-related and sessionhandle-
- related stuff. NTLM is connection-related so when we close the shop
- we shall forget. */
-
- if(has_host_ntlm) {
- data->state.authhost.done = FALSE;
- data->state.authhost.picked =
- data->state.authhost.want;
- }
-
- if(has_proxy_ntlm) {
- data->state.authproxy.done = FALSE;
- data->state.authproxy.picked =
- data->state.authproxy.want;
- }
-
- if(has_host_ntlm || has_proxy_ntlm)
- data->state.authproblem = FALSE;
- }
-
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
/* Cleanup NTLM connection-related data */
Curl_http_ntlm_cleanup(conn);
-
- /* Cleanup possible redirect junk */
- if(data->req.newurl) {
- free(data->req.newurl);
- data->req.newurl = NULL;
- }
+#endif
if(conn->handler->disconnect)
/* This is set if protocol-specific cleanups should be made */
@@ -2600,37 +772,21 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
infof(data, "Closing connection %ld\n", conn->connection_id);
Curl_conncache_remove_conn(data->state.conn_cache, conn);
-#if defined(USE_LIBIDN)
- if(conn->host.encalloc)
- idn_free(conn->host.encalloc); /* encoded host name buffer, must be freed
- with idn_free() since this was allocated
- by libidn */
- if(conn->proxy.encalloc)
- idn_free(conn->proxy.encalloc); /* encoded proxy name buffer, must be
- freed with idn_free() since this was
- allocated by libidn */
-#elif defined(USE_WIN32_IDN)
- free(conn->host.encalloc); /* encoded host name buffer, must be freed with
- idn_free() since this was allocated by
- curl_win32_idn_to_ascii */
- if(conn->proxy.encalloc)
- free(conn->proxy.encalloc); /* encoded proxy name buffer, must be freed
- with idn_free() since this was allocated by
- curl_win32_idn_to_ascii */
-#endif
+ free_fixed_hostname(&conn->host);
+ free_fixed_hostname(&conn->conn_to_host);
+ free_fixed_hostname(&conn->http_proxy.host);
+ free_fixed_hostname(&conn->socks_proxy.host);
Curl_ssl_close(conn, FIRSTSOCKET);
/* Indicate to all handles on the pipe that we're dead */
- if(Curl_multi_pipeline_enabled(data->multi)) {
- signalPipeClose(conn->send_pipe, TRUE);
- signalPipeClose(conn->recv_pipe, TRUE);
+ if(Curl_pipeline_wanted(data->multi, CURLPIPE_ANY)) {
+ signalPipeClose(&conn->send_pipe, TRUE);
+ signalPipeClose(&conn->recv_pipe, TRUE);
}
conn_free(conn);
- Curl_speedinit(data);
-
return CURLE_OK;
}
@@ -2644,7 +800,7 @@ static bool SocketIsDead(curl_socket_t sock)
int sval;
bool ret_val = TRUE;
- sval = Curl_socket_ready(sock, CURL_SOCKET_BAD, 0);
+ sval = SOCKET_READABLE(sock, 0);
if(sval == 0)
/* timeout */
ret_val = FALSE;
@@ -2652,45 +808,50 @@ static bool SocketIsDead(curl_socket_t sock)
return ret_val;
}
-static bool IsPipeliningPossible(const struct SessionHandle *handle,
- const struct connectdata *conn)
-{
- if((conn->handler->protocol & CURLPROTO_HTTP) &&
- Curl_multi_pipeline_enabled(handle->multi) &&
- (handle->set.httpreq == HTTPREQ_GET ||
- handle->set.httpreq == HTTPREQ_HEAD) &&
- handle->set.httpversion != CURL_HTTP_VERSION_1_0)
- return TRUE;
-
- return FALSE;
-}
-
-bool Curl_isPipeliningEnabled(const struct SessionHandle *handle)
-{
- return Curl_multi_pipeline_enabled(handle->multi);
-}
-
-CURLcode Curl_addHandleToPipeline(struct SessionHandle *data,
- struct curl_llist *pipeline)
+/*
+ * IsPipeliningPossible()
+ *
+ * Return a bitmask with the available pipelining and multiplexing options for
+ * the given requested connection.
+ */
+static int IsPipeliningPossible(const struct Curl_easy *handle,
+ const struct connectdata *conn)
{
- if(!Curl_llist_insert_next(pipeline, pipeline->tail, data))
- return CURLE_OUT_OF_MEMORY;
- infof(data, "Curl_addHandleToPipeline: length: %d\n", pipeline->size);
- return CURLE_OK;
+ int avail = 0;
+
+ /* If a HTTP protocol and pipelining is enabled */
+ if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+ (!conn->bits.protoconnstart || !conn->bits.close)) {
+
+ if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) &&
+ (handle->set.httpversion != CURL_HTTP_VERSION_1_0) &&
+ (handle->set.httpreq == HTTPREQ_GET ||
+ handle->set.httpreq == HTTPREQ_HEAD))
+ /* didn't ask for HTTP/1.0 and a GET or HEAD */
+ avail |= CURLPIPE_HTTP1;
+
+ if(Curl_pipeline_wanted(handle->multi, CURLPIPE_MULTIPLEX) &&
+ (handle->set.httpversion >= CURL_HTTP_VERSION_2))
+ /* allows HTTP/2 */
+ avail |= CURLPIPE_MULTIPLEX;
+ }
+ return avail;
}
-int Curl_removeHandleFromPipeline(struct SessionHandle *handle,
+int Curl_removeHandleFromPipeline(struct Curl_easy *handle,
struct curl_llist *pipeline)
{
- struct curl_llist_element *curr;
+ if(pipeline) {
+ struct curl_llist_element *curr;
- curr = pipeline->head;
- while(curr) {
- if(curr->ptr == handle) {
- Curl_llist_remove(pipeline, curr, NULL);
- return 1; /* we removed a handle */
+ curr = pipeline->head;
+ while(curr) {
+ if(curr->ptr == handle) {
+ Curl_llist_remove(pipeline, curr, NULL);
+ return 1; /* we removed a handle */
+ }
+ curr = curr->next;
}
- curr = curr->next;
}
return 0;
@@ -2703,18 +864,18 @@ static void Curl_printPipeline(struct curl_llist *pipeline)
curr = pipeline->head;
while(curr) {
- struct SessionHandle *data = (struct SessionHandle *) curr->ptr;
+ struct Curl_easy *data = (struct Curl_easy *) curr->ptr;
infof(data, "Handle in pipeline: %s\n", data->state.path);
curr = curr->next;
}
}
#endif
-static struct SessionHandle* gethandleathead(struct curl_llist *pipeline)
+static struct Curl_easy* gethandleathead(struct curl_llist *pipeline)
{
struct curl_llist_element *curr = pipeline->head;
if(curr) {
- return (struct SessionHandle *) curr->ptr;
+ return (struct Curl_easy *) curr->ptr;
}
return NULL;
@@ -2722,19 +883,18 @@ static struct SessionHandle* gethandleathead(struct curl_llist *pipeline)
/* remove the specified connection from all (possible) pipelines and related
queues */
-void Curl_getoff_all_pipelines(struct SessionHandle *data,
+void Curl_getoff_all_pipelines(struct Curl_easy *data,
struct connectdata *conn)
{
bool recv_head = (conn->readchannel_inuse &&
- (gethandleathead(conn->recv_pipe) == data)) ? TRUE : FALSE;
-
+ Curl_recvpipe_head(data, conn));
bool send_head = (conn->writechannel_inuse &&
- (gethandleathead(conn->send_pipe) == data)) ? TRUE : FALSE;
+ Curl_sendpipe_head(data, conn));
- if(Curl_removeHandleFromPipeline(data, conn->recv_pipe) && recv_head)
- conn->readchannel_inuse = FALSE;
- if(Curl_removeHandleFromPipeline(data, conn->send_pipe) && send_head)
- conn->writechannel_inuse = FALSE;
+ if(Curl_removeHandleFromPipeline(data, &conn->recv_pipe) && recv_head)
+ Curl_pipeline_leave_read(conn);
+ if(Curl_removeHandleFromPipeline(data, &conn->send_pipe) && send_head)
+ Curl_pipeline_leave_write(conn);
}
static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke)
@@ -2747,7 +907,7 @@ static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke)
curr = pipeline->head;
while(curr) {
struct curl_llist_element *next = curr->next;
- struct SessionHandle *data = (struct SessionHandle *) curr->ptr;
+ struct Curl_easy *data = (struct Curl_easy *) curr->ptr;
#ifdef DEBUGBUILD /* debug-only code */
if(data->magic != CURLEASY_MAGIC_NUMBER) {
@@ -2764,58 +924,19 @@ static void signalPipeClose(struct curl_llist *pipeline, bool pipe_broke)
}
}
-/*
- * This function finds the connection in the connection
- * cache that has been unused for the longest time.
- *
- * Returns the pointer to the oldest idle connection, or NULL if none was
- * found.
- */
-static struct connectdata *
-find_oldest_idle_connection(struct SessionHandle *data)
+static bool
+proxy_info_matches(const struct proxy_info* data,
+ const struct proxy_info* needle)
{
- struct conncache *bc = data->state.conn_cache;
- struct curl_hash_iterator iter;
- struct curl_llist_element *curr;
- struct curl_hash_element *he;
- long highscore=-1;
- long score;
- struct timeval now;
- struct connectdata *conn_candidate = NULL;
- struct connectbundle *bundle;
-
- now = Curl_tvnow();
-
- Curl_hash_start_iterate(bc->hash, &iter);
-
- he = Curl_hash_next_element(&iter);
- while(he) {
- struct connectdata *conn;
-
- bundle = he->ptr;
-
- curr = bundle->conn_list->head;
- while(curr) {
- conn = curr->ptr;
-
- if(!conn->inuse) {
- /* Set higher score for the age passed since the connection was used */
- score = Curl_tvdiff(now, conn->now);
-
- if(score > highscore) {
- highscore = score;
- conn_candidate = conn;
- }
- }
- curr = curr->next;
- }
-
- he = Curl_hash_next_element(&iter);
- }
+ if((data->proxytype == needle->proxytype) &&
+ (data->port == needle->port) &&
+ Curl_safe_strcasecompare(data->host.name, needle->host.name))
+ return TRUE;
- return conn_candidate;
+ return FALSE;
}
+
/*
* This function finds the connection in the connection
* bundle that has been unused for the longest time.
@@ -2824,27 +945,27 @@ find_oldest_idle_connection(struct SessionHandle *data)
* found.
*/
static struct connectdata *
-find_oldest_idle_connection_in_bundle(struct SessionHandle *data,
+find_oldest_idle_connection_in_bundle(struct Curl_easy *data,
struct connectbundle *bundle)
{
struct curl_llist_element *curr;
- long highscore=-1;
- long score;
- struct timeval now;
+ timediff_t highscore = -1;
+ timediff_t score;
+ struct curltime now;
struct connectdata *conn_candidate = NULL;
struct connectdata *conn;
(void)data;
- now = Curl_tvnow();
+ now = Curl_now();
- curr = bundle->conn_list->head;
+ curr = bundle->conn_list.head;
while(curr) {
conn = curr->ptr;
if(!conn->inuse) {
/* Set higher score for the age passed since the connection was used */
- score = Curl_tvdiff(now, conn->now);
+ score = Curl_timediff(now, conn->now);
if(score > highscore) {
highscore = score;
@@ -2858,6 +979,84 @@ find_oldest_idle_connection_in_bundle(struct SessionHandle *data,
}
/*
+ * This function checks if given connection is dead and disconnects if so.
+ * (That also removes it from the connection cache.)
+ *
+ * Returns TRUE if the connection actually was dead and disconnected.
+ */
+static bool disconnect_if_dead(struct connectdata *conn,
+ struct Curl_easy *data)
+{
+ size_t pipeLen = conn->send_pipe.size + conn->recv_pipe.size;
+ if(!pipeLen && !conn->inuse) {
+ /* The check for a dead socket makes sense only if there are no
+ handles in pipeline and the connection isn't already marked in
+ use */
+ bool dead;
+
+ if(conn->handler->connection_check) {
+ /* The protocol has a special method for checking the state of the
+ connection. Use it to check if the connection is dead. */
+ unsigned int state;
+
+ state = conn->handler->connection_check(conn, CONNCHECK_ISDEAD);
+ dead = (state & CONNRESULT_DEAD);
+ }
+ else {
+ /* Use the general method for determining the death of a connection */
+ dead = SocketIsDead(conn->sock[FIRSTSOCKET]);
+ }
+
+ if(dead) {
+ conn->data = data;
+ infof(data, "Connection %ld seems to be dead!\n", conn->connection_id);
+
+ /* disconnect resources */
+ Curl_disconnect(conn, /* dead_connection */TRUE);
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/*
+ * Wrapper to use disconnect_if_dead() function in Curl_conncache_foreach()
+ *
+ * Returns always 0.
+ */
+static int call_disconnect_if_dead(struct connectdata *conn,
+ void *param)
+{
+ struct Curl_easy* data = (struct Curl_easy*)param;
+ disconnect_if_dead(conn, data);
+ return 0; /* continue iteration */
+}
+
+/*
+ * This function scans the connection cache for half-open/dead connections,
+ * closes and removes them.
+ * The cleanup is done at most once per second.
+ */
+static void prune_dead_connections(struct Curl_easy *data)
+{
+ struct curltime now = Curl_now();
+ time_t elapsed = Curl_timediff(now, data->state.conn_cache->last_cleanup);
+
+ if(elapsed >= 1000L) {
+ Curl_conncache_foreach(data, data->state.conn_cache, data,
+ call_disconnect_if_dead);
+ data->state.conn_cache->last_cleanup = now;
+ }
+}
+
+
+static size_t max_pipeline_length(struct Curl_multi *multi)
+{
+ return multi ? multi->max_pipeline_length : 0;
+}
+
+
+/*
* Given one filled in connection struct (named needle), this function should
* detect if there already is one that has all the significant details
* exactly the same and thus should be used instead.
@@ -2870,91 +1069,113 @@ find_oldest_idle_connection_in_bundle(struct SessionHandle *data,
* the pipelining strategy wants to open a new connection instead of reusing.
*/
static bool
-ConnectionExists(struct SessionHandle *data,
+ConnectionExists(struct Curl_easy *data,
struct connectdata *needle,
struct connectdata **usethis,
- bool *force_reuse)
+ bool *force_reuse,
+ bool *waitpipe)
{
struct connectdata *check;
struct connectdata *chosen = 0;
- bool canPipeline = IsPipeliningPossible(data, needle);
- bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) ||
- (data->state.authhost.want==CURLAUTH_NTLM_WB) ? TRUE : FALSE;
+ bool foundPendingCandidate = FALSE;
+ int canpipe = IsPipeliningPossible(data, needle);
struct connectbundle *bundle;
+#ifdef USE_NTLM
+ bool wantNTLMhttp = ((data->state.authhost.want &
+ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+ (needle->handler->protocol & PROTO_FAMILY_HTTP));
+ bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd &&
+ ((data->state.authproxy.want &
+ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+ (needle->handler->protocol & PROTO_FAMILY_HTTP)));
+#endif
+
*force_reuse = FALSE;
+ *waitpipe = FALSE;
- /* We can't pipe if the site is blacklisted */
- if(canPipeline && Curl_pipeline_site_blacklisted(data, needle)) {
- canPipeline = FALSE;
- }
+ /* We can't pipeline if the site is blacklisted */
+ if((canpipe & CURLPIPE_HTTP1) &&
+ Curl_pipeline_site_blacklisted(data, needle))
+ canpipe &= ~ CURLPIPE_HTTP1;
/* Look up the bundle with all the connections to this
particular host */
- bundle = Curl_conncache_find_bundle(data->state.conn_cache,
- needle->host.name);
+ bundle = Curl_conncache_find_bundle(needle, data->state.conn_cache);
if(bundle) {
- size_t max_pipe_len = Curl_multi_max_pipeline_length(data->multi);
+ /* Max pipe length is zero (unlimited) for multiplexed connections */
+ size_t max_pipe_len = (bundle->multiuse != BUNDLE_MULTIPLEX)?
+ max_pipeline_length(data->multi):0;
size_t best_pipe_len = max_pipe_len;
struct curl_llist_element *curr;
- infof(data, "Found bundle for host %s: %p\n",
- needle->host.name, (void *)bundle);
+ infof(data, "Found bundle for host %s: %p [%s]\n",
+ (needle->bits.conn_to_host ? needle->conn_to_host.name :
+ needle->host.name), (void *)bundle,
+ (bundle->multiuse == BUNDLE_PIPELINING ?
+ "can pipeline" :
+ (bundle->multiuse == BUNDLE_MULTIPLEX ?
+ "can multiplex" : "serially")));
+
+ /* We can't pipeline if we don't know anything about the server */
+ if(canpipe) {
+ if(bundle->multiuse <= BUNDLE_UNKNOWN) {
+ if((bundle->multiuse == BUNDLE_UNKNOWN) && data->set.pipewait) {
+ infof(data, "Server doesn't support multi-use yet, wait\n");
+ *waitpipe = TRUE;
+ return FALSE; /* no re-use */
+ }
- /* We can't pipe if we don't know anything about the server */
- if(canPipeline && !bundle->server_supports_pipelining) {
- infof(data, "Server doesn't support pipelining\n");
- canPipeline = FALSE;
+ infof(data, "Server doesn't support multi-use (yet)\n");
+ canpipe = 0;
+ }
+ if((bundle->multiuse == BUNDLE_PIPELINING) &&
+ !Curl_pipeline_wanted(data->multi, CURLPIPE_HTTP1)) {
+ /* not asked for, switch off */
+ infof(data, "Could pipeline, but not asked to!\n");
+ canpipe = 0;
+ }
+ else if((bundle->multiuse == BUNDLE_MULTIPLEX) &&
+ !Curl_pipeline_wanted(data->multi, CURLPIPE_MULTIPLEX)) {
+ infof(data, "Could multiplex, but not asked to!\n");
+ canpipe = 0;
+ }
}
- curr = bundle->conn_list->head;
+ curr = bundle->conn_list.head;
while(curr) {
bool match = FALSE;
- bool credentialsMatch = FALSE;
size_t pipeLen;
/*
- * Note that if we use a HTTP proxy, we check connections to that
- * proxy and not to the actual remote server.
+ * Note that if we use a HTTP proxy in normal mode (no tunneling), we
+ * check connections to that proxy and not to the actual remote server.
*/
check = curr->ptr;
curr = curr->next;
- pipeLen = check->send_pipe->size + check->recv_pipe->size;
-
- if(!pipeLen && !check->inuse) {
- /* The check for a dead socket makes sense only if there are no
- handles in pipeline and the connection isn't already marked in
- use */
- bool dead;
- if(check->handler->protocol & CURLPROTO_RTSP)
- /* RTSP is a special case due to RTP interleaving */
- dead = Curl_rtsp_connisdead(check);
- else
- dead = SocketIsDead(check->sock[FIRSTSOCKET]);
+ if(disconnect_if_dead(check, data))
+ continue;
- if(dead) {
- check->data = data;
- infof(data, "Connection %ld seems to be dead!\n",
- check->connection_id);
+ pipeLen = check->send_pipe.size + check->recv_pipe.size;
- /* disconnect resources */
- Curl_disconnect(check, /* dead_connection */ TRUE);
+ if(canpipe) {
+ if(check->bits.protoconnstart && check->bits.close)
continue;
- }
- }
- if(canPipeline) {
- /* Make sure the pipe has only GET requests */
- struct SessionHandle* sh = gethandleathead(check->send_pipe);
- struct SessionHandle* rh = gethandleathead(check->recv_pipe);
- if(sh) {
- if(!IsPipeliningPossible(sh, check))
- continue;
- }
- else if(rh) {
- if(!IsPipeliningPossible(rh, check))
- continue;
+ if(!check->bits.multiplex) {
+ /* If not multiplexing, make sure the connection is fine for HTTP/1
+ pipelining */
+ struct Curl_easy* sh = gethandleathead(&check->send_pipe);
+ struct Curl_easy* rh = gethandleathead(&check->recv_pipe);
+ if(sh) {
+ if(!(IsPipeliningPossible(sh, check) & CURLPIPE_HTTP1))
+ continue;
+ }
+ else if(rh) {
+ if(!(IsPipeliningPossible(rh, check) & CURLPIPE_HTTP1))
+ continue;
+ }
}
}
else {
@@ -2977,12 +1198,14 @@ ConnectionExists(struct SessionHandle *data,
if((check->sock[FIRSTSOCKET] == CURL_SOCKET_BAD) ||
check->bits.close) {
+ if(!check->bits.close)
+ foundPendingCandidate = TRUE;
/* Don't pick a connection that hasn't connected yet or that is going
to get closed. */
infof(data, "Connection #%ld isn't open enough, can't reuse\n",
check->connection_id);
#ifdef DEBUGBUILD
- if(check->recv_pipe->size > 0) {
+ if(check->recv_pipe.size > 0) {
infof(data,
"BAD! Unconnected #%ld has a non-empty recv pipeline!\n",
check->connection_id);
@@ -2992,24 +1215,73 @@ ConnectionExists(struct SessionHandle *data,
}
}
+#ifdef USE_UNIX_SOCKETS
+ if(needle->unix_domain_socket) {
+ if(!check->unix_domain_socket)
+ continue;
+ if(strcmp(needle->unix_domain_socket, check->unix_domain_socket))
+ continue;
+ if(needle->abstract_unix_socket != check->abstract_unix_socket)
+ continue;
+ }
+ else if(check->unix_domain_socket)
+ continue;
+#endif
+
if((needle->handler->flags&PROTOPT_SSL) !=
(check->handler->flags&PROTOPT_SSL))
/* don't do mixed SSL and non-SSL connections */
- if(!(needle->handler->protocol & check->handler->protocol))
+ if(get_protocol_family(check->handler->protocol) !=
+ needle->handler->protocol || !check->tls_upgraded)
/* except protocols that have been upgraded via TLS */
continue;
- if(needle->handler->flags&PROTOPT_SSL) {
- if((data->set.ssl.verifypeer != check->verifypeer) ||
- (data->set.ssl.verifyhost != check->verifyhost))
- continue;
- }
+ if(needle->bits.httpproxy != check->bits.httpproxy ||
+ needle->bits.socksproxy != check->bits.socksproxy)
+ continue;
- if(needle->bits.proxy != check->bits.proxy)
- /* don't do mixed proxy and non-proxy connections */
+ if(needle->bits.socksproxy && !proxy_info_matches(&needle->socks_proxy,
+ &check->socks_proxy))
continue;
- if(!canPipeline && check->inuse)
+ if(needle->bits.conn_to_host != check->bits.conn_to_host)
+ /* don't mix connections that use the "connect to host" feature and
+ * connections that don't use this feature */
+ continue;
+
+ if(needle->bits.conn_to_port != check->bits.conn_to_port)
+ /* don't mix connections that use the "connect to port" feature and
+ * connections that don't use this feature */
+ continue;
+
+ if(needle->bits.httpproxy) {
+ if(!proxy_info_matches(&needle->http_proxy, &check->http_proxy))
+ continue;
+
+ if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy)
+ continue;
+
+ if(needle->http_proxy.proxytype == CURLPROXY_HTTPS) {
+ /* use https proxy */
+ if(needle->handler->flags&PROTOPT_SSL) {
+ /* use double layer ssl */
+ if(!Curl_ssl_config_matches(&needle->proxy_ssl_config,
+ &check->proxy_ssl_config))
+ continue;
+ if(check->proxy_ssl[FIRSTSOCKET].state != ssl_connection_complete)
+ continue;
+ }
+ else {
+ if(!Curl_ssl_config_matches(&needle->ssl_config,
+ &check->ssl_config))
+ continue;
+ if(check->ssl[FIRSTSOCKET].state != ssl_connection_complete)
+ continue;
+ }
+ }
+ }
+
+ if(!canpipe && check->inuse)
/* this request can't be pipelined but the checked connection is
already in use so we skip it */
continue;
@@ -3028,38 +1300,39 @@ ConnectionExists(struct SessionHandle *data,
*/
if((check->localport != needle->localport) ||
(check->localportrange != needle->localportrange) ||
- !check->localdev ||
- !needle->localdev ||
- strcmp(check->localdev, needle->localdev))
+ (needle->localdev &&
+ (!check->localdev || strcmp(check->localdev, needle->localdev))))
continue;
}
- if((needle->handler->protocol & CURLPROTO_FTP) ||
- ((needle->handler->protocol & CURLPROTO_HTTP) && wantNTLM)) {
- /* This is FTP or HTTP+NTLM, verify that we're using the same name
- and password as well */
- if(!strequal(needle->user, check->user) ||
- !strequal(needle->passwd, check->passwd)) {
- /* one of them was different */
- continue;
- }
- credentialsMatch = TRUE;
+ if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
+ /* This protocol requires credentials per connection,
+ so verify that we're using the same name and password as well */
+ if(strcmp(needle->user, check->user) ||
+ strcmp(needle->passwd, check->passwd)) {
+ /* one of them was different */
+ continue;
+ }
}
- if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL ||
- (needle->bits.httpproxy && check->bits.httpproxy &&
- needle->bits.tunnel_proxy && check->bits.tunnel_proxy &&
- Curl_raw_equal(needle->proxy.name, check->proxy.name) &&
- (needle->port == check->port))) {
+ if(!needle->bits.httpproxy || (needle->handler->flags&PROTOPT_SSL) ||
+ needle->bits.tunnel_proxy) {
/* The requested connection does not use a HTTP proxy or it uses SSL or
- it is a non-SSL protocol tunneled over the same http proxy name and
- port number or it is a non-SSL protocol which is allowed to be
- upgraded via TLS */
-
- if((Curl_raw_equal(needle->handler->scheme, check->handler->scheme) ||
- needle->handler->protocol & check->handler->protocol) &&
- Curl_raw_equal(needle->host.name, check->host.name) &&
+ it is a non-SSL protocol tunneled or it is a non-SSL protocol which
+ is allowed to be upgraded via TLS */
+
+ if((strcasecompare(needle->handler->scheme, check->handler->scheme) ||
+ (get_protocol_family(check->handler->protocol) ==
+ needle->handler->protocol && check->tls_upgraded)) &&
+ (!needle->bits.conn_to_host || strcasecompare(
+ needle->conn_to_host.name, check->conn_to_host.name)) &&
+ (!needle->bits.conn_to_port ||
+ needle->conn_to_port == check->conn_to_port) &&
+ strcasecompare(needle->host.name, check->host.name) &&
needle->remote_port == check->remote_port) {
+ /* The schemes match or the the protocol family is the same and the
+ previous connection was TLS upgraded, and the hostname and host
+ port match */
if(needle->handler->flags & PROTOPT_SSL) {
/* This is a SSL connection so verify that we're using the same
SSL options as well */
@@ -3071,7 +1344,8 @@ ConnectionExists(struct SessionHandle *data,
check->connection_id));
continue;
}
- else if(check->ssl[FIRSTSOCKET].state != ssl_connection_complete) {
+ if(check->ssl[FIRSTSOCKET].state != ssl_connection_complete) {
+ foundPendingCandidate = TRUE;
DEBUGF(infof(data,
"Connection #%ld has not started SSL connect, "
"can't reuse\n",
@@ -3082,37 +1356,63 @@ ConnectionExists(struct SessionHandle *data,
match = TRUE;
}
}
- else { /* The requested needle connection is using a proxy,
- is the checked one using the same host, port and type? */
- if(check->bits.proxy &&
- (needle->proxytype == check->proxytype) &&
- (needle->bits.tunnel_proxy == check->bits.tunnel_proxy) &&
- Curl_raw_equal(needle->proxy.name, check->proxy.name) &&
- needle->port == check->port) {
- /* This is the same proxy connection, use it! */
- match = TRUE;
- }
+ else {
+ /* The requested connection is using the same HTTP proxy in normal
+ mode (no tunneling) */
+ match = TRUE;
}
if(match) {
- /* If we are looking for an NTLM connection, check if this is already
- authenticating with the right credentials. If not, keep looking so
- that we can reuse NTLM connections if possible. (Especially we
- must not reuse the same connection if partway through
- a handshake!) */
- if(wantNTLM) {
- if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) {
- chosen = check;
+#if defined(USE_NTLM)
+ /* If we are looking for an HTTP+NTLM connection, check if this is
+ already authenticating with the right credentials. If not, keep
+ looking so that we can reuse NTLM connections if
+ possible. (Especially we must not reuse the same connection if
+ partway through a handshake!) */
+ if(wantNTLMhttp) {
+ if(strcmp(needle->user, check->user) ||
+ strcmp(needle->passwd, check->passwd))
+ continue;
+ }
+ else if(check->ntlm.state != NTLMSTATE_NONE) {
+ /* Connection is using NTLM auth but we don't want NTLM */
+ continue;
+ }
+ /* Same for Proxy NTLM authentication */
+ if(wantProxyNTLMhttp) {
+ /* Both check->http_proxy.user and check->http_proxy.passwd can be
+ * NULL */
+ if(!check->http_proxy.user || !check->http_proxy.passwd)
+ continue;
+
+ if(strcmp(needle->http_proxy.user, check->http_proxy.user) ||
+ strcmp(needle->http_proxy.passwd, check->http_proxy.passwd))
+ continue;
+ }
+ else if(check->proxyntlm.state != NTLMSTATE_NONE) {
+ /* Proxy connection is using NTLM auth but we don't want NTLM */
+ continue;
+ }
+
+ if(wantNTLMhttp || wantProxyNTLMhttp) {
+ /* Credentials are already checked, we can use this connection */
+ chosen = check;
+
+ if((wantNTLMhttp &&
+ (check->ntlm.state != NTLMSTATE_NONE)) ||
+ (wantProxyNTLMhttp &&
+ (check->proxyntlm.state != NTLMSTATE_NONE))) {
/* We must use this connection, no other */
*force_reuse = TRUE;
break;
}
- else
- continue;
- }
- if(canPipeline) {
+ /* Continue look up for a better connection */
+ continue;
+ }
+#endif
+ if(canpipe) {
/* We can pipeline if we want to. Let's continue looking for
the optimal connection to use, i.e the shortest pipe that is not
blacklisted. */
@@ -3124,19 +1424,42 @@ ConnectionExists(struct SessionHandle *data,
}
/* We can't use the connection if the pipe is full */
- if(pipeLen >= max_pipe_len)
+ if(max_pipe_len && (pipeLen >= max_pipe_len)) {
+ infof(data, "Pipe is full, skip (%zu)\n", pipeLen);
continue;
-
+ }
+#ifdef USE_NGHTTP2
+ /* If multiplexed, make sure we don't go over concurrency limit */
+ if(check->bits.multiplex) {
+ /* Multiplexed connections can only be HTTP/2 for now */
+ struct http_conn *httpc = &check->proto.httpc;
+ if(pipeLen >= httpc->settings.max_concurrent_streams) {
+ infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)\n",
+ pipeLen);
+ continue;
+ }
+ }
+#endif
/* We can't use the connection if the pipe is penalized */
- if(Curl_pipeline_penalized(data, check))
+ if(Curl_pipeline_penalized(data, check)) {
+ infof(data, "Penalized, skip\n");
continue;
+ }
- if(pipeLen < best_pipe_len) {
- /* This connection has a shorter pipe so far. We'll pick this
- and continue searching */
+ if(max_pipe_len) {
+ if(pipeLen < best_pipe_len) {
+ /* This connection has a shorter pipe so far. We'll pick this
+ and continue searching */
+ chosen = check;
+ best_pipe_len = pipeLen;
+ continue;
+ }
+ }
+ else {
+ /* When not pipelining (== multiplexed), we have a match here! */
chosen = check;
- best_pipe_len = pipeLen;
- continue;
+ infof(data, "Multiplexed connection found!\n");
+ break;
}
}
else {
@@ -3153,64 +1476,13 @@ ConnectionExists(struct SessionHandle *data,
return TRUE; /* yes, we found one to use! */
}
- return FALSE; /* no matching connecting exists */
-}
-
-/* Mark the connection as 'idle', or close it if the cache is full.
- Returns TRUE if the connection is kept, or FALSE if it was closed. */
-static bool
-ConnectionDone(struct SessionHandle *data, struct connectdata *conn)
-{
- /* data->multi->maxconnects can be negative, deal with it. */
- size_t maxconnects =
- (data->multi->maxconnects < 0) ? 0 : data->multi->maxconnects;
- struct connectdata *conn_candidate = NULL;
-
- /* Mark the current connection as 'unused' */
- conn->inuse = FALSE;
-
- if(maxconnects > 0 &&
- data->state.conn_cache->num_connections > maxconnects) {
- infof(data, "Connection cache is full, closing the oldest one.\n");
-
- conn_candidate = find_oldest_idle_connection(data);
-
- if(conn_candidate) {
- /* Set the connection's owner correctly */
- conn_candidate->data = data;
-
- /* the winner gets the honour of being disconnected */
- (void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
- }
+ if(foundPendingCandidate && data->set.pipewait) {
+ infof(data,
+ "Found pending candidate for reuse and CURLOPT_PIPEWAIT is set\n");
+ *waitpipe = TRUE;
}
- return (conn_candidate == conn) ? FALSE : TRUE;
-}
-
-/*
- * The given input connection struct pointer is to be stored in the connection
- * cache. If the cache is already full, least interesting existing connection
- * (if any) gets closed.
- *
- * The given connection should be unique. That must've been checked prior to
- * this call.
- */
-static CURLcode ConnectionStore(struct SessionHandle *data,
- struct connectdata *conn)
-{
- static int connection_id_counter = 0;
-
- CURLcode result;
-
- /* Assign a number to the connection for easier tracking in the log
- output */
- conn->connection_id = connection_id_counter++;
-
- result = Curl_conncache_add_conn(data->state.conn_cache, conn);
- if(result != CURLE_OK)
- conn->connection_id = -1;
-
- return result;
+ return FALSE; /* no matching connecting exists */
}
/* after a TCP connection to the proxy has been verified, this function does
@@ -3219,79 +1491,49 @@ static CURLcode ConnectionStore(struct SessionHandle *data,
Note: this function's sub-functions call failf()
*/
-CURLcode Curl_connected_proxy(struct connectdata *conn)
+CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex)
{
- if(!conn->bits.proxy)
- return CURLE_OK;
+ CURLcode result = CURLE_OK;
- switch(conn->proxytype) {
+ if(conn->bits.socksproxy) {
#ifndef CURL_DISABLE_PROXY
- case CURLPROXY_SOCKS5:
- case CURLPROXY_SOCKS5_HOSTNAME:
- return Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
- conn->host.name, conn->remote_port,
- FIRSTSOCKET, conn);
-
- case CURLPROXY_SOCKS4:
- return Curl_SOCKS4(conn->proxyuser, conn->host.name,
- conn->remote_port, FIRSTSOCKET, conn, FALSE);
-
- case CURLPROXY_SOCKS4A:
- return Curl_SOCKS4(conn->proxyuser, conn->host.name,
- conn->remote_port, FIRSTSOCKET, conn, TRUE);
-
-#endif /* CURL_DISABLE_PROXY */
- case CURLPROXY_HTTP:
- case CURLPROXY_HTTP_1_0:
- /* do nothing here. handled later. */
- break;
- default:
- break;
- } /* switch proxytype */
-
- return CURLE_OK;
-}
+ /* for the secondary socket (FTP), use the "connect to host"
+ * but ignore the "connect to port" (use the secondary port)
+ */
+ const char * const host = conn->bits.httpproxy ?
+ conn->http_proxy.host.name :
+ conn->bits.conn_to_host ?
+ conn->conn_to_host.name :
+ sockindex == SECONDARYSOCKET ?
+ conn->secondaryhostname : conn->host.name;
+ const int port = conn->bits.httpproxy ? (int)conn->http_proxy.port :
+ sockindex == SECONDARYSOCKET ? conn->secondary_port :
+ conn->bits.conn_to_port ? conn->conn_to_port :
+ conn->remote_port;
+ conn->bits.socksproxy_connecting = TRUE;
+ switch(conn->socks_proxy.proxytype) {
+ case CURLPROXY_SOCKS5:
+ case CURLPROXY_SOCKS5_HOSTNAME:
+ result = Curl_SOCKS5(conn->socks_proxy.user, conn->socks_proxy.passwd,
+ host, port, sockindex, conn);
+ break;
-static CURLcode ConnectPlease(struct SessionHandle *data,
- struct connectdata *conn,
- bool *connected)
-{
- CURLcode result;
- Curl_addrinfo *addr;
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
- char *hostname = conn->bits.proxy?conn->proxy.name:conn->host.name;
+ case CURLPROXY_SOCKS4:
+ case CURLPROXY_SOCKS4A:
+ result = Curl_SOCKS4(conn->socks_proxy.user, host, port, sockindex,
+ conn);
+ break;
- infof(data, "About to connect() to %s%s port %ld (#%ld)\n",
- conn->bits.proxy?"proxy ":"",
- hostname, conn->port, conn->connection_id);
+ default:
+ failf(conn->data, "unknown proxytype option given");
+ result = CURLE_COULDNT_CONNECT;
+ } /* switch proxytype */
+ conn->bits.socksproxy_connecting = FALSE;
#else
- (void)data;
-#endif
-
- /*************************************************************
- * Connect to server/proxy
- *************************************************************/
- result= Curl_connecthost(conn,
- conn->dns_entry,
- &conn->sock[FIRSTSOCKET],
- &addr,
- connected);
- if(CURLE_OK == result) {
- /* All is cool, we store the current information */
- conn->ip_addr = addr;
-
- if(*connected) {
- result = Curl_connected_proxy(conn);
- if(!result) {
- conn->bits.tcpconnect[FIRSTSOCKET] = TRUE;
- Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
- }
- }
+ (void)sockindex;
+#endif /* CURL_DISABLE_PROXY */
}
- if(result)
- *connected = FALSE; /* mark it as not connected */
-
return result;
}
@@ -3303,7 +1545,10 @@ void Curl_verboseconnect(struct connectdata *conn)
{
if(conn->data->set.verbose)
infof(conn->data, "Connected to %s (%s) port %ld (#%ld)\n",
- conn->bits.proxy ? conn->proxy.dispname : conn->host.dispname,
+ conn->bits.socksproxy ? conn->socks_proxy.host.dispname :
+ conn->bits.httpproxy ? conn->http_proxy.host.dispname :
+ conn->bits.conn_to_host ? conn->conn_to_host.dispname :
+ conn->host.dispname,
conn->ip_addr_str, conn->port, conn->connection_id);
}
#endif
@@ -3335,7 +1580,7 @@ int Curl_doing_getsock(struct connectdata *conn,
CURLcode Curl_protocol_connecting(struct connectdata *conn,
bool *done)
{
- CURLcode result=CURLE_OK;
+ CURLcode result = CURLE_OK;
if(conn && conn->handler->connecting) {
*done = FALSE;
@@ -3354,7 +1599,7 @@ CURLcode Curl_protocol_connecting(struct connectdata *conn,
CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done)
{
- CURLcode result=CURLE_OK;
+ CURLcode result = CURLE_OK;
if(conn && conn->handler->doing) {
*done = FALSE;
@@ -3374,7 +1619,7 @@ CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done)
CURLcode Curl_protocol_connect(struct connectdata *conn,
bool *protocol_done)
{
- CURLcode result=CURLE_OK;
+ CURLcode result = CURLE_OK;
*protocol_done = FALSE;
@@ -3393,12 +1638,16 @@ CURLcode Curl_protocol_connect(struct connectdata *conn,
if(!conn->bits.protoconnstart) {
- result = Curl_proxy_connect(conn);
+ result = Curl_proxy_connect(conn, FIRSTSOCKET);
if(result)
return result;
+ if(CONNECT_FIRSTSOCKET_PROXY_SSL())
+ /* wait for HTTPS proxy SSL initialization to complete */
+ return CURLE_OK;
+
if(conn->bits.tunnel_proxy && conn->bits.httpproxy &&
- (conn->tunnel_state[FIRSTSOCKET] != TUNNEL_COMPLETE))
+ Curl_connect_ongoing(conn))
/* when using an HTTP tunnel proxy, await complete tunnel establishment
before proceeding further. Return CURLE_OK so we'll be called again */
return CURLE_OK;
@@ -3422,11 +1671,11 @@ CURLcode Curl_protocol_connect(struct connectdata *conn,
}
/*
- * Helpers for IDNA convertions.
+ * Helpers for IDNA conversions.
*/
static bool is_ASCII_name(const char *hostname)
{
- const unsigned char *ch = (const unsigned char*)hostname;
+ const unsigned char *ch = (const unsigned char *)hostname;
while(*ch) {
if(*ch++ & 0x80)
@@ -3435,57 +1684,15 @@ static bool is_ASCII_name(const char *hostname)
return TRUE;
}
-#ifdef USE_LIBIDN
-/*
- * Check if characters in hostname is allowed in Top Level Domain.
- */
-static bool tld_check_name(struct SessionHandle *data,
- const char *ace_hostname)
-{
- size_t err_pos;
- char *uc_name = NULL;
- int rc;
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
- const char *tld_errmsg = "<no msg>";
-#else
- (void)data;
-#endif
-
- /* Convert (and downcase) ACE-name back into locale's character set */
- rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0);
- if(rc != IDNA_SUCCESS)
- return FALSE;
-
- rc = tld_check_lz(uc_name, &err_pos, NULL);
-#ifndef CURL_DISABLE_VERBOSE_STRINGS
-#ifdef HAVE_TLD_STRERROR
- if(rc != TLD_SUCCESS)
- tld_errmsg = tld_strerror((Tld_rc)rc);
-#endif
- if(rc == TLD_INVALID)
- infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n",
- tld_errmsg, err_pos, uc_name[err_pos],
- uc_name[err_pos] & 255);
- else if(rc != TLD_SUCCESS)
- infof(data, "WARNING: TLD check for %s failed; %s\n",
- uc_name, tld_errmsg);
-#endif /* CURL_DISABLE_VERBOSE_STRINGS */
- if(uc_name)
- idn_free(uc_name);
- if(rc != TLD_SUCCESS)
- return FALSE;
-
- return TRUE;
-}
-#endif
-
/*
* Perform any necessary IDN conversion of hostname
*/
-static void fix_hostname(struct SessionHandle *data,
- struct connectdata *conn, struct hostname *host)
+static CURLcode fix_hostname(struct connectdata *conn, struct hostname *host)
{
-#ifndef USE_LIBIDN
+ size_t len;
+ struct Curl_easy *data = conn->data;
+
+#ifndef USE_LIBIDN2
(void)data;
(void)conn;
#elif defined(CURL_DISABLE_VERBOSE_STRINGS)
@@ -3494,47 +1701,84 @@ static void fix_hostname(struct SessionHandle *data,
/* set the name we use to display the host name */
host->dispname = host->name;
+
+ len = strlen(host->name);
+ if(len && (host->name[len-1] == '.'))
+ /* strip off a single trailing dot if present, primarily for SNI but
+ there's no use for it */
+ host->name[len-1] = 0;
+
+ /* Check name for non-ASCII and convert hostname to ACE form if we can */
if(!is_ASCII_name(host->name)) {
-#ifdef USE_LIBIDN
- /*************************************************************
- * Check name for non-ASCII and convert hostname to ACE form.
- *************************************************************/
- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
+#ifdef USE_LIBIDN2
+ if(idn2_check_version(IDN2_VERSION)) {
+ char *ace_hostname = NULL;
+#if IDN2_VERSION_NUMBER >= 0x00140000
+ /* IDN2_NFC_INPUT: Normalize input string using normalization form C.
+ IDN2_NONTRANSITIONAL: Perform Unicode TR46 non-transitional
+ processing. */
+ int flags = IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL;
+#else
+ int flags = IDN2_NFC_INPUT;
+#endif
+ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, flags);
+ if(rc == IDN2_OK) {
+ host->encalloc = (char *)ace_hostname;
+ /* change the name pointer to point to the encoded hostname */
+ host->name = host->encalloc;
+ }
+ else {
+ failf(data, "Failed to convert %s to ACE; %s\n", host->name,
+ idn2_strerror(rc));
+ return CURLE_URL_MALFORMAT;
+ }
+ }
+#elif defined(USE_WIN32_IDN)
char *ace_hostname = NULL;
- int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0);
- infof (data, "Input domain encoded as `%s'\n",
- stringprep_locale_charset ());
- if(rc != IDNA_SUCCESS)
- infof(data, "Failed to convert %s to ACE; %s\n",
- host->name, Curl_idn_strerror(conn,rc));
- else {
- /* tld_check_name() displays a warning if the host name contains
- "illegal" characters for this TLD */
- (void)tld_check_name(data, ace_hostname);
+ if(curl_win32_idn_to_ascii(host->name, &ace_hostname)) {
host->encalloc = ace_hostname;
/* change the name pointer to point to the encoded hostname */
host->name = host->encalloc;
}
- }
-#elif defined(USE_WIN32_IDN)
- /*************************************************************
- * Check name for non-ASCII and convert hostname to ACE form.
- *************************************************************/
- char *ace_hostname = NULL;
- int rc = curl_win32_idn_to_ascii(host->name, &ace_hostname);
- if(rc == 0)
- infof(data, "Failed to convert %s to ACE;\n",
- host->name);
else {
- host->encalloc = ace_hostname;
- /* change the name pointer to point to the encoded hostname */
- host->name = host->encalloc;
+ failf(data, "Failed to convert %s to ACE;\n", host->name);
+ return CURLE_URL_MALFORMAT;
}
#else
infof(data, "IDN support not present, can't parse Unicode domains\n");
#endif
}
+ {
+ char *hostp;
+ for(hostp = host->name; *hostp; hostp++) {
+ if(*hostp <= 32) {
+ failf(data, "Host name '%s' contains bad letter", host->name);
+ return CURLE_URL_MALFORMAT;
+ }
+ }
+ }
+ return CURLE_OK;
+}
+
+/*
+ * Frees data allocated by fix_hostname()
+ */
+static void free_fixed_hostname(struct hostname *host)
+{
+#if defined(USE_LIBIDN2)
+ if(host->encalloc) {
+ idn2_free(host->encalloc); /* must be freed with idn2_free() since this was
+ allocated by libidn */
+ host->encalloc = NULL;
+ }
+#elif defined(USE_WIN32_IDN)
+ free(host->encalloc); /* must be freed with free() since this was
+ allocated by curl_win32_idn_to_ascii */
+ host->encalloc = NULL;
+#else
+ (void)host;
+#endif
}
static void llist_dtor(void *user, void *element)
@@ -3547,12 +1791,43 @@ static void llist_dtor(void *user, void *element)
/*
* Allocate and initialize a new connectdata object.
*/
-static struct connectdata *allocate_conn(struct SessionHandle *data)
+static struct connectdata *allocate_conn(struct Curl_easy *data)
{
- struct connectdata *conn = calloc(1, sizeof(struct connectdata));
+ struct connectdata *conn;
+ size_t connsize = sizeof(struct connectdata);
+
+#ifdef USE_SSL
+/* SSLBK_MAX_ALIGN: The max byte alignment a CPU would use */
+#define SSLBK_MAX_ALIGN 32
+ /* The SSL backend-specific data (ssl_backend_data) objects are allocated as
+ part of connectdata at the end. To ensure suitable alignment we will
+ assume a maximum of SSLBK_MAX_ALIGN for alignment. Since calloc returns a
+ pointer suitably aligned for any variable this will ensure the
+ ssl_backend_data array has proper alignment, even if that alignment turns
+ out to be less than SSLBK_MAX_ALIGN. */
+ size_t paddingsize = sizeof(struct connectdata) % SSLBK_MAX_ALIGN;
+ size_t alignsize = paddingsize ? (SSLBK_MAX_ALIGN - paddingsize) : 0;
+ size_t sslbksize = Curl_ssl->sizeof_ssl_backend_data;
+ connsize += alignsize + (4 * sslbksize);
+#endif
+
+ conn = calloc(1, connsize);
if(!conn)
return NULL;
+#ifdef USE_SSL
+ /* Point to the ssl_backend_data objects at the end of connectdata.
+ Note that these backend pointers can be swapped by vtls (eg ssl backend
+ data becomes proxy backend data). */
+ {
+ char *end = (char *)conn + connsize;
+ conn->ssl[0].backend = ((void *)(end - (4 * sslbksize)));
+ conn->ssl[1].backend = ((void *)(end - (3 * sslbksize)));
+ conn->proxy_ssl[0].backend = ((void *)(end - (2 * sslbksize)));
+ conn->proxy_ssl[1].backend = ((void *)(end - (1 * sslbksize)));
+ }
+#endif
+
conn->handler = &Curl_handler_dummy; /* Be sure we have a handler defined
already from start to avoid NULL
situations and checks */
@@ -3561,26 +1836,35 @@ static struct connectdata *allocate_conn(struct SessionHandle *data)
conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */
conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */
+ conn->tempsock[0] = CURL_SOCKET_BAD; /* no file descriptor */
+ conn->tempsock[1] = CURL_SOCKET_BAD; /* no file descriptor */
conn->connection_id = -1; /* no ID */
conn->port = -1; /* unknown at this point */
+ conn->remote_port = -1; /* unknown at this point */
+#if defined(USE_RECV_BEFORE_SEND_WORKAROUND) && defined(DEBUGBUILD)
+ conn->postponed[0].bindsock = CURL_SOCKET_BAD; /* no file descriptor */
+ conn->postponed[1].bindsock = CURL_SOCKET_BAD; /* no file descriptor */
+#endif /* USE_RECV_BEFORE_SEND_WORKAROUND && DEBUGBUILD */
/* Default protocol-independent behavior doesn't support persistent
connections, so we set this to force-close. Protocols that support
this need to set this to FALSE in their "curl_do" functions. */
- conn->bits.close = TRUE;
+ connclose(conn, "Default to force-close");
/* Store creation time to help future close decision making */
- conn->created = Curl_tvnow();
+ conn->created = Curl_now();
conn->data = data; /* Setup the association between this connection
- and the SessionHandle */
+ and the Curl_easy */
- conn->proxytype = data->set.proxytype; /* type */
+ conn->http_proxy.proxytype = data->set.proxytype;
+ conn->socks_proxy.proxytype = CURLPROXY_SOCKS4;
#ifdef CURL_DISABLE_PROXY
conn->bits.proxy = FALSE;
conn->bits.httpproxy = FALSE;
+ conn->bits.socksproxy = FALSE;
conn->bits.proxy_user_passwd = FALSE;
conn->bits.tunnel_proxy = FALSE;
@@ -3589,45 +1873,59 @@ static struct connectdata *allocate_conn(struct SessionHandle *data)
/* note that these two proxy bits are now just on what looks to be
requested, they may be altered down the road */
conn->bits.proxy = (data->set.str[STRING_PROXY] &&
- *data->set.str[STRING_PROXY])?TRUE:FALSE;
+ *data->set.str[STRING_PROXY]) ? TRUE : FALSE;
conn->bits.httpproxy = (conn->bits.proxy &&
- (conn->proxytype == CURLPROXY_HTTP ||
- conn->proxytype == CURLPROXY_HTTP_1_0))?TRUE:FALSE;
+ (conn->http_proxy.proxytype == CURLPROXY_HTTP ||
+ conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0 ||
+ conn->http_proxy.proxytype == CURLPROXY_HTTPS)) ?
+ TRUE : FALSE;
+ conn->bits.socksproxy = (conn->bits.proxy &&
+ !conn->bits.httpproxy) ? TRUE : FALSE;
+
+ if(data->set.str[STRING_PRE_PROXY] && *data->set.str[STRING_PRE_PROXY]) {
+ conn->bits.proxy = TRUE;
+ conn->bits.socksproxy = TRUE;
+ }
+
conn->bits.proxy_user_passwd =
- (NULL != data->set.str[STRING_PROXYUSERNAME])?TRUE:FALSE;
+ (data->set.str[STRING_PROXYUSERNAME]) ? TRUE : FALSE;
conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy;
#endif /* CURL_DISABLE_PROXY */
- conn->bits.user_passwd = (NULL != data->set.str[STRING_USERNAME])?TRUE:FALSE;
+ conn->bits.user_passwd = (data->set.str[STRING_USERNAME]) ? TRUE : FALSE;
conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
- conn->verifypeer = data->set.ssl.verifypeer;
- conn->verifyhost = data->set.ssl.verifyhost;
+ conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
+ conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
+ conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
+ conn->proxy_ssl_config.verifystatus =
+ data->set.proxy_ssl.primary.verifystatus;
+ conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
+ conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
conn->ip_version = data->set.ipver;
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
+ defined(NTLM_WB_ENABLED)
conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
conn->ntlm_auth_hlpr_pid = 0;
conn->challenge_header = NULL;
conn->response_header = NULL;
#endif
- if(Curl_multi_pipeline_enabled(data->multi) &&
- !conn->master_buffer) {
- /* Allocate master_buffer to be used for pipelining */
- conn->master_buffer = calloc(BUFSIZE, sizeof (char));
+ if(Curl_pipeline_wanted(data->multi, CURLPIPE_HTTP1) &&
+ !conn->master_buffer) {
+ /* Allocate master_buffer to be used for HTTP/1 pipelining */
+ conn->master_buffer = calloc(MASTERBUF_SIZE, sizeof(char));
if(!conn->master_buffer)
goto error;
}
/* Initialize the pipeline lists */
- conn->send_pipe = Curl_llist_alloc((curl_llist_dtor) llist_dtor);
- conn->recv_pipe = Curl_llist_alloc((curl_llist_dtor) llist_dtor);
- if(!conn->send_pipe || !conn->recv_pipe)
- goto error;
+ Curl_llist_init(&conn->send_pipe, (curl_llist_dtor) llist_dtor);
+ Curl_llist_init(&conn->recv_pipe, (curl_llist_dtor) llist_dtor);
#ifdef HAVE_GSSAPI
conn->data_prot = PROT_CLEAR;
@@ -3643,26 +1941,23 @@ static struct connectdata *allocate_conn(struct SessionHandle *data)
conn->localport = data->set.localport;
/* the close socket stuff needs to be copied to the connection struct as
- it may live on without (this specific) SessionHandle */
+ it may live on without (this specific) Curl_easy */
conn->fclosesocket = data->set.fclosesocket;
conn->closesocket_client = data->set.closesocket_client;
return conn;
error:
- Curl_llist_destroy(conn->send_pipe, NULL);
- Curl_llist_destroy(conn->recv_pipe, NULL);
+ Curl_llist_destroy(&conn->send_pipe, NULL);
+ Curl_llist_destroy(&conn->recv_pipe, NULL);
- conn->send_pipe = NULL;
- conn->recv_pipe = NULL;
-
- Curl_safefree(conn->master_buffer);
- Curl_safefree(conn->localdev);
- Curl_safefree(conn);
+ free(conn->master_buffer);
+ free(conn->localdev);
+ free(conn);
return NULL;
}
-static CURLcode findprotocol(struct SessionHandle *data,
+static CURLcode findprotocol(struct Curl_easy *data,
struct connectdata *conn,
const char *protostr)
{
@@ -3673,7 +1968,7 @@ static CURLcode findprotocol(struct SessionHandle *data,
variables based on the URL. Now that the handler may be changed later
when the protocol specific setup function is called. */
for(pp = protocols; (p = *pp) != NULL; pp++) {
- if(Curl_raw_equal(p->scheme, protostr)) {
+ if(strcasecompare(p->scheme, protostr)) {
/* Protocol found in table. Check if allowed */
if(!(data->set.allowed_protocols & p->protocol))
/* nope, get out */
@@ -3698,7 +1993,7 @@ static CURLcode findprotocol(struct SessionHandle *data,
/* The protocol was not found in the table, but we don't have to assign it
to anything since it is already assigned to a dummy-struct in the
create_conn() function when the connectdata struct is allocated. */
- failf(data, "Protocol %s not supported or disabled in " LIBCURL_NAME,
+ failf(data, "Protocol \"%s\" not supported or disabled in " LIBCURL_NAME,
protostr);
return CURLE_UNSUPPORTED_PROTOCOL;
@@ -3707,7 +2002,7 @@ static CURLcode findprotocol(struct SessionHandle *data,
/*
* Parse URL and fill in the relevant members of the connection struct.
*/
-static CURLcode parseurlandfillconn(struct SessionHandle *data,
+static CURLcode parseurlandfillconn(struct Curl_easy *data,
struct connectdata *conn,
bool *prot_missing,
char **userp, char **passwdp,
@@ -3717,14 +2012,23 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
char *fragment;
char *path = data->state.path;
char *query;
+ int i;
int rc;
- char protobuf[16];
- const char *protop;
+ const char *protop = "";
CURLcode result;
bool rebuild_url = FALSE;
+ bool url_has_scheme = FALSE;
+ char protobuf[16];
*prot_missing = FALSE;
+ /* We might pass the entire URL into the request so we need to make sure
+ * there are no bad characters in there.*/
+ if(strpbrk(data->change.url, "\r\n")) {
+ failf(data, "Illegal characters found in URL");
+ return CURLE_URL_MALFORMAT;
+ }
+
/*************************************************************
* Parse the URL.
*
@@ -3733,70 +2037,165 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
* proxy -- and we don't know if we will need to use SSL until we parse the
* url ...
************************************************************/
- if((2 == sscanf(data->change.url, "%15[^:]:%[^\n]",
- protobuf, path)) &&
- Curl_raw_equal(protobuf, "file")) {
- if(path[0] == '/' && path[1] == '/') {
- /* Allow omitted hostname (e.g. file:/<path>). This is not strictly
- * speaking a valid file: URL by RFC 1738, but treating file:/<path> as
- * file://localhost/<path> is similar to how other schemes treat missing
- * hostnames. See RFC 1808. */
-
- /* This cannot be done with strcpy() in a portable manner, since the
- memory areas overlap! */
- memmove(path, path + 2, strlen(path + 2)+1);
+ if(data->change.url[0] == ':') {
+ failf(data, "Bad URL, colon is first character");
+ return CURLE_URL_MALFORMAT;
+ }
+
+ /* MSDOS/Windows style drive prefix, eg c: in c:foo */
+#define STARTS_WITH_DRIVE_PREFIX(str) \
+ ((('a' <= str[0] && str[0] <= 'z') || \
+ ('A' <= str[0] && str[0] <= 'Z')) && \
+ (str[1] == ':'))
+
+ /* MSDOS/Windows style drive prefix, optionally with
+ * a '|' instead of ':', followed by a slash or NUL */
+#define STARTS_WITH_URL_DRIVE_PREFIX(str) \
+ ((('a' <= (str)[0] && (str)[0] <= 'z') || \
+ ('A' <= (str)[0] && (str)[0] <= 'Z')) && \
+ ((str)[1] == ':' || (str)[1] == '|') && \
+ ((str)[2] == '/' || (str)[2] == 0))
+
+ /* Don't mistake a drive letter for a scheme if the default protocol is file.
+ curld --proto-default file c:/foo/bar.txt */
+ if(STARTS_WITH_DRIVE_PREFIX(data->change.url) &&
+ data->set.str[STRING_DEFAULT_PROTOCOL] &&
+ strcasecompare(data->set.str[STRING_DEFAULT_PROTOCOL], "file")) {
+ ; /* do nothing */
+ }
+ else { /* check for a scheme */
+ for(i = 0; i < 16 && data->change.url[i]; ++i) {
+ if(data->change.url[i] == '/')
+ break;
+ if(data->change.url[i] == ':') {
+ url_has_scheme = TRUE;
+ break;
+ }
}
- /*
- * we deal with file://<host>/<path> differently since it supports no
- * hostname other than "localhost" and "127.0.0.1", which is unique among
- * the URL protocols specified in RFC 1738
- */
- if(path[0] != '/') {
- /* the URL included a host name, we ignore host names in file:// URLs
- as the standards don't define what to do with them */
- char *ptr=strchr(path, '/');
- if(ptr) {
- /* there was a slash present
-
- RFC1738 (section 3.1, page 5) says:
-
- The rest of the locator consists of data specific to the scheme,
- and is known as the "url-path". It supplies the details of how the
- specified resource can be accessed. Note that the "/" between the
- host (or port) and the url-path is NOT part of the url-path.
-
- As most agents use file://localhost/foo to get '/foo' although the
- slash preceding foo is a separator and not a slash for the path,
- a URL as file://localhost//foo must be valid as well, to refer to
- the same file with an absolute path.
- */
+ }
- if(ptr[1] && ('/' == ptr[1]))
- /* if there was two slashes, we skip the first one as that is then
- used truly as a separator */
- ptr++;
+ /* handle the file: scheme */
+ if((url_has_scheme && strncasecompare(data->change.url, "file:", 5)) ||
+ (!url_has_scheme && data->set.str[STRING_DEFAULT_PROTOCOL] &&
+ strcasecompare(data->set.str[STRING_DEFAULT_PROTOCOL], "file"))) {
+ if(url_has_scheme)
+ rc = sscanf(data->change.url, "%*15[^\n/:]:%[^\n]", path);
+ else
+ rc = sscanf(data->change.url, "%[^\n]", path);
- /* This cannot be made with strcpy, as the memory chunks overlap! */
- memmove(path, ptr, strlen(ptr)+1);
+ if(rc != 1) {
+ failf(data, "Bad URL");
+ return CURLE_URL_MALFORMAT;
+ }
+
+ if(url_has_scheme && path[0] == '/' && path[1] == '/' &&
+ path[2] == '/' && path[3] == '/') {
+ /* This appears to be a UNC string (usually indicating a SMB share).
+ * We don't do SMB in file: URLs. (TODO?)
+ */
+ failf(data, "SMB shares are not supported in file: URLs.");
+ return CURLE_URL_MALFORMAT;
+ }
+
+ /* Extra handling URLs with an authority component (i.e. that start with
+ * "file://")
+ *
+ * We allow omitted hostname (e.g. file:/<path>) -- valid according to
+ * RFC 8089, but not the (current) WHAT-WG URL spec.
+ */
+ if(url_has_scheme && path[0] == '/' && path[1] == '/') {
+ /* swallow the two slashes */
+ char *ptr = &path[2];
+
+ /*
+ * According to RFC 8089, a file: URL can be reliably dereferenced if:
+ *
+ * o it has no/blank hostname, or
+ *
+ * o the hostname matches "localhost" (case-insensitively), or
+ *
+ * o the hostname is a FQDN that resolves to this machine.
+ *
+ * For brevity, we only consider URLs with empty, "localhost", or
+ * "127.0.0.1" hostnames as local.
+ *
+ * Additionally, there is an exception for URLs with a Windows drive
+ * letter in the authority (which was accidentally omitted from RFC 8089
+ * Appendix E, but believe me, it was meant to be there. --MK)
+ */
+ if(ptr[0] != '/' && !STARTS_WITH_URL_DRIVE_PREFIX(ptr)) {
+ /* the URL includes a host name, it must match "localhost" or
+ "127.0.0.1" to be valid */
+ if(!checkprefix("localhost/", ptr) &&
+ !checkprefix("127.0.0.1/", ptr)) {
+ failf(data, "Invalid file://hostname/, "
+ "expected localhost or 127.0.0.1 or none");
+ return CURLE_URL_MALFORMAT;
+ }
+ ptr += 9; /* now points to the slash after the host */
}
+
+ /*
+ * RFC 8089, Appendix D, Section D.1, says:
+ *
+ * > In a POSIX file system, the root of the file system is represented
+ * > as a directory with a zero-length name, usually written as "/"; the
+ * > presence of this root in a file URI can be taken as given by the
+ * > initial slash in the "path-absolute" rule.
+ *
+ * i.e. the first slash is part of the path.
+ *
+ * However in RFC 1738 the "/" between the host (or port) and the
+ * URL-path was NOT part of the URL-path. Any agent that followed the
+ * older spec strictly, and wanted to refer to a file with an absolute
+ * path, would have included a second slash. So if there are two
+ * slashes, swallow one.
+ */
+ if('/' == ptr[1]) /* note: the only way ptr[0]!='/' is if ptr[1]==':' */
+ ptr++;
+
+ /* This cannot be done with strcpy, as the memory chunks overlap! */
+ memmove(path, ptr, strlen(ptr) + 1);
}
+#if !defined(MSDOS) && !defined(WIN32) && !defined(__CYGWIN__)
+ /* Don't allow Windows drive letters when not in Windows.
+ * This catches both "file:/c:" and "file:c:" */
+ if(('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) ||
+ STARTS_WITH_URL_DRIVE_PREFIX(path)) {
+ failf(data, "File drive letters are only accepted in MSDOS/Windows.");
+ return CURLE_URL_MALFORMAT;
+ }
+#else
+ /* If the path starts with a slash and a drive letter, ditch the slash */
+ if('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) {
+ /* This cannot be done with strcpy, as the memory chunks overlap! */
+ memmove(path, &path[1], strlen(&path[1]) + 1);
+ }
+#endif
+
protop = "file"; /* protocol string */
+ *prot_missing = !url_has_scheme;
}
else {
/* clear path */
- path[0]=0;
-
- if(2 > sscanf(data->change.url,
- "%15[^\n:]://%[^\n/?]%[^\n]",
- protobuf,
- conn->host.name, path)) {
+ char slashbuf[4];
+ path[0] = 0;
+
+ rc = sscanf(data->change.url,
+ "%15[^\n/:]:%3[/]%[^\n/?#]%[^\n]",
+ protobuf, slashbuf, conn->host.name, path);
+ if(2 == rc) {
+ failf(data, "Bad URL");
+ return CURLE_URL_MALFORMAT;
+ }
+ if(3 > rc) {
/*
* The URL was badly formatted, let's try the browser-style _without_
* protocol specified like 'http://'.
*/
- rc = sscanf(data->change.url, "%[^\n/?]%[^\n]", conn->host.name, path);
+ rc = sscanf(data->change.url, "%[^\n/?#]%[^\n]", conn->host.name, path);
if(1 > rc) {
/*
* We couldn't even get this format.
@@ -3813,33 +2212,51 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
}
/*
- * Since there was no protocol part specified, we guess what protocol it
- * is based on the first letters of the server name.
+ * Since there was no protocol part specified in the URL use the
+ * user-specified default protocol. If we weren't given a default make a
+ * guess by matching some protocols against the host's outermost
+ * sub-domain name. Finally if there was no match use HTTP.
*/
- /* Note: if you add a new protocol, please update the list in
- * lib/version.c too! */
-
- if(checkprefix("FTP.", conn->host.name))
- protop = "ftp";
- else if(checkprefix("DICT.", conn->host.name))
- protop = "DICT";
- else if(checkprefix("LDAP.", conn->host.name))
- protop = "LDAP";
- else if(checkprefix("IMAP.", conn->host.name))
- protop = "IMAP";
- else if(checkprefix("SMTP.", conn->host.name))
- protop = "smtp";
- else if(checkprefix("POP3.", conn->host.name))
- protop = "pop3";
- else {
- protop = "http";
+ protop = data->set.str[STRING_DEFAULT_PROTOCOL];
+ if(!protop) {
+ /* Note: if you add a new protocol, please update the list in
+ * lib/version.c too! */
+ if(checkprefix("FTP.", conn->host.name))
+ protop = "ftp";
+ else if(checkprefix("DICT.", conn->host.name))
+ protop = "DICT";
+ else if(checkprefix("LDAP.", conn->host.name))
+ protop = "LDAP";
+ else if(checkprefix("IMAP.", conn->host.name))
+ protop = "IMAP";
+ else if(checkprefix("SMTP.", conn->host.name))
+ protop = "smtp";
+ else if(checkprefix("POP3.", conn->host.name))
+ protop = "pop3";
+ else
+ protop = "http";
}
*prot_missing = TRUE; /* not given in URL */
}
- else
+ else {
+ size_t s = strlen(slashbuf);
protop = protobuf;
+ if(s != 2) {
+ infof(data, "Unwillingly accepted illegal URL using %d slash%s!\n",
+ s, s>1?"es":"");
+
+ if(data->change.url_alloc)
+ free(data->change.url);
+ /* repair the URL to use two slashes */
+ data->change.url = aprintf("%s://%s%s",
+ protobuf, conn->host.name, path);
+ if(!data->change.url)
+ return CURLE_OUT_OF_MEMORY;
+ data->change.url_alloc = TRUE;
+ }
+ }
}
/* We search for '?' in the host name (but only on the right side of a
@@ -3848,7 +2265,7 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
*/
at = strchr(conn->host.name, '@');
if(at)
- query = strchr(at+1, '?');
+ query = strchr(at + 1, '?');
else
query = strchr(conn->host.name, '?');
@@ -3866,15 +2283,15 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
/* move the existing path plus the zero byte forward, to make room for
the host-name part */
- memmove(path+hostlen+1, path, pathlen+1);
+ memmove(path + hostlen + 1, path, pathlen + 1);
/* now copy the trailing host part in front of the existing path */
- memcpy(path+1, query, hostlen);
+ memcpy(path + 1, query, hostlen);
path[0]='/'; /* prepend the missing slash */
rebuild_url = TRUE;
- *query=0; /* now cut off the hostname at the ? */
+ *query = 0; /* now cut off the hostname at the ? */
}
else if(!path[0]) {
/* if there's no path set, use a single slash */
@@ -3883,18 +2300,18 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
}
/* If the URL is malformatted (missing a '/' after hostname before path) we
- * insert a slash here. The only letter except '/' we accept to start a path
- * is '?'.
+ * insert a slash here. The only letters except '/' that can start a path is
+ * '?' and '#' - as controlled by the two sscanf() patterns above.
*/
- if(path[0] == '?') {
+ if(path[0] != '/') {
/* We need this function to deal with overlapping memory areas. We know
that the memory area 'path' points to is 'urllen' bytes big and that
is bigger than the path. Use +1 to move the zero byte too. */
- memmove(&path[1], path, strlen(path)+1);
+ memmove(&path[1], path, strlen(path) + 1);
path[0] = '/';
rebuild_url = TRUE;
}
- else {
+ else if(!data->set.path_as_is) {
/* sanitise paths and remove ../ and ./ sequences according to RFC3986 */
char *newp = Curl_dedotdotify(path);
if(!newp)
@@ -3922,14 +2339,30 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
size_t plen = strlen(path); /* new path, should be 1 byte longer than
the original */
- size_t urllen = strlen(data->change.url); /* original URL length */
-
size_t prefixlen = strlen(conn->host.name);
- if(!*prot_missing)
- prefixlen += strlen(protop) + strlen("://");
+ if(!*prot_missing) {
+ size_t protolen = strlen(protop);
- reurl = malloc(urllen + 2); /* 2 for zerobyte + slash */
+ if(curl_strnequal(protop, data->change.url, protolen))
+ prefixlen += protolen;
+ else {
+ failf(data, "<url> malformed");
+ return CURLE_URL_MALFORMAT;
+ }
+
+ if(curl_strnequal("://", &data->change.url[protolen], 3))
+ prefixlen += 3;
+ /* only file: is allowed to omit one or both slashes */
+ else if(curl_strnequal("file:", data->change.url, 5))
+ prefixlen += 1 + (data->change.url[5] == '/');
+ else {
+ failf(data, "<url> malformed");
+ return CURLE_URL_MALFORMAT;
+ }
+ }
+
+ reurl = malloc(prefixlen + plen + 1);
if(!reurl)
return CURLE_OUT_OF_MEMORY;
@@ -3951,37 +2384,74 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
data->change.url_alloc = TRUE; /* free this later */
}
+ result = findprotocol(data, conn, protop);
+ if(result)
+ return result;
+
/*
* Parse the login details from the URL and strip them out of
* the host name
*/
result = parse_url_login(data, conn, userp, passwdp, optionsp);
- if(result != CURLE_OK)
+ if(result)
return result;
if(conn->host.name[0] == '[') {
/* This looks like an IPv6 address literal. See if there is an address
- scope. */
- char *percent = strstr (conn->host.name, "%25");
+ scope if there is no location header */
+ char *percent = strchr(conn->host.name, '%');
if(percent) {
+ unsigned int identifier_offset = 3;
char *endp;
- unsigned long scope = strtoul (percent + 3, &endp, 10);
+ unsigned long scope;
+ if(strncmp("%25", percent, 3) != 0) {
+ infof(data,
+ "Please URL encode %% as %%25, see RFC 6874.\n");
+ identifier_offset = 1;
+ }
+ scope = strtoul(percent + identifier_offset, &endp, 10);
if(*endp == ']') {
/* The address scope was well formed. Knock it out of the
hostname. */
- memmove(percent, endp, strlen(endp)+1);
- if(!data->state.this_is_a_follow)
- /* Don't honour a scope given in a Location: header */
- conn->scope = (unsigned int)scope;
+ memmove(percent, endp, strlen(endp) + 1);
+ conn->scope_id = (unsigned int)scope;
+ }
+ else {
+ /* Zone identifier is not numeric */
+#if defined(HAVE_NET_IF_H) && defined(IFNAMSIZ) && defined(HAVE_IF_NAMETOINDEX)
+ char ifname[IFNAMSIZ + 2];
+ char *square_bracket;
+ unsigned int scopeidx = 0;
+ strncpy(ifname, percent + identifier_offset, IFNAMSIZ + 2);
+ /* Ensure nullbyte termination */
+ ifname[IFNAMSIZ + 1] = '\0';
+ square_bracket = strchr(ifname, ']');
+ if(square_bracket) {
+ /* Remove ']' */
+ *square_bracket = '\0';
+ scopeidx = if_nametoindex(ifname);
+ if(scopeidx == 0) {
+ infof(data, "Invalid network interface: %s; %s\n", ifname,
+ strerror(errno));
+ }
+ }
+ if(scopeidx > 0) {
+ char *p = percent + identifier_offset + strlen(ifname);
+
+ /* Remove zone identifier from hostname */
+ memmove(percent, p, strlen(p) + 1);
+ conn->scope_id = scopeidx;
+ }
+ else
+#endif /* HAVE_NET_IF_H && IFNAMSIZ */
+ infof(data, "Invalid IPv6 address format\n");
}
- else
- infof(data, "Invalid IPv6 address format\n");
}
}
- if(data->set.scope)
+ if(data->set.scope_id)
/* Override any scope that was set above. */
- conn->scope = data->set.scope;
+ conn->scope_id = data->set.scope_id;
/* Remove the fragment part of the path. Per RFC 2396, this is always the
last part of the URI. We are looking for the first '#' so that we deal
@@ -4004,15 +2474,14 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
* conn->host.name is B
* data->state.path is /C
*/
-
- return findprotocol(data, conn, protop);
+ return CURLE_OK;
}
/*
* If we're doing a resumed transfer, we need to setup our stuff
* properly.
*/
-static CURLcode setup_range(struct SessionHandle *data)
+static CURLcode setup_range(struct Curl_easy *data)
{
struct UrlState *s = &data->state;
s->resume_from = data->set.set_resume_from;
@@ -4021,11 +2490,11 @@ static CURLcode setup_range(struct SessionHandle *data)
free(s->range);
if(s->resume_from)
- s->range = aprintf("%" FORMAT_OFF_TU "-", s->resume_from);
+ s->range = aprintf("%" CURL_FORMAT_CURL_OFF_TU "-", s->resume_from);
else
s->range = strdup(data->set.str[STRING_SET_RANGE]);
- s->rangestringalloc = (s->range)?TRUE:FALSE;
+ s->rangestringalloc = (s->range) ? TRUE : FALSE;
if(!s->range)
return CURLE_OUT_OF_MEMORY;
@@ -4044,7 +2513,7 @@ static CURLcode setup_range(struct SessionHandle *data)
* setup_connection_internals() -
*
* Setup connection internals specific to the requested protocol in the
- * SessionHandle. This is inited and setup before the connection is made but
+ * Curl_easy. This is inited and setup before the connection is made but
* is about the particular protocol that is to be used.
*
* This MUST get called after proxy magic has been figured out.
@@ -4053,16 +2522,17 @@ static CURLcode setup_connection_internals(struct connectdata *conn)
{
const struct Curl_handler * p;
CURLcode result;
+ struct Curl_easy *data = conn->data;
/* in some case in the multi state-machine, we go back to the CONNECT state
and then a second (or third or...) call to this function will be made
without doing a DISCONNECT or DONE in between (since the connection is
yet in place) and therefore this function needs to first make sure
there's no lingering previous data allocated. */
- Curl_free_request_state(conn->data);
+ Curl_free_request_state(data);
- memset(&conn->data->req, 0, sizeof(struct SingleRequest));
- conn->data->req.maxdownload = -1;
+ memset(&data->req, 0, sizeof(struct SingleRequest));
+ data->req.maxdownload = -1;
conn->socktype = SOCK_STREAM; /* most of them are TCP streams */
@@ -4072,7 +2542,7 @@ static CURLcode setup_connection_internals(struct connectdata *conn)
if(p->setup_connection) {
result = (*p->setup_connection)(conn);
- if(result != CURLE_OK)
+ if(result)
return result;
p = conn->handler; /* May have changed. */
@@ -4083,22 +2553,18 @@ static CURLcode setup_connection_internals(struct connectdata *conn)
was very likely already set to the proxy port */
conn->port = p->defport;
- /* only if remote_port was not already parsed off the URL we use the
- default port number */
- if(!conn->remote_port)
- conn->remote_port = (unsigned short)conn->given->defport;
-
return CURLE_OK;
}
/*
* Curl_free_request_state() should free temp data that was allocated in the
- * SessionHandle for this single request.
+ * Curl_easy for this single request.
*/
-void Curl_free_request_state(struct SessionHandle *data)
+void Curl_free_request_state(struct Curl_easy *data)
{
Curl_safefree(data->req.protop);
+ Curl_safefree(data->req.newurl);
}
@@ -4107,7 +2573,7 @@ void Curl_free_request_state(struct SessionHandle *data)
* Checks if the host is in the noproxy list. returns true if it matches
* and therefore the proxy should NOT be used.
****************************************************************/
-static bool check_noproxy(const char* name, const char* no_proxy)
+static bool check_noproxy(const char *name, const char *no_proxy)
{
/* no_proxy=domain1.dom,host.domain2.dom
* (a comma-separated list of hosts which should
@@ -4116,13 +2582,13 @@ static bool check_noproxy(const char* name, const char* no_proxy)
*/
size_t tok_start;
size_t tok_end;
- const char* separator = ", ";
+ const char *separator = ", ";
size_t no_proxy_len;
size_t namelen;
char *endptr;
if(no_proxy && no_proxy[0]) {
- if(Curl_raw_equal("*", no_proxy)) {
+ if(strcasecompare("*", no_proxy)) {
return TRUE;
}
@@ -4160,7 +2626,7 @@ static bool check_noproxy(const char* name, const char* no_proxy)
if((tok_end - tok_start) <= namelen) {
/* Match the last part of the name to the domain we are checking. */
const char *checkn = name + namelen - (tok_end - tok_start);
- if(Curl_raw_nequal(no_proxy + tok_start, checkn,
+ if(strncasecompare(no_proxy + tok_start, checkn,
tok_end - tok_start)) {
if((tok_end - tok_start) == namelen || *(checkn - 1) == '.') {
/* We either have an exact match, or the previous character is a .
@@ -4177,6 +2643,7 @@ static bool check_noproxy(const char* name, const char* no_proxy)
return FALSE;
}
+#ifndef CURL_DISABLE_HTTP
/****************************************************************
* Detect what (if any) proxy to use. Remember that this selects a host
* name and is not limited to HTTP proxies only.
@@ -4186,7 +2653,6 @@ static char *detect_proxy(struct connectdata *conn)
{
char *proxy = NULL;
-#ifndef CURL_DISABLE_HTTP
/* If proxy was not specified, we check for default proxy environment
* variables, to enable i.e Lynx compliance:
*
@@ -4204,76 +2670,59 @@ static char *detect_proxy(struct connectdata *conn)
* For compatibility, the all-uppercase versions of these variables are
* checked if the lowercase versions don't exist.
*/
- char *no_proxy=NULL;
char proxy_env[128];
+ const char *protop = conn->handler->scheme;
+ char *envp = proxy_env;
+ char *prox;
- no_proxy=curl_getenv("no_proxy");
- if(!no_proxy)
- no_proxy=curl_getenv("NO_PROXY");
+ /* Now, build <protocol>_proxy and check for such a one to use */
+ while(*protop)
+ *envp++ = (char)tolower((int)*protop++);
- if(!check_noproxy(conn->host.name, no_proxy)) {
- /* It was not listed as without proxy */
- const char *protop = conn->handler->scheme;
- char *envp = proxy_env;
- char *prox;
+ /* append _proxy */
+ strcpy(envp, "_proxy");
- /* Now, build <protocol>_proxy and check for such a one to use */
- while(*protop)
- *envp++ = (char)tolower((int)*protop++);
+ /* read the protocol proxy: */
+ prox = curl_getenv(proxy_env);
- /* append _proxy */
- strcpy(envp, "_proxy");
-
- /* read the protocol proxy: */
- prox=curl_getenv(proxy_env);
-
- /*
- * We don't try the uppercase version of HTTP_PROXY because of
- * security reasons:
- *
- * When curl is used in a webserver application
- * environment (cgi or php), this environment variable can
- * be controlled by the web server user by setting the
- * http header 'Proxy:' to some value.
- *
- * This can cause 'internal' http/ftp requests to be
- * arbitrarily redirected by any external attacker.
- */
- if(!prox && !Curl_raw_equal("http_proxy", proxy_env)) {
- /* There was no lowercase variable, try the uppercase version: */
- Curl_strntoupper(proxy_env, proxy_env, sizeof(proxy_env));
- prox=curl_getenv(proxy_env);
- }
-
- if(prox && *prox) { /* don't count "" strings */
- proxy = prox; /* use this */
- }
- else {
- proxy = curl_getenv("all_proxy"); /* default proxy to use */
- if(!proxy)
- proxy=curl_getenv("ALL_PROXY");
- }
- } /* if(!check_noproxy(conn->host.name, no_proxy)) - it wasn't specified
- non-proxy */
- if(no_proxy)
- free(no_proxy);
-
-#else /* !CURL_DISABLE_HTTP */
+ /*
+ * We don't try the uppercase version of HTTP_PROXY because of
+ * security reasons:
+ *
+ * When curl is used in a webserver application
+ * environment (cgi or php), this environment variable can
+ * be controlled by the web server user by setting the
+ * http header 'Proxy:' to some value.
+ *
+ * This can cause 'internal' http/ftp requests to be
+ * arbitrarily redirected by any external attacker.
+ */
+ if(!prox && !strcasecompare("http_proxy", proxy_env)) {
+ /* There was no lowercase variable, try the uppercase version: */
+ Curl_strntoupper(proxy_env, proxy_env, sizeof(proxy_env));
+ prox = curl_getenv(proxy_env);
+ }
- (void)conn;
-#endif /* CURL_DISABLE_HTTP */
+ if(prox)
+ proxy = prox; /* use this */
+ else {
+ proxy = curl_getenv("all_proxy"); /* default proxy to use */
+ if(!proxy)
+ proxy = curl_getenv("ALL_PROXY");
+ }
return proxy;
}
+#endif /* CURL_DISABLE_HTTP */
/*
* If this is supposed to use a proxy, we need to figure out the proxy
* host name, so that we can re-use an existing connection
* that may exist registered to the same proxy host.
- * proxy will be freed before this function returns.
*/
-static CURLcode parse_proxy(struct SessionHandle *data,
- struct connectdata *conn, char *proxy)
+static CURLcode parse_proxy(struct Curl_easy *data,
+ struct connectdata *conn, char *proxy,
+ curl_proxytype proxytype)
{
char *prox_portno;
char *endofprot;
@@ -4282,6 +2731,10 @@ static CURLcode parse_proxy(struct SessionHandle *data,
char *proxyptr;
char *portptr;
char *atsign;
+ long port = -1;
+ char *proxyuser = NULL;
+ char *proxypasswd = NULL;
+ bool sockstype;
/* We do the proxy host string parsing here. We want the host name and the
* port name. Accept a protocol:// prefix
@@ -4290,80 +2743,71 @@ static CURLcode parse_proxy(struct SessionHandle *data,
/* Parse the protocol part if present */
endofprot = strstr(proxy, "://");
if(endofprot) {
- proxyptr = endofprot+3;
- if(checkprefix("socks5h", proxy))
- conn->proxytype = CURLPROXY_SOCKS5_HOSTNAME;
+ proxyptr = endofprot + 3;
+ if(checkprefix("https", proxy))
+ proxytype = CURLPROXY_HTTPS;
+ else if(checkprefix("socks5h", proxy))
+ proxytype = CURLPROXY_SOCKS5_HOSTNAME;
else if(checkprefix("socks5", proxy))
- conn->proxytype = CURLPROXY_SOCKS5;
+ proxytype = CURLPROXY_SOCKS5;
else if(checkprefix("socks4a", proxy))
- conn->proxytype = CURLPROXY_SOCKS4A;
+ proxytype = CURLPROXY_SOCKS4A;
else if(checkprefix("socks4", proxy) || checkprefix("socks", proxy))
- conn->proxytype = CURLPROXY_SOCKS4;
- /* Any other xxx:// : change to http proxy */
+ proxytype = CURLPROXY_SOCKS4;
+ else if(checkprefix("http:", proxy))
+ ; /* leave it as HTTP or HTTP/1.0 */
+ else {
+ /* Any other xxx:// reject! */
+ failf(data, "Unsupported proxy scheme for \'%s\'", proxy);
+ return CURLE_COULDNT_CONNECT;
+ }
}
else
proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */
- /* Is there a username and password given in this proxy url? */
- atsign = strchr(proxyptr, '@');
- if(atsign) {
- CURLcode res = CURLE_OK;
- char *proxyuser = NULL;
- char *proxypasswd = NULL;
-
- res = parse_login_details(proxyptr, atsign - proxyptr,
- &proxyuser, &proxypasswd, NULL);
- if(!res) {
- /* found user and password, rip them out. note that we are
- unescaping them, as there is otherwise no way to have a
- username or password with reserved characters like ':' in
- them. */
- Curl_safefree(conn->proxyuser);
- if(proxyuser && strlen(proxyuser) < MAX_CURL_USER_LENGTH)
- conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
- else
- conn->proxyuser = strdup("");
-
- if(!conn->proxyuser)
- res = CURLE_OUT_OF_MEMORY;
- else {
- Curl_safefree(conn->proxypasswd);
- if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
- conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
- else
- conn->proxypasswd = strdup("");
-
- if(!conn->proxypasswd)
- res = CURLE_OUT_OF_MEMORY;
- }
-
- if(!res) {
- conn->bits.proxy_user_passwd = TRUE; /* enable it */
- atsign++; /* the right side of the @-letter */
-
- if(atsign)
- proxyptr = atsign; /* now use this instead */
- else
- res = CURLE_OUT_OF_MEMORY;
- }
+#ifdef USE_SSL
+ if(!Curl_ssl->support_https_proxy)
+#endif
+ if(proxytype == CURLPROXY_HTTPS) {
+ failf(data, "Unsupported proxy \'%s\', libcurl is built without the "
+ "HTTPS-proxy support.", proxy);
+ return CURLE_NOT_BUILT_IN;
}
- Curl_safefree(proxyuser);
- Curl_safefree(proxypasswd);
+ sockstype = proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
+ proxytype == CURLPROXY_SOCKS5 ||
+ proxytype == CURLPROXY_SOCKS4A ||
+ proxytype == CURLPROXY_SOCKS4;
- if(res)
- return res;
+ /* Is there a username and password given in this proxy url? */
+ atsign = strchr(proxyptr, '@');
+ if(atsign) {
+ CURLcode result =
+ Curl_parse_login_details(proxyptr, atsign - proxyptr,
+ &proxyuser, &proxypasswd, NULL);
+ if(result)
+ return result;
+ proxyptr = atsign + 1;
}
/* start scanning for port number at this point */
portptr = proxyptr;
- /* detect and extract RFC2732-style IPv6-addresses */
+ /* detect and extract RFC6874-style IPv6-addresses */
if(*proxyptr == '[') {
char *ptr = ++proxyptr; /* advance beyond the initial bracket */
- while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':') || (*ptr == '%') ||
- (*ptr == '.')))
+ while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':') || (*ptr == '.')))
ptr++;
+ if(*ptr == '%') {
+ /* There might be a zone identifier */
+ if(strncmp("%25", ptr, 3))
+ infof(data, "Please URL encode %% as %%25, see RFC 6874.\n");
+ ptr++;
+ /* Allow unreserved characters as defined in RFC 3986 */
+ while(*ptr && (ISALPHA(*ptr) || ISXDIGIT(*ptr) || (*ptr == '-') ||
+ (*ptr == '.') || (*ptr == '_') || (*ptr == '~')))
+ ptr++;
+ }
if(*ptr == ']')
/* yeps, it ended nicely with a bracket as well */
*ptr++ = 0;
@@ -4379,36 +2823,101 @@ static CURLcode parse_proxy(struct SessionHandle *data,
/* Get port number off proxy.server.com:1080 */
prox_portno = strchr(portptr, ':');
if(prox_portno) {
+ char *endp = NULL;
+
*prox_portno = 0x0; /* cut off number from host name */
prox_portno ++;
/* now set the local port number */
- conn->port = strtol(prox_portno, NULL, 10);
+ port = strtol(prox_portno, &endp, 10);
+ if((endp && *endp && (*endp != '/') && (*endp != ' ')) ||
+ (port < 0) || (port > 65535)) {
+ /* meant to detect for example invalid IPv6 numerical addresses without
+ brackets: "2a00:fac0:a000::7:13". Accept a trailing slash only
+ because we then allow "URL style" with the number followed by a
+ slash, used in curl test cases already. Space is also an acceptable
+ terminating symbol. */
+ infof(data, "No valid port number in proxy string (%s)\n",
+ prox_portno);
+ }
+ else
+ conn->port = port;
}
else {
- if(proxyptr[0]=='/')
+ if(proxyptr[0]=='/') {
/* If the first character in the proxy string is a slash, fail
immediately. The following code will otherwise clear the string which
will lead to code running as if no proxy was set! */
+ Curl_safefree(proxyuser);
+ Curl_safefree(proxypasswd);
return CURLE_COULDNT_RESOLVE_PROXY;
+ }
/* without a port number after the host name, some people seem to use
a slash so we strip everything from the first slash */
atsign = strchr(proxyptr, '/');
if(atsign)
- *atsign = 0x0; /* cut off path part from host name */
+ *atsign = '\0'; /* cut off path part from host name */
if(data->set.proxyport)
/* None given in the proxy string, then get the default one if it is
given */
- conn->port = data->set.proxyport;
+ port = data->set.proxyport;
+ else {
+ if(proxytype == CURLPROXY_HTTPS)
+ port = CURL_DEFAULT_HTTPS_PROXY_PORT;
+ else
+ port = CURL_DEFAULT_PROXY_PORT;
+ }
}
- /* now, clone the cleaned proxy host name */
- conn->proxy.rawalloc = strdup(proxyptr);
- conn->proxy.name = conn->proxy.rawalloc;
+ if(*proxyptr) {
+ struct proxy_info *proxyinfo =
+ sockstype ? &conn->socks_proxy : &conn->http_proxy;
+ proxyinfo->proxytype = proxytype;
+
+ if(proxyuser) {
+ /* found user and password, rip them out. note that we are unescaping
+ them, as there is otherwise no way to have a username or password
+ with reserved characters like ':' in them. */
+ Curl_safefree(proxyinfo->user);
+ proxyinfo->user = curl_easy_unescape(data, proxyuser, 0, NULL);
+ Curl_safefree(proxyuser);
+
+ if(!proxyinfo->user) {
+ Curl_safefree(proxypasswd);
+ return CURLE_OUT_OF_MEMORY;
+ }
- if(!conn->proxy.rawalloc)
- return CURLE_OUT_OF_MEMORY;
+ Curl_safefree(proxyinfo->passwd);
+ if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
+ proxyinfo->passwd = curl_easy_unescape(data, proxypasswd, 0, NULL);
+ else
+ proxyinfo->passwd = strdup("");
+ Curl_safefree(proxypasswd);
+
+ if(!proxyinfo->passwd)
+ return CURLE_OUT_OF_MEMORY;
+
+ conn->bits.proxy_user_passwd = TRUE; /* enable it */
+ }
+
+ if(port >= 0) {
+ proxyinfo->port = port;
+ if(conn->port < 0 || sockstype || !conn->socks_proxy.host.rawalloc)
+ conn->port = port;
+ }
+
+ /* now, clone the cleaned proxy host name */
+ Curl_safefree(proxyinfo->host.rawalloc);
+ proxyinfo->host.rawalloc = strdup(proxyptr);
+ proxyinfo->host.name = proxyinfo->host.rawalloc;
+
+ if(!proxyinfo->host.rawalloc)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ Curl_safefree(proxyuser);
+ Curl_safefree(proxypasswd);
return CURLE_OK;
}
@@ -4416,11 +2925,12 @@ static CURLcode parse_proxy(struct SessionHandle *data,
/*
* Extract the user and password from the authentication string
*/
-static CURLcode parse_proxy_auth(struct SessionHandle *data,
+static CURLcode parse_proxy_auth(struct Curl_easy *data,
struct connectdata *conn)
{
char proxyuser[MAX_CURL_USER_LENGTH]="";
char proxypasswd[MAX_CURL_PASSWORD_LENGTH]="";
+ CURLcode result;
if(data->set.str[STRING_PROXYUSERNAME] != NULL) {
strncpy(proxyuser, data->set.str[STRING_PROXYUSERNAME],
@@ -4433,15 +2943,176 @@ static CURLcode parse_proxy_auth(struct SessionHandle *data,
proxypasswd[MAX_CURL_PASSWORD_LENGTH-1] = '\0'; /*To be on safe side*/
}
- conn->proxyuser = curl_easy_unescape(data, proxyuser, 0, NULL);
- if(!conn->proxyuser)
- return CURLE_OUT_OF_MEMORY;
+ result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL,
+ FALSE);
+ if(!result)
+ result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd,
+ NULL, FALSE);
+ return result;
+}
- conn->proxypasswd = curl_easy_unescape(data, proxypasswd, 0, NULL);
- if(!conn->proxypasswd)
- return CURLE_OUT_OF_MEMORY;
+/* create_conn helper to parse and init proxy values. to be called after unix
+ socket init but before any proxy vars are evaluated. */
+static CURLcode create_conn_helper_init_proxy(struct connectdata *conn)
+{
+ char *proxy = NULL;
+ char *socksproxy = NULL;
+ char *no_proxy = NULL;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
- return CURLE_OK;
+ /*************************************************************
+ * Extract the user and password from the authentication string
+ *************************************************************/
+ if(conn->bits.proxy_user_passwd) {
+ result = parse_proxy_auth(data, conn);
+ if(result)
+ goto out;
+ }
+
+ /*************************************************************
+ * Detect what (if any) proxy to use
+ *************************************************************/
+ if(data->set.str[STRING_PROXY]) {
+ proxy = strdup(data->set.str[STRING_PROXY]);
+ /* if global proxy is set, this is it */
+ if(NULL == proxy) {
+ failf(data, "memory shortage");
+ result = CURLE_OUT_OF_MEMORY;
+ goto out;
+ }
+ }
+
+ if(data->set.str[STRING_PRE_PROXY]) {
+ socksproxy = strdup(data->set.str[STRING_PRE_PROXY]);
+ /* if global socks proxy is set, this is it */
+ if(NULL == socksproxy) {
+ failf(data, "memory shortage");
+ result = CURLE_OUT_OF_MEMORY;
+ goto out;
+ }
+ }
+
+ if(!data->set.str[STRING_NOPROXY]) {
+ no_proxy = curl_getenv("no_proxy");
+ if(!no_proxy)
+ no_proxy = curl_getenv("NO_PROXY");
+ }
+
+ if(check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY] ?
+ data->set.str[STRING_NOPROXY] : no_proxy)) {
+ Curl_safefree(proxy);
+ Curl_safefree(socksproxy);
+ }
+#ifndef CURL_DISABLE_HTTP
+ else if(!proxy && !socksproxy)
+ /* if the host is not in the noproxy list, detect proxy. */
+ proxy = detect_proxy(conn);
+#endif /* CURL_DISABLE_HTTP */
+
+ Curl_safefree(no_proxy);
+
+#ifdef USE_UNIX_SOCKETS
+ /* For the time being do not mix proxy and unix domain sockets. See #1274 */
+ if(proxy && conn->unix_domain_socket) {
+ free(proxy);
+ proxy = NULL;
+ }
+#endif
+
+ if(proxy && (!*proxy || (conn->handler->flags & PROTOPT_NONETWORK))) {
+ free(proxy); /* Don't bother with an empty proxy string or if the
+ protocol doesn't work with network */
+ proxy = NULL;
+ }
+ if(socksproxy && (!*socksproxy ||
+ (conn->handler->flags & PROTOPT_NONETWORK))) {
+ free(socksproxy); /* Don't bother with an empty socks proxy string or if
+ the protocol doesn't work with network */
+ socksproxy = NULL;
+ }
+
+ /***********************************************************************
+ * If this is supposed to use a proxy, we need to figure out the proxy host
+ * name, proxy type and port number, so that we can re-use an existing
+ * connection that may exist registered to the same proxy host.
+ ***********************************************************************/
+ if(proxy || socksproxy) {
+ if(proxy) {
+ result = parse_proxy(data, conn, proxy, conn->http_proxy.proxytype);
+ Curl_safefree(proxy); /* parse_proxy copies the proxy string */
+ if(result)
+ goto out;
+ }
+
+ if(socksproxy) {
+ result = parse_proxy(data, conn, socksproxy,
+ conn->socks_proxy.proxytype);
+ /* parse_proxy copies the socks proxy string */
+ Curl_safefree(socksproxy);
+ if(result)
+ goto out;
+ }
+
+ if(conn->http_proxy.host.rawalloc) {
+#ifdef CURL_DISABLE_HTTP
+ /* asking for a HTTP proxy is a bit funny when HTTP is disabled... */
+ result = CURLE_UNSUPPORTED_PROTOCOL;
+ goto out;
+#else
+ /* force this connection's protocol to become HTTP if compatible */
+ if(!(conn->handler->protocol & PROTO_FAMILY_HTTP)) {
+ if((conn->handler->flags & PROTOPT_PROXY_AS_HTTP) &&
+ !conn->bits.tunnel_proxy)
+ conn->handler = &Curl_handler_http;
+ else
+ /* if not converting to HTTP over the proxy, enforce tunneling */
+ conn->bits.tunnel_proxy = TRUE;
+ }
+ conn->bits.httpproxy = TRUE;
+#endif
+ }
+ else {
+ conn->bits.httpproxy = FALSE; /* not a HTTP proxy */
+ conn->bits.tunnel_proxy = FALSE; /* no tunneling if not HTTP */
+ }
+
+ if(conn->socks_proxy.host.rawalloc) {
+ if(!conn->http_proxy.host.rawalloc) {
+ /* once a socks proxy */
+ if(!conn->socks_proxy.user) {
+ conn->socks_proxy.user = conn->http_proxy.user;
+ conn->http_proxy.user = NULL;
+ Curl_safefree(conn->socks_proxy.passwd);
+ conn->socks_proxy.passwd = conn->http_proxy.passwd;
+ conn->http_proxy.passwd = NULL;
+ }
+ }
+ conn->bits.socksproxy = TRUE;
+ }
+ else
+ conn->bits.socksproxy = FALSE; /* not a socks proxy */
+ }
+ else {
+ conn->bits.socksproxy = FALSE;
+ conn->bits.httpproxy = FALSE;
+ }
+ conn->bits.proxy = conn->bits.httpproxy || conn->bits.socksproxy;
+
+ if(!conn->bits.proxy) {
+ /* we aren't using the proxy after all... */
+ conn->bits.proxy = FALSE;
+ conn->bits.httpproxy = FALSE;
+ conn->bits.socksproxy = FALSE;
+ conn->bits.proxy_user_passwd = FALSE;
+ conn->bits.tunnel_proxy = FALSE;
+ }
+
+out:
+
+ free(socksproxy);
+ free(proxy);
+ return result;
}
#endif /* CURL_DISABLE_PROXY */
@@ -4461,7 +3132,7 @@ static CURLcode parse_proxy_auth(struct SessionHandle *data,
* options - non-zero length if defined
* conn->host.name - remove user name and password
*/
-static CURLcode parse_url_login(struct SessionHandle *data,
+static CURLcode parse_url_login(struct Curl_easy *data,
struct connectdata *conn,
char **user, char **passwd, char **options)
{
@@ -4483,6 +3154,7 @@ static CURLcode parse_url_login(struct SessionHandle *data,
DEBUGASSERT(!**user);
DEBUGASSERT(!**passwd);
DEBUGASSERT(!**options);
+ DEBUGASSERT(conn->handler);
if(!ptr)
goto out;
@@ -4501,10 +3173,14 @@ static CURLcode parse_url_login(struct SessionHandle *data,
if(data->set.use_netrc == CURL_NETRC_REQUIRED)
goto out;
- /* We could use the login information in the URL so extract it */
- result = parse_login_details(login, ptr - login - 1,
- &userp, &passwdp, &optionsp);
- if(result != CURLE_OK)
+ /* We could use the login information in the URL so extract it. Only parse
+ options if the handler says we should. */
+ result =
+ Curl_parse_login_details(login, ptr - login - 1,
+ &userp, &passwdp,
+ (conn->handler->flags & PROTOPT_URLOPTIONS)?
+ &optionsp:NULL);
+ if(result)
goto out;
if(userp) {
@@ -4515,9 +3191,8 @@ static CURLcode parse_url_login(struct SessionHandle *data,
conn->bits.user_passwd = TRUE; /* enable user+password */
/* Decode the user */
- newname = curl_easy_unescape(data, userp, 0, NULL);
- if(!newname) {
- result = CURLE_OUT_OF_MEMORY;
+ result = Curl_urldecode(data, userp, 0, &newname, NULL, FALSE);
+ if(result) {
goto out;
}
@@ -4527,9 +3202,9 @@ static CURLcode parse_url_login(struct SessionHandle *data,
if(passwdp) {
/* We have a password in the URL so decode it */
- char *newpasswd = curl_easy_unescape(data, passwdp, 0, NULL);
- if(!newpasswd) {
- result = CURLE_OUT_OF_MEMORY;
+ char *newpasswd;
+ result = Curl_urldecode(data, passwdp, 0, &newpasswd, NULL, FALSE);
+ if(result) {
goto out;
}
@@ -4539,9 +3214,9 @@ static CURLcode parse_url_login(struct SessionHandle *data,
if(optionsp) {
/* We have an options list in the URL so decode it */
- char *newoptions = curl_easy_unescape(data, optionsp, 0, NULL);
- if(!newoptions) {
- result = CURLE_OUT_OF_MEMORY;
+ char *newoptions;
+ result = Curl_urldecode(data, optionsp, 0, &newoptions, NULL, FALSE);
+ if(result) {
goto out;
}
@@ -4552,15 +3227,15 @@ static CURLcode parse_url_login(struct SessionHandle *data,
out:
- Curl_safefree(userp);
- Curl_safefree(passwdp);
- Curl_safefree(optionsp);
+ free(userp);
+ free(passwdp);
+ free(optionsp);
return result;
}
/*
- * parse_login_details()
+ * Curl_parse_login_details()
*
* This is used to parse a login string for user name, password and options in
* the following formats:
@@ -4588,9 +3263,9 @@ static CURLcode parse_url_login(struct SessionHandle *data,
*
* Returns CURLE_OK on success.
*/
-static CURLcode parse_login_details(const char *login, const size_t len,
- char **userp, char **passwdp,
- char **optionsp)
+CURLcode Curl_parse_login_details(const char *login, const size_t len,
+ char **userp, char **passwdp,
+ char **optionsp)
{
CURLcode result = CURLE_OK;
char *ubuf = NULL;
@@ -4642,7 +3317,7 @@ static CURLcode parse_login_details(const char *login, const size_t len,
if(!result && passwdp && plen) {
pbuf = malloc(plen + 1);
if(!pbuf) {
- Curl_safefree(ubuf);
+ free(ubuf);
result = CURLE_OUT_OF_MEMORY;
}
}
@@ -4651,8 +3326,8 @@ static CURLcode parse_login_details(const char *login, const size_t len,
if(!result && optionsp && olen) {
obuf = malloc(olen + 1);
if(!obuf) {
- Curl_safefree(pbuf);
- Curl_safefree(ubuf);
+ free(pbuf);
+ free(ubuf);
result = CURLE_OUT_OF_MEMORY;
}
}
@@ -4700,7 +3375,7 @@ static CURLcode parse_login_details(const char *login, const size_t len,
*
* The port number embedded in the URL is replaced, if necessary.
*************************************************************/
-static CURLcode parse_remote_port(struct SessionHandle *data,
+static CURLcode parse_remote_port(struct Curl_easy *data,
struct connectdata *conn)
{
char *portptr;
@@ -4719,7 +3394,13 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
portptr = strchr(conn->host.name, ']');
if(portptr) {
*portptr++ = '\0'; /* zero terminate, killing the bracket */
- if(':' != *portptr)
+ if(*portptr) {
+ if (*portptr != ':') {
+ failf(data, "IPv6 closing bracket followed by '%c'", *portptr);
+ return CURLE_URL_MALFORMAT;
+ }
+ }
+ else
portptr = NULL; /* no port number available */
}
}
@@ -4734,7 +3415,7 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
}
#endif
- portptr = strrchr(conn->host.name, ':');
+ portptr = strchr(conn->host.name, ':');
}
if(data->set.use_port && data->state.allow_port) {
@@ -4779,29 +3460,38 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
/* no CURLOPT_PORT given, extract the one from the URL */
char *rest;
- unsigned long port;
+ long port;
- port=strtoul(portptr+1, &rest, 10); /* Port number must be decimal */
+ port = strtol(portptr + 1, &rest, 10); /* Port number must be decimal */
- if(rest != (portptr+1) && *rest == '\0') {
- /* The colon really did have only digits after it,
- * so it is either a port number or a mistake */
+ if((port < 0) || (port > 0xffff)) {
+ /* Single unix standard says port numbers are 16 bits long */
+ failf(data, "Port number out of range");
+ return CURLE_URL_MALFORMAT;
+ }
- if(port > 0xffff) { /* Single unix standard says port numbers are
- * 16 bits long */
- failf(data, "Port number too large: %lu", port);
- return CURLE_URL_MALFORMAT;
- }
+ if(rest[0]) {
+ failf(data, "Port number ended with '%c'", rest[0]);
+ return CURLE_URL_MALFORMAT;
+ }
+ if(rest != &portptr[1]) {
*portptr = '\0'; /* cut off the name there */
conn->remote_port = curlx_ultous(port);
}
- else if(!port)
+ else {
/* Browser behavior adaptation. If there's a colon with no digits after,
just cut off the name there which makes us ignore the colon and just
use the default port. Firefox and Chrome both do that. */
*portptr = '\0';
+ }
}
+
+ /* only if remote_port was not already parsed off the URL we use the
+ default port number */
+ if(conn->remote_port < 0)
+ conn->remote_port = (unsigned short)conn->given->defport;
+
return CURLE_OK;
}
@@ -4809,7 +3499,7 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
* Override the login details from the URL with that in the CURLOPT_USERPWD
* option or a .netrc file, if applicable.
*/
-static CURLcode override_login(struct SessionHandle *data,
+static CURLcode override_login(struct Curl_easy *data,
struct connectdata *conn,
char **userp, char **passwdp, char **optionsp)
{
@@ -4836,13 +3526,17 @@ static CURLcode override_login(struct SessionHandle *data,
conn->bits.netrc = FALSE;
if(data->set.use_netrc != CURL_NETRC_IGNORED) {
- if(Curl_parsenetrc(conn->host.name,
- userp, passwdp,
- data->set.str[STRING_NETRC_FILE])) {
+ int ret = Curl_parsenetrc(conn->host.name,
+ userp, passwdp,
+ data->set.str[STRING_NETRC_FILE]);
+ if(ret > 0) {
infof(data, "Couldn't find host %s in the "
DOT_CHAR "netrc file; using defaults\n",
conn->host.name);
}
+ else if(ret < 0) {
+ return CURLE_OUT_OF_MEMORY;
+ }
else {
/* set bits.netrc TRUE to remember that we got the name from a .netrc
file, so that it is safe to use even if we followed a Location: to a
@@ -4857,7 +3551,7 @@ static CURLcode override_login(struct SessionHandle *data,
}
/*
- * Set password so it's available in the connection.
+ * Set the login details so they're available in the connection
*/
static CURLcode set_login(struct connectdata *conn,
const char *user, const char *passwd,
@@ -4903,15 +3597,229 @@ static CURLcode set_login(struct connectdata *conn,
return result;
}
+/*
+ * Parses a "host:port" string to connect to.
+ * The hostname and the port may be empty; in this case, NULL is returned for
+ * the hostname and -1 for the port.
+ */
+static CURLcode parse_connect_to_host_port(struct Curl_easy *data,
+ const char *host,
+ char **hostname_result,
+ int *port_result)
+{
+ char *host_dup;
+ char *hostptr;
+ char *host_portno;
+ char *portptr;
+ int port = -1;
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) data;
+#endif
+
+ *hostname_result = NULL;
+ *port_result = -1;
+
+ if(!host || !*host)
+ return CURLE_OK;
+
+ host_dup = strdup(host);
+ if(!host_dup)
+ return CURLE_OUT_OF_MEMORY;
+
+ hostptr = host_dup;
+
+ /* start scanning for port number at this point */
+ portptr = hostptr;
+
+ /* detect and extract RFC6874-style IPv6-addresses */
+ if(*hostptr == '[') {
+ char *ptr = ++hostptr; /* advance beyond the initial bracket */
+ while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':') || (*ptr == '.')))
+ ptr++;
+ if(*ptr == '%') {
+ /* There might be a zone identifier */
+ if(strncmp("%25", ptr, 3))
+ infof(data, "Please URL encode %% as %%25, see RFC 6874.\n");
+ ptr++;
+ /* Allow unreserved characters as defined in RFC 3986 */
+ while(*ptr && (ISALPHA(*ptr) || ISXDIGIT(*ptr) || (*ptr == '-') ||
+ (*ptr == '.') || (*ptr == '_') || (*ptr == '~')))
+ ptr++;
+ }
+ if(*ptr == ']')
+ /* yeps, it ended nicely with a bracket as well */
+ *ptr++ = '\0';
+ else
+ infof(data, "Invalid IPv6 address format\n");
+ portptr = ptr;
+ /* Note that if this didn't end with a bracket, we still advanced the
+ * hostptr first, but I can't see anything wrong with that as no host
+ * name nor a numeric can legally start with a bracket.
+ */
+ }
+
+ /* Get port number off server.com:1080 */
+ host_portno = strchr(portptr, ':');
+ if(host_portno) {
+ char *endp = NULL;
+ *host_portno = '\0'; /* cut off number from host name */
+ host_portno++;
+ if(*host_portno) {
+ long portparse = strtol(host_portno, &endp, 10);
+ if((endp && *endp) || (portparse < 0) || (portparse > 65535)) {
+ infof(data, "No valid port number in connect to host string (%s)\n",
+ host_portno);
+ hostptr = NULL;
+ port = -1;
+ }
+ else
+ port = (int)portparse; /* we know it will fit */
+ }
+ }
+
+ /* now, clone the cleaned host name */
+ if(hostptr) {
+ *hostname_result = strdup(hostptr);
+ if(!*hostname_result) {
+ free(host_dup);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+
+ *port_result = port;
+
+ free(host_dup);
+ return CURLE_OK;
+}
+
+/*
+ * Parses one "connect to" string in the form:
+ * "HOST:PORT:CONNECT-TO-HOST:CONNECT-TO-PORT".
+ */
+static CURLcode parse_connect_to_string(struct Curl_easy *data,
+ struct connectdata *conn,
+ const char *conn_to_host,
+ char **host_result,
+ int *port_result)
+{
+ CURLcode result = CURLE_OK;
+ const char *ptr = conn_to_host;
+ int host_match = FALSE;
+ int port_match = FALSE;
+
+ *host_result = NULL;
+ *port_result = -1;
+
+ if(*ptr == ':') {
+ /* an empty hostname always matches */
+ host_match = TRUE;
+ ptr++;
+ }
+ else {
+ /* check whether the URL's hostname matches */
+ size_t hostname_to_match_len;
+ char *hostname_to_match = aprintf("%s%s%s",
+ conn->bits.ipv6_ip ? "[" : "",
+ conn->host.name,
+ conn->bits.ipv6_ip ? "]" : "");
+ if(!hostname_to_match)
+ return CURLE_OUT_OF_MEMORY;
+ hostname_to_match_len = strlen(hostname_to_match);
+ host_match = strncasecompare(ptr, hostname_to_match,
+ hostname_to_match_len);
+ free(hostname_to_match);
+ ptr += hostname_to_match_len;
+
+ host_match = host_match && *ptr == ':';
+ ptr++;
+ }
+
+ if(host_match) {
+ if(*ptr == ':') {
+ /* an empty port always matches */
+ port_match = TRUE;
+ ptr++;
+ }
+ else {
+ /* check whether the URL's port matches */
+ char *ptr_next = strchr(ptr, ':');
+ if(ptr_next) {
+ char *endp = NULL;
+ long port_to_match = strtol(ptr, &endp, 10);
+ if((endp == ptr_next) && (port_to_match == conn->remote_port)) {
+ port_match = TRUE;
+ ptr = ptr_next + 1;
+ }
+ }
+ }
+ }
+
+ if(host_match && port_match) {
+ /* parse the hostname and port to connect to */
+ result = parse_connect_to_host_port(data, ptr, host_result, port_result);
+ }
+
+ return result;
+}
+
+/*
+ * Processes all strings in the "connect to" slist, and uses the "connect
+ * to host" and "connect to port" of the first string that matches.
+ */
+static CURLcode parse_connect_to_slist(struct Curl_easy *data,
+ struct connectdata *conn,
+ struct curl_slist *conn_to_host)
+{
+ CURLcode result = CURLE_OK;
+ char *host = NULL;
+ int port = -1;
+
+ while(conn_to_host && !host && port == -1) {
+ result = parse_connect_to_string(data, conn, conn_to_host->data,
+ &host, &port);
+ if(result)
+ return result;
+
+ if(host && *host) {
+ conn->conn_to_host.rawalloc = host;
+ conn->conn_to_host.name = host;
+ conn->bits.conn_to_host = TRUE;
+
+ infof(data, "Connecting to hostname: %s\n", host);
+ }
+ else {
+ /* no "connect to host" */
+ conn->bits.conn_to_host = FALSE;
+ Curl_safefree(host);
+ }
+
+ if(port >= 0) {
+ conn->conn_to_port = port;
+ conn->bits.conn_to_port = TRUE;
+ infof(data, "Connecting to port: %d\n", port);
+ }
+ else {
+ /* no "connect to port" */
+ conn->bits.conn_to_port = FALSE;
+ port = -1;
+ }
+
+ conn_to_host = conn_to_host->next;
+ }
+
+ return result;
+}
+
/*************************************************************
* Resolve the address of the server or proxy
*************************************************************/
-static CURLcode resolve_server(struct SessionHandle *data,
+static CURLcode resolve_server(struct Curl_easy *data,
struct connectdata *conn,
bool *async)
{
- CURLcode result=CURLE_OK;
- long timeout_ms = Curl_timeleft(data, NULL, TRUE);
+ CURLcode result = CURLE_OK;
+ timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
/*************************************************************
* Resolve the name of the server or proxy
@@ -4927,16 +3835,53 @@ static CURLcode resolve_server(struct SessionHandle *data,
int rc;
struct Curl_dns_entry *hostaddr;
- /* set a pointer to the hostname we display */
- fix_hostname(data, conn, &conn->host);
+#ifdef USE_UNIX_SOCKETS
+ if(conn->unix_domain_socket) {
+ /* Unix domain sockets are local. The host gets ignored, just use the
+ * specified domain socket address. Do not cache "DNS entries". There is
+ * no DNS involved and we already have the filesystem path available */
+ const char *path = conn->unix_domain_socket;
+
+ hostaddr = calloc(1, sizeof(struct Curl_dns_entry));
+ if(!hostaddr)
+ result = CURLE_OUT_OF_MEMORY;
+ else {
+ bool longpath = FALSE;
+ hostaddr->addr = Curl_unix2addr(path, &longpath,
+ conn->abstract_unix_socket);
+ if(hostaddr->addr)
+ hostaddr->inuse++;
+ else {
+ /* Long paths are not supported for now */
+ if(longpath) {
+ failf(data, "Unix socket path too long: '%s'", path);
+ result = CURLE_COULDNT_RESOLVE_HOST;
+ }
+ else
+ result = CURLE_OUT_OF_MEMORY;
+ free(hostaddr);
+ hostaddr = NULL;
+ }
+ }
+ }
+ else
+#endif
+ if(!conn->bits.proxy) {
+ struct hostname *connhost;
+ if(conn->bits.conn_to_host)
+ connhost = &conn->conn_to_host;
+ else
+ connhost = &conn->host;
- if(!conn->proxy.name || !*conn->proxy.name) {
/* If not connecting via a proxy, extract the port from the URL, if it is
* there, thus overriding any defaults that might have been set above. */
- conn->port = conn->remote_port; /* it is the same port */
+ if(conn->bits.conn_to_port)
+ conn->port = conn->conn_to_port;
+ else
+ conn->port = conn->remote_port;
/* Resolve target host right on */
- rc = Curl_resolv_timeout(conn, conn->host.name, (int)conn->port,
+ rc = Curl_resolv_timeout(conn, connhost->name, (int)conn->port,
&hostaddr, timeout_ms);
if(rc == CURLRESOLV_PENDING)
*async = TRUE;
@@ -4945,7 +3890,7 @@ static CURLcode resolve_server(struct SessionHandle *data,
result = CURLE_OPERATION_TIMEDOUT;
else if(!hostaddr) {
- failf(data, "Couldn't resolve host '%s'", conn->host.dispname);
+ failf(data, "Couldn't resolve host '%s'", connhost->dispname);
result = CURLE_COULDNT_RESOLVE_HOST;
/* don't return yet, we need to clean up the timeout first */
}
@@ -4953,11 +3898,11 @@ static CURLcode resolve_server(struct SessionHandle *data,
else {
/* This is a proxy that hasn't been resolved yet. */
- /* IDN-fix the proxy name */
- fix_hostname(data, conn, &conn->proxy);
+ struct hostname * const host = conn->bits.socksproxy ?
+ &conn->socks_proxy.host : &conn->http_proxy.host;
/* resolve proxy */
- rc = Curl_resolv_timeout(conn, conn->proxy.name, (int)conn->port,
+ rc = Curl_resolv_timeout(conn, host->name, (int)conn->port,
&hostaddr, timeout_ms);
if(rc == CURLRESOLV_PENDING)
@@ -4967,7 +3912,7 @@ static CURLcode resolve_server(struct SessionHandle *data,
result = CURLE_OPERATION_TIMEDOUT;
else if(!hostaddr) {
- failf(data, "Couldn't resolve proxy '%s'", conn->proxy.dispname);
+ failf(data, "Couldn't resolve proxy '%s'", host->dispname);
result = CURLE_COULDNT_RESOLVE_PROXY;
/* don't return yet, we need to clean up the timeout first */
}
@@ -4987,12 +3932,16 @@ static CURLcode resolve_server(struct SessionHandle *data,
static void reuse_conn(struct connectdata *old_conn,
struct connectdata *conn)
{
- if(old_conn->proxy.rawalloc)
- free(old_conn->proxy.rawalloc);
+ free_fixed_hostname(&old_conn->http_proxy.host);
+ free_fixed_hostname(&old_conn->socks_proxy.host);
+
+ free(old_conn->http_proxy.host.rawalloc);
+ free(old_conn->socks_proxy.host.rawalloc);
/* free the SSL config struct from this connection struct as this was
allocated in vain and is targeted for destruction */
- Curl_free_ssl_config(&old_conn->ssl_config);
+ Curl_free_primary_ssl_config(&old_conn->ssl_config);
+ Curl_free_primary_ssl_config(&old_conn->proxy_ssl_config);
conn->data = old_conn->data;
@@ -5012,38 +3961,55 @@ static void reuse_conn(struct connectdata *old_conn,
conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
if(conn->bits.proxy_user_passwd) {
/* use the new proxy user name and proxy password though */
- Curl_safefree(conn->proxyuser);
- Curl_safefree(conn->proxypasswd);
- conn->proxyuser = old_conn->proxyuser;
- conn->proxypasswd = old_conn->proxypasswd;
- old_conn->proxyuser = NULL;
- old_conn->proxypasswd = NULL;
+ Curl_safefree(conn->http_proxy.user);
+ Curl_safefree(conn->socks_proxy.user);
+ Curl_safefree(conn->http_proxy.passwd);
+ Curl_safefree(conn->socks_proxy.passwd);
+ conn->http_proxy.user = old_conn->http_proxy.user;
+ conn->socks_proxy.user = old_conn->socks_proxy.user;
+ conn->http_proxy.passwd = old_conn->http_proxy.passwd;
+ conn->socks_proxy.passwd = old_conn->socks_proxy.passwd;
+ old_conn->http_proxy.user = NULL;
+ old_conn->socks_proxy.user = NULL;
+ old_conn->http_proxy.passwd = NULL;
+ old_conn->socks_proxy.passwd = NULL;
}
/* host can change, when doing keepalive with a proxy or if the case is
different this time etc */
+ free_fixed_hostname(&conn->host);
+ free_fixed_hostname(&conn->conn_to_host);
Curl_safefree(conn->host.rawalloc);
- conn->host=old_conn->host;
+ Curl_safefree(conn->conn_to_host.rawalloc);
+ conn->host = old_conn->host;
+ conn->conn_to_host = old_conn->conn_to_host;
+ conn->conn_to_port = old_conn->conn_to_port;
+ conn->remote_port = old_conn->remote_port;
/* persist connection info in session handle */
Curl_persistconninfo(conn);
+ conn_reset_all_postponed_data(old_conn); /* free buffers */
+
/* re-use init */
conn->bits.reuse = TRUE; /* yes, we're re-using here */
Curl_safefree(old_conn->user);
Curl_safefree(old_conn->passwd);
- Curl_safefree(old_conn->proxyuser);
- Curl_safefree(old_conn->proxypasswd);
+ Curl_safefree(old_conn->http_proxy.user);
+ Curl_safefree(old_conn->socks_proxy.user);
+ Curl_safefree(old_conn->http_proxy.passwd);
+ Curl_safefree(old_conn->socks_proxy.passwd);
Curl_safefree(old_conn->localdev);
- Curl_llist_destroy(old_conn->send_pipe, NULL);
- Curl_llist_destroy(old_conn->recv_pipe, NULL);
-
- old_conn->send_pipe = NULL;
- old_conn->recv_pipe = NULL;
+ Curl_llist_destroy(&old_conn->send_pipe, NULL);
+ Curl_llist_destroy(&old_conn->recv_pipe, NULL);
Curl_safefree(old_conn->master_buffer);
+
+#ifdef USE_UNIX_SOCKETS
+ Curl_safefree(old_conn->unix_domain_socket);
+#endif
}
/**
@@ -5062,7 +4028,7 @@ static void reuse_conn(struct connectdata *old_conn,
* *NOTE* this function assigns the conn->data pointer!
*/
-static CURLcode create_conn(struct SessionHandle *data,
+static CURLcode create_conn(struct Curl_easy *data,
struct connectdata **in_connect,
bool *async)
{
@@ -5074,10 +4040,10 @@ static CURLcode create_conn(struct SessionHandle *data,
char *passwd = NULL;
char *options = NULL;
bool reuse;
- char *proxy = NULL;
bool prot_missing = FALSE;
- bool no_connections_available = FALSE;
- bool force_reuse;
+ bool connections_available = TRUE;
+ bool force_reuse = FALSE;
+ bool waitpipe = FALSE;
size_t max_host_connections = Curl_multi_max_host_connections(data->multi);
size_t max_total_connections = Curl_multi_max_total_connections(data->multi);
@@ -5117,9 +4083,9 @@ static CURLcode create_conn(struct SessionHandle *data,
* other parts of the code will rely on this fact
***********************************************************/
#define LEAST_PATH_ALLOC 256
- urllen=strlen(data->change.url);
+ urllen = strlen(data->change.url);
if(urllen < LEAST_PATH_ALLOC)
- urllen=LEAST_PATH_ALLOC;
+ urllen = LEAST_PATH_ALLOC;
/*
* We malloc() the buffers below urllen+2 to make room for 2 possibilities:
@@ -5130,14 +4096,14 @@ static CURLcode create_conn(struct SessionHandle *data,
Curl_safefree(data->state.pathbuffer);
data->state.path = NULL;
- data->state.pathbuffer = malloc(urllen+2);
+ data->state.pathbuffer = malloc(urllen + 2);
if(NULL == data->state.pathbuffer) {
result = CURLE_OUT_OF_MEMORY; /* really bad error */
goto out;
}
data->state.path = data->state.pathbuffer;
- conn->host.rawalloc = malloc(urllen+2);
+ conn->host.rawalloc = malloc(urllen + 2);
if(NULL == conn->host.rawalloc) {
Curl_safefree(data->state.pathbuffer);
data->state.path = NULL;
@@ -5158,7 +4124,7 @@ static CURLcode create_conn(struct SessionHandle *data,
result = parseurlandfillconn(data, conn, &prot_missing, &user, &passwd,
&options);
- if(result != CURLE_OK)
+ if(result)
goto out;
/*************************************************************
@@ -5169,6 +4135,7 @@ static CURLcode create_conn(struct SessionHandle *data,
we're gonna follow a Location: later or... then we need the protocol
part added so that we have a valid URL. */
char *reurl;
+ char *ch_lower;
reurl = aprintf("%s://%s", conn->handler->scheme, data->change.url);
@@ -5177,6 +4144,10 @@ static CURLcode create_conn(struct SessionHandle *data,
goto out;
}
+ /* Change protocol prefix to lower-case */
+ for(ch_lower = reurl; *ch_lower != ':'; ch_lower++)
+ *ch_lower = (char)TOLOWER(*ch_lower);
+
if(data->change.url_alloc) {
Curl_safefree(data->change.url);
data->change.url_alloc = FALSE;
@@ -5188,7 +4159,7 @@ static CURLcode create_conn(struct SessionHandle *data,
/*************************************************************
* If the protocol can't handle url query strings, then cut
- * of the unhandable part
+ * off the unhandable part
*************************************************************/
if((conn->given->flags&PROTOPT_NOURLQUERY)) {
char *path_q_sep = strchr(conn->data->state.path, '?');
@@ -5205,93 +4176,31 @@ static CURLcode create_conn(struct SessionHandle *data,
}
if(data->set.str[STRING_BEARER]) {
- conn->xoauth2_bearer = strdup(data->set.str[STRING_BEARER]);
- if(!conn->xoauth2_bearer) {
- return CURLE_OUT_OF_MEMORY;
- }
- }
-
-#ifndef CURL_DISABLE_PROXY
- /*************************************************************
- * Extract the user and password from the authentication string
- *************************************************************/
- if(conn->bits.proxy_user_passwd) {
- result = parse_proxy_auth(data, conn);
- if(result != CURLE_OK)
- goto out;
- }
-
- /*************************************************************
- * Detect what (if any) proxy to use
- *************************************************************/
- if(data->set.str[STRING_PROXY]) {
- proxy = strdup(data->set.str[STRING_PROXY]);
- /* if global proxy is set, this is it */
- if(NULL == proxy) {
- failf(data, "memory shortage");
+ conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
+ if(!conn->oauth_bearer) {
result = CURLE_OUT_OF_MEMORY;
goto out;
}
}
- if(data->set.str[STRING_NOPROXY] &&
- check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY])) {
- if(proxy) {
- free(proxy); /* proxy is in exception list */
- proxy = NULL;
- }
- }
- else if(!proxy)
- proxy = detect_proxy(conn);
-
- if(proxy && (!*proxy || (conn->handler->flags & PROTOPT_NONETWORK))) {
- free(proxy); /* Don't bother with an empty proxy string or if the
- protocol doesn't work with network */
- proxy = NULL;
- }
-
- /***********************************************************************
- * If this is supposed to use a proxy, we need to figure out the proxy host
- * name, proxy type and port number, so that we can re-use an existing
- * connection that may exist registered to the same proxy host.
- ***********************************************************************/
- if(proxy) {
- result = parse_proxy(data, conn, proxy);
-
- Curl_safefree(proxy); /* parse_proxy copies the proxy string */
-
- if(result)
- goto out;
-
- if((conn->proxytype == CURLPROXY_HTTP) ||
- (conn->proxytype == CURLPROXY_HTTP_1_0)) {
-#ifdef CURL_DISABLE_HTTP
- /* asking for a HTTP proxy is a bit funny when HTTP is disabled... */
- result = CURLE_UNSUPPORTED_PROTOCOL;
+#ifdef USE_UNIX_SOCKETS
+ if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
+ conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
+ if(conn->unix_domain_socket == NULL) {
+ result = CURLE_OUT_OF_MEMORY;
goto out;
-#else
- /* force this connection's protocol to become HTTP if not already
- compatible - if it isn't tunneling through */
- if(!(conn->handler->protocol & CURLPROTO_HTTP) &&
- !conn->bits.tunnel_proxy)
- conn->handler = &Curl_handler_http;
-
- conn->bits.httpproxy = TRUE;
-#endif
}
- else
- conn->bits.httpproxy = FALSE; /* not a HTTP proxy */
- conn->bits.proxy = TRUE;
- }
- else {
- /* we aren't using the proxy after all... */
- conn->bits.proxy = FALSE;
- conn->bits.httpproxy = FALSE;
- conn->bits.proxy_user_passwd = FALSE;
- conn->bits.tunnel_proxy = FALSE;
+ conn->abstract_unix_socket = data->set.abstract_unix_socket;
}
+#endif
-#endif /* CURL_DISABLE_PROXY */
+ /* After the unix socket init but before the proxy vars are used, parse and
+ initialize the proxy vars */
+#ifndef CURL_DISABLE_PROXY
+ result = create_conn_helper_init_proxy(conn);
+ if(result)
+ goto out;
+#endif
/*************************************************************
* If the protocol is using SSL and HTTP proxy is used, we set
@@ -5304,24 +4213,79 @@ static CURLcode create_conn(struct SessionHandle *data,
* Figure out the remote port number and fix it in the URL
*************************************************************/
result = parse_remote_port(data, conn);
- if(result != CURLE_OK)
+ if(result)
goto out;
/* Check for overridden login details and set them accordingly so they
they are known when protocol->setup_connection is called! */
result = override_login(data, conn, &user, &passwd, &options);
- if(result != CURLE_OK)
+ if(result)
goto out;
result = set_login(conn, user, passwd, options);
- if(result != CURLE_OK)
+ if(result)
+ goto out;
+
+ /*************************************************************
+ * Process the "connect to" linked list of hostname/port mappings.
+ * Do this after the remote port number has been fixed in the URL.
+ *************************************************************/
+ result = parse_connect_to_slist(data, conn, data->set.connect_to);
+ if(result)
goto out;
/*************************************************************
+ * IDN-fix the hostnames
+ *************************************************************/
+ result = fix_hostname(conn, &conn->host);
+ if(result)
+ goto out;
+ if(conn->bits.conn_to_host) {
+ result = fix_hostname(conn, &conn->conn_to_host);
+ if(result)
+ goto out;
+ }
+ if(conn->bits.httpproxy) {
+ result = fix_hostname(conn, &conn->http_proxy.host);
+ if(result)
+ goto out;
+ }
+ if(conn->bits.socksproxy) {
+ result = fix_hostname(conn, &conn->socks_proxy.host);
+ if(result)
+ goto out;
+ }
+
+ /*************************************************************
+ * Check whether the host and the "connect to host" are equal.
+ * Do this after the hostnames have been IDN-fixed.
+ *************************************************************/
+ if(conn->bits.conn_to_host &&
+ strcasecompare(conn->conn_to_host.name, conn->host.name)) {
+ conn->bits.conn_to_host = FALSE;
+ }
+
+ /*************************************************************
+ * Check whether the port and the "connect to port" are equal.
+ * Do this after the remote port number has been fixed in the URL.
+ *************************************************************/
+ if(conn->bits.conn_to_port && conn->conn_to_port == conn->remote_port) {
+ conn->bits.conn_to_port = FALSE;
+ }
+
+ /*************************************************************
+ * If the "connect to" feature is used with an HTTP proxy,
+ * we set the tunnel_proxy bit.
+ *************************************************************/
+ if((conn->bits.conn_to_host || conn->bits.conn_to_port) &&
+ conn->bits.httpproxy)
+ conn->bits.tunnel_proxy = TRUE;
+
+ /*************************************************************
* Setup internals depending on protocol. Needs to be done after
* we figured out what/if proxy to use.
*************************************************************/
result = setup_connection_internals(conn);
- if(result != CURLE_OK)
+ if(result)
goto out;
conn->recv[FIRSTSOCKET] = Curl_recv_plain;
@@ -5329,6 +4293,8 @@ static CURLcode create_conn(struct SessionHandle *data,
conn->recv[SECONDARYSOCKET] = Curl_recv_plain;
conn->send[SECONDARYSOCKET] = Curl_send_plain;
+ conn->bits.tcp_fastopen = data->set.tcp_fastopen;
+
/***********************************************************************
* file: is a special case in that it doesn't need a network connection
***********************************************************************/
@@ -5341,11 +4307,11 @@ static CURLcode create_conn(struct SessionHandle *data,
result = conn->handler->connect_it(conn, &done);
/* Setup a "faked" transfer that'll do nothing */
- if(CURLE_OK == result) {
+ if(!result) {
conn->data = data;
conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */
- ConnectionStore(data, conn);
+ Curl_conncache_add_conn(data->state.conn_cache, conn);
/*
* Setup whatever necessary for a resumed transfer
@@ -5363,7 +4329,7 @@ static CURLcode create_conn(struct SessionHandle *data,
}
/* since we skip do_init() */
- do_init(conn);
+ Curl_init_do(data, conn);
goto out;
}
@@ -5375,26 +4341,60 @@ static CURLcode create_conn(struct SessionHandle *data,
strings in the session handle strings array!
Keep in mind that the pointers in the master copy are pointing to strings
- that will be freed as part of the SessionHandle struct, but all cloned
+ that will be freed as part of the Curl_easy struct, but all cloned
copies will be separately allocated.
*/
- data->set.ssl.CApath = data->set.str[STRING_SSL_CAPATH];
- data->set.ssl.CAfile = data->set.str[STRING_SSL_CAFILE];
- data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE];
- data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
- data->set.ssl.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
- data->set.ssl.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
- data->set.ssl.cipher_list = data->set.str[STRING_SSL_CIPHER_LIST];
+ data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_ORIG];
+ data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
+ data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_ORIG];
+ data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY];
+ data->set.ssl.primary.random_file = data->set.str[STRING_SSL_RANDOM_FILE];
+ data->set.proxy_ssl.primary.random_file =
+ data->set.str[STRING_SSL_RANDOM_FILE];
+ data->set.ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
+ data->set.proxy_ssl.primary.egdsocket = data->set.str[STRING_SSL_EGDSOCKET];
+ data->set.ssl.primary.cipher_list =
+ data->set.str[STRING_SSL_CIPHER_LIST_ORIG];
+ data->set.proxy_ssl.primary.cipher_list =
+ data->set.str[STRING_SSL_CIPHER_LIST_PROXY];
+
+ data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_ORIG];
+ data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY];
+ data->set.ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_ORIG];
+ data->set.proxy_ssl.issuercert = data->set.str[STRING_SSL_ISSUERCERT_PROXY];
+ data->set.ssl.cert = data->set.str[STRING_CERT_ORIG];
+ data->set.proxy_ssl.cert = data->set.str[STRING_CERT_PROXY];
+ data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE_ORIG];
+ data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
+ data->set.ssl.key = data->set.str[STRING_KEY_ORIG];
+ data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
+ data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE_ORIG];
+ data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
+ data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_ORIG];
+ data->set.proxy_ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_PROXY];
+ data->set.ssl.primary.clientcert = data->set.str[STRING_CERT_ORIG];
+ data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
#ifdef USE_TLS_SRP
- data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME];
- data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD];
+ data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_ORIG];
+ data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
+ data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_ORIG];
+ data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
#endif
- if(!Curl_clone_ssl_config(&data->set.ssl, &conn->ssl_config)) {
+ if(!Curl_clone_primary_ssl_config(&data->set.ssl.primary,
+ &conn->ssl_config)) {
result = CURLE_OUT_OF_MEMORY;
goto out;
}
+ if(!Curl_clone_primary_ssl_config(&data->set.proxy_ssl.primary,
+ &conn->proxy_ssl_config)) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ prune_dead_connections(data);
+
/*************************************************************
* Check the current list of connections to see if we can
* re-use an already existing one or if we have to create a
@@ -5408,12 +4408,12 @@ static CURLcode create_conn(struct SessionHandle *data,
if(data->set.reuse_fresh && !data->state.this_is_a_follow)
reuse = FALSE;
else
- reuse = ConnectionExists(data, conn, &conn_temp, &force_reuse);
+ reuse = ConnectionExists(data, conn, &conn_temp, &force_reuse, &waitpipe);
/* If we found a reusable connection, we may still want to
open a new connection if we are pipelining. */
if(reuse && !force_reuse && IsPipeliningPossible(data, conn_temp)) {
- size_t pipelen = conn_temp->send_pipe->size + conn_temp->recv_pipe->size;
+ size_t pipelen = conn_temp->send_pipe.size + conn_temp->recv_pipe.size;
if(pipelen > 0) {
infof(data, "Found connection %ld, with requests in the pipe (%zu)\n",
conn_temp->connection_id, pipelen);
@@ -5442,21 +4442,35 @@ static CURLcode create_conn(struct SessionHandle *data,
conn = conn_temp;
*in_connect = conn;
- /* set a pointer to the hostname we display */
- fix_hostname(data, conn, &conn->host);
-
- infof(data, "Re-using existing connection! (#%ld) with host %s\n",
+ infof(data, "Re-using existing connection! (#%ld) with %s %s\n",
conn->connection_id,
- conn->proxy.name?conn->proxy.dispname:conn->host.dispname);
+ conn->bits.proxy?"proxy":"host",
+ conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname :
+ conn->http_proxy.host.name ? conn->http_proxy.host.dispname :
+ conn->host.dispname);
}
else {
/* We have decided that we want a new connection. However, we may not
be able to do that if we have reached the limit of how many
connections we are allowed to open. */
- struct connectbundle *bundle;
+ struct connectbundle *bundle = NULL;
+
+ if(conn->handler->flags & PROTOPT_ALPN_NPN) {
+ /* The protocol wants it, so set the bits if enabled in the easy handle
+ (default) */
+ if(data->set.ssl_enable_alpn)
+ conn->bits.tls_enable_alpn = TRUE;
+ if(data->set.ssl_enable_npn)
+ conn->bits.tls_enable_npn = TRUE;
+ }
+
+ if(waitpipe)
+ /* There is a connection that *might* become usable for pipelining
+ "soon", and we wait for that */
+ connections_available = FALSE;
+ else
+ bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache);
- bundle = Curl_conncache_find_bundle(data->state.conn_cache,
- conn->host.name);
if(max_host_connections > 0 && bundle &&
(bundle->num_connections >= max_host_connections)) {
struct connectdata *conn_candidate;
@@ -5469,28 +4483,33 @@ static CURLcode create_conn(struct SessionHandle *data,
conn_candidate->data = data;
(void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
}
- else
- no_connections_available = TRUE;
+ else {
+ infof(data, "No more connections allowed to host: %d\n",
+ max_host_connections);
+ connections_available = FALSE;
+ }
}
- if(max_total_connections > 0 &&
+ if(connections_available &&
+ (max_total_connections > 0) &&
(data->state.conn_cache->num_connections >= max_total_connections)) {
struct connectdata *conn_candidate;
/* The cache is full. Let's see if we can kill a connection. */
- conn_candidate = find_oldest_idle_connection(data);
+ conn_candidate = Curl_conncache_oldest_idle(data);
if(conn_candidate) {
/* Set the connection's owner correctly, then kill it */
conn_candidate->data = data;
(void)Curl_disconnect(conn_candidate, /* dead_connection */ FALSE);
}
- else
- no_connections_available = TRUE;
+ else {
+ infof(data, "No connections available in cache\n");
+ connections_available = FALSE;
+ }
}
-
- if(no_connections_available) {
+ if(!connections_available) {
infof(data, "No connections available.\n");
conn_free(conn);
@@ -5504,15 +4523,34 @@ static CURLcode create_conn(struct SessionHandle *data,
* This is a brand new connection, so let's store it in the connection
* cache of ours!
*/
- ConnectionStore(data, conn);
+ Curl_conncache_add_conn(data->state.conn_cache, conn);
}
+
+#if defined(USE_NTLM)
+ /* If NTLM is requested in a part of this connection, make sure we don't
+ assume the state is fine as this is a fresh connection and NTLM is
+ connection based. */
+ if((data->state.authhost.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+ data->state.authhost.done) {
+ infof(data, "NTLM picked AND auth done set, clear picked!\n");
+ data->state.authhost.picked = CURLAUTH_NONE;
+ data->state.authhost.done = FALSE;
+ }
+
+ if((data->state.authproxy.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) &&
+ data->state.authproxy.done) {
+ infof(data, "NTLM-proxy picked AND auth done set, clear picked!\n");
+ data->state.authproxy.picked = CURLAUTH_NONE;
+ data->state.authproxy.done = FALSE;
+ }
+#endif
}
/* Mark the connection as used */
conn->inuse = TRUE;
/* Setup and init stuff before DO starts, in preparing for the transfer. */
- do_init(conn);
+ Curl_init_do(data, conn);
/*
* Setup whatever necessary for a resumed transfer
@@ -5527,8 +4565,6 @@ static CURLcode create_conn(struct SessionHandle *data,
* Inherit the proper values from the urldata struct AFTER we have arranged
* the persistent connection stuff
*/
- conn->fread_func = data->set.fread_func;
- conn->fread_in = data->set.in;
conn->seek_func = data->set.seek_func;
conn->seek_client = data->set.seek_client;
@@ -5537,12 +4573,11 @@ static CURLcode create_conn(struct SessionHandle *data,
*************************************************************/
result = resolve_server(data, conn, async);
- out:
+out:
- Curl_safefree(options);
- Curl_safefree(passwd);
- Curl_safefree(user);
- Curl_safefree(proxy);
+ free(options);
+ free(passwd);
+ free(user);
return result;
}
@@ -5558,7 +4593,7 @@ CURLcode Curl_setup_conn(struct connectdata *conn,
bool *protocol_done)
{
CURLcode result = CURLE_OK;
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
Curl_pgrsTime(data, TIMER_NAMELOOKUP);
@@ -5596,58 +4631,24 @@ CURLcode Curl_setup_conn(struct connectdata *conn,
/* set start time here for timeout purposes in the connect procedure, it
is later set again for the progress meter purpose */
- conn->now = Curl_tvnow();
-
- for(;;) {
- /* loop for CURL_SERVER_CLOSED_CONNECTION */
-
- if(CURL_SOCKET_BAD == conn->sock[FIRSTSOCKET]) {
- /* Try to connect only if not already connected */
- bool connected = FALSE;
-
- result = ConnectPlease(data, conn, &connected);
-
- if(result && !conn->ip_addr) {
- /* transport connection failure not related with authentication */
- conn->bits.tcpconnect[FIRSTSOCKET] = FALSE;
- return result;
- }
-
- if(connected) {
- result = Curl_protocol_connect(conn, protocol_done);
- if(CURLE_OK == result)
- conn->bits.tcpconnect[FIRSTSOCKET] = TRUE;
- }
- else
- conn->bits.tcpconnect[FIRSTSOCKET] = FALSE;
-
- /* if the connection was closed by the server while exchanging
- authentication informations, retry with the new set
- authentication information */
- if(conn->bits.proxy_connect_closed) {
- /* reset the error buffer */
- if(data->set.errorbuffer)
- data->set.errorbuffer[0] = '\0';
- data->state.errorbuf = FALSE;
- continue;
- }
+ conn->now = Curl_now();
- if(CURLE_OK != result)
- return result;
- }
- else {
- Curl_pgrsTime(data, TIMER_CONNECT); /* we're connected already */
- Curl_pgrsTime(data, TIMER_APPCONNECT); /* we're connected already */
- conn->bits.tcpconnect[FIRSTSOCKET] = TRUE;
- *protocol_done = TRUE;
- Curl_verboseconnect(conn);
- Curl_updateconninfo(conn, conn->sock[FIRSTSOCKET]);
- }
- /* Stop the loop now */
- break;
+ if(CURL_SOCKET_BAD == conn->sock[FIRSTSOCKET]) {
+ conn->bits.tcpconnect[FIRSTSOCKET] = FALSE;
+ result = Curl_connecthost(conn, conn->dns_entry);
+ if(result)
+ return result;
+ }
+ else {
+ Curl_pgrsTime(data, TIMER_CONNECT); /* we're connected already */
+ Curl_pgrsTime(data, TIMER_APPCONNECT); /* we're connected already */
+ conn->bits.tcpconnect[FIRSTSOCKET] = TRUE;
+ *protocol_done = TRUE;
+ Curl_updateconninfo(conn, conn->sock[FIRSTSOCKET]);
+ Curl_verboseconnect(conn);
}
- conn->now = Curl_tvnow(); /* time this *after* the connect is done, we
+ conn->now = Curl_now(); /* time this *after* the connect is done, we
set this here perhaps a second time */
#ifdef __EMX__
@@ -5666,182 +4667,71 @@ CURLcode Curl_setup_conn(struct connectdata *conn,
return result;
}
-CURLcode Curl_connect(struct SessionHandle *data,
+CURLcode Curl_connect(struct Curl_easy *data,
struct connectdata **in_connect,
bool *asyncp,
bool *protocol_done)
{
- CURLcode code;
+ CURLcode result;
*asyncp = FALSE; /* assume synchronous resolves by default */
/* call the stuff that needs to be called */
- code = create_conn(data, in_connect, asyncp);
+ result = create_conn(data, in_connect, asyncp);
- if(CURLE_OK == code) {
+ if(!result) {
/* no error */
- if((*in_connect)->send_pipe->size || (*in_connect)->recv_pipe->size)
+ if((*in_connect)->send_pipe.size || (*in_connect)->recv_pipe.size)
/* pipelining */
*protocol_done = TRUE;
else if(!*asyncp) {
/* DNS resolution is done: that's either because this is a reused
connection, in which case DNS was unnecessary, or because DNS
really did finish already (synch resolver/fast async resolve) */
- code = Curl_setup_conn(*in_connect, protocol_done);
+ result = Curl_setup_conn(*in_connect, protocol_done);
}
}
- if(code == CURLE_NO_CONNECTION_AVAILABLE) {
+ if(result == CURLE_NO_CONNECTION_AVAILABLE) {
*in_connect = NULL;
- return code;
+ return result;
}
- if(code && *in_connect) {
+ if(result && *in_connect) {
/* We're not allowed to return failure with memory left allocated
in the connectdata struct, free those here */
Curl_disconnect(*in_connect, FALSE); /* close the connection */
*in_connect = NULL; /* return a NULL */
}
- return code;
-}
-
-CURLcode Curl_done(struct connectdata **connp,
- CURLcode status, /* an error if this is called after an
- error was detected */
- bool premature)
-{
- CURLcode result;
- struct connectdata *conn;
- struct SessionHandle *data;
-
- DEBUGASSERT(*connp);
-
- conn = *connp;
- data = conn->data;
-
- if(conn->bits.done)
- /* Stop if Curl_done() has already been called */
- return CURLE_OK;
-
- Curl_getoff_all_pipelines(data, conn);
-
- if((conn->send_pipe->size + conn->recv_pipe->size != 0 &&
- !data->set.reuse_forbid &&
- !conn->bits.close))
- /* Stop if pipeline is not empty and we do not have to close
- connection. */
- return CURLE_OK;
-
- conn->bits.done = TRUE; /* called just now! */
-
- /* Cleanup possible redirect junk */
- if(data->req.newurl) {
- free(data->req.newurl);
- data->req.newurl = NULL;
- }
- if(data->req.location) {
- free(data->req.location);
- data->req.location = NULL;
- }
-
- Curl_resolver_cancel(conn);
-
- if(conn->dns_entry) {
- Curl_resolv_unlock(data, conn->dns_entry); /* done with this */
- conn->dns_entry = NULL;
- }
-
- switch(status) {
- case CURLE_ABORTED_BY_CALLBACK:
- case CURLE_READ_ERROR:
- case CURLE_WRITE_ERROR:
- /* When we're aborted due to a callback return code it basically have to
- be counted as premature as there is trouble ahead if we don't. We have
- many callbacks and protocols work differently, we could potentially do
- this more fine-grained in the future. */
- premature = TRUE;
- default:
- break;
- }
-
- /* this calls the protocol-specific function pointer previously set */
- if(conn->handler->done)
- result = conn->handler->done(conn, status, premature);
- else
- result = CURLE_OK;
-
- if(Curl_pgrsDone(conn) && !result)
- result = CURLE_ABORTED_BY_CALLBACK;
-
- /* if the transfer was completed in a paused state there can be buffered
- data left to write and then kill */
- if(data->state.tempwrite) {
- free(data->state.tempwrite);
- data->state.tempwrite = NULL;
- }
-
- /* if data->set.reuse_forbid is TRUE, it means the libcurl client has
- forced us to close this no matter what we think.
-
- if conn->bits.close is TRUE, it means that the connection should be
- closed in spite of all our efforts to be nice, due to protocol
- restrictions in our or the server's end
-
- if premature is TRUE, it means this connection was said to be DONE before
- the entire request operation is complete and thus we can't know in what
- state it is for re-using, so we're forced to close it. In a perfect world
- we can add code that keep track of if we really must close it here or not,
- but currently we have no such detail knowledge.
- */
- if(data->set.reuse_forbid || conn->bits.close || premature) {
- CURLcode res2 = Curl_disconnect(conn, premature); /* close connection */
-
- /* If we had an error already, make sure we return that one. But
- if we got a new error, return that. */
- if(!result && res2)
- result = res2;
- }
- else {
- /* the connection is no longer in use */
- if(ConnectionDone(data, conn)) {
- /* remember the most recently used connection */
- data->state.lastconnect = conn;
-
- infof(data, "Connection #%ld to host %s left intact\n",
- conn->connection_id,
- conn->bits.httpproxy?conn->proxy.dispname:conn->host.dispname);
- }
- else
- data->state.lastconnect = NULL;
- }
-
- *connp = NULL; /* to make the caller of this function better detect that
- this was either closed or handed over to the connection
- cache here, and therefore cannot be used from this point on
- */
- Curl_free_request_state(data);
-
return result;
}
/*
- * do_init() inits the readwrite session. This is inited each time (in the DO
- * function before the protocol-specific DO functions are invoked) for a
- * transfer, sometimes multiple times on the same SessionHandle. Make sure
+ * Curl_init_do() inits the readwrite session. This is inited each time (in
+ * the DO function before the protocol-specific DO functions are invoked) for
+ * a transfer, sometimes multiple times on the same Curl_easy. Make sure
* nothing in here depends on stuff that are setup dynamically for the
* transfer.
+ *
+ * Allow this function to get called with 'conn' set to NULL.
*/
-static CURLcode do_init(struct connectdata *conn)
+CURLcode Curl_init_do(struct Curl_easy *data, struct connectdata *conn)
{
- struct SessionHandle *data = conn->data;
struct SingleRequest *k = &data->req;
- conn->bits.done = FALSE; /* Curl_done() is not called yet */
- conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */
+ conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to
+ use */
+
+ data->state.done = FALSE; /* *_done() is not called yet */
data->state.expect100header = FALSE;
+ /* if the protocol used doesn't support wildcards, switch it off */
+ if(data->state.wildcardmatch &&
+ !(conn->handler->flags & PROTOPT_WILDCARD))
+ data->state.wildcardmatch = FALSE;
+
if(data->set.opt_no_body)
/* in HTTP lingo, no body means using the HEAD request... */
data->set.httpreq = HTTPREQ_HEAD;
@@ -5853,16 +4743,15 @@ static CURLcode do_init(struct connectdata *conn)
HTTP. */
data->set.httpreq = HTTPREQ_GET;
- k->start = Curl_tvnow(); /* start time */
+ k->start = Curl_now(); /* start time */
k->now = k->start; /* current time is now */
k->header = TRUE; /* assume header */
k->bytecount = 0;
k->buf = data->state.buffer;
- k->uploadbuf = data->state.uploadbuffer;
k->hbufp = data->state.headerbuff;
- k->ignorebody=FALSE;
+ k->ignorebody = FALSE;
Curl_speedinit(data);
@@ -5873,81 +4762,111 @@ static CURLcode do_init(struct connectdata *conn)
}
/*
- * do_complete is called when the DO actions are complete.
- *
- * We init chunking and trailer bits to their default values here immediately
- * before receiving any header data for the current request in the pipeline.
- */
-static void do_complete(struct connectdata *conn)
-{
- conn->data->req.chunk=FALSE;
- conn->data->req.maxfd = (conn->sockfd>conn->writesockfd?
- conn->sockfd:conn->writesockfd)+1;
- Curl_pgrsTime(conn->data, TIMER_PRETRANSFER);
-}
+* get_protocol_family()
+*
+* This is used to return the protocol family for a given protocol.
+*
+* Parameters:
+*
+* protocol [in] - A single bit protocol identifier such as HTTP or HTTPS.
+*
+* Returns the family as a single bit protocol identifier.
+*/
-CURLcode Curl_do(struct connectdata **connp, bool *done)
+static unsigned int get_protocol_family(unsigned int protocol)
{
- CURLcode result=CURLE_OK;
- struct connectdata *conn = *connp;
- struct SessionHandle *data = conn->data;
+ unsigned int family;
- if(conn->handler->do_it) {
- /* generic protocol-specific function pointer set in curl_connect() */
- result = conn->handler->do_it(conn, done);
+ switch(protocol) {
+ case CURLPROTO_HTTP:
+ case CURLPROTO_HTTPS:
+ family = CURLPROTO_HTTP;
+ break;
- /* This was formerly done in transfer.c, but we better do it here */
- if((CURLE_SEND_ERROR == result) && conn->bits.reuse) {
- /*
- * If the connection is using an easy handle, call reconnect
- * to re-establish the connection. Otherwise, let the multi logic
- * figure out how to re-establish the connection.
- */
- if(!data->multi) {
- result = Curl_reconnect_request(connp);
-
- if(result == CURLE_OK) {
- /* ... finally back to actually retry the DO phase */
- conn = *connp; /* re-assign conn since Curl_reconnect_request
- creates a new connection */
- result = conn->handler->do_it(conn, done);
- }
- }
- else
- return result;
- }
+ case CURLPROTO_FTP:
+ case CURLPROTO_FTPS:
+ family = CURLPROTO_FTP;
+ break;
- if((result == CURLE_OK) && *done)
- /* do_complete must be called after the protocol-specific DO function */
- do_complete(conn);
- }
- return result;
-}
+ case CURLPROTO_SCP:
+ family = CURLPROTO_SCP;
+ break;
-/*
- * Curl_do_more() is called during the DO_MORE multi state. It is basically a
- * second stage DO state which (wrongly) was introduced to support FTP's
- * second connection.
- *
- * TODO: A future libcurl should be able to work away this state.
- *
- * 'complete' can return 0 for incomplete, 1 for done and -1 for go back to
- * DOING state there's more work to do!
- */
+ case CURLPROTO_SFTP:
+ family = CURLPROTO_SFTP;
+ break;
-CURLcode Curl_do_more(struct connectdata *conn, int *complete)
-{
- CURLcode result=CURLE_OK;
+ case CURLPROTO_TELNET:
+ family = CURLPROTO_TELNET;
+ break;
+
+ case CURLPROTO_LDAP:
+ case CURLPROTO_LDAPS:
+ family = CURLPROTO_LDAP;
+ break;
- *complete = 0;
+ case CURLPROTO_DICT:
+ family = CURLPROTO_DICT;
+ break;
- if(conn->handler->do_more)
- result = conn->handler->do_more(conn, complete);
+ case CURLPROTO_FILE:
+ family = CURLPROTO_FILE;
+ break;
- if(!result && (*complete == 1))
- /* do_complete must be called after the protocol-specific DO function */
- do_complete(conn);
+ case CURLPROTO_TFTP:
+ family = CURLPROTO_TFTP;
+ break;
- return result;
-}
+ case CURLPROTO_IMAP:
+ case CURLPROTO_IMAPS:
+ family = CURLPROTO_IMAP;
+ break;
+
+ case CURLPROTO_POP3:
+ case CURLPROTO_POP3S:
+ family = CURLPROTO_POP3;
+ break;
+ case CURLPROTO_SMTP:
+ case CURLPROTO_SMTPS:
+ family = CURLPROTO_SMTP;
+ break;
+
+ case CURLPROTO_RTSP:
+ family = CURLPROTO_RTSP;
+ break;
+
+ case CURLPROTO_RTMP:
+ case CURLPROTO_RTMPS:
+ family = CURLPROTO_RTMP;
+ break;
+
+ case CURLPROTO_RTMPT:
+ case CURLPROTO_RTMPTS:
+ family = CURLPROTO_RTMPT;
+ break;
+
+ case CURLPROTO_RTMPE:
+ family = CURLPROTO_RTMPE;
+ break;
+
+ case CURLPROTO_RTMPTE:
+ family = CURLPROTO_RTMPTE;
+ break;
+
+ case CURLPROTO_GOPHER:
+ family = CURLPROTO_GOPHER;
+ break;
+
+ case CURLPROTO_SMB:
+ case CURLPROTO_SMBS:
+ family = CURLPROTO_SMB;
+ break;
+
+ default:
+ family = 0;
+ break;
+ }
+
+ return family;
+}
diff --git a/libs/libcurl/src/url.h b/libs/libcurl/src/url.h
index 418413c484..5dd04fdff7 100644
--- a/libs/libcurl/src/url.h
+++ b/libs/libcurl/src/url.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,29 +23,31 @@
***************************************************************************/
#include "curl_setup.h"
+#define READBUFFER_SIZE CURL_MAX_WRITE_SIZE
+#define READBUFFER_MAX CURL_MAX_READ_SIZE
+#define READBUFFER_MIN 1024
+
/*
* Prototypes for library-wide functions provided by url.c
*/
-CURLcode Curl_open(struct SessionHandle **curl);
+CURLcode Curl_init_do(struct Curl_easy *data, struct connectdata *conn);
+CURLcode Curl_open(struct Curl_easy **curl);
CURLcode Curl_init_userdefined(struct UserDefined *set);
-CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
+CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
va_list arg);
-CURLcode Curl_dupset(struct SessionHandle * dst, struct SessionHandle * src);
-void Curl_freeset(struct SessionHandle * data);
-CURLcode Curl_close(struct SessionHandle *data); /* opposite of curl_open() */
-CURLcode Curl_connect(struct SessionHandle *, struct connectdata **,
+CURLcode Curl_dupset(struct Curl_easy * dst, struct Curl_easy * src);
+void Curl_freeset(struct Curl_easy * data);
+CURLcode Curl_close(struct Curl_easy *data); /* opposite of curl_open() */
+CURLcode Curl_connect(struct Curl_easy *, struct connectdata **,
bool *async, bool *protocol_connect);
-CURLcode Curl_do(struct connectdata **, bool *done);
-CURLcode Curl_do_more(struct connectdata *, int *completed);
-CURLcode Curl_done(struct connectdata **, CURLcode, bool premature);
CURLcode Curl_disconnect(struct connectdata *, bool dead_connection);
CURLcode Curl_protocol_connect(struct connectdata *conn, bool *done);
CURLcode Curl_protocol_connecting(struct connectdata *conn, bool *done);
CURLcode Curl_protocol_doing(struct connectdata *conn, bool *done);
CURLcode Curl_setup_conn(struct connectdata *conn,
bool *protocol_done);
-void Curl_free_request_state(struct SessionHandle *data);
+void Curl_free_request_state(struct Curl_easy *data);
int Curl_protocol_getsock(struct connectdata *conn,
curl_socket_t *socks,
@@ -53,24 +55,26 @@ int Curl_protocol_getsock(struct connectdata *conn,
int Curl_doing_getsock(struct connectdata *conn,
curl_socket_t *socks,
int numsocks);
-
-bool Curl_isPipeliningEnabled(const struct SessionHandle *handle);
-CURLcode Curl_addHandleToPipeline(struct SessionHandle *handle,
+CURLcode Curl_parse_login_details(const char *login, const size_t len,
+ char **userptr, char **passwdptr,
+ char **optionsptr);
+bool Curl_isPipeliningEnabled(const struct Curl_easy *handle);
+CURLcode Curl_addHandleToPipeline(struct Curl_easy *handle,
struct curl_llist *pipeline);
-int Curl_removeHandleFromPipeline(struct SessionHandle *handle,
+int Curl_removeHandleFromPipeline(struct Curl_easy *handle,
struct curl_llist *pipeline);
/* remove the specified connection from all (possible) pipelines and related
queues */
-void Curl_getoff_all_pipelines(struct SessionHandle *data,
+void Curl_getoff_all_pipelines(struct Curl_easy *data,
struct connectdata *conn);
-void Curl_close_connections(struct SessionHandle *data);
+void Curl_close_connections(struct Curl_easy *data);
#define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */
-#define CURL_DEFAULT_SOCKS5_GSSAPI_SERVICE "rcmd" /* default socks5 gssapi
- service */
+#define CURL_DEFAULT_HTTPS_PROXY_PORT 443 /* default https proxy port unless
+ specified */
-CURLcode Curl_connected_proxy(struct connectdata *conn);
+CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex);
#ifdef CURL_DISABLE_VERBOSE_STRINGS
#define Curl_verboseconnect(x) Curl_nop_stmt
@@ -78,5 +82,16 @@ CURLcode Curl_connected_proxy(struct connectdata *conn);
void Curl_verboseconnect(struct connectdata *conn);
#endif
+#define CONNECT_PROXY_SSL()\
+ (conn->http_proxy.proxytype == CURLPROXY_HTTPS &&\
+ !conn->bits.proxy_ssl_connected[sockindex])
+
+#define CONNECT_FIRSTSOCKET_PROXY_SSL()\
+ (conn->http_proxy.proxytype == CURLPROXY_HTTPS &&\
+ !conn->bits.proxy_ssl_connected[FIRSTSOCKET])
+
+#define CONNECT_SECONDARYSOCKET_PROXY_SSL()\
+ (conn->http_proxy.proxytype == CURLPROXY_HTTPS &&\
+ !conn->bits.proxy_ssl_connected[SECONDARYSOCKET])
#endif /* HEADER_CURL_URL_H */
diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h
index ebaaf6ff4f..edd1fd9ac0 100644
--- a/libs/libcurl/src/urldata.h
+++ b/libs/libcurl/src/urldata.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -40,6 +40,8 @@
#define PORT_IMAPS 993
#define PORT_POP3 110
#define PORT_POP3S 995
+#define PORT_SMB 445
+#define PORT_SMBS 445
#define PORT_SMTP 25
#define PORT_SMTPS 465 /* sometimes called SSMTP */
#define PORT_RTSP 554
@@ -58,6 +60,15 @@
#define CURL_DEFAULT_USER "anonymous"
#define CURL_DEFAULT_PASSWORD "ftp@example.com"
+/* Convenience defines for checking protocols or their SSL based version. Each
+ protocol handler should only ever have a single CURLPROTO_ in its protocol
+ field. */
+#define PROTO_FAMILY_HTTP (CURLPROTO_HTTP|CURLPROTO_HTTPS)
+#define PROTO_FAMILY_FTP (CURLPROTO_FTP|CURLPROTO_FTPS)
+#define PROTO_FAMILY_POP3 (CURLPROTO_POP3|CURLPROTO_POP3S)
+#define PROTO_FAMILY_SMB (CURLPROTO_SMB|CURLPROTO_SMBS)
+#define PROTO_FAMILY_SMTP (CURLPROTO_SMTP|CURLPROTO_SMTPS)
+
#define DEFAULT_CONNCACHE_SIZE 5
/* length of longest IPv6 address string including the trailing null */
@@ -71,107 +82,12 @@
#include "cookie.h"
#include "formdata.h"
-#ifdef USE_SSLEAY
-#ifdef USE_OPENSSL
-#include <openssl/rsa.h>
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
-#endif
-#ifdef HAVE_OPENSSL_PKCS12_H
-#include <openssl/pkcs12.h>
-#endif
-#else /* SSLeay-style includes */
-#include <rsa.h>
-#include <crypto.h>
-#include <x509.h>
-#include <pem.h>
-#include <ssl.h>
-#include <err.h>
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <engine.h>
-#endif
-#ifdef HAVE_OPENSSL_PKCS12_H
-#include <pkcs12.h>
-#endif
-#endif /* USE_OPENSSL */
-#ifdef USE_GNUTLS
-#error Configuration error; cannot use GnuTLS *and* OpenSSL.
-#endif
-#endif /* USE_SSLEAY */
-
-#ifdef USE_GNUTLS
-#include <gnutls/gnutls.h>
-#endif
-
-#ifdef USE_POLARSSL
-#include <polarssl/ssl.h>
-#include <polarssl/version.h>
-#if POLARSSL_VERSION_NUMBER<0x01010000
-#include <polarssl/havege.h>
-#else
-#include <polarssl/entropy.h>
-#include <polarssl/ctr_drbg.h>
-#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
-#endif /* USE_POLARSSL */
-
-#ifdef USE_CYASSL
-#undef OCSP_REQUEST /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */
-#undef OCSP_RESPONSE /* avoid cyassl/openssl/ssl.h clash with wincrypt.h */
-#include <cyassl/openssl/ssl.h>
-#endif
-
-#ifdef USE_NSS
-#include <nspr.h>
-#include <pk11pub.h>
-#endif
-
-#ifdef USE_QSOSSL
-#include <qsossl.h>
-#endif
-
-#ifdef USE_GSKIT
-#include <gskssl.h>
-#endif
-
-#ifdef USE_AXTLS
-#include <axTLS/ssl.h>
-#undef malloc
-#undef calloc
-#undef realloc
-#endif /* USE_AXTLS */
-
-#ifdef USE_SCHANNEL
-#include "curl_sspi.h"
-#include <schnlsp.h>
-#include <schannel.h>
-#endif
-
-#ifdef USE_DARWINSSL
-#include <Security/Security.h>
-/* For some reason, when building for iOS, the omnibus header above does
- * not include SecureTransport.h as of iOS SDK 5.1. */
-#include <Security/SecureTransport.h>
-#endif
-
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#include "timeval.h"
-#ifdef HAVE_ZLIB_H
-#include <zlib.h> /* for content-encoding */
-#ifdef __SYMBIAN32__
-/* zlib pollutes the namespace with this definition */
-#undef WIN32
-#endif
-#endif
-
#include <curl/curl.h>
#include "http_chunks.h" /* for the structs and enum stuff */
@@ -179,6 +95,7 @@
#include "hash.h"
#include "splay.h"
+#include "mime.h"
#include "imap.h"
#include "pop3.h"
#include "smtp.h"
@@ -187,6 +104,7 @@
#include "ssh.h"
#include "http.h"
#include "rtsp.h"
+#include "smb.h"
#include "wildcard.h"
#include "multihandle.h"
@@ -206,22 +124,26 @@
#include <libssh2_sftp.h>
#endif /* HAVE_LIBSSH2_H */
-/* Download buffer size, keep it fairly big for speed reasons */
-#undef BUFSIZE
-#define BUFSIZE CURL_MAX_WRITE_SIZE
+/* The upload buffer size, should not be smaller than CURL_MAX_WRITE_SIZE, as
+ it needs to hold a full buffer as could be sent in a write callback */
+#define UPLOAD_BUFSIZE CURL_MAX_WRITE_SIZE
+
+/* The "master buffer" is for HTTP pipelining */
+#define MASTERBUF_SIZE 16384
/* Initial size of the buffer to store headers in, it'll be enlarged in case
of need. */
#define HEADERSIZE 256
#define CURLEASY_MAGIC_NUMBER 0xc0dedbadU
+#define GOOD_EASY_HANDLE(x) \
+ ((x) && ((x)->magic == CURLEASY_MAGIC_NUMBER))
/* Some convenience macros to get the larger/smaller value out of two given.
We prefix with CURL to prevent name collisions. */
#define CURLMAX(x,y) ((x)>(y)?(x):(y))
#define CURLMIN(x,y) ((x)<(y)?(x):(y))
-
#ifdef HAVE_GSSAPI
/* Types needed for krb5-ftp connections */
struct krb5buffer {
@@ -242,21 +164,6 @@ enum protection_level {
};
#endif
-#ifdef USE_SCHANNEL
-/* Structs to store Schannel handles */
-struct curl_schannel_cred {
- CredHandle cred_handle;
- TimeStamp time_stamp;
- int refcount;
- bool cached;
-};
-
-struct curl_schannel_ctxt {
- CtxtHandle ctxt_handle;
- TimeStamp time_stamp;
-};
-#endif
-
/* enum for the nonblocking SSL connection state machine */
typedef enum {
ssl_connect_1,
@@ -273,6 +180,9 @@ typedef enum {
ssl_connection_complete
} ssl_connection_state;
+/* SSL backend-specific data; declared differently by each SSL backend */
+struct ssl_backend_data;
+
/* struct for data related to each SSL connection */
struct ssl_connect_data {
/* Use ssl encrypted communications TRUE/FALSE, not necessarily using it atm
@@ -280,100 +190,45 @@ struct ssl_connect_data {
current state of the connection. */
bool use;
ssl_connection_state state;
-#ifdef USE_SSLEAY
- /* these ones requires specific SSL-types */
- SSL_CTX* ctx;
- SSL* handle;
- X509* server_cert;
ssl_connect_state connecting_state;
-#endif /* USE_SSLEAY */
-#ifdef USE_GNUTLS
- gnutls_session session;
- gnutls_certificate_credentials cred;
-#ifdef USE_TLS_SRP
- gnutls_srp_client_credentials srp_client_cred;
+#if defined(USE_SSL)
+ struct ssl_backend_data *backend;
#endif
- ssl_connect_state connecting_state;
-#endif /* USE_GNUTLS */
-#ifdef USE_POLARSSL
-#if POLARSSL_VERSION_NUMBER<0x01010000
- havege_state hs;
-#else
- /* from v1.1.0, use ctr_drbg and entropy */
- ctr_drbg_context ctr_drbg;
- entropy_context entropy;
-#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
- ssl_context ssl;
- ssl_session ssn;
- int server_fd;
- x509_cert cacert;
- x509_cert clicert;
- x509_crl crl;
- rsa_context rsa;
- ssl_connect_state connecting_state;
-#endif /* USE_POLARSSL */
-#ifdef USE_CYASSL
- SSL_CTX* ctx;
- SSL* handle;
- ssl_connect_state connecting_state;
-#endif /* USE_CYASSL */
-#ifdef USE_NSS
- PRFileDesc *handle;
- char *client_nickname;
- struct SessionHandle *data;
- struct curl_llist *obj_list;
- PK11GenericObject *obj_clicert;
-#endif /* USE_NSS */
-#ifdef USE_QSOSSL
- SSLHandle *handle;
-#endif /* USE_QSOSSL */
-#ifdef USE_GSKIT
- gsk_handle handle;
- int iocport;
- ssl_connect_state connecting_state;
-#endif
-#ifdef USE_AXTLS
- SSL_CTX* ssl_ctx;
- SSL* ssl;
- ssl_connect_state connecting_state;
-#endif /* USE_AXTLS */
-#ifdef USE_SCHANNEL
- struct curl_schannel_cred *cred;
- struct curl_schannel_ctxt *ctxt;
- SecPkgContext_StreamSizes stream_sizes;
- ssl_connect_state connecting_state;
- size_t encdata_length, decdata_length;
- size_t encdata_offset, decdata_offset;
- unsigned char *encdata_buffer, *decdata_buffer;
- unsigned long req_flags, ret_flags;
-#endif /* USE_SCHANNEL */
-#ifdef USE_DARWINSSL
- SSLContextRef ssl_ctx;
- curl_socket_t ssl_sockfd;
- ssl_connect_state connecting_state;
- bool ssl_direction; /* true if writing, false if reading */
- size_t ssl_write_buffered_length;
-#endif /* USE_DARWINSSL */
};
-struct ssl_config_data {
+struct ssl_primary_config {
long version; /* what version the client wants to use */
- long certverifyresult; /* result from the certificate verification */
-
+ long version_max; /* max supported version the client wants to use*/
bool verifypeer; /* set TRUE if this is desired */
bool verifyhost; /* set TRUE if CN/SAN must match hostname */
+ bool verifystatus; /* set TRUE if certificate status must be checked */
+ bool sessionid; /* cache session IDs or not */
char *CApath; /* certificate dir (doesn't work on windows) */
char *CAfile; /* certificate to verify peer against */
- const char *CRLfile; /* CRL to check certificate revocation */
- const char *issuercert;/* optional issuer certificate filename */
+ char *clientcert;
char *random_file; /* path to file containing "random" data */
char *egdsocket; /* path to file containing the EGD daemon socket */
char *cipher_list; /* list of ciphers to use */
- size_t max_ssl_sessions; /* SSL session id cache size */
+};
+
+struct ssl_config_data {
+ struct ssl_primary_config primary;
+ bool enable_beast; /* especially allow this flaw for interoperability's
+ sake*/
+ bool no_revoke; /* disable SSL certificate revocation checks */
+ long certverifyresult; /* result from the certificate verification */
+ char *CRLfile; /* CRL to check certificate revocation */
+ char *issuercert;/* optional issuer certificate filename */
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
void *fsslctxp; /* parameter for call back */
- bool sessionid; /* cache session IDs or not */
bool certinfo; /* gather lots of certificate info */
+ bool falsestart;
+
+ char *cert; /* client certificate file name */
+ char *cert_type; /* format for certificate (default: PEM)*/
+ char *key; /* private key file name */
+ char *key_type; /* format for private key (default: PEM) */
+ char *key_passwd; /* plain text private key password */
#ifdef USE_TLS_SRP
char *username; /* TLS username (for, e.g., SRP) */
@@ -382,18 +237,38 @@ struct ssl_config_data {
#endif
};
+struct ssl_general_config {
+ size_t max_ssl_sessions; /* SSL session id cache size */
+};
+
/* information stored about one single SSL session */
struct curl_ssl_session {
char *name; /* host name for which this ID was used */
+ char *conn_to_host; /* host name for the connection (may be NULL) */
+ const char *scheme; /* protocol scheme used */
void *sessionid; /* as returned from the SSL layer */
size_t idsize; /* if known, otherwise 0 */
long age; /* just a number, the higher the more recent */
- unsigned short remote_port; /* remote port to connect to */
- struct ssl_config_data ssl_config; /* setup for this session */
+ int remote_port; /* remote port */
+ int conn_to_port; /* remote port for the connection (may be -1) */
+ struct ssl_primary_config ssl_config; /* setup for this session */
};
+#ifdef USE_WINDOWS_SSPI
+#include "curl_sspi.h"
+#endif
+
/* Struct used for Digest challenge-response authentication */
struct digestdata {
+#if defined(USE_WINDOWS_SSPI)
+ BYTE *input_token;
+ size_t input_token_len;
+ CtxtHandle *http_context;
+ /* copy of user/passwd used to make the identity for http_context.
+ either may be NULL. */
+ char *user;
+ char *passwd;
+#else
char *nonce;
char *cnonce;
char *realm;
@@ -403,6 +278,8 @@ struct digestdata {
char *qop;
char *algorithm;
int nc; /* nounce count */
+ bool userhash;
+#endif
};
typedef enum {
@@ -413,50 +290,69 @@ typedef enum {
NTLMSTATE_LAST
} curlntlm;
-#ifdef USE_WINDOWS_SSPI
-#include "curl_sspi.h"
-#endif
-
#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
#include <iconv.h>
#endif
+/* Struct used for GSSAPI (Kerberos V5) authentication */
+#if defined(USE_KERBEROS5)
+struct kerberos5data {
+#if defined(USE_WINDOWS_SSPI)
+ CredHandle *credentials;
+ CtxtHandle *context;
+ TCHAR *spn;
+ SEC_WINNT_AUTH_IDENTITY identity;
+ SEC_WINNT_AUTH_IDENTITY *p_identity;
+ size_t token_max;
+ BYTE *output_token;
+#else
+ gss_ctx_id_t context;
+ gss_name_t spn;
+#endif
+};
+#endif
+
/* Struct used for NTLM challenge-response authentication */
+#if defined(USE_NTLM)
struct ntlmdata {
curlntlm state;
#ifdef USE_WINDOWS_SSPI
- CredHandle handle;
- CtxtHandle c_handle;
+ CredHandle *credentials;
+ CtxtHandle *context;
SEC_WINNT_AUTH_IDENTITY identity;
SEC_WINNT_AUTH_IDENTITY *p_identity;
- int has_handles;
- void *type_2;
- unsigned long n_type_2;
+ size_t token_max;
+ BYTE *output_token;
+ BYTE *input_token;
+ size_t input_token_len;
#else
unsigned int flags;
unsigned char nonce[8];
+ void *target_info; /* TargetInfo received in the ntlm type-2 message */
+ unsigned int target_info_len;
#endif
};
+#endif
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata {
- /* when doing Negotiate we first need to receive an auth token and then we
- need to send our header */
+ /* When doing Negotiate (SPNEGO) auth, we first need to send a token
+ and then validate the received one. */
enum { GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT } state;
- bool gss; /* Whether we're processing GSS-Negotiate or Negotiate */
- const char* protocol; /* "GSS-Negotiate" or "Negotiate" */
#ifdef HAVE_GSSAPI
OM_uint32 status;
gss_ctx_id_t context;
- gss_name_t server_name;
+ gss_name_t spn;
gss_buffer_desc output_token;
#else
#ifdef USE_WINDOWS_SSPI
DWORD status;
- CtxtHandle *context;
CredHandle *credentials;
- char server_name[1024];
- size_t max_token_length;
+ CtxtHandle *context;
+ SEC_WINNT_AUTH_IDENTITY identity;
+ SEC_WINNT_AUTH_IDENTITY *p_identity;
+ TCHAR *spn;
+ size_t token_max;
BYTE *output_token;
size_t output_token_length;
#endif
@@ -469,10 +365,16 @@ struct negotiatedata {
* Boolean values that concerns this connection.
*/
struct ConnectBits {
+ /* always modify bits.close with the connclose() and connkeep() macros! */
bool close; /* if set, we close the connection after this request */
bool reuse; /* if set, this is a re-used connection */
+ bool conn_to_host; /* if set, this connection has a "connect to host"
+ that overrides the host in the URL */
+ bool conn_to_port; /* if set, this connection has a "connect to port"
+ that overrides the port in the URL (remote port) */
bool proxy; /* if set, this transfer is done through a proxy - any type */
bool httpproxy; /* if set, this transfer is done through a http proxy */
+ bool socksproxy; /* if set, this transfer is done through a socks proxy */
bool user_passwd; /* do we use user+password for this connection? */
bool proxy_user_passwd; /* user+password for the proxy? */
bool ipv6_ip; /* we communicate with a remote site specified with pure IPv6
@@ -507,13 +409,9 @@ struct ConnectBits {
bool ftp_use_eprt; /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
EPRT doesn't work we disable it for the forthcoming
requests */
+ bool ftp_use_data_ssl; /* Enabled SSL for the data connection */
bool netrc; /* name+password provided by netrc */
bool userpwd_in_url; /* name+password found in url */
-
- bool done; /* set to FALSE when Curl_do() is called and set to TRUE
- when Curl_done() is called, to prevent Curl_done() to
- get invoked twice when the multi interface is
- used. */
bool stream_was_rewound; /* Indicates that the stream was rewound after a
request read past the end of its response byte
boundary */
@@ -523,6 +421,14 @@ struct ConnectBits {
bool bound; /* set true if bind() has already been done on this socket/
connection */
bool type_set; /* type= was used in the URL */
+ bool multiplex; /* connection is multiplexed */
+
+ bool tcp_fastopen; /* use TCP Fast Open */
+ bool tls_enable_npn; /* TLS NPN extension? */
+ bool tls_enable_alpn; /* TLS ALPN extension? */
+ bool proxy_ssl_connected[2]; /* TRUE when SSL initialization for HTTPS proxy
+ is complete */
+ bool socksproxy_connecting; /* connecting through a socks proxy */
};
struct hostname {
@@ -550,16 +456,6 @@ struct hostname {
#define KEEP_SENDBITS (KEEP_SEND | KEEP_SEND_HOLD | KEEP_SEND_PAUSE)
-#ifdef HAVE_LIBZ
-typedef enum {
- ZLIB_UNINIT, /* uninitialized */
- ZLIB_INIT, /* initialized */
- ZLIB_GZIP_HEADER, /* reading gzip header */
- ZLIB_GZIP_INFLATING, /* inflating gzip stream */
- ZLIB_INIT_GZIP /* initialized in transparent gzip mode */
-} zlibInitState;
-#endif
-
#ifdef CURLRES_ASYNCH
struct Curl_async {
char *hostname;
@@ -580,7 +476,6 @@ struct Curl_async {
typedef CURLcode (*Curl_do_more_func)(struct connectdata *, int *);
typedef CURLcode (*Curl_done_func)(struct connectdata *, CURLcode, bool);
-
enum expect100 {
EXP100_SEND_DATA, /* enough waiting, just send the body now */
EXP100_AWAITING_CONTINUE, /* waiting for the 100 Continue header */
@@ -589,10 +484,17 @@ enum expect100 {
EXP100_FAILED /* used on 417 Expectation Failed */
};
+enum upgrade101 {
+ UPGR101_INIT, /* default state */
+ UPGR101_REQUESTED, /* upgrade requested */
+ UPGR101_RECEIVED, /* response received */
+ UPGR101_WORKING /* talking upgraded protocol */
+};
+
/*
- * Request specific data in the easy handle (SessionHandle). Previously,
+ * Request specific data in the easy handle (Curl_easy). Previously,
* these members were on the connectdata struct but since a conn struct may
- * now be shared between different SessionHandles, we store connection-specific
+ * now be shared between different Curl_easys, we store connection-specific
* data here. This struct only keeps stuff that's interesting for *this*
* request, as it will be cleared between multiple ones
*/
@@ -614,8 +516,8 @@ struct SingleRequest {
100 reply (without a following second response
code) result in a CURLE_GOT_NOTHING error code */
- struct timeval start; /* transfer started at this time */
- struct timeval now; /* current time */
+ struct curltime start; /* transfer started at this time */
+ struct curltime now; /* current time */
bool header; /* incoming data has HTTP header */
enum {
HEADER_NORMAL, /* no bad header at all */
@@ -637,27 +539,16 @@ struct SingleRequest {
Content-Range: header */
int httpcode; /* error code from the 'HTTP/1.? XXX' or
'RTSP/1.? XXX' line */
- struct timeval start100; /* time stamp to wait for the 100 code from */
+ struct curltime start100; /* time stamp to wait for the 100 code from */
enum expect100 exp100; /* expect 100 continue state */
+ enum upgrade101 upgr101; /* 101 upgrade state */
- int auto_decoding; /* What content encoding. sec 3.5, RFC2616. */
-
-#define IDENTITY 0 /* No encoding */
-#define DEFLATE 1 /* zlib deflate [RFC 1950 & 1951] */
-#define GZIP 2 /* gzip algorithm [RFC 1952] */
-#define COMPRESS 3 /* Not handled, added for completeness */
-
-#ifdef HAVE_LIBZ
- zlibInitState zlib_init; /* possible zlib init state;
- undefined if Content-Encoding header. */
- z_stream z; /* State structure for zlib. */
-#endif
-
+ struct contenc_writer_s *writer_stack; /* Content unencoding stack. */
+ /* See sec 3.5, RFC2616. */
time_t timeofdoc;
long bodywrites;
char *buf;
- char *uploadbuf;
curl_socket_t maxfd;
int keepon;
@@ -702,7 +593,7 @@ struct SingleRequest {
*/
struct Curl_handler {
- const char * scheme; /* URL scheme name. */
+ const char *scheme; /* URL scheme name. */
/* Complement to setup_connection_internals(). */
CURLcode (*setup_connection)(struct connectdata *);
@@ -763,11 +654,18 @@ struct Curl_handler {
/* If used, this function gets called from transfer.c:readwrite_data() to
allow the protocol to do extra reads/writes */
- CURLcode (*readwrite)(struct SessionHandle *data, struct connectdata *conn,
+ CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn,
ssize_t *nread, bool *readmore);
+ /* This function can perform various checks on the connection. See
+ CONNCHECK_* for more information about the checks that can be performed,
+ and CONNRESULT_* for the results that can be returned. */
+ unsigned int (*connection_check)(struct connectdata *conn,
+ unsigned int checks_to_perform);
+
long defport; /* Default port. */
- unsigned int protocol; /* See CURLPROTO_* */
+ unsigned int protocol; /* See CURLPROTO_* - this needs to be the single
+ specific protocol bit */
unsigned int flags; /* Extra particular characteristics, see PROTOPT_* */
};
@@ -785,7 +683,22 @@ struct Curl_handler {
gets a default */
#define PROTOPT_NOURLQUERY (1<<6) /* protocol can't handle
url query strings (?foo=bar) ! */
-
+#define PROTOPT_CREDSPERREQUEST (1<<7) /* requires login credentials per
+ request instead of per connection */
+#define PROTOPT_ALPN_NPN (1<<8) /* set ALPN and/or NPN for this */
+#define PROTOPT_STREAM (1<<9) /* a protocol with individual logical streams */
+#define PROTOPT_URLOPTIONS (1<<10) /* allow options part in the userinfo field
+ of the URL */
+#define PROTOPT_PROXY_AS_HTTP (1<<11) /* allow this non-HTTP scheme over a
+ HTTP proxy as HTTP proxies may know
+ this protocol and act as a gateway */
+#define PROTOPT_WILDCARD (1<<12) /* protocol supports wildcard matching */
+
+#define CONNCHECK_NONE 0 /* No checks */
+#define CONNCHECK_ISDEAD (1<<0) /* Check if the connection is dead. */
+
+#define CONNRESULT_NONE 0 /* No extra information. */
+#define CONNRESULT_DEAD (1<<0) /* The connection is dead. */
/* return the count of bytes sent, or -1 on error */
typedef ssize_t (Curl_send)(struct connectdata *conn, /* connection data */
@@ -801,15 +714,57 @@ typedef ssize_t (Curl_recv)(struct connectdata *conn, /* connection data */
size_t len, /* max amount to read */
CURLcode *err); /* error to return */
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+struct postponed_data {
+ char *buffer; /* Temporal store for received data during
+ sending, must be freed */
+ size_t allocated_size; /* Size of temporal store */
+ size_t recv_size; /* Size of received data during sending */
+ size_t recv_processed; /* Size of processed part of postponed data */
+#ifdef DEBUGBUILD
+ curl_socket_t bindsock;/* Structure must be bound to specific socket,
+ used only for DEBUGASSERT */
+#endif /* DEBUGBUILD */
+};
+#endif /* USE_RECV_BEFORE_SEND_WORKAROUND */
+
+struct proxy_info {
+ struct hostname host;
+ long port;
+ curl_proxytype proxytype; /* what kind of proxy that is in use */
+ char *user; /* proxy user name string, allocated */
+ char *passwd; /* proxy password string, allocated */
+};
+
+#define CONNECT_BUFFER_SIZE 16384
+
+/* struct for HTTP CONNECT state data */
+struct http_connect_state {
+ char connect_buffer[CONNECT_BUFFER_SIZE];
+ int perline; /* count bytes per line */
+ int keepon;
+ char *line_start;
+ char *ptr; /* where to store more data */
+ curl_off_t cl; /* size of content to read and ignore */
+ bool chunked_encoding;
+ enum {
+ TUNNEL_INIT, /* init/default/no tunnel state */
+ TUNNEL_CONNECT, /* CONNECT has been sent off */
+ TUNNEL_COMPLETE /* CONNECT response received completely */
+ } tunnel_state;
+};
+
/*
* The connectdata struct contains all fields and variables that should be
* unique for an entire connection.
*/
struct connectdata {
- /* 'data' is the CURRENT SessionHandle using this connection -- take great
+ /* 'data' is the CURRENT Curl_easy using this connection -- take great
caution that this might very well vary between different times this
connection is used! */
- struct SessionHandle *data;
+ struct Curl_easy *data;
+
+ struct curl_llist_element bundle_node; /* conncache */
/* chunk is for HTTP chunked encoding, but is in the general connectdata
struct only because we can do just about any protocol through a HTTP proxy
@@ -838,22 +793,31 @@ struct connectdata {
within the DNS cache, so this pointer is only valid as long as the DNS
cache entry remains locked. It gets unlocked in Curl_done() */
Curl_addrinfo *ip_addr;
+ Curl_addrinfo *tempaddr[2]; /* for happy eyeballs */
/* 'ip_addr_str' is the ip_addr data as a human readable string.
It remains available as long as the connection does, which is longer than
the ip_addr itself. */
char ip_addr_str[MAX_IPADR_LEN];
- unsigned int scope; /* address scope for IPv6 */
+ unsigned int scope_id; /* Scope id for IPv6 */
int socktype; /* SOCK_STREAM or SOCK_DGRAM */
struct hostname host;
- struct hostname proxy;
+ char *secondaryhostname; /* secondary socket host name (ftp) */
+ struct hostname conn_to_host; /* the host to connect to. valid only if
+ bits.conn_to_host is set */
+
+ struct proxy_info socks_proxy;
+ struct proxy_info http_proxy;
long port; /* which port to use locally */
- unsigned short remote_port; /* what remote port to connect to,
- not the proxy port! */
+ int remote_port; /* the remote port, not the proxy port! */
+ int conn_to_port; /* the remote port to connect to. valid only if
+ bits.conn_to_port is set */
+ unsigned short secondary_port; /* secondary socket remote port to connect to
+ (ftp) */
/* 'primary_ip' and 'primary_port' get filled with peer's numerical
ip address and port number whenever an outgoing connection is
@@ -876,42 +840,45 @@ struct connectdata {
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
- char *xoauth2_bearer; /* bearer token for xoauth2, allocated */
-
- char *proxyuser; /* proxy user name string, allocated */
- char *proxypasswd; /* proxy password string, allocated */
- curl_proxytype proxytype; /* what kind of proxy that is in use */
+ char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */
int httpversion; /* the HTTP version*10 reported by the server */
int rtspversion; /* the RTSP version*10 reported by the server */
- struct timeval now; /* "current" time */
- struct timeval created; /* creation time */
+ struct curltime now; /* "current" time */
+ struct curltime created; /* creation time */
curl_socket_t sock[2]; /* two sockets, the second is used for the data
transfer when doing FTP */
+ curl_socket_t tempsock[2]; /* temporary sockets for happy eyeballs */
bool sock_accepted[2]; /* TRUE if the socket on this index was created with
accept() */
Curl_recv *recv[2];
Curl_send *send[2];
+#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
+ struct postponed_data postponed[2]; /* two buffers for two sockets */
+#endif /* USE_RECV_BEFORE_SEND_WORKAROUND */
struct ssl_connect_data ssl[2]; /* this is for ssl-stuff */
- struct ssl_config_data ssl_config;
+ struct ssl_connect_data proxy_ssl[2]; /* this is for proxy ssl-stuff */
+ struct ssl_primary_config ssl_config;
+ struct ssl_primary_config proxy_ssl_config;
+ bool tls_upgraded;
struct ConnectBits bits; /* various state-flags for this connection */
/* connecttime: when connect() is called on the current IP address. Used to
be able to track when to move on to try next IP - but only when the multi
interface is used. */
- struct timeval connecttime;
+ struct curltime connecttime;
/* The two fields below get set in Curl_connecthost */
int num_addr; /* number of addresses to try to connect to */
- long timeoutms_per_addr; /* how long time in milliseconds to spend on
- trying to connect to each IP address */
+ time_t timeoutms_per_addr; /* how long time in milliseconds to spend on
+ trying to connect to each IP address */
const struct Curl_handler *handler; /* Connection's protocol handler */
const struct Curl_handler *given; /* The protocol first given */
- long ip_version; /* copied from the SessionHandle at creation time */
+ long ip_version; /* copied from the Curl_easy at creation time */
/**** curl_get() phase fields */
@@ -935,8 +902,8 @@ struct connectdata {
char *te; /* TE: request header */
} allocptr;
- int sec_complete; /* if kerberos is enabled for this connection */
#ifdef HAVE_GSSAPI
+ int sec_complete; /* if Kerberos is enabled for this connection */
enum protection_level command_prot;
enum protection_level data_prot;
enum protection_level request_data_prot;
@@ -947,6 +914,10 @@ struct connectdata {
struct sockaddr_in local_addr;
#endif
+#if defined(USE_KERBEROS5) /* Consider moving some of the above GSS-API */
+ struct kerberos5data krb5; /* variables into the structure definition, */
+#endif /* however, some of them are ftp specific. */
+
/* the two following *_inuse fields are only flags, not counters in any way.
If TRUE it means the channel is in use, and if FALSE it means the channel
is up for grabs by one. */
@@ -955,11 +926,11 @@ struct connectdata {
handle */
bool writechannel_inuse; /* whether the write channel is in use by an easy
handle */
- struct curl_llist *send_pipe; /* List of handles waiting to
- send on this pipeline */
- struct curl_llist *recv_pipe; /* List of handles waiting to read
- their responses on this pipeline */
- char* master_buffer; /* The master buffer allocated on-demand;
+ struct curl_llist send_pipe; /* List of handles waiting to send on this
+ pipeline */
+ struct curl_llist recv_pipe; /* List of handles waiting to read their
+ responses on this pipeline */
+ char *master_buffer; /* The master buffer allocated on-demand;
used for pipelining. */
size_t read_pos; /* Current read position in the master buffer */
size_t buf_len; /* Length of the buffer?? */
@@ -970,21 +941,19 @@ struct connectdata {
/*************** Request - specific items ************/
- /* previously this was in the urldata struct */
- curl_read_callback fread_func; /* function that reads the input */
- void *fread_in; /* pointer to pass to the fread() above */
-
+#if defined(USE_NTLM)
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
because it authenticates connections, not
single requests! */
struct ntlmdata proxyntlm; /* NTLM data for proxy */
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if defined(NTLM_WB_ENABLED)
/* used for communication with Samba's winbind daemon helper ntlm_auth */
curl_socket_t ntlm_auth_hlpr_socket;
pid_t ntlm_auth_hlpr_pid;
- char* challenge_header;
- char* response_header;
+ char *challenge_header;
+ char *response_header;
+#endif
#endif
char syserr_buf [256]; /* buffer for Curl_strerror() */
@@ -1008,6 +977,7 @@ struct connectdata {
struct pop3_conn pop3c;
struct smtp_conn smtpc;
struct rtsp_conn rtspc;
+ struct smb_conn smbc;
void *generic; /* RTMP and LDAP use this */
} proto;
@@ -1018,9 +988,6 @@ struct connectdata {
int socks5_gssapi_enctype;
#endif
- bool verifypeer;
- bool verifyhost;
-
/* When this connection is created, store the conditions for the local end
bind. This is stored before the actual bind and before any connection is
made and will serve the purpose of being used for comparison reasons so
@@ -1029,23 +996,24 @@ struct connectdata {
char *localdev;
unsigned short localport;
int localportrange;
-
- /* tunnel as in tunnel through a HTTP proxy with CONNECT */
- enum {
- TUNNEL_INIT, /* init/default/no tunnel state */
- TUNNEL_CONNECT, /* CONNECT has been sent off */
- TUNNEL_COMPLETE /* CONNECT response received completely */
- } tunnel_state[2]; /* two separate ones to allow FTP */
+ struct http_connect_state *connect_state; /* for HTTP CONNECT */
struct connectbundle *bundle; /* The bundle we are member of */
+ int negnpn; /* APLN or NPN TLS negotiated protocol, CURL_HTTP_VERSION* */
+
+#ifdef USE_UNIX_SOCKETS
+ char *unix_domain_socket;
+ bool abstract_unix_socket;
+#endif
};
/* The end of connectdata. */
/*
* Struct to keep statistical and informational data.
+ * All variables in this struct must be initialized/reset in Curl_initinfo().
*/
struct PureInfo {
- int httpcode; /* Recent HTTP, FTP, or RTSP response code */
+ int httpcode; /* Recent HTTP, FTP, RTSP or SMTP response code */
int httpproxycode; /* response code from proxy when received separate */
int httpversion; /* the http version number X.Y = X*10+Y */
long filetime; /* If requested, this is might get set. Set to -1 if the time
@@ -1076,6 +1044,9 @@ struct PureInfo {
char conn_local_ip[MAX_IPADR_LEN];
long conn_local_port;
+ const char *conn_scheme;
+ unsigned int conn_protocol;
+
struct curl_certinfo certs; /* info about the certs, only populated in
OpenSSL builds. Asked for with
CURLOPT_CERTINFO / CURLINFO_CERTINFO */
@@ -1083,8 +1054,8 @@ struct PureInfo {
struct Progress {
- long lastshow; /* time() of the last displayed progress meter or NULL to
- force redraw at next call */
+ time_t lastshow; /* time() of the last displayed progress meter or NULL to
+ force redraw at next call */
curl_off_t size_dl; /* total expected size */
curl_off_t size_ul; /* total expected size */
curl_off_t downloaded; /* transferred so far */
@@ -1096,25 +1067,36 @@ struct Progress {
int width; /* screen width at download start */
int flags; /* see progress.h */
- double timespent;
+ time_t timespent;
curl_off_t dlspeed;
curl_off_t ulspeed;
- double t_nslookup;
- double t_connect;
- double t_appconnect;
- double t_pretransfer;
- double t_starttransfer;
- double t_redirect;
+ time_t t_nslookup;
+ time_t t_connect;
+ time_t t_appconnect;
+ time_t t_pretransfer;
+ time_t t_starttransfer;
+ time_t t_redirect;
+
+ struct curltime start;
+ struct curltime t_startsingle;
+ struct curltime t_startop;
+ struct curltime t_acceptdata;
+
+ bool is_t_startransfer_set;
+
+ /* upload speed limit */
+ struct curltime ul_limit_start;
+ curl_off_t ul_limit_size;
+ /* download speed limit */
+ struct curltime dl_limit_start;
+ curl_off_t dl_limit_size;
- struct timeval start;
- struct timeval t_startsingle;
- struct timeval t_acceptdata;
-#define CURR_TIME (5+1) /* 6 entries for 5 seconds */
+#define CURR_TIME (5 + 1) /* 6 entries for 5 seconds */
curl_off_t speeder[ CURR_TIME ];
- struct timeval speeder_time[ CURR_TIME ];
+ struct curltime speeder_time[ CURR_TIME ];
int speeder_c;
};
@@ -1123,8 +1105,10 @@ typedef enum {
HTTPREQ_GET,
HTTPREQ_POST,
HTTPREQ_POST_FORM, /* we make a difference internally */
+ HTTPREQ_POST_MIME, /* we make a difference internally */
HTTPREQ_PUT,
HTTPREQ_HEAD,
+ HTTPREQ_OPTIONS,
HTTPREQ_CUSTOM,
HTTPREQ_LAST /* last in list */
} Curl_HttpReq;
@@ -1148,7 +1132,7 @@ typedef enum {
/*
* Values that are generated, temporary or calculated internally for a
* "session handle" must be defined within the 'struct UrlState'. This struct
- * will be used within the SessionHandle struct. When the 'SessionHandle'
+ * will be used within the Curl_easy struct. When the 'Curl_easy'
* struct is cloned, this data MUST NOT be copied.
*
* Remember that any "state" information goes globally for the curl handle.
@@ -1164,12 +1148,54 @@ struct auth {
this resource */
bool done; /* TRUE when the auth phase is done and ready to do the *actual*
request */
- bool multi; /* TRUE if this is not yet authenticated but within the auth
- multipass negotiation */
+ bool multipass; /* TRUE if this is not yet authenticated but within the
+ auth multipass negotiation */
bool iestyle; /* TRUE if digest should be done IE-style or FALSE if it should
be RFC compliant */
};
+struct Curl_http2_dep {
+ struct Curl_http2_dep *next;
+ struct Curl_easy *data;
+};
+
+/*
+ * This struct is for holding data that was attemped to get sent to the user's
+ * callback but is held due to pausing. One instance per type (BOTH, HEADER,
+ * BODY).
+ */
+struct tempbuf {
+ char *buf; /* allocated buffer to keep data in when a write callback
+ returns to make the connection paused */
+ size_t len; /* size of the 'tempwrite' allocated buffer */
+ int type; /* type of the 'tempwrite' buffer as a bitmask that is used with
+ Curl_client_write() */
+};
+
+/* Timers */
+typedef enum {
+ EXPIRE_100_TIMEOUT,
+ EXPIRE_ASYNC_NAME,
+ EXPIRE_CONNECTTIMEOUT,
+ EXPIRE_DNS_PER_NAME,
+ EXPIRE_HAPPY_EYEBALLS,
+ EXPIRE_MULTI_PENDING,
+ EXPIRE_RUN_NOW,
+ EXPIRE_SPEEDCHECK,
+ EXPIRE_TIMEOUT,
+ EXPIRE_TOOFAST,
+ EXPIRE_LAST /* not an actual timer, used as a marker only */
+} expire_id;
+
+/*
+ * One instance for each timeout an easy handle can set.
+ */
+struct time_node {
+ struct curl_llist_element list;
+ struct curltime time;
+ expire_id eid;
+};
+
struct UrlState {
/* Points to the connection cache */
@@ -1181,32 +1207,31 @@ struct UrlState {
bool multi_owned_by_easy;
/* buffers to store authentication data in, as parsed from input options */
- struct timeval keeps_speed; /* for the progress meter really */
+ struct curltime keeps_speed; /* for the progress meter really */
struct connectdata *lastconnect; /* The last connection, NULL if undefined */
char *headerbuff; /* allocated buffer to store headers in */
size_t headersize; /* size of the allocation */
- char buffer[BUFSIZE+1]; /* download buffer */
- char uploadbuffer[BUFSIZE+1]; /* upload buffer */
- curl_off_t current_speed; /* the ProgressShow() funcion sets this,
+ char *buffer; /* download buffer */
+ char uploadbuffer[UPLOAD_BUFSIZE + 1]; /* upload buffer */
+ curl_off_t current_speed; /* the ProgressShow() function sets this,
bytes / second */
bool this_is_a_follow; /* this is a followed Location: request */
- char *first_host; /* if set, this should be the host name that we will
+ char *first_host; /* host name of the first (not followed) request.
+ if set, this should be the host name that we will
sent authorization to, no else. Used to make Location:
following not keep sending user+password... This is
strdup() data.
*/
+ int first_remote_port; /* remote port of the first (not followed) request */
struct curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
long sessionage; /* number of the most recent session */
- char *tempwrite; /* allocated buffer to keep data in when a write
- callback returns to make the connection paused */
- size_t tempwritesize; /* size of the 'tempwrite' allocated buffer */
- int tempwritetype; /* type of the 'tempwrite' buffer as a bitmask that is
- used with Curl_client_write() */
- char *scratch; /* huge buffer[BUFSIZE*2] when doing upload CRLF replacing */
+ unsigned int tempcount; /* number of entries in use in tempwrite, 0 - 3 */
+ struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */
+ char *scratch; /* huge buffer[set.buffer_size*2] for upload CRLF replacing */
bool errorbuf; /* Set to TRUE if the error buffer is already filled in.
This must be set to FALSE every time _easy_perform() is
called. */
@@ -1220,7 +1245,7 @@ struct UrlState {
struct digestdata digest; /* state data for host Digest auth */
struct digestdata proxydigest; /* state data for proxy Digest auth */
-#ifdef USE_HTTP_NEGOTIATE
+#ifdef USE_SPNEGO
struct negotiatedata negotiate; /* state data for host Negotiate auth */
struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
#endif
@@ -1233,19 +1258,21 @@ struct UrlState {
void *resolver; /* resolver state, if it is used in the URL state -
ares_channel f.e. */
-#if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H)
- ENGINE *engine;
-#endif /* USE_SSLEAY */
- struct timeval expiretime; /* set this with Curl_expire() only */
+#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+ /* void instead of ENGINE to avoid bleeding OpenSSL into this header */
+ void *engine;
+#endif /* USE_OPENSSL */
+ struct curltime expiretime; /* set this with Curl_expire() only */
struct Curl_tree timenode; /* for the splay stuff */
- struct curl_llist *timeoutlist; /* list of pending timeouts */
+ struct curl_llist timeoutlist; /* list of pending timeouts */
+ struct time_node expires[EXPIRE_LAST]; /* nodes for each expire type */
/* a place to store the most recently set FTP entrypath */
char *most_recent_ftp_entrypath;
/* set after initial USER failure, to prevent an authentication loop */
bool ftp_trying_alternative;
-
+ bool wildcardmatch; /* enable wildcard matching */
int httpversion; /* the lowest HTTP version*10 reported by any server
involved in this request */
bool expect100header; /* TRUE if we added Expect: 100-continue */
@@ -1279,8 +1306,22 @@ struct UrlState {
long rtsp_next_server_CSeq; /* the session's next server CSeq */
long rtsp_CSeq_recv; /* most recent CSeq received */
- /* if true, force SSL connection retry (workaround for certain servers) */
- bool ssl_connect_retry;
+ curl_off_t infilesize; /* size of file to upload, -1 means unknown.
+ Copied from set.filesize at start of operation */
+
+ size_t drain; /* Increased when this stream has data to read, even if its
+ socket is not necessarily is readable. Decreased when
+ checked. */
+ bool done; /* set to FALSE when Curl_init_do() is called and set to TRUE
+ when multi_done() is called, to prevent multi_done() to get
+ invoked twice when the multi interface is used. */
+
+ curl_read_callback fread_func; /* read callback/function */
+ void *in; /* CURLOPT_READDATA */
+
+ struct Curl_easy *stream_depends_on;
+ bool stream_depends_e; /* set or don't set the Exclusive bit */
+ int stream_weight;
};
@@ -1314,35 +1355,48 @@ struct DynamicStatic {
struct Curl_multi; /* declared and used only in multi.c */
enum dupstring {
- STRING_CERT, /* client certificate file name */
- STRING_CERT_TYPE, /* format for certificate (default: PEM)*/
+ STRING_CERT_ORIG, /* client certificate file name */
+ STRING_CERT_PROXY, /* client certificate file name */
+ STRING_CERT_TYPE_ORIG, /* format for certificate (default: PEM)*/
+ STRING_CERT_TYPE_PROXY, /* format for certificate (default: PEM)*/
STRING_COOKIE, /* HTTP cookie string to send */
STRING_COOKIEJAR, /* dump all cookies to this file */
STRING_CUSTOMREQUEST, /* HTTP/FTP/RTSP request/method to use */
+ STRING_DEFAULT_PROTOCOL, /* Protocol to use when the URL doesn't specify */
STRING_DEVICE, /* local network interface/address to use */
STRING_ENCODING, /* Accept-Encoding string */
STRING_FTP_ACCOUNT, /* ftp account data */
STRING_FTP_ALTERNATIVE_TO_USER, /* command to send if USER/PASS fails */
STRING_FTPPORT, /* port to send with the FTP PORT command */
- STRING_KEY, /* private key file name */
- STRING_KEY_PASSWD, /* plain text private key password */
- STRING_KEY_TYPE, /* format for private key (default: PEM) */
+ STRING_KEY_ORIG, /* private key file name */
+ STRING_KEY_PROXY, /* private key file name */
+ STRING_KEY_PASSWD_ORIG, /* plain text private key password */
+ STRING_KEY_PASSWD_PROXY, /* plain text private key password */
+ STRING_KEY_TYPE_ORIG, /* format for private key (default: PEM) */
+ STRING_KEY_TYPE_PROXY, /* format for private key (default: PEM) */
STRING_KRB_LEVEL, /* krb security level */
STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
$HOME/.netrc */
- STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
STRING_PROXY, /* proxy to use */
+ STRING_PRE_PROXY, /* pre socks proxy to use */
STRING_SET_RANGE, /* range, if used */
STRING_SET_REFERER, /* custom string for the HTTP referer field */
STRING_SET_URL, /* what original URL to work on */
- STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */
- STRING_SSL_CAFILE, /* certificate file to verify peer against */
- STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
+ STRING_SSL_CAPATH_ORIG, /* CA directory name (doesn't work on windows) */
+ STRING_SSL_CAPATH_PROXY, /* CA directory name (doesn't work on windows) */
+ STRING_SSL_CAFILE_ORIG, /* certificate file to verify peer against */
+ STRING_SSL_CAFILE_PROXY, /* certificate file to verify peer against */
+ STRING_SSL_PINNEDPUBLICKEY_ORIG, /* public key file to verify peer against */
+ STRING_SSL_PINNEDPUBLICKEY_PROXY, /* public key file to verify proxy */
+ STRING_SSL_CIPHER_LIST_ORIG, /* list of ciphers to use */
+ STRING_SSL_CIPHER_LIST_PROXY, /* list of ciphers to use */
STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */
STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
STRING_USERAGENT, /* User-Agent string */
- STRING_SSL_CRLFILE, /* crl file to check certificate */
- STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */
+ STRING_SSL_CRLFILE_ORIG, /* crl file to check certificate */
+ STRING_SSL_CRLFILE_PROXY, /* crl file to check certificate */
+ STRING_SSL_ISSUERCERT_ORIG, /* issuer cert file to check certificate */
+ STRING_SSL_ISSUERCERT_PROXY, /* issuer cert file to check certificate */
STRING_USERNAME, /* <username>, if used */
STRING_PASSWORD, /* <password>, if used */
STRING_OPTIONS, /* <options>, if used */
@@ -1360,19 +1414,35 @@ enum dupstring {
STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */
#endif
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- STRING_SOCKS5_GSSAPI_SERVICE, /* GSSAPI service name */
+ STRING_PROXY_SERVICE_NAME, /* Proxy service name */
+#endif
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) || \
+ defined(USE_SPNEGO) || defined(HAVE_GSSAPI)
+ STRING_SERVICE_NAME, /* Service name */
#endif
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
#ifdef USE_TLS_SRP
- STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
- STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
+ STRING_TLSAUTH_USERNAME_ORIG, /* TLS auth <username> */
+ STRING_TLSAUTH_USERNAME_PROXY, /* TLS auth <username> */
+ STRING_TLSAUTH_PASSWORD_ORIG, /* TLS auth <password> */
+ STRING_TLSAUTH_PASSWORD_PROXY, /* TLS auth <password> */
#endif
+ STRING_BEARER, /* <bearer>, if used */
+#ifdef USE_UNIX_SOCKETS
+ STRING_UNIX_SOCKET_PATH, /* path to Unix socket, if used */
+#endif
+ STRING_TARGET, /* CURLOPT_REQUEST_TARGET */
+ /* -- end of zero-terminated strings -- */
+
+ STRING_LASTZEROTERMINATED,
- STRING_BEARER, /* <bearer>, if used */
+ /* -- below this are pointers to binary data that cannot be strdup'ed.
+ Each such pointer must be added manually to Curl_dupset() --- */
+
+ STRING_COPYPOSTFIELDS, /* if POST, set the fields' values here */
- /* -- end of strings -- */
STRING_LAST /* not used, just an end-of-list marker */
};
@@ -1383,13 +1453,14 @@ struct UserDefined {
long proxyport; /* If non-zero, use this port number by default. If the
proxy string features a ":[port]" that one will override
this. */
- void *out; /* the fetched file goes here */
- void *in; /* the uploaded file is read from here */
+ void *out; /* CURLOPT_WRITEDATA */
+ void *in_set; /* CURLOPT_READDATA */
void *writeheader; /* write the header to this if non-NULL */
void *rtp_out; /* write RTP to this if non-NULL */
long use_port; /* which port to use (when not using default) */
unsigned long httpauth; /* kind of HTTP authentication to use (bitmask) */
unsigned long proxyauth; /* kind of proxy authentication to use (bitmask) */
+ unsigned long socks5auth;/* kind of SOCKS5 authentication to use (bitmask) */
long followlocation; /* as in HTTP Location: */
long maxredirs; /* maximum no. of http(s) redirects to follow, set to -1
for infinity */
@@ -1409,7 +1480,7 @@ struct UserDefined {
curl_write_callback fwrite_func; /* function that stores the output */
curl_write_callback fwrite_header; /* function that stores headers */
curl_write_callback fwrite_rtp; /* function that stores interleaved RTP */
- curl_read_callback fread_func; /* function that reads the input */
+ curl_read_callback fread_func_set; /* function that reads the input */
int is_fread_set; /* boolean, has read callback been set to non-NULL? */
int is_fwrite_set; /* boolean, has write callback been set to non-NULL? */
curl_progress_callback fprogress; /* OLD and deprecated progress callback */
@@ -1421,10 +1492,10 @@ struct UserDefined {
curl_opensocket_callback fopensocket; /* function for checking/translating
the address and opening the
socket */
- void* opensocket_client;
+ void *opensocket_client;
curl_closesocket_callback fclosesocket; /* function for closing the
socket */
- void* closesocket_client;
+ void *closesocket_client;
void *seek_client; /* pointer to pass to the seek callback */
/* the 3 curl_conv_callback functions below are used on non-ASCII hosts */
@@ -1441,8 +1512,9 @@ struct UserDefined {
long connecttimeout; /* in milliseconds, 0 means no timeout */
long accepttimeout; /* in milliseconds, 0 means no timeout */
long server_response_timeout; /* in milliseconds, 0 means no timeout */
- long tftp_blksize ; /* in bytes, 0 means use default */
- curl_off_t infilesize; /* size of file to upload, -1 means unknown */
+ long tftp_blksize; /* in bytes, 0 means use default */
+ bool tftp_no_options; /* do not send TFTP options requests */
+ curl_off_t filesize; /* size of file to upload, -1 means unknown */
long low_speed_limit; /* bytes/second */
long low_speed_time; /* number of seconds */
curl_off_t max_send_speed; /* high speed limit in bytes/second for upload */
@@ -1450,7 +1522,10 @@ struct UserDefined {
download */
curl_off_t set_resume_from; /* continue [ftp] transfer from here */
struct curl_slist *headers; /* linked list of extra headers */
- struct curl_httppost *httppost; /* linked list of POST data */
+ struct curl_slist *proxyheaders; /* linked list of extra CONNECT headers */
+ struct curl_httppost *httppost; /* linked list of old POST data */
+ curl_mimepart mimepost; /* MIME/POST data. */
+ bool sep_headers; /* handle host and proxy headers separately */
bool cookiesession; /* new cookie session? */
bool crlf; /* convert crlf on ftp upload(?) */
struct curl_slist *quote; /* after connection is established */
@@ -1464,12 +1539,17 @@ struct UserDefined {
struct curl_slist *telnet_options; /* linked list of telnet options */
struct curl_slist *resolve; /* list of names to add/remove from
DNS cache */
+ struct curl_slist *connect_to; /* list of host:port mappings to override
+ the hostname and port to connect to */
curl_TimeCond timecondition; /* kind of time/date comparison */
time_t timevalue; /* what time to compare with */
Curl_HttpReq httpreq; /* what kind of HTTP request (if any) is this */
long httpversion; /* when non-zero, a specific HTTP version requested to
be used in the library's request(s) */
+ bool strip_path_slash; /* strip off initial slash from path */
struct ssl_config_data ssl; /* user defined SSL stuff */
+ struct ssl_config_data proxy_ssl; /* user defined SSL stuff for proxy */
+ struct ssl_general_config general_ssl; /* general user defined SSL stuff */
curl_proxytype proxytype; /* what kind of proxy that is in use */
long dns_cache_timeout; /* DNS cache timeout */
long buffer_size; /* size of receive buffer to use */
@@ -1490,6 +1570,7 @@ struct UserDefined {
curl_sshkeycallback ssh_keyfunc; /* key matching callback */
void *ssh_keyfunc_userp; /* custom pointer to callback */
+ bool ssh_compression; /* enable SSH compression */
/* Here follows boolean settings that define how to behave during
this session. They are STATIC, set by libcurl users or at least initially
@@ -1503,7 +1584,8 @@ struct UserDefined {
bool ftp_list_only; /* switch FTP command for listing directories */
bool ftp_use_port; /* use the FTP PORT command */
bool hide_progress; /* don't use the progress meter */
- bool http_fail_on_error; /* fail on HTTP error codes >= 300 */
+ bool http_fail_on_error; /* fail on HTTP error codes >= 400 */
+ bool http_keep_sending_on_error; /* for HTTP status codes >= 300 */
bool http_follow_location; /* follow HTTP redirects */
bool http_transfer_encoding; /* request compressed HTTP transfer-encoding */
bool http_disable_hostname_check_before_authentication;
@@ -1511,12 +1593,11 @@ struct UserDefined {
bool http_set_referer; /* is a custom referer used */
bool http_auto_referer; /* set "correct" referer when following location: */
bool opt_no_body; /* as set with CURLOPT_NOBODY */
- bool set_port; /* custom port number used */
bool upload; /* upload request */
enum CURL_NETRC_OPTION
use_netrc; /* defined in include/curl.h */
bool verbose; /* output verbosity */
- bool krb; /* kerberos connection requested */
+ bool krb; /* Kerberos connection requested */
bool reuse_forbid; /* forbidden to be reused, close after use */
bool reuse_fresh; /* do not re-use an existing connection */
bool ftp_use_epsv; /* if EPSV is to be attempted or not */
@@ -1534,8 +1615,6 @@ struct UserDefined {
bool ftp_skip_ip; /* skip the IP address the FTP server passes on to
us */
bool connect_only; /* make connection, let application use the socket */
- bool ssl_enable_beast; /* especially allow this flaw for interoperability's
- sake*/
long ssh_auth_types; /* allowed SSH auth types */
bool http_te_skip; /* pass the raw body data to the user, even when
transfer-encoded (chunked, compressed) */
@@ -1546,18 +1625,18 @@ struct UserDefined {
bool proxy_transfer_mode; /* set transfer mode (;type=<a|i>) when doing FTP
via an HTTP proxy */
char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
- unsigned int scope; /* address scope for IPv6 */
+ unsigned int scope_id; /* Scope id for IPv6 */
long allowed_protocols;
long redir_protocols;
#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
- long socks5_gssapi_nec; /* flag to support nec socks5 server */
+ bool socks5_gssapi_nec; /* Flag to support NEC SOCKS5 server */
#endif
struct curl_slist *mail_rcpt; /* linked list of mail recipients */
bool sasl_ir; /* Enable/disable SASL initial response */
/* Common RTSP header options */
Curl_RtspReq rtspreq; /* RTSP request type */
long rtspversion; /* like httpversion, for RTSP */
- bool wildcardmatch; /* enable wildcard matching */
+ bool wildcard_enabled; /* enable wildcard matching */
curl_chunk_bgn_callback chunk_bgn; /* called before part of transfer
starts */
curl_chunk_end_callback chunk_end; /* called after part transferring
@@ -1566,14 +1645,32 @@ struct UserDefined {
to pattern (e.g. if WILDCARDMATCH is on) */
void *fnmatch_data;
- long gssapi_delegation; /* GSSAPI credential delegation, see the
+ long gssapi_delegation; /* GSS-API credential delegation, see the
documentation of CURLOPT_GSSAPI_DELEGATION */
bool tcp_keepalive; /* use TCP keepalives */
long tcp_keepidle; /* seconds in idle before sending keepalive probe */
long tcp_keepintvl; /* seconds between TCP keepalive probes */
+ bool tcp_fastopen; /* use TCP Fast Open */
size_t maxconnects; /* Max idle connections in the connection cache */
+
+ bool ssl_enable_npn; /* TLS NPN extension? */
+ bool ssl_enable_alpn; /* TLS ALPN extension? */
+ bool path_as_is; /* allow dotdots? */
+ bool pipewait; /* wait for pipe/multiplex status before starting a
+ new connection */
+ long expect_100_timeout; /* in milliseconds */
+ bool suppress_connect_headers; /* suppress proxy CONNECT response headers
+ from user callbacks */
+
+ struct Curl_easy *stream_depends_on;
+ bool stream_depends_e; /* set or don't set the Exclusive bit */
+ int stream_weight;
+
+ struct Curl_http2_dep *stream_dependents;
+
+ bool abstract_unix_socket;
};
struct Names {
@@ -1596,12 +1693,14 @@ struct Names {
* 'struct UrlState' instead.
*/
-struct SessionHandle {
+struct Curl_easy {
/* first, two fields for the linked list of these */
- struct SessionHandle *next;
- struct SessionHandle *prev;
+ struct Curl_easy *next;
+ struct Curl_easy *prev;
struct connectdata *easy_conn; /* the "unit's" connection */
+ struct curl_llist_element connect_queue;
+ struct curl_llist_element pipeline_queue;
CURLMstate mstate; /* the handle's state */
CURLcode result; /* previous result */
@@ -1635,6 +1734,8 @@ struct SessionHandle {
other dynamic purposes */
struct WildcardData wildcard; /* wildcard download state info */
struct PureInfo info; /* stats, reports and info data */
+ struct curl_tlssessioninfo tsi; /* Information about the TLS session, only
+ valid after a client has asked for it */
#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
iconv_t outbound_cd; /* for translating to the network encoding */
iconv_t inbound_cd; /* for translating from the network encoding */
diff --git a/libs/libcurl/src/vauth/cleartext.c b/libs/libcurl/src/vauth/cleartext.c
new file mode 100644
index 0000000000..a761ae7846
--- /dev/null
+++ b/libs/libcurl/src/vauth/cleartext.c
@@ -0,0 +1,165 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC4616 PLAIN authentication
+ * Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+#include "urldata.h"
+
+#include "vauth/vauth.h"
+#include "curl_base64.h"
+#include "curl_md5.h"
+#include "warnless.h"
+#include "strtok.h"
+#include "sendf.h"
+#include "curl_printf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_create_plain_message()
+ *
+ * This is used to generate an already encoded PLAIN message ready
+ * for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name.
+ * passdwp [in] - The user's password.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result;
+ char *plainauth;
+ size_t ulen;
+ size_t plen;
+ size_t plainlen;
+
+ *outlen = 0;
+ *outptr = NULL;
+ ulen = strlen(userp);
+ plen = strlen(passwdp);
+
+ /* Compute binary message length, checking for overflows. */
+ plainlen = 2 * ulen;
+ if(plainlen < ulen)
+ return CURLE_OUT_OF_MEMORY;
+ plainlen += plen;
+ if(plainlen < plen)
+ return CURLE_OUT_OF_MEMORY;
+ plainlen += 2;
+ if(plainlen < 2)
+ return CURLE_OUT_OF_MEMORY;
+
+ plainauth = malloc(plainlen);
+ if(!plainauth)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Calculate the reply */
+ memcpy(plainauth, userp, ulen);
+ plainauth[ulen] = '\0';
+ memcpy(plainauth + ulen + 1, userp, ulen);
+ plainauth[2 * ulen + 1] = '\0';
+ memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
+
+ /* Base64 encode the reply */
+ result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
+ free(plainauth);
+
+ return result;
+}
+
+/*
+ * Curl_auth_create_login_message()
+ *
+ * This is used to generate an already encoded LOGIN message containing the
+ * user name or password ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * valuep [in] - The user name or user's password.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
+ const char *valuep, char **outptr,
+ size_t *outlen)
+{
+ size_t vlen = strlen(valuep);
+
+ if(!vlen) {
+ /* Calculate an empty reply */
+ *outptr = strdup("=");
+ if(*outptr) {
+ *outlen = (size_t) 1;
+ return CURLE_OK;
+ }
+
+ *outlen = 0;
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Base64 encode the value */
+ return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
+}
+
+/*
+ * Curl_auth_create_external_message()
+ *
+ * This is used to generate an already encoded EXTERNAL message containing
+ * the user name ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * user [in] - The user name.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
+ const char *user, char **outptr,
+ size_t *outlen)
+{
+ /* This is the same formatting as the login message */
+ return Curl_auth_create_login_message(data, user, outptr, outlen);
+}
diff --git a/libs/libcurl/src/vauth/cram.c b/libs/libcurl/src/vauth/cram.c
new file mode 100644
index 0000000000..3074a163a1
--- /dev/null
+++ b/libs/libcurl/src/vauth/cram.c
@@ -0,0 +1,138 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2195 CRAM-MD5 authentication
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+
+#include <curl/curl.h>
+#include "urldata.h"
+
+#include "vauth/vauth.h"
+#include "curl_base64.h"
+#include "curl_hmac.h"
+#include "curl_md5.h"
+#include "warnless.h"
+#include "curl_printf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_decode_cram_md5_message()
+ *
+ * This is used to decode an already encoded CRAM-MD5 challenge message.
+ *
+ * Parameters:
+ *
+ * chlg64 [in] - The base64 encoded challenge message.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_decode_cram_md5_message(const char *chlg64, char **outptr,
+ size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ size_t chlg64len = strlen(chlg64);
+
+ *outptr = NULL;
+ *outlen = 0;
+
+ /* Decode the challenge if necessary */
+ if(chlg64len && *chlg64 != '=')
+ result = Curl_base64_decode(chlg64, (unsigned char **) outptr, outlen);
+
+ return result;
+}
+
+/*
+ * Curl_auth_create_cram_md5_message()
+ *
+ * This is used to generate an already encoded CRAM-MD5 response message ready
+ * for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * chlg [in] - The challenge.
+ * userp [in] - The user name.
+ * passdwp [in] - The user's password.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
+ const char *chlg,
+ const char *userp,
+ const char *passwdp,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ size_t chlglen = 0;
+ HMAC_context *ctxt;
+ unsigned char digest[MD5_DIGEST_LEN];
+ char *response;
+
+ if(chlg)
+ chlglen = strlen(chlg);
+
+ /* Compute the digest using the password as the key */
+ ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
+ (const unsigned char *) passwdp,
+ curlx_uztoui(strlen(passwdp)));
+ if(!ctxt)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Update the digest with the given challenge */
+ if(chlglen > 0)
+ Curl_HMAC_update(ctxt, (const unsigned char *) chlg,
+ curlx_uztoui(chlglen));
+
+ /* Finalise the digest */
+ Curl_HMAC_final(ctxt, digest);
+
+ /* Generate the response */
+ response = aprintf(
+ "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+ userp, digest[0], digest[1], digest[2], digest[3], digest[4],
+ digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
+ digest[11], digest[12], digest[13], digest[14], digest[15]);
+ if(!response)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, response, 0, outptr, outlen);
+
+ free(response);
+
+ return result;
+}
+
+#endif /* !CURL_DISABLE_CRYPTO_AUTH */
diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c
new file mode 100644
index 0000000000..131d9da8c4
--- /dev/null
+++ b/libs/libcurl/src/vauth/digest.c
@@ -0,0 +1,1003 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2831 DIGEST-MD5 authentication
+ * RFC7616 DIGEST-SHA256, DIGEST-SHA512-256 authentication
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "vauth/digest.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "curl_hmac.h"
+#include "curl_md5.h"
+#include "curl_sha256.h"
+#include "vtls/vtls.h"
+#include "warnless.h"
+#include "strtok.h"
+#include "strcase.h"
+#include "non-ascii.h" /* included for Curl_convert_... prototypes */
+#include "curl_printf.h"
+#include "rand.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#if !defined(USE_WINDOWS_SSPI)
+#define DIGEST_QOP_VALUE_AUTH (1 << 0)
+#define DIGEST_QOP_VALUE_AUTH_INT (1 << 1)
+#define DIGEST_QOP_VALUE_AUTH_CONF (1 << 2)
+
+#define DIGEST_QOP_VALUE_STRING_AUTH "auth"
+#define DIGEST_QOP_VALUE_STRING_AUTH_INT "auth-int"
+#define DIGEST_QOP_VALUE_STRING_AUTH_CONF "auth-conf"
+
+/* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines.
+ It converts digest text to ASCII so the MD5 will be correct for
+ what ultimately goes over the network.
+*/
+#define CURL_OUTPUT_DIGEST_CONV(a, b) \
+ result = Curl_convert_to_network(a, (char *)b, strlen((const char *)b)); \
+ if(result) { \
+ free(b); \
+ return result; \
+ }
+#endif /* !USE_WINDOWS_SSPI */
+
+bool Curl_auth_digest_get_pair(const char *str, char *value, char *content,
+ const char **endptr)
+{
+ int c;
+ bool starts_with_quote = FALSE;
+ bool escape = FALSE;
+
+ for(c = DIGEST_MAX_VALUE_LENGTH - 1; (*str && (*str != '=') && c--);)
+ *value++ = *str++;
+ *value = 0;
+
+ if('=' != *str++)
+ /* eek, no match */
+ return FALSE;
+
+ if('\"' == *str) {
+ /* This starts with a quote so it must end with one as well! */
+ str++;
+ starts_with_quote = TRUE;
+ }
+
+ for(c = DIGEST_MAX_CONTENT_LENGTH - 1; *str && c--; str++) {
+ switch(*str) {
+ case '\\':
+ if(!escape) {
+ /* possibly the start of an escaped quote */
+ escape = TRUE;
+ *content++ = '\\'; /* Even though this is an escape character, we still
+ store it as-is in the target buffer */
+ continue;
+ }
+ break;
+
+ case ',':
+ if(!starts_with_quote) {
+ /* This signals the end of the content if we didn't get a starting
+ quote and then we do "sloppy" parsing */
+ c = 0; /* the end */
+ continue;
+ }
+ break;
+
+ case '\r':
+ case '\n':
+ /* end of string */
+ c = 0;
+ continue;
+
+ case '\"':
+ if(!escape && starts_with_quote) {
+ /* end of string */
+ c = 0;
+ continue;
+ }
+ break;
+ }
+
+ escape = FALSE;
+ *content++ = *str;
+ }
+
+ *content = 0;
+ *endptr = str;
+
+ return TRUE;
+}
+
+#if !defined(USE_WINDOWS_SSPI)
+/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string*/
+static void auth_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
+ unsigned char *dest) /* 33 bytes */
+{
+ int i;
+ for(i = 0; i < 16; i++)
+ snprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
+}
+
+/* Convert sha256 chunk to RFC7616 -suitable ascii string*/
+static void auth_digest_sha256_to_ascii(unsigned char *source, /* 32 bytes */
+ unsigned char *dest) /* 65 bytes */
+{
+ int i;
+ for(i = 0; i < 32; i++)
+ snprintf((char *) &dest[i * 2], 3, "%02x", source[i]);
+}
+
+/* Perform quoted-string escaping as described in RFC2616 and its errata */
+static char *auth_digest_string_quoted(const char *source)
+{
+ char *dest, *d;
+ const char *s = source;
+ size_t n = 1; /* null terminator */
+
+ /* Calculate size needed */
+ while(*s) {
+ ++n;
+ if(*s == '"' || *s == '\\') {
+ ++n;
+ }
+ ++s;
+ }
+
+ dest = malloc(n);
+ if(dest) {
+ s = source;
+ d = dest;
+ while(*s) {
+ if(*s == '"' || *s == '\\') {
+ *d++ = '\\';
+ }
+ *d++ = *s++;
+ }
+ *d = 0;
+ }
+
+ return dest;
+}
+
+/* Retrieves the value for a corresponding key from the challenge string
+ * returns TRUE if the key could be found, FALSE if it does not exists
+ */
+static bool auth_digest_get_key_value(const char *chlg,
+ const char *key,
+ char *value,
+ size_t max_val_len,
+ char end_char)
+{
+ char *find_pos;
+ size_t i;
+
+ find_pos = strstr(chlg, key);
+ if(!find_pos)
+ return FALSE;
+
+ find_pos += strlen(key);
+
+ for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
+ value[i] = *find_pos++;
+ value[i] = '\0';
+
+ return TRUE;
+}
+
+static CURLcode auth_digest_get_qop_values(const char *options, int *value)
+{
+ char *tmp;
+ char *token;
+ char *tok_buf = NULL;
+
+ /* Initialise the output */
+ *value = 0;
+
+ /* Tokenise the list of qop values. Use a temporary clone of the buffer since
+ strtok_r() ruins it. */
+ tmp = strdup(options);
+ if(!tmp)
+ return CURLE_OUT_OF_MEMORY;
+
+ token = strtok_r(tmp, ",", &tok_buf);
+ while(token != NULL) {
+ if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH))
+ *value |= DIGEST_QOP_VALUE_AUTH;
+ else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_INT))
+ *value |= DIGEST_QOP_VALUE_AUTH_INT;
+ else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_CONF))
+ *value |= DIGEST_QOP_VALUE_AUTH_CONF;
+
+ token = strtok_r(NULL, ",", &tok_buf);
+ }
+
+ free(tmp);
+
+ return CURLE_OK;
+}
+
+/*
+ * auth_decode_digest_md5_message()
+ *
+ * This is used internally to decode an already encoded DIGEST-MD5 challenge
+ * message into the separate attributes.
+ *
+ * Parameters:
+ *
+ * chlg64 [in] - The base64 encoded challenge message.
+ * nonce [in/out] - The buffer where the nonce will be stored.
+ * nlen [in] - The length of the nonce buffer.
+ * realm [in/out] - The buffer where the realm will be stored.
+ * rlen [in] - The length of the realm buffer.
+ * alg [in/out] - The buffer where the algorithm will be stored.
+ * alen [in] - The length of the algorithm buffer.
+ * qop [in/out] - The buffer where the qop-options will be stored.
+ * qlen [in] - The length of the qop buffer.
+ *
+ * Returns CURLE_OK on success.
+ */
+static CURLcode auth_decode_digest_md5_message(const char *chlg64,
+ char *nonce, size_t nlen,
+ char *realm, size_t rlen,
+ char *alg, size_t alen,
+ char *qop, size_t qlen)
+{
+ CURLcode result = CURLE_OK;
+ unsigned char *chlg = NULL;
+ size_t chlglen = 0;
+ size_t chlg64len = strlen(chlg64);
+
+ /* Decode the base-64 encoded challenge message */
+ if(chlg64len && *chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!chlg)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ /* Retrieve nonce string from the challenge */
+ if(!auth_digest_get_key_value((char *) chlg, "nonce=\"", nonce, nlen,
+ '\"')) {
+ free(chlg);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Retrieve realm string from the challenge */
+ if(!auth_digest_get_key_value((char *) chlg, "realm=\"", realm, rlen,
+ '\"')) {
+ /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
+ strcpy(realm, "");
+ }
+
+ /* Retrieve algorithm string from the challenge */
+ if(!auth_digest_get_key_value((char *) chlg, "algorithm=", alg, alen, ',')) {
+ free(chlg);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Retrieve qop-options string from the challenge */
+ if(!auth_digest_get_key_value((char *) chlg, "qop=\"", qop, qlen, '\"')) {
+ free(chlg);
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ free(chlg);
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_is_digest_supported()
+ *
+ * This is used to evaluate if DIGEST is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE as DIGEST as handled by libcurl.
+ */
+bool Curl_auth_is_digest_supported(void)
+{
+ return TRUE;
+}
+
+/*
+ * Curl_auth_create_digest_md5_message()
+ *
+ * This is used to generate an already encoded DIGEST-MD5 response message
+ * ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * chlg64 [in] - The base64 encoded challenge message.
+ * userp [in] - The user name.
+ * passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
+ const char *chlg64,
+ const char *userp,
+ const char *passwdp,
+ const char *service,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ size_t i;
+ MD5_context *ctxt;
+ char *response = NULL;
+ unsigned char digest[MD5_DIGEST_LEN];
+ char HA1_hex[2 * MD5_DIGEST_LEN + 1];
+ char HA2_hex[2 * MD5_DIGEST_LEN + 1];
+ char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
+ char nonce[64];
+ char realm[128];
+ char algorithm[64];
+ char qop_options[64];
+ int qop_values;
+ char cnonce[33];
+ char nonceCount[] = "00000001";
+ char method[] = "AUTHENTICATE";
+ char qop[] = DIGEST_QOP_VALUE_STRING_AUTH;
+ char *spn = NULL;
+
+ /* Decode the challenge message */
+ result = auth_decode_digest_md5_message(chlg64, nonce, sizeof(nonce),
+ realm, sizeof(realm),
+ algorithm, sizeof(algorithm),
+ qop_options, sizeof(qop_options));
+ if(result)
+ return result;
+
+ /* We only support md5 sessions */
+ if(strcmp(algorithm, "md5-sess") != 0)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ /* Get the qop-values from the qop-options */
+ result = auth_digest_get_qop_values(qop_options, &qop_values);
+ if(result)
+ return result;
+
+ /* We only support auth quality-of-protection */
+ if(!(qop_values & DIGEST_QOP_VALUE_AUTH))
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ /* Generate 32 random hex chars, 32 bytes + 1 zero termination */
+ result = Curl_rand_hex(data, (unsigned char *)cnonce, sizeof(cnonce));
+ if(result)
+ return result;
+
+ /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
+ ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+ if(!ctxt)
+ return CURLE_OUT_OF_MEMORY;
+
+ Curl_MD5_update(ctxt, (const unsigned char *) userp,
+ curlx_uztoui(strlen(userp)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) realm,
+ curlx_uztoui(strlen(realm)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
+ curlx_uztoui(strlen(passwdp)));
+ Curl_MD5_final(ctxt, digest);
+
+ ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+ if(!ctxt)
+ return CURLE_OUT_OF_MEMORY;
+
+ Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+ curlx_uztoui(strlen(nonce)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+ curlx_uztoui(strlen(cnonce)));
+ Curl_MD5_final(ctxt, digest);
+
+ /* Convert calculated 16 octet hex into 32 bytes string */
+ for(i = 0; i < MD5_DIGEST_LEN; i++)
+ snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
+
+ /* Generate our SPN */
+ spn = Curl_auth_build_spn(service, realm, NULL);
+ if(!spn)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Calculate H(A2) */
+ ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+ if(!ctxt) {
+ free(spn);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ Curl_MD5_update(ctxt, (const unsigned char *) method,
+ curlx_uztoui(strlen(method)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) spn,
+ curlx_uztoui(strlen(spn)));
+ Curl_MD5_final(ctxt, digest);
+
+ for(i = 0; i < MD5_DIGEST_LEN; i++)
+ snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
+
+ /* Now calculate the response hash */
+ ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+ if(!ctxt) {
+ free(spn);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+ curlx_uztoui(strlen(nonce)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+ Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
+ curlx_uztoui(strlen(nonceCount)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+ curlx_uztoui(strlen(cnonce)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+ Curl_MD5_update(ctxt, (const unsigned char *) qop,
+ curlx_uztoui(strlen(qop)));
+ Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+ Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
+ Curl_MD5_final(ctxt, digest);
+
+ for(i = 0; i < MD5_DIGEST_LEN; i++)
+ snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
+
+ /* Generate the response */
+ response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
+ "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s,"
+ "qop=%s",
+ userp, realm, nonce,
+ cnonce, nonceCount, spn, resp_hash_hex, qop);
+ free(spn);
+ if(!response)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, response, 0, outptr, outlen);
+
+ free(response);
+
+ return result;
+}
+
+/*
+ * Curl_auth_decode_digest_http_message()
+ *
+ * This is used to decode a HTTP DIGEST challenge message into the separate
+ * attributes.
+ *
+ * Parameters:
+ *
+ * chlg [in] - The challenge message.
+ * digest [in/out] - The digest data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
+ struct digestdata *digest)
+{
+ bool before = FALSE; /* got a nonce before */
+ bool foundAuth = FALSE;
+ bool foundAuthInt = FALSE;
+ char *token = NULL;
+ char *tmp = NULL;
+
+ /* If we already have received a nonce, keep that in mind */
+ if(digest->nonce)
+ before = TRUE;
+
+ /* Clean up any former leftovers and initialise to defaults */
+ Curl_auth_digest_cleanup(digest);
+
+ for(;;) {
+ char value[DIGEST_MAX_VALUE_LENGTH];
+ char content[DIGEST_MAX_CONTENT_LENGTH];
+
+ /* Pass all additional spaces here */
+ while(*chlg && ISSPACE(*chlg))
+ chlg++;
+
+ /* Extract a value=content pair */
+ if(Curl_auth_digest_get_pair(chlg, value, content, &chlg)) {
+ if(strcasecompare(value, "nonce")) {
+ free(digest->nonce);
+ digest->nonce = strdup(content);
+ if(!digest->nonce)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else if(strcasecompare(value, "stale")) {
+ if(strcasecompare(content, "true")) {
+ digest->stale = TRUE;
+ digest->nc = 1; /* we make a new nonce now */
+ }
+ }
+ else if(strcasecompare(value, "realm")) {
+ free(digest->realm);
+ digest->realm = strdup(content);
+ if(!digest->realm)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else if(strcasecompare(value, "opaque")) {
+ free(digest->opaque);
+ digest->opaque = strdup(content);
+ if(!digest->opaque)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else if(strcasecompare(value, "qop")) {
+ char *tok_buf = NULL;
+ /* Tokenize the list and choose auth if possible, use a temporary
+ clone of the buffer since strtok_r() ruins it */
+ tmp = strdup(content);
+ if(!tmp)
+ return CURLE_OUT_OF_MEMORY;
+
+ token = strtok_r(tmp, ",", &tok_buf);
+ while(token != NULL) {
+ if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH)) {
+ foundAuth = TRUE;
+ }
+ else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_INT)) {
+ foundAuthInt = TRUE;
+ }
+ token = strtok_r(NULL, ",", &tok_buf);
+ }
+
+ free(tmp);
+
+ /* Select only auth or auth-int. Otherwise, ignore */
+ if(foundAuth) {
+ free(digest->qop);
+ digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH);
+ if(!digest->qop)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else if(foundAuthInt) {
+ free(digest->qop);
+ digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH_INT);
+ if(!digest->qop)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ else if(strcasecompare(value, "algorithm")) {
+ free(digest->algorithm);
+ digest->algorithm = strdup(content);
+ if(!digest->algorithm)
+ return CURLE_OUT_OF_MEMORY;
+
+ if(strcasecompare(content, "MD5-sess"))
+ digest->algo = CURLDIGESTALGO_MD5SESS;
+ else if(strcasecompare(content, "MD5"))
+ digest->algo = CURLDIGESTALGO_MD5;
+ else if(strcasecompare(content, "SHA-256"))
+ digest->algo = CURLDIGESTALGO_SHA256;
+ else if(strcasecompare(content, "SHA-256-SESS"))
+ digest->algo = CURLDIGESTALGO_SHA256SESS;
+ else if(strcasecompare(content, "SHA-512-256"))
+ digest->algo = CURLDIGESTALGO_SHA512_256;
+ else if(strcasecompare(content, "SHA-512-256-SESS"))
+ digest->algo = CURLDIGESTALGO_SHA512_256SESS;
+ else
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+ else if(strcasecompare(value, "userhash")) {
+ if(strcasecompare(content, "true")) {
+ digest->userhash = TRUE;
+ }
+ }
+ else {
+ /* Unknown specifier, ignore it! */
+ }
+ }
+ else
+ break; /* We're done here */
+
+ /* Pass all additional spaces here */
+ while(*chlg && ISSPACE(*chlg))
+ chlg++;
+
+ /* Allow the list to be comma-separated */
+ if(',' == *chlg)
+ chlg++;
+ }
+
+ /* We had a nonce since before, and we got another one now without
+ 'stale=true'. This means we provided bad credentials in the previous
+ request */
+ if(before && !digest->stale)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ /* We got this header without a nonce, that's a bad Digest line! */
+ if(!digest->nonce)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ return CURLE_OK;
+}
+
+/*
+ * _Curl_auth_create_digest_http_message()
+ *
+ * This is used to generate a HTTP DIGEST response message ready for sending
+ * to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name.
+ * passdwp [in] - The user's password.
+ * request [in] - The HTTP request.
+ * uripath [in] - The path of the HTTP uri.
+ * digest [in/out] - The digest data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+static CURLcode _Curl_auth_create_digest_http_message(
+ struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ const unsigned char *request,
+ const unsigned char *uripath,
+ struct digestdata *digest,
+ char **outptr, size_t *outlen,
+ void (*convert_to_ascii)(unsigned char *, unsigned char *),
+ void (*hash)(unsigned char *, const unsigned char *))
+{
+ CURLcode result;
+ unsigned char hashbuf[32]; /* 32 bytes/256 bits */
+ unsigned char request_digest[65];
+ unsigned char *hashthis;
+ unsigned char ha1[65]; /* 64 digits and 1 zero byte */
+ unsigned char ha2[65]; /* 64 digits and 1 zero byte */
+ char userh[65];
+ char cnoncebuf[33];
+ char *cnonce = NULL;
+ size_t cnonce_sz = 0;
+ char *userp_quoted;
+ char *response = NULL;
+ char *tmp = NULL;
+
+ if(!digest->nc)
+ digest->nc = 1;
+
+ if(!digest->cnonce) {
+ result = Curl_rand_hex(data, (unsigned char *)cnoncebuf,
+ sizeof(cnoncebuf));
+ if(result)
+ return result;
+
+ result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
+ &cnonce, &cnonce_sz);
+ if(result)
+ return result;
+
+ digest->cnonce = cnonce;
+ }
+
+ if(digest->userhash) {
+ hashthis = (unsigned char *) aprintf("%s:%s", userp, digest->realm);
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis);
+ hash(hashbuf, hashthis);
+ free(hashthis);
+ convert_to_ascii(hashbuf, (unsigned char *)userh);
+ }
+
+ /*
+ If the algorithm is "MD5" or unspecified (which then defaults to MD5):
+
+ A1 = unq(username-value) ":" unq(realm-value) ":" passwd
+
+ If the algorithm is "MD5-sess" then:
+
+ A1 = H(unq(username-value) ":" unq(realm-value) ":" passwd) ":"
+ unq(nonce-value) ":" unq(cnonce-value)
+ */
+
+ hashthis = (unsigned char *)
+ aprintf("%s:%s:%s", digest->userhash ? userh : userp,
+ digest->realm, passwdp);
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
+ hash(hashbuf, hashthis);
+ free(hashthis);
+ convert_to_ascii(hashbuf, ha1);
+
+ if(digest->algo == CURLDIGESTALGO_MD5SESS ||
+ digest->algo == CURLDIGESTALGO_SHA256SESS ||
+ digest->algo == CURLDIGESTALGO_SHA512_256SESS) {
+ /* nonce and cnonce are OUTSIDE the hash */
+ tmp = aprintf("%s:%s:%s", ha1, digest->nonce, digest->cnonce);
+ if(!tmp)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */
+ hash(hashbuf, (unsigned char *) tmp);
+ free(tmp);
+ convert_to_ascii(hashbuf, ha1);
+ }
+
+ /*
+ If the "qop" directive's value is "auth" or is unspecified, then A2 is:
+
+ A2 = Method ":" digest-uri-value
+
+ If the "qop" value is "auth-int", then A2 is:
+
+ A2 = Method ":" digest-uri-value ":" H(entity-body)
+
+ (The "Method" value is the HTTP request method as specified in section
+ 5.1.1 of RFC 2616)
+ */
+
+ hashthis = (unsigned char *) aprintf("%s:%s", request, uripath);
+
+ if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
+ /* We don't support auth-int for PUT or POST at the moment.
+ TODO: replace hash of empty string with entity-body for PUT/POST */
+ char hashed[65];
+ unsigned char *hashthis2;
+
+ hash(hashbuf, (const unsigned char *)"");
+ convert_to_ascii(hashbuf, (unsigned char *)hashed);
+
+ hashthis2 = (unsigned char *)aprintf("%s:%s", hashthis, hashed);
+ free(hashthis);
+ hashthis = hashthis2;
+ }
+
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
+ hash(hashbuf, hashthis);
+ free(hashthis);
+ convert_to_ascii(hashbuf, ha2);
+
+ if(digest->qop) {
+ hashthis = (unsigned char *) aprintf("%s:%s:%08x:%s:%s:%s",
+ ha1,
+ digest->nonce,
+ digest->nc,
+ digest->cnonce,
+ digest->qop,
+ ha2);
+ }
+ else {
+ hashthis = (unsigned char *) aprintf("%s:%s:%s",
+ ha1,
+ digest->nonce,
+ ha2);
+ }
+
+ if(!hashthis)
+ return CURLE_OUT_OF_MEMORY;
+
+ CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */
+ hash(hashbuf, hashthis);
+ free(hashthis);
+ convert_to_ascii(hashbuf, request_digest);
+
+ /* For test case 64 (snooped from a Mozilla 1.3a request)
+
+ Authorization: Digest username="testuser", realm="testrealm", \
+ nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
+
+ Digest parameters are all quoted strings. Username which is provided by
+ the user will need double quotes and backslashes within it escaped. For
+ the other fields, this shouldn't be an issue. realm, nonce, and opaque
+ are copied as is from the server, escapes and all. cnonce is generated
+ with web-safe characters. uri is already percent encoded. nc is 8 hex
+ characters. algorithm and qop with standard values only contain web-safe
+ characters.
+ */
+ userp_quoted = auth_digest_string_quoted(digest->userhash ? userh : userp);
+ if(!userp_quoted)
+ return CURLE_OUT_OF_MEMORY;
+
+ if(digest->qop) {
+ response = aprintf("username=\"%s\", "
+ "realm=\"%s\", "
+ "nonce=\"%s\", "
+ "uri=\"%s\", "
+ "cnonce=\"%s\", "
+ "nc=%08x, "
+ "qop=%s, "
+ "response=\"%s\"",
+ userp_quoted,
+ digest->realm,
+ digest->nonce,
+ uripath,
+ digest->cnonce,
+ digest->nc,
+ digest->qop,
+ request_digest);
+
+ if(strcasecompare(digest->qop, "auth"))
+ digest->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0
+ padded which tells to the server how many times you are
+ using the same nonce in the qop=auth mode */
+ }
+ else {
+ response = aprintf("username=\"%s\", "
+ "realm=\"%s\", "
+ "nonce=\"%s\", "
+ "uri=\"%s\", "
+ "response=\"%s\"",
+ userp_quoted,
+ digest->realm,
+ digest->nonce,
+ uripath,
+ request_digest);
+ }
+ free(userp_quoted);
+ if(!response)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Add the optional fields */
+ if(digest->opaque) {
+ /* Append the opaque */
+ tmp = aprintf("%s, opaque=\"%s\"", response, digest->opaque);
+ free(response);
+ if(!tmp)
+ return CURLE_OUT_OF_MEMORY;
+
+ response = tmp;
+ }
+
+ if(digest->algorithm) {
+ /* Append the algorithm */
+ tmp = aprintf("%s, algorithm=\"%s\"", response, digest->algorithm);
+ free(response);
+ if(!tmp)
+ return CURLE_OUT_OF_MEMORY;
+
+ response = tmp;
+ }
+
+ if(digest->userhash) {
+ /* Append the userhash */
+ tmp = aprintf("%s, userhash=true", response);
+ free(response);
+ if(!tmp)
+ return CURLE_OUT_OF_MEMORY;
+
+ response = tmp;
+ }
+
+ /* Return the output */
+ *outptr = response;
+ *outlen = strlen(response);
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_create_digest_http_message()
+ *
+ * This is used to generate a HTTP DIGEST response message ready for sending
+ * to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name.
+ * passdwp [in] - The user's password.
+ * request [in] - The HTTP request.
+ * uripath [in] - The path of the HTTP uri.
+ * digest [in/out] - The digest data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ const unsigned char *request,
+ const unsigned char *uripath,
+ struct digestdata *digest,
+ char **outptr, size_t *outlen)
+{
+ switch(digest->algo) {
+ case CURLDIGESTALGO_MD5:
+ case CURLDIGESTALGO_MD5SESS:
+ return _Curl_auth_create_digest_http_message(data, userp, passwdp,
+ request, uripath, digest,
+ outptr, outlen,
+ auth_digest_md5_to_ascii,
+ Curl_md5it);
+
+ case CURLDIGESTALGO_SHA256:
+ case CURLDIGESTALGO_SHA256SESS:
+ case CURLDIGESTALGO_SHA512_256:
+ case CURLDIGESTALGO_SHA512_256SESS:
+ return _Curl_auth_create_digest_http_message(data, userp, passwdp,
+ request, uripath, digest,
+ outptr, outlen,
+ auth_digest_sha256_to_ascii,
+ Curl_sha256it);
+
+ default:
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ }
+}
+
+/*
+ * Curl_auth_digest_cleanup()
+ *
+ * This is used to clean up the digest specific data.
+ *
+ * Parameters:
+ *
+ * digest [in/out] - The digest data struct being cleaned up.
+ *
+ */
+void Curl_auth_digest_cleanup(struct digestdata *digest)
+{
+ Curl_safefree(digest->nonce);
+ Curl_safefree(digest->cnonce);
+ Curl_safefree(digest->realm);
+ Curl_safefree(digest->opaque);
+ Curl_safefree(digest->qop);
+ Curl_safefree(digest->algorithm);
+
+ digest->nc = 0;
+ digest->algo = CURLDIGESTALGO_MD5; /* default algorithm */
+ digest->stale = FALSE; /* default means normal, not stale */
+ digest->userhash = FALSE;
+}
+#endif /* !USE_WINDOWS_SSPI */
+
+#endif /* CURL_DISABLE_CRYPTO_AUTH */
diff --git a/libs/libcurl/src/vauth/digest.h b/libs/libcurl/src/vauth/digest.h
new file mode 100644
index 0000000000..8686c44a42
--- /dev/null
+++ b/libs/libcurl/src/vauth/digest.h
@@ -0,0 +1,47 @@
+#ifndef HEADER_CURL_DIGEST_H
+#define HEADER_CURL_DIGEST_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <curl/curl.h>
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+
+#define DIGEST_MAX_VALUE_LENGTH 256
+#define DIGEST_MAX_CONTENT_LENGTH 1024
+
+enum {
+ CURLDIGESTALGO_MD5,
+ CURLDIGESTALGO_MD5SESS,
+ CURLDIGESTALGO_SHA256,
+ CURLDIGESTALGO_SHA256SESS,
+ CURLDIGESTALGO_SHA512_256,
+ CURLDIGESTALGO_SHA512_256SESS
+};
+
+/* This is used to extract the realm from a challenge message */
+bool Curl_auth_digest_get_pair(const char *str, char *value, char *content,
+ const char **endptr);
+
+#endif
+
+#endif /* HEADER_CURL_DIGEST_H */
diff --git a/libs/libcurl/src/vauth/digest_sspi.c b/libs/libcurl/src/vauth/digest_sspi.c
new file mode 100644
index 0000000000..a3f96ed245
--- /dev/null
+++ b/libs/libcurl/src/vauth/digest_sspi.c
@@ -0,0 +1,669 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2015 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2831 DIGEST-MD5 authentication
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_WINDOWS_SSPI) && !defined(CURL_DISABLE_CRYPTO_AUTH)
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "vauth/digest.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "warnless.h"
+#include "curl_multibyte.h"
+#include "sendf.h"
+#include "strdup.h"
+#include "strcase.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+* Curl_auth_is_digest_supported()
+*
+* This is used to evaluate if DIGEST is supported.
+*
+* Parameters: None
+*
+* Returns TRUE if DIGEST is supported by Windows SSPI.
+*/
+bool Curl_auth_is_digest_supported(void)
+{
+ PSecPkgInfo SecurityPackage;
+ SECURITY_STATUS status;
+
+ /* Query the security package for Digest */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
+ &SecurityPackage);
+
+ return (status == SEC_E_OK ? TRUE : FALSE);
+}
+
+/*
+ * Curl_auth_create_digest_md5_message()
+ *
+ * This is used to generate an already encoded DIGEST-MD5 response message
+ * ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * chlg64 [in] - The base64 encoded challenge message.
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
+ const char *chlg64,
+ const char *userp,
+ const char *passwdp,
+ const char *service,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ TCHAR *spn = NULL;
+ size_t chlglen = 0;
+ size_t token_max = 0;
+ unsigned char *input_token = NULL;
+ unsigned char *output_token = NULL;
+ CredHandle credentials;
+ CtxtHandle context;
+ PSecPkgInfo SecurityPackage;
+ SEC_WINNT_AUTH_IDENTITY identity;
+ SEC_WINNT_AUTH_IDENTITY *p_identity;
+ SecBuffer chlg_buf;
+ SecBuffer resp_buf;
+ SecBufferDesc chlg_desc;
+ SecBufferDesc resp_desc;
+ SECURITY_STATUS status;
+ unsigned long attrs;
+ TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+
+ /* Decode the base-64 encoded challenge message */
+ if(strlen(chlg64) && *chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &input_token, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!input_token) {
+ infof(data, "DIGEST-MD5 handshake failure (empty challenge message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Query the security package for DigestSSP */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
+ &SecurityPackage);
+ if(status != SEC_E_OK) {
+ free(input_token);
+
+ return CURLE_NOT_BUILT_IN;
+ }
+
+ token_max = SecurityPackage->cbMaxToken;
+
+ /* Release the package buffer as it is not required anymore */
+ s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+ /* Allocate our response buffer */
+ output_token = malloc(token_max);
+ if(!output_token) {
+ free(input_token);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Generate our SPN */
+ spn = Curl_auth_build_spn(service, data->easy_conn->host.name, NULL);
+ if(!spn) {
+ free(output_token);
+ free(input_token);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(userp && *userp) {
+ /* Populate our identity structure */
+ result = Curl_create_sspi_identity(userp, passwdp, &identity);
+ if(result) {
+ free(spn);
+ free(output_token);
+ free(input_token);
+
+ return result;
+ }
+
+ /* Allow proper cleanup of the identity structure */
+ p_identity = &identity;
+ }
+ else
+ /* Use the current Windows user */
+ p_identity = NULL;
+
+ /* Acquire our credentials handle */
+ status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ (TCHAR *) TEXT(SP_NAME_DIGEST),
+ SECPKG_CRED_OUTBOUND, NULL,
+ p_identity, NULL, NULL,
+ &credentials, &expiry);
+
+ if(status != SEC_E_OK) {
+ Curl_sspi_free_identity(p_identity);
+ free(spn);
+ free(output_token);
+ free(input_token);
+
+ return CURLE_LOGIN_DENIED;
+ }
+
+ /* Setup the challenge "input" security buffer */
+ chlg_desc.ulVersion = SECBUFFER_VERSION;
+ chlg_desc.cBuffers = 1;
+ chlg_desc.pBuffers = &chlg_buf;
+ chlg_buf.BufferType = SECBUFFER_TOKEN;
+ chlg_buf.pvBuffer = input_token;
+ chlg_buf.cbBuffer = curlx_uztoul(chlglen);
+
+ /* Setup the response "output" security buffer */
+ resp_desc.ulVersion = SECBUFFER_VERSION;
+ resp_desc.cBuffers = 1;
+ resp_desc.pBuffers = &resp_buf;
+ resp_buf.BufferType = SECBUFFER_TOKEN;
+ resp_buf.pvBuffer = output_token;
+ resp_buf.cbBuffer = curlx_uztoul(token_max);
+
+ /* Generate our response message */
+ status = s_pSecFn->InitializeSecurityContext(&credentials, NULL, spn,
+ 0, 0, 0, &chlg_desc, 0,
+ &context, &resp_desc, &attrs,
+ &expiry);
+
+ if(status == SEC_I_COMPLETE_NEEDED ||
+ status == SEC_I_COMPLETE_AND_CONTINUE)
+ s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
+ else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
+ s_pSecFn->FreeCredentialsHandle(&credentials);
+ Curl_sspi_free_identity(p_identity);
+ free(spn);
+ free(output_token);
+ free(input_token);
+
+ return CURLE_RECV_ERROR;
+ }
+
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, (char *) output_token, resp_buf.cbBuffer,
+ outptr, outlen);
+
+ /* Free our handles */
+ s_pSecFn->DeleteSecurityContext(&context);
+ s_pSecFn->FreeCredentialsHandle(&credentials);
+
+ /* Free the identity structure */
+ Curl_sspi_free_identity(p_identity);
+
+ /* Free the SPN */
+ free(spn);
+
+ /* Free the response buffer */
+ free(output_token);
+
+ /* Free the decoded challenge message */
+ free(input_token);
+
+ return result;
+}
+
+/*
+ * Curl_override_sspi_http_realm()
+ *
+ * This is used to populate the domain in a SSPI identity structure
+ * The realm is extracted from the challenge message and used as the
+ * domain if it is not already explicitly set.
+ *
+ * Parameters:
+ *
+ * chlg [in] - The challenge message.
+ * identity [in/out] - The identity structure.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_override_sspi_http_realm(const char *chlg,
+ SEC_WINNT_AUTH_IDENTITY *identity)
+{
+ xcharp_u domain, dup_domain;
+
+ /* If domain is blank or unset, check challenge message for realm */
+ if(!identity->Domain || !identity->DomainLength) {
+ for(;;) {
+ char value[DIGEST_MAX_VALUE_LENGTH];
+ char content[DIGEST_MAX_CONTENT_LENGTH];
+
+ /* Pass all additional spaces here */
+ while(*chlg && ISSPACE(*chlg))
+ chlg++;
+
+ /* Extract a value=content pair */
+ if(Curl_auth_digest_get_pair(chlg, value, content, &chlg)) {
+ if(strcasecompare(value, "realm")) {
+
+ /* Setup identity's domain and length */
+ domain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *) content);
+ if(!domain.tchar_ptr)
+ return CURLE_OUT_OF_MEMORY;
+
+ dup_domain.tchar_ptr = _tcsdup(domain.tchar_ptr);
+ if(!dup_domain.tchar_ptr) {
+ Curl_unicodefree(domain.tchar_ptr);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ free(identity->Domain);
+ identity->Domain = dup_domain.tbyte_ptr;
+ identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr));
+ dup_domain.tchar_ptr = NULL;
+
+ Curl_unicodefree(domain.tchar_ptr);
+ }
+ else {
+ /* Unknown specifier, ignore it! */
+ }
+ }
+ else
+ break; /* We're done here */
+
+ /* Pass all additional spaces here */
+ while(*chlg && ISSPACE(*chlg))
+ chlg++;
+
+ /* Allow the list to be comma-separated */
+ if(',' == *chlg)
+ chlg++;
+ }
+ }
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_decode_digest_http_message()
+ *
+ * This is used to decode a HTTP DIGEST challenge message into the separate
+ * attributes.
+ *
+ * Parameters:
+ *
+ * chlg [in] - The challenge message.
+ * digest [in/out] - The digest data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
+ struct digestdata *digest)
+{
+ size_t chlglen = strlen(chlg);
+
+ /* We had an input token before so if there's another one now that means we
+ provided bad credentials in the previous request or it's stale. */
+ if(digest->input_token) {
+ bool stale = false;
+ const char *p = chlg;
+
+ /* Check for the 'stale' directive */
+ for(;;) {
+ char value[DIGEST_MAX_VALUE_LENGTH];
+ char content[DIGEST_MAX_CONTENT_LENGTH];
+
+ while(*p && ISSPACE(*p))
+ p++;
+
+ if(!Curl_auth_digest_get_pair(p, value, content, &p))
+ break;
+
+ if(strcasecompare(value, "stale") &&
+ strcasecompare(content, "true")) {
+ stale = true;
+ break;
+ }
+
+ while(*p && ISSPACE(*p))
+ p++;
+
+ if(',' == *p)
+ p++;
+ }
+
+ if(stale)
+ Curl_auth_digest_cleanup(digest);
+ else
+ return CURLE_LOGIN_DENIED;
+ }
+
+ /* Store the challenge for use later */
+ digest->input_token = (BYTE *) Curl_memdup(chlg, chlglen + 1);
+ if(!digest->input_token)
+ return CURLE_OUT_OF_MEMORY;
+
+ digest->input_token_len = chlglen;
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_create_digest_http_message()
+ *
+ * This is used to generate a HTTP DIGEST response message ready for sending
+ * to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * request [in] - The HTTP request.
+ * uripath [in] - The path of the HTTP uri.
+ * digest [in/out] - The digest data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ const unsigned char *request,
+ const unsigned char *uripath,
+ struct digestdata *digest,
+ char **outptr, size_t *outlen)
+{
+ size_t token_max;
+ char *resp;
+ BYTE *output_token;
+ size_t output_token_len = 0;
+ PSecPkgInfo SecurityPackage;
+ SecBuffer chlg_buf[5];
+ SecBufferDesc chlg_desc;
+ SECURITY_STATUS status;
+
+ (void) data;
+
+ /* Query the security package for DigestSSP */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_DIGEST),
+ &SecurityPackage);
+ if(status != SEC_E_OK)
+ return CURLE_NOT_BUILT_IN;
+
+ token_max = SecurityPackage->cbMaxToken;
+
+ /* Release the package buffer as it is not required anymore */
+ s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+ /* Allocate the output buffer according to the max token size as indicated
+ by the security package */
+ output_token = malloc(token_max);
+ if(!output_token) {
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* If the user/passwd that was used to make the identity for http_context
+ has changed then delete that context. */
+ if((userp && !digest->user) || (!userp && digest->user) ||
+ (passwdp && !digest->passwd) || (!passwdp && digest->passwd) ||
+ (userp && digest->user && strcmp(userp, digest->user)) ||
+ (passwdp && digest->passwd && strcmp(passwdp, digest->passwd))) {
+ if(digest->http_context) {
+ s_pSecFn->DeleteSecurityContext(digest->http_context);
+ Curl_safefree(digest->http_context);
+ }
+ Curl_safefree(digest->user);
+ Curl_safefree(digest->passwd);
+ }
+
+ if(digest->http_context) {
+ chlg_desc.ulVersion = SECBUFFER_VERSION;
+ chlg_desc.cBuffers = 5;
+ chlg_desc.pBuffers = chlg_buf;
+ chlg_buf[0].BufferType = SECBUFFER_TOKEN;
+ chlg_buf[0].pvBuffer = NULL;
+ chlg_buf[0].cbBuffer = 0;
+ chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
+ chlg_buf[1].pvBuffer = (void *) request;
+ chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
+ chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
+ chlg_buf[2].pvBuffer = (void *) uripath;
+ chlg_buf[2].cbBuffer = curlx_uztoul(strlen((const char *) uripath));
+ chlg_buf[3].BufferType = SECBUFFER_PKG_PARAMS;
+ chlg_buf[3].pvBuffer = NULL;
+ chlg_buf[3].cbBuffer = 0;
+ chlg_buf[4].BufferType = SECBUFFER_PADDING;
+ chlg_buf[4].pvBuffer = output_token;
+ chlg_buf[4].cbBuffer = curlx_uztoul(token_max);
+
+ status = s_pSecFn->MakeSignature(digest->http_context, 0, &chlg_desc, 0);
+ if(status == SEC_E_OK)
+ output_token_len = chlg_buf[4].cbBuffer;
+ else { /* delete the context so a new one can be made */
+ infof(data, "digest_sspi: MakeSignature failed, error 0x%08lx\n",
+ (long)status);
+ s_pSecFn->DeleteSecurityContext(digest->http_context);
+ Curl_safefree(digest->http_context);
+ }
+ }
+
+ if(!digest->http_context) {
+ CredHandle credentials;
+ SEC_WINNT_AUTH_IDENTITY identity;
+ SEC_WINNT_AUTH_IDENTITY *p_identity;
+ SecBuffer resp_buf;
+ SecBufferDesc resp_desc;
+ unsigned long attrs;
+ TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+ TCHAR *spn;
+
+ /* free the copy of user/passwd used to make the previous identity */
+ Curl_safefree(digest->user);
+ Curl_safefree(digest->passwd);
+
+ if(userp && *userp) {
+ /* Populate our identity structure */
+ if(Curl_create_sspi_identity(userp, passwdp, &identity)) {
+ free(output_token);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Populate our identity domain */
+ if(Curl_override_sspi_http_realm((const char *) digest->input_token,
+ &identity)) {
+ free(output_token);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Allow proper cleanup of the identity structure */
+ p_identity = &identity;
+ }
+ else
+ /* Use the current Windows user */
+ p_identity = NULL;
+
+ if(userp) {
+ digest->user = strdup(userp);
+
+ if(!digest->user) {
+ free(output_token);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+
+ if(passwdp) {
+ digest->passwd = strdup(passwdp);
+
+ if(!digest->passwd) {
+ free(output_token);
+ Curl_safefree(digest->user);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+
+ /* Acquire our credentials handle */
+ status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ (TCHAR *) TEXT(SP_NAME_DIGEST),
+ SECPKG_CRED_OUTBOUND, NULL,
+ p_identity, NULL, NULL,
+ &credentials, &expiry);
+ if(status != SEC_E_OK) {
+ Curl_sspi_free_identity(p_identity);
+ free(output_token);
+
+ return CURLE_LOGIN_DENIED;
+ }
+
+ /* Setup the challenge "input" security buffer if present */
+ chlg_desc.ulVersion = SECBUFFER_VERSION;
+ chlg_desc.cBuffers = 3;
+ chlg_desc.pBuffers = chlg_buf;
+ chlg_buf[0].BufferType = SECBUFFER_TOKEN;
+ chlg_buf[0].pvBuffer = digest->input_token;
+ chlg_buf[0].cbBuffer = curlx_uztoul(digest->input_token_len);
+ chlg_buf[1].BufferType = SECBUFFER_PKG_PARAMS;
+ chlg_buf[1].pvBuffer = (void *) request;
+ chlg_buf[1].cbBuffer = curlx_uztoul(strlen((const char *) request));
+ chlg_buf[2].BufferType = SECBUFFER_PKG_PARAMS;
+ chlg_buf[2].pvBuffer = NULL;
+ chlg_buf[2].cbBuffer = 0;
+
+ /* Setup the response "output" security buffer */
+ resp_desc.ulVersion = SECBUFFER_VERSION;
+ resp_desc.cBuffers = 1;
+ resp_desc.pBuffers = &resp_buf;
+ resp_buf.BufferType = SECBUFFER_TOKEN;
+ resp_buf.pvBuffer = output_token;
+ resp_buf.cbBuffer = curlx_uztoul(token_max);
+
+ spn = Curl_convert_UTF8_to_tchar((char *) uripath);
+ if(!spn) {
+ s_pSecFn->FreeCredentialsHandle(&credentials);
+
+ Curl_sspi_free_identity(p_identity);
+ free(output_token);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Allocate our new context handle */
+ digest->http_context = calloc(1, sizeof(CtxtHandle));
+ if(!digest->http_context)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Generate our response message */
+ status = s_pSecFn->InitializeSecurityContext(&credentials, NULL,
+ spn,
+ ISC_REQ_USE_HTTP_STYLE, 0, 0,
+ &chlg_desc, 0,
+ digest->http_context,
+ &resp_desc, &attrs, &expiry);
+ Curl_unicodefree(spn);
+
+ if(status == SEC_I_COMPLETE_NEEDED ||
+ status == SEC_I_COMPLETE_AND_CONTINUE)
+ s_pSecFn->CompleteAuthToken(&credentials, &resp_desc);
+ else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
+ s_pSecFn->FreeCredentialsHandle(&credentials);
+
+ Curl_sspi_free_identity(p_identity);
+ free(output_token);
+
+ Curl_safefree(digest->http_context);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ output_token_len = resp_buf.cbBuffer;
+
+ s_pSecFn->FreeCredentialsHandle(&credentials);
+ Curl_sspi_free_identity(p_identity);
+ }
+
+ resp = malloc(output_token_len + 1);
+ if(!resp) {
+ free(output_token);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Copy the generated response */
+ memcpy(resp, output_token, output_token_len);
+ resp[output_token_len] = 0;
+
+ /* Return the response */
+ *outptr = resp;
+ *outlen = output_token_len;
+
+ /* Free the response buffer */
+ free(output_token);
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_digest_cleanup()
+ *
+ * This is used to clean up the digest specific data.
+ *
+ * Parameters:
+ *
+ * digest [in/out] - The digest data struct being cleaned up.
+ *
+ */
+void Curl_auth_digest_cleanup(struct digestdata *digest)
+{
+ /* Free the input token */
+ Curl_safefree(digest->input_token);
+
+ /* Reset any variables */
+ digest->input_token_len = 0;
+
+ /* Delete security context */
+ if(digest->http_context) {
+ s_pSecFn->DeleteSecurityContext(digest->http_context);
+ Curl_safefree(digest->http_context);
+ }
+
+ /* Free the copy of user/passwd used to make the identity for http_context */
+ Curl_safefree(digest->user);
+ Curl_safefree(digest->passwd);
+}
+
+#endif /* USE_WINDOWS_SSPI && !CURL_DISABLE_CRYPTO_AUTH */
diff --git a/libs/libcurl/src/vauth/krb5_gssapi.c b/libs/libcurl/src/vauth/krb5_gssapi.c
new file mode 100644
index 0000000000..560ecc5bc0
--- /dev/null
+++ b/libs/libcurl/src/vauth/krb5_gssapi.c
@@ -0,0 +1,401 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014 - 2017, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(HAVE_GSSAPI) && defined(USE_KERBEROS5)
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "curl_sasl.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "curl_gssapi.h"
+#include "sendf.h"
+#include "curl_printf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_is_gssapi_supported()
+ *
+ * This is used to evaluate if GSSAPI (Kerberos V5) is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE if Kerberos V5 is supported by the GSS-API library.
+ */
+bool Curl_auth_is_gssapi_supported(void)
+{
+ return TRUE;
+}
+
+/*
+ * Curl_auth_create_gssapi_user_message()
+ *
+ * This is used to generate an already encoded GSSAPI (Kerberos V5) user token
+ * message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name.
+ * passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * host [in[ - The host name.
+ * mutual_auth [in] - Flag specifying whether or not mutual authentication
+ * is enabled.
+ * chlg64 [in] - Pointer to the optional base64 encoded challenge
+ * message.
+ * krb5 [in/out] - The Kerberos 5 data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ const char *service,
+ const char *host,
+ const bool mutual_auth,
+ const char *chlg64,
+ struct kerberos5data *krb5,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ size_t chlglen = 0;
+ unsigned char *chlg = NULL;
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+ OM_uint32 unused_status;
+ gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+
+ (void) userp;
+ (void) passwdp;
+
+ if(!krb5->spn) {
+ /* Generate our SPN */
+ char *spn = Curl_auth_build_spn(service, NULL, host);
+ if(!spn)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Populate the SPN structure */
+ spn_token.value = spn;
+ spn_token.length = strlen(spn);
+
+ /* Import the SPN */
+ major_status = gss_import_name(&minor_status, &spn_token,
+ GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn);
+ if(GSS_ERROR(major_status)) {
+ Curl_gss_log_error(data, "gss_import_name() failed: ",
+ major_status, minor_status);
+
+ free(spn);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ free(spn);
+ }
+
+ if(chlg64 && *chlg64) {
+ /* Decode the base-64 encoded challenge message */
+ if(*chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!chlg) {
+ infof(data, "GSSAPI handshake failure (empty challenge message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Setup the challenge "input" security buffer */
+ input_token.value = chlg;
+ input_token.length = chlglen;
+ }
+
+ major_status = Curl_gss_init_sec_context(data,
+ &minor_status,
+ &krb5->context,
+ krb5->spn,
+ &Curl_krb5_mech_oid,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &input_token,
+ &output_token,
+ mutual_auth,
+ NULL);
+
+ /* Free the decoded challenge as it is not required anymore */
+ free(input_token.value);
+
+ if(GSS_ERROR(major_status)) {
+ if(output_token.value)
+ gss_release_buffer(&unused_status, &output_token);
+
+ Curl_gss_log_error(data, "gss_init_sec_context() failed: ",
+ major_status, minor_status);
+
+ return CURLE_RECV_ERROR;
+ }
+
+ if(output_token.value && output_token.length) {
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, (char *) output_token.value,
+ output_token.length, outptr, outlen);
+
+ gss_release_buffer(&unused_status, &output_token);
+ }
+ else if(mutual_auth) {
+ *outptr = strdup("");
+ if(!*outptr)
+ result = CURLE_OUT_OF_MEMORY;
+ }
+
+ return result;
+}
+
+/*
+ * Curl_auth_create_gssapi_security_message()
+ *
+ * This is used to generate an already encoded GSSAPI (Kerberos V5) security
+ * token message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * chlg64 [in] - Pointer to the optional base64 encoded challenge message.
+ * krb5 [in/out] - The Kerberos 5 data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
+ const char *chlg64,
+ struct kerberos5data *krb5,
+ char **outptr,
+ size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ size_t chlglen = 0;
+ size_t messagelen = 0;
+ unsigned char *chlg = NULL;
+ unsigned char *message = NULL;
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+ OM_uint32 unused_status;
+ gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+ unsigned int indata = 0;
+ unsigned int outdata = 0;
+ gss_qop_t qop = GSS_C_QOP_DEFAULT;
+ unsigned int sec_layer = 0;
+ unsigned int max_size = 0;
+ gss_name_t username = GSS_C_NO_NAME;
+ gss_buffer_desc username_token;
+
+ /* Decode the base-64 encoded input message */
+ if(strlen(chlg64) && *chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!chlg) {
+ infof(data, "GSSAPI handshake failure (empty security message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Get the fully qualified username back from the context */
+ major_status = gss_inquire_context(&minor_status, krb5->context,
+ &username, NULL, NULL, NULL, NULL,
+ NULL, NULL);
+ if(GSS_ERROR(major_status)) {
+ Curl_gss_log_error(data, "gss_inquire_context() failed: ",
+ major_status, minor_status);
+
+ free(chlg);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Convert the username from internal format to a displayable token */
+ major_status = gss_display_name(&minor_status, username,
+ &username_token, NULL);
+ if(GSS_ERROR(major_status)) {
+ Curl_gss_log_error(data, "gss_display_name() failed: ",
+ major_status, minor_status);
+
+ free(chlg);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Setup the challenge "input" security buffer */
+ input_token.value = chlg;
+ input_token.length = chlglen;
+
+ /* Decrypt the inbound challenge and obtain the qop */
+ major_status = gss_unwrap(&minor_status, krb5->context, &input_token,
+ &output_token, NULL, &qop);
+ if(GSS_ERROR(major_status)) {
+ Curl_gss_log_error(data, "gss_unwrap() failed: ",
+ major_status, minor_status);
+
+ gss_release_buffer(&unused_status, &username_token);
+ free(chlg);
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Not 4 octets long so fail as per RFC4752 Section 3.1 */
+ if(output_token.length != 4) {
+ infof(data, "GSSAPI handshake failure (invalid security data)\n");
+
+ gss_release_buffer(&unused_status, &username_token);
+ free(chlg);
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Copy the data out and free the challenge as it is not required anymore */
+ memcpy(&indata, output_token.value, 4);
+ gss_release_buffer(&unused_status, &output_token);
+ free(chlg);
+
+ /* Extract the security layer */
+ sec_layer = indata & 0x000000FF;
+ if(!(sec_layer & GSSAUTH_P_NONE)) {
+ infof(data, "GSSAPI handshake failure (invalid security layer)\n");
+
+ gss_release_buffer(&unused_status, &username_token);
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Extract the maximum message size the server can receive */
+ max_size = ntohl(indata & 0xFFFFFF00);
+ if(max_size > 0) {
+ /* The server has told us it supports a maximum receive buffer, however, as
+ we don't require one unless we are encrypting data, we tell the server
+ our receive buffer is zero. */
+ max_size = 0;
+ }
+
+ /* Allocate our message */
+ messagelen = sizeof(outdata) + username_token.length + 1;
+ message = malloc(messagelen);
+ if(!message) {
+ gss_release_buffer(&unused_status, &username_token);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Populate the message with the security layer, client supported receive
+ message size and authorization identity including the 0x00 based
+ terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization
+ identity is not terminated with the zero-valued (%x00) octet." it seems
+ necessary to include it. */
+ outdata = htonl(max_size) | sec_layer;
+ memcpy(message, &outdata, sizeof(outdata));
+ memcpy(message + sizeof(outdata), username_token.value,
+ username_token.length);
+ message[messagelen - 1] = '\0';
+
+ /* Free the username token as it is not required anymore */
+ gss_release_buffer(&unused_status, &username_token);
+
+ /* Setup the "authentication data" security buffer */
+ input_token.value = message;
+ input_token.length = messagelen;
+
+ /* Encrypt the data */
+ major_status = gss_wrap(&minor_status, krb5->context, 0,
+ GSS_C_QOP_DEFAULT, &input_token, NULL,
+ &output_token);
+ if(GSS_ERROR(major_status)) {
+ Curl_gss_log_error(data, "gss_wrap() failed: ",
+ major_status, minor_status);
+
+ free(message);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, (char *) output_token.value,
+ output_token.length, outptr, outlen);
+
+ /* Free the output buffer */
+ gss_release_buffer(&unused_status, &output_token);
+
+ /* Free the message buffer */
+ free(message);
+
+ return result;
+}
+
+/*
+ * Curl_auth_gssapi_cleanup()
+ *
+ * This is used to clean up the GSSAPI (Kerberos V5) specific data.
+ *
+ * Parameters:
+ *
+ * krb5 [in/out] - The Kerberos 5 data struct being cleaned up.
+ *
+ */
+void Curl_auth_gssapi_cleanup(struct kerberos5data *krb5)
+{
+ OM_uint32 minor_status;
+
+ /* Free our security context */
+ if(krb5->context != GSS_C_NO_CONTEXT) {
+ gss_delete_sec_context(&minor_status, &krb5->context, GSS_C_NO_BUFFER);
+ krb5->context = GSS_C_NO_CONTEXT;
+ }
+
+ /* Free the SPN */
+ if(krb5->spn != GSS_C_NO_NAME) {
+ gss_release_name(&minor_status, &krb5->spn);
+ krb5->spn = GSS_C_NO_NAME;
+ }
+}
+
+#endif /* HAVE_GSSAPI && USE_KERBEROS5 */
diff --git a/libs/libcurl/src/vauth/krb5_sspi.c b/libs/libcurl/src/vauth/krb5_sspi.c
new file mode 100644
index 0000000000..1b4cef486d
--- /dev/null
+++ b/libs/libcurl/src/vauth/krb5_sspi.c
@@ -0,0 +1,518 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014 - 2017, Steve Holme, <steve_holme@hotmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_WINDOWS_SSPI) && defined(USE_KERBEROS5)
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "warnless.h"
+#include "curl_multibyte.h"
+#include "sendf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_is_gssapi_supported()
+ *
+ * This is used to evaluate if GSSAPI (Kerberos V5) is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE if Kerberos V5 is supported by Windows SSPI.
+ */
+bool Curl_auth_is_gssapi_supported(void)
+{
+ PSecPkgInfo SecurityPackage;
+ SECURITY_STATUS status;
+
+ /* Query the security package for Kerberos */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ TEXT(SP_NAME_KERBEROS),
+ &SecurityPackage);
+
+ return (status == SEC_E_OK ? TRUE : FALSE);
+}
+
+/*
+ * Curl_auth_create_gssapi_user_message()
+ *
+ * This is used to generate an already encoded GSSAPI (Kerberos V5) user token
+ * message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * host [in] - The host name.
+ * mutual_auth [in] - Flag specifying whether or not mutual authentication
+ * is enabled.
+ * chlg64 [in] - The optional base64 encoded challenge message.
+ * krb5 [in/out] - The Kerberos 5 data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ const char *service,
+ const char *host,
+ const bool mutual_auth,
+ const char *chlg64,
+ struct kerberos5data *krb5,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ size_t chlglen = 0;
+ unsigned char *chlg = NULL;
+ CtxtHandle context;
+ PSecPkgInfo SecurityPackage;
+ SecBuffer chlg_buf;
+ SecBuffer resp_buf;
+ SecBufferDesc chlg_desc;
+ SecBufferDesc resp_desc;
+ SECURITY_STATUS status;
+ unsigned long attrs;
+ TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+
+ if(!krb5->spn) {
+ /* Generate our SPN */
+ krb5->spn = Curl_auth_build_spn(service, host, NULL);
+ if(!krb5->spn)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!krb5->output_token) {
+ /* Query the security package for Kerberos */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ TEXT(SP_NAME_KERBEROS),
+ &SecurityPackage);
+ if(status != SEC_E_OK) {
+ return CURLE_NOT_BUILT_IN;
+ }
+
+ krb5->token_max = SecurityPackage->cbMaxToken;
+
+ /* Release the package buffer as it is not required anymore */
+ s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+ /* Allocate our response buffer */
+ krb5->output_token = malloc(krb5->token_max);
+ if(!krb5->output_token)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!krb5->credentials) {
+ /* Do we have credientials to use or are we using single sign-on? */
+ if(userp && *userp) {
+ /* Populate our identity structure */
+ result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity);
+ if(result)
+ return result;
+
+ /* Allow proper cleanup of the identity structure */
+ krb5->p_identity = &krb5->identity;
+ }
+ else
+ /* Use the current Windows user */
+ krb5->p_identity = NULL;
+
+ /* Allocate our credentials handle */
+ krb5->credentials = malloc(sizeof(CredHandle));
+ if(!krb5->credentials)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(krb5->credentials, 0, sizeof(CredHandle));
+
+ /* Acquire our credentials handle */
+ status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ (TCHAR *)
+ TEXT(SP_NAME_KERBEROS),
+ SECPKG_CRED_OUTBOUND, NULL,
+ krb5->p_identity, NULL, NULL,
+ krb5->credentials, &expiry);
+ if(status != SEC_E_OK)
+ return CURLE_LOGIN_DENIED;
+
+ /* Allocate our new context handle */
+ krb5->context = malloc(sizeof(CtxtHandle));
+ if(!krb5->context)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(krb5->context, 0, sizeof(CtxtHandle));
+ }
+
+ if(chlg64 && *chlg64) {
+ /* Decode the base-64 encoded challenge message */
+ if(*chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!chlg) {
+ infof(data, "GSSAPI handshake failure (empty challenge message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Setup the challenge "input" security buffer */
+ chlg_desc.ulVersion = SECBUFFER_VERSION;
+ chlg_desc.cBuffers = 1;
+ chlg_desc.pBuffers = &chlg_buf;
+ chlg_buf.BufferType = SECBUFFER_TOKEN;
+ chlg_buf.pvBuffer = chlg;
+ chlg_buf.cbBuffer = curlx_uztoul(chlglen);
+ }
+
+ /* Setup the response "output" security buffer */
+ resp_desc.ulVersion = SECBUFFER_VERSION;
+ resp_desc.cBuffers = 1;
+ resp_desc.pBuffers = &resp_buf;
+ resp_buf.BufferType = SECBUFFER_TOKEN;
+ resp_buf.pvBuffer = krb5->output_token;
+ resp_buf.cbBuffer = curlx_uztoul(krb5->token_max);
+
+ /* Generate our challenge-response message */
+ status = s_pSecFn->InitializeSecurityContext(krb5->credentials,
+ chlg ? krb5->context : NULL,
+ krb5->spn,
+ (mutual_auth ?
+ ISC_REQ_MUTUAL_AUTH : 0),
+ 0, SECURITY_NATIVE_DREP,
+ chlg ? &chlg_desc : NULL, 0,
+ &context,
+ &resp_desc, &attrs,
+ &expiry);
+
+ /* Free the decoded challenge as it is not required anymore */
+ free(chlg);
+
+ if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
+ return CURLE_RECV_ERROR;
+ }
+
+ if(memcmp(&context, krb5->context, sizeof(context))) {
+ s_pSecFn->DeleteSecurityContext(krb5->context);
+
+ memcpy(krb5->context, &context, sizeof(context));
+ }
+
+ if(resp_buf.cbBuffer) {
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, (char *) resp_buf.pvBuffer,
+ resp_buf.cbBuffer, outptr, outlen);
+ }
+ else if(mutual_auth) {
+ *outptr = strdup("");
+ if(!*outptr)
+ result = CURLE_OUT_OF_MEMORY;
+ }
+
+ return result;
+}
+
+/*
+ * Curl_auth_create_gssapi_security_message()
+ *
+ * This is used to generate an already encoded GSSAPI (Kerberos V5) security
+ * token message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * chlg64 [in] - The optional base64 encoded challenge message.
+ * krb5 [in/out] - The Kerberos 5 data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
+ const char *chlg64,
+ struct kerberos5data *krb5,
+ char **outptr,
+ size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ size_t offset = 0;
+ size_t chlglen = 0;
+ size_t messagelen = 0;
+ size_t appdatalen = 0;
+ unsigned char *chlg = NULL;
+ unsigned char *trailer = NULL;
+ unsigned char *message = NULL;
+ unsigned char *padding = NULL;
+ unsigned char *appdata = NULL;
+ SecBuffer input_buf[2];
+ SecBuffer wrap_buf[3];
+ SecBufferDesc input_desc;
+ SecBufferDesc wrap_desc;
+ unsigned long indata = 0;
+ unsigned long outdata = 0;
+ unsigned long qop = 0;
+ unsigned long sec_layer = 0;
+ unsigned long max_size = 0;
+ SecPkgContext_Sizes sizes;
+ SecPkgCredentials_Names names;
+ SECURITY_STATUS status;
+ char *user_name;
+
+ /* Decode the base-64 encoded input message */
+ if(strlen(chlg64) && *chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!chlg) {
+ infof(data, "GSSAPI handshake failure (empty security message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Get our response size information */
+ status = s_pSecFn->QueryContextAttributes(krb5->context,
+ SECPKG_ATTR_SIZES,
+ &sizes);
+ if(status != SEC_E_OK) {
+ free(chlg);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Get the fully qualified username back from the context */
+ status = s_pSecFn->QueryCredentialsAttributes(krb5->credentials,
+ SECPKG_CRED_ATTR_NAMES,
+ &names);
+ if(status != SEC_E_OK) {
+ free(chlg);
+
+ return CURLE_RECV_ERROR;
+ }
+
+ /* Setup the "input" security buffer */
+ input_desc.ulVersion = SECBUFFER_VERSION;
+ input_desc.cBuffers = 2;
+ input_desc.pBuffers = input_buf;
+ input_buf[0].BufferType = SECBUFFER_STREAM;
+ input_buf[0].pvBuffer = chlg;
+ input_buf[0].cbBuffer = curlx_uztoul(chlglen);
+ input_buf[1].BufferType = SECBUFFER_DATA;
+ input_buf[1].pvBuffer = NULL;
+ input_buf[1].cbBuffer = 0;
+
+ /* Decrypt the inbound challenge and obtain the qop */
+ status = s_pSecFn->DecryptMessage(krb5->context, &input_desc, 0, &qop);
+ if(status != SEC_E_OK) {
+ infof(data, "GSSAPI handshake failure (empty security message)\n");
+
+ free(chlg);
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Not 4 octets long so fail as per RFC4752 Section 3.1 */
+ if(input_buf[1].cbBuffer != 4) {
+ infof(data, "GSSAPI handshake failure (invalid security data)\n");
+
+ free(chlg);
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Copy the data out and free the challenge as it is not required anymore */
+ memcpy(&indata, input_buf[1].pvBuffer, 4);
+ s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer);
+ free(chlg);
+
+ /* Extract the security layer */
+ sec_layer = indata & 0x000000FF;
+ if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) {
+ infof(data, "GSSAPI handshake failure (invalid security layer)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Extract the maximum message size the server can receive */
+ max_size = ntohl(indata & 0xFFFFFF00);
+ if(max_size > 0) {
+ /* The server has told us it supports a maximum receive buffer, however, as
+ we don't require one unless we are encrypting data, we tell the server
+ our receive buffer is zero. */
+ max_size = 0;
+ }
+
+ /* Allocate the trailer */
+ trailer = malloc(sizes.cbSecurityTrailer);
+ if(!trailer)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Convert the user name to UTF8 when operating with Unicode */
+ user_name = Curl_convert_tchar_to_UTF8(names.sUserName);
+ if(!user_name) {
+ free(trailer);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Allocate our message */
+ messagelen = sizeof(outdata) + strlen(user_name) + 1;
+ message = malloc(messagelen);
+ if(!message) {
+ free(trailer);
+ Curl_unicodefree(user_name);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Populate the message with the security layer, client supported receive
+ message size and authorization identity including the 0x00 based
+ terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization
+ identity is not terminated with the zero-valued (%x00) octet." it seems
+ necessary to include it. */
+ outdata = htonl(max_size) | sec_layer;
+ memcpy(message, &outdata, sizeof(outdata));
+ strcpy((char *) message + sizeof(outdata), user_name);
+ Curl_unicodefree(user_name);
+
+ /* Allocate the padding */
+ padding = malloc(sizes.cbBlockSize);
+ if(!padding) {
+ free(message);
+ free(trailer);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Setup the "authentication data" security buffer */
+ wrap_desc.ulVersion = SECBUFFER_VERSION;
+ wrap_desc.cBuffers = 3;
+ wrap_desc.pBuffers = wrap_buf;
+ wrap_buf[0].BufferType = SECBUFFER_TOKEN;
+ wrap_buf[0].pvBuffer = trailer;
+ wrap_buf[0].cbBuffer = sizes.cbSecurityTrailer;
+ wrap_buf[1].BufferType = SECBUFFER_DATA;
+ wrap_buf[1].pvBuffer = message;
+ wrap_buf[1].cbBuffer = curlx_uztoul(messagelen);
+ wrap_buf[2].BufferType = SECBUFFER_PADDING;
+ wrap_buf[2].pvBuffer = padding;
+ wrap_buf[2].cbBuffer = sizes.cbBlockSize;
+
+ /* Encrypt the data */
+ status = s_pSecFn->EncryptMessage(krb5->context, KERB_WRAP_NO_ENCRYPT,
+ &wrap_desc, 0);
+ if(status != SEC_E_OK) {
+ free(padding);
+ free(message);
+ free(trailer);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Allocate the encryption (wrap) buffer */
+ appdatalen = wrap_buf[0].cbBuffer + wrap_buf[1].cbBuffer +
+ wrap_buf[2].cbBuffer;
+ appdata = malloc(appdatalen);
+ if(!appdata) {
+ free(padding);
+ free(message);
+ free(trailer);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Populate the encryption buffer */
+ memcpy(appdata, wrap_buf[0].pvBuffer, wrap_buf[0].cbBuffer);
+ offset += wrap_buf[0].cbBuffer;
+ memcpy(appdata + offset, wrap_buf[1].pvBuffer, wrap_buf[1].cbBuffer);
+ offset += wrap_buf[1].cbBuffer;
+ memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer);
+
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, (char *) appdata, appdatalen, outptr,
+ outlen);
+
+ /* Free all of our local buffers */
+ free(appdata);
+ free(padding);
+ free(message);
+ free(trailer);
+
+ return result;
+}
+
+/*
+ * Curl_auth_gssapi_cleanup()
+ *
+ * This is used to clean up the GSSAPI (Kerberos V5) specific data.
+ *
+ * Parameters:
+ *
+ * krb5 [in/out] - The Kerberos 5 data struct being cleaned up.
+ *
+ */
+void Curl_auth_gssapi_cleanup(struct kerberos5data *krb5)
+{
+ /* Free our security context */
+ if(krb5->context) {
+ s_pSecFn->DeleteSecurityContext(krb5->context);
+ free(krb5->context);
+ krb5->context = NULL;
+ }
+
+ /* Free our credentials handle */
+ if(krb5->credentials) {
+ s_pSecFn->FreeCredentialsHandle(krb5->credentials);
+ free(krb5->credentials);
+ krb5->credentials = NULL;
+ }
+
+ /* Free our identity */
+ Curl_sspi_free_identity(krb5->p_identity);
+ krb5->p_identity = NULL;
+
+ /* Free the SPN and output token */
+ Curl_safefree(krb5->spn);
+ Curl_safefree(krb5->output_token);
+
+ /* Reset any variables */
+ krb5->token_max = 0;
+}
+
+#endif /* USE_WINDOWS_SSPI && USE_KERBEROS5*/
diff --git a/libs/libcurl/src/curl_ntlm_msgs.c b/libs/libcurl/src/vauth/ntlm.c
index bc88feadb6..1e0d4792e7 100644
--- a/libs/libcurl/src/curl_ntlm_msgs.c
+++ b/libs/libcurl/src/vauth/ntlm.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,13 +22,13 @@
#include "curl_setup.h"
-#ifdef USE_NTLM
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
/*
* NTLM details:
*
- * http://davenport.sourceforge.net/ntlm.html
- * http://www.innovation.ch/java/ntlm.html
+ * https://davenport.sourceforge.io/ntlm.html
+ * https://www.innovation.ch/java/ntlm.html
*/
#define DEBUG_ME 0
@@ -41,21 +41,23 @@
#include "curl_gethostname.h"
#include "curl_multibyte.h"
#include "warnless.h"
-#include "curl_memory.h"
+#include "rand.h"
+#include "vtls/vtls.h"
-#ifdef USE_WINDOWS_SSPI
-# include "curl_sspi.h"
+/* SSL backend-specific #if branches in this file must be kept in the order
+ documented in curl_ntlm_core. */
+#if defined(NTLM_NEEDS_NSS_INIT)
+#include "vtls/nssg.h" /* for Curl_nss_force_init() */
#endif
-#include "sslgen.h"
-
#define BUILDING_CURL_NTLM_MSGS_C
-#include "curl_ntlm_msgs.h"
+#include "vauth/vauth.h"
+#include "vauth/ntlm.h"
+#include "curl_endian.h"
+#include "curl_printf.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
-/* The last #include file should be: */
+/* The last #include files should be: */
+#include "curl_memory.h"
#include "memdebug.h"
/* "NTLMSSP" signature is always in ASCII regardless of the platform */
@@ -138,7 +140,9 @@ static void ntlm_print_flags(FILE *handle, unsigned long flags)
static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
{
const char *p = buf;
- (void)handle;
+
+ (void) handle;
+
fprintf(stderr, "0x");
while(len-- > 0)
fprintf(stderr, "%02.2x", (unsigned int)*p++);
@@ -147,19 +151,57 @@ static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
# define DEBUG_OUT(x) Curl_nop_stmt
#endif
-#ifndef USE_WINDOWS_SSPI
/*
- * This function converts from the little endian format used in the
- * incoming package to whatever endian format we're using natively.
- * Argument is a pointer to a 4 byte buffer.
+ * ntlm_decode_type2_target()
+ *
+ * This is used to decode the "target info" in the NTLM type-2 message
+ * received.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * buffer [in] - The decoded type-2 message.
+ * size [in] - The input buffer size, at least 32 bytes.
+ * ntlm [in/out] - The NTLM data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
*/
-static unsigned int readint_le(unsigned char *buf)
+static CURLcode ntlm_decode_type2_target(struct Curl_easy *data,
+ unsigned char *buffer,
+ size_t size,
+ struct ntlmdata *ntlm)
{
- return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
- ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
-}
+ unsigned short target_info_len = 0;
+ unsigned int target_info_offset = 0;
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) data;
#endif
+ if(size >= 48) {
+ target_info_len = Curl_read16_le(&buffer[40]);
+ target_info_offset = Curl_read32_le(&buffer[44]);
+ if(target_info_len > 0) {
+ if(((target_info_offset + target_info_len) > size) ||
+ (target_info_offset < 48)) {
+ infof(data, "NTLM handshake failure (bad type-2 message). "
+ "Target Info Offset Len is set incorrect by the peer\n");
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ ntlm->target_info = malloc(target_info_len);
+ if(!ntlm->target_info)
+ return CURLE_OUT_OF_MEMORY;
+
+ memcpy(ntlm->target_info, &buffer[target_info_offset], target_info_len);
+ }
+ }
+
+ ntlm->target_info_len = target_info_len;
+
+ return CURLE_OK;
+}
+
/*
NTLM message structure notes:
@@ -177,29 +219,40 @@ static unsigned int readint_le(unsigned char *buf)
*/
/*
- * Curl_ntlm_decode_type2_message()
+ * Curl_auth_is_ntlm_supported()
*
- * This is used to decode a ntlm type-2 message received from a HTTP or SASL
- * based (such as SMTP, POP3 or IMAP) server. The message is first decoded
- * from a base64 string into a raw ntlm message and checked for validity
- * before the appropriate data for creating a type-3 message is written to
- * the given ntlm data structure.
+ * This is used to evaluate if NTLM is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE as NTLM as handled by libcurl.
+ */
+bool Curl_auth_is_ntlm_supported(void)
+{
+ return TRUE;
+}
+
+/*
+ * Curl_auth_decode_ntlm_type2_message()
+ *
+ * This is used to decode an already encoded NTLM type-2 message. The message
+ * is first decoded from a base64 string into a raw NTLM message and checked
+ * for validity before the appropriate data for creating a type-3 message is
+ * written to the given NTLM data structure.
*
* Parameters:
*
- * data [in] - Pointer to session handle.
- * header [in] - Pointer to the input buffer.
- * ntlm [in] - Pointer to ntlm data struct being used and modified.
+ * data [in] - The session handle.
+ * type2msg [in] - The base64 encoded type-2 message.
+ * ntlm [in/out] - The NTLM data struct being used and modified.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
- const char* header,
- struct ntlmdata* ntlm)
+CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
+ const char *type2msg,
+ struct ntlmdata *ntlm)
{
-#ifndef USE_WINDOWS_SSPI
static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
-#endif
/* NTLM type-2 message structure:
@@ -217,45 +270,54 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
(*) -> Optional
*/
- size_t size = 0;
- unsigned char *buffer = NULL;
- CURLcode error;
+ CURLcode result = CURLE_OK;
+ unsigned char *type2 = NULL;
+ size_t type2_len = 0;
-#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_WINDOWS_SSPI)
+#if defined(NTLM_NEEDS_NSS_INIT)
+ /* Make sure the crypto backend is initialized */
+ result = Curl_nss_force_init(data);
+ if(result)
+ return result;
+#elif defined(CURL_DISABLE_VERBOSE_STRINGS)
(void)data;
#endif
- error = Curl_base64_decode(header, &buffer, &size);
- if(error)
- return error;
-
- if(!buffer) {
- infof(data, "NTLM handshake failure (unhandled condition)\n");
- return CURLE_REMOTE_ACCESS_DENIED;
+ /* Decode the base-64 encoded type-2 message */
+ if(strlen(type2msg) && *type2msg != '=') {
+ result = Curl_base64_decode(type2msg, &type2, &type2_len);
+ if(result)
+ return result;
}
-#ifdef USE_WINDOWS_SSPI
- ntlm->type_2 = malloc(size + 1);
- if(ntlm->type_2 == NULL) {
- free(buffer);
- return CURLE_OUT_OF_MEMORY;
+ /* Ensure we have a valid type-2 message */
+ if(!type2) {
+ infof(data, "NTLM handshake failure (empty type-2 message)\n");
+ return CURLE_BAD_CONTENT_ENCODING;
}
- ntlm->n_type_2 = curlx_uztoul(size);
- memcpy(ntlm->type_2, buffer, size);
-#else
+
ntlm->flags = 0;
- if((size < 32) ||
- (memcmp(buffer, NTLMSSP_SIGNATURE, 8) != 0) ||
- (memcmp(buffer + 8, type2_marker, sizeof(type2_marker)) != 0)) {
+ if((type2_len < 32) ||
+ (memcmp(type2, NTLMSSP_SIGNATURE, 8) != 0) ||
+ (memcmp(type2 + 8, type2_marker, sizeof(type2_marker)) != 0)) {
/* This was not a good enough type-2 message */
- free(buffer);
+ free(type2);
infof(data, "NTLM handshake failure (bad type-2 message)\n");
- return CURLE_REMOTE_ACCESS_DENIED;
+ return CURLE_BAD_CONTENT_ENCODING;
}
- ntlm->flags = readint_le(&buffer[20]);
- memcpy(ntlm->nonce, &buffer[24], 8);
+ ntlm->flags = Curl_read32_le(&type2[20]);
+ memcpy(ntlm->nonce, &type2[24], 8);
+
+ if(ntlm->flags & NTLMFLAG_NEGOTIATE_TARGET_INFO) {
+ result = ntlm_decode_type2_target(data, type2, type2_len, ntlm);
+ if(result) {
+ free(type2);
+ infof(data, "NTLM handshake failure (bad type-2 message)\n");
+ return result;
+ }
+ }
DEBUG_OUT({
fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
@@ -265,35 +327,15 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
fprintf(stderr, "\n****\n");
fprintf(stderr, "**** Header %s\n ", header);
});
-#endif
- free(buffer);
- return CURLE_OK;
-}
+ free(type2);
-#ifdef USE_WINDOWS_SSPI
-void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
-{
- Curl_safefree(ntlm->type_2);
- if(ntlm->has_handles) {
- s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
- s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
- ntlm->has_handles = 0;
- }
- if(ntlm->p_identity) {
- Curl_safefree(ntlm->identity.User);
- Curl_safefree(ntlm->identity.Password);
- Curl_safefree(ntlm->identity.Domain);
- ntlm->p_identity = NULL;
- }
+ return result;
}
-#endif
-#ifndef USE_WINDOWS_SSPI
/* copy the source to the destination and fill in zeroes in every
other destination byte! */
-static void unicodecpy(unsigned char *dest,
- const char *src, size_t length)
+static void unicodecpy(unsigned char *dest, const char *src, size_t length)
{
size_t i;
for(i = 0; i < length; i++) {
@@ -301,31 +343,30 @@ static void unicodecpy(unsigned char *dest,
dest[2 * i + 1] = '\0';
}
}
-#endif
/*
- * Curl_ntlm_create_type1_message()
+ * Curl_auth_create_ntlm_type1_message()
*
* This is used to generate an already encoded NTLM type-1 message ready for
- * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
- * or IMAP) server, using the appropriate compile time crypo API.
+ * sending to the recipient using the appropriate compile time crypto API.
*
* Parameters:
*
+ * data [in] - The session handle.
* userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password.
- * ntlm [in/out] - The ntlm data struct being used and modified.
+ * ntlm [in/out] - The NTLM data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_ntlm_create_type1_message(const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr,
- size_t *outlen)
+CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct ntlmdata *ntlm,
+ char **outptr, size_t *outlen)
{
/* NTLM type-1 message structure:
@@ -341,135 +382,9 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
(*) -> Optional
*/
- unsigned char ntlmbuf[NTLM_BUFSIZE];
size_t size;
-#ifdef USE_WINDOWS_SSPI
-
- SecBuffer buf;
- SecBufferDesc desc;
- SECURITY_STATUS status;
- unsigned long attrs;
- xcharp_u useranddomain;
- xcharp_u user, dup_user;
- xcharp_u domain, dup_domain;
- xcharp_u passwd, dup_passwd;
- size_t domlen = 0;
- TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
-
- domain.const_tchar_ptr = TEXT("");
-
- Curl_ntlm_sspi_cleanup(ntlm);
-
- if(userp && *userp) {
-
- /* null initialize ntlm identity's data to allow proper cleanup */
- ntlm->p_identity = &ntlm->identity;
- memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
-
- useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
- if(!useranddomain.tchar_ptr)
- return CURLE_OUT_OF_MEMORY;
-
- user.const_tchar_ptr = wcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
- if(!user.const_tchar_ptr)
- user.const_tchar_ptr = wcschr(useranddomain.const_tchar_ptr, TEXT('/'));
-
- if(user.tchar_ptr) {
- domain.tchar_ptr = useranddomain.tchar_ptr;
- domlen = user.tchar_ptr - useranddomain.tchar_ptr;
- user.tchar_ptr++;
- }
- else {
- user.tchar_ptr = useranddomain.tchar_ptr;
- domain.const_tchar_ptr = TEXT("");
- domlen = 0;
- }
-
- /* setup ntlm identity's user and length */
- dup_user.tchar_ptr = wcsdup(user.tchar_ptr);
- if(!dup_user.tchar_ptr) {
- Curl_unicodefree(useranddomain.tchar_ptr);
- return CURLE_OUT_OF_MEMORY;
- }
- ntlm->identity.User = dup_user.tbyte_ptr;
- ntlm->identity.UserLength = curlx_uztoul(wcslen(dup_user.tchar_ptr));
- dup_user.tchar_ptr = NULL;
-
- /* setup ntlm identity's domain and length */
- dup_domain.tchar_ptr = malloc(sizeof(wchar_t) * (domlen + 1));
- if(!dup_domain.tchar_ptr) {
- Curl_unicodefree(useranddomain.tchar_ptr);
- return CURLE_OUT_OF_MEMORY;
- }
- wcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
- *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
- ntlm->identity.Domain = dup_domain.tbyte_ptr;
- ntlm->identity.DomainLength = curlx_uztoul(domlen);
- dup_domain.tchar_ptr = NULL;
-
- Curl_unicodefree(useranddomain.tchar_ptr);
-
- /* setup ntlm identity's password and length */
- passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
- if(!passwd.tchar_ptr)
- return CURLE_OUT_OF_MEMORY;
- dup_passwd.tchar_ptr = wcsdup(passwd.tchar_ptr);
- if(!dup_passwd.tchar_ptr) {
- Curl_unicodefree(passwd.tchar_ptr);
- return CURLE_OUT_OF_MEMORY;
- }
- ntlm->identity.Password = dup_passwd.tbyte_ptr;
- ntlm->identity.PasswordLength =
- curlx_uztoul(wcslen(dup_passwd.tchar_ptr));
- dup_passwd.tchar_ptr = NULL;
-
- Curl_unicodefree(passwd.tchar_ptr);
-
- /* setup ntlm identity's flags */
- ntlm->identity.Flags = SECFLAG_WINNT_AUTH_IDENTITY;
- }
- else
- ntlm->p_identity = NULL;
-
- status = s_pSecFn->AcquireCredentialsHandle(NULL,
- (wchar_t *) TEXT("NTLM"),
- SECPKG_CRED_OUTBOUND, NULL,
- ntlm->p_identity, NULL, NULL,
- &ntlm->handle, &tsDummy);
- if(status != SEC_E_OK)
- return CURLE_OUT_OF_MEMORY;
-
- desc.ulVersion = SECBUFFER_VERSION;
- desc.cBuffers = 1;
- desc.pBuffers = &buf;
- buf.cbBuffer = NTLM_BUFSIZE;
- buf.BufferType = SECBUFFER_TOKEN;
- buf.pvBuffer = ntlmbuf;
-
- status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
- (wchar_t *) TEXT(""),
- ISC_REQ_CONFIDENTIALITY |
- ISC_REQ_REPLAY_DETECT |
- ISC_REQ_CONNECTION,
- 0, SECURITY_NETWORK_DREP,
- NULL, 0,
- &ntlm->c_handle, &desc,
- &attrs, &tsDummy);
-
- if(status == SEC_I_COMPLETE_AND_CONTINUE ||
- status == SEC_I_CONTINUE_NEEDED)
- s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
- else if(status != SEC_E_OK) {
- s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
- return CURLE_RECV_ERROR;
- }
-
- ntlm->has_handles = 1;
- size = buf.cbBuffer;
-
-#else
-
+ unsigned char ntlmbuf[NTLM_BUFSIZE];
const char *host = ""; /* empty */
const char *domain = ""; /* empty */
size_t hostlen = 0;
@@ -479,9 +394,11 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
domain are empty */
(void)userp;
(void)passwdp;
- (void)ntlm;
-#if USE_NTLM2SESSION
+ /* Clean up any former leftovers and initialise to defaults */
+ Curl_auth_ntlm_cleanup(ntlm);
+
+#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
#else
#define NTLM2FLAG 0
@@ -522,8 +439,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
/* Initial packet length */
size = 32 + hostlen + domlen;
-#endif
-
DEBUG_OUT({
fprintf(stderr, "* TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x "
"0x%08.8x ",
@@ -547,34 +462,33 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
});
/* Return with binary blob encoded into base64 */
- return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+ return Curl_base64_encode(data, (char *)ntlmbuf, size, outptr, outlen);
}
/*
- * Curl_ntlm_create_type3_message()
+ * Curl_auth_create_ntlm_type3_message()
*
* This is used to generate an already encoded NTLM type-3 message ready for
- * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
- * or IMAP) server, using the appropriate compile time crypo API.
+ * sending to the recipient using the appropriate compile time crypto API.
*
* Parameters:
*
* data [in] - The session handle.
* userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password.
- * ntlm [in/out] - The ntlm data struct being used and modified.
+ * ntlm [in/out] - The NTLM data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
-CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
- const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr,
- size_t *outlen)
+CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct ntlmdata *ntlm,
+ char **outptr, size_t *outlen)
+
{
/* NTLM type-3 message structure:
@@ -594,58 +508,17 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
(*) -> Optional
*/
- unsigned char ntlmbuf[NTLM_BUFSIZE];
+ CURLcode result = CURLE_OK;
size_t size;
-
-#ifdef USE_WINDOWS_SSPI
- SecBuffer type_2;
- SecBuffer type_3;
- SecBufferDesc type_2_desc;
- SecBufferDesc type_3_desc;
- SECURITY_STATUS status;
- unsigned long attrs;
- TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
-
- (void)passwdp;
- (void)userp;
- (void)data;
-
- type_2_desc.ulVersion = type_3_desc.ulVersion = SECBUFFER_VERSION;
- type_2_desc.cBuffers = type_3_desc.cBuffers = 1;
- type_2_desc.pBuffers = &type_2;
- type_3_desc.pBuffers = &type_3;
-
- type_2.BufferType = SECBUFFER_TOKEN;
- type_2.pvBuffer = ntlm->type_2;
- type_2.cbBuffer = ntlm->n_type_2;
- type_3.BufferType = SECBUFFER_TOKEN;
- type_3.pvBuffer = ntlmbuf;
- type_3.cbBuffer = NTLM_BUFSIZE;
-
- status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
- &ntlm->c_handle,
- (wchar_t *) TEXT(""),
- ISC_REQ_CONFIDENTIALITY |
- ISC_REQ_REPLAY_DETECT |
- ISC_REQ_CONNECTION,
- 0, SECURITY_NETWORK_DREP,
- &type_2_desc,
- 0, &ntlm->c_handle,
- &type_3_desc,
- &attrs, &tsDummy);
- if(status != SEC_E_OK)
- return CURLE_RECV_ERROR;
-
- size = type_3.cbBuffer;
-
- Curl_ntlm_sspi_cleanup(ntlm);
-
-#else
+ unsigned char ntlmbuf[NTLM_BUFSIZE];
int lmrespoff;
unsigned char lmresp[24]; /* fixed-size */
-#if USE_NTRESPONSES
+#ifdef USE_NTRESPONSES
int ntrespoff;
+ unsigned int ntresplen = 24;
unsigned char ntresp[24]; /* fixed-size */
+ unsigned char *ptr_ntresp = &ntresp[0];
+ unsigned char *ntlmv2resp = NULL;
#endif
bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
char host[HOSTNAME_MAX + 1] = "";
@@ -657,7 +530,6 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
size_t hostlen = 0;
size_t userlen = 0;
size_t domlen = 0;
- CURLcode res;
user = strchr(userp, '\\');
if(!user)
@@ -671,8 +543,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
else
user = userp;
- if(user)
- userlen = strlen(user);
+ userlen = strlen(user);
/* Get the machine's un-qualified host name as NTLM doesn't like the fully
qualified domain name */
@@ -684,13 +555,43 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
hostlen = strlen(host);
}
- if(unicode) {
- domlen = domlen * 2;
- userlen = userlen * 2;
- hostlen = hostlen * 2;
+#if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
+ if(ntlm->target_info_len) {
+ unsigned char ntbuffer[0x18];
+ unsigned char entropy[8];
+ unsigned char ntlmv2hash[0x18];
+
+ result = Curl_rand(data, entropy, 8);
+ if(result)
+ return result;
+
+ result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
+ if(result)
+ return result;
+
+ result = Curl_ntlm_core_mk_ntlmv2_hash(user, userlen, domain, domlen,
+ ntbuffer, ntlmv2hash);
+ if(result)
+ return result;
+
+ /* LMv2 response */
+ result = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, entropy,
+ &ntlm->nonce[0], lmresp);
+ if(result)
+ return result;
+
+ /* NTLMv2 response */
+ result = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, entropy,
+ ntlm, &ntlmv2resp, &ntresplen);
+ if(result)
+ return result;
+
+ ptr_ntresp = ntlmv2resp;
}
+ else
+#endif
-#if USE_NTLM2SESSION
+#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
/* We don't support NTLM2 if we don't have USE_NTRESPONSES */
if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
unsigned char ntbuffer[0x18];
@@ -699,7 +600,9 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
unsigned char entropy[8];
/* Need to create 8 bytes random data */
- Curl_ssl_random(data, entropy, sizeof(entropy));
+ result = Curl_rand(data, entropy, 8);
+ if(result)
+ return result;
/* 8 bytes random data as challenge in lmresp */
memcpy(lmresp, entropy, 8);
@@ -711,44 +614,57 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
memcpy(tmp, &ntlm->nonce[0], 8);
memcpy(tmp + 8, entropy, 8);
- Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);
+ result = Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);
+ if(!result)
+ /* We shall only use the first 8 bytes of md5sum, but the des code in
+ Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
+ result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
+ if(result)
+ return result;
- /* We shall only use the first 8 bytes of md5sum, but the des
- code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
- if(CURLE_OUT_OF_MEMORY ==
- Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
- return CURLE_OUT_OF_MEMORY;
Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp);
/* End of NTLM2 Session code */
+
}
else
#endif
{
-#if USE_NTRESPONSES
+#ifdef USE_NTRESPONSES
unsigned char ntbuffer[0x18];
#endif
unsigned char lmbuffer[0x18];
-#if USE_NTRESPONSES
- if(CURLE_OUT_OF_MEMORY ==
- Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
- return CURLE_OUT_OF_MEMORY;
+#ifdef USE_NTRESPONSES
+ result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
+ if(result)
+ return result;
+
Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp);
#endif
- Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer);
+ result = Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer);
+ if(result)
+ return result;
+
Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
+
/* A safer but less compatible alternative is:
* Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
- * See http://davenport.sourceforge.net/ntlm.html#ntlmVersion2 */
+ * See https://davenport.sourceforge.io/ntlm.html#ntlmVersion2 */
+ }
+
+ if(unicode) {
+ domlen = domlen * 2;
+ userlen = userlen * 2;
+ hostlen = hostlen * 2;
}
lmrespoff = 64; /* size of the message header */
-#if USE_NTRESPONSES
+#ifdef USE_NTRESPONSES
ntrespoff = lmrespoff + 0x18;
- domoff = ntrespoff + 0x18;
+ domoff = ntrespoff + ntresplen;
#else
domoff = lmrespoff + 0x18;
#endif
@@ -806,9 +722,9 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
SHORTPAIR(lmrespoff),
0x0, 0x0,
-#if USE_NTRESPONSES
- SHORTPAIR(0x18), /* NT-response length, twice */
- SHORTPAIR(0x18),
+#ifdef USE_NTRESPONSES
+ SHORTPAIR(ntresplen), /* NT-response length, twice */
+ SHORTPAIR(ntresplen),
SHORTPAIR(ntrespoff),
0x0, 0x0,
#else
@@ -853,18 +769,20 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
});
-#if USE_NTRESPONSES
- if(size < (NTLM_BUFSIZE - 0x18)) {
+#ifdef USE_NTRESPONSES
+ if(size < (NTLM_BUFSIZE - ntresplen)) {
DEBUGASSERT(size == (size_t)ntrespoff);
- memcpy(&ntlmbuf[size], ntresp, 0x18);
- size += 0x18;
+ memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+ size += ntresplen;
}
DEBUG_OUT({
fprintf(stderr, "\n ntresp=");
- ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
+ ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], ntresplen);
});
+ free(ntlmv2resp);/* Free the dynamic buffer allocated for NTLMv2 */
+
#endif
DEBUG_OUT({
@@ -906,15 +824,36 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
size += hostlen;
/* Convert domain, user, and host to ASCII but leave the rest as-is */
- res = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff],
- size - domoff);
- if(res)
+ result = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff],
+ size - domoff);
+ if(result)
return CURLE_CONV_FAILED;
-#endif
-
/* Return with binary blob encoded into base64 */
- return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+ result = Curl_base64_encode(data, (char *)ntlmbuf, size, outptr, outlen);
+
+ Curl_auth_ntlm_cleanup(ntlm);
+
+ return result;
+}
+
+/*
+* Curl_auth_ntlm_cleanup()
+*
+* This is used to clean up the NTLM specific data.
+*
+* Parameters:
+*
+* ntlm [in/out] - The NTLM data struct being cleaned up.
+*
+*/
+void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm)
+{
+ /* Free the target info */
+ Curl_safefree(ntlm->target_info);
+
+ /* Reset any variables */
+ ntlm->target_info_len = 0;
}
-#endif /* USE_NTLM */
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
diff --git a/libs/libcurl/src/curl_ntlm_msgs.h b/libs/libcurl/src/vauth/ntlm.h
index e7d185dea5..f906a3c7a7 100644
--- a/libs/libcurl/src/curl_ntlm_msgs.h
+++ b/libs/libcurl/src/vauth/ntlm.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_NTLM_MSGS_H
-#define HEADER_CURL_NTLM_MSGS_H
+#ifndef HEADER_CURL_NTLM_H
+#define HEADER_CURL_NTLM_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -26,40 +26,13 @@
#ifdef USE_NTLM
-/* This is to generate a base64 encoded NTLM type-1 message */
-CURLcode Curl_ntlm_create_type1_message(const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr,
- size_t *outlen);
-
-/* This is to generate a base64 encoded NTLM type-3 message */
-CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
- const char *userp,
- const char *passwdp,
- struct ntlmdata *ntlm,
- char **outptr,
- size_t *outlen);
-
-/* This is to decode a NTLM type-2 message */
-CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
- const char* header,
- struct ntlmdata* ntlm);
-
-/* This is to clean up the ntlm data structure */
-#ifdef USE_WINDOWS_SSPI
-void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
-#else
-#define Curl_ntlm_sspi_cleanup(x)
-#endif
-
/* NTLM buffer fixed size, large enough for long user + host + domain */
#define NTLM_BUFSIZE 1024
/* Stuff only required for curl_ntlm_msgs.c */
#ifdef BUILDING_CURL_NTLM_MSGS_C
-/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
+/* Flag bits definitions based on https://davenport.sourceforge.io/ntlm.html */
#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0)
/* Indicates that Unicode strings are supported for use in security buffer
@@ -163,16 +136,8 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
#define NTLMFLAG_NEGOTIATE_56 (1<<31)
/* Indicates that 56-bit encryption is supported. */
-#ifdef UNICODE
-# define SECFLAG_WINNT_AUTH_IDENTITY \
- (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
-#else
-# define SECFLAG_WINNT_AUTH_IDENTITY \
- (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
-#endif
-
#endif /* BUILDING_CURL_NTLM_MSGS_C */
#endif /* USE_NTLM */
-#endif /* HEADER_CURL_NTLM_MSGS_H */
+#endif /* HEADER_CURL_NTLM_H */
diff --git a/libs/libcurl/src/vauth/ntlm_sspi.c b/libs/libcurl/src/vauth/ntlm_sspi.c
new file mode 100644
index 0000000000..e748ce3b67
--- /dev/null
+++ b/libs/libcurl/src/vauth/ntlm_sspi.c
@@ -0,0 +1,338 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_WINDOWS_SSPI) && defined(USE_NTLM)
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "curl_ntlm_core.h"
+#include "warnless.h"
+#include "curl_multibyte.h"
+#include "sendf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_is_ntlm_supported()
+ *
+ * This is used to evaluate if NTLM is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE if NTLM is supported by Windows SSPI.
+ */
+bool Curl_auth_is_ntlm_supported(void)
+{
+ PSecPkgInfo SecurityPackage;
+ SECURITY_STATUS status;
+
+ /* Query the security package for NTLM */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
+ &SecurityPackage);
+
+ return (status == SEC_E_OK ? TRUE : FALSE);
+}
+
+/*
+ * Curl_auth_create_ntlm_type1_message()
+ *
+ * This is used to generate an already encoded NTLM type-1 message ready for
+ * sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * ntlm [in/out] - The NTLM data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct ntlmdata *ntlm,
+ char **outptr, size_t *outlen)
+{
+ PSecPkgInfo SecurityPackage;
+ SecBuffer type_1_buf;
+ SecBufferDesc type_1_desc;
+ SECURITY_STATUS status;
+ unsigned long attrs;
+ TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+
+ /* Clean up any former leftovers and initialise to defaults */
+ Curl_auth_ntlm_cleanup(ntlm);
+
+ /* Query the security package for NTLM */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
+ &SecurityPackage);
+ if(status != SEC_E_OK)
+ return CURLE_NOT_BUILT_IN;
+
+ ntlm->token_max = SecurityPackage->cbMaxToken;
+
+ /* Release the package buffer as it is not required anymore */
+ s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+ /* Allocate our output buffer */
+ ntlm->output_token = malloc(ntlm->token_max);
+ if(!ntlm->output_token)
+ return CURLE_OUT_OF_MEMORY;
+
+ if(userp && *userp) {
+ CURLcode result;
+
+ /* Populate our identity structure */
+ result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
+ if(result)
+ return result;
+
+ /* Allow proper cleanup of the identity structure */
+ ntlm->p_identity = &ntlm->identity;
+ }
+ else
+ /* Use the current Windows user */
+ ntlm->p_identity = NULL;
+
+ /* Allocate our credentials handle */
+ ntlm->credentials = malloc(sizeof(CredHandle));
+ if(!ntlm->credentials)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(ntlm->credentials, 0, sizeof(CredHandle));
+
+ /* Acquire our credentials handle */
+ status = s_pSecFn->AcquireCredentialsHandle(NULL,
+ (TCHAR *) TEXT(SP_NAME_NTLM),
+ SECPKG_CRED_OUTBOUND, NULL,
+ ntlm->p_identity, NULL, NULL,
+ ntlm->credentials, &expiry);
+ if(status != SEC_E_OK)
+ return CURLE_LOGIN_DENIED;
+
+ /* Allocate our new context handle */
+ ntlm->context = malloc(sizeof(CtxtHandle));
+ if(!ntlm->context)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(ntlm->context, 0, sizeof(CtxtHandle));
+
+ /* Setup the type-1 "output" security buffer */
+ type_1_desc.ulVersion = SECBUFFER_VERSION;
+ type_1_desc.cBuffers = 1;
+ type_1_desc.pBuffers = &type_1_buf;
+ type_1_buf.BufferType = SECBUFFER_TOKEN;
+ type_1_buf.pvBuffer = ntlm->output_token;
+ type_1_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
+
+ /* Generate our type-1 message */
+ status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
+ (TCHAR *) TEXT(""),
+ 0, 0, SECURITY_NETWORK_DREP,
+ NULL, 0,
+ ntlm->context, &type_1_desc,
+ &attrs, &expiry);
+ if(status == SEC_I_COMPLETE_NEEDED ||
+ status == SEC_I_COMPLETE_AND_CONTINUE)
+ s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
+ else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
+ return CURLE_RECV_ERROR;
+
+ /* Base64 encode the response */
+ return Curl_base64_encode(data, (char *) ntlm->output_token,
+ type_1_buf.cbBuffer, outptr, outlen);
+}
+
+/*
+ * Curl_auth_decode_ntlm_type2_message()
+ *
+ * This is used to decode an already encoded NTLM type-2 message.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * type2msg [in] - The base64 encoded type-2 message.
+ * ntlm [in/out] - The NTLM data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
+ const char *type2msg,
+ struct ntlmdata *ntlm)
+{
+ CURLcode result = CURLE_OK;
+ unsigned char *type2 = NULL;
+ size_t type2_len = 0;
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) data;
+#endif
+
+ /* Decode the base-64 encoded type-2 message */
+ if(strlen(type2msg) && *type2msg != '=') {
+ result = Curl_base64_decode(type2msg, &type2, &type2_len);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid type-2 message */
+ if(!type2) {
+ infof(data, "NTLM handshake failure (empty type-2 message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Simply store the challenge for use later */
+ ntlm->input_token = type2;
+ ntlm->input_token_len = type2_len;
+
+ return result;
+}
+
+/*
+* Curl_auth_create_ntlm_type3_message()
+ * Curl_auth_create_ntlm_type3_message()
+ *
+ * This is used to generate an already encoded NTLM type-3 message ready for
+ * sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * ntlm [in/out] - The NTLM data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct ntlmdata *ntlm,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ SecBuffer type_2_buf;
+ SecBuffer type_3_buf;
+ SecBufferDesc type_2_desc;
+ SecBufferDesc type_3_desc;
+ SECURITY_STATUS status;
+ unsigned long attrs;
+ TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+
+ (void) passwdp;
+ (void) userp;
+
+ /* Setup the type-2 "input" security buffer */
+ type_2_desc.ulVersion = SECBUFFER_VERSION;
+ type_2_desc.cBuffers = 1;
+ type_2_desc.pBuffers = &type_2_buf;
+ type_2_buf.BufferType = SECBUFFER_TOKEN;
+ type_2_buf.pvBuffer = ntlm->input_token;
+ type_2_buf.cbBuffer = curlx_uztoul(ntlm->input_token_len);
+
+ /* Setup the type-3 "output" security buffer */
+ type_3_desc.ulVersion = SECBUFFER_VERSION;
+ type_3_desc.cBuffers = 1;
+ type_3_desc.pBuffers = &type_3_buf;
+ type_3_buf.BufferType = SECBUFFER_TOKEN;
+ type_3_buf.pvBuffer = ntlm->output_token;
+ type_3_buf.cbBuffer = curlx_uztoul(ntlm->token_max);
+
+ /* Generate our type-3 message */
+ status = s_pSecFn->InitializeSecurityContext(ntlm->credentials,
+ ntlm->context,
+ (TCHAR *) TEXT(""),
+ 0, 0, SECURITY_NETWORK_DREP,
+ &type_2_desc,
+ 0, ntlm->context,
+ &type_3_desc,
+ &attrs, &expiry);
+ if(status != SEC_E_OK) {
+ infof(data, "NTLM handshake failure (type-3 message): Status=%x\n",
+ status);
+
+ return CURLE_RECV_ERROR;
+ }
+
+ /* Base64 encode the response */
+ result = Curl_base64_encode(data, (char *) ntlm->output_token,
+ type_3_buf.cbBuffer, outptr, outlen);
+
+ Curl_auth_ntlm_cleanup(ntlm);
+
+ return result;
+}
+
+/*
+ * Curl_auth_ntlm_cleanup()
+ *
+ * This is used to clean up the NTLM specific data.
+ *
+ * Parameters:
+ *
+ * ntlm [in/out] - The NTLM data struct being cleaned up.
+ *
+ */
+void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm)
+{
+ /* Free our security context */
+ if(ntlm->context) {
+ s_pSecFn->DeleteSecurityContext(ntlm->context);
+ free(ntlm->context);
+ ntlm->context = NULL;
+ }
+
+ /* Free our credentials handle */
+ if(ntlm->credentials) {
+ s_pSecFn->FreeCredentialsHandle(ntlm->credentials);
+ free(ntlm->credentials);
+ ntlm->credentials = NULL;
+ }
+
+ /* Free our identity */
+ Curl_sspi_free_identity(ntlm->p_identity);
+ ntlm->p_identity = NULL;
+
+ /* Free the input and output tokens */
+ Curl_safefree(ntlm->input_token);
+ Curl_safefree(ntlm->output_token);
+
+ /* Reset any variables */
+ ntlm->token_max = 0;
+}
+
+#endif /* USE_WINDOWS_SSPI && USE_NTLM */
diff --git a/libs/libcurl/src/vauth/oauth2.c b/libs/libcurl/src/vauth/oauth2.c
new file mode 100644
index 0000000000..6288f89a38
--- /dev/null
+++ b/libs/libcurl/src/vauth/oauth2.c
@@ -0,0 +1,86 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC6749 OAuth 2.0 Authorization Framework
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+#include "urldata.h"
+
+#include "vauth/vauth.h"
+#include "curl_base64.h"
+#include "warnless.h"
+#include "curl_printf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_create_oauth_bearer_message()
+ *
+ * This is used to generate an already encoded OAuth 2.0 message ready for
+ * sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data[in] - The session handle.
+ * user[in] - The user name.
+ * host[in] - The host name(for OAUTHBEARER).
+ * port[in] - The port(for OAUTHBEARER when not Port 80).
+ * bearer[in] - The bearer token.
+ * outptr[in / out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen[out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
+ const char *user,
+ const char *host,
+ const long port,
+ const char *bearer,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+ char *oauth = NULL;
+
+ /* Generate the message */
+ if(host == NULL && (port == 0 || port == 80))
+ oauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
+ else if(port == 0 || port == 80)
+ oauth = aprintf("user=%s\1host=%s\1auth=Bearer %s\1\1", user, host,
+ bearer);
+ else
+ oauth = aprintf("user=%s\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user,
+ host, port, bearer);
+ if(!oauth)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Base64 encode the reply */
+ result = Curl_base64_encode(data, oauth, strlen(oauth), outptr, outlen);
+
+ free(oauth);
+
+ return result;
+}
diff --git a/libs/libcurl/src/vauth/spnego_gssapi.c b/libs/libcurl/src/vauth/spnego_gssapi.c
new file mode 100644
index 0000000000..5196c27049
--- /dev/null
+++ b/libs/libcurl/src/vauth/spnego_gssapi.c
@@ -0,0 +1,278 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC4178 Simple and Protected GSS-API Negotiation Mechanism
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(HAVE_GSSAPI) && defined(USE_SPNEGO)
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "curl_gssapi.h"
+#include "warnless.h"
+#include "curl_multibyte.h"
+#include "sendf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_is_spnego_supported()
+ *
+ * This is used to evaluate if SPNEGO (Negotiate) is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE if Negotiate supported by the GSS-API library.
+ */
+bool Curl_auth_is_spnego_supported(void)
+{
+ return TRUE;
+}
+
+/*
+ * Curl_auth_decode_spnego_message()
+ *
+ * This is used to decode an already encoded SPNEGO (Negotiate) challenge
+ * message.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * host [in] - The host name.
+ * chlg64 [in] - The optional base64 encoded challenge message.
+ * nego [in/out] - The Negotiate data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
+ const char *user,
+ const char *password,
+ const char *service,
+ const char *host,
+ const char *chlg64,
+ struct negotiatedata *nego)
+{
+ CURLcode result = CURLE_OK;
+ size_t chlglen = 0;
+ unsigned char *chlg = NULL;
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+ OM_uint32 unused_status;
+ gss_buffer_desc spn_token = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
+
+ (void) user;
+ (void) password;
+
+ if(nego->context && nego->status == GSS_S_COMPLETE) {
+ /* We finished successfully our part of authentication, but server
+ * rejected it (since we're again here). Exit with an error since we
+ * can't invent anything better */
+ Curl_auth_spnego_cleanup(nego);
+ return CURLE_LOGIN_DENIED;
+ }
+
+ if(!nego->spn) {
+ /* Generate our SPN */
+ char *spn = Curl_auth_build_spn(service, NULL, host);
+ if(!spn)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Populate the SPN structure */
+ spn_token.value = spn;
+ spn_token.length = strlen(spn);
+
+ /* Import the SPN */
+ major_status = gss_import_name(&minor_status, &spn_token,
+ GSS_C_NT_HOSTBASED_SERVICE,
+ &nego->spn);
+ if(GSS_ERROR(major_status)) {
+ Curl_gss_log_error(data, "gss_import_name() failed: ",
+ major_status, minor_status);
+
+ free(spn);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ free(spn);
+ }
+
+ if(chlg64 && *chlg64) {
+ /* Decode the base-64 encoded challenge message */
+ if(*chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!chlg) {
+ infof(data, "SPNEGO handshake failure (empty challenge message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Setup the challenge "input" security buffer */
+ input_token.value = chlg;
+ input_token.length = chlglen;
+ }
+
+ /* Generate our challenge-response message */
+ major_status = Curl_gss_init_sec_context(data,
+ &minor_status,
+ &nego->context,
+ nego->spn,
+ &Curl_spnego_mech_oid,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &input_token,
+ &output_token,
+ TRUE,
+ NULL);
+
+ /* Free the decoded challenge as it is not required anymore */
+ Curl_safefree(input_token.value);
+
+ nego->status = major_status;
+ if(GSS_ERROR(major_status)) {
+ if(output_token.value)
+ gss_release_buffer(&unused_status, &output_token);
+
+ Curl_gss_log_error(data, "gss_init_sec_context() failed: ",
+ major_status, minor_status);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!output_token.value || !output_token.length) {
+ if(output_token.value)
+ gss_release_buffer(&unused_status, &output_token);
+
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* Free previous token */
+ if(nego->output_token.length && nego->output_token.value)
+ gss_release_buffer(&unused_status, &nego->output_token);
+
+ nego->output_token = output_token;
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_create_spnego_message()
+ *
+ * This is used to generate an already encoded SPNEGO (Negotiate) response
+ * message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * nego [in/out] - The Negotiate data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
+ struct negotiatedata *nego,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result;
+ OM_uint32 minor_status;
+
+ /* Base64 encode the already generated response */
+ result = Curl_base64_encode(data,
+ nego->output_token.value,
+ nego->output_token.length,
+ outptr, outlen);
+
+ if(result) {
+ gss_release_buffer(&minor_status, &nego->output_token);
+ nego->output_token.value = NULL;
+ nego->output_token.length = 0;
+
+ return result;
+ }
+
+ if(!*outptr || !*outlen) {
+ gss_release_buffer(&minor_status, &nego->output_token);
+ nego->output_token.value = NULL;
+ nego->output_token.length = 0;
+
+ return CURLE_REMOTE_ACCESS_DENIED;
+ }
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_spnego_cleanup()
+ *
+ * This is used to clean up the SPNEGO (Negotiate) specific data.
+ *
+ * Parameters:
+ *
+ * nego [in/out] - The Negotiate data struct being cleaned up.
+ *
+ */
+void Curl_auth_spnego_cleanup(struct negotiatedata *nego)
+{
+ OM_uint32 minor_status;
+
+ /* Free our security context */
+ if(nego->context != GSS_C_NO_CONTEXT) {
+ gss_delete_sec_context(&minor_status, &nego->context, GSS_C_NO_BUFFER);
+ nego->context = GSS_C_NO_CONTEXT;
+ }
+
+ /* Free the output token */
+ if(nego->output_token.value) {
+ gss_release_buffer(&minor_status, &nego->output_token);
+ nego->output_token.value = NULL;
+ nego->output_token.length = 0;
+
+ }
+
+ /* Free the SPN */
+ if(nego->spn != GSS_C_NO_NAME) {
+ gss_release_name(&minor_status, &nego->spn);
+ nego->spn = GSS_C_NO_NAME;
+ }
+
+ /* Reset any variables */
+ nego->status = 0;
+}
+
+#endif /* HAVE_GSSAPI && USE_SPNEGO */
diff --git a/libs/libcurl/src/vauth/spnego_sspi.c b/libs/libcurl/src/vauth/spnego_sspi.c
new file mode 100644
index 0000000000..a6797cdaff
--- /dev/null
+++ b/libs/libcurl/src/vauth/spnego_sspi.c
@@ -0,0 +1,324 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC4178 Simple and Protected GSS-API Negotiation Mechanism
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#if defined(USE_WINDOWS_SSPI) && defined(USE_SPNEGO)
+
+#include <curl/curl.h>
+
+#include "vauth/vauth.h"
+#include "urldata.h"
+#include "curl_base64.h"
+#include "warnless.h"
+#include "curl_multibyte.h"
+#include "sendf.h"
+#include "strerror.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_is_spnego_supported()
+ *
+ * This is used to evaluate if SPNEGO (Negotiate) is supported.
+ *
+ * Parameters: None
+ *
+ * Returns TRUE if Negotiate is supported by Windows SSPI.
+ */
+bool Curl_auth_is_spnego_supported(void)
+{
+ PSecPkgInfo SecurityPackage;
+ SECURITY_STATUS status;
+
+ /* Query the security package for Negotiate */
+ status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ TEXT(SP_NAME_NEGOTIATE),
+ &SecurityPackage);
+
+ return (status == SEC_E_OK ? TRUE : FALSE);
+}
+
+/*
+ * Curl_auth_decode_spnego_message()
+ *
+ * This is used to decode an already encoded SPNEGO (Negotiate) challenge
+ * message.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * userp [in] - The user name in the format User or Domain\User.
+ * passdwp [in] - The user's password.
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * host [in] - The host name.
+ * chlg64 [in] - The optional base64 encoded challenge message.
+ * nego [in/out] - The Negotiate data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
+ const char *user,
+ const char *password,
+ const char *service,
+ const char *host,
+ const char *chlg64,
+ struct negotiatedata *nego)
+{
+ CURLcode result = CURLE_OK;
+ size_t chlglen = 0;
+ unsigned char *chlg = NULL;
+ PSecPkgInfo SecurityPackage;
+ SecBuffer chlg_buf;
+ SecBuffer resp_buf;
+ SecBufferDesc chlg_desc;
+ SecBufferDesc resp_desc;
+ unsigned long attrs;
+ TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+ (void) data;
+#endif
+
+ if(nego->context && nego->status == SEC_E_OK) {
+ /* We finished successfully our part of authentication, but server
+ * rejected it (since we're again here). Exit with an error since we
+ * can't invent anything better */
+ Curl_auth_spnego_cleanup(nego);
+ return CURLE_LOGIN_DENIED;
+ }
+
+ if(!nego->spn) {
+ /* Generate our SPN */
+ nego->spn = Curl_auth_build_spn(service, host, NULL);
+ if(!nego->spn)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!nego->output_token) {
+ /* Query the security package for Negotiate */
+ nego->status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
+ TEXT(SP_NAME_NEGOTIATE),
+ &SecurityPackage);
+ if(nego->status != SEC_E_OK)
+ return CURLE_NOT_BUILT_IN;
+
+ nego->token_max = SecurityPackage->cbMaxToken;
+
+ /* Release the package buffer as it is not required anymore */
+ s_pSecFn->FreeContextBuffer(SecurityPackage);
+
+ /* Allocate our output buffer */
+ nego->output_token = malloc(nego->token_max);
+ if(!nego->output_token)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!nego->credentials) {
+ /* Do we have credientials to use or are we using single sign-on? */
+ if(user && *user) {
+ /* Populate our identity structure */
+ result = Curl_create_sspi_identity(user, password, &nego->identity);
+ if(result)
+ return result;
+
+ /* Allow proper cleanup of the identity structure */
+ nego->p_identity = &nego->identity;
+ }
+ else
+ /* Use the current Windows user */
+ nego->p_identity = NULL;
+
+ /* Allocate our credentials handle */
+ nego->credentials = malloc(sizeof(CredHandle));
+ if(!nego->credentials)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(nego->credentials, 0, sizeof(CredHandle));
+
+ /* Acquire our credentials handle */
+ nego->status =
+ s_pSecFn->AcquireCredentialsHandle(NULL,
+ (TCHAR *)TEXT(SP_NAME_NEGOTIATE),
+ SECPKG_CRED_OUTBOUND, NULL,
+ nego->p_identity, NULL, NULL,
+ nego->credentials, &expiry);
+ if(nego->status != SEC_E_OK)
+ return CURLE_LOGIN_DENIED;
+
+ /* Allocate our new context handle */
+ nego->context = malloc(sizeof(CtxtHandle));
+ if(!nego->context)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(nego->context, 0, sizeof(CtxtHandle));
+ }
+
+ if(chlg64 && *chlg64) {
+ /* Decode the base-64 encoded challenge message */
+ if(*chlg64 != '=') {
+ result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+ if(result)
+ return result;
+ }
+
+ /* Ensure we have a valid challenge message */
+ if(!chlg) {
+ infof(data, "SPNEGO handshake failure (empty challenge message)\n");
+
+ return CURLE_BAD_CONTENT_ENCODING;
+ }
+
+ /* Setup the challenge "input" security buffer */
+ chlg_desc.ulVersion = SECBUFFER_VERSION;
+ chlg_desc.cBuffers = 1;
+ chlg_desc.pBuffers = &chlg_buf;
+ chlg_buf.BufferType = SECBUFFER_TOKEN;
+ chlg_buf.pvBuffer = chlg;
+ chlg_buf.cbBuffer = curlx_uztoul(chlglen);
+ }
+
+ /* Setup the response "output" security buffer */
+ resp_desc.ulVersion = SECBUFFER_VERSION;
+ resp_desc.cBuffers = 1;
+ resp_desc.pBuffers = &resp_buf;
+ resp_buf.BufferType = SECBUFFER_TOKEN;
+ resp_buf.pvBuffer = nego->output_token;
+ resp_buf.cbBuffer = curlx_uztoul(nego->token_max);
+
+ /* Generate our challenge-response message */
+ nego->status = s_pSecFn->InitializeSecurityContext(nego->credentials,
+ chlg ? nego->context :
+ NULL,
+ nego->spn,
+ ISC_REQ_CONFIDENTIALITY,
+ 0, SECURITY_NATIVE_DREP,
+ chlg ? &chlg_desc : NULL,
+ 0, nego->context,
+ &resp_desc, &attrs,
+ &expiry);
+
+ /* Free the decoded challenge as it is not required anymore */
+ free(chlg);
+
+ if(GSS_ERROR(nego->status)) {
+ failf(data, "InitializeSecurityContext failed: %s",
+ Curl_sspi_strerror(data->easy_conn, nego->status));
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(nego->status == SEC_I_COMPLETE_NEEDED ||
+ nego->status == SEC_I_COMPLETE_AND_CONTINUE) {
+ nego->status = s_pSecFn->CompleteAuthToken(nego->context, &resp_desc);
+ if(GSS_ERROR(nego->status)) {
+ return CURLE_RECV_ERROR;
+ }
+ }
+
+ nego->output_token_length = resp_buf.cbBuffer;
+
+ return result;
+}
+
+/*
+ * Curl_auth_create_spnego_message()
+ *
+ * This is used to generate an already encoded SPNEGO (Negotiate) response
+ * message ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data [in] - The session handle.
+ * nego [in/out] - The Negotiate data struct being used and modified.
+ * outptr [in/out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
+ struct negotiatedata *nego,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result;
+
+ /* Base64 encode the already generated response */
+ result = Curl_base64_encode(data,
+ (const char *) nego->output_token,
+ nego->output_token_length,
+ outptr, outlen);
+
+ if(result)
+ return result;
+
+ if(!*outptr || !*outlen) {
+ free(*outptr);
+ return CURLE_REMOTE_ACCESS_DENIED;
+ }
+
+ return CURLE_OK;
+}
+
+/*
+ * Curl_auth_spnego_cleanup()
+ *
+ * This is used to clean up the SPNEGO (Negotiate) specific data.
+ *
+ * Parameters:
+ *
+ * nego [in/out] - The Negotiate data struct being cleaned up.
+ *
+ */
+void Curl_auth_spnego_cleanup(struct negotiatedata *nego)
+{
+ /* Free our security context */
+ if(nego->context) {
+ s_pSecFn->DeleteSecurityContext(nego->context);
+ free(nego->context);
+ nego->context = NULL;
+ }
+
+ /* Free our credentials handle */
+ if(nego->credentials) {
+ s_pSecFn->FreeCredentialsHandle(nego->credentials);
+ free(nego->credentials);
+ nego->credentials = NULL;
+ }
+
+ /* Free our identity */
+ Curl_sspi_free_identity(nego->p_identity);
+ nego->p_identity = NULL;
+
+ /* Free the SPN and output token */
+ Curl_safefree(nego->spn);
+ Curl_safefree(nego->output_token);
+
+ /* Reset any variables */
+ nego->status = 0;
+ nego->token_max = 0;
+}
+
+#endif /* USE_WINDOWS_SSPI && USE_SPNEGO */
diff --git a/libs/libcurl/src/vauth/vauth.c b/libs/libcurl/src/vauth/vauth.c
new file mode 100644
index 0000000000..b995f34e27
--- /dev/null
+++ b/libs/libcurl/src/vauth/vauth.c
@@ -0,0 +1,147 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include <curl/curl.h>
+
+#include "vauth.h"
+#include "curl_multibyte.h"
+#include "curl_printf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/*
+ * Curl_auth_build_spn()
+ *
+ * This is used to build a SPN string in the following formats:
+ *
+ * service/host@realm (Not currently used)
+ * service/host (Not used by GSS-API)
+ * service@realm (Not used by Windows SSPI)
+ *
+ * Parameters:
+ *
+ * service [in] - The service type such as http, smtp, pop or imap.
+ * host [in] - The host name.
+ * realm [in] - The realm.
+ *
+ * Returns a pointer to the newly allocated SPN.
+ */
+#if !defined(USE_WINDOWS_SSPI)
+char *Curl_auth_build_spn(const char *service, const char *host,
+ const char *realm)
+{
+ char *spn = NULL;
+
+ /* Generate our SPN */
+ if(host && realm)
+ spn = aprintf("%s/%s@%s", service, host, realm);
+ else if(host)
+ spn = aprintf("%s/%s", service, host);
+ else if(realm)
+ spn = aprintf("%s@%s", service, realm);
+
+ /* Return our newly allocated SPN */
+ return spn;
+}
+#else
+TCHAR *Curl_auth_build_spn(const char *service, const char *host,
+ const char *realm)
+{
+ char *utf8_spn = NULL;
+ TCHAR *tchar_spn = NULL;
+
+ (void) realm;
+
+ /* Note: We could use DsMakeSPN() or DsClientMakeSpnForTargetServer() rather
+ than doing this ourselves but the first is only available in Windows XP
+ and Windows Server 2003 and the latter is only available in Windows 2000
+ but not Windows95/98/ME or Windows NT4.0 unless the Active Directory
+ Client Extensions are installed. As such it is far simpler for us to
+ formulate the SPN instead. */
+
+ /* Generate our UTF8 based SPN */
+ utf8_spn = aprintf("%s/%s", service, host);
+ if(!utf8_spn) {
+ return NULL;
+ }
+
+ /* Allocate our TCHAR based SPN */
+ tchar_spn = Curl_convert_UTF8_to_tchar(utf8_spn);
+ if(!tchar_spn) {
+ free(utf8_spn);
+
+ return NULL;
+ }
+
+ /* Release the UTF8 variant when operating with Unicode */
+ Curl_unicodefree(utf8_spn);
+
+ /* Return our newly allocated SPN */
+ return tchar_spn;
+}
+#endif /* USE_WINDOWS_SSPI */
+
+/*
+* Curl_auth_user_contains_domain()
+*
+* This is used to test if the specified user contains a Windows domain name as
+* follows:
+*
+* User\Domain (Down-level Logon Name)
+* User/Domain (curl Down-level format - for compatibility with existing code)
+* User@Domain (User Principal Name)
+*
+* Note: The user name may be empty when using a GSS-API library or Windows SSPI
+* as the user and domain are either obtained from the credientals cache when
+* using GSS-API or via the currently logged in user's credientals when using
+* Windows SSPI.
+*
+* Parameters:
+*
+* user [in] - The user name.
+*
+* Returns TRUE on success; otherwise FALSE.
+*/
+bool Curl_auth_user_contains_domain(const char *user)
+{
+ bool valid = FALSE;
+
+ if(user && *user) {
+ /* Check we have a domain name or UPN present */
+ char *p = strpbrk(user, "\\/@");
+
+ valid = (p != NULL && p > user && p < user + strlen(user) - 1 ? TRUE :
+ FALSE);
+ }
+#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+ else
+ /* User and domain are obtained from the GSS-API credientials cache or the
+ currently logged in user from Windows */
+ valid = TRUE;
+#endif
+
+ return valid;
+}
diff --git a/libs/libcurl/src/vauth/vauth.h b/libs/libcurl/src/vauth/vauth.h
new file mode 100644
index 0000000000..dfaf985c60
--- /dev/null
+++ b/libs/libcurl/src/vauth/vauth.h
@@ -0,0 +1,205 @@
+#ifndef HEADER_CURL_VAUTH_H
+#define HEADER_CURL_VAUTH_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2014 - 2017, Steve Holme, <steve_holme@hotmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <curl/curl.h>
+
+struct Curl_easy;
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+struct digestdata;
+#endif
+
+#if defined(USE_NTLM)
+struct ntlmdata;
+#endif
+
+#if defined(USE_KERBEROS5)
+struct kerberos5data;
+#endif
+
+#if (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) && defined(USE_SPNEGO)
+struct negotiatedata;
+#endif
+
+#if defined(USE_WINDOWS_SSPI)
+#define GSS_ERROR(status) (status & 0x80000000)
+#endif
+
+/* This is used to build a SPN string */
+#if !defined(USE_WINDOWS_SSPI)
+char *Curl_auth_build_spn(const char *service, const char *host,
+ const char *realm);
+#else
+TCHAR *Curl_auth_build_spn(const char *service, const char *host,
+ const char *realm);
+#endif
+
+/* This is used to test if the user contains a Windows domain name */
+bool Curl_auth_user_contains_domain(const char *user);
+
+/* This is used to generate a base64 encoded PLAIN cleartext message */
+CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded LOGIN cleartext message */
+CURLcode Curl_auth_create_login_message(struct Curl_easy *data,
+ const char *valuep, char **outptr,
+ size_t *outlen);
+
+/* This is used to generate a base64 encoded EXTERNAL cleartext message */
+CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
+ const char *user, char **outptr,
+ size_t *outlen);
+
+#if !defined(CURL_DISABLE_CRYPTO_AUTH)
+/* This is used to decode a CRAM-MD5 challenge message */
+CURLcode Curl_auth_decode_cram_md5_message(const char *chlg64, char **outptr,
+ size_t *outlen);
+
+/* This is used to generate a CRAM-MD5 response message */
+CURLcode Curl_auth_create_cram_md5_message(struct Curl_easy *data,
+ const char *chlg,
+ const char *userp,
+ const char *passwdp,
+ char **outptr, size_t *outlen);
+
+/* This is used to evaluate if DIGEST is supported */
+bool Curl_auth_is_digest_supported(void);
+
+/* This is used to generate a base64 encoded DIGEST-MD5 response message */
+CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data,
+ const char *chlg64,
+ const char *userp,
+ const char *passwdp,
+ const char *service,
+ char **outptr, size_t *outlen);
+
+/* This is used to decode a HTTP DIGEST challenge message */
+CURLcode Curl_auth_decode_digest_http_message(const char *chlg,
+ struct digestdata *digest);
+
+/* This is used to generate a HTTP DIGEST response message */
+CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ const unsigned char *request,
+ const unsigned char *uri,
+ struct digestdata *digest,
+ char **outptr, size_t *outlen);
+
+/* This is used to clean up the digest specific data */
+void Curl_auth_digest_cleanup(struct digestdata *digest);
+#endif /* !CURL_DISABLE_CRYPTO_AUTH */
+
+#if defined(USE_NTLM)
+/* This is used to evaluate if NTLM is supported */
+bool Curl_auth_is_ntlm_supported(void);
+
+/* This is used to generate a base64 encoded NTLM type-1 message */
+CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct ntlmdata *ntlm,
+ char **outptr,
+ size_t *outlen);
+
+/* This is used to decode a base64 encoded NTLM type-2 message */
+CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data,
+ const char *type2msg,
+ struct ntlmdata *ntlm);
+
+/* This is used to generate a base64 encoded NTLM type-3 message */
+CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ struct ntlmdata *ntlm,
+ char **outptr, size_t *outlen);
+
+/* This is used to clean up the NTLM specific data */
+void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm);
+#endif /* USE_NTLM */
+
+/* This is used to generate a base64 encoded OAuth 2.0 message */
+CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
+ const char *user,
+ const char *host,
+ const long port,
+ const char *bearer,
+ char **outptr, size_t *outlen);
+#if defined(USE_KERBEROS5)
+/* This is used to evaluate if GSSAPI (Kerberos V5) is supported */
+bool Curl_auth_is_gssapi_supported(void);
+
+/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token
+ message */
+CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
+ const char *userp,
+ const char *passwdp,
+ const char *service,
+ const char *host,
+ const bool mutual,
+ const char *chlg64,
+ struct kerberos5data *krb5,
+ char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security
+ token message */
+CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
+ const char *input,
+ struct kerberos5data *krb5,
+ char **outptr,
+ size_t *outlen);
+
+/* This is used to clean up the GSSAPI specific data */
+void Curl_auth_gssapi_cleanup(struct kerberos5data *krb5);
+#endif /* USE_KERBEROS5 */
+
+#if defined(USE_SPNEGO)
+/* This is used to evaluate if SPNEGO (Negotiate) is supported */
+bool Curl_auth_is_spnego_supported(void);
+
+/* This is used to decode a base64 encoded SPNEGO (Negotiate) challenge
+ message */
+CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
+ const char *user,
+ const char *passwood,
+ const char *service,
+ const char *host,
+ const char *chlg64,
+ struct negotiatedata *nego);
+
+/* This is used to generate a base64 encoded SPNEGO (Negotiate) response
+ message */
+CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
+ struct negotiatedata *nego,
+ char **outptr, size_t *outlen);
+
+/* This is used to clean up the SPNEGO specifiec data */
+void Curl_auth_spnego_cleanup(struct negotiatedata *nego);
+
+#endif /* USE_SPNEGO */
+
+#endif /* HEADER_CURL_VAUTH_H */
diff --git a/libs/libcurl/src/version.c b/libs/libcurl/src/version.c
index 1f62131eba..79cc0bba47 100644
--- a/libs/libcurl/src/version.c
+++ b/libs/libcurl/src/version.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,11 +24,9 @@
#include <curl/curl.h>
#include "urldata.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "http2.h"
-
-#define _MPRINTF_REPLACE /* use the internal *printf() functions */
-#include <curl/mprintf.h>
+#include "curl_printf.h"
#ifdef USE_ARES
# if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
@@ -38,8 +36,12 @@
# include <ares.h>
#endif
-#ifdef USE_LIBIDN
-#include <stringprep.h>
+#ifdef USE_LIBIDN2
+#include <idn2.h>
+#endif
+
+#ifdef USE_LIBPSL
+#include <libpsl.h>
#endif
#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS)
@@ -62,13 +64,51 @@
#define CURL_LIBSSH2_VERSION LIBSSH2_VERSION
#endif
+#ifdef HAVE_ZLIB_H
+#include <zlib.h>
+#ifdef __SYMBIAN32__
+/* zlib pollutes the namespace with this definition */
+#undef WIN32
+#endif
+#endif
+
+#ifdef HAVE_BROTLI
+#include <brotli/decode.h>
+#endif
+
+void Curl_version_init(void);
+
+/* For thread safety purposes this function is called by global_init so that
+ the static data in both version functions is initialized. */
+void Curl_version_init(void)
+{
+ curl_version();
+ curl_version_info(CURLVERSION_NOW);
+}
+
+#ifdef HAVE_BROTLI
+static size_t brotli_version(char *buf, size_t bufsz)
+{
+ uint32_t brotli_version = BrotliDecoderVersion();
+ unsigned int major = brotli_version >> 24;
+ unsigned int minor = (brotli_version & 0x00FFFFFF) >> 12;
+ unsigned int patch = brotli_version & 0x00000FFF;
+
+ return snprintf(buf, bufsz, "%u.%u.%u", major, minor, patch);
+}
+#endif
+
char *curl_version(void)
{
+ static bool initialized;
static char version[200];
char *ptr = version;
size_t len;
size_t left = sizeof(version);
+ if(initialized)
+ return version;
+
strcpy(ptr, LIBCURL_NAME "/" LIBCURL_VERSION);
len = strlen(ptr);
left -= len;
@@ -89,19 +129,32 @@ char *curl_version(void)
left -= len;
ptr += len;
#endif
+#ifdef HAVE_BROTLI
+ len = snprintf(ptr, left, "%s", " brotli/");
+ left -= len;
+ ptr += len;
+ len = brotli_version(ptr, left);
+ left -= len;
+ ptr += len;
+#endif
#ifdef USE_ARES
/* this function is only present in c-ares, not in the original ares */
len = snprintf(ptr, left, " c-ares/%s", ares_version(NULL));
left -= len;
ptr += len;
#endif
-#ifdef USE_LIBIDN
- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
- len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL));
+#ifdef USE_LIBIDN2
+ if(idn2_check_version(IDN2_VERSION)) {
+ len = snprintf(ptr, left, " libidn2/%s", idn2_check_version(NULL));
left -= len;
ptr += len;
}
#endif
+#ifdef USE_LIBPSL
+ len = snprintf(ptr, left, " libpsl/%s", psl_get_version());
+ left -= len;
+ ptr += len;
+#endif
#ifdef USE_WIN32_IDN
len = snprintf(ptr, left, " WinIDN");
left -= len;
@@ -153,6 +206,7 @@ char *curl_version(void)
}
#endif
+ initialized = true;
return version;
}
@@ -216,6 +270,14 @@ static const char * const protocols[] = {
#ifdef USE_LIBSSH2
"sftp",
#endif
+#if !defined(CURL_DISABLE_SMB) && defined(USE_NTLM) && \
+ (CURL_SIZEOF_CURL_OFF_T > 4) && \
+ (!defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO))
+ "smb",
+# ifdef USE_SSL
+ "smbs",
+# endif
+#endif
#ifndef CURL_DISABLE_SMTP
"smtp",
#endif
@@ -247,18 +309,25 @@ static curl_version_info_data version_info = {
#ifdef USE_NTLM
| CURL_VERSION_NTLM
#endif
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
+ defined(NTLM_WB_ENABLED)
| CURL_VERSION_NTLM_WB
#endif
+#ifdef USE_SPNEGO
+ | CURL_VERSION_SPNEGO
+#endif
+#ifdef USE_KERBEROS5
+ | CURL_VERSION_KERBEROS5
+#endif
+#ifdef HAVE_GSSAPI
+ | CURL_VERSION_GSSAPI
+#endif
#ifdef USE_WINDOWS_SSPI
| CURL_VERSION_SSPI
#endif
#ifdef HAVE_LIBZ
| CURL_VERSION_LIBZ
#endif
-#ifdef USE_HTTP_NEGOTIATE
- | CURL_VERSION_GSSNEGOTIATE
-#endif
#ifdef DEBUGBUILD
| CURL_VERSION_DEBUG
#endif
@@ -268,9 +337,6 @@ static curl_version_info_data version_info = {
#ifdef CURLRES_ASYNCH
| CURL_VERSION_ASYNCHDNS
#endif
-#ifdef HAVE_SPNEGO
- | CURL_VERSION_SPNEGO
-#endif
#if (CURL_SIZEOF_CURL_OFF_T > 4) && \
( (SIZEOF_OFF_T > 4) || defined(USE_WIN32_LARGE_FILES) )
| CURL_VERSION_LARGEFILE
@@ -284,6 +350,18 @@ static curl_version_info_data version_info = {
#if defined(USE_NGHTTP2)
| CURL_VERSION_HTTP2
#endif
+#if defined(USE_UNIX_SOCKETS)
+ | CURL_VERSION_UNIX_SOCKETS
+#endif
+#if defined(USE_LIBPSL)
+ | CURL_VERSION_PSL
+#endif
+#if defined(CURL_WITH_MULTI_SSL)
+ | CURL_VERSION_MULTI_SSL
+#endif
+#if defined(HAVE_BROTLI)
+ | CURL_VERSION_BROTLI
+#endif
,
NULL, /* ssl_version */
0, /* ssl_version_num, this is kept at zero */
@@ -294,18 +372,33 @@ static curl_version_info_data version_info = {
NULL, /* libidn version */
0, /* iconv version */
NULL, /* ssh lib version */
+ 0, /* brotli_ver_num */
+ NULL, /* brotli version */
};
curl_version_info_data *curl_version_info(CURLversion stamp)
{
+ static bool initialized;
#ifdef USE_LIBSSH2
static char ssh_buffer[80];
#endif
-
#ifdef USE_SSL
static char ssl_buffer[80];
+#endif
+#ifdef HAVE_BROTLI
+ static char brotli_buffer[80];
+#endif
+
+ if(initialized)
+ return &version_info;
+
+#ifdef USE_SSL
Curl_ssl_version(ssl_buffer, sizeof(ssl_buffer));
version_info.ssl_version = ssl_buffer;
+ if(Curl_ssl->support_https_proxy)
+ version_info.features |= CURL_VERSION_HTTPS_PROXY;
+ else
+ version_info.features &= ~CURL_VERSION_HTTPS_PROXY;
#endif
#ifdef HAVE_LIBZ
@@ -319,10 +412,10 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
version_info.ares_num = aresnum;
}
#endif
-#ifdef USE_LIBIDN
+#ifdef USE_LIBIDN2
/* This returns a version string if we use the given version or later,
otherwise it returns NULL */
- version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION);
+ version_info.libidn = idn2_check_version(IDN2_VERSION);
if(version_info.libidn)
version_info.features |= CURL_VERSION_IDN;
#elif defined(USE_WIN32_IDN)
@@ -343,7 +436,14 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
version_info.libssh_version = ssh_buffer;
#endif
+#ifdef HAVE_BROTLI
+ version_info.brotli_ver_num = BrotliDecoderVersion();
+ brotli_version(brotli_buffer, sizeof brotli_buffer);
+ version_info.brotli_version = brotli_buffer;
+#endif
+
(void)stamp; /* avoid compiler warnings, we don't use this */
+ initialized = true;
return &version_info;
}
diff --git a/libs/libcurl/src/axtls.c b/libs/libcurl/src/vtls/axtls.c
index 44e6b9303c..9294f49edc 100644
--- a/libs/libcurl/src/axtls.c
+++ b/libs/libcurl/src/vtls/axtls.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010, DirecTV
- * contact: Eric Hu <ehu@directv.com>
+ * Copyright (C) 2010, DirecTV, Contact: Eric Hu, <ehu@directv.com>.
+ * Copyright (C) 2010 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -23,48 +23,40 @@
/*
* Source file for all axTLS-specific code for the TLS/SSL layer. No code
- * but sslgen.c should ever call or use these functions.
+ * but vtls.c should ever call or use these functions.
*/
#include "curl_setup.h"
#ifdef USE_AXTLS
+#include <axTLS/config.h>
#include <axTLS/ssl.h>
#include "axtls.h"
#include "sendf.h"
#include "inet_pton.h"
-#include "sslgen.h"
+#include "vtls.h"
#include "parsedate.h"
#include "connect.h" /* for the connect timeout */
#include "select.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-#include "curl_memory.h"
-#include <unistd.h>
-/* The last #include file should be: */
-#include "memdebug.h"
+#include "curl_printf.h"
#include "hostcheck.h"
+#include <unistd.h>
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
-/* Global axTLS init, called from Curl_ssl_init() */
-int Curl_axtls_init(void)
-{
-/* axTLS has no global init. Everything is done through SSL and SSL_CTX
- * structs stored in connectdata structure. Perhaps can move to axtls.h.
- */
- return 1;
-}
+struct ssl_backend_data {
+ SSL_CTX* ssl_ctx;
+ SSL* ssl;
+};
-int Curl_axtls_cleanup(void)
-{
- /* axTLS has no global cleanup. Perhaps can move this to axtls.h. */
- return 1;
-}
+#define BACKEND connssl->backend
static CURLcode map_error_to_curl(int axtls_err)
{
- switch (axtls_err) {
+ switch(axtls_err) {
case SSL_ERROR_NOT_SUPPORTED:
case SSL_ERROR_INVALID_VERSION:
case -70: /* protocol version alert from server */
@@ -119,13 +111,13 @@ static Curl_send axtls_send;
static void free_ssl_structs(struct ssl_connect_data *connssl)
{
- if(connssl->ssl) {
- ssl_free (connssl->ssl);
- connssl->ssl = NULL;
+ if(BACKEND->ssl) {
+ ssl_free(BACKEND->ssl);
+ BACKEND->ssl = NULL;
}
- if(connssl->ssl_ctx) {
- ssl_ctx_free(connssl->ssl_ctx);
- connssl->ssl_ctx = NULL;
+ if(BACKEND->ssl_ctx) {
+ ssl_ctx_free(BACKEND->ssl_ctx);
+ BACKEND->ssl_ctx = NULL;
}
}
@@ -136,14 +128,13 @@ static void free_ssl_structs(struct ssl_connect_data *connssl)
*/
static CURLcode connect_prep(struct connectdata *conn, int sockindex)
{
- struct SessionHandle *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
SSL_CTX *ssl_ctx;
SSL *ssl = NULL;
int cert_types[] = {SSL_OBJ_X509_CERT, SSL_OBJ_PKCS12, 0};
int key_types[] = {SSL_OBJ_RSA_KEY, SSL_OBJ_PKCS8, SSL_OBJ_PKCS12, 0};
int i, ssl_fcn_return;
- const uint8_t *ssl_sessionid;
- size_t ssl_idsize;
/* Assuming users will not compile in custom key/cert to axTLS.
* Also, even for blocking connects, use axTLS non-blocking feature.
@@ -152,19 +143,26 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
SSL_SERVER_VERIFY_LATER |
SSL_CONNECT_IN_PARTS;
- if(conn->ssl[sockindex].state == ssl_connection_complete)
+ if(connssl->state == ssl_connection_complete)
/* to make us tolerant against being called more than once for the
same connection */
return CURLE_OK;
+ if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) {
+ failf(data, "axtls does not support CURL_SSLVERSION_MAX");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+
/* axTLS only supports TLSv1 */
/* check to see if we've been told to use an explicit SSL/TLS version */
- switch(data->set.ssl.version) {
+ switch(SSL_CONN_CONFIG(version)) {
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
break;
default:
- failf(data, "axTLS only supports TLSv1");
+ failf(data, "axTLS only supports TLS 1.0 and 1.1, "
+ "and it cannot be specified which one to use");
return CURLE_SSL_CONNECT_ERROR;
}
@@ -179,21 +177,21 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
return CURLE_SSL_CONNECT_ERROR;
}
- conn->ssl[sockindex].ssl_ctx = ssl_ctx;
- conn->ssl[sockindex].ssl = NULL;
+ BACKEND->ssl_ctx = ssl_ctx;
+ BACKEND->ssl = NULL;
/* Load the trusted CA cert bundle file */
- if(data->set.ssl.CAfile) {
- if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
- != SSL_OK) {
+ if(SSL_CONN_CONFIG(CAfile)) {
+ if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
+ SSL_CONN_CONFIG(CAfile), NULL) != SSL_OK) {
infof(data, "error reading ca cert file %s \n",
- data->set.ssl.CAfile);
- if(data->set.ssl.verifypeer) {
+ SSL_CONN_CONFIG(CAfile));
+ if(SSL_CONN_CONFIG(verifypeer)) {
return CURLE_SSL_CACERT_BADFILE;
}
}
else
- infof(data, "found certificates in %s\n", data->set.ssl.CAfile);
+ infof(data, "found certificates in %s\n", SSL_CONN_CONFIG(CAfile));
}
/* gtls.c tasks we're skipping for now:
@@ -205,15 +203,15 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
*/
/* Load client certificate */
- if(data->set.str[STRING_CERT]) {
- i=0;
+ if(SSL_SET_OPTION(cert)) {
+ i = 0;
/* Instead of trying to analyze cert type here, let axTLS try them all. */
while(cert_types[i] != 0) {
ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],
- data->set.str[STRING_CERT], NULL);
+ SSL_SET_OPTION(cert), NULL);
if(ssl_fcn_return == SSL_OK) {
infof(data, "successfully read cert file %s \n",
- data->set.str[STRING_CERT]);
+ SSL_SET_OPTION(cert));
break;
}
i++;
@@ -221,7 +219,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
/* Tried all cert types, none worked. */
if(cert_types[i] == 0) {
failf(data, "%s is not x509 or pkcs12 format",
- data->set.str[STRING_CERT]);
+ SSL_SET_OPTION(cert));
return CURLE_SSL_CERTPROBLEM;
}
}
@@ -229,15 +227,15 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
/* Load client key.
If a pkcs12 file successfully loaded a cert, then there's nothing to do
because the key has already been loaded. */
- if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {
- i=0;
+ if(SSL_SET_OPTION(key) && cert_types[i] != SSL_OBJ_PKCS12) {
+ i = 0;
/* Instead of trying to analyze key type here, let axTLS try them all. */
while(key_types[i] != 0) {
ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],
- data->set.str[STRING_KEY], NULL);
+ SSL_SET_OPTION(key), NULL);
if(ssl_fcn_return == SSL_OK) {
infof(data, "successfully read key file %s \n",
- data->set.str[STRING_KEY]);
+ SSL_SET_OPTION(key));
break;
}
i++;
@@ -245,7 +243,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
/* Tried all key types, none worked. */
if(key_types[i] == 0) {
failf(data, "Failure: %s is not a supported key file",
- data->set.str[STRING_KEY]);
+ SSL_SET_OPTION(key));
return CURLE_SSL_CONNECT_ERROR;
}
}
@@ -256,42 +254,70 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
* 2) setting up callbacks. these seem gnutls specific
*/
- /* In axTLS, handshaking happens inside ssl_client_new. */
- if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)) {
- /* we got a session id, use it! */
- infof (data, "SSL re-using session ID\n");
- ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex],
- ssl_sessionid, (uint8_t)ssl_idsize);
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ const uint8_t *ssl_sessionid;
+ size_t ssl_idsize;
+
+ /* In axTLS, handshaking happens inside ssl_client_new. */
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize,
+ sockindex)) {
+ /* we got a session id, use it! */
+ infof(data, "SSL re-using session ID\n");
+ ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex],
+ ssl_sessionid, (uint8_t)ssl_idsize, NULL);
+ }
+ Curl_ssl_sessionid_unlock(conn);
}
- else
- ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0);
- conn->ssl[sockindex].ssl = ssl;
+ if(!ssl)
+ ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0, NULL);
+
+ BACKEND->ssl = ssl;
return CURLE_OK;
}
+static void Curl_axtls_close(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ infof(conn->data, " Curl_axtls_close\n");
+
+ /* line from openssl.c: (void)SSL_shutdown(BACKEND->ssl);
+ axTLS compat layer does nothing for SSL_shutdown */
+
+ /* The following line is from openssl.c. There seems to be no axTLS
+ equivalent. ssl_free and ssl_ctx_free close things.
+ SSL_set_connect_state(connssl->handle); */
+
+ free_ssl_structs(connssl);
+}
+
/*
* For both blocking and non-blocking connects, this function finalizes the
* SSL connection.
*/
static CURLcode connect_finish(struct connectdata *conn, int sockindex)
{
- struct SessionHandle *data = conn->data;
- SSL *ssl = conn->ssl[sockindex].ssl;
- const uint8_t *ssl_sessionid;
- size_t ssl_idsize;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SSL *ssl = BACKEND->ssl;
const char *peer_CN;
uint32_t dns_altname_index;
const char *dns_altname;
int8_t found_subject_alt_names = 0;
int8_t found_subject_alt_name_matching_conn = 0;
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const char * const dispname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.dispname : conn->host.dispname;
/* Here, gtls.c gets the peer certificates and fails out depending on
* settings in "data." axTLS api doesn't have get cert chain fcn, so omit?
*/
/* Verify server's certificate */
- if(data->set.ssl.verifypeer) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
if(ssl_verify_cert(ssl) != SSL_OK) {
Curl_axtls_close(conn, sockindex);
failf(data, "server cert verify failed");
@@ -322,8 +348,8 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
found_subject_alt_names = 1;
infof(data, "\tComparing subject alt name DNS with hostname: %s <-> %s\n",
- dns_altname, conn->host.name);
- if(Curl_cert_hostcheck(dns_altname, conn->host.name)) {
+ dns_altname, hostname);
+ if(Curl_cert_hostcheck(dns_altname, hostname)) {
found_subject_alt_name_matching_conn = 1;
break;
}
@@ -331,23 +357,21 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
/* RFC2818 checks */
if(found_subject_alt_names && !found_subject_alt_name_matching_conn) {
- if(data->set.ssl.verifyhost) {
+ if(SSL_CONN_CONFIG(verifyhost)) {
/* Break connection ! */
Curl_axtls_close(conn, sockindex);
- failf(data, "\tsubjectAltName(s) do not match %s\n",
- conn->host.dispname);
+ failf(data, "\tsubjectAltName(s) do not match %s\n", dispname);
return CURLE_PEER_FAILED_VERIFICATION;
}
else
- infof(data, "\tsubjectAltName(s) do not match %s\n",
- conn->host.dispname);
+ infof(data, "\tsubjectAltName(s) do not match %s\n", dispname);
}
else if(found_subject_alt_names == 0) {
/* Per RFC2818, when no Subject Alt Names were available, examine the peer
CN as a legacy fallback */
peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
if(peer_CN == NULL) {
- if(data->set.ssl.verifyhost) {
+ if(SSL_CONN_CONFIG(verifyhost)) {
Curl_axtls_close(conn, sockindex);
failf(data, "unable to obtain common name from peer certificate");
return CURLE_PEER_FAILED_VERIFICATION;
@@ -356,32 +380,36 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
infof(data, "unable to obtain common name from peer certificate");
}
else {
- if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
- if(data->set.ssl.verifyhost) {
+ if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
+ if(SSL_CONN_CONFIG(verifyhost)) {
/* Break connection ! */
Curl_axtls_close(conn, sockindex);
failf(data, "\tcommon name \"%s\" does not match \"%s\"\n",
- peer_CN, conn->host.dispname);
+ peer_CN, dispname);
return CURLE_PEER_FAILED_VERIFICATION;
}
else
infof(data, "\tcommon name \"%s\" does not match \"%s\"\n",
- peer_CN, conn->host.dispname);
+ peer_CN, dispname);
}
}
}
/* General housekeeping */
- conn->ssl[sockindex].state = ssl_connection_complete;
+ connssl->state = ssl_connection_complete;
conn->recv[sockindex] = axtls_recv;
conn->send[sockindex] = axtls_send;
/* Put our freshly minted SSL session in cache */
- ssl_idsize = ssl_get_session_id_size(ssl);
- ssl_sessionid = ssl_get_session_id(ssl);
- if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize)
- != CURLE_OK)
- infof (data, "failed to add session to cache\n");
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ const uint8_t *ssl_sessionid = ssl_get_session_id(ssl);
+ size_t ssl_idsize = ssl_get_session_id_size(ssl);
+ Curl_ssl_sessionid_lock(conn);
+ if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize,
+ sockindex) != CURLE_OK)
+ infof(data, "failed to add session to cache\n");
+ Curl_ssl_sessionid_unlock(conn);
+ }
return CURLE_OK;
}
@@ -389,45 +417,48 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
/*
* Use axTLS's non-blocking connection feature to open an SSL connection.
* This is called after a TCP connection is already established.
-*/
-CURLcode Curl_axtls_connect_nonblocking(
- struct connectdata *conn,
- int sockindex,
- bool *done)
+ */
+static CURLcode Curl_axtls_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CURLcode conn_step;
int ssl_fcn_return;
+ int i;
*done = FALSE;
/* connectdata is calloc'd and connecting_state is only changed in this
function, so this is safe, as the state is effectively initialized. */
- if(conn->ssl[sockindex].connecting_state == ssl_connect_1) {
+ if(connssl->connecting_state == ssl_connect_1) {
conn_step = connect_prep(conn, sockindex);
if(conn_step != CURLE_OK) {
Curl_axtls_close(conn, sockindex);
return conn_step;
}
- conn->ssl[sockindex].connecting_state = ssl_connect_2;
+ connssl->connecting_state = ssl_connect_2;
}
- if(conn->ssl[sockindex].connecting_state == ssl_connect_2) {
+ if(connssl->connecting_state == ssl_connect_2) {
/* Check to make sure handshake was ok. */
- if(ssl_handshake_status(conn->ssl[sockindex].ssl) != SSL_OK) {
- ssl_fcn_return = ssl_read(conn->ssl[sockindex].ssl, NULL);
- if(ssl_fcn_return < 0) {
- Curl_axtls_close(conn, sockindex);
- ssl_display_error(ssl_fcn_return); /* goes to stdout. */
- return map_error_to_curl(ssl_fcn_return);
- }
- else {
- return CURLE_OK; /* Return control to caller for retries */
+ if(ssl_handshake_status(BACKEND->ssl) != SSL_OK) {
+ /* Loop to perform more work in between sleeps. This is work around the
+ fact that axtls does not expose any knowledge about when work needs
+ to be performed. This can save ~25% of time on SSL handshakes. */
+ for(i = 0; i<5; i++) {
+ ssl_fcn_return = ssl_read(BACKEND->ssl, NULL);
+ if(ssl_fcn_return < 0) {
+ Curl_axtls_close(conn, sockindex);
+ ssl_display_error(ssl_fcn_return); /* goes to stdout. */
+ return map_error_to_curl(ssl_fcn_return);
+ }
+ return CURLE_OK;
}
}
- infof (conn->data, "handshake completed successfully\n");
- conn->ssl[sockindex].connecting_state = ssl_connect_3;
+ infof(conn->data, "handshake completed successfully\n");
+ connssl->connecting_state = ssl_connect_3;
}
- if(conn->ssl[sockindex].connecting_state == ssl_connect_3) {
+ if(connssl->connecting_state == ssl_connect_3) {
conn_step = connect_finish(conn, sockindex);
if(conn_step != CURLE_OK) {
Curl_axtls_close(conn, sockindex);
@@ -435,15 +466,15 @@ CURLcode Curl_axtls_connect_nonblocking(
}
/* Reset connect state */
- conn->ssl[sockindex].connecting_state = ssl_connect_1;
+ connssl->connecting_state = ssl_connect_1;
*done = TRUE;
return CURLE_OK;
}
/* Unrecognized state. Things are very bad. */
- conn->ssl[sockindex].state = ssl_connection_none;
- conn->ssl[sockindex].connecting_state = ssl_connect_1;
+ connssl->state = ssl_connection_none;
+ connssl->connecting_state = ssl_connect_1;
/* Return value perhaps not strictly correct, but distinguishes the issue.*/
return CURLE_BAD_FUNCTION_ARGUMENT;
}
@@ -453,14 +484,14 @@ CURLcode Curl_axtls_connect_nonblocking(
* This function is called after the TCP connect has completed. Setup the TLS
* layer and do all necessary magic for a blocking connect.
*/
-CURLcode
-Curl_axtls_connect(struct connectdata *conn,
- int sockindex)
-
+static CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex)
{
+ struct Curl_easy *data = conn->data;
CURLcode conn_step = connect_prep(conn, sockindex);
int ssl_fcn_return;
- SSL *ssl = conn->ssl[sockindex].ssl;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SSL *ssl = BACKEND->ssl;
+ long timeout_ms;
if(conn_step != CURLE_OK) {
Curl_axtls_close(conn, sockindex);
@@ -469,15 +500,25 @@ Curl_axtls_connect(struct connectdata *conn,
/* Check to make sure handshake was ok. */
while(ssl_handshake_status(ssl) != SSL_OK) {
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
ssl_fcn_return = ssl_read(ssl, NULL);
if(ssl_fcn_return < 0) {
Curl_axtls_close(conn, sockindex);
ssl_display_error(ssl_fcn_return); /* goes to stdout. */
return map_error_to_curl(ssl_fcn_return);
}
- usleep(10000);
+ /* TODO: avoid polling */
+ Curl_wait_ms(10);
}
- infof (conn->data, "handshake completed successfully\n");
+ infof(conn->data, "handshake completed successfully\n");
conn_step = connect_finish(conn, sockindex);
if(conn_step != CURLE_OK) {
@@ -495,12 +536,13 @@ static ssize_t axtls_send(struct connectdata *conn,
size_t len,
CURLcode *err)
{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
/* ssl_write() returns 'int' while write() and send() returns 'size_t' */
- int rc = ssl_write(conn->ssl[sockindex].ssl, mem, (int)len);
+ int rc = ssl_write(BACKEND->ssl, mem, (int)len);
infof(conn->data, " axtls_send\n");
- if(rc < 0 ) {
+ if(rc < 0) {
*err = map_error_to_curl(rc);
rc = -1; /* generic error code for send failure */
}
@@ -509,40 +551,18 @@ static ssize_t axtls_send(struct connectdata *conn,
return rc;
}
-void Curl_axtls_close_all(struct SessionHandle *data)
-{
- (void)data;
- infof(data, " Curl_axtls_close_all\n");
-}
-
-void Curl_axtls_close(struct connectdata *conn, int sockindex)
-{
- struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-
- infof(conn->data, " Curl_axtls_close\n");
-
- /* line from ssluse.c: (void)SSL_shutdown(connssl->ssl);
- axTLS compat layer does nothing for SSL_shutdown */
-
- /* The following line is from ssluse.c. There seems to be no axTLS
- equivalent. ssl_free and ssl_ctx_free close things.
- SSL_set_connect_state(connssl->handle); */
-
- free_ssl_structs(connssl);
-}
-
/*
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
-int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
+static int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
{
- /* Outline taken from ssluse.c since functions are in axTLS compat layer.
+ /* Outline taken from openssl.c since functions are in axTLS compat layer.
axTLS's error set is much smaller, so a lot of error-handling was removed.
*/
int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
uint8_t *buf;
ssize_t nread;
@@ -555,18 +575,17 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
/* axTLS compat layer does nothing for SSL_shutdown, so we do nothing too
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
- (void)SSL_shutdown(connssl->ssl);
+ (void)SSL_shutdown(BACKEND->ssl);
*/
- if(connssl->ssl) {
- int what = Curl_socket_ready(conn->sock[sockindex],
- CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+ if(BACKEND->ssl) {
+ int what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT);
if(what > 0) {
/* Something to read, let's do it and hope that it is the close
notify alert from the server. buf is managed internally by
axTLS and will be released upon calling ssl_free via
free_ssl_structs. */
- nread = (ssize_t)ssl_read(connssl->ssl, &buf);
+ nread = (ssize_t)ssl_read(BACKEND->ssl, &buf);
if(nread < SSL_OK) {
failf(data, "close notify alert not received during shutdown");
@@ -602,7 +621,7 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
*err = CURLE_OK;
if(connssl) {
- ret = ssl_read(connssl->ssl, &read_buf);
+ ret = ssl_read(BACKEND->ssl, &read_buf);
if(ret > SSL_OK) {
/* ssl_read returns SSL_OK if there is more data to read, so if it is
larger, then all data has been read already. */
@@ -621,7 +640,7 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
}
else {
failf(conn->data, "axTLS recv error (%d)", ret);
- *err = map_error_to_curl(ret);
+ *err = map_error_to_curl((int) ret);
ret = -1;
}
}
@@ -635,9 +654,10 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
-int Curl_axtls_check_cxn(struct connectdata *conn)
+static int Curl_axtls_check_cxn(struct connectdata *conn)
{
- /* ssluse.c line: rc = SSL_peek(conn->ssl[FIRSTSOCKET].ssl, (void*)&buf, 1);
+ /* openssl.c line:
+ rc = SSL_peek(conn->ssl[FIRSTSOCKET].backend->ssl, (void*)&buf, 1);
axTLS compat layer always returns the last argument, so connection is
always alive? */
@@ -645,17 +665,78 @@ int Curl_axtls_check_cxn(struct connectdata *conn)
return 1; /* connection still in place */
}
-void Curl_axtls_session_free(void *ptr)
+static void Curl_axtls_session_free(void *ptr)
{
(void)ptr;
/* free the ID */
- /* both ssluse.c and gtls.c do something here, but axTLS's OpenSSL
+ /* both openssl.c and gtls.c do something here, but axTLS's OpenSSL
compatibility layer does nothing, so we do nothing too. */
}
-size_t Curl_axtls_version(char *buffer, size_t size)
+static size_t Curl_axtls_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "axTLS/%s", ssl_version());
}
+static CURLcode Curl_axtls_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
+{
+ static bool ssl_seeded = FALSE;
+ (void)data;
+ if(!ssl_seeded) {
+ ssl_seeded = TRUE;
+ /* Initialize the seed if not already done. This call is not exactly thread
+ * safe (and neither is the ssl_seeded check), but the worst effect of a
+ * race condition is that some global resources will leak. */
+ RNG_initialize();
+ }
+ get_random((int)length, entropy);
+ return CURLE_OK;
+}
+
+static void *Curl_axtls_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return BACKEND->ssl;
+}
+
+const struct Curl_ssl Curl_ssl_axtls = {
+ { CURLSSLBACKEND_AXTLS, "axtls" }, /* info */
+
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ /*
+ * axTLS has no global init. Everything is done through SSL and SSL_CTX
+ * structs stored in connectdata structure.
+ */
+ Curl_none_init, /* init */
+ /* axTLS has no global cleanup. */
+ Curl_none_cleanup, /* cleanup */
+ Curl_axtls_version, /* version */
+ Curl_axtls_check_cxn, /* check_cxn */
+ Curl_axtls_shutdown, /* shutdown */
+ Curl_none_data_pending, /* data_pending */
+ Curl_axtls_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_axtls_connect, /* connect */
+ Curl_axtls_connect_nonblocking, /* connect_nonblocking */
+ Curl_axtls_get_internals, /* get_internals */
+ Curl_axtls_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_axtls_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
+};
+
#endif /* USE_AXTLS */
diff --git a/libs/libcurl/src/vtls/axtls.h b/libs/libcurl/src/vtls/axtls.h
new file mode 100644
index 0000000000..3f1e129c28
--- /dev/null
+++ b/libs/libcurl/src/vtls/axtls.h
@@ -0,0 +1,34 @@
+#ifndef HEADER_CURL_AXTLS_H
+#define HEADER_CURL_AXTLS_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010, DirecTV, Contact: Eric Hu <ehu@directv.com>
+ * Copyright (C) 2010 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#ifdef USE_AXTLS
+#include "curl/curl.h"
+#include "urldata.h"
+
+extern const struct Curl_ssl Curl_ssl_axtls;
+
+#endif /* USE_AXTLS */
+#endif /* HEADER_CURL_AXTLS_H */
+
diff --git a/libs/libcurl/src/vtls/cyassl.c b/libs/libcurl/src/vtls/cyassl.c
new file mode 100644
index 0000000000..e06522304b
--- /dev/null
+++ b/libs/libcurl/src/vtls/cyassl.c
@@ -0,0 +1,1017 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all CyaSSL-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_CYASSL
+
+#define WOLFSSL_OPTIONS_IGNORE_SYS
+/* CyaSSL's version.h, which should contain only the version, should come
+before all other CyaSSL includes and be immediately followed by build config
+aka options.h. https://curl.haxx.se/mail/lib-2015-04/0069.html */
+#include <cyassl/version.h>
+#if defined(HAVE_CYASSL_OPTIONS_H) && (LIBCYASSL_VERSION_HEX > 0x03004008)
+#if defined(CYASSL_API) || defined(WOLFSSL_API)
+/* Safety measure. If either is defined some API include was already included
+and that's a problem since options.h hasn't been included yet. */
+#error "CyaSSL API was included before the CyaSSL build options."
+#endif
+#include <cyassl/options.h>
+#endif
+
+/* To determine what functions are available we rely on one or both of:
+ - the user's options.h generated by CyaSSL/wolfSSL
+ - the symbols detected by curl's configure
+ Since they are markedly different from one another, and one or the other may
+ not be available, we do some checking below to bring things in sync. */
+
+/* HAVE_ALPN is wolfSSL's build time symbol for enabling ALPN in options.h. */
+#ifndef HAVE_ALPN
+#ifdef HAVE_WOLFSSL_USEALPN
+#define HAVE_ALPN
+#endif
+#endif
+
+/* WOLFSSL_ALLOW_SSLV3 is wolfSSL's build time symbol for enabling SSLv3 in
+ options.h, but is only seen in >= 3.6.6 since that's when they started
+ disabling SSLv3 by default. */
+#ifndef WOLFSSL_ALLOW_SSLV3
+#if (LIBCYASSL_VERSION_HEX < 0x03006006) || \
+ defined(HAVE_WOLFSSLV3_CLIENT_METHOD)
+#define WOLFSSL_ALLOW_SSLV3
+#endif
+#endif
+
+/* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC
+ supported curve extension in options.h. Note ECC is enabled separately. */
+#ifndef HAVE_SUPPORTED_CURVES
+#if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \
+ defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)
+#define HAVE_SUPPORTED_CURVES
+#endif
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "strcase.h"
+#include "x509asn1.h"
+#include "curl_printf.h"
+
+#include <cyassl/openssl/ssl.h>
+#include <cyassl/ssl.h>
+#ifdef HAVE_CYASSL_ERROR_SSL_H
+#include <cyassl/error-ssl.h>
+#else
+#include <cyassl/error.h>
+#endif
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/sha256.h>
+
+#include "cyassl.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#if LIBCYASSL_VERSION_HEX < 0x02007002 /* < 2.7.2 */
+#define CYASSL_MAX_ERROR_SZ 80
+#endif
+
+/* KEEP_PEER_CERT is a product of the presence of build time symbol
+ OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is
+ in wolfSSL's settings.h, and the latter two are build time symbols in
+ options.h. */
+#ifndef KEEP_PEER_CERT
+#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \
+ defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \
+ (defined(OPENSSL_EXTRA) && !defined(NO_CERTS))
+#define KEEP_PEER_CERT
+#endif
+#endif
+
+struct ssl_backend_data {
+ SSL_CTX* ctx;
+ SSL* handle;
+};
+
+#define BACKEND connssl->backend
+
+static Curl_recv cyassl_recv;
+static Curl_send cyassl_send;
+
+
+static int do_file_type(const char *type)
+{
+ if(!type || !type[0])
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "PEM"))
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "DER"))
+ return SSL_FILETYPE_ASN1;
+ return -1;
+}
+
+/*
+ * This function loads all the client/CA certificates and CRLs. Setup the TLS
+ * layer and do all necessary magic.
+ */
+static CURLcode
+cyassl_connect_step1(struct connectdata *conn,
+ int sockindex)
+{
+ char error_buffer[CYASSL_MAX_ERROR_SZ];
+ char *ciphers;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+ SSL_METHOD* req_method = NULL;
+ curl_socket_t sockfd = conn->sock[sockindex];
+#ifdef HAVE_SNI
+ bool sni = FALSE;
+#define use_sni(x) sni = (x)
+#else
+#define use_sni(x) Curl_nop_stmt
+#endif
+
+ if(connssl->state == ssl_connection_complete)
+ return CURLE_OK;
+
+ if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) {
+ failf(data, "CyaSSL does not support to set maximum SSL/TLS version");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* check to see if we've been told to use an explicit SSL/TLS version */
+ switch(SSL_CONN_CONFIG(version)) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+#if LIBCYASSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */
+ /* minimum protocol version is set later after the CTX object is created */
+ req_method = SSLv23_client_method();
+#else
+ infof(data, "CyaSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, "
+ "TLS 1.0 is used exclusively\n");
+ req_method = TLSv1_client_method();
+#endif
+ use_sni(TRUE);
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ req_method = TLSv1_client_method();
+ use_sni(TRUE);
+ break;
+ case CURL_SSLVERSION_TLSv1_1:
+ req_method = TLSv1_1_client_method();
+ use_sni(TRUE);
+ break;
+ case CURL_SSLVERSION_TLSv1_2:
+ req_method = TLSv1_2_client_method();
+ use_sni(TRUE);
+ break;
+ case CURL_SSLVERSION_TLSv1_3:
+ failf(data, "CyaSSL: TLS 1.3 is not yet supported");
+ return CURLE_SSL_CONNECT_ERROR;
+ case CURL_SSLVERSION_SSLv3:
+#ifdef WOLFSSL_ALLOW_SSLV3
+ req_method = SSLv3_client_method();
+ use_sni(FALSE);
+#else
+ failf(data, "CyaSSL does not support SSLv3");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ break;
+ case CURL_SSLVERSION_SSLv2:
+ failf(data, "CyaSSL does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(!req_method) {
+ failf(data, "SSL: couldn't create a method!");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(BACKEND->ctx)
+ SSL_CTX_free(BACKEND->ctx);
+ BACKEND->ctx = SSL_CTX_new(req_method);
+
+ if(!BACKEND->ctx) {
+ failf(data, "SSL: couldn't create a context!");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ switch(SSL_CONN_CONFIG(version)) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+#if LIBCYASSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */
+ /* Versions 3.3.0 to 3.4.6 we know the minimum protocol version is whatever
+ minimum version of TLS was built in and at least TLS 1.0. For later library
+ versions that could change (eg TLS 1.0 built in but defaults to TLS 1.1) so
+ we have this short circuit evaluation to find the minimum supported TLS
+ version. We use wolfSSL_CTX_SetMinVersion and not CyaSSL_SetMinVersion
+ because only the former will work before the user's CTX callback is called.
+ */
+ if((wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1) != 1) &&
+ (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_1) != 1) &&
+ (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_2) != 1)) {
+ failf(data, "SSL: couldn't set the minimum protocol version");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+#endif
+ break;
+ }
+
+ ciphers = SSL_CONN_CONFIG(cipher_list);
+ if(ciphers) {
+ if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
+ failf(data, "failed setting cipher list: %s", ciphers);
+ return CURLE_SSL_CIPHER;
+ }
+ infof(data, "Cipher selection: %s\n", ciphers);
+ }
+
+#ifndef NO_FILESYSTEM
+ /* load trusted cacert */
+ if(SSL_CONN_CONFIG(CAfile)) {
+ if(1 != SSL_CTX_load_verify_locations(BACKEND->ctx,
+ SSL_CONN_CONFIG(CAfile),
+ SSL_CONN_CONFIG(CApath))) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ /* Fail if we insist on successfully verifying the server. */
+ failf(data, "error setting certificate verify locations:\n"
+ " CAfile: %s\n CApath: %s",
+ SSL_CONN_CONFIG(CAfile)?
+ SSL_CONN_CONFIG(CAfile): "none",
+ SSL_CONN_CONFIG(CApath)?
+ SSL_CONN_CONFIG(CApath) : "none");
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else {
+ /* Just continue with a warning if no strict certificate
+ verification is required. */
+ infof(data, "error setting certificate verify locations,"
+ " continuing anyway:\n");
+ }
+ }
+ else {
+ /* Everything is fine. */
+ infof(data, "successfully set certificate verify locations:\n");
+ }
+ infof(data,
+ " CAfile: %s\n"
+ " CApath: %s\n",
+ SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
+ "none",
+ SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath):
+ "none");
+ }
+
+ /* Load the client certificate, and private key */
+ if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
+ int file_type = do_file_type(SSL_SET_OPTION(cert_type));
+
+ if(SSL_CTX_use_certificate_file(BACKEND->ctx, SSL_SET_OPTION(cert),
+ file_type) != 1) {
+ failf(data, "unable to use client certificate (no key or wrong pass"
+ " phrase?)");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ file_type = do_file_type(SSL_SET_OPTION(key_type));
+ if(SSL_CTX_use_PrivateKey_file(BACKEND->ctx, SSL_SET_OPTION(key),
+ file_type) != 1) {
+ failf(data, "unable to set private key");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+#endif /* !NO_FILESYSTEM */
+
+ /* SSL always tries to verify the peer, this only says whether it should
+ * fail to connect if the verification fails, or if it should continue
+ * anyway. In the latter case the result of the verification is checked with
+ * SSL_get_verify_result() below. */
+ SSL_CTX_set_verify(BACKEND->ctx,
+ SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER:
+ SSL_VERIFY_NONE,
+ NULL);
+
+#ifdef HAVE_SNI
+ if(sni) {
+ struct in_addr addr4;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr6;
+#endif
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ size_t hostname_len = strlen(hostname);
+ if((hostname_len < USHRT_MAX) &&
+ (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) &&
+#endif
+ (CyaSSL_CTX_UseSNI(BACKEND->ctx, CYASSL_SNI_HOST_NAME, hostname,
+ (unsigned short)hostname_len) != 1)) {
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+ }
+ }
+#endif
+
+#ifdef HAVE_SUPPORTED_CURVES
+ /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:
+ https://github.com/wolfSSL/wolfssl/issues/366
+ The supported curves below are those also supported by OpenSSL 1.0.2 and
+ in the same order. */
+ CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x17); /* secp256r1 */
+ CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x19); /* secp521r1 */
+ CyaSSL_CTX_UseSupportedCurve(BACKEND->ctx, 0x18); /* secp384r1 */
+#endif
+
+ /* give application a chance to interfere with SSL set up. */
+ if(data->set.ssl.fsslctx) {
+ CURLcode result = CURLE_OK;
+ result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx,
+ data->set.ssl.fsslctxp);
+ if(result) {
+ failf(data, "error signaled by ssl ctx callback");
+ return result;
+ }
+ }
+#ifdef NO_FILESYSTEM
+ else if(SSL_CONN_CONFIG(verifypeer)) {
+ failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built"
+ " with \"no filesystem\". Either disable peer verification"
+ " (insecure) or if you are building an application with libcurl you"
+ " can load certificates via CURLOPT_SSL_CTX_FUNCTION.");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+#endif
+
+ /* Let's make an SSL structure */
+ if(BACKEND->handle)
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = SSL_new(BACKEND->ctx);
+ if(!BACKEND->handle) {
+ failf(data, "SSL: couldn't create a context (handle)!");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+#ifdef HAVE_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ char protocols[128];
+ *protocols = '\0';
+
+ /* wolfSSL's ALPN protocol name list format is a comma separated string of
+ protocols in descending order of preference, eg: "h2,http/1.1" */
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+ strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
+ infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+#endif
+
+ strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
+ infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+ if(wolfSSL_UseALPN(BACKEND->handle, protocols,
+ (unsigned)strlen(protocols),
+ WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) {
+ failf(data, "SSL: failed setting ALPN protocols");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+#endif /* HAVE_ALPN */
+
+ /* Check if there's a cached ID we can/should use here! */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ void *ssl_sessionid = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
+ /* we got a session id, use it! */
+ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "SSL: SSL_set_session failed: %s",
+ ERR_error_string(SSL_get_error(BACKEND->handle, 0),
+ error_buffer));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ /* Informational message */
+ infof(data, "SSL re-using session ID\n");
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ /* pass the raw socket into the SSL layer */
+ if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
+ failf(data, "SSL: SSL_set_fd failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ connssl->connecting_state = ssl_connect_2;
+ return CURLE_OK;
+}
+
+
+static CURLcode
+cyassl_connect_step2(struct connectdata *conn,
+ int sockindex)
+{
+ int ret = -1;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const char * const dispname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.dispname : conn->host.dispname;
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+
+ conn->recv[sockindex] = cyassl_recv;
+ conn->send[sockindex] = cyassl_send;
+
+ /* Enable RFC2818 checks */
+ if(SSL_CONN_CONFIG(verifyhost)) {
+ ret = CyaSSL_check_domain_name(BACKEND->handle, hostname);
+ if(ret == SSL_FAILURE)
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ ret = SSL_connect(BACKEND->handle);
+ if(ret != 1) {
+ char error_buffer[CYASSL_MAX_ERROR_SZ];
+ int detail = SSL_get_error(BACKEND->handle, ret);
+
+ if(SSL_ERROR_WANT_READ == detail) {
+ connssl->connecting_state = ssl_connect_2_reading;
+ return CURLE_OK;
+ }
+ else if(SSL_ERROR_WANT_WRITE == detail) {
+ connssl->connecting_state = ssl_connect_2_writing;
+ return CURLE_OK;
+ }
+ /* There is no easy way to override only the CN matching.
+ * This will enable the override of both mismatching SubjectAltNames
+ * as also mismatching CN fields */
+ else if(DOMAIN_NAME_MISMATCH == detail) {
+#if 1
+ failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
+ dispname);
+ return CURLE_PEER_FAILED_VERIFICATION;
+#else
+ /* When the CyaSSL_check_domain_name() is used and you desire to continue
+ * on a DOMAIN_NAME_MISMATCH, i.e. 'conn->ssl_config.verifyhost == 0',
+ * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
+ * way to do this is currently to switch the CyaSSL_check_domain_name()
+ * in and out based on the 'conn->ssl_config.verifyhost' value. */
+ if(SSL_CONN_CONFIG(verifyhost)) {
+ failf(data,
+ "\tsubject alt name(s) or common name do not match \"%s\"\n",
+ dispname);
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else {
+ infof(data,
+ "\tsubject alt name(s) and/or common name do not match \"%s\"\n",
+ dispname);
+ return CURLE_OK;
+ }
+#endif
+ }
+#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */
+ else if(ASN_NO_SIGNER_E == detail) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ failf(data, "\tCA signer not available for verification\n");
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else {
+ /* Just continue with a warning if no strict certificate
+ verification is required. */
+ infof(data, "CA signer not available for verification, "
+ "continuing anyway\n");
+ }
+ }
+#endif
+ else {
+ failf(data, "SSL_connect failed with error %d: %s", detail,
+ ERR_error_string(detail, error_buffer));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+
+ if(pinnedpubkey) {
+#ifdef KEEP_PEER_CERT
+ X509 *x509;
+ const char *x509_der;
+ int x509_der_len;
+ curl_X509certificate x509_parsed;
+ curl_asn1Element *pubkey;
+ CURLcode result;
+
+ x509 = SSL_get_peer_certificate(BACKEND->handle);
+ if(!x509) {
+ failf(data, "SSL: failed retrieving server certificate");
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ x509_der = (const char *)CyaSSL_X509_get_der(x509, &x509_der_len);
+ if(!x509_der) {
+ failf(data, "SSL: failed retrieving ASN.1 server certificate");
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ memset(&x509_parsed, 0, sizeof x509_parsed);
+ if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len))
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+
+ pubkey = &x509_parsed.subjectPublicKeyInfo;
+ if(!pubkey->header || pubkey->end <= pubkey->header) {
+ failf(data, "SSL: failed retrieving public key from server certificate");
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ result = Curl_pin_peer_pubkey(data,
+ pinnedpubkey,
+ (const unsigned char *)pubkey->header,
+ (size_t)(pubkey->end - pubkey->header));
+ if(result) {
+ failf(data, "SSL: public key does not match pinned public key!");
+ return result;
+ }
+#else
+ failf(data, "Library lacks pinning support built-in");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ }
+
+#ifdef HAVE_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ int rc;
+ char *protocol = NULL;
+ unsigned short protocol_len = 0;
+
+ rc = wolfSSL_ALPN_GetProtocol(BACKEND->handle, &protocol, &protocol_len);
+
+ if(rc == SSL_SUCCESS) {
+ infof(data, "ALPN, server accepted to use %.*s\n", protocol_len,
+ protocol);
+
+ if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
+ !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+#ifdef USE_NGHTTP2
+ else if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN &&
+ !memcmp(protocol, NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN))
+ conn->negnpn = CURL_HTTP_VERSION_2;
+#endif
+ else
+ infof(data, "ALPN, unrecognized protocol %.*s\n", protocol_len,
+ protocol);
+ }
+ else if(rc == SSL_ALPN_NOT_FOUND)
+ infof(data, "ALPN, server did not agree to a protocol\n");
+ else {
+ failf(data, "ALPN, failure getting protocol, error %d", rc);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+#endif /* HAVE_ALPN */
+
+ connssl->connecting_state = ssl_connect_3;
+#if (LIBCYASSL_VERSION_HEX >= 0x03009010)
+ infof(data, "SSL connection using %s / %s\n",
+ wolfSSL_get_version(BACKEND->handle),
+ wolfSSL_get_cipher_name(BACKEND->handle));
+#else
+ infof(data, "SSL connected\n");
+#endif
+
+ return CURLE_OK;
+}
+
+
+static CURLcode
+cyassl_connect_step3(struct connectdata *conn,
+ int sockindex)
+{
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ bool incache;
+ SSL_SESSION *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
+
+ our_ssl_sessionid = SSL_get_session(BACKEND->handle);
+
+ Curl_ssl_sessionid_lock(conn);
+ incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
+ sockindex));
+ if(incache) {
+ if(old_ssl_sessionid != our_ssl_sessionid) {
+ infof(data, "old SSL session ID is stale, removing\n");
+ Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ incache = FALSE;
+ }
+ }
+
+ if(!incache) {
+ result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
+ 0 /* unknown size */, sockindex);
+ if(result) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "failed to store ssl session");
+ return result;
+ }
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ connssl->connecting_state = ssl_connect_done;
+
+ return result;
+}
+
+
+static ssize_t cyassl_send(struct connectdata *conn,
+ int sockindex,
+ const void *mem,
+ size_t len,
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ char error_buffer[CYASSL_MAX_ERROR_SZ];
+ int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
+ int rc = SSL_write(BACKEND->handle, mem, memlen);
+
+ if(rc < 0) {
+ int err = SSL_get_error(BACKEND->handle, rc);
+
+ switch(err) {
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ /* there's data pending, re-invoke SSL_write() */
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ default:
+ failf(conn->data, "SSL write: %s, errno %d",
+ ERR_error_string(err, error_buffer),
+ SOCKERRNO);
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ }
+ }
+ return rc;
+}
+
+static void Curl_cyassl_close(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ if(BACKEND->handle) {
+ (void)SSL_shutdown(BACKEND->handle);
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = NULL;
+ }
+ if(BACKEND->ctx) {
+ SSL_CTX_free(BACKEND->ctx);
+ BACKEND->ctx = NULL;
+ }
+}
+
+static ssize_t cyassl_recv(struct connectdata *conn,
+ int num,
+ char *buf,
+ size_t buffersize,
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[num];
+ char error_buffer[CYASSL_MAX_ERROR_SZ];
+ int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+ int nread = SSL_read(BACKEND->handle, buf, buffsize);
+
+ if(nread < 0) {
+ int err = SSL_get_error(BACKEND->handle, nread);
+
+ switch(err) {
+ case SSL_ERROR_ZERO_RETURN: /* no more data */
+ break;
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ /* there's data pending, re-invoke SSL_read() */
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ default:
+ failf(conn->data, "SSL read: %s, errno %d",
+ ERR_error_string(err, error_buffer),
+ SOCKERRNO);
+ *curlcode = CURLE_RECV_ERROR;
+ return -1;
+ }
+ }
+ return nread;
+}
+
+
+static void Curl_cyassl_session_free(void *ptr)
+{
+ (void)ptr;
+ /* CyaSSL reuses sessions on own, no free */
+}
+
+
+static size_t Curl_cyassl_version(char *buffer, size_t size)
+{
+#if LIBCYASSL_VERSION_HEX >= 0x03006000
+ return snprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version());
+#elif defined(WOLFSSL_VERSION)
+ return snprintf(buffer, size, "wolfSSL/%s", WOLFSSL_VERSION);
+#elif defined(CYASSL_VERSION)
+ return snprintf(buffer, size, "CyaSSL/%s", CYASSL_VERSION);
+#else
+ return snprintf(buffer, size, "CyaSSL/%s", "<1.8.8");
+#endif
+}
+
+
+static int Curl_cyassl_init(void)
+{
+ return (CyaSSL_Init() == SSL_SUCCESS);
+}
+
+
+static bool Curl_cyassl_data_pending(const struct connectdata* conn,
+ int connindex)
+{
+ const struct ssl_connect_data *connssl = &conn->ssl[connindex];
+ if(BACKEND->handle) /* SSL is in use */
+ return (0 != SSL_pending(BACKEND->handle)) ? TRUE : FALSE;
+ else
+ return FALSE;
+}
+
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+static int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
+{
+ int retval = 0;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ if(BACKEND->handle) {
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = NULL;
+ }
+ return retval;
+}
+
+
+static CURLcode
+cyassl_connect_common(struct connectdata *conn,
+ int sockindex,
+ bool nonblocking,
+ bool *done)
+{
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ curl_socket_t sockfd = conn->sock[sockindex];
+ time_t timeout_ms;
+ int what;
+
+ /* check if the connection has already been established */
+ if(ssl_connection_complete == connssl->state) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ if(ssl_connect_1 == connssl->connecting_state) {
+ /* Find out how much more time we're allowed */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ result = cyassl_connect_step1(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ while(ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state) {
+
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ /* if ssl is expecting something, check if it's available. */
+ if(connssl->connecting_state == ssl_connect_2_reading
+ || connssl->connecting_state == ssl_connect_2_writing) {
+
+ curl_socket_t writefd = ssl_connect_2_writing ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+ curl_socket_t readfd = ssl_connect_2_reading ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking?0:timeout_ms);
+ if(what < 0) {
+ /* fatal error */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else if(0 == what) {
+ if(nonblocking) {
+ *done = FALSE;
+ return CURLE_OK;
+ }
+ else {
+ /* timeout */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ }
+ /* socket is readable or writable */
+ }
+
+ /* Run transaction, and return to the caller if it failed or if
+ * this connection is part of a multi handle and this loop would
+ * execute again. This permits the owner of a multi handle to
+ * abort a connection attempt before step2 has completed while
+ * ensuring that a client using select() or epoll() will always
+ * have a valid fdset to wait on.
+ */
+ result = cyassl_connect_step2(conn, sockindex);
+ if(result || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return result;
+ } /* repeat step2 until all transactions are done. */
+
+ if(ssl_connect_3 == connssl->connecting_state) {
+ result = cyassl_connect_step3(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ if(ssl_connect_done == connssl->connecting_state) {
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = cyassl_recv;
+ conn->send[sockindex] = cyassl_send;
+ *done = TRUE;
+ }
+ else
+ *done = FALSE;
+
+ /* Reset our connect state machine */
+ connssl->connecting_state = ssl_connect_1;
+
+ return CURLE_OK;
+}
+
+
+static CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ return cyassl_connect_common(conn, sockindex, TRUE, done);
+}
+
+
+static CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+ bool done = FALSE;
+
+ result = cyassl_connect_common(conn, sockindex, FALSE, &done);
+ if(result)
+ return result;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_cyassl_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
+{
+ RNG rng;
+ (void)data;
+ if(InitRng(&rng))
+ return CURLE_FAILED_INIT;
+ if(length > UINT_MAX)
+ return CURLE_FAILED_INIT;
+ if(RNG_GenerateBlock(&rng, entropy, (unsigned)length))
+ return CURLE_FAILED_INIT;
+ return CURLE_OK;
+}
+
+static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum /* output */,
+ size_t unused)
+{
+ Sha256 SHA256pw;
+ (void)unused;
+ InitSha256(&SHA256pw);
+ Sha256Update(&SHA256pw, tmp, (word32)tmplen);
+ Sha256Final(&SHA256pw, sha256sum);
+}
+
+static void *Curl_cyassl_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return BACKEND->handle;
+}
+
+const struct Curl_ssl Curl_ssl_cyassl = {
+ { CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */
+
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+#ifdef KEEP_PEER_CERT
+ 1, /* have_pinnedpubkey */
+#else
+ 0, /* have_pinnedpubkey */
+#endif
+ 1, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_cyassl_init, /* init */
+ Curl_none_cleanup, /* cleanup */
+ Curl_cyassl_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ Curl_cyassl_shutdown, /* shutdown */
+ Curl_cyassl_data_pending, /* data_pending */
+ Curl_cyassl_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_cyassl_connect, /* connect */
+ Curl_cyassl_connect_nonblocking, /* connect_nonblocking */
+ Curl_cyassl_get_internals, /* get_internals */
+ Curl_cyassl_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_cyassl_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ Curl_cyassl_sha256sum /* sha256sum */
+};
+
+#endif
diff --git a/libs/libcurl/src/strequal.h b/libs/libcurl/src/vtls/cyassl.h
index 117a305b76..01e11cc23a 100644
--- a/libs/libcurl/src/strequal.h
+++ b/libs/libcurl/src/vtls/cyassl.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_STREQUAL_H
-#define HEADER_CURL_STREQUAL_H
+#ifndef HEADER_CURL_CYASSL_H
+#define HEADER_CURL_CYASSL_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -21,11 +21,11 @@
* KIND, either express or implied.
*
***************************************************************************/
+#include "curl_setup.h"
-#include <curl/curl.h>
+#ifdef USE_CYASSL
-#define strequal(a,b) curl_strequal(a,b)
-#define strnequal(a,b,c) curl_strnequal(a,b,c)
-
-#endif /* HEADER_CURL_STREQUAL_H */
+extern const struct Curl_ssl Curl_ssl_cyassl;
+#endif /* USE_CYASSL */
+#endif /* HEADER_CURL_CYASSL_H */
diff --git a/libs/libcurl/src/curl_darwinssl.c b/libs/libcurl/src/vtls/darwinssl.c
index 43fe053369..3169042240 100644
--- a/libs/libcurl/src/curl_darwinssl.c
+++ b/libs/libcurl/src/vtls/darwinssl.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012-2013, Nick Zitzmann, <nickzman@gmail.com>.
- * Copyright (C) 2012-2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,29 +22,42 @@
***************************************************************************/
/*
- * Source file for all iOS and Mac OS X SecureTransport-specific code for the
- * TLS/SSL layer. No code but sslgen.c should ever call or use these functions.
+ * Source file for all iOS and macOS SecureTransport-specific code for the
+ * TLS/SSL layer. No code but vtls.c should ever call or use these functions.
*/
#include "curl_setup.h"
+#include "urldata.h" /* for the Curl_easy definition */
+#include "curl_base64.h"
+#include "strtok.h"
+
#ifdef USE_DARWINSSL
+#ifdef __clang__
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wtautological-pointer-compare"
+#endif /* __clang__ */
+
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#include <Security/Security.h>
+/* For some reason, when building for iOS, the omnibus header above does
+ * not include SecureTransport.h as of iOS SDK 5.1. */
#include <Security/SecureTransport.h>
#include <CoreFoundation/CoreFoundation.h>
#include <CommonCrypto/CommonDigest.h>
-/* The Security framework has changed greatly between iOS and different OS X
+/* The Security framework has changed greatly between iOS and different macOS
versions, and we will try to support as many of them as we can (back to
Leopard and iOS 5) by using macros and weak-linking.
- IMPORTANT: If TLS 1.1 and 1.2 support are important for you on OS X, then
- you must build this project against the 10.8 SDK or later. */
+ In general, you want to build this using the most recent OS SDK, since some
+ features require curl to be built against the latest SDK. TLS 1.1 and 1.2
+ support, for instance, require the macOS 10.8 SDK or later. TLS 1.3
+ requires the macOS 10.13 or iOS 11 SDK or later. */
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
#if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
@@ -53,6 +66,7 @@
#define CURL_BUILD_IOS 0
#define CURL_BUILD_IOS_7 0
+#define CURL_BUILD_IOS_11 0
#define CURL_BUILD_MAC 1
/* This is the maximum API level we are allowed to use when building: */
#define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
@@ -60,10 +74,11 @@
#define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
#define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
#define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
+#define CURL_BUILD_MAC_10_13 MAC_OS_X_VERSION_MAX_ALLOWED >= 101300
/* These macros mean "the following code is present to allow runtime backward
compatibility with at least this cat or earlier":
- (You set this at build-time by setting the MACOSX_DEPLOYMENT_TARGET
- environmental variable.) */
+ (You set this at build-time using the compiler command line option
+ "-mmacos-version-min.") */
#define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
#define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
#define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
@@ -73,15 +88,19 @@
#elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
#define CURL_BUILD_IOS 1
#define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
+#define CURL_BUILD_IOS_11 __IPHONE_OS_VERSION_MAX_ALLOWED >= 110000
#define CURL_BUILD_MAC 0
#define CURL_BUILD_MAC_10_5 0
#define CURL_BUILD_MAC_10_6 0
#define CURL_BUILD_MAC_10_7 0
#define CURL_BUILD_MAC_10_8 0
+#define CURL_BUILD_MAC_10_9 0
+#define CURL_BUILD_MAC_10_13 0
#define CURL_SUPPORT_MAC_10_5 0
#define CURL_SUPPORT_MAC_10_6 0
#define CURL_SUPPORT_MAC_10_7 0
#define CURL_SUPPORT_MAC_10_8 0
+#define CURL_SUPPORT_MAC_10_9 0
#else
#error "The darwinssl back-end requires iOS or OS X."
@@ -96,11 +115,9 @@
#include "inet_pton.h"
#include "connect.h"
#include "select.h"
-#include "sslgen.h"
-#include "curl_darwinssl.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include "vtls.h"
+#include "darwinssl.h"
+#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
@@ -110,6 +127,63 @@
#define ioErr -36
#define paramErr -50
+struct ssl_backend_data {
+ SSLContextRef ssl_ctx;
+ curl_socket_t ssl_sockfd;
+ bool ssl_direction; /* true if writing, false if reading */
+ size_t ssl_write_buffered_length;
+};
+
+#define BACKEND connssl->backend
+
+/* pinned public key support tests */
+
+/* version 1 supports macOS 10.12+ and iOS 10+ */
+#if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \
+ (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
+#define DARWIN_SSL_PINNEDPUBKEY_V1 1
+#endif
+
+/* version 2 supports MacOSX 10.7+ */
+#if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
+#define DARWIN_SSL_PINNEDPUBKEY_V2 1
+#endif
+
+#if defined(DARWIN_SSL_PINNEDPUBKEY_V1) || defined(DARWIN_SSL_PINNEDPUBKEY_V2)
+/* this backend supports CURLOPT_PINNEDPUBLICKEY */
+#define DARWIN_SSL_PINNEDPUBKEY 1
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+
+#ifdef DARWIN_SSL_PINNEDPUBKEY
+/* both new and old APIs return rsa keys missing the spki header (not DER) */
+static const unsigned char rsa4096SpkiHeader[] = {
+ 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00};
+
+static const unsigned char rsa2048SpkiHeader[] = {
+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00};
+#ifdef DARWIN_SSL_PINNEDPUBKEY_V1
+/* the *new* version doesn't return DER encoded ecdsa certs like the old... */
+static const unsigned char ecDsaSecp256r1SpkiHeader[] = {
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00};
+
+static const unsigned char ecDsaSecp384r1SpkiHeader[] = {
+ 0x30, 0x76, 0x30, 0x10, 0x06, 0x07,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+ 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04,
+ 0x00, 0x22, 0x03, 0x62, 0x00};
+#endif /* DARWIN_SSL_PINNEDPUBKEY_V1 */
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+
/* The following two functions were ripped from Apple sample code,
* with some modifications: */
static OSStatus SocketRead(SSLConnectionRef connection,
@@ -123,7 +197,7 @@ static OSStatus SocketRead(SSLConnectionRef connection,
UInt8 *currData = (UInt8 *)data;
/*int sock = *(int *)connection;*/
struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
- int sock = connssl->ssl_sockfd;
+ int sock = BACKEND->ssl_sockfd;
OSStatus rtn = noErr;
size_t bytesRead;
ssize_t rrtn;
@@ -152,7 +226,7 @@ static OSStatus SocketRead(SSLConnectionRef connection,
break;
case EAGAIN:
rtn = errSSLWouldBlock;
- connssl->ssl_direction = false;
+ BACKEND->ssl_direction = false;
break;
default:
rtn = ioErr;
@@ -183,7 +257,7 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
size_t bytesSent = 0;
/*int sock = *(int *)connection;*/
struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
- int sock = connssl->ssl_sockfd;
+ int sock = BACKEND->ssl_sockfd;
ssize_t length;
size_t dataLen = *dataLength;
const UInt8 *dataPtr = (UInt8 *)data;
@@ -194,7 +268,7 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
do {
length = write(sock,
- (char*)dataPtr + bytesSent,
+ (char *)dataPtr + bytesSent,
dataLen - bytesSent);
} while((length > 0) &&
( (bytesSent += length) < dataLen) );
@@ -203,7 +277,7 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
theErr = errno;
if(theErr == EAGAIN) {
ortn = errSSLWouldBlock;
- connssl->ssl_direction = true;
+ BACKEND->ssl_direction = true;
}
else {
ortn = ioErr;
@@ -216,8 +290,10 @@ static OSStatus SocketWrite(SSLConnectionRef connection,
return ortn;
}
-CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher) {
- switch (cipher) {
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
+{
+ switch(cipher) {
/* SSL version 3.0 */
case SSL_RSA_WITH_NULL_MD5:
return "SSL_RSA_WITH_NULL_MD5";
@@ -361,7 +437,8 @@ CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher) {
return "SSL_NULL_WITH_NULL_NULL";
}
-CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
+CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
+{
switch(cipher) {
/* TLS 1.0 with AES (RFC 3268) */
case TLS_RSA_WITH_AES_128_CBC_SHA:
@@ -768,9 +845,34 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) {
return "TLS_RSA_PSK_WITH_NULL_SHA384";
break;
#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
+#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
+ /* New ChaCha20+Poly1305 cipher-suites used by TLS 1.3: */
+ case TLS_AES_128_GCM_SHA256:
+ return "TLS_AES_128_GCM_SHA256";
+ break;
+ case TLS_AES_256_GCM_SHA384:
+ return "TLS_AES_256_GCM_SHA384";
+ break;
+ case TLS_CHACHA20_POLY1305_SHA256:
+ return "TLS_CHACHA20_POLY1305_SHA256";
+ break;
+ case TLS_AES_128_CCM_SHA256:
+ return "TLS_AES_128_CCM_SHA256";
+ break;
+ case TLS_AES_128_CCM_8_SHA256:
+ return "TLS_AES_128_CCM_8_SHA256";
+ break;
+ case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+ return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
+ break;
+ case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+ return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
+ break;
+#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
}
return "TLS_NULL_WITH_NULL_NULL";
}
+#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
#if CURL_BUILD_MAC
CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
@@ -778,7 +880,8 @@ CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
int mib[2];
char *os_version;
size_t os_version_len;
- char *os_version_major, *os_version_minor/*, *os_version_point*/;
+ char *os_version_major, *os_version_minor;
+ char *tok_buf;
/* Get the Darwin kernel version from the kernel using sysctl(): */
mib[0] = CTL_KERN;
@@ -794,9 +897,8 @@ CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
}
/* Parse the version: */
- os_version_major = strtok(os_version, ".");
- os_version_minor = strtok(NULL, ".");
- /*os_version_point = strtok(NULL, ".");*/
+ os_version_major = strtok_r(os_version, ".", &tok_buf);
+ os_version_minor = strtok_r(NULL, ".", &tok_buf);
*major = atoi(os_version_major);
*minor = atoi(os_version_minor);
free(os_version);
@@ -807,7 +909,7 @@ CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
into a string. Some aren't available under iOS or newer cats. So here's
a unified function for getting a string describing the certificate that
ought to work in all cats starting with Leopard. */
-CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
+CF_INLINE CFStringRef getsubject(SecCertificateRef cert)
{
CFStringRef server_cert_summary = CFSTR("(null)");
@@ -834,7 +936,55 @@ CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
return server_cert_summary;
}
-#if CURL_SUPPORT_MAC_10_7
+static CURLcode CopyCertSubject(struct Curl_easy *data,
+ SecCertificateRef cert, char **certp)
+{
+ CFStringRef c = getsubject(cert);
+ CURLcode result = CURLE_OK;
+ const char *direct;
+ char *cbuf = NULL;
+ *certp = NULL;
+
+ if(!c) {
+ failf(data, "SSL: invalid CA certificate subject");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* If the subject is already available as UTF-8 encoded (ie 'direct') then
+ use that, else convert it. */
+ direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
+ if(direct) {
+ *certp = strdup(direct);
+ if(!*certp) {
+ failf(data, "SSL: out of memory");
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
+ else {
+ size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
+ cbuf = calloc(cbuf_size, 1);
+ if(cbuf) {
+ if(!CFStringGetCString(c, cbuf, cbuf_size,
+ kCFStringEncodingUTF8)) {
+ failf(data, "SSL: invalid CA certificate subject");
+ result = CURLE_SSL_CACERT;
+ }
+ else
+ /* pass back the buffer */
+ *certp = cbuf;
+ }
+ else {
+ failf(data, "SSL: couldn't allocate %zu bytes of memory", cbuf_size);
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
+ if(result)
+ free(cbuf);
+ CFRelease(c);
+ return result;
+}
+
+#if CURL_SUPPORT_MAC_10_6
/* The SecKeychainSearch API was deprecated in Lion, and using it will raise
deprecation warnings, so let's not compile this unless it's necessary: */
static OSStatus CopyIdentityWithLabelOldSchool(char *label,
@@ -874,7 +1024,7 @@ static OSStatus CopyIdentityWithLabelOldSchool(char *label,
CFRelease(search);
return status;
}
-#endif /* CURL_SUPPORT_MAC_10_7 */
+#endif /* CURL_SUPPORT_MAC_10_6 */
static OSStatus CopyIdentityWithLabel(char *label,
SecIdentityRef *out_cert_and_key)
@@ -882,12 +1032,17 @@ static OSStatus CopyIdentityWithLabel(char *label,
OSStatus status = errSecItemNotFound;
#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
+ CFArrayRef keys_list;
+ CFIndex keys_list_count;
+ CFIndex i;
+ CFStringRef common_name;
+
/* SecItemCopyMatching() was introduced in iOS and Snow Leopard.
kSecClassIdentity was introduced in Lion. If both exist, let's use them
to find the certificate. */
if(SecItemCopyMatching != NULL && kSecClassIdentity != NULL) {
- CFTypeRef keys[4];
- CFTypeRef values[4];
+ CFTypeRef keys[5];
+ CFTypeRef values[5];
CFDictionaryRef query_dict;
CFStringRef label_cf = CFStringCreateWithCString(NULL, label,
kCFStringEncodingUTF8);
@@ -897,29 +1052,68 @@ static OSStatus CopyIdentityWithLabel(char *label,
keys[0] = kSecClass;
values[1] = kCFBooleanTrue; /* we want a reference */
keys[1] = kSecReturnRef;
- values[2] = kSecMatchLimitOne; /* one is enough, thanks */
+ values[2] = kSecMatchLimitAll; /* kSecMatchLimitOne would be better if the
+ * label matching below worked correctly */
keys[2] = kSecMatchLimit;
/* identity searches need a SecPolicyRef in order to work */
- values[3] = SecPolicyCreateSSL(false, label_cf);
+ values[3] = SecPolicyCreateSSL(false, NULL);
keys[3] = kSecMatchPolicy;
+ /* match the name of the certificate (doesn't work in macOS 10.12.1) */
+ values[4] = label_cf;
+ keys[4] = kSecAttrLabel;
query_dict = CFDictionaryCreate(NULL, (const void **)keys,
- (const void **)values, 4L,
- &kCFCopyStringDictionaryKeyCallBacks,
- &kCFTypeDictionaryValueCallBacks);
+ (const void **)values, 5L,
+ &kCFCopyStringDictionaryKeyCallBacks,
+ &kCFTypeDictionaryValueCallBacks);
CFRelease(values[3]);
- CFRelease(label_cf);
/* Do we have a match? */
- status = SecItemCopyMatching(query_dict, (CFTypeRef *)out_cert_and_key);
+ status = SecItemCopyMatching(query_dict, (CFTypeRef *) &keys_list);
+
+ /* Because kSecAttrLabel matching doesn't work with kSecClassIdentity,
+ * we need to find the correct identity ourselves */
+ if(status == noErr) {
+ keys_list_count = CFArrayGetCount(keys_list);
+ *out_cert_and_key = NULL;
+ status = 1;
+ for(i = 0; i<keys_list_count; i++) {
+ OSStatus err = noErr;
+ SecCertificateRef cert = NULL;
+ SecIdentityRef identity =
+ (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
+ err = SecIdentityCopyCertificate(identity, &cert);
+ if(err == noErr) {
+#if CURL_BUILD_IOS
+ common_name = SecCertificateCopySubjectSummary(cert);
+#elif CURL_BUILD_MAC_10_7
+ SecCertificateCopyCommonName(cert, &common_name);
+#endif
+ if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
+ CFRelease(cert);
+ CFRelease(common_name);
+ CFRetain(identity);
+ *out_cert_and_key = identity;
+ status = noErr;
+ break;
+ }
+ CFRelease(common_name);
+ }
+ CFRelease(cert);
+ }
+ }
+
+ if(keys_list)
+ CFRelease(keys_list);
CFRelease(query_dict);
+ CFRelease(label_cf);
}
else {
-#if CURL_SUPPORT_MAC_10_7
+#if CURL_SUPPORT_MAC_10_6
/* On Leopard and Snow Leopard, fall back to SecKeychainSearch. */
status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
-#endif /* CURL_SUPPORT_MAC_10_7 */
+#endif /* CURL_SUPPORT_MAC_10_6 */
}
-#elif CURL_SUPPORT_MAC_10_7
+#elif CURL_SUPPORT_MAC_10_6
/* For developers building on older cats, we have no choice but to fall back
to SecKeychainSearch. */
status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
@@ -938,8 +1132,10 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
cPassword, kCFStringEncodingUTF8) : NULL;
CFDataRef pkcs_data = NULL;
- /* We can import P12 files on iOS or OS X 10.6 or later: */
-#if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
+ /* We can import P12 files on iOS or OS X 10.7 or later: */
+ /* These constants are documented as having first appeared in 10.6 but they
+ raise linker errors when used on that cat for some reason. */
+#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
if(CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data,
NULL, NULL, &status)) {
const void *cKeys[] = {kSecImportExportPassphrase};
@@ -950,7 +1146,7 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
/* Here we go: */
status = SecPKCS12Import(pkcs_data, options, &items);
- if(status == noErr) {
+ if(status == errSecSuccess && items && CFArrayGetCount(items)) {
CFDictionaryRef identity_and_trust = CFArrayGetValueAtIndex(items, 0L);
const void *temp_identity = CFDictionaryGetValue(identity_and_trust,
kSecImportItemIdentity);
@@ -958,12 +1154,14 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
/* Retain the identity; we don't care about any other data... */
CFRetain(temp_identity);
*out_cert_and_key = (SecIdentityRef)temp_identity;
- CFRelease(items);
}
+
+ if(items)
+ CFRelease(items);
CFRelease(options);
CFRelease(pkcs_data);
}
-#endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
+#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
if(password)
CFRelease(password);
CFRelease(pkcs_url);
@@ -989,12 +1187,146 @@ CF_INLINE bool is_file(const char *filename)
return false;
}
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
+static CURLcode darwinssl_version_from_curl(SSLProtocol *darwinver,
+ long ssl_version)
+{
+ switch(ssl_version) {
+ case CURL_SSLVERSION_TLSv1_0:
+ *darwinver = kTLSProtocol1;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_1:
+ *darwinver = kTLSProtocol11;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_2:
+ *darwinver = kTLSProtocol12;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_3:
+ /* TLS 1.3 support first appeared in iOS 11 and macOS 10.13 */
+#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
+ /* We can assume __builtin_available() will always work in the
+ 10.13/11.0 SDK: */
+ if(__builtin_available(macOS 10.13, iOS 11.0, *)) {
+ *darwinver = kTLSProtocol13;
+ return CURLE_OK;
+ }
+#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
+ break;
+ }
+ return CURLE_SSL_CONNECT_ERROR;
+}
+#endif
+
+static CURLcode
+set_ssl_version_min_max(struct connectdata *conn, int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ long max_supported_version_by_os;
+
+ /* macOS 10.5-10.7 supported TLS 1.0 only.
+ macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2.
+ macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */
+#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
+ if(__builtin_available(macOS 10.13, iOS 11.0, *)) {
+ max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_3;
+ }
+ else {
+ max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2;
+ }
+#else
+ max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2;
+#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ ssl_version = CURL_SSLVERSION_TLSv1_0;
+ ssl_version_max = max_supported_version_by_os;
+ break;
+ }
+
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ ssl_version_max = ssl_version << 16;
+ break;
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ ssl_version_max = max_supported_version_by_os;
+ break;
+ }
+
+#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
+ if(SSLSetProtocolVersionMax != NULL) {
+ SSLProtocol darwin_ver_min = kTLSProtocol1;
+ SSLProtocol darwin_ver_max = kTLSProtocol1;
+ CURLcode result = darwinssl_version_from_curl(&darwin_ver_min,
+ ssl_version);
+ if(result) {
+ failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+ result = darwinssl_version_from_curl(&darwin_ver_max,
+ ssl_version_max >> 16);
+ if(result) {
+ failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+
+ (void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, darwin_ver_min);
+ (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, darwin_ver_max);
+ return result;
+ }
+ else {
+#if CURL_SUPPORT_MAC_10_8
+ long i = ssl_version;
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kSSLProtocolAll,
+ false);
+ for(; i <= (ssl_version_max >> 16); i++) {
+ switch(i) {
+ case CURL_SSLVERSION_TLSv1_0:
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kTLSProtocol1,
+ true);
+ break;
+ case CURL_SSLVERSION_TLSv1_1:
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kTLSProtocol11,
+ true);
+ break;
+ case CURL_SSLVERSION_TLSv1_2:
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kTLSProtocol12,
+ true);
+ break;
+ case CURL_SSLVERSION_TLSv1_3:
+ failf(data, "Your version of the OS does not support TLSv1.3");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+ return CURLE_OK;
+#endif /* CURL_SUPPORT_MAC_10_8 */
+ }
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
+ failf(data, "DarwinSSL: cannot set SSL protocol");
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
+
static CURLcode darwinssl_connect_step1(struct connectdata *conn,
int sockindex)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+ char * const ssl_cert = SSL_SET_OPTION(cert);
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
#ifdef ENABLE_IPV6
struct in6_addr addr;
#else
@@ -1002,8 +1334,6 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#endif /* ENABLE_IPV6 */
size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
- char *ssl_sessionid;
- size_t ssl_sessionid_len;
OSStatus err = noErr;
#if CURL_BUILD_MAC
int darwinver_maj = 0, darwinver_min = 0;
@@ -1013,10 +1343,10 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
if(SSLCreateContext != NULL) { /* use the newer API if avaialble */
- if(connssl->ssl_ctx)
- CFRelease(connssl->ssl_ctx);
- connssl->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
- if(!connssl->ssl_ctx) {
+ if(BACKEND->ssl_ctx)
+ CFRelease(BACKEND->ssl_ctx);
+ BACKEND->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
+ if(!BACKEND->ssl_ctx) {
failf(data, "SSL: couldn't create a context!");
return CURLE_OUT_OF_MEMORY;
}
@@ -1024,9 +1354,9 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
else {
/* The old ST API does not exist under iOS, so don't compile it: */
#if CURL_SUPPORT_MAC_10_8
- if(connssl->ssl_ctx)
- (void)SSLDisposeContext(connssl->ssl_ctx);
- err = SSLNewContext(false, &(connssl->ssl_ctx));
+ if(BACKEND->ssl_ctx)
+ (void)SSLDisposeContext(BACKEND->ssl_ctx);
+ err = SSLNewContext(false, &(BACKEND->ssl_ctx));
if(err != noErr) {
failf(data, "SSL: couldn't create a context: OSStatus %d", err);
return CURLE_OUT_OF_MEMORY;
@@ -1034,108 +1364,104 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#endif /* CURL_SUPPORT_MAC_10_8 */
}
#else
- if(connssl->ssl_ctx)
- (void)SSLDisposeContext(connssl->ssl_ctx);
- err = SSLNewContext(false, &(connssl->ssl_ctx));
+ if(BACKEND->ssl_ctx)
+ (void)SSLDisposeContext(BACKEND->ssl_ctx);
+ err = SSLNewContext(false, &(BACKEND->ssl_ctx));
if(err != noErr) {
failf(data, "SSL: couldn't create a context: OSStatus %d", err);
return CURLE_OUT_OF_MEMORY;
}
#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
- connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */
+ BACKEND->ssl_write_buffered_length = 0UL; /* reset buffered write length */
/* check to see if we've been told to use an explicit SSL/TLS version */
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
if(SSLSetProtocolVersionMax != NULL) {
- switch(data->set.ssl.version) {
- case CURL_SSLVERSION_DEFAULT: default:
- (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
- (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
- break;
- case CURL_SSLVERSION_TLSv1:
- (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
- (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
- break;
- case CURL_SSLVERSION_SSLv3:
- (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
- (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3);
+ switch(conn->ssl_config.version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ (void)SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kTLSProtocol1);
+#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
+ if(__builtin_available(macOS 10.13, iOS 11.0, *)) {
+ (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol13);
+ }
+ else {
+ (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol12);
+ }
+#else
+ (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kTLSProtocol12);
+#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ {
+ CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ if(result != CURLE_OK)
+ return result;
break;
- case CURL_SSLVERSION_SSLv2:
- err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2);
- if(err != noErr) {
- failf(data, "Your version of the OS does not support SSLv2");
- return CURLE_SSL_CONNECT_ERROR;
- }
- (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2);
+ }
+ case CURL_SSLVERSION_SSLv3:
+ err = SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kSSLProtocol3);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv3");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kSSLProtocol3);
+ break;
+ case CURL_SSLVERSION_SSLv2:
+ err = SSLSetProtocolVersionMin(BACKEND->ssl_ctx, kSSLProtocol2);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ (void)SSLSetProtocolVersionMax(BACKEND->ssl_ctx, kSSLProtocol2);
+ break;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
}
}
else {
#if CURL_SUPPORT_MAC_10_8
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
kSSLProtocolAll,
false);
- switch (data->set.ssl.version) {
- case CURL_SSLVERSION_DEFAULT: default:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kSSLProtocol3,
- true);
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kTLSProtocol1,
- true);
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kTLSProtocol11,
- true);
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kTLSProtocol12,
- true);
- break;
- case CURL_SSLVERSION_TLSv1:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kTLSProtocol1,
- true);
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kTLSProtocol11,
- true);
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kTLSProtocol12,
- true);
- break;
- case CURL_SSLVERSION_SSLv3:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kSSLProtocol3,
- true);
- break;
- case CURL_SSLVERSION_SSLv2:
- err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kSSLProtocol2,
- true);
- if(err != noErr) {
- failf(data, "Your version of the OS does not support SSLv2");
- return CURLE_SSL_CONNECT_ERROR;
- }
- break;
- }
-#endif /* CURL_SUPPORT_MAC_10_8 */
- }
-#else
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
- switch(data->set.ssl.version) {
- default:
+ switch(conn->ssl_config.version) {
case CURL_SSLVERSION_DEFAULT:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kSSLProtocol3,
- true);
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ case CURL_SSLVERSION_TLSv1:
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
kTLSProtocol1,
true);
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kTLSProtocol11,
+ true);
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kTLSProtocol12,
+ true);
break;
- case CURL_SSLVERSION_TLSv1:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kTLSProtocol1,
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ {
+ CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ if(result != CURLE_OK)
+ return result;
+ break;
+ }
+ case CURL_SSLVERSION_SSLv3:
+ err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kSSLProtocol3,
true);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv3");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
break;
case CURL_SSLVERSION_SSLv2:
- err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+ err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
kSSLProtocol2,
true);
if(err != noErr) {
@@ -1143,43 +1469,89 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
return CURLE_SSL_CONNECT_ERROR;
}
break;
- case CURL_SSLVERSION_SSLv3:
- (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
- kSSLProtocol3,
- true);
- break;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+#endif /* CURL_SUPPORT_MAC_10_8 */
+ }
+#else
+ if(conn->ssl_config.version_max != CURL_SSLVERSION_MAX_NONE) {
+ failf(data, "Your version of the OS does not support to set maximum"
+ " SSL/TLS version");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx, kSSLProtocolAll, false);
+ switch(conn->ssl_config.version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ case CURL_SSLVERSION_TLSv1_0:
+ (void)SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kTLSProtocol1,
+ true);
+ break;
+ case CURL_SSLVERSION_TLSv1_1:
+ failf(data, "Your version of the OS does not support TLSv1.1");
+ return CURLE_SSL_CONNECT_ERROR;
+ case CURL_SSLVERSION_TLSv1_2:
+ failf(data, "Your version of the OS does not support TLSv1.2");
+ return CURLE_SSL_CONNECT_ERROR;
+ case CURL_SSLVERSION_TLSv1_3:
+ failf(data, "Your version of the OS does not support TLSv1.3");
+ return CURLE_SSL_CONNECT_ERROR;
+ case CURL_SSLVERSION_SSLv2:
+ err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kSSLProtocol2,
+ true);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ break;
+ case CURL_SSLVERSION_SSLv3:
+ err = SSLSetProtocolVersionEnabled(BACKEND->ssl_ctx,
+ kSSLProtocol3,
+ true);
+ if(err != noErr) {
+ failf(data, "Your version of the OS does not support SSLv3");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ break;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
}
#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
- if(data->set.str[STRING_KEY]) {
+ if(SSL_SET_OPTION(key)) {
infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
- "Transport. The private key must be in the Keychain.\n");
+ "Transport. The private key must be in the Keychain.\n");
}
- if(data->set.str[STRING_CERT]) {
+ if(ssl_cert) {
SecIdentityRef cert_and_key = NULL;
- bool is_cert_file = is_file(data->set.str[STRING_CERT]);
+ bool is_cert_file = is_file(ssl_cert);
/* User wants to authenticate with a client cert. Look for it:
If we detect that this is a file on disk, then let's load it.
Otherwise, assume that the user wants to use an identity loaded
from the Keychain. */
if(is_cert_file) {
- if(!data->set.str[STRING_CERT_TYPE])
+ if(!SSL_SET_OPTION(cert_type))
infof(data, "WARNING: SSL: Certificate type not set, assuming "
"PKCS#12 format.\n");
- else if(strncmp(data->set.str[STRING_CERT_TYPE], "P12",
- strlen(data->set.str[STRING_CERT_TYPE])) != 0)
+ else if(strncmp(SSL_SET_OPTION(cert_type), "P12",
+ strlen(SSL_SET_OPTION(cert_type))) != 0)
infof(data, "WARNING: SSL: The Security framework only supports "
"loading identities that are in PKCS#12 format.\n");
- err = CopyIdentityFromPKCS12File(data->set.str[STRING_CERT],
- data->set.str[STRING_KEY_PASSWD], &cert_and_key);
+ err = CopyIdentityFromPKCS12File(ssl_cert,
+ SSL_SET_OPTION(key_passwd), &cert_and_key);
}
else
- err = CopyIdentityWithLabel(data->set.str[STRING_CERT], &cert_and_key);
+ err = CopyIdentityWithLabel(ssl_cert, &cert_and_key);
- if(err == noErr) {
+ if(err == noErr && cert_and_key) {
SecCertificateRef cert = NULL;
CFTypeRef certs_c[1];
CFArrayRef certs;
@@ -1187,25 +1559,21 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
/* If we found one, print it out: */
err = SecIdentityCopyCertificate(cert_and_key, &cert);
if(err == noErr) {
- CFStringRef cert_summary = CopyCertSubject(cert);
- char cert_summary_c[128];
-
- if(cert_summary) {
- memset(cert_summary_c, 0, 128);
- if(CFStringGetCString(cert_summary,
- cert_summary_c,
- 128,
- kCFStringEncodingUTF8)) {
- infof(data, "Client certificate: %s\n", cert_summary_c);
- }
- CFRelease(cert_summary);
- CFRelease(cert);
+ char *certp;
+ CURLcode result = CopyCertSubject(data, cert, &certp);
+ if(!result) {
+ infof(data, "Client certificate: %s\n", certp);
+ free(certp);
}
+
+ CFRelease(cert);
+ if(result)
+ return result;
}
certs_c[0] = cert_and_key;
certs = CFArrayCreate(NULL, (const void **)certs_c, 1L,
&kCFTypeArrayCallBacks);
- err = SSLSetCertificate(connssl->ssl_ctx, certs);
+ err = SSLSetCertificate(BACKEND->ssl_ctx, certs);
if(certs)
CFRelease(certs);
if(err != noErr) {
@@ -1216,27 +1584,27 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
}
else {
switch(err) {
- case errSecPkcs12VerifyFailure: case errSecAuthFailed:
- failf(data, "SSL: Incorrect password for the certificate \"%s\" "
- "and its private key.", data->set.str[STRING_CERT]);
- break;
- case errSecDecode: case errSecUnknownFormat:
- failf(data, "SSL: Couldn't make sense of the data in the "
- "certificate \"%s\" and its private key.",
- data->set.str[STRING_CERT]);
- break;
- case errSecPassphraseRequired:
- failf(data, "SSL The certificate \"%s\" requires a password.",
- data->set.str[STRING_CERT]);
- break;
- case errSecItemNotFound:
- failf(data, "SSL: Can't find the certificate \"%s\" and its private "
- "key in the Keychain.", data->set.str[STRING_CERT]);
- break;
- default:
- failf(data, "SSL: Can't load the certificate \"%s\" and its private "
- "key: OSStatus %d", data->set.str[STRING_CERT], err);
- break;
+ case errSecAuthFailed: case -25264: /* errSecPkcs12VerifyFailure */
+ failf(data, "SSL: Incorrect password for the certificate \"%s\" "
+ "and its private key.", ssl_cert);
+ break;
+ case -26275: /* errSecDecode */ case -25257: /* errSecUnknownFormat */
+ failf(data, "SSL: Couldn't make sense of the data in the "
+ "certificate \"%s\" and its private key.",
+ ssl_cert);
+ break;
+ case -25260: /* errSecPassphraseRequired */
+ failf(data, "SSL The certificate \"%s\" requires a password.",
+ ssl_cert);
+ break;
+ case errSecItemNotFound:
+ failf(data, "SSL: Can't find the certificate \"%s\" and its private "
+ "key in the Keychain.", ssl_cert);
+ break;
+ default:
+ failf(data, "SSL: Can't load the certificate \"%s\" and its private "
+ "key: OSStatus %d", ssl_cert, err);
+ break;
}
return CURLE_SSL_CERTPROBLEM;
}
@@ -1249,20 +1617,28 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
/* Snow Leopard introduced the SSLSetSessionOption() function, but due to
a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
- works, it doesn't work as expected under Snow Leopard or Lion.
+ works, it doesn't work as expected under Snow Leopard, Lion or
+ Mountain Lion.
So we need to call SSLSetEnableCertVerify() on those older cats in order
to disable certificate validation if the user turned that off.
(SecureTransport will always validate the certificate chain by
- default.) */
- /* (Note: Darwin 12.x.x is Mountain Lion.) */
+ default.)
+ Note:
+ Darwin 11.x.x is Lion (10.7)
+ Darwin 12.x.x is Mountain Lion (10.8)
+ Darwin 13.x.x is Mavericks (10.9)
+ Darwin 14.x.x is Yosemite (10.10)
+ Darwin 15.x.x is El Capitan (10.11)
+ */
#if CURL_BUILD_MAC
- if(SSLSetSessionOption != NULL && darwinver_maj >= 12) {
+ if(SSLSetSessionOption != NULL && darwinver_maj >= 13) {
#else
if(SSLSetSessionOption != NULL) {
#endif /* CURL_BUILD_MAC */
- err = SSLSetSessionOption(connssl->ssl_ctx,
+ bool break_on_auth = !conn->ssl_config.verifypeer || ssl_cafile;
+ err = SSLSetSessionOption(BACKEND->ssl_ctx,
kSSLSessionOptionBreakOnServerAuth,
- data->set.ssl.verifypeer?false:true);
+ break_on_auth);
if(err != noErr) {
failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
@@ -1270,8 +1646,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
}
else {
#if CURL_SUPPORT_MAC_10_8
- err = SSLSetEnableCertVerify(connssl->ssl_ctx,
- data->set.ssl.verifypeer?true:false);
+ err = SSLSetEnableCertVerify(BACKEND->ssl_ctx,
+ conn->ssl_config.verifypeer?true:false);
if(err != noErr) {
failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
@@ -1279,28 +1655,46 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#endif /* CURL_SUPPORT_MAC_10_8 */
}
#else
- err = SSLSetEnableCertVerify(connssl->ssl_ctx,
- data->set.ssl.verifypeer?true:false);
+ err = SSLSetEnableCertVerify(BACKEND->ssl_ctx,
+ conn->ssl_config.verifypeer?true:false);
if(err != noErr) {
failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
}
#endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
- /* If this is a domain name and not an IP address, then configure SNI.
+ if(ssl_cafile && verifypeer) {
+ bool is_cert_file = is_file(ssl_cafile);
+
+ if(!is_cert_file) {
+ failf(data, "SSL: can't load CA certificate file %s", ssl_cafile);
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ }
+
+ /* Configure hostname check. SNI is used if available.
+ * Both hostname check and SNI require SSLSetPeerDomainName().
* Also: the verifyhost setting influences SNI usage */
- /* If this is a domain name and not an IP address, then configure SNI: */
- if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
-#ifdef ENABLE_IPV6
- (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
-#endif
- data->set.ssl.verifyhost) {
- err = SSLSetPeerDomainName(connssl->ssl_ctx, conn->host.name,
- strlen(conn->host.name));
+ if(conn->ssl_config.verifyhost) {
+ err = SSLSetPeerDomainName(BACKEND->ssl_ctx, hostname,
+ strlen(hostname));
+
if(err != noErr) {
infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d\n",
err);
}
+
+ if((Curl_inet_pton(AF_INET, hostname, &addr))
+ #ifdef ENABLE_IPV6
+ || (Curl_inet_pton(AF_INET6, hostname, &addr))
+ #endif
+ ) {
+ infof(data, "WARNING: using IP address, SNI is being disabled by "
+ "the OS.\n");
+ }
+ }
+ else {
+ infof(data, "WARNING: disabling hostname validation also disables SNI.\n");
}
/* Disable cipher suites that ST supports but are not safe. These ciphers
@@ -1308,11 +1702,11 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
higher priority, but it's probably better that we not connect at all than
to give the user a false sense of security if the server only supports
insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */
- (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count);
+ (void)SSLGetNumberSupportedCiphers(BACKEND->ssl_ctx, &all_ciphers_count);
all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
if(all_ciphers && allowed_ciphers &&
- SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers,
+ SSLGetSupportedCiphers(BACKEND->ssl_ctx, all_ciphers,
&all_ciphers_count) == noErr) {
for(i = 0UL ; i < all_ciphers_count ; i++) {
#if CURL_BUILD_MAC
@@ -1322,7 +1716,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
running in an affected version of OS X. */
if(darwinver_maj == 12 && darwinver_min <= 3 &&
all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) {
- continue;
+ continue;
}
#endif /* CURL_BUILD_MAC */
switch(all_ciphers[i]) {
@@ -1378,13 +1772,23 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
/* Disable IDEA: */
case SSL_RSA_WITH_IDEA_CBC_SHA:
case SSL_RSA_WITH_IDEA_CBC_MD5:
+ /* Disable RC4: */
+ case SSL_RSA_WITH_RC4_128_MD5:
+ case SSL_RSA_WITH_RC4_128_SHA:
+ case 0xC002: /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
+ case 0xC007: /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA*/
+ case 0xC00C: /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
+ case 0xC011: /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
+ case 0x008A: /* TLS_PSK_WITH_RC4_128_SHA */
+ case 0x008E: /* TLS_DHE_PSK_WITH_RC4_128_SHA */
+ case 0x0092: /* TLS_RSA_PSK_WITH_RC4_128_SHA */
break;
default: /* enable everything else */
allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
break;
}
}
- err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers,
+ err = SSLSetEnabledCiphers(BACKEND->ssl_ctx, allowed_ciphers,
allowed_ciphers_count);
if(err != noErr) {
failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
@@ -1403,43 +1807,60 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
/* We want to enable 1/n-1 when using a CBC cipher unless the user
specifically doesn't want us doing that: */
- SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
- !data->set.ssl_enable_beast);
+ if(SSLSetSessionOption != NULL) {
+ /* TODO s/data->set.ssl.enable_beast/SSL_SET_OPTION(enable_beast)/g */
+ SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
+ !data->set.ssl.enable_beast);
+ SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionFalseStart,
+ data->set.ssl.falsestart); /* false start support */
+ }
#endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
/* Check if there's a cached ID we can/should use here! */
- if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
- &ssl_sessionid_len)) {
- /* we got a session id, use it! */
- err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
- if(err != noErr) {
- failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
- return CURLE_SSL_CONNECT_ERROR;
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ char *ssl_sessionid;
+ size_t ssl_sessionid_len;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
+ &ssl_sessionid_len, sockindex)) {
+ /* we got a session id, use it! */
+ err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
+ Curl_ssl_sessionid_unlock(conn);
+ if(err != noErr) {
+ failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ /* Informational message */
+ infof(data, "SSL re-using session ID\n");
}
- /* Informational message */
- infof(data, "SSL re-using session ID\n");
- }
- /* If there isn't one, then let's make one up! This has to be done prior
- to starting the handshake. */
- else {
- CURLcode retcode;
+ /* If there isn't one, then let's make one up! This has to be done prior
+ to starting the handshake. */
+ else {
+ CURLcode result;
+ ssl_sessionid =
+ aprintf("%s:%d:%d:%s:%hu", ssl_cafile,
+ verifypeer, SSL_CONN_CONFIG(verifyhost), hostname, port);
+ ssl_sessionid_len = strlen(ssl_sessionid);
- ssl_sessionid = malloc(256*sizeof(char));
- ssl_sessionid_len = snprintf(ssl_sessionid, 256, "curl:%s:%hu",
- conn->host.name, conn->remote_port);
- err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
- if(err != noErr) {
- failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
- return CURLE_SSL_CONNECT_ERROR;
- }
- retcode = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len);
- if(retcode!= CURLE_OK) {
- failf(data, "failed to store ssl session");
- return retcode;
+ err = SSLSetPeerID(BACKEND->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
+ if(err != noErr) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len,
+ sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(result) {
+ failf(data, "failed to store ssl session");
+ return result;
+ }
}
}
- err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
+ err = SSLSetIOFuncs(BACKEND->ssl_ctx, SocketRead, SocketWrite);
if(err != noErr) {
failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
@@ -1449,8 +1870,8 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
/* We need to store the FD in a constant memory address, because
* SSLSetConnection() will not copy that address. I've found that
* conn->sock[sockindex] may change on its own. */
- connssl->ssl_sockfd = sockfd;
- err = SSLSetConnection(connssl->ssl_ctx, connssl);
+ BACKEND->ssl_sockfd = sockfd;
+ err = SSLSetConnection(BACKEND->ssl_ctx, connssl);
if(err != noErr) {
failf(data, "SSL: SSLSetConnection() failed: %d", err);
return CURLE_SSL_CONNECT_ERROR;
@@ -1460,32 +1881,422 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
return CURLE_OK;
}
+static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
+{
+ char *sep_start, *sep_end, *cert_start, *cert_end;
+ size_t i, j, err;
+ size_t len;
+ unsigned char *b64;
+
+ /* Jump through the separators at the beginning of the certificate. */
+ sep_start = strstr(in, "-----");
+ if(sep_start == NULL)
+ return 0;
+ cert_start = strstr(sep_start + 1, "-----");
+ if(cert_start == NULL)
+ return -1;
+
+ cert_start += 5;
+
+ /* Find separator after the end of the certificate. */
+ cert_end = strstr(cert_start, "-----");
+ if(cert_end == NULL)
+ return -1;
+
+ sep_end = strstr(cert_end + 1, "-----");
+ if(sep_end == NULL)
+ return -1;
+ sep_end += 5;
+
+ len = cert_end - cert_start;
+ b64 = malloc(len + 1);
+ if(!b64)
+ return -1;
+
+ /* Create base64 string without linefeeds. */
+ for(i = 0, j = 0; i < len; i++) {
+ if(cert_start[i] != '\r' && cert_start[i] != '\n')
+ b64[j++] = cert_start[i];
+ }
+ b64[j] = '\0';
+
+ err = Curl_base64_decode((const char *)b64, out, outlen);
+ free(b64);
+ if(err) {
+ free(*out);
+ return -1;
+ }
+
+ return sep_end - in;
+}
+
+static int read_cert(const char *file, unsigned char **out, size_t *outlen)
+{
+ int fd;
+ ssize_t n, len = 0, cap = 512;
+ unsigned char buf[512], *data;
+
+ fd = open(file, 0);
+ if(fd < 0)
+ return -1;
+
+ data = malloc(cap);
+ if(!data) {
+ close(fd);
+ return -1;
+ }
+
+ for(;;) {
+ n = read(fd, buf, sizeof(buf));
+ if(n < 0) {
+ close(fd);
+ free(data);
+ return -1;
+ }
+ else if(n == 0) {
+ close(fd);
+ break;
+ }
+
+ if(len + n >= cap) {
+ cap *= 2;
+ data = realloc(data, cap);
+ if(!data) {
+ close(fd);
+ return -1;
+ }
+ }
+
+ memcpy(data + len, buf, n);
+ len += n;
+ }
+ data[len] = '\0';
+
+ *out = data;
+ *outlen = len;
+
+ return 0;
+}
+
+static int sslerr_to_curlerr(struct Curl_easy *data, int err)
+{
+ switch(err) {
+ case errSSLXCertChainInvalid:
+ failf(data, "SSL certificate problem: Invalid certificate chain");
+ return CURLE_SSL_CACERT;
+ case errSSLUnknownRootCert:
+ failf(data, "SSL certificate problem: Untrusted root certificate");
+ return CURLE_SSL_CACERT;
+ case errSSLNoRootCert:
+ failf(data, "SSL certificate problem: No root certificate");
+ return CURLE_SSL_CACERT;
+ case errSSLCertExpired:
+ failf(data, "SSL certificate problem: Certificate chain had an "
+ "expired certificate");
+ return CURLE_SSL_CACERT;
+ case errSSLBadCert:
+ failf(data, "SSL certificate problem: Couldn't understand the server "
+ "certificate format");
+ return CURLE_SSL_CONNECT_ERROR;
+ case errSSLHostNameMismatch:
+ failf(data, "SSL certificate peer hostname mismatch");
+ return CURLE_PEER_FAILED_VERIFICATION;
+ default:
+ failf(data, "SSL unexpected certificate error %d", err);
+ return CURLE_SSL_CACERT;
+ }
+}
+
+static int append_cert_to_array(struct Curl_easy *data,
+ unsigned char *buf, size_t buflen,
+ CFMutableArrayRef array)
+{
+ CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
+ char *certp;
+ CURLcode result;
+ if(!certdata) {
+ failf(data, "SSL: failed to allocate array for CA certificate");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ SecCertificateRef cacert =
+ SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
+ CFRelease(certdata);
+ if(!cacert) {
+ failf(data, "SSL: failed to create SecCertificate from CA certificate");
+ return CURLE_SSL_CACERT;
+ }
+
+ /* Check if cacert is valid. */
+ result = CopyCertSubject(data, cacert, &certp);
+ if(result)
+ return result;
+ free(certp);
+
+ CFArrayAppendValue(array, cacert);
+ CFRelease(cacert);
+
+ return CURLE_OK;
+}
+
+static int verify_cert(const char *cafile, struct Curl_easy *data,
+ SSLContextRef ctx)
+{
+ int n = 0, rc;
+ long res;
+ unsigned char *certbuf, *der;
+ size_t buflen, derlen, offset = 0;
+
+ if(read_cert(cafile, &certbuf, &buflen) < 0) {
+ failf(data, "SSL: failed to read or invalid CA certificate");
+ return CURLE_SSL_CACERT;
+ }
+
+ /*
+ * Certbuf now contains the contents of the certificate file, which can be
+ * - a single DER certificate,
+ * - a single PEM certificate or
+ * - a bunch of PEM certificates (certificate bundle).
+ *
+ * Go through certbuf, and convert any PEM certificate in it into DER
+ * format.
+ */
+ CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
+ &kCFTypeArrayCallBacks);
+ if(array == NULL) {
+ free(certbuf);
+ failf(data, "SSL: out of memory creating CA certificate array");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ while(offset < buflen) {
+ n++;
+
+ /*
+ * Check if the certificate is in PEM format, and convert it to DER. If
+ * this fails, we assume the certificate is in DER format.
+ */
+ res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
+ if(res < 0) {
+ free(certbuf);
+ CFRelease(array);
+ failf(data, "SSL: invalid CA certificate #%d (offset %d) in bundle",
+ n, offset);
+ return CURLE_SSL_CACERT;
+ }
+ offset += res;
+
+ if(res == 0 && offset == 0) {
+ /* This is not a PEM file, probably a certificate in DER format. */
+ rc = append_cert_to_array(data, certbuf, buflen, array);
+ free(certbuf);
+ if(rc != CURLE_OK) {
+ CFRelease(array);
+ return rc;
+ }
+ break;
+ }
+ else if(res == 0) {
+ /* No more certificates in the bundle. */
+ free(certbuf);
+ break;
+ }
+
+ rc = append_cert_to_array(data, der, derlen, array);
+ free(der);
+ if(rc != CURLE_OK) {
+ free(certbuf);
+ CFRelease(array);
+ return rc;
+ }
+ }
+
+ SecTrustRef trust;
+ OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
+ if(trust == NULL) {
+ failf(data, "SSL: error getting certificate chain");
+ CFRelease(array);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else if(ret != noErr) {
+ CFRelease(array);
+ return sslerr_to_curlerr(data, ret);
+ }
+
+ ret = SecTrustSetAnchorCertificates(trust, array);
+ if(ret != noErr) {
+ CFRelease(trust);
+ return sslerr_to_curlerr(data, ret);
+ }
+ ret = SecTrustSetAnchorCertificatesOnly(trust, true);
+ if(ret != noErr) {
+ CFRelease(trust);
+ return sslerr_to_curlerr(data, ret);
+ }
+
+ SecTrustResultType trust_eval = 0;
+ ret = SecTrustEvaluate(trust, &trust_eval);
+ CFRelease(array);
+ CFRelease(trust);
+ if(ret != noErr) {
+ return sslerr_to_curlerr(data, ret);
+ }
+
+ switch(trust_eval) {
+ case kSecTrustResultUnspecified:
+ case kSecTrustResultProceed:
+ return CURLE_OK;
+
+ case kSecTrustResultRecoverableTrustFailure:
+ case kSecTrustResultDeny:
+ default:
+ failf(data, "SSL: certificate verification failed (result: %d)",
+ trust_eval);
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+}
+
+#ifdef DARWIN_SSL_PINNEDPUBKEY
+static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
+ SSLContextRef ctx,
+ const char *pinnedpubkey)
+{ /* Scratch */
+ size_t pubkeylen, realpubkeylen, spkiHeaderLength = 24;
+ unsigned char *pubkey = NULL, *realpubkey = NULL;
+ const unsigned char *spkiHeader = NULL;
+ CFDataRef publicKeyBits = NULL;
+
+ /* Result is returned to caller */
+ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+
+ /* if a path wasn't specified, don't pin */
+ if(!pinnedpubkey)
+ return CURLE_OK;
+
+
+ if(!ctx)
+ return result;
+
+ do {
+ SecTrustRef trust;
+ OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
+ if(ret != noErr || trust == NULL)
+ break;
+
+ SecKeyRef keyRef = SecTrustCopyPublicKey(trust);
+ CFRelease(trust);
+ if(keyRef == NULL)
+ break;
+
+#ifdef DARWIN_SSL_PINNEDPUBKEY_V1
+
+ publicKeyBits = SecKeyCopyExternalRepresentation(keyRef, NULL);
+ CFRelease(keyRef);
+ if(publicKeyBits == NULL)
+ break;
+
+#elif DARWIN_SSL_PINNEDPUBKEY_V2
+
+ OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
+ &publicKeyBits);
+ CFRelease(keyRef);
+ if(success != errSecSuccess || publicKeyBits == NULL)
+ break;
+
+#endif /* DARWIN_SSL_PINNEDPUBKEY_V2 */
+
+ pubkeylen = CFDataGetLength(publicKeyBits);
+ pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits);
+
+ switch(pubkeylen) {
+ case 526:
+ /* 4096 bit RSA pubkeylen == 526 */
+ spkiHeader = rsa4096SpkiHeader;
+ break;
+ case 270:
+ /* 2048 bit RSA pubkeylen == 270 */
+ spkiHeader = rsa2048SpkiHeader;
+ break;
+#ifdef DARWIN_SSL_PINNEDPUBKEY_V1
+ case 65:
+ /* ecDSA secp256r1 pubkeylen == 65 */
+ spkiHeader = ecDsaSecp256r1SpkiHeader;
+ spkiHeaderLength = 26;
+ break;
+ case 97:
+ /* ecDSA secp384r1 pubkeylen == 97 */
+ spkiHeader = ecDsaSecp384r1SpkiHeader;
+ spkiHeaderLength = 23;
+ break;
+ default:
+ infof(data, "SSL: unhandled public key length: %d\n", pubkeylen);
+#elif DARWIN_SSL_PINNEDPUBKEY_V2
+ default:
+ /* ecDSA secp256r1 pubkeylen == 91 header already included?
+ * ecDSA secp384r1 header already included too
+ * we assume rest of algorithms do same, so do nothing
+ */
+ result = Curl_pin_peer_pubkey(data, pinnedpubkey, pubkey,
+ pubkeylen);
+#endif /* DARWIN_SSL_PINNEDPUBKEY_V2 */
+ continue; /* break from loop */
+ }
+
+ realpubkeylen = pubkeylen + spkiHeaderLength;
+ realpubkey = malloc(realpubkeylen);
+ if(!realpubkey)
+ break;
+
+ memcpy(realpubkey, spkiHeader, spkiHeaderLength);
+ memcpy(realpubkey + spkiHeaderLength, pubkey, pubkeylen);
+
+ result = Curl_pin_peer_pubkey(data, pinnedpubkey, realpubkey,
+ realpubkeylen);
+
+ } while(0);
+
+ Curl_safefree(realpubkey);
+ if(publicKeyBits != NULL)
+ CFRelease(publicKeyBits);
+
+ return result;
+}
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+
static CURLcode
darwinssl_connect_step2(struct connectdata *conn, int sockindex)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
OSStatus err;
SSLCipherSuite cipher;
SSLProtocol protocol = 0;
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|| ssl_connect_2_reading == connssl->connecting_state
|| ssl_connect_2_writing == connssl->connecting_state);
/* Here goes nothing: */
- err = SSLHandshake(connssl->ssl_ctx);
+ err = SSLHandshake(BACKEND->ssl_ctx);
if(err != noErr) {
- switch (err) {
+ switch(err) {
case errSSLWouldBlock: /* they're not done with us yet */
- connssl->connecting_state = connssl->ssl_direction ?
+ connssl->connecting_state = BACKEND->ssl_direction ?
ssl_connect_2_writing : ssl_connect_2_reading;
return CURLE_OK;
/* The below is errSSLServerAuthCompleted; it's not defined in
Leopard's headers */
case -9841:
+ if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) {
+ int res = verify_cert(SSL_CONN_CONFIG(CAfile), data,
+ BACKEND->ssl_ctx);
+ if(res != CURLE_OK)
+ return res;
+ }
/* the documentation says we need to call SSLHandshake() again */
return darwinssl_connect_step2(conn, sockindex);
@@ -1550,7 +2361,7 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
return CURLE_SSL_CONNECT_ERROR;
default:
failf(data, "Unknown SSL protocol error in connection to %s:%d",
- conn->host.name, err);
+ hostname, err);
return CURLE_SSL_CONNECT_ERROR;
}
}
@@ -1558,10 +2369,21 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
/* we have been connected fine, we're not waiting for anything else. */
connssl->connecting_state = ssl_connect_3;
+#ifdef DARWIN_SSL_PINNEDPUBKEY
+ if(data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]) {
+ CURLcode result = pkp_pin_peer_pubkey(data, BACKEND->ssl_ctx,
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]);
+ if(result) {
+ failf(data, "SSL: public key does not match pinned public key!");
+ return result;
+ }
+ }
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+
/* Informational message */
- (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher);
- (void)SSLGetNegotiatedProtocolVersion(connssl->ssl_ctx, &protocol);
- switch (protocol) {
+ (void)SSLGetNegotiatedCipher(BACKEND->ssl_ctx, &cipher);
+ (void)SSLGetNegotiatedProtocolVersion(BACKEND->ssl_ctx, &protocol);
+ switch(protocol) {
case kSSLProtocol2:
infof(data, "SSL 2.0 connection using %s\n",
SSLCipherNameForNumber(cipher));
@@ -1583,7 +2405,13 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
infof(data, "TLS 1.2 connection using %s\n",
TLSCipherNameForNumber(cipher));
break;
-#endif
+#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
+#if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
+ case kTLSProtocol13:
+ infof(data, "TLS 1.3 connection using %s\n",
+ TLSCipherNameForNumber(cipher));
+ break;
+#endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
default:
infof(data, "Unknown protocol connection\n");
break;
@@ -1593,42 +2421,40 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex)
}
}
-static CURLcode
-darwinssl_connect_step3(struct connectdata *conn,
- int sockindex)
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+/* This should be called during step3 of the connection at the earliest */
+static void
+show_verbose_server_cert(struct connectdata *conn,
+ int sockindex)
{
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- CFStringRef server_cert_summary;
- char server_cert_summary_c[128];
CFArrayRef server_certs = NULL;
SecCertificateRef server_cert;
OSStatus err;
CFIndex i, count;
SecTrustRef trust = NULL;
- /* There is no step 3!
- * Well, okay, if verbose mode is on, let's print the details of the
- * server certificates. */
+ if(!BACKEND->ssl_ctx)
+ return;
+
#if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
#if CURL_BUILD_IOS
#pragma unused(server_certs)
- err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
+ err = SSLCopyPeerTrust(BACKEND->ssl_ctx, &trust);
/* For some reason, SSLCopyPeerTrust() can return noErr and yet return
a null trust, so be on guard for that: */
if(err == noErr && trust) {
count = SecTrustGetCertificateCount(trust);
for(i = 0L ; i < count ; i++) {
+ CURLcode result;
+ char *certp;
server_cert = SecTrustGetCertificateAtIndex(trust, i);
- server_cert_summary = CopyCertSubject(server_cert);
- memset(server_cert_summary_c, 0, 128);
- if(CFStringGetCString(server_cert_summary,
- server_cert_summary_c,
- 128,
- kCFStringEncodingUTF8)) {
- infof(data, "Server certificate: %s\n", server_cert_summary_c);
+ result = CopyCertSubject(data, server_cert, &certp);
+ if(!result) {
+ infof(data, "Server certificate: %s\n", certp);
+ free(certp);
}
- CFRelease(server_cert_summary);
}
CFRelease(trust);
}
@@ -1641,45 +2467,40 @@ darwinssl_connect_step3(struct connectdata *conn,
Lion or later. */
if(SecTrustEvaluateAsync != NULL) {
#pragma unused(server_certs)
- err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
+ err = SSLCopyPeerTrust(BACKEND->ssl_ctx, &trust);
/* For some reason, SSLCopyPeerTrust() can return noErr and yet return
a null trust, so be on guard for that: */
if(err == noErr && trust) {
count = SecTrustGetCertificateCount(trust);
for(i = 0L ; i < count ; i++) {
+ char *certp;
+ CURLcode result;
server_cert = SecTrustGetCertificateAtIndex(trust, i);
- server_cert_summary = CopyCertSubject(server_cert);
- memset(server_cert_summary_c, 0, 128);
- if(CFStringGetCString(server_cert_summary,
- server_cert_summary_c,
- 128,
- kCFStringEncodingUTF8)) {
- infof(data, "Server certificate: %s\n", server_cert_summary_c);
+ result = CopyCertSubject(data, server_cert, &certp);
+ if(!result) {
+ infof(data, "Server certificate: %s\n", certp);
+ free(certp);
}
- CFRelease(server_cert_summary);
}
CFRelease(trust);
}
}
else {
#if CURL_SUPPORT_MAC_10_8
- err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
+ err = SSLCopyPeerCertificates(BACKEND->ssl_ctx, &server_certs);
/* Just in case SSLCopyPeerCertificates() returns null too... */
if(err == noErr && server_certs) {
count = CFArrayGetCount(server_certs);
for(i = 0L ; i < count ; i++) {
+ char *certp;
+ CURLcode result;
server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
i);
-
- server_cert_summary = CopyCertSubject(server_cert);
- memset(server_cert_summary_c, 0, 128);
- if(CFStringGetCString(server_cert_summary,
- server_cert_summary_c,
- 128,
- kCFStringEncodingUTF8)) {
- infof(data, "Server certificate: %s\n", server_cert_summary_c);
+ result = CopyCertSubject(data, server_cert, &certp);
+ if(!result) {
+ infof(data, "Server certificate: %s\n", certp);
+ free(certp);
}
- CFRelease(server_cert_summary);
}
CFRelease(server_certs);
}
@@ -1688,24 +2509,39 @@ darwinssl_connect_step3(struct connectdata *conn,
#endif /* CURL_BUILD_IOS */
#else
#pragma unused(trust)
- err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
+ err = SSLCopyPeerCertificates(BACKEND->ssl_ctx, &server_certs);
if(err == noErr) {
count = CFArrayGetCount(server_certs);
for(i = 0L ; i < count ; i++) {
+ CURLcode result;
+ char *certp;
server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
- server_cert_summary = CopyCertSubject(server_cert);
- memset(server_cert_summary_c, 0, 128);
- if(CFStringGetCString(server_cert_summary,
- server_cert_summary_c,
- 128,
- kCFStringEncodingUTF8)) {
- infof(data, "Server certificate: %s\n", server_cert_summary_c);
+ result = CopyCertSubject(data, server_cert, &certp);
+ if(!result) {
+ infof(data, "Server certificate: %s\n", certp);
+ free(certp);
}
- CFRelease(server_cert_summary);
}
CFRelease(server_certs);
}
#endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
+}
+#endif /* !CURL_DISABLE_VERBOSE_STRINGS */
+
+static CURLcode
+darwinssl_connect_step3(struct connectdata *conn,
+ int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ /* There is no step 3!
+ * Well, okay, if verbose mode is on, let's print the details of the
+ * server certificates. */
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+ if(data->set.verbose)
+ show_verbose_server_cert(conn, sockindex);
+#endif
connssl->connecting_state = ssl_connect_done;
return CURLE_OK;
@@ -1720,8 +2556,8 @@ darwinssl_connect_common(struct connectdata *conn,
bool nonblocking,
bool *done)
{
- CURLcode retcode;
- struct SessionHandle *data = conn->data;
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
long timeout_ms;
@@ -1733,7 +2569,7 @@ darwinssl_connect_common(struct connectdata *conn,
return CURLE_OK;
}
- if(ssl_connect_1==connssl->connecting_state) {
+ if(ssl_connect_1 == connssl->connecting_state) {
/* Find out how much more time we're allowed */
timeout_ms = Curl_timeleft(data, NULL, TRUE);
@@ -1742,9 +2578,10 @@ darwinssl_connect_common(struct connectdata *conn,
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
- retcode = darwinssl_connect_step1(conn, sockindex);
- if(retcode)
- return retcode;
+
+ result = darwinssl_connect_step1(conn, sockindex);
+ if(result)
+ return result;
}
while(ssl_connect_2 == connssl->connecting_state ||
@@ -1761,15 +2598,16 @@ darwinssl_connect_common(struct connectdata *conn,
}
/* if ssl is expecting something, check if it's available. */
- if(connssl->connecting_state == ssl_connect_2_reading
- || connssl->connecting_state == ssl_connect_2_writing) {
+ if(connssl->connecting_state == ssl_connect_2_reading ||
+ connssl->connecting_state == ssl_connect_2_writing) {
curl_socket_t writefd = ssl_connect_2_writing ==
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
curl_socket_t readfd = ssl_connect_2_reading ==
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
- what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking?0:timeout_ms);
if(what < 0) {
/* fatal error */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
@@ -1795,23 +2633,23 @@ darwinssl_connect_common(struct connectdata *conn,
* before step2 has completed while ensuring that a client using select()
* or epoll() will always have a valid fdset to wait on.
*/
- retcode = darwinssl_connect_step2(conn, sockindex);
- if(retcode || (nonblocking &&
- (ssl_connect_2 == connssl->connecting_state ||
- ssl_connect_2_reading == connssl->connecting_state ||
- ssl_connect_2_writing == connssl->connecting_state)))
- return retcode;
+ result = darwinssl_connect_step2(conn, sockindex);
+ if(result || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return result;
} /* repeat step2 until all transactions are done. */
- if(ssl_connect_3==connssl->connecting_state) {
- retcode = darwinssl_connect_step3(conn, sockindex);
- if(retcode)
- return retcode;
+ if(ssl_connect_3 == connssl->connecting_state) {
+ result = darwinssl_connect_step3(conn, sockindex);
+ if(result)
+ return result;
}
- if(ssl_connect_done==connssl->connecting_state) {
+ if(ssl_connect_done == connssl->connecting_state) {
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = darwinssl_recv;
conn->send[sockindex] = darwinssl_send;
@@ -1826,68 +2664,58 @@ darwinssl_connect_common(struct connectdata *conn,
return CURLE_OK;
}
-CURLcode
-Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
- int sockindex,
- bool *done)
+static CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
{
return darwinssl_connect_common(conn, sockindex, TRUE, done);
}
-CURLcode
-Curl_darwinssl_connect(struct connectdata *conn,
- int sockindex)
+static CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex)
{
- CURLcode retcode;
+ CURLcode result;
bool done = FALSE;
- retcode = darwinssl_connect_common(conn, sockindex, FALSE, &done);
+ result = darwinssl_connect_common(conn, sockindex, FALSE, &done);
- if(retcode)
- return retcode;
+ if(result)
+ return result;
DEBUGASSERT(done);
return CURLE_OK;
}
-void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
+static void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- if(connssl->ssl_ctx) {
- (void)SSLClose(connssl->ssl_ctx);
+ if(BACKEND->ssl_ctx) {
+ (void)SSLClose(BACKEND->ssl_ctx);
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
if(SSLCreateContext != NULL)
- CFRelease(connssl->ssl_ctx);
+ CFRelease(BACKEND->ssl_ctx);
#if CURL_SUPPORT_MAC_10_8
else
- (void)SSLDisposeContext(connssl->ssl_ctx);
+ (void)SSLDisposeContext(BACKEND->ssl_ctx);
#endif /* CURL_SUPPORT_MAC_10_8 */
#else
- (void)SSLDisposeContext(connssl->ssl_ctx);
+ (void)SSLDisposeContext(BACKEND->ssl_ctx);
#endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
- connssl->ssl_ctx = NULL;
+ BACKEND->ssl_ctx = NULL;
}
- connssl->ssl_sockfd = 0;
+ BACKEND->ssl_sockfd = 0;
}
-void Curl_darwinssl_close_all(struct SessionHandle *data)
-{
- /* SecureTransport doesn't separate sessions from contexts, so... */
- (void)data;
-}
-
-int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
+static int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- struct SessionHandle *data = conn->data;
+ struct Curl_easy *data = conn->data;
ssize_t nread;
int what;
int rc;
char buf[120];
- if(!connssl->ssl_ctx)
+ if(!BACKEND->ssl_ctx)
return 0;
if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
@@ -1897,8 +2725,7 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
rc = 0;
- what = Curl_socket_ready(conn->sock[sockindex],
- CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+ what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT);
for(;;) {
if(what < 0) {
@@ -1926,13 +2753,13 @@ int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
if(nread <= 0)
break;
- what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
+ what = SOCKET_READABLE(conn->sock[sockindex], 0);
}
return rc;
}
-void Curl_darwinssl_session_free(void *ptr)
+static void Curl_darwinssl_session_free(void *ptr)
{
/* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
cached session ID inside the Security framework. There is a private
@@ -1943,7 +2770,7 @@ void Curl_darwinssl_session_free(void *ptr)
Curl_safefree(ptr);
}
-size_t Curl_darwinssl_version(char *buffer, size_t size)
+static size_t Curl_darwinssl_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "SecureTransport");
}
@@ -1956,14 +2783,14 @@ size_t Curl_darwinssl_version(char *buffer, size_t size)
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
-int Curl_darwinssl_check_cxn(struct connectdata *conn)
+static int Curl_darwinssl_check_cxn(struct connectdata *conn)
{
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
OSStatus err;
SSLSessionState state;
- if(connssl->ssl_ctx) {
- err = SSLGetSessionState(connssl->ssl_ctx, &state);
+ if(BACKEND->ssl_ctx) {
+ err = SSLGetSessionState(BACKEND->ssl_ctx, &state);
if(err == noErr)
return state == kSSLConnected || state == kSSLHandshake;
return -1;
@@ -1971,15 +2798,15 @@ int Curl_darwinssl_check_cxn(struct connectdata *conn)
return 0;
}
-bool Curl_darwinssl_data_pending(const struct connectdata *conn,
- int connindex)
+static bool Curl_darwinssl_data_pending(const struct connectdata *conn,
+ int connindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
OSStatus err;
size_t buffer;
- if(connssl->ssl_ctx) { /* SSL is in use */
- err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer);
+ if(BACKEND->ssl_ctx) { /* SSL is in use */
+ err = SSLGetBufferedReadSize(BACKEND->ssl_ctx, &buffer);
if(err == noErr)
return buffer > 0UL;
return false;
@@ -1988,15 +2815,16 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn,
return false;
}
-void Curl_darwinssl_random(struct SessionHandle *data,
- unsigned char *entropy,
- size_t length)
+static CURLcode Curl_darwinssl_random(struct Curl_easy *data UNUSED_PARAM,
+ unsigned char *entropy, size_t length)
{
/* arc4random_buf() isn't available on cats older than Lion, so let's
do this manually for the benefit of the older cats. */
size_t i;
u_int32_t random_number = 0;
+ (void)data;
+
for(i = 0 ; i < length ; i++) {
if(i % sizeof(u_int32_t) == 0)
random_number = arc4random();
@@ -2004,16 +2832,35 @@ void Curl_darwinssl_random(struct SessionHandle *data,
random_number >>= 8;
}
i = random_number = 0;
- (void)data;
+ return CURLE_OK;
}
-void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *md5sum, /* output */
- size_t md5len)
+static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
{
(void)md5len;
(void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
+ return CURLE_OK;
+}
+
+static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
+{
+ assert(sha256len >= CURL_SHA256_DIGEST_LENGTH);
+ (void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
+}
+
+static bool Curl_darwinssl_false_start(void)
+{
+#if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
+ if(SSLSetSessionOption != NULL)
+ return TRUE;
+#endif
+ return FALSE;
}
static ssize_t darwinssl_send(struct connectdata *conn,
@@ -2022,7 +2869,7 @@ static ssize_t darwinssl_send(struct connectdata *conn,
size_t len,
CURLcode *curlcode)
{
- /*struct SessionHandle *data = conn->data;*/
+ /*struct Curl_easy *data = conn->data;*/
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
size_t processed = 0UL;
OSStatus err;
@@ -2042,15 +2889,15 @@ static ssize_t darwinssl_send(struct connectdata *conn,
over again with no new data until it quits returning errSSLWouldBlock. */
/* Do we have buffered data to write from the last time we were called? */
- if(connssl->ssl_write_buffered_length) {
+ if(BACKEND->ssl_write_buffered_length) {
/* Write the buffered data: */
- err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed);
- switch (err) {
+ err = SSLWrite(BACKEND->ssl_ctx, NULL, 0UL, &processed);
+ switch(err) {
case noErr:
/* processed is always going to be 0 because we didn't write to
the buffer, so return how much was written to the socket */
- processed = connssl->ssl_write_buffered_length;
- connssl->ssl_write_buffered_length = 0UL;
+ processed = BACKEND->ssl_write_buffered_length;
+ BACKEND->ssl_write_buffered_length = 0UL;
break;
case errSSLWouldBlock: /* argh, try again */
*curlcode = CURLE_AGAIN;
@@ -2063,13 +2910,13 @@ static ssize_t darwinssl_send(struct connectdata *conn,
}
else {
/* We've got new data to write: */
- err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
+ err = SSLWrite(BACKEND->ssl_ctx, mem, len, &processed);
if(err != noErr) {
- switch (err) {
+ switch(err) {
case errSSLWouldBlock:
/* Data was buffered but not sent, we have to tell the caller
to try sending again, and remember how much was buffered */
- connssl->ssl_write_buffered_length = len;
+ BACKEND->ssl_write_buffered_length = len;
*curlcode = CURLE_AGAIN;
return -1L;
default:
@@ -2088,13 +2935,13 @@ static ssize_t darwinssl_recv(struct connectdata *conn,
size_t buffersize,
CURLcode *curlcode)
{
- /*struct SessionHandle *data = conn->data;*/
+ /*struct Curl_easy *data = conn->data;*/
struct ssl_connect_data *connssl = &conn->ssl[num];
size_t processed = 0UL;
- OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed);
+ OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed);
if(err != noErr) {
- switch (err) {
+ switch(err) {
case errSSLWouldBlock: /* return how much we read (if anything) */
if(processed)
return (ssize_t)processed;
@@ -2122,4 +2969,52 @@ static ssize_t darwinssl_recv(struct connectdata *conn,
return (ssize_t)processed;
}
+static void *Curl_darwinssl_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return BACKEND->ssl_ctx;
+}
+
+const struct Curl_ssl Curl_ssl_darwinssl = {
+ { CURLSSLBACKEND_DARWINSSL, "darwinssl" }, /* info */
+
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+#ifdef DARWIN_SSL_PINNEDPUBKEY
+ 1, /* have_pinnedpubkey */
+#else
+ 0, /* have_pinnedpubkey */
+#endif /* DARWIN_SSL_PINNEDPUBKEY */
+ 0, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_none_init, /* init */
+ Curl_none_cleanup, /* cleanup */
+ Curl_darwinssl_version, /* version */
+ Curl_darwinssl_check_cxn, /* check_cxn */
+ Curl_darwinssl_shutdown, /* shutdown */
+ Curl_darwinssl_data_pending, /* data_pending */
+ Curl_darwinssl_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_darwinssl_connect, /* connect */
+ Curl_darwinssl_connect_nonblocking, /* connect_nonblocking */
+ Curl_darwinssl_get_internals, /* get_internals */
+ Curl_darwinssl_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_darwinssl_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_darwinssl_false_start, /* false_start */
+ Curl_darwinssl_md5sum, /* md5sum */
+ Curl_darwinssl_sha256sum /* sha256sum */
+};
+
+#ifdef __clang__
+#pragma clang diagnostic pop
+#endif
+
#endif /* USE_DARWINSSL */
diff --git a/libs/libcurl/src/vtls/darwinssl.h b/libs/libcurl/src/vtls/darwinssl.h
new file mode 100644
index 0000000000..23c7f705cb
--- /dev/null
+++ b/libs/libcurl/src/vtls/darwinssl.h
@@ -0,0 +1,32 @@
+#ifndef HEADER_CURL_DARWINSSL_H
+#define HEADER_CURL_DARWINSSL_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_DARWINSSL
+
+extern const struct Curl_ssl Curl_ssl_darwinssl;
+
+#endif /* USE_DARWINSSL */
+#endif /* HEADER_CURL_DARWINSSL_H */
diff --git a/libs/libcurl/src/vtls/gskit.c b/libs/libcurl/src/vtls/gskit.c
new file mode 100644
index 0000000000..de496dd125
--- /dev/null
+++ b/libs/libcurl/src/vtls/gskit.c
@@ -0,0 +1,1390 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_GSKIT
+
+#include <gskssl.h>
+#include <qsoasync.h>
+
+/* Some symbols are undefined/unsupported on OS400 versions < V7R1. */
+#ifndef GSK_SSL_EXTN_SERVERNAME_REQUEST
+#define GSK_SSL_EXTN_SERVERNAME_REQUEST 230
+#endif
+
+#ifndef GSK_TLSV10_CIPHER_SPECS
+#define GSK_TLSV10_CIPHER_SPECS 236
+#endif
+
+#ifndef GSK_TLSV11_CIPHER_SPECS
+#define GSK_TLSV11_CIPHER_SPECS 237
+#endif
+
+#ifndef GSK_TLSV12_CIPHER_SPECS
+#define GSK_TLSV12_CIPHER_SPECS 238
+#endif
+
+#ifndef GSK_PROTOCOL_TLSV11
+#define GSK_PROTOCOL_TLSV11 437
+#endif
+
+#ifndef GSK_PROTOCOL_TLSV12
+#define GSK_PROTOCOL_TLSV12 438
+#endif
+
+#ifndef GSK_FALSE
+#define GSK_FALSE 0
+#endif
+
+#ifndef GSK_TRUE
+#define GSK_TRUE 1
+#endif
+
+
+#ifdef HAVE_LIMITS_H
+# include <limits.h>
+#endif
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "gskit.h"
+#include "vtls.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "strcase.h"
+#include "x509asn1.h"
+#include "curl_printf.h"
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+
+/* Directions. */
+#define SOS_READ 0x01
+#define SOS_WRITE 0x02
+
+/* SSL version flags. */
+#define CURL_GSKPROTO_SSLV2 0
+#define CURL_GSKPROTO_SSLV2_MASK (1 << CURL_GSKPROTO_SSLV2)
+#define CURL_GSKPROTO_SSLV3 1
+#define CURL_GSKPROTO_SSLV3_MASK (1 << CURL_GSKPROTO_SSLV3)
+#define CURL_GSKPROTO_TLSV10 2
+#define CURL_GSKPROTO_TLSV10_MASK (1 << CURL_GSKPROTO_TLSV10)
+#define CURL_GSKPROTO_TLSV11 3
+#define CURL_GSKPROTO_TLSV11_MASK (1 << CURL_GSKPROTO_TLSV11)
+#define CURL_GSKPROTO_TLSV12 4
+#define CURL_GSKPROTO_TLSV12_MASK (1 << CURL_GSKPROTO_TLSV12)
+#define CURL_GSKPROTO_LAST 5
+
+struct ssl_backend_data {
+ gsk_handle handle;
+ int iocport;
+ int localfd;
+ int remotefd;
+};
+
+#define BACKEND connssl->backend
+
+/* Supported ciphers. */
+typedef struct {
+ const char *name; /* Cipher name. */
+ const char *gsktoken; /* Corresponding token for GSKit String. */
+ unsigned int versions; /* SSL version flags. */
+} gskit_cipher;
+
+static const gskit_cipher ciphertable[] = {
+ { "null-md5", "01",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+ CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+ { "null-sha", "02",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+ CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+ { "exp-rc4-md5", "03",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK },
+ { "rc4-md5", "04",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+ CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+ { "rc4-sha", "05",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+ CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+ { "exp-rc2-cbc-md5", "06",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK },
+ { "exp-des-cbc-sha", "09",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+ CURL_GSKPROTO_TLSV11_MASK },
+ { "des-cbc3-sha", "0A",
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK |
+ CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK },
+ { "aes128-sha", "2F",
+ CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
+ CURL_GSKPROTO_TLSV12_MASK },
+ { "aes256-sha", "35",
+ CURL_GSKPROTO_TLSV10_MASK | CURL_GSKPROTO_TLSV11_MASK |
+ CURL_GSKPROTO_TLSV12_MASK },
+ { "null-sha256", "3B", CURL_GSKPROTO_TLSV12_MASK },
+ { "aes128-sha256", "3C", CURL_GSKPROTO_TLSV12_MASK },
+ { "aes256-sha256", "3D", CURL_GSKPROTO_TLSV12_MASK },
+ { "aes128-gcm-sha256",
+ "9C", CURL_GSKPROTO_TLSV12_MASK },
+ { "aes256-gcm-sha384",
+ "9D", CURL_GSKPROTO_TLSV12_MASK },
+ { "rc4-md5", "1", CURL_GSKPROTO_SSLV2_MASK },
+ { "exp-rc4-md5", "2", CURL_GSKPROTO_SSLV2_MASK },
+ { "rc2-md5", "3", CURL_GSKPROTO_SSLV2_MASK },
+ { "exp-rc2-md5", "4", CURL_GSKPROTO_SSLV2_MASK },
+ { "des-cbc-md5", "6", CURL_GSKPROTO_SSLV2_MASK },
+ { "des-cbc3-md5", "7", CURL_GSKPROTO_SSLV2_MASK },
+ { (const char *) NULL, (const char *) NULL, 0 }
+};
+
+
+static bool is_separator(char c)
+{
+ /* Return whether character is a cipher list separator. */
+ switch(c) {
+ case ' ':
+ case '\t':
+ case ':':
+ case ',':
+ case ';':
+ return true;
+ }
+ return false;
+}
+
+
+static CURLcode gskit_status(struct Curl_easy *data, int rc,
+ const char *procname, CURLcode defcode)
+{
+ /* Process GSKit status and map it to a CURLcode. */
+ switch(rc) {
+ case GSK_OK:
+ case GSK_OS400_ASYNCHRONOUS_SOC_INIT:
+ return CURLE_OK;
+ case GSK_KEYRING_OPEN_ERROR:
+ case GSK_OS400_ERROR_NO_ACCESS:
+ return CURLE_SSL_CACERT_BADFILE;
+ case GSK_INSUFFICIENT_STORAGE:
+ return CURLE_OUT_OF_MEMORY;
+ case GSK_ERROR_BAD_V2_CIPHER:
+ case GSK_ERROR_BAD_V3_CIPHER:
+ case GSK_ERROR_NO_CIPHERS:
+ return CURLE_SSL_CIPHER;
+ case GSK_OS400_ERROR_NOT_TRUSTED_ROOT:
+ case GSK_ERROR_CERT_VALIDATION:
+ return CURLE_PEER_FAILED_VERIFICATION;
+ case GSK_OS400_ERROR_TIMED_OUT:
+ return CURLE_OPERATION_TIMEDOUT;
+ case GSK_WOULD_BLOCK:
+ return CURLE_AGAIN;
+ case GSK_OS400_ERROR_NOT_REGISTERED:
+ break;
+ case GSK_ERROR_IO:
+ switch(errno) {
+ case ENOMEM:
+ return CURLE_OUT_OF_MEMORY;
+ default:
+ failf(data, "%s I/O error: %s", procname, strerror(errno));
+ break;
+ }
+ break;
+ default:
+ failf(data, "%s: %s", procname, gsk_strerror(rc));
+ break;
+ }
+ return defcode;
+}
+
+
+static CURLcode set_enum(struct Curl_easy *data, gsk_handle h,
+ GSK_ENUM_ID id, GSK_ENUM_VALUE value, bool unsupported_ok)
+{
+ int rc = gsk_attribute_set_enum(h, id, value);
+
+ switch(rc) {
+ case GSK_OK:
+ return CURLE_OK;
+ case GSK_ERROR_IO:
+ failf(data, "gsk_attribute_set_enum() I/O error: %s", strerror(errno));
+ break;
+ case GSK_ATTRIBUTE_INVALID_ID:
+ if(unsupported_ok)
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ default:
+ failf(data, "gsk_attribute_set_enum(): %s", gsk_strerror(rc));
+ break;
+ }
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_buffer(struct Curl_easy *data, gsk_handle h,
+ GSK_BUF_ID id, const char *buffer, bool unsupported_ok)
+{
+ int rc = gsk_attribute_set_buffer(h, id, buffer, 0);
+
+ switch(rc) {
+ case GSK_OK:
+ return CURLE_OK;
+ case GSK_ERROR_IO:
+ failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno));
+ break;
+ case GSK_ATTRIBUTE_INVALID_ID:
+ if(unsupported_ok)
+ return CURLE_UNSUPPORTED_PROTOCOL;
+ default:
+ failf(data, "gsk_attribute_set_buffer(): %s", gsk_strerror(rc));
+ break;
+ }
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_numeric(struct Curl_easy *data,
+ gsk_handle h, GSK_NUM_ID id, int value)
+{
+ int rc = gsk_attribute_set_numeric_value(h, id, value);
+
+ switch(rc) {
+ case GSK_OK:
+ return CURLE_OK;
+ case GSK_ERROR_IO:
+ failf(data, "gsk_attribute_set_numeric_value() I/O error: %s",
+ strerror(errno));
+ break;
+ default:
+ failf(data, "gsk_attribute_set_numeric_value(): %s", gsk_strerror(rc));
+ break;
+ }
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_callback(struct Curl_easy *data,
+ gsk_handle h, GSK_CALLBACK_ID id, void *info)
+{
+ int rc = gsk_attribute_set_callback(h, id, info);
+
+ switch(rc) {
+ case GSK_OK:
+ return CURLE_OK;
+ case GSK_ERROR_IO:
+ failf(data, "gsk_attribute_set_callback() I/O error: %s", strerror(errno));
+ break;
+ default:
+ failf(data, "gsk_attribute_set_callback(): %s", gsk_strerror(rc));
+ break;
+ }
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
+
+static CURLcode set_ciphers(struct connectdata *conn,
+ gsk_handle h, unsigned int *protoflags)
+{
+ struct Curl_easy *data = conn->data;
+ const char *cipherlist = SSL_CONN_CONFIG(cipher_list);
+ const char *clp;
+ const gskit_cipher *ctp;
+ int i;
+ int l;
+ bool unsupported;
+ CURLcode result;
+ struct {
+ char *buf;
+ char *ptr;
+ } ciphers[CURL_GSKPROTO_LAST];
+
+ /* Compile cipher list into GSKit-compatible cipher lists. */
+
+ if(!cipherlist)
+ return CURLE_OK;
+ while(is_separator(*cipherlist)) /* Skip initial separators. */
+ cipherlist++;
+ if(!*cipherlist)
+ return CURLE_OK;
+
+ /* We allocate GSKit buffers of the same size as the input string: since
+ GSKit tokens are always shorter than their cipher names, allocated buffers
+ will always be large enough to accommodate the result. */
+ l = strlen(cipherlist) + 1;
+ memset((char *) ciphers, 0, sizeof ciphers);
+ for(i = 0; i < CURL_GSKPROTO_LAST; i++) {
+ ciphers[i].buf = malloc(l);
+ if(!ciphers[i].buf) {
+ while(i--)
+ free(ciphers[i].buf);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ ciphers[i].ptr = ciphers[i].buf;
+ *ciphers[i].ptr = '\0';
+ }
+
+ /* Process each cipher in input string. */
+ unsupported = FALSE;
+ result = CURLE_OK;
+ for(;;) {
+ for(clp = cipherlist; *cipherlist && !is_separator(*cipherlist);)
+ cipherlist++;
+ l = cipherlist - clp;
+ if(!l)
+ break;
+ /* Search the cipher in our table. */
+ for(ctp = ciphertable; ctp->name; ctp++)
+ if(strncasecompare(ctp->name, clp, l) && !ctp->name[l])
+ break;
+ if(!ctp->name) {
+ failf(data, "Unknown cipher %.*s", l, clp);
+ result = CURLE_SSL_CIPHER;
+ }
+ else {
+ unsupported |= !(ctp->versions & (CURL_GSKPROTO_SSLV2_MASK |
+ CURL_GSKPROTO_SSLV3_MASK | CURL_GSKPROTO_TLSV10_MASK));
+ for(i = 0; i < CURL_GSKPROTO_LAST; i++) {
+ if(ctp->versions & (1 << i)) {
+ strcpy(ciphers[i].ptr, ctp->gsktoken);
+ ciphers[i].ptr += strlen(ctp->gsktoken);
+ }
+ }
+ }
+
+ /* Advance to next cipher name or end of string. */
+ while(is_separator(*cipherlist))
+ cipherlist++;
+ }
+
+ /* Disable protocols with empty cipher lists. */
+ for(i = 0; i < CURL_GSKPROTO_LAST; i++) {
+ if(!(*protoflags & (1 << i)) || !ciphers[i].buf[0]) {
+ *protoflags &= ~(1 << i);
+ ciphers[i].buf[0] = '\0';
+ }
+ }
+
+ /* Try to set-up TLSv1.1 and TLSv2.1 ciphers. */
+ if(*protoflags & CURL_GSKPROTO_TLSV11_MASK) {
+ result = set_buffer(data, h, GSK_TLSV11_CIPHER_SPECS,
+ ciphers[CURL_GSKPROTO_TLSV11].buf, TRUE);
+ if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+ result = CURLE_OK;
+ if(unsupported) {
+ failf(data, "TLSv1.1-only ciphers are not yet supported");
+ result = CURLE_SSL_CIPHER;
+ }
+ }
+ }
+ if(!result && (*protoflags & CURL_GSKPROTO_TLSV12_MASK)) {
+ result = set_buffer(data, h, GSK_TLSV12_CIPHER_SPECS,
+ ciphers[CURL_GSKPROTO_TLSV12].buf, TRUE);
+ if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+ result = CURLE_OK;
+ if(unsupported) {
+ failf(data, "TLSv1.2-only ciphers are not yet supported");
+ result = CURLE_SSL_CIPHER;
+ }
+ }
+ }
+
+ /* Try to set-up TLSv1.0 ciphers. If not successful, concatenate them to
+ the SSLv3 ciphers. OS/400 prior to version 7.1 will understand it. */
+ if(!result && (*protoflags & CURL_GSKPROTO_TLSV10_MASK)) {
+ result = set_buffer(data, h, GSK_TLSV10_CIPHER_SPECS,
+ ciphers[CURL_GSKPROTO_TLSV10].buf, TRUE);
+ if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+ result = CURLE_OK;
+ strcpy(ciphers[CURL_GSKPROTO_SSLV3].ptr,
+ ciphers[CURL_GSKPROTO_TLSV10].ptr);
+ }
+ }
+
+ /* Set-up other ciphers. */
+ if(!result && (*protoflags & CURL_GSKPROTO_SSLV3_MASK))
+ result = set_buffer(data, h, GSK_V3_CIPHER_SPECS,
+ ciphers[CURL_GSKPROTO_SSLV3].buf, FALSE);
+ if(!result && (*protoflags & CURL_GSKPROTO_SSLV2_MASK))
+ result = set_buffer(data, h, GSK_V2_CIPHER_SPECS,
+ ciphers[CURL_GSKPROTO_SSLV2].buf, FALSE);
+
+ /* Clean-up. */
+ for(i = 0; i < CURL_GSKPROTO_LAST; i++)
+ free(ciphers[i].buf);
+
+ return result;
+}
+
+
+static int Curl_gskit_init(void)
+{
+ /* No initialisation needed. */
+
+ return 1;
+}
+
+
+static void Curl_gskit_cleanup(void)
+{
+ /* Nothing to do. */
+}
+
+
+static CURLcode init_environment(struct Curl_easy *data,
+ gsk_handle *envir, const char *appid,
+ const char *file, const char *label,
+ const char *password)
+{
+ int rc;
+ CURLcode result;
+ gsk_handle h;
+
+ /* Creates the GSKit environment. */
+
+ rc = gsk_environment_open(&h);
+ switch(rc) {
+ case GSK_OK:
+ break;
+ case GSK_INSUFFICIENT_STORAGE:
+ return CURLE_OUT_OF_MEMORY;
+ default:
+ failf(data, "gsk_environment_open(): %s", gsk_strerror(rc));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ result = set_enum(data, h, GSK_SESSION_TYPE, GSK_CLIENT_SESSION, FALSE);
+ if(!result && appid)
+ result = set_buffer(data, h, GSK_OS400_APPLICATION_ID, appid, FALSE);
+ if(!result && file)
+ result = set_buffer(data, h, GSK_KEYRING_FILE, file, FALSE);
+ if(!result && label)
+ result = set_buffer(data, h, GSK_KEYRING_LABEL, label, FALSE);
+ if(!result && password)
+ result = set_buffer(data, h, GSK_KEYRING_PW, password, FALSE);
+
+ if(!result) {
+ /* Locate CAs, Client certificate and key according to our settings.
+ Note: this call may be blocking for some tenths of seconds. */
+ result = gskit_status(data, gsk_environment_init(h),
+ "gsk_environment_init()", CURLE_SSL_CERTPROBLEM);
+ if(!result) {
+ *envir = h;
+ return result;
+ }
+ }
+ /* Error: rollback. */
+ gsk_environment_close(&h);
+ return result;
+}
+
+
+static void cancel_async_handshake(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ Qso_OverlappedIO_t cstat;
+
+ if(QsoCancelOperation(conn->sock[sockindex], 0) > 0)
+ QsoWaitForIOCompletion(BACKEND->iocport, &cstat, (struct timeval *) NULL);
+}
+
+
+static void close_async_handshake(struct ssl_connect_data *connssl)
+{
+ QsoDestroyIOCompletionPort(BACKEND->iocport);
+ BACKEND->iocport = -1;
+}
+
+/* SSL over SSL
+ * Problems:
+ * 1) GSKit can only perform SSL on an AF_INET or AF_INET6 stream socket. To
+ * pipe an SSL stream into another, it is therefore needed to have a pair
+ * of such communicating sockets and handle the pipelining explicitly.
+ * 2) OS/400 socketpair() is only implemented for domain AF_UNIX, thus cannot
+ * be used to produce the pipeline.
+ * The solution is to simulate socketpair() for AF_INET with low-level API
+ * listen(), bind() and connect().
+ */
+
+static int
+inetsocketpair(int sv[2])
+{
+ int lfd; /* Listening socket. */
+ int sfd; /* Server socket. */
+ int cfd; /* Client socket. */
+ int len;
+ struct sockaddr_in addr1;
+ struct sockaddr_in addr2;
+
+ /* Create listening socket on a local dynamic port. */
+ lfd = socket(AF_INET, SOCK_STREAM, 0);
+ if(lfd < 0)
+ return -1;
+ memset((char *) &addr1, 0, sizeof addr1);
+ addr1.sin_family = AF_INET;
+ addr1.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ addr1.sin_port = 0;
+ if(bind(lfd, (struct sockaddr *) &addr1, sizeof addr1) ||
+ listen(lfd, 2) < 0) {
+ close(lfd);
+ return -1;
+ }
+
+ /* Get the allocated port. */
+ len = sizeof addr1;
+ if(getsockname(lfd, (struct sockaddr *) &addr1, &len) < 0) {
+ close(lfd);
+ return -1;
+ }
+
+ /* Create the client socket. */
+ cfd = socket(AF_INET, SOCK_STREAM, 0);
+ if(cfd < 0) {
+ close(lfd);
+ return -1;
+ }
+
+ /* Request unblocking connection to the listening socket. */
+ curlx_nonblock(cfd, TRUE);
+ if(connect(cfd, (struct sockaddr *) &addr1, sizeof addr1) < 0 &&
+ errno != EINPROGRESS) {
+ close(lfd);
+ close(cfd);
+ return -1;
+ }
+
+ /* Get the client dynamic port for intrusion check below. */
+ len = sizeof addr2;
+ if(getsockname(cfd, (struct sockaddr *) &addr2, &len) < 0) {
+ close(lfd);
+ close(cfd);
+ return -1;
+ }
+
+ /* Accept the incoming connection and get the server socket. */
+ curlx_nonblock(lfd, TRUE);
+ for(;;) {
+ len = sizeof addr1;
+ sfd = accept(lfd, (struct sockaddr *) &addr1, &len);
+ if(sfd < 0) {
+ close(lfd);
+ close(cfd);
+ return -1;
+ }
+
+ /* Check for possible intrusion from an external process. */
+ if(addr1.sin_addr.s_addr == addr2.sin_addr.s_addr &&
+ addr1.sin_port == addr2.sin_port)
+ break;
+
+ /* Intrusion: reject incoming connection. */
+ close(sfd);
+ }
+
+ /* Done, return sockets and succeed. */
+ close(lfd);
+ curlx_nonblock(cfd, FALSE);
+ sv[0] = cfd;
+ sv[1] = sfd;
+ return 0;
+}
+
+static int pipe_ssloverssl(struct connectdata *conn, int sockindex,
+ int directions)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct ssl_connect_data *connproxyssl = &conn->proxy_ssl[sockindex];
+ fd_set fds_read;
+ fd_set fds_write;
+ int n;
+ int m;
+ int i;
+ int ret = 0;
+ struct timeval tv = {0, 0};
+ char buf[CURL_MAX_WRITE_SIZE];
+
+ if(!connssl->use || !connproxyssl->use)
+ return 0; /* No SSL over SSL: OK. */
+
+ FD_ZERO(&fds_read);
+ FD_ZERO(&fds_write);
+ n = -1;
+ if(directions & SOS_READ) {
+ FD_SET(BACKEND->remotefd, &fds_write);
+ n = BACKEND->remotefd;
+ }
+ if(directions & SOS_WRITE) {
+ FD_SET(BACKEND->remotefd, &fds_read);
+ n = BACKEND->remotefd;
+ FD_SET(conn->sock[sockindex], &fds_write);
+ if(n < conn->sock[sockindex])
+ n = conn->sock[sockindex];
+ }
+ i = select(n + 1, &fds_read, &fds_write, NULL, &tv);
+ if(i < 0)
+ return -1; /* Select error. */
+
+ if(FD_ISSET(BACKEND->remotefd, &fds_write)) {
+ /* Try getting data from HTTPS proxy and pipe it upstream. */
+ n = 0;
+ i = gsk_secure_soc_read(connproxyssl->backend->handle,
+ buf, sizeof buf, &n);
+ switch(i) {
+ case GSK_OK:
+ if(n) {
+ i = write(BACKEND->remotefd, buf, n);
+ if(i < 0)
+ return -1;
+ ret = 1;
+ }
+ break;
+ case GSK_OS400_ERROR_TIMED_OUT:
+ case GSK_WOULD_BLOCK:
+ break;
+ default:
+ return -1;
+ }
+ }
+
+ if(FD_ISSET(BACKEND->remotefd, &fds_read) &&
+ FD_ISSET(conn->sock[sockindex], &fds_write)) {
+ /* Pipe data to HTTPS proxy. */
+ n = read(BACKEND->remotefd, buf, sizeof buf);
+ if(n < 0)
+ return -1;
+ if(n) {
+ i = gsk_secure_soc_write(connproxyssl->backend->handle, buf, n, &m);
+ if(i != GSK_OK || n != m)
+ return -1;
+ ret = 1;
+ }
+ }
+
+ return ret; /* OK */
+}
+
+
+static void close_one(struct ssl_connect_data *connssl,
+ struct connectdata *conn, int sockindex)
+{
+ if(BACKEND->handle) {
+ gskit_status(conn->data, gsk_secure_soc_close(&BACKEND->handle),
+ "gsk_secure_soc_close()", 0);
+ /* Last chance to drain output. */
+ while(pipe_ssloverssl(conn, sockindex, SOS_WRITE) > 0)
+ ;
+ BACKEND->handle = (gsk_handle) NULL;
+ if(BACKEND->localfd >= 0) {
+ close(BACKEND->localfd);
+ BACKEND->localfd = -1;
+ }
+ if(BACKEND->remotefd >= 0) {
+ close(BACKEND->remotefd);
+ BACKEND->remotefd = -1;
+ }
+ }
+ if(BACKEND->iocport >= 0)
+ close_async_handshake(connssl);
+}
+
+
+static ssize_t gskit_send(struct connectdata *conn, int sockindex,
+ const void *mem, size_t len, CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+ CURLcode cc = CURLE_SEND_ERROR;
+ int written;
+
+ if(pipe_ssloverssl(conn, sockindex, SOS_WRITE) >= 0) {
+ cc = gskit_status(data,
+ gsk_secure_soc_write(BACKEND->handle,
+ (char *) mem, (int) len, &written),
+ "gsk_secure_soc_write()", CURLE_SEND_ERROR);
+ if(cc == CURLE_OK)
+ if(pipe_ssloverssl(conn, sockindex, SOS_WRITE) < 0)
+ cc = CURLE_SEND_ERROR;
+ }
+ if(cc != CURLE_OK) {
+ *curlcode = cc;
+ written = -1;
+ }
+ return (ssize_t) written; /* number of bytes */
+}
+
+
+static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf,
+ size_t buffersize, CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[num];
+ struct Curl_easy *data = conn->data;
+ int buffsize;
+ int nread;
+ CURLcode cc = CURLE_RECV_ERROR;
+
+ if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) {
+ buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
+ cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle,
+ buf, buffsize, &nread),
+ "gsk_secure_soc_read()", CURLE_RECV_ERROR);
+ }
+ switch(cc) {
+ case CURLE_OK:
+ break;
+ case CURLE_OPERATION_TIMEDOUT:
+ cc = CURLE_AGAIN;
+ default:
+ *curlcode = cc;
+ nread = -1;
+ break;
+ }
+ return (ssize_t) nread;
+}
+
+static CURLcode
+set_ssl_version_min_max(unsigned int *protoflags, struct connectdata *conn)
+{
+ struct Curl_easy *data = conn->data;
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ long i = ssl_version;
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ ssl_version_max = ssl_version;
+ break;
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ ssl_version_max = CURL_SSLVERSION_TLSv1_2;
+ break;
+ }
+ for(; i <= (ssl_version_max >> 16); ++i) {
+ switch(i) {
+ case CURL_SSLVERSION_TLSv1_0:
+ *protoflags |= CURL_GSKPROTO_TLSV10_MASK;
+ break;
+ case CURL_SSLVERSION_TLSv1_1:
+ *protoflags |= CURL_GSKPROTO_TLSV11_MASK;
+ break;
+ case CURL_SSLVERSION_TLSv1_2:
+ *protoflags |= CURL_GSKPROTO_TLSV11_MASK;
+ break;
+ case CURL_SSLVERSION_TLSv1_3:
+ failf(data, "GSKit: TLS 1.3 is not yet supported");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+
+ return CURLE_OK;
+}
+
+static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ gsk_handle envir;
+ CURLcode result;
+ int rc;
+ const char * const keyringfile = SSL_CONN_CONFIG(CAfile);
+ const char * const keyringpwd = SSL_SET_OPTION(key_passwd);
+ const char * const keyringlabel = SSL_SET_OPTION(cert);
+ const long int ssl_version = SSL_CONN_CONFIG(version);
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+ const char * const hostname = SSL_IS_PROXY()? conn->http_proxy.host.name:
+ conn->host.name;
+ const char *sni;
+ unsigned int protoflags = 0;
+ long timeout;
+ Qso_OverlappedIO_t commarea;
+ int sockpair[2];
+ static const int sobufsize = CURL_MAX_WRITE_SIZE;
+
+ /* Create SSL environment, start (preferably asynchronous) handshake. */
+
+ BACKEND->handle = (gsk_handle) NULL;
+ BACKEND->iocport = -1;
+ BACKEND->localfd = -1;
+ BACKEND->remotefd = -1;
+
+ /* GSKit supports two ways of specifying an SSL context: either by
+ * application identifier (that should have been defined at the system
+ * level) or by keyring file, password and certificate label.
+ * Local certificate name (CURLOPT_SSLCERT) is used to hold either the
+ * application identifier of the certificate label.
+ * Key password (CURLOPT_KEYPASSWD) holds the keyring password.
+ * It is not possible to have different keyrings for the CAs and the
+ * local certificate. We thus use the CA file (CURLOPT_CAINFO) to identify
+ * the keyring file.
+ * If no key password is given and the keyring is the system keyring,
+ * application identifier mode is tried first, as recommended in IBM doc.
+ */
+
+ envir = (gsk_handle) NULL;
+
+ if(keyringlabel && *keyringlabel && !keyringpwd &&
+ !strcmp(keyringfile, CURL_CA_BUNDLE)) {
+ /* Try application identifier mode. */
+ init_environment(data, &envir, keyringlabel, (const char *) NULL,
+ (const char *) NULL, (const char *) NULL);
+ }
+
+ if(!envir) {
+ /* Use keyring mode. */
+ result = init_environment(data, &envir, (const char *) NULL,
+ keyringfile, keyringlabel, keyringpwd);
+ if(result)
+ return result;
+ }
+
+ /* Create secure session. */
+ result = gskit_status(data, gsk_secure_soc_open(envir, &BACKEND->handle),
+ "gsk_secure_soc_open()", CURLE_SSL_CONNECT_ERROR);
+ gsk_environment_close(&envir);
+ if(result)
+ return result;
+
+ /* Establish a pipelining socket pair for SSL over SSL. */
+ if(conn->proxy_ssl[sockindex].use) {
+ if(inetsocketpair(sockpair))
+ return CURLE_SSL_CONNECT_ERROR;
+ BACKEND->localfd = sockpair[0];
+ BACKEND->remotefd = sockpair[1];
+ setsockopt(BACKEND->localfd, SOL_SOCKET, SO_RCVBUF,
+ (void *) sobufsize, sizeof sobufsize);
+ setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_RCVBUF,
+ (void *) sobufsize, sizeof sobufsize);
+ setsockopt(BACKEND->localfd, SOL_SOCKET, SO_SNDBUF,
+ (void *) sobufsize, sizeof sobufsize);
+ setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_SNDBUF,
+ (void *) sobufsize, sizeof sobufsize);
+ curlx_nonblock(BACKEND->localfd, TRUE);
+ curlx_nonblock(BACKEND->remotefd, TRUE);
+ }
+
+ /* Determine which SSL/TLS version should be enabled. */
+ sni = hostname;
+ switch(ssl_version) {
+ case CURL_SSLVERSION_SSLv2:
+ protoflags = CURL_GSKPROTO_SSLV2_MASK;
+ sni = NULL;
+ break;
+ case CURL_SSLVERSION_SSLv3:
+ protoflags = CURL_GSKPROTO_SSLV3_MASK;
+ sni = NULL;
+ break;
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ protoflags = CURL_GSKPROTO_TLSV10_MASK |
+ CURL_GSKPROTO_TLSV11_MASK | CURL_GSKPROTO_TLSV12_MASK;
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ result = set_ssl_version_min_max(&protoflags, conn);
+ if(result != CURLE_OK)
+ return result;
+ break;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* Process SNI. Ignore if not supported (on OS400 < V7R1). */
+ if(sni) {
+ result = set_buffer(data, BACKEND->handle,
+ GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE);
+ if(result == CURLE_UNSUPPORTED_PROTOCOL)
+ result = CURLE_OK;
+ }
+
+ /* Set session parameters. */
+ if(!result) {
+ /* Compute the handshake timeout. Since GSKit granularity is 1 second,
+ we round up the required value. */
+ timeout = Curl_timeleft(data, NULL, TRUE);
+ if(timeout < 0)
+ result = CURLE_OPERATION_TIMEDOUT;
+ else
+ result = set_numeric(data, BACKEND->handle, GSK_HANDSHAKE_TIMEOUT,
+ (timeout + 999) / 1000);
+ }
+ if(!result)
+ result = set_numeric(data, BACKEND->handle, GSK_OS400_READ_TIMEOUT, 1);
+ if(!result)
+ result = set_numeric(data, BACKEND->handle, GSK_FD, BACKEND->localfd >= 0?
+ BACKEND->localfd: conn->sock[sockindex]);
+ if(!result)
+ result = set_ciphers(conn, BACKEND->handle, &protoflags);
+ if(!protoflags) {
+ failf(data, "No SSL protocol/cipher combination enabled");
+ result = CURLE_SSL_CIPHER;
+ }
+ if(!result)
+ result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_SSLV2,
+ (protoflags & CURL_GSKPROTO_SSLV2_MASK)?
+ GSK_PROTOCOL_SSLV2_ON: GSK_PROTOCOL_SSLV2_OFF, FALSE);
+ if(!result)
+ result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_SSLV3,
+ (protoflags & CURL_GSKPROTO_SSLV3_MASK)?
+ GSK_PROTOCOL_SSLV3_ON: GSK_PROTOCOL_SSLV3_OFF, FALSE);
+ if(!result)
+ result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_TLSV1,
+ (protoflags & CURL_GSKPROTO_TLSV10_MASK)?
+ GSK_PROTOCOL_TLSV1_ON: GSK_PROTOCOL_TLSV1_OFF, FALSE);
+ if(!result) {
+ result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_TLSV11,
+ (protoflags & CURL_GSKPROTO_TLSV11_MASK)?
+ GSK_TRUE: GSK_FALSE, TRUE);
+ if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+ result = CURLE_OK;
+ if(protoflags == CURL_GSKPROTO_TLSV11_MASK) {
+ failf(data, "TLS 1.1 not yet supported");
+ result = CURLE_SSL_CIPHER;
+ }
+ }
+ }
+ if(!result) {
+ result = set_enum(data, BACKEND->handle, GSK_PROTOCOL_TLSV12,
+ (protoflags & CURL_GSKPROTO_TLSV12_MASK)?
+ GSK_TRUE: GSK_FALSE, TRUE);
+ if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+ result = CURLE_OK;
+ if(protoflags == CURL_GSKPROTO_TLSV12_MASK) {
+ failf(data, "TLS 1.2 not yet supported");
+ result = CURLE_SSL_CIPHER;
+ }
+ }
+ }
+ if(!result)
+ result = set_enum(data, BACKEND->handle, GSK_SERVER_AUTH_TYPE,
+ verifypeer? GSK_SERVER_AUTH_FULL:
+ GSK_SERVER_AUTH_PASSTHRU, FALSE);
+
+ if(!result) {
+ /* Start handshake. Try asynchronous first. */
+ memset(&commarea, 0, sizeof commarea);
+ BACKEND->iocport = QsoCreateIOCompletionPort();
+ if(BACKEND->iocport != -1) {
+ result = gskit_status(data,
+ gsk_secure_soc_startInit(BACKEND->handle,
+ BACKEND->iocport,
+ &commarea),
+ "gsk_secure_soc_startInit()",
+ CURLE_SSL_CONNECT_ERROR);
+ if(!result) {
+ connssl->connecting_state = ssl_connect_2;
+ return CURLE_OK;
+ }
+ else
+ close_async_handshake(connssl);
+ }
+ else if(errno != ENOBUFS)
+ result = gskit_status(data, GSK_ERROR_IO,
+ "QsoCreateIOCompletionPort()", 0);
+ else if(conn->proxy_ssl[sockindex].use) {
+ /* Cannot pipeline while handshaking synchronously. */
+ result = CURLE_SSL_CONNECT_ERROR;
+ }
+ else {
+ /* No more completion port available. Use synchronous IO. */
+ result = gskit_status(data, gsk_secure_soc_init(BACKEND->handle),
+ "gsk_secure_soc_init()", CURLE_SSL_CONNECT_ERROR);
+ if(!result) {
+ connssl->connecting_state = ssl_connect_3;
+ return CURLE_OK;
+ }
+ }
+ }
+
+ /* Error: rollback. */
+ close_one(connssl, conn, sockindex);
+ return result;
+}
+
+
+static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
+ bool nonblocking)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ Qso_OverlappedIO_t cstat;
+ long timeout_ms;
+ struct timeval stmv;
+ CURLcode result;
+
+ /* Poll or wait for end of SSL asynchronous handshake. */
+
+ for(;;) {
+ timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
+ if(timeout_ms < 0)
+ timeout_ms = 0;
+ stmv.tv_sec = timeout_ms / 1000;
+ stmv.tv_usec = (timeout_ms - stmv.tv_sec * 1000) * 1000;
+ switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat, &stmv)) {
+ case 1: /* Operation complete. */
+ break;
+ case -1: /* An error occurred: handshake still in progress. */
+ if(errno == EINTR) {
+ if(nonblocking)
+ return CURLE_OK;
+ continue; /* Retry. */
+ }
+ if(errno != ETIME) {
+ failf(data, "QsoWaitForIOCompletion() I/O error: %s", strerror(errno));
+ cancel_async_handshake(conn, sockindex);
+ close_async_handshake(connssl);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ /* FALL INTO... */
+ case 0: /* Handshake in progress, timeout occurred. */
+ if(nonblocking)
+ return CURLE_OK;
+ cancel_async_handshake(conn, sockindex);
+ close_async_handshake(connssl);
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ break;
+ }
+ result = gskit_status(data, cstat.returnValue, "SSL handshake",
+ CURLE_SSL_CONNECT_ERROR);
+ if(!result)
+ connssl->connecting_state = ssl_connect_3;
+ close_async_handshake(connssl);
+ return result;
+}
+
+
+static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ const gsk_cert_data_elem *cdev;
+ int cdec;
+ const gsk_cert_data_elem *p;
+ const char *cert = (const char *) NULL;
+ const char *certend;
+ const char *ptr;
+ int i;
+ CURLcode result;
+
+ /* SSL handshake done: gather certificate info and verify host. */
+
+ if(gskit_status(data, gsk_attribute_get_cert_info(BACKEND->handle,
+ GSK_PARTNER_CERT_INFO,
+ &cdev, &cdec),
+ "gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) ==
+ CURLE_OK) {
+ infof(data, "Server certificate:\n");
+ p = cdev;
+ for(i = 0; i++ < cdec; p++)
+ switch(p->cert_data_id) {
+ case CERT_BODY_DER:
+ cert = p->cert_data_p;
+ certend = cert + cdev->cert_data_l;
+ break;
+ case CERT_DN_PRINTABLE:
+ infof(data, "\t subject: %.*s\n", p->cert_data_l, p->cert_data_p);
+ break;
+ case CERT_ISSUER_DN_PRINTABLE:
+ infof(data, "\t issuer: %.*s\n", p->cert_data_l, p->cert_data_p);
+ break;
+ case CERT_VALID_FROM:
+ infof(data, "\t start date: %.*s\n", p->cert_data_l, p->cert_data_p);
+ break;
+ case CERT_VALID_TO:
+ infof(data, "\t expire date: %.*s\n", p->cert_data_l, p->cert_data_p);
+ break;
+ }
+ }
+
+ /* Verify host. */
+ result = Curl_verifyhost(conn, cert, certend);
+ if(result)
+ return result;
+
+ /* The only place GSKit can get the whole CA chain is a validation
+ callback where no user data pointer is available. Therefore it's not
+ possible to copy this chain into our structures for CAINFO.
+ However the server certificate may be available, thus we can return
+ info about it. */
+ if(data->set.ssl.certinfo) {
+ result = Curl_ssl_init_certinfo(data, 1);
+ if(result)
+ return result;
+
+ if(cert) {
+ result = Curl_extract_certinfo(conn, 0, cert, certend);
+ if(result)
+ return result;
+ }
+ }
+
+ /* Check pinned public key. */
+ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+ if(!result && ptr) {
+ curl_X509certificate x509;
+ curl_asn1Element *p;
+
+ if(Curl_parseX509(&x509, cert, certend))
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ p = &x509.subjectPublicKeyInfo;
+ result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header);
+ if(result) {
+ failf(data, "SSL: public key does not match pinned public key!");
+ return result;
+ }
+ }
+
+ connssl->connecting_state = ssl_connect_done;
+ return CURLE_OK;
+}
+
+
+static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
+ bool nonblocking, bool *done)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ long timeout_ms;
+ Qso_OverlappedIO_t cstat;
+ CURLcode result = CURLE_OK;
+
+ *done = connssl->state == ssl_connection_complete;
+ if(*done)
+ return CURLE_OK;
+
+ /* Step 1: create session, start handshake. */
+ if(connssl->connecting_state == ssl_connect_1) {
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ result = CURLE_OPERATION_TIMEDOUT;
+ }
+ else
+ result = gskit_connect_step1(conn, sockindex);
+ }
+
+ /* Handle handshake pipelining. */
+ if(!result)
+ if(pipe_ssloverssl(conn, sockindex, SOS_READ | SOS_WRITE) < 0)
+ result = CURLE_SSL_CONNECT_ERROR;
+
+ /* Step 2: check if handshake is over. */
+ if(!result && connssl->connecting_state == ssl_connect_2) {
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ result = CURLE_OPERATION_TIMEDOUT;
+ }
+ else
+ result = gskit_connect_step2(conn, sockindex, nonblocking);
+ }
+
+ /* Handle handshake pipelining. */
+ if(!result)
+ if(pipe_ssloverssl(conn, sockindex, SOS_READ | SOS_WRITE) < 0)
+ result = CURLE_SSL_CONNECT_ERROR;
+
+ /* Step 3: gather certificate info, verify host. */
+ if(!result && connssl->connecting_state == ssl_connect_3)
+ result = gskit_connect_step3(conn, sockindex);
+
+ if(result)
+ close_one(connssl, conn, sockindex);
+ else if(connssl->connecting_state == ssl_connect_done) {
+ connssl->state = ssl_connection_complete;
+ connssl->connecting_state = ssl_connect_1;
+ conn->recv[sockindex] = gskit_recv;
+ conn->send[sockindex] = gskit_send;
+ *done = TRUE;
+ }
+
+ return result;
+}
+
+
+static CURLcode Curl_gskit_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ CURLcode result;
+
+ result = gskit_connect_common(conn, sockindex, TRUE, done);
+ if(*done || result)
+ conn->ssl[sockindex].connecting_state = ssl_connect_1;
+ return result;
+}
+
+
+static CURLcode Curl_gskit_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+ bool done;
+
+ conn->ssl[sockindex].connecting_state = ssl_connect_1;
+ result = gskit_connect_common(conn, sockindex, FALSE, &done);
+ if(result)
+ return result;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+
+static void Curl_gskit_close(struct connectdata *conn, int sockindex)
+{
+ close_one(&conn->ssl[sockindex], conn, sockindex);
+ close_one(&conn->proxy_ssl[sockindex], conn, sockindex);
+}
+
+
+static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+ ssize_t nread;
+ int what;
+ int rc;
+ char buf[120];
+
+ if(!BACKEND->handle)
+ return 0;
+
+ if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
+ return 0;
+
+ close_one(connssl, conn, sockindex);
+ rc = 0;
+ what = SOCKET_READABLE(conn->sock[sockindex],
+ SSL_SHUTDOWN_TIMEOUT);
+
+ for(;;) {
+ if(what < 0) {
+ /* anything that gets here is fatally bad */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ rc = -1;
+ break;
+ }
+
+ if(!what) { /* timeout */
+ failf(data, "SSL shutdown timeout");
+ break;
+ }
+
+ /* Something to read, let's do it and hope that it is the close
+ notify alert from the server. No way to gsk_secure_soc_read() now, so
+ use read(). */
+
+ nread = read(conn->sock[sockindex], buf, sizeof(buf));
+
+ if(nread < 0) {
+ failf(data, "read: %s", strerror(errno));
+ rc = -1;
+ }
+
+ if(nread <= 0)
+ break;
+
+ what = SOCKET_READABLE(conn->sock[sockindex], 0);
+ }
+
+ return rc;
+}
+
+
+static size_t Curl_gskit_version(char *buffer, size_t size)
+{
+ strncpy(buffer, "GSKit", size);
+ return strlen(buffer);
+}
+
+
+static int Curl_gskit_check_cxn(struct connectdata *cxn)
+{
+ struct ssl_connect_data *connssl = &cxn->ssl[FIRSTSOCKET];
+ int err;
+ int errlen;
+
+ /* The only thing that can be tested here is at the socket level. */
+
+ if(!BACKEND->handle)
+ return 0; /* connection has been closed */
+
+ err = 0;
+ errlen = sizeof err;
+
+ if(getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR,
+ (unsigned char *) &err, &errlen) ||
+ errlen != sizeof err || err)
+ return 0; /* connection has been closed */
+
+ return -1; /* connection status unknown */
+}
+
+static void *Curl_gskit_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return BACKEND->handle;
+}
+
+const struct Curl_ssl Curl_ssl_gskit = {
+ { CURLSSLBACKEND_GSKIT, "gskit" }, /* info */
+
+ 0, /* have_ca_path */
+ 1, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ /* TODO: convert to 1 and fix test #1014 (if need) */
+ 0, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_gskit_init, /* init */
+ Curl_gskit_cleanup, /* cleanup */
+ Curl_gskit_version, /* version */
+ Curl_gskit_check_cxn, /* check_cxn */
+ Curl_gskit_shutdown, /* shutdown */
+ Curl_none_data_pending, /* data_pending */
+ Curl_none_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_gskit_connect, /* connect */
+ Curl_gskit_connect_nonblocking, /* connect_nonblocking */
+ Curl_gskit_get_internals, /* get_internals */
+ Curl_gskit_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ /* No session handling for GSKit */
+ Curl_none_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
+};
+
+#endif /* USE_GSKIT */
diff --git a/libs/libcurl/src/vtls/gskit.h b/libs/libcurl/src/vtls/gskit.h
new file mode 100644
index 0000000000..466ee4d9de
--- /dev/null
+++ b/libs/libcurl/src/vtls/gskit.h
@@ -0,0 +1,38 @@
+#ifndef HEADER_CURL_GSKIT_H
+#define HEADER_CURL_GSKIT_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+/*
+ * This header should only be needed to get included by vtls.c and gskit.c
+ */
+
+#include "urldata.h"
+
+#ifdef USE_GSKIT
+
+extern const struct Curl_ssl Curl_ssl_gskit;
+
+#endif /* USE_GSKIT */
+
+#endif /* HEADER_CURL_GSKIT_H */
diff --git a/libs/libcurl/src/vtls/gtls.c b/libs/libcurl/src/vtls/gtls.c
new file mode 100644
index 0000000000..30b255b81a
--- /dev/null
+++ b/libs/libcurl/src/vtls/gtls.c
@@ -0,0 +1,1841 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ * Note: don't use the GnuTLS' *_t variable type names in this source code,
+ * since they were not present in 1.0.X.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_GNUTLS
+
+#include <gnutls/abstract.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#ifdef USE_GNUTLS_NETTLE
+#include <gnutls/crypto.h>
+#include <nettle/md5.h>
+#include <nettle/sha2.h>
+#else
+#include <gcrypt.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "gtls.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "strcase.h"
+#include "warnless.h"
+#include "x509asn1.h"
+#include "curl_printf.h"
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifndef GNUTLS_POINTER_TO_SOCKET_CAST
+#define GNUTLS_POINTER_TO_SOCKET_CAST(p) \
+ ((curl_socket_t) ((char *)(p) - (char *)NULL))
+#endif
+#ifndef GNUTLS_SOCKET_TO_POINTER_CAST
+#define GNUTLS_SOCKET_TO_POINTER_CAST(s) \
+ ((void *) ((char *)NULL + (s)))
+#endif
+
+/* Enable GnuTLS debugging by defining GTLSDEBUG */
+/*#define GTLSDEBUG */
+
+#ifdef GTLSDEBUG
+static void tls_log_func(int level, const char *str)
+{
+ fprintf(stderr, "|<%d>| %s", level, str);
+}
+#endif
+static bool gtls_inited = FALSE;
+
+#if defined(GNUTLS_VERSION_NUMBER)
+# if (GNUTLS_VERSION_NUMBER >= 0x020c00)
+# undef gnutls_transport_set_lowat
+# define gnutls_transport_set_lowat(A,B) Curl_nop_stmt
+# define USE_GNUTLS_PRIORITY_SET_DIRECT 1
+# endif
+# if (GNUTLS_VERSION_NUMBER >= 0x020c03)
+# define GNUTLS_MAPS_WINSOCK_ERRORS 1
+# endif
+
+# if HAVE_GNUTLS_ALPN_SET_PROTOCOLS
+# define HAS_ALPN
+# endif
+
+# if HAVE_GNUTLS_OCSP_REQ_INIT
+# define HAS_OCSP
+# endif
+
+# if (GNUTLS_VERSION_NUMBER >= 0x030306)
+# define HAS_CAPATH
+# endif
+#endif
+
+#ifdef HAS_OCSP
+# include <gnutls/ocsp.h>
+#endif
+
+struct ssl_backend_data {
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+#ifdef USE_TLS_SRP
+ gnutls_srp_client_credentials_t srp_client_cred;
+#endif
+};
+
+#define BACKEND connssl->backend
+
+/*
+ * Custom push and pull callback functions used by GNU TLS to read and write
+ * to the socket. These functions are simple wrappers to send() and recv()
+ * (although here using the sread/swrite macros as defined by
+ * curl_setup_once.h).
+ * We use custom functions rather than the GNU TLS defaults because it allows
+ * us to get specific about the fourth "flags" argument, and to use arbitrary
+ * private data with gnutls_transport_set_ptr if we wish.
+ *
+ * When these custom push and pull callbacks fail, GNU TLS checks its own
+ * session-specific error variable, and when not set also its own global
+ * errno variable, in order to take appropriate action. GNU TLS does not
+ * require that the transport is actually a socket. This implies that for
+ * Windows builds these callbacks should ideally set the session-specific
+ * error variable using function gnutls_transport_set_errno or as a last
+ * resort global errno variable using gnutls_transport_set_global_errno,
+ * with a transport agnostic error value. This implies that some winsock
+ * error translation must take place in these callbacks.
+ *
+ * Paragraph above applies to GNU TLS versions older than 2.12.3, since
+ * this version GNU TLS does its own internal winsock error translation
+ * using system_errno() function.
+ */
+
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
+# define gtls_EINTR 4
+# define gtls_EIO 5
+# define gtls_EAGAIN 11
+static int gtls_mapped_sockerrno(void)
+{
+ switch(SOCKERRNO) {
+ case WSAEWOULDBLOCK:
+ return gtls_EAGAIN;
+ case WSAEINTR:
+ return gtls_EINTR;
+ default:
+ break;
+ }
+ return gtls_EIO;
+}
+#endif
+
+static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
+{
+ ssize_t ret = swrite(GNUTLS_POINTER_TO_SOCKET_CAST(s), buf, len);
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
+ if(ret < 0)
+ gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
+#endif
+ return ret;
+}
+
+static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
+{
+ ssize_t ret = sread(GNUTLS_POINTER_TO_SOCKET_CAST(s), buf, len);
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
+ if(ret < 0)
+ gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
+#endif
+ return ret;
+}
+
+static ssize_t Curl_gtls_push_ssl(void *s, const void *buf, size_t len)
+{
+ return gnutls_record_send((gnutls_session_t) s, buf, len);
+}
+
+static ssize_t Curl_gtls_pull_ssl(void *s, void *buf, size_t len)
+{
+ return gnutls_record_recv((gnutls_session_t) s, buf, len);
+}
+
+/* Curl_gtls_init()
+ *
+ * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
+ * are not thread-safe and thus this function itself is not thread-safe and
+ * must only be called from within curl_global_init() to keep the thread
+ * situation under control!
+ */
+static int Curl_gtls_init(void)
+{
+ int ret = 1;
+ if(!gtls_inited) {
+ ret = gnutls_global_init()?0:1;
+#ifdef GTLSDEBUG
+ gnutls_global_set_log_function(tls_log_func);
+ gnutls_global_set_log_level(2);
+#endif
+ gtls_inited = TRUE;
+ }
+ return ret;
+}
+
+static void Curl_gtls_cleanup(void)
+{
+ if(gtls_inited) {
+ gnutls_global_deinit();
+ gtls_inited = FALSE;
+ }
+}
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+static void showtime(struct Curl_easy *data,
+ const char *text,
+ time_t stamp)
+{
+ struct tm buffer;
+ const struct tm *tm = &buffer;
+ char str[96];
+ CURLcode result = Curl_gmtime(stamp, &buffer);
+ if(result)
+ return;
+
+ snprintf(str,
+ sizeof(str),
+ "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT",
+ text,
+ Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+ tm->tm_mday,
+ Curl_month[tm->tm_mon],
+ tm->tm_year + 1900,
+ tm->tm_hour,
+ tm->tm_min,
+ tm->tm_sec);
+ infof(data, "%s\n", str);
+}
+#endif
+
+static gnutls_datum_t load_file(const char *file)
+{
+ FILE *f;
+ gnutls_datum_t loaded_file = { NULL, 0 };
+ long filelen;
+ void *ptr;
+
+ f = fopen(file, "rb");
+ if(!f)
+ return loaded_file;
+ if(fseek(f, 0, SEEK_END) != 0
+ || (filelen = ftell(f)) < 0
+ || fseek(f, 0, SEEK_SET) != 0
+ || !(ptr = malloc((size_t)filelen)))
+ goto out;
+ if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
+ free(ptr);
+ goto out;
+ }
+
+ loaded_file.data = ptr;
+ loaded_file.size = (unsigned int)filelen;
+out:
+ fclose(f);
+ return loaded_file;
+}
+
+static void unload_file(gnutls_datum_t data)
+{
+ free(data.data);
+}
+
+
+/* this function does a SSL/TLS (re-)handshake */
+static CURLcode handshake(struct connectdata *conn,
+ int sockindex,
+ bool duringconnect,
+ bool nonblocking)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ gnutls_session_t session = BACKEND->session;
+ curl_socket_t sockfd = conn->sock[sockindex];
+ time_t timeout_ms;
+ int rc;
+ int what;
+
+ for(;;) {
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, duringconnect);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ /* if ssl is expecting something, check if it's available. */
+ if(connssl->connecting_state == ssl_connect_2_reading
+ || connssl->connecting_state == ssl_connect_2_writing) {
+
+ curl_socket_t writefd = ssl_connect_2_writing ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+ curl_socket_t readfd = ssl_connect_2_reading ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking?0:
+ timeout_ms?timeout_ms:1000);
+ if(what < 0) {
+ /* fatal error */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else if(0 == what) {
+ if(nonblocking)
+ return CURLE_OK;
+ else if(timeout_ms) {
+ /* timeout */
+ failf(data, "SSL connection timeout at %ld", (long)timeout_ms);
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ }
+ /* socket is readable or writable */
+ }
+
+ rc = gnutls_handshake(session);
+
+ if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) {
+ connssl->connecting_state =
+ gnutls_record_get_direction(session)?
+ ssl_connect_2_writing:ssl_connect_2_reading;
+ continue;
+ }
+ else if((rc < 0) && !gnutls_error_is_fatal(rc)) {
+ const char *strerr = NULL;
+
+ if(rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
+ int alert = gnutls_alert_get(session);
+ strerr = gnutls_alert_get_name(alert);
+ }
+
+ if(strerr == NULL)
+ strerr = gnutls_strerror(rc);
+
+ infof(data, "gnutls_handshake() warning: %s\n", strerr);
+ continue;
+ }
+ else if(rc < 0) {
+ const char *strerr = NULL;
+
+ if(rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ int alert = gnutls_alert_get(session);
+ strerr = gnutls_alert_get_name(alert);
+ }
+
+ if(strerr == NULL)
+ strerr = gnutls_strerror(rc);
+
+ failf(data, "gnutls_handshake() failed: %s", strerr);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* Reset our connect state machine */
+ connssl->connecting_state = ssl_connect_1;
+ return CURLE_OK;
+ }
+}
+
+static gnutls_x509_crt_fmt_t do_file_type(const char *type)
+{
+ if(!type || !type[0])
+ return GNUTLS_X509_FMT_PEM;
+ if(strcasecompare(type, "PEM"))
+ return GNUTLS_X509_FMT_PEM;
+ if(strcasecompare(type, "DER"))
+ return GNUTLS_X509_FMT_DER;
+ return -1;
+}
+
+#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
+static CURLcode
+set_ssl_version_min_max(int *list, size_t list_size, struct connectdata *conn)
+{
+ struct Curl_easy *data = conn->data;
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ long i = ssl_version;
+ long protocol_priority_idx = 0;
+
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ ssl_version_max = ssl_version << 16;
+ break;
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
+ break;
+ }
+
+ for(; i <= (ssl_version_max >> 16) &&
+ protocol_priority_idx < list_size; ++i) {
+ switch(i) {
+ case CURL_SSLVERSION_TLSv1_0:
+ protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_0;
+ break;
+ case CURL_SSLVERSION_TLSv1_1:
+ protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_1;
+ break;
+ case CURL_SSLVERSION_TLSv1_2:
+ protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_2;
+ break;
+ case CURL_SSLVERSION_TLSv1_3:
+ failf(data, "GnuTLS: TLS 1.3 is not yet supported");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+ return CURLE_OK;
+}
+#else
+#define GNUTLS_CIPHERS "NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509"
+/* If GnuTLS was compiled without support for SRP it will error out if SRP is
+ requested in the priority string, so treat it specially
+ */
+#define GNUTLS_SRP "+SRP"
+
+static CURLcode
+set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
+{
+ struct Curl_easy *data = conn->data;
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ if(ssl_version == CURL_SSLVERSION_TLSv1_3 ||
+ ssl_version_max == CURL_SSLVERSION_MAX_TLSv1_3) {
+ failf(data, "GnuTLS: TLS 1.3 is not yet supported");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
+ ssl_version_max = ssl_version << 16;
+ }
+ switch(ssl_version | ssl_version_max) {
+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0:
+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+ "+VERS-TLS1.0:" GNUTLS_SRP;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1:
+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+ "+VERS-TLS1.0:+VERS-TLS1.1:" GNUTLS_SRP;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+ "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1:
+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+ "+VERS-TLS1.1:" GNUTLS_SRP;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+ "+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
+ *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
+ "+VERS-TLS1.2:" GNUTLS_SRP;
+ return CURLE_OK;
+ }
+
+ failf(data, "GnuTLS: cannot set ssl protocol");
+ return CURLE_SSL_CONNECT_ERROR;
+}
+#endif
+
+static CURLcode
+gtls_connect_step1(struct connectdata *conn,
+ int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ unsigned int init_flags;
+ gnutls_session_t session;
+ int rc;
+ bool sni = TRUE; /* default is SNI enabled */
+ void *transport_ptr = NULL;
+ gnutls_push_func gnutls_transport_push = NULL;
+ gnutls_pull_func gnutls_transport_pull = NULL;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
+ static const int cipher_priority[] = {
+ /* These two ciphers were added to GnuTLS as late as ver. 3.0.1,
+ but this code path is only ever used for ver. < 2.12.0.
+ GNUTLS_CIPHER_AES_128_GCM,
+ GNUTLS_CIPHER_AES_256_GCM,
+ */
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ };
+ static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
+ int protocol_priority[] = { 0, 0, 0, 0 };
+#else
+ const char *prioritylist;
+ const char *err = NULL;
+#endif
+
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+
+ if(connssl->state == ssl_connection_complete)
+ /* to make us tolerant against being called more than once for the
+ same connection */
+ return CURLE_OK;
+
+ if(!gtls_inited)
+ Curl_gtls_init();
+
+ if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) {
+ failf(data, "GnuTLS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3)
+ sni = FALSE; /* SSLv3 has no SNI */
+
+ /* allocate a cred struct */
+ rc = gnutls_certificate_allocate_credentials(&BACKEND->cred);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+#ifdef USE_TLS_SRP
+ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
+ infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
+
+ rc = gnutls_srp_allocate_client_credentials(
+ &BACKEND->srp_client_cred);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
+ gnutls_strerror(rc));
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ rc = gnutls_srp_set_client_credentials(BACKEND->srp_client_cred,
+ SSL_SET_OPTION(username),
+ SSL_SET_OPTION(password));
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_srp_set_client_cred() failed: %s",
+ gnutls_strerror(rc));
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ }
+#endif
+
+ if(SSL_CONN_CONFIG(CAfile)) {
+ /* set the trusted CA cert bundle file */
+ gnutls_certificate_set_verify_flags(BACKEND->cred,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+
+ rc = gnutls_certificate_set_x509_trust_file(BACKEND->cred,
+ SSL_CONN_CONFIG(CAfile),
+ GNUTLS_X509_FMT_PEM);
+ if(rc < 0) {
+ infof(data, "error reading ca cert file %s (%s)\n",
+ SSL_CONN_CONFIG(CAfile), gnutls_strerror(rc));
+ if(SSL_CONN_CONFIG(verifypeer))
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else
+ infof(data, "found %d certificates in %s\n", rc,
+ SSL_CONN_CONFIG(CAfile));
+ }
+
+#ifdef HAS_CAPATH
+ if(SSL_CONN_CONFIG(CApath)) {
+ /* set the trusted CA cert directory */
+ rc = gnutls_certificate_set_x509_trust_dir(BACKEND->cred,
+ SSL_CONN_CONFIG(CApath),
+ GNUTLS_X509_FMT_PEM);
+ if(rc < 0) {
+ infof(data, "error reading ca cert file %s (%s)\n",
+ SSL_CONN_CONFIG(CApath), gnutls_strerror(rc));
+ if(SSL_CONN_CONFIG(verifypeer))
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ else
+ infof(data, "found %d certificates in %s\n",
+ rc, SSL_CONN_CONFIG(CApath));
+ }
+#endif
+
+#ifdef CURL_CA_FALLBACK
+ /* use system ca certificate store as fallback */
+ if(SSL_CONN_CONFIG(verifypeer) &&
+ !(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) {
+ gnutls_certificate_set_x509_system_trust(BACKEND->cred);
+ }
+#endif
+
+ if(SSL_SET_OPTION(CRLfile)) {
+ /* set the CRL list file */
+ rc = gnutls_certificate_set_x509_crl_file(BACKEND->cred,
+ SSL_SET_OPTION(CRLfile),
+ GNUTLS_X509_FMT_PEM);
+ if(rc < 0) {
+ failf(data, "error reading crl file %s (%s)",
+ SSL_SET_OPTION(CRLfile), gnutls_strerror(rc));
+ return CURLE_SSL_CRL_BADFILE;
+ }
+ else
+ infof(data, "found %d CRL in %s\n",
+ rc, SSL_SET_OPTION(CRLfile));
+ }
+
+ /* Initialize TLS session as a client */
+ init_flags = GNUTLS_CLIENT;
+
+#if defined(GNUTLS_NO_TICKETS)
+ /* Disable TLS session tickets */
+ init_flags |= GNUTLS_NO_TICKETS;
+#endif
+
+ rc = gnutls_init(&BACKEND->session, init_flags);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_init() failed: %d", rc);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* convenient assign */
+ session = BACKEND->session;
+
+ if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
+#endif
+ sni &&
+ (gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname,
+ strlen(hostname)) < 0))
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+
+ /* Use default priorities */
+ rc = gnutls_set_default_priority(session);
+ if(rc != GNUTLS_E_SUCCESS)
+ return CURLE_SSL_CONNECT_ERROR;
+
+#ifndef USE_GNUTLS_PRIORITY_SET_DIRECT
+ rc = gnutls_cipher_set_priority(session, cipher_priority);
+ if(rc != GNUTLS_E_SUCCESS)
+ return CURLE_SSL_CONNECT_ERROR;
+
+ /* Sets the priority on the certificate types supported by gnutls. Priority
+ is higher for types specified before others. After specifying the types
+ you want, you must append a 0. */
+ rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
+ if(rc != GNUTLS_E_SUCCESS)
+ return CURLE_SSL_CONNECT_ERROR;
+
+ if(SSL_CONN_CONFIG(cipher_list) != NULL) {
+ failf(data, "can't pass a custom cipher list to older GnuTLS"
+ " versions");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ switch(SSL_CONN_CONFIG(version)) {
+ case CURL_SSLVERSION_SSLv3:
+ protocol_priority[0] = GNUTLS_SSL3;
+ break;
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ protocol_priority[0] = GNUTLS_TLS1_0;
+ protocol_priority[1] = GNUTLS_TLS1_1;
+ protocol_priority[2] = GNUTLS_TLS1_2;
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ {
+ CURLcode result = set_ssl_version_min_max(protocol_priority,
+ sizeof(protocol_priority)/sizeof(protocol_priority[0]), conn);
+ if(result != CURLE_OK)
+ return result;
+ break;
+ }
+ case CURL_SSLVERSION_SSLv2:
+ failf(data, "GnuTLS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ rc = gnutls_protocol_set_priority(session, protocol_priority);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "Did you pass a valid GnuTLS cipher list?");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+#else
+ /* Ensure +SRP comes at the *end* of all relevant strings so that it can be
+ * removed if a run-time error indicates that SRP is not supported by this
+ * GnuTLS version */
+ switch(SSL_CONN_CONFIG(version)) {
+ case CURL_SSLVERSION_SSLv3:
+ prioritylist = GNUTLS_CIPHERS ":-VERS-TLS-ALL:+VERS-SSL3.0";
+ sni = false;
+ break;
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:" GNUTLS_SRP;
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ {
+ CURLcode result = set_ssl_version_min_max(&prioritylist, conn);
+ if(result != CURLE_OK)
+ return result;
+ break;
+ }
+ case CURL_SSLVERSION_SSLv2:
+ failf(data, "GnuTLS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ rc = gnutls_priority_set_direct(session, prioritylist, &err);
+ if((rc == GNUTLS_E_INVALID_REQUEST) && err) {
+ if(!strcmp(err, GNUTLS_SRP)) {
+ /* This GnuTLS was probably compiled without support for SRP.
+ * Note that fact and try again without it. */
+ int validprioritylen = curlx_uztosi(err - prioritylist);
+ char *prioritycopy = strdup(prioritylist);
+ if(!prioritycopy)
+ return CURLE_OUT_OF_MEMORY;
+
+ infof(data, "This GnuTLS does not support SRP\n");
+ if(validprioritylen)
+ /* Remove the :+SRP */
+ prioritycopy[validprioritylen - 1] = 0;
+ rc = gnutls_priority_set_direct(session, prioritycopy, &err);
+ free(prioritycopy);
+ }
+ }
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "Error %d setting GnuTLS cipher list starting with %s",
+ rc, err);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+#endif
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ int cur = 0;
+ gnutls_datum_t protocols[2];
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
+ protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID;
+ protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN;
+ cur++;
+ infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+#endif
+
+ protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1;
+ protocols[cur].size = ALPN_HTTP_1_1_LENGTH;
+ cur++;
+ infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+ gnutls_alpn_set_protocols(session, protocols, cur, 0);
+ }
+#endif
+
+ if(SSL_SET_OPTION(cert)) {
+ if(SSL_SET_OPTION(key_passwd)) {
+#if HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2
+ const unsigned int supported_key_encryption_algorithms =
+ GNUTLS_PKCS_USE_PKCS12_3DES | GNUTLS_PKCS_USE_PKCS12_ARCFOUR |
+ GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES |
+ GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 |
+ GNUTLS_PKCS_USE_PBES2_AES_256;
+ rc = gnutls_certificate_set_x509_key_file2(
+ BACKEND->cred,
+ SSL_SET_OPTION(cert),
+ SSL_SET_OPTION(key) ?
+ SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
+ do_file_type(SSL_SET_OPTION(cert_type)),
+ SSL_SET_OPTION(key_passwd),
+ supported_key_encryption_algorithms);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data,
+ "error reading X.509 potentially-encrypted key file: %s",
+ gnutls_strerror(rc));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+#else
+ failf(data, "gnutls lacks support for encrypted key files");
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+ }
+ else {
+ if(gnutls_certificate_set_x509_key_file(
+ BACKEND->cred,
+ SSL_SET_OPTION(cert),
+ SSL_SET_OPTION(key) ?
+ SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
+ do_file_type(SSL_SET_OPTION(cert_type)) ) !=
+ GNUTLS_E_SUCCESS) {
+ failf(data, "error reading X.509 key or certificate file");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+ }
+
+#ifdef USE_TLS_SRP
+ /* put the credentials to the current session */
+ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
+ rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
+ BACKEND->srp_client_cred);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+ else
+#endif
+ {
+ rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+ BACKEND->cred);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+
+ if(conn->proxy_ssl[sockindex].use) {
+ transport_ptr = conn->proxy_ssl[sockindex].backend->session;
+ gnutls_transport_push = Curl_gtls_push_ssl;
+ gnutls_transport_pull = Curl_gtls_pull_ssl;
+ }
+ else {
+ /* file descriptor for the socket */
+ transport_ptr = GNUTLS_SOCKET_TO_POINTER_CAST(conn->sock[sockindex]);
+ gnutls_transport_push = Curl_gtls_push;
+ gnutls_transport_pull = Curl_gtls_pull;
+ }
+
+ /* set the connection handle */
+ gnutls_transport_set_ptr(session, transport_ptr);
+
+ /* register callback functions to send and receive data. */
+ gnutls_transport_set_push_function(session, gnutls_transport_push);
+ gnutls_transport_set_pull_function(session, gnutls_transport_pull);
+
+ /* lowat must be set to zero when using custom push and pull functions. */
+ gnutls_transport_set_lowat(session, 0);
+
+#ifdef HAS_OCSP
+ if(SSL_CONN_CONFIG(verifystatus)) {
+ rc = gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL);
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "gnutls_ocsp_status_request_enable_client() failed: %d", rc);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+#endif
+
+ /* This might be a reconnect, so we check for a session ID in the cache
+ to speed up things */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ void *ssl_sessionid;
+ size_t ssl_idsize;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) {
+ /* we got a session id, use it! */
+ gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+
+ /* Informational message */
+ infof(data, "SSL re-using session ID\n");
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ return CURLE_OK;
+}
+
+static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
+ gnutls_x509_crt_t cert,
+ const char *pinnedpubkey)
+{
+ /* Scratch */
+ size_t len1 = 0, len2 = 0;
+ unsigned char *buff1 = NULL;
+
+ gnutls_pubkey_t key = NULL;
+
+ /* Result is returned to caller */
+ int ret = 0;
+ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+
+ /* if a path wasn't specified, don't pin */
+ if(NULL == pinnedpubkey)
+ return CURLE_OK;
+
+ if(NULL == cert)
+ return result;
+
+ do {
+ /* Begin Gyrations to get the public key */
+ gnutls_pubkey_init(&key);
+
+ ret = gnutls_pubkey_import_x509(key, cert, 0);
+ if(ret < 0)
+ break; /* failed */
+
+ ret = gnutls_pubkey_export(key, GNUTLS_X509_FMT_DER, NULL, &len1);
+ if(ret != GNUTLS_E_SHORT_MEMORY_BUFFER || len1 == 0)
+ break; /* failed */
+
+ buff1 = malloc(len1);
+ if(NULL == buff1)
+ break; /* failed */
+
+ len2 = len1;
+
+ ret = gnutls_pubkey_export(key, GNUTLS_X509_FMT_DER, buff1, &len2);
+ if(ret < 0 || len1 != len2)
+ break; /* failed */
+
+ /* End Gyrations */
+
+ /* The one good exit point */
+ result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
+ } while(0);
+
+ if(NULL != key)
+ gnutls_pubkey_deinit(key);
+
+ Curl_safefree(buff1);
+
+ return result;
+}
+
+static Curl_recv gtls_recv;
+static Curl_send gtls_send;
+
+static CURLcode
+gtls_connect_step3(struct connectdata *conn,
+ int sockindex)
+{
+ unsigned int cert_list_size;
+ const gnutls_datum_t *chainp;
+ unsigned int verify_status = 0;
+ gnutls_x509_crt_t x509_cert, x509_issuer;
+ gnutls_datum_t issuerp;
+ char certbuf[256] = ""; /* big enough? */
+ size_t size;
+ time_t certclock;
+ const char *ptr;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ gnutls_session_t session = BACKEND->session;
+ int rc;
+#ifdef HAS_ALPN
+ gnutls_datum_t proto;
+#endif
+ CURLcode result = CURLE_OK;
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+ unsigned int algo;
+ unsigned int bits;
+ gnutls_protocol_t version = gnutls_protocol_get_version(session);
+#endif
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+
+ /* the name of the cipher suite used, e.g. ECDHE_RSA_AES_256_GCM_SHA384. */
+ ptr = gnutls_cipher_suite_get_name(gnutls_kx_get(session),
+ gnutls_cipher_get(session),
+ gnutls_mac_get(session));
+
+ infof(data, "SSL connection using %s / %s\n",
+ gnutls_protocol_get_name(version), ptr);
+
+ /* This function will return the peer's raw certificate (chain) as sent by
+ the peer. These certificates are in raw format (DER encoded for
+ X.509). In case of a X.509 then a certificate list may be present. The
+ first certificate in the list is the peer's certificate, following the
+ issuer's certificate, then the issuer's issuer etc. */
+
+ chainp = gnutls_certificate_get_peers(session, &cert_list_size);
+ if(!chainp) {
+ if(SSL_CONN_CONFIG(verifypeer) ||
+ SSL_CONN_CONFIG(verifyhost) ||
+ SSL_SET_OPTION(issuercert)) {
+#ifdef USE_TLS_SRP
+ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
+ && SSL_SET_OPTION(username) != NULL
+ && !SSL_CONN_CONFIG(verifypeer)
+ && gnutls_cipher_get(session)) {
+ /* no peer cert, but auth is ok if we have SRP user and cipher and no
+ peer verify */
+ }
+ else {
+#endif
+ failf(data, "failed to get server cert");
+ return CURLE_PEER_FAILED_VERIFICATION;
+#ifdef USE_TLS_SRP
+ }
+#endif
+ }
+ infof(data, "\t common name: WARNING couldn't obtain\n");
+ }
+
+ if(data->set.ssl.certinfo && chainp) {
+ unsigned int i;
+
+ result = Curl_ssl_init_certinfo(data, cert_list_size);
+ if(result)
+ return result;
+
+ for(i = 0; i < cert_list_size; i++) {
+ const char *beg = (const char *) chainp[i].data;
+ const char *end = beg + chainp[i].size;
+
+ result = Curl_extract_certinfo(conn, i, beg, end);
+ if(result)
+ return result;
+ }
+ }
+
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ /* This function will try to verify the peer's certificate and return its
+ status (trusted, invalid etc.). The value of status should be one or
+ more of the gnutls_certificate_status_t enumerated elements bitwise
+ or'd. To avoid denial of service attacks some default upper limits
+ regarding the certificate key size and chain size are set. To override
+ them use gnutls_certificate_set_verify_limits(). */
+
+ rc = gnutls_certificate_verify_peers2(session, &verify_status);
+ if(rc < 0) {
+ failf(data, "server cert verify failed: %d", rc);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* verify_status is a bitmask of gnutls_certificate_status bits */
+ if(verify_status & GNUTLS_CERT_INVALID) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ failf(data, "server certificate verification failed. CAfile: %s "
+ "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
+ "none",
+ SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none");
+ return CURLE_SSL_CACERT;
+ }
+ else
+ infof(data, "\t server certificate verification FAILED\n");
+ }
+ else
+ infof(data, "\t server certificate verification OK\n");
+ }
+ else
+ infof(data, "\t server certificate verification SKIPPED\n");
+
+#ifdef HAS_OCSP
+ if(SSL_CONN_CONFIG(verifystatus)) {
+ if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) {
+ gnutls_datum_t status_request;
+ gnutls_ocsp_resp_t ocsp_resp;
+
+ gnutls_ocsp_cert_status_t status;
+ gnutls_x509_crl_reason_t reason;
+
+ rc = gnutls_ocsp_status_request_get(session, &status_request);
+
+ infof(data, "\t server certificate status verification FAILED\n");
+
+ if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ failf(data, "No OCSP response received");
+ return CURLE_SSL_INVALIDCERTSTATUS;
+ }
+
+ if(rc < 0) {
+ failf(data, "Invalid OCSP response received");
+ return CURLE_SSL_INVALIDCERTSTATUS;
+ }
+
+ gnutls_ocsp_resp_init(&ocsp_resp);
+
+ rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
+ if(rc < 0) {
+ failf(data, "Invalid OCSP response received");
+ return CURLE_SSL_INVALIDCERTSTATUS;
+ }
+
+ rc = gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
+ &status, NULL, NULL, NULL, &reason);
+
+ switch(status) {
+ case GNUTLS_OCSP_CERT_GOOD:
+ break;
+
+ case GNUTLS_OCSP_CERT_REVOKED: {
+ const char *crl_reason;
+
+ switch(reason) {
+ default:
+ case GNUTLS_X509_CRLREASON_UNSPECIFIED:
+ crl_reason = "unspecified reason";
+ break;
+
+ case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
+ crl_reason = "private key compromised";
+ break;
+
+ case GNUTLS_X509_CRLREASON_CACOMPROMISE:
+ crl_reason = "CA compromised";
+ break;
+
+ case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
+ crl_reason = "affiliation has changed";
+ break;
+
+ case GNUTLS_X509_CRLREASON_SUPERSEDED:
+ crl_reason = "certificate superseded";
+ break;
+
+ case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
+ crl_reason = "operation has ceased";
+ break;
+
+ case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
+ crl_reason = "certificate is on hold";
+ break;
+
+ case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
+ crl_reason = "will be removed from delta CRL";
+ break;
+
+ case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
+ crl_reason = "privilege withdrawn";
+ break;
+
+ case GNUTLS_X509_CRLREASON_AACOMPROMISE:
+ crl_reason = "AA compromised";
+ break;
+ }
+
+ failf(data, "Server certificate was revoked: %s", crl_reason);
+ break;
+ }
+
+ default:
+ case GNUTLS_OCSP_CERT_UNKNOWN:
+ failf(data, "Server certificate status is unknown");
+ break;
+ }
+
+ gnutls_ocsp_resp_deinit(ocsp_resp);
+
+ return CURLE_SSL_INVALIDCERTSTATUS;
+ }
+ else
+ infof(data, "\t server certificate status verification OK\n");
+ }
+ else
+ infof(data, "\t server certificate status verification SKIPPED\n");
+#endif
+
+ /* initialize an X.509 certificate structure. */
+ gnutls_x509_crt_init(&x509_cert);
+
+ if(chainp)
+ /* convert the given DER or PEM encoded Certificate to the native
+ gnutls_x509_crt_t format */
+ gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
+
+ if(SSL_SET_OPTION(issuercert)) {
+ gnutls_x509_crt_init(&x509_issuer);
+ issuerp = load_file(SSL_SET_OPTION(issuercert));
+ gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
+ rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
+ gnutls_x509_crt_deinit(x509_issuer);
+ unload_file(issuerp);
+ if(rc <= 0) {
+ failf(data, "server certificate issuer check failed (IssuerCert: %s)",
+ SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
+ gnutls_x509_crt_deinit(x509_cert);
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+ infof(data, "\t server certificate issuer check OK (Issuer Cert: %s)\n",
+ SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
+ }
+
+ size = sizeof(certbuf);
+ rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME,
+ 0, /* the first and only one */
+ FALSE,
+ certbuf,
+ &size);
+ if(rc) {
+ infof(data, "error fetching CN from cert:%s\n",
+ gnutls_strerror(rc));
+ }
+
+ /* This function will check if the given certificate's subject matches the
+ given hostname. This is a basic implementation of the matching described
+ in RFC2818 (HTTPS), which takes into account wildcards, and the subject
+ alternative name PKIX extension. Returns non zero on success, and zero on
+ failure. */
+ rc = gnutls_x509_crt_check_hostname(x509_cert, hostname);
+#if GNUTLS_VERSION_NUMBER < 0x030306
+ /* Before 3.3.6, gnutls_x509_crt_check_hostname() didn't check IP
+ addresses. */
+ if(!rc) {
+#ifdef ENABLE_IPV6
+ #define use_addr in6_addr
+#else
+ #define use_addr in_addr
+#endif
+ unsigned char addrbuf[sizeof(struct use_addr)];
+ unsigned char certaddr[sizeof(struct use_addr)];
+ size_t addrlen = 0, certaddrlen;
+ int i;
+ int ret = 0;
+
+ if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0)
+ addrlen = 4;
+#ifdef ENABLE_IPV6
+ else if(Curl_inet_pton(AF_INET6, hostname, addrbuf) > 0)
+ addrlen = 16;
+#endif
+
+ if(addrlen) {
+ for(i = 0; ; i++) {
+ certaddrlen = sizeof(certaddr);
+ ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
+ &certaddrlen, NULL);
+ /* If this happens, it wasn't an IP address. */
+ if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ continue;
+ if(ret < 0)
+ break;
+ if(ret != GNUTLS_SAN_IPADDRESS)
+ continue;
+ if(certaddrlen == addrlen && !memcmp(addrbuf, certaddr, addrlen)) {
+ rc = 1;
+ break;
+ }
+ }
+ }
+ }
+#endif
+ if(!rc) {
+ const char * const dispname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.dispname : conn->host.dispname;
+
+ if(SSL_CONN_CONFIG(verifyhost)) {
+ failf(data, "SSL: certificate subject name (%s) does not match "
+ "target host name '%s'", certbuf, dispname);
+ gnutls_x509_crt_deinit(x509_cert);
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else
+ infof(data, "\t common name: %s (does not match '%s')\n",
+ certbuf, dispname);
+ }
+ else
+ infof(data, "\t common name: %s (matched)\n", certbuf);
+
+ /* Check for time-based validity */
+ certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
+
+ if(certclock == (time_t)-1) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ failf(data, "server cert expiration date verify failed");
+ gnutls_x509_crt_deinit(x509_cert);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else
+ infof(data, "\t server certificate expiration date verify FAILED\n");
+ }
+ else {
+ if(certclock < time(NULL)) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ failf(data, "server certificate expiration date has passed.");
+ gnutls_x509_crt_deinit(x509_cert);
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else
+ infof(data, "\t server certificate expiration date FAILED\n");
+ }
+ else
+ infof(data, "\t server certificate expiration date OK\n");
+ }
+
+ certclock = gnutls_x509_crt_get_activation_time(x509_cert);
+
+ if(certclock == (time_t)-1) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ failf(data, "server cert activation date verify failed");
+ gnutls_x509_crt_deinit(x509_cert);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else
+ infof(data, "\t server certificate activation date verify FAILED\n");
+ }
+ else {
+ if(certclock > time(NULL)) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ failf(data, "server certificate not activated yet.");
+ gnutls_x509_crt_deinit(x509_cert);
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else
+ infof(data, "\t server certificate activation date FAILED\n");
+ }
+ else
+ infof(data, "\t server certificate activation date OK\n");
+ }
+
+ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+ if(ptr) {
+ result = pkp_pin_peer_pubkey(data, x509_cert, ptr);
+ if(result != CURLE_OK) {
+ failf(data, "SSL: public key does not match pinned public key!");
+ gnutls_x509_crt_deinit(x509_cert);
+ return result;
+ }
+ }
+
+ /* Show:
+
+ - subject
+ - start date
+ - expire date
+ - common name
+ - issuer
+
+ */
+
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+ /* public key algorithm's parameters */
+ algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
+ infof(data, "\t certificate public key: %s\n",
+ gnutls_pk_algorithm_get_name(algo));
+
+ /* version of the X.509 certificate. */
+ infof(data, "\t certificate version: #%d\n",
+ gnutls_x509_crt_get_version(x509_cert));
+
+
+ size = sizeof(certbuf);
+ gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);
+ infof(data, "\t subject: %s\n", certbuf);
+
+ certclock = gnutls_x509_crt_get_activation_time(x509_cert);
+ showtime(data, "start date", certclock);
+
+ certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
+ showtime(data, "expire date", certclock);
+
+ size = sizeof(certbuf);
+ gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);
+ infof(data, "\t issuer: %s\n", certbuf);
+
+ /* compression algorithm (if any) */
+ ptr = gnutls_compression_get_name(gnutls_compression_get(session));
+ /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
+ infof(data, "\t compression: %s\n", ptr);
+#endif
+
+ gnutls_x509_crt_deinit(x509_cert);
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ rc = gnutls_alpn_get_selected_protocol(session, &proto);
+ if(rc == 0) {
+ infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
+ proto.data);
+
+#ifdef USE_NGHTTP2
+ if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
+ !memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
+ NGHTTP2_PROTO_VERSION_ID_LEN)) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(proto.size == ALPN_HTTP_1_1_LENGTH &&
+ !memcmp(ALPN_HTTP_1_1, proto.data, ALPN_HTTP_1_1_LENGTH)) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ }
+ else
+ infof(data, "ALPN, server did not agree to a protocol\n");
+ }
+#endif
+
+ conn->ssl[sockindex].state = ssl_connection_complete;
+ conn->recv[sockindex] = gtls_recv;
+ conn->send[sockindex] = gtls_send;
+
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ /* we always unconditionally get the session id here, as even if we
+ already got it from the cache and asked to use it in the connection, it
+ might've been rejected and then a new one is in use now and we need to
+ detect that. */
+ bool incache;
+ void *ssl_sessionid;
+ void *connect_sessionid;
+ size_t connect_idsize = 0;
+
+ /* get the session ID data size */
+ gnutls_session_get_data(session, NULL, &connect_idsize);
+ connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
+
+ if(connect_sessionid) {
+ /* extract session ID to the allocated buffer */
+ gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
+
+ Curl_ssl_sessionid_lock(conn);
+ incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL,
+ sockindex));
+ if(incache) {
+ /* there was one before in the cache, so instead of risking that the
+ previous one was rejected, we just kill that and store the new */
+ Curl_ssl_delsessionid(conn, ssl_sessionid);
+ }
+
+ /* store this session id */
+ result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize,
+ sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(result) {
+ free(connect_sessionid);
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ }
+ else
+ result = CURLE_OUT_OF_MEMORY;
+ }
+
+ return result;
+}
+
+
+/*
+ * This function is called after the TCP connect has completed. Setup the TLS
+ * layer and do all necessary magic.
+ */
+/* We use connssl->connecting_state to keep track of the connection status;
+ there are three states: 'ssl_connect_1' (not started yet or complete),
+ 'ssl_connect_2_reading' (waiting for data from server), and
+ 'ssl_connect_2_writing' (waiting to be able to write).
+ */
+static CURLcode
+gtls_connect_common(struct connectdata *conn,
+ int sockindex,
+ bool nonblocking,
+ bool *done)
+{
+ int rc;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ /* Initiate the connection, if not already done */
+ if(ssl_connect_1 == connssl->connecting_state) {
+ rc = gtls_connect_step1(conn, sockindex);
+ if(rc)
+ return rc;
+ }
+
+ rc = handshake(conn, sockindex, TRUE, nonblocking);
+ if(rc)
+ /* handshake() sets its own error message with failf() */
+ return rc;
+
+ /* Finish connecting once the handshake is done */
+ if(ssl_connect_1 == connssl->connecting_state) {
+ rc = gtls_connect_step3(conn, sockindex);
+ if(rc)
+ return rc;
+ }
+
+ *done = ssl_connect_1 == connssl->connecting_state;
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ return gtls_connect_common(conn, sockindex, TRUE, done);
+}
+
+static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+ bool done = FALSE;
+
+ result = gtls_connect_common(conn, sockindex, FALSE, &done);
+ if(result)
+ return result;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+static bool Curl_gtls_data_pending(const struct connectdata *conn,
+ int connindex)
+{
+ const struct ssl_connect_data *connssl = &conn->ssl[connindex];
+ bool res = FALSE;
+ if(BACKEND->session &&
+ 0 != gnutls_record_check_pending(BACKEND->session))
+ res = TRUE;
+
+ connssl = &conn->proxy_ssl[connindex];
+ if(BACKEND->session &&
+ 0 != gnutls_record_check_pending(BACKEND->session))
+ res = TRUE;
+
+ return res;
+}
+
+static ssize_t gtls_send(struct connectdata *conn,
+ int sockindex,
+ const void *mem,
+ size_t len,
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ ssize_t rc = gnutls_record_send(BACKEND->session, mem, len);
+
+ if(rc < 0) {
+ *curlcode = (rc == GNUTLS_E_AGAIN)
+ ? CURLE_AGAIN
+ : CURLE_SEND_ERROR;
+
+ rc = -1;
+ }
+
+ return rc;
+}
+
+static void close_one(struct ssl_connect_data *connssl)
+{
+ if(BACKEND->session) {
+ gnutls_bye(BACKEND->session, GNUTLS_SHUT_RDWR);
+ gnutls_deinit(BACKEND->session);
+ BACKEND->session = NULL;
+ }
+ if(BACKEND->cred) {
+ gnutls_certificate_free_credentials(BACKEND->cred);
+ BACKEND->cred = NULL;
+ }
+#ifdef USE_TLS_SRP
+ if(BACKEND->srp_client_cred) {
+ gnutls_srp_free_client_credentials(BACKEND->srp_client_cred);
+ BACKEND->srp_client_cred = NULL;
+ }
+#endif
+}
+
+static void Curl_gtls_close(struct connectdata *conn, int sockindex)
+{
+ close_one(&conn->ssl[sockindex]);
+ close_one(&conn->proxy_ssl[sockindex]);
+}
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ ssize_t result;
+ int retval = 0;
+ struct Curl_easy *data = conn->data;
+ int done = 0;
+ char buf[120];
+
+ /* This has only been tested on the proftpd server, and the mod_tls code
+ sends a close notify alert without waiting for a close notify alert in
+ response. Thus we wait for a close notify alert from the server, but
+ we do not send one. Let's hope other servers do the same... */
+
+ if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
+ gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR);
+
+ if(BACKEND->session) {
+ while(!done) {
+ int what = SOCKET_READABLE(conn->sock[sockindex],
+ SSL_SHUTDOWN_TIMEOUT);
+ if(what > 0) {
+ /* Something to read, let's do it and hope that it is the close
+ notify alert from the server */
+ result = gnutls_record_recv(BACKEND->session,
+ buf, sizeof(buf));
+ switch(result) {
+ case 0:
+ /* This is the expected response. There was no data but only
+ the close notify alert */
+ done = 1;
+ break;
+ case GNUTLS_E_AGAIN:
+ case GNUTLS_E_INTERRUPTED:
+ infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED\n");
+ break;
+ default:
+ retval = -1;
+ done = 1;
+ break;
+ }
+ }
+ else if(0 == what) {
+ /* timeout */
+ failf(data, "SSL shutdown timeout");
+ done = 1;
+ break;
+ }
+ else {
+ /* anything that gets here is fatally bad */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ retval = -1;
+ done = 1;
+ }
+ }
+ gnutls_deinit(BACKEND->session);
+ }
+ gnutls_certificate_free_credentials(BACKEND->cred);
+
+#ifdef USE_TLS_SRP
+ if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
+ && SSL_SET_OPTION(username) != NULL)
+ gnutls_srp_free_client_credentials(BACKEND->srp_client_cred);
+#endif
+
+ BACKEND->cred = NULL;
+ BACKEND->session = NULL;
+
+ return retval;
+}
+
+static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
+ int num, /* socketindex */
+ char *buf, /* store read data here */
+ size_t buffersize, /* max amount to read */
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[num];
+ ssize_t ret;
+
+ ret = gnutls_record_recv(BACKEND->session, buf, buffersize);
+ if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ }
+
+ if(ret == GNUTLS_E_REHANDSHAKE) {
+ /* BLOCKING call, this is bad but a work-around for now. Fixing this "the
+ proper way" takes a whole lot of work. */
+ CURLcode result = handshake(conn, num, FALSE, FALSE);
+ if(result)
+ /* handshake() writes error message on its own */
+ *curlcode = result;
+ else
+ *curlcode = CURLE_AGAIN; /* then return as if this was a wouldblock */
+ return -1;
+ }
+
+ if(ret < 0) {
+ failf(conn->data, "GnuTLS recv error (%d): %s",
+
+ (int)ret, gnutls_strerror((int)ret));
+ *curlcode = CURLE_RECV_ERROR;
+ return -1;
+ }
+
+ return ret;
+}
+
+static void Curl_gtls_session_free(void *ptr)
+{
+ free(ptr);
+}
+
+static size_t Curl_gtls_version(char *buffer, size_t size)
+{
+ return snprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
+}
+
+#ifndef USE_GNUTLS_NETTLE
+static int Curl_gtls_seed(struct Curl_easy *data)
+{
+ /* we have the "SSL is seeded" boolean static to prevent multiple
+ time-consuming seedings in vain */
+ static bool ssl_seeded = FALSE;
+
+ /* Quickly add a bit of entropy */
+ gcry_fast_random_poll();
+
+ if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
+ data->set.str[STRING_SSL_EGDSOCKET]) {
+
+ /* TODO: to a good job seeding the RNG
+ This may involve the gcry_control function and these options:
+ GCRYCTL_SET_RANDOM_SEED_FILE
+ GCRYCTL_SET_RNDEGD_SOCKET
+ */
+ ssl_seeded = TRUE;
+ }
+ return 0;
+}
+#endif
+
+/* data might be NULL! */
+static CURLcode Curl_gtls_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
+{
+#if defined(USE_GNUTLS_NETTLE)
+ int rc;
+ (void)data;
+ rc = gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
+ return rc?CURLE_FAILED_INIT:CURLE_OK;
+#elif defined(USE_GNUTLS)
+ if(data)
+ Curl_gtls_seed(data); /* Initiate the seed if not already done */
+ gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
+#endif
+ return CURLE_OK;
+}
+
+static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
+{
+#if defined(USE_GNUTLS_NETTLE)
+ struct md5_ctx MD5pw;
+ md5_init(&MD5pw);
+ md5_update(&MD5pw, (unsigned int)tmplen, tmp);
+ md5_digest(&MD5pw, (unsigned int)md5len, md5sum);
+#elif defined(USE_GNUTLS)
+ gcry_md_hd_t MD5pw;
+ gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
+ gcry_md_write(MD5pw, tmp, tmplen);
+ memcpy(md5sum, gcry_md_read(MD5pw, 0), md5len);
+ gcry_md_close(MD5pw);
+#endif
+ return CURLE_OK;
+}
+
+static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
+{
+#if defined(USE_GNUTLS_NETTLE)
+ struct sha256_ctx SHA256pw;
+ sha256_init(&SHA256pw);
+ sha256_update(&SHA256pw, (unsigned int)tmplen, tmp);
+ sha256_digest(&SHA256pw, (unsigned int)sha256len, sha256sum);
+#elif defined(USE_GNUTLS)
+ gcry_md_hd_t SHA256pw;
+ gcry_md_open(&SHA256pw, GCRY_MD_SHA256, 0);
+ gcry_md_write(SHA256pw, tmp, tmplen);
+ memcpy(sha256sum, gcry_md_read(SHA256pw, 0), sha256len);
+ gcry_md_close(SHA256pw);
+#endif
+}
+
+static bool Curl_gtls_cert_status_request(void)
+{
+#ifdef HAS_OCSP
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}
+
+static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return BACKEND->session;
+}
+
+const struct Curl_ssl Curl_ssl_gnutls = {
+ { CURLSSLBACKEND_GNUTLS, "gnutls" }, /* info */
+
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ 1, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_gtls_init, /* init */
+ Curl_gtls_cleanup, /* cleanup */
+ Curl_gtls_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ Curl_gtls_shutdown, /* shutdown */
+ Curl_gtls_data_pending, /* data_pending */
+ Curl_gtls_random, /* random */
+ Curl_gtls_cert_status_request, /* cert_status_request */
+ Curl_gtls_connect, /* connect */
+ Curl_gtls_connect_nonblocking, /* connect_nonblocking */
+ Curl_gtls_get_internals, /* get_internals */
+ Curl_gtls_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_gtls_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_gtls_md5sum, /* md5sum */
+ Curl_gtls_sha256sum /* sha256sum */
+};
+
+#endif /* USE_GNUTLS */
diff --git a/libs/libcurl/src/vtls/gtls.h b/libs/libcurl/src/vtls/gtls.h
new file mode 100644
index 0000000000..780fc109d7
--- /dev/null
+++ b/libs/libcurl/src/vtls/gtls.h
@@ -0,0 +1,34 @@
+#ifndef HEADER_CURL_GTLS_H
+#define HEADER_CURL_GTLS_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_GNUTLS
+
+#include "urldata.h"
+
+extern const struct Curl_ssl Curl_ssl_gnutls;
+
+#endif /* USE_GNUTLS */
+#endif /* HEADER_CURL_GTLS_H */
diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c
new file mode 100644
index 0000000000..28251a3888
--- /dev/null
+++ b/libs/libcurl/src/vtls/mbedtls.c
@@ -0,0 +1,1075 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all mbedTLS-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_MBEDTLS
+
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_NUMBER >= 0x02040000
+#include <mbedtls/net_sockets.h>
+#else
+#include <mbedtls/net.h>
+#endif
+#include <mbedtls/ssl.h>
+#include <mbedtls/certs.h>
+#include <mbedtls/x509.h>
+
+#include <mbedtls/error.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/sha256.h>
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "mbedtls.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "polarssl_threadlock.h"
+
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
+#include "curl_memory.h"
+#include "memdebug.h"
+
+struct ssl_backend_data {
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_ssl_context ssl;
+ int server_fd;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt clicert;
+ mbedtls_x509_crl crl;
+ mbedtls_pk_context pk;
+ mbedtls_ssl_config config;
+ const char *protocols[3];
+};
+
+#define BACKEND connssl->backend
+
+/* apply threading? */
+#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+#define THREADING_SUPPORT
+#endif
+
+#if defined(THREADING_SUPPORT)
+static mbedtls_entropy_context ts_entropy;
+
+static int entropy_init_initialized = 0;
+
+/* start of entropy_init_mutex() */
+static void entropy_init_mutex(mbedtls_entropy_context *ctx)
+{
+ /* lock 0 = entropy_init_mutex() */
+ Curl_polarsslthreadlock_lock_function(0);
+ if(entropy_init_initialized == 0) {
+ mbedtls_entropy_init(ctx);
+ entropy_init_initialized = 1;
+ }
+ Curl_polarsslthreadlock_unlock_function(0);
+}
+/* end of entropy_init_mutex() */
+
+/* start of entropy_func_mutex() */
+static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
+{
+ int ret;
+ /* lock 1 = entropy_func_mutex() */
+ Curl_polarsslthreadlock_lock_function(1);
+ ret = mbedtls_entropy_func(data, output, len);
+ Curl_polarsslthreadlock_unlock_function(1);
+
+ return ret;
+}
+/* end of entropy_func_mutex() */
+
+#endif /* THREADING_SUPPORT */
+
+/* Define this to enable lots of debugging for mbedTLS */
+#undef MBEDTLS_DEBUG
+
+#ifdef MBEDTLS_DEBUG
+static void mbed_debug(void *context, int level, const char *f_name,
+ int line_nb, const char *line)
+{
+ struct Curl_easy *data = NULL;
+
+ if(!context)
+ return;
+
+ data = (struct Curl_easy *)context;
+
+ infof(data, "%s", line);
+ (void) level;
+}
+#else
+#endif
+
+/* ALPN for http2? */
+#ifdef USE_NGHTTP2
+# undef HAS_ALPN
+# ifdef MBEDTLS_SSL_ALPN
+# define HAS_ALPN
+# endif
+#endif
+
+
+/*
+ * profile
+ */
+static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr =
+{
+ /* Hashes from SHA-1 and above */
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_RIPEMD160) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
+ MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
+ 0xFFFFFFF, /* Any PK alg */
+ 0xFFFFFFF, /* Any curve */
+ 1024, /* RSA min key len */
+};
+
+/* See https://tls.mbed.org/discussions/generic/
+ howto-determine-exact-buffer-len-for-mbedtls_pk_write_pubkey_der
+*/
+#define RSA_PUB_DER_MAX_BYTES (38 + 2 * MBEDTLS_MPI_MAX_SIZE)
+#define ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_ECP_MAX_BYTES)
+
+#define PUB_DER_MAX_BYTES (RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
+ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES)
+
+static Curl_recv mbed_recv;
+static Curl_send mbed_send;
+
+static CURLcode mbedtls_version_from_curl(int *mbedver, long version)
+{
+ switch(version) {
+ case CURL_SSLVERSION_TLSv1_0:
+ *mbedver = MBEDTLS_SSL_MINOR_VERSION_1;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_1:
+ *mbedver = MBEDTLS_SSL_MINOR_VERSION_2;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_2:
+ *mbedver = MBEDTLS_SSL_MINOR_VERSION_3;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_3:
+ break;
+ }
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
+static CURLcode
+set_ssl_version_min_max(struct connectdata *conn, int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_1;
+ int mbedtls_ver_max = MBEDTLS_SSL_MINOR_VERSION_1;
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ CURLcode result = CURLE_OK;
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ ssl_version = CURL_SSLVERSION_TLSv1_0;
+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
+ break;
+ }
+
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ ssl_version_max = ssl_version << 16;
+ break;
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
+ break;
+ }
+
+ result = mbedtls_version_from_curl(&mbedtls_ver_min, ssl_version);
+ if(result) {
+ failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+ result = mbedtls_version_from_curl(&mbedtls_ver_max, ssl_version_max >> 16);
+ if(result) {
+ failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+
+ mbedtls_ssl_conf_min_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ver_min);
+ mbedtls_ssl_conf_max_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3,
+ mbedtls_ver_max);
+
+ return result;
+}
+
+static CURLcode
+mbed_connect_step1(struct connectdata *conn,
+ int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+ const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+ const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
+ char * const ssl_cert = SSL_SET_OPTION(cert);
+ const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+ int ret = -1;
+ char errorbuf[128];
+ errorbuf[0] = 0;
+
+ /* mbedTLS only supports SSLv3 and TLSv1 */
+ if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) {
+ failf(data, "mbedTLS does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+#ifdef THREADING_SUPPORT
+ entropy_init_mutex(&ts_entropy);
+ mbedtls_ctr_drbg_init(&BACKEND->ctr_drbg);
+
+ ret = mbedtls_ctr_drbg_seed(&BACKEND->ctr_drbg, entropy_func_mutex,
+ &ts_entropy, NULL, 0);
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+#else
+ mbedtls_entropy_init(&BACKEND->entropy);
+ mbedtls_ctr_drbg_init(&BACKEND->ctr_drbg);
+
+ ret = mbedtls_ctr_drbg_seed(&BACKEND->ctr_drbg, mbedtls_entropy_func,
+ &BACKEND->entropy, NULL, 0);
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+#endif /* THREADING_SUPPORT */
+
+ /* Load the trusted CA */
+ mbedtls_x509_crt_init(&BACKEND->cacert);
+
+ if(ssl_cafile) {
+ ret = mbedtls_x509_crt_parse_file(&BACKEND->cacert, ssl_cafile);
+
+ if(ret<0) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Error reading ca cert file %s - mbedTLS: (-0x%04X) %s",
+ ssl_cafile, -ret, errorbuf);
+
+ if(verifypeer)
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ }
+
+ if(ssl_capath) {
+ ret = mbedtls_x509_crt_parse_path(&BACKEND->cacert, ssl_capath);
+
+ if(ret<0) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Error reading ca cert path %s - mbedTLS: (-0x%04X) %s",
+ ssl_capath, -ret, errorbuf);
+
+ if(verifypeer)
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ }
+
+ /* Load the client certificate */
+ mbedtls_x509_crt_init(&BACKEND->clicert);
+
+ if(ssl_cert) {
+ ret = mbedtls_x509_crt_parse_file(&BACKEND->clicert, ssl_cert);
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Error reading client cert file %s - mbedTLS: (-0x%04X) %s",
+ ssl_cert, -ret, errorbuf);
+
+ return CURLE_SSL_CERTPROBLEM;
+ }
+ }
+
+ /* Load the client private key */
+ mbedtls_pk_init(&BACKEND->pk);
+
+ if(SSL_SET_OPTION(key)) {
+ ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key),
+ SSL_SET_OPTION(key_passwd));
+ if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA))
+ ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Error reading private key %s - mbedTLS: (-0x%04X) %s",
+ SSL_SET_OPTION(key), -ret, errorbuf);
+
+ return CURLE_SSL_CERTPROBLEM;
+ }
+ }
+
+ /* Load the CRL */
+ mbedtls_x509_crl_init(&BACKEND->crl);
+
+ if(ssl_crlfile) {
+ ret = mbedtls_x509_crl_parse_file(&BACKEND->crl, ssl_crlfile);
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Error reading CRL file %s - mbedTLS: (-0x%04X) %s",
+ ssl_crlfile, -ret, errorbuf);
+
+ return CURLE_SSL_CRL_BADFILE;
+ }
+ }
+
+ infof(data, "mbedTLS: Connecting to %s:%d\n", hostname, port);
+
+ mbedtls_ssl_config_init(&BACKEND->config);
+
+ mbedtls_ssl_init(&BACKEND->ssl);
+ if(mbedtls_ssl_setup(&BACKEND->ssl, &BACKEND->config)) {
+ failf(data, "mbedTLS: ssl_init failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ ret = mbedtls_ssl_config_defaults(&BACKEND->config,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT);
+ if(ret) {
+ failf(data, "mbedTLS: ssl_config failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* new profile with RSA min key len = 1024 ... */
+ mbedtls_ssl_conf_cert_profile(&BACKEND->config,
+ &mbedtls_x509_crt_profile_fr);
+
+ switch(SSL_CONN_CONFIG(version)) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ mbedtls_ssl_conf_min_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_1);
+ infof(data, "mbedTLS: Set min SSL version to TLS 1.0\n");
+ break;
+ case CURL_SSLVERSION_SSLv3:
+ mbedtls_ssl_conf_min_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_0);
+ mbedtls_ssl_conf_max_version(&BACKEND->config, MBEDTLS_SSL_MAJOR_VERSION_3,
+ MBEDTLS_SSL_MINOR_VERSION_0);
+ infof(data, "mbedTLS: Set SSL version to SSLv3\n");
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ {
+ CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ if(result != CURLE_OK)
+ return result;
+ break;
+ }
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ mbedtls_ssl_conf_authmode(&BACKEND->config, MBEDTLS_SSL_VERIFY_OPTIONAL);
+
+ mbedtls_ssl_conf_rng(&BACKEND->config, mbedtls_ctr_drbg_random,
+ &BACKEND->ctr_drbg);
+ mbedtls_ssl_set_bio(&BACKEND->ssl, &conn->sock[sockindex],
+ mbedtls_net_send,
+ mbedtls_net_recv,
+ NULL /* rev_timeout() */);
+
+ mbedtls_ssl_conf_ciphersuites(&BACKEND->config,
+ mbedtls_ssl_list_ciphersuites());
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation(&BACKEND->config,
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_session_tickets(&BACKEND->config,
+ MBEDTLS_SSL_SESSION_TICKETS_DISABLED);
+#endif
+
+ /* Check if there's a cached ID we can/should use here! */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ void *old_session = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {
+ ret = mbedtls_ssl_set_session(&BACKEND->ssl, old_session);
+ if(ret) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "mbedtls_ssl_set_session returned -0x%x", -ret);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ infof(data, "mbedTLS re-using session\n");
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ mbedtls_ssl_conf_ca_chain(&BACKEND->config,
+ &BACKEND->cacert,
+ &BACKEND->crl);
+
+ if(SSL_SET_OPTION(key)) {
+ mbedtls_ssl_conf_own_cert(&BACKEND->config,
+ &BACKEND->clicert, &BACKEND->pk);
+ }
+ if(mbedtls_ssl_set_hostname(&BACKEND->ssl, hostname)) {
+ /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks *and*
+ the name to set in the SNI extension. So even if curl connects to a
+ host specified as an IP address, this function must be used. */
+ failf(data, "couldn't set hostname in mbedTLS");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ const char **p = &BACKEND->protocols[0];
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2)
+ *p++ = NGHTTP2_PROTO_VERSION_ID;
+#endif
+ *p++ = ALPN_HTTP_1_1;
+ *p = NULL;
+ /* this function doesn't clone the protocols array, which is why we need
+ to keep it around */
+ if(mbedtls_ssl_conf_alpn_protocols(&BACKEND->config,
+ &BACKEND->protocols[0])) {
+ failf(data, "Failed setting ALPN protocols");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ for(p = &BACKEND->protocols[0]; *p; ++p)
+ infof(data, "ALPN, offering %s\n", *p);
+ }
+#endif
+
+#ifdef MBEDTLS_DEBUG
+ /* In order to make that work in mbedtls MBEDTLS_DEBUG_C must be defined. */
+ mbedtls_ssl_conf_dbg(&BACKEND->config, mbed_debug, data);
+ /* - 0 No debug
+ * - 1 Error
+ * - 2 State change
+ * - 3 Informational
+ * - 4 Verbose
+ */
+ mbedtls_debug_set_threshold(4);
+#endif
+
+ /* give application a chance to interfere with mbedTLS set up. */
+ if(data->set.ssl.fsslctx) {
+ ret = (*data->set.ssl.fsslctx)(data, &BACKEND->config,
+ data->set.ssl.fsslctxp);
+ if(ret) {
+ failf(data, "error signaled by ssl ctx callback");
+ return ret;
+ }
+ }
+
+ connssl->connecting_state = ssl_connect_2;
+
+ return CURLE_OK;
+}
+
+static CURLcode
+mbed_connect_step2(struct connectdata *conn,
+ int sockindex)
+{
+ int ret;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+ const mbedtls_x509_crt *peercert;
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+
+#ifdef HAS_ALPN
+ const char *next_protocol;
+#endif
+
+ char errorbuf[128];
+ errorbuf[0] = 0;
+
+ conn->recv[sockindex] = mbed_recv;
+ conn->send[sockindex] = mbed_send;
+
+ ret = mbedtls_ssl_handshake(&BACKEND->ssl);
+
+ if(ret == MBEDTLS_ERR_SSL_WANT_READ) {
+ connssl->connecting_state = ssl_connect_2_reading;
+ return CURLE_OK;
+ }
+ else if(ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ connssl->connecting_state = ssl_connect_2_writing;
+ return CURLE_OK;
+ }
+ else if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "ssl_handshake returned - mbedTLS: (-0x%04X) %s",
+ -ret, errorbuf);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ infof(data, "mbedTLS: Handshake complete, cipher is %s\n",
+ mbedtls_ssl_get_ciphersuite(&BACKEND->ssl)
+ );
+
+ ret = mbedtls_ssl_get_verify_result(&BACKEND->ssl);
+
+ if(ret && SSL_CONN_CONFIG(verifypeer)) {
+ if(ret & MBEDTLS_X509_BADCERT_EXPIRED)
+ failf(data, "Cert verify failed: BADCERT_EXPIRED");
+
+ if(ret & MBEDTLS_X509_BADCERT_REVOKED) {
+ failf(data, "Cert verify failed: BADCERT_REVOKED");
+ return CURLE_SSL_CACERT;
+ }
+
+ if(ret & MBEDTLS_X509_BADCERT_CN_MISMATCH)
+ failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
+
+ if(ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
+ failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
+
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ peercert = mbedtls_ssl_get_peer_cert(&BACKEND->ssl);
+
+ if(peercert && data->set.verbose) {
+ const size_t bufsize = 16384;
+ char *buffer = malloc(bufsize);
+
+ if(!buffer)
+ return CURLE_OUT_OF_MEMORY;
+
+ if(mbedtls_x509_crt_info(buffer, bufsize, "* ", peercert) > 0)
+ infof(data, "Dumping cert info:\n%s\n", buffer);
+ else
+ infof(data, "Unable to dump certificate information.\n");
+
+ free(buffer);
+ }
+
+ if(pinnedpubkey) {
+ int size;
+ CURLcode result;
+ mbedtls_x509_crt *p;
+ unsigned char pubkey[PUB_DER_MAX_BYTES];
+
+ if(!peercert || !peercert->raw.p || !peercert->raw.len) {
+ failf(data, "Failed due to missing peer certificate");
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ p = calloc(1, sizeof(*p));
+
+ if(!p)
+ return CURLE_OUT_OF_MEMORY;
+
+ mbedtls_x509_crt_init(p);
+
+ /* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der
+ needs a non-const key, for now.
+ https://github.com/ARMmbed/mbedtls/issues/396 */
+ if(mbedtls_x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) {
+ failf(data, "Failed copying peer certificate");
+ mbedtls_x509_crt_free(p);
+ free(p);
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ size = mbedtls_pk_write_pubkey_der(&p->pk, pubkey, PUB_DER_MAX_BYTES);
+
+ if(size <= 0) {
+ failf(data, "Failed copying public key from peer certificate");
+ mbedtls_x509_crt_free(p);
+ free(p);
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ /* mbedtls_pk_write_pubkey_der writes data at the end of the buffer. */
+ result = Curl_pin_peer_pubkey(data,
+ pinnedpubkey,
+ &pubkey[PUB_DER_MAX_BYTES - size], size);
+ if(result) {
+ mbedtls_x509_crt_free(p);
+ free(p);
+ return result;
+ }
+
+ mbedtls_x509_crt_free(p);
+ free(p);
+ }
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
+
+ if(next_protocol) {
+ infof(data, "ALPN, server accepted to use %s\n", next_protocol);
+#ifdef USE_NGHTTP2
+ if(!strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN) &&
+ !next_protocol[NGHTTP2_PROTO_VERSION_ID_LEN]) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(!strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH) &&
+ !next_protocol[ALPN_HTTP_1_1_LENGTH]) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ }
+ else {
+ infof(data, "ALPN, server did not agree to a protocol\n");
+ }
+ }
+#endif
+
+ connssl->connecting_state = ssl_connect_3;
+ infof(data, "SSL connected\n");
+
+ return CURLE_OK;
+}
+
+static CURLcode
+mbed_connect_step3(struct connectdata *conn,
+ int sockindex)
+{
+ CURLcode retcode = CURLE_OK;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+
+ DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ int ret;
+ mbedtls_ssl_session *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
+
+ our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session));
+ if(!our_ssl_sessionid)
+ return CURLE_OUT_OF_MEMORY;
+
+ mbedtls_ssl_session_init(our_ssl_sessionid);
+
+ ret = mbedtls_ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
+ if(ret) {
+ free(our_ssl_sessionid);
+ failf(data, "mbedtls_ssl_get_session returned -0x%x", -ret);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* If there's already a matching session in the cache, delete it */
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex))
+ Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+
+ retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(retcode) {
+ free(our_ssl_sessionid);
+ failf(data, "failed to store ssl session");
+ return retcode;
+ }
+ }
+
+ connssl->connecting_state = ssl_connect_done;
+
+ return CURLE_OK;
+}
+
+static ssize_t mbed_send(struct connectdata *conn, int sockindex,
+ const void *mem, size_t len,
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ int ret = -1;
+
+ ret = mbedtls_ssl_write(&BACKEND->ssl,
+ (unsigned char *)mem, len);
+
+ if(ret < 0) {
+ *curlcode = (ret == MBEDTLS_ERR_SSL_WANT_WRITE) ?
+ CURLE_AGAIN : CURLE_SEND_ERROR;
+ ret = -1;
+ }
+
+ return ret;
+}
+
+static void Curl_mbedtls_close_all(struct Curl_easy *data)
+{
+ (void)data;
+}
+
+static void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ mbedtls_pk_free(&BACKEND->pk);
+ mbedtls_x509_crt_free(&BACKEND->clicert);
+ mbedtls_x509_crt_free(&BACKEND->cacert);
+ mbedtls_x509_crl_free(&BACKEND->crl);
+ mbedtls_ssl_config_free(&BACKEND->config);
+ mbedtls_ssl_free(&BACKEND->ssl);
+ mbedtls_ctr_drbg_free(&BACKEND->ctr_drbg);
+#ifndef THREADING_SUPPORT
+ mbedtls_entropy_free(&BACKEND->entropy);
+#endif /* THREADING_SUPPORT */
+}
+
+static ssize_t mbed_recv(struct connectdata *conn, int num,
+ char *buf, size_t buffersize,
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[num];
+ int ret = -1;
+ ssize_t len = -1;
+
+ memset(buf, 0, buffersize);
+ ret = mbedtls_ssl_read(&BACKEND->ssl, (unsigned char *)buf,
+ buffersize);
+
+ if(ret <= 0) {
+ if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
+ return 0;
+
+ *curlcode = (ret == MBEDTLS_ERR_SSL_WANT_READ) ?
+ CURLE_AGAIN : CURLE_RECV_ERROR;
+ return -1;
+ }
+
+ len = ret;
+
+ return len;
+}
+
+static void Curl_mbedtls_session_free(void *ptr)
+{
+ mbedtls_ssl_session_free(ptr);
+ free(ptr);
+}
+
+static size_t Curl_mbedtls_version(char *buffer, size_t size)
+{
+ unsigned int version = mbedtls_version_get_number();
+ return snprintf(buffer, size, "mbedTLS/%d.%d.%d", version>>24,
+ (version>>16)&0xff, (version>>8)&0xff);
+}
+
+static CURLcode Curl_mbedtls_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
+{
+#if defined(MBEDTLS_CTR_DRBG_C)
+ int ret = -1;
+ char errorbuf[128];
+ mbedtls_entropy_context ctr_entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_init(&ctr_entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ errorbuf[0] = 0;
+
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &ctr_entropy, NULL, 0);
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+ else {
+ ret = mbedtls_ctr_drbg_random(&ctr_drbg, entropy, length);
+
+ if(ret) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
+#endif /* MBEDTLS_ERROR_C */
+ failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+ }
+
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&ctr_entropy);
+
+ return ret == 0 ? CURLE_OK : CURLE_FAILED_INIT;
+#elif defined(MBEDTLS_HAVEGE_C)
+ mbedtls_havege_state hs;
+ mbedtls_havege_init(&hs);
+ mbedtls_havege_random(&hs, entropy, length);
+ mbedtls_havege_free(&hs);
+ return CURLE_OK;
+#else
+ return CURLE_NOT_BUILT_IN;
+#endif
+}
+
+static CURLcode
+mbed_connect_common(struct connectdata *conn,
+ int sockindex,
+ bool nonblocking,
+ bool *done)
+{
+ CURLcode retcode;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ curl_socket_t sockfd = conn->sock[sockindex];
+ long timeout_ms;
+ int what;
+
+ /* check if the connection has already been established */
+ if(ssl_connection_complete == connssl->state) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ if(ssl_connect_1 == connssl->connecting_state) {
+ /* Find out how much more time we're allowed */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ retcode = mbed_connect_step1(conn, sockindex);
+ if(retcode)
+ return retcode;
+ }
+
+ while(ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state) {
+
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ /* if ssl is expecting something, check if it's available. */
+ if(connssl->connecting_state == ssl_connect_2_reading
+ || connssl->connecting_state == ssl_connect_2_writing) {
+
+ curl_socket_t writefd = ssl_connect_2_writing ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+ curl_socket_t readfd = ssl_connect_2_reading ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking ? 0 : timeout_ms);
+ if(what < 0) {
+ /* fatal error */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else if(0 == what) {
+ if(nonblocking) {
+ *done = FALSE;
+ return CURLE_OK;
+ }
+ else {
+ /* timeout */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ }
+ /* socket is readable or writable */
+ }
+
+ /* Run transaction, and return to the caller if it failed or if
+ * this connection is part of a multi handle and this loop would
+ * execute again. This permits the owner of a multi handle to
+ * abort a connection attempt before step2 has completed while
+ * ensuring that a client using select() or epoll() will always
+ * have a valid fdset to wait on.
+ */
+ retcode = mbed_connect_step2(conn, sockindex);
+ if(retcode || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return retcode;
+
+ } /* repeat step2 until all transactions are done. */
+
+ if(ssl_connect_3 == connssl->connecting_state) {
+ retcode = mbed_connect_step3(conn, sockindex);
+ if(retcode)
+ return retcode;
+ }
+
+ if(ssl_connect_done == connssl->connecting_state) {
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = mbed_recv;
+ conn->send[sockindex] = mbed_send;
+ *done = TRUE;
+ }
+ else
+ *done = FALSE;
+
+ /* Reset our connect state machine */
+ connssl->connecting_state = ssl_connect_1;
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_mbedtls_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ return mbed_connect_common(conn, sockindex, TRUE, done);
+}
+
+
+static CURLcode Curl_mbedtls_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode retcode;
+ bool done = FALSE;
+
+ retcode = mbed_connect_common(conn, sockindex, FALSE, &done);
+ if(retcode)
+ return retcode;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+/*
+ * return 0 error initializing SSL
+ * return 1 SSL initialized successfully
+ */
+static int Curl_mbedtls_init(void)
+{
+ return Curl_polarsslthreadlock_thread_setup();
+}
+
+static void Curl_mbedtls_cleanup(void)
+{
+ (void)Curl_polarsslthreadlock_thread_cleanup();
+}
+
+static bool Curl_mbedtls_data_pending(const struct connectdata *conn,
+ int sockindex)
+{
+ const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ return mbedtls_ssl_get_bytes_avail(&BACKEND->ssl) != 0;
+}
+
+static void Curl_mbedtls_sha256sum(const unsigned char *input,
+ size_t inputlen,
+ unsigned char *sha256sum,
+ size_t sha256len UNUSED_PARAM)
+{
+ (void)sha256len;
+ mbedtls_sha256(input, inputlen, sha256sum, 0);
+}
+
+static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return &BACKEND->ssl;
+}
+
+const struct Curl_ssl Curl_ssl_mbedtls = {
+ { CURLSSLBACKEND_MBEDTLS, "mbedtls" }, /* info */
+
+ 1, /* have_ca_path */
+ 0, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 1, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_mbedtls_init, /* init */
+ Curl_mbedtls_cleanup, /* cleanup */
+ Curl_mbedtls_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ Curl_none_shutdown, /* shutdown */
+ Curl_mbedtls_data_pending, /* data_pending */
+ Curl_mbedtls_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_mbedtls_connect, /* connect */
+ Curl_mbedtls_connect_nonblocking, /* connect_nonblocking */
+ Curl_mbedtls_get_internals, /* get_internals */
+ Curl_mbedtls_close, /* close_one */
+ Curl_mbedtls_close_all, /* close_all */
+ Curl_mbedtls_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ Curl_mbedtls_sha256sum /* sha256sum */
+};
+
+#endif /* USE_MBEDTLS */
diff --git a/libs/libcurl/src/vtls/mbedtls.h b/libs/libcurl/src/vtls/mbedtls.h
new file mode 100644
index 0000000000..4a938605bd
--- /dev/null
+++ b/libs/libcurl/src/vtls/mbedtls.h
@@ -0,0 +1,32 @@
+#ifndef HEADER_CURL_MBEDTLS_H
+#define HEADER_CURL_MBEDTLS_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_MBEDTLS
+
+extern const struct Curl_ssl Curl_ssl_mbedtls;
+
+#endif /* USE_MBEDTLS */
+#endif /* HEADER_CURL_MBEDTLS_H */
diff --git a/libs/libcurl/src/vtls/nss.c b/libs/libcurl/src/vtls/nss.c
new file mode 100644
index 0000000000..a3ef37a12c
--- /dev/null
+++ b/libs/libcurl/src/vtls/nss.c
@@ -0,0 +1,2380 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all NSS-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_NSS
+
+#include "urldata.h"
+#include "sendf.h"
+#include "formdata.h" /* for the boundary function */
+#include "url.h" /* for the ssl config check function */
+#include "connect.h"
+#include "strcase.h"
+#include "select.h"
+#include "vtls.h"
+#include "llist.h"
+#include "curl_printf.h"
+#include "nssg.h"
+#include <nspr.h>
+#include <nss.h>
+#include <ssl.h>
+#include <sslerr.h>
+#include <secerr.h>
+#include <secmod.h>
+#include <sslproto.h>
+#include <prtypes.h>
+#include <pk11pub.h>
+#include <prio.h>
+#include <secitem.h>
+#include <secport.h>
+#include <certdb.h>
+#include <base64.h>
+#include <cert.h>
+#include <prerror.h>
+#include <keyhi.h> /* for SECKEY_DestroyPublicKey() */
+#include <private/pprio.h> /* for PR_ImportTCPSocket */
+
+#define NSSVERNUM ((NSS_VMAJOR<<16)|(NSS_VMINOR<<8)|NSS_VPATCH)
+
+#if NSSVERNUM >= 0x030f00 /* 3.15.0 */
+#include <ocsp.h>
+#endif
+
+#include "strcase.h"
+#include "warnless.h"
+#include "x509asn1.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#define SSL_DIR "/etc/pki/nssdb"
+
+/* enough to fit the string "PEM Token #[0|1]" */
+#define SLOTSIZE 13
+
+struct ssl_backend_data {
+ PRFileDesc *handle;
+ char *client_nickname;
+ struct Curl_easy *data;
+ struct curl_llist obj_list;
+ PK11GenericObject *obj_clicert;
+};
+
+#define BACKEND connssl->backend
+
+static PRLock *nss_initlock = NULL;
+static PRLock *nss_crllock = NULL;
+static PRLock *nss_findslot_lock = NULL;
+static PRLock *nss_trustload_lock = NULL;
+static struct curl_llist nss_crl_list;
+static NSSInitContext *nss_context = NULL;
+static volatile int initialized = 0;
+
+/* type used to wrap pointers as list nodes */
+struct ptr_list_wrap {
+ void *ptr;
+ struct curl_llist_element node;
+};
+
+typedef struct {
+ const char *name;
+ int num;
+} cipher_s;
+
+#define PK11_SETATTRS(_attr, _idx, _type, _val, _len) do { \
+ CK_ATTRIBUTE *ptr = (_attr) + ((_idx)++); \
+ ptr->type = (_type); \
+ ptr->pValue = (_val); \
+ ptr->ulValueLen = (_len); \
+} WHILE_FALSE
+
+#define CERT_NewTempCertificate __CERT_NewTempCertificate
+
+#define NUM_OF_CIPHERS sizeof(cipherlist)/sizeof(cipherlist[0])
+static const cipher_s cipherlist[] = {
+ /* SSL2 cipher suites */
+ {"rc4", SSL_EN_RC4_128_WITH_MD5},
+ {"rc4-md5", SSL_EN_RC4_128_WITH_MD5},
+ {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
+ {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5},
+ {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
+ {"des", SSL_EN_DES_64_CBC_WITH_MD5},
+ {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
+ /* SSL3/TLS cipher suites */
+ {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
+ {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA},
+ {"rsa_3des_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
+ {"rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
+ {"rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
+ {"rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
+ {"rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
+ {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA},
+ {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
+ {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
+ {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
+ {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
+ {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
+ /* TLS 1.0: Exportable 56-bit Cipher Suites. */
+ {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
+ {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
+ /* AES ciphers. */
+ {"dhe_dss_aes_128_cbc_sha", TLS_DHE_DSS_WITH_AES_128_CBC_SHA},
+ {"dhe_dss_aes_256_cbc_sha", TLS_DHE_DSS_WITH_AES_256_CBC_SHA},
+ {"dhe_rsa_aes_128_cbc_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
+ {"dhe_rsa_aes_256_cbc_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
+ {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA},
+ {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA},
+ /* ECC ciphers. */
+ {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA},
+ {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
+ {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA},
+ {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA},
+ {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA},
+ {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA},
+ {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
+ {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA},
+ {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
+ {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
+ {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA},
+ {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA},
+ {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA},
+ {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA},
+ {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA},
+ {"ecdhe_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA},
+ {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
+ {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA},
+ {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
+ {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
+ {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA},
+ {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA},
+ {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
+ {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
+ {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
+#ifdef TLS_RSA_WITH_NULL_SHA256
+ /* new HMAC-SHA256 cipher suites specified in RFC */
+ {"rsa_null_sha_256", TLS_RSA_WITH_NULL_SHA256},
+ {"rsa_aes_128_cbc_sha_256", TLS_RSA_WITH_AES_128_CBC_SHA256},
+ {"rsa_aes_256_cbc_sha_256", TLS_RSA_WITH_AES_256_CBC_SHA256},
+ {"dhe_rsa_aes_128_cbc_sha_256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
+ {"dhe_rsa_aes_256_cbc_sha_256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
+ {"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
+ {"ecdhe_rsa_aes_128_cbc_sha_256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
+#endif
+#ifdef TLS_RSA_WITH_AES_128_GCM_SHA256
+ /* AES GCM cipher suites in RFC 5288 and RFC 5289 */
+ {"rsa_aes_128_gcm_sha_256", TLS_RSA_WITH_AES_128_GCM_SHA256},
+ {"dhe_rsa_aes_128_gcm_sha_256", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
+ {"dhe_dss_aes_128_gcm_sha_256", TLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
+ {"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ {"ecdh_ecdsa_aes_128_gcm_sha_256", TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256},
+ {"ecdhe_rsa_aes_128_gcm_sha_256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ {"ecdh_rsa_aes_128_gcm_sha_256", TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
+#endif
+#ifdef TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ /* cipher suites using SHA384 */
+ {"rsa_aes_256_gcm_sha_384", TLS_RSA_WITH_AES_256_GCM_SHA384},
+ {"dhe_rsa_aes_256_gcm_sha_384", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
+ {"dhe_dss_aes_256_gcm_sha_384", TLS_DHE_DSS_WITH_AES_256_GCM_SHA384},
+ {"ecdhe_ecdsa_aes_256_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
+ {"ecdhe_rsa_aes_256_sha_384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
+ {"ecdhe_ecdsa_aes_256_gcm_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
+ {"ecdhe_rsa_aes_256_gcm_sha_384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
+#endif
+#ifdef TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ /* chacha20-poly1305 cipher suites */
+ {"ecdhe_rsa_chacha20_poly1305_sha_256",
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
+ {"ecdhe_ecdsa_chacha20_poly1305_sha_256",
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
+ {"dhe_rsa_chacha20_poly1305_sha_256",
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
+#endif
+};
+
+static const char *pem_library = "libnsspem.so";
+static SECMODModule *pem_module = NULL;
+
+static const char *trust_library = "libnssckbi.so";
+static SECMODModule *trust_module = NULL;
+
+/* NSPR I/O layer we use to detect blocking direction during SSL handshake */
+static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER;
+static PRIOMethods nspr_io_methods;
+
+static const char *nss_error_to_name(PRErrorCode code)
+{
+ const char *name = PR_ErrorToName(code);
+ if(name)
+ return name;
+
+ return "unknown error";
+}
+
+static void nss_print_error_message(struct Curl_easy *data, PRUint32 err)
+{
+ failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
+}
+
+static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc * model,
+ char *cipher_list)
+{
+ unsigned int i;
+ PRBool cipher_state[NUM_OF_CIPHERS];
+ PRBool found;
+ char *cipher;
+
+ /* use accessors to avoid dynamic linking issues after an update of NSS */
+ const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers();
+ const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
+ if(!implemented_ciphers)
+ return SECFailure;
+
+ /* First disable all ciphers. This uses a different max value in case
+ * NSS adds more ciphers later we don't want them available by
+ * accident
+ */
+ for(i = 0; i < num_implemented_ciphers; i++) {
+ SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE);
+ }
+
+ /* Set every entry in our list to false */
+ for(i = 0; i < NUM_OF_CIPHERS; i++) {
+ cipher_state[i] = PR_FALSE;
+ }
+
+ cipher = cipher_list;
+
+ while(cipher_list && (cipher_list[0])) {
+ while((*cipher) && (ISSPACE(*cipher)))
+ ++cipher;
+
+ cipher_list = strchr(cipher, ',');
+ if(cipher_list) {
+ *cipher_list++ = '\0';
+ }
+
+ found = PR_FALSE;
+
+ for(i = 0; i<NUM_OF_CIPHERS; i++) {
+ if(strcasecompare(cipher, cipherlist[i].name)) {
+ cipher_state[i] = PR_TRUE;
+ found = PR_TRUE;
+ break;
+ }
+ }
+
+ if(found == PR_FALSE) {
+ failf(data, "Unknown cipher in list: %s", cipher);
+ return SECFailure;
+ }
+
+ if(cipher_list) {
+ cipher = cipher_list;
+ }
+ }
+
+ /* Finally actually enable the selected ciphers */
+ for(i = 0; i<NUM_OF_CIPHERS; i++) {
+ if(!cipher_state[i])
+ continue;
+
+ if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
+ failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
+ return SECFailure;
+ }
+ }
+
+ return SECSuccess;
+}
+
+/*
+ * Return true if at least one cipher-suite is enabled. Used to determine
+ * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
+ */
+static bool any_cipher_enabled(void)
+{
+ unsigned int i;
+
+ for(i = 0; i<NUM_OF_CIPHERS; i++) {
+ PRInt32 policy = 0;
+ SSL_CipherPolicyGet(cipherlist[i].num, &policy);
+ if(policy)
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/*
+ * Determine whether the nickname passed in is a filename that needs to
+ * be loaded as a PEM or a regular NSS nickname.
+ *
+ * returns 1 for a file
+ * returns 0 for not a file (NSS nickname)
+ */
+static int is_file(const char *filename)
+{
+ struct_stat st;
+
+ if(filename == NULL)
+ return 0;
+
+ if(stat(filename, &st) == 0)
+ if(S_ISREG(st.st_mode))
+ return 1;
+
+ return 0;
+}
+
+/* Check if the given string is filename or nickname of a certificate. If the
+ * given string is recognized as filename, return NULL. If the given string is
+ * recognized as nickname, return a duplicated string. The returned string
+ * should be later deallocated using free(). If the OOM failure occurs, we
+ * return NULL, too.
+ */
+static char *dup_nickname(struct Curl_easy *data, const char *str)
+{
+ const char *n;
+
+ if(!is_file(str))
+ /* no such file exists, use the string as nickname */
+ return strdup(str);
+
+ /* search the first slash; we require at least one slash in a file name */
+ n = strchr(str, '/');
+ if(!n) {
+ infof(data, "warning: certificate file name \"%s\" handled as nickname; "
+ "please use \"./%s\" to force file name\n", str, str);
+ return strdup(str);
+ }
+
+ /* we'll use the PEM reader to read the certificate from file */
+ return NULL;
+}
+
+/* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition
+ * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more
+ * details, go to <https://bugzilla.mozilla.org/1297397>.
+ */
+static PK11SlotInfo* nss_find_slot_by_name(const char *slot_name)
+{
+ PK11SlotInfo *slot;
+ PR_Lock(nss_findslot_lock);
+ slot = PK11_FindSlotByName(slot_name);
+ PR_Unlock(nss_findslot_lock);
+ return slot;
+}
+
+/* wrap 'ptr' as list node and tail-insert into 'list' */
+static CURLcode insert_wrapped_ptr(struct curl_llist *list, void *ptr)
+{
+ struct ptr_list_wrap *wrap = malloc(sizeof *wrap);
+ if(!wrap)
+ return CURLE_OUT_OF_MEMORY;
+
+ wrap->ptr = ptr;
+ Curl_llist_insert_next(list, list->tail, wrap, &wrap->node);
+ return CURLE_OK;
+}
+
+/* Call PK11_CreateGenericObject() with the given obj_class and filename. If
+ * the call succeeds, append the object handle to the list of objects so that
+ * the object can be destroyed in Curl_nss_close(). */
+static CURLcode nss_create_object(struct ssl_connect_data *connssl,
+ CK_OBJECT_CLASS obj_class,
+ const char *filename, bool cacert)
+{
+ PK11SlotInfo *slot;
+ PK11GenericObject *obj;
+ CK_BBOOL cktrue = CK_TRUE;
+ CK_BBOOL ckfalse = CK_FALSE;
+ CK_ATTRIBUTE attrs[/* max count of attributes */ 4];
+ int attr_cnt = 0;
+ CURLcode result = (cacert)
+ ? CURLE_SSL_CACERT_BADFILE
+ : CURLE_SSL_CERTPROBLEM;
+
+ const int slot_id = (cacert) ? 0 : 1;
+ char *slot_name = aprintf("PEM Token #%d", slot_id);
+ if(!slot_name)
+ return CURLE_OUT_OF_MEMORY;
+
+ slot = nss_find_slot_by_name(slot_name);
+ free(slot_name);
+ if(!slot)
+ return result;
+
+ PK11_SETATTRS(attrs, attr_cnt, CKA_CLASS, &obj_class, sizeof(obj_class));
+ PK11_SETATTRS(attrs, attr_cnt, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
+ PK11_SETATTRS(attrs, attr_cnt, CKA_LABEL, (unsigned char *)filename,
+ (CK_ULONG)strlen(filename) + 1);
+
+ if(CKO_CERTIFICATE == obj_class) {
+ CK_BBOOL *pval = (cacert) ? (&cktrue) : (&ckfalse);
+ PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
+ }
+
+ obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
+ PK11_FreeSlot(slot);
+ if(!obj)
+ return result;
+
+ if(insert_wrapped_ptr(&BACKEND->obj_list, obj) != CURLE_OK) {
+ PK11_DestroyGenericObject(obj);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(!cacert && CKO_CERTIFICATE == obj_class)
+ /* store reference to a client certificate */
+ BACKEND->obj_clicert = obj;
+
+ return CURLE_OK;
+}
+
+/* Destroy the NSS object whose handle is given by ptr. This function is
+ * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy
+ * NSS objects in Curl_nss_close() */
+static void nss_destroy_object(void *user, void *ptr)
+{
+ struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr;
+ PK11GenericObject *obj = (PK11GenericObject *) wrap->ptr;
+ (void) user;
+ PK11_DestroyGenericObject(obj);
+ free(wrap);
+}
+
+/* same as nss_destroy_object() but for CRL items */
+static void nss_destroy_crl_item(void *user, void *ptr)
+{
+ struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr;
+ SECItem *crl_der = (SECItem *) wrap->ptr;
+ (void) user;
+ SECITEM_FreeItem(crl_der, PR_TRUE);
+ free(wrap);
+}
+
+static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
+ const char *filename, PRBool cacert)
+{
+ CURLcode result = (cacert)
+ ? CURLE_SSL_CACERT_BADFILE
+ : CURLE_SSL_CERTPROBLEM;
+
+ /* libnsspem.so leaks memory if the requested file does not exist. For more
+ * details, go to <https://bugzilla.redhat.com/734760>. */
+ if(is_file(filename))
+ result = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
+
+ if(!result && !cacert) {
+ /* we have successfully loaded a client certificate */
+ CERTCertificate *cert;
+ char *nickname = NULL;
+ char *n = strrchr(filename, '/');
+ if(n)
+ n++;
+
+ /* The following undocumented magic helps to avoid a SIGSEGV on call
+ * of PK11_ReadRawAttribute() from SelectClientCert() when using an
+ * immature version of libnsspem.so. For more details, go to
+ * <https://bugzilla.redhat.com/733685>. */
+ nickname = aprintf("PEM Token #1:%s", n);
+ if(nickname) {
+ cert = PK11_FindCertFromNickname(nickname, NULL);
+ if(cert)
+ CERT_DestroyCertificate(cert);
+
+ free(nickname);
+ }
+ }
+
+ return result;
+}
+
+/* add given CRL to cache if it is not already there */
+static CURLcode nss_cache_crl(SECItem *crl_der)
+{
+ CERTCertDBHandle *db = CERT_GetDefaultCertDB();
+ CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
+ if(crl) {
+ /* CRL already cached */
+ SEC_DestroyCrl(crl);
+ SECITEM_FreeItem(crl_der, PR_TRUE);
+ return CURLE_OK;
+ }
+
+ /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */
+ PR_Lock(nss_crllock);
+
+ /* store the CRL item so that we can free it in Curl_nss_cleanup() */
+ if(insert_wrapped_ptr(&nss_crl_list, crl_der) != CURLE_OK) {
+ SECITEM_FreeItem(crl_der, PR_TRUE);
+ PR_Unlock(nss_crllock);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
+ /* unable to cache CRL */
+ PR_Unlock(nss_crllock);
+ return CURLE_SSL_CRL_BADFILE;
+ }
+
+ /* we need to clear session cache, so that the CRL could take effect */
+ SSL_ClearSessionCache();
+ PR_Unlock(nss_crllock);
+ return CURLE_OK;
+}
+
+static CURLcode nss_load_crl(const char *crlfilename)
+{
+ PRFileDesc *infile;
+ PRFileInfo info;
+ SECItem filedata = { 0, NULL, 0 };
+ SECItem *crl_der = NULL;
+ char *body;
+
+ infile = PR_Open(crlfilename, PR_RDONLY, 0);
+ if(!infile)
+ return CURLE_SSL_CRL_BADFILE;
+
+ if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info))
+ goto fail;
+
+ if(!SECITEM_AllocItem(NULL, &filedata, info.size + /* zero ended */ 1))
+ goto fail;
+
+ if(info.size != PR_Read(infile, filedata.data, info.size))
+ goto fail;
+
+ crl_der = SECITEM_AllocItem(NULL, NULL, 0U);
+ if(!crl_der)
+ goto fail;
+
+ /* place a trailing zero right after the visible data */
+ body = (char *)filedata.data;
+ body[--filedata.len] = '\0';
+
+ body = strstr(body, "-----BEGIN");
+ if(body) {
+ /* assume ASCII */
+ char *trailer;
+ char *begin = PORT_Strchr(body, '\n');
+ if(!begin)
+ begin = PORT_Strchr(body, '\r');
+ if(!begin)
+ goto fail;
+
+ trailer = strstr(++begin, "-----END");
+ if(!trailer)
+ goto fail;
+
+ /* retrieve DER from ASCII */
+ *trailer = '\0';
+ if(ATOB_ConvertAsciiToItem(crl_der, begin))
+ goto fail;
+
+ SECITEM_FreeItem(&filedata, PR_FALSE);
+ }
+ else
+ /* assume DER */
+ *crl_der = filedata;
+
+ PR_Close(infile);
+ return nss_cache_crl(crl_der);
+
+fail:
+ PR_Close(infile);
+ SECITEM_FreeItem(crl_der, PR_TRUE);
+ SECITEM_FreeItem(&filedata, PR_FALSE);
+ return CURLE_SSL_CRL_BADFILE;
+}
+
+static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
+ char *key_file)
+{
+ PK11SlotInfo *slot, *tmp;
+ SECStatus status;
+ CURLcode result;
+ struct ssl_connect_data *ssl = conn->ssl;
+ struct Curl_easy *data = conn->data;
+
+ (void)sockindex; /* unused */
+
+ result = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
+ if(result) {
+ PR_SetError(SEC_ERROR_BAD_KEY, 0);
+ return result;
+ }
+
+ slot = nss_find_slot_by_name("PEM Token #1");
+ if(!slot)
+ return CURLE_SSL_CERTPROBLEM;
+
+ /* This will force the token to be seen as re-inserted */
+ tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0);
+ if(tmp)
+ PK11_FreeSlot(tmp);
+ PK11_IsPresent(slot);
+
+ status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));
+ PK11_FreeSlot(slot);
+
+ return (SECSuccess == status) ? CURLE_OK : CURLE_SSL_CERTPROBLEM;
+}
+
+static int display_error(struct connectdata *conn, PRInt32 err,
+ const char *filename)
+{
+ switch(err) {
+ case SEC_ERROR_BAD_PASSWORD:
+ failf(conn->data, "Unable to load client key: Incorrect password");
+ return 1;
+ case SEC_ERROR_UNKNOWN_CERT:
+ failf(conn->data, "Unable to load certificate %s", filename);
+ return 1;
+ default:
+ break;
+ }
+ return 0; /* The caller will print a generic error */
+}
+
+static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
+ char *cert_file, char *key_file)
+{
+ struct Curl_easy *data = conn->data;
+ CURLcode result;
+
+ if(cert_file) {
+ result = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
+ if(result) {
+ const PRErrorCode err = PR_GetError();
+ if(!display_error(conn, err, cert_file)) {
+ const char *err_name = nss_error_to_name(err);
+ failf(data, "unable to load client cert: %d (%s)", err, err_name);
+ }
+
+ return result;
+ }
+ }
+
+ if(key_file || (is_file(cert_file))) {
+ if(key_file)
+ result = nss_load_key(conn, sockindex, key_file);
+ else
+ /* In case the cert file also has the key */
+ result = nss_load_key(conn, sockindex, cert_file);
+ if(result) {
+ const PRErrorCode err = PR_GetError();
+ if(!display_error(conn, err, key_file)) {
+ const char *err_name = nss_error_to_name(err);
+ failf(data, "unable to load client key: %d (%s)", err, err_name);
+ }
+
+ return result;
+ }
+ }
+
+ return CURLE_OK;
+}
+
+static char *nss_get_password(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+ (void)slot; /* unused */
+
+ if(retry || NULL == arg)
+ return NULL;
+ else
+ return (char *)PORT_Strdup((char *)arg);
+}
+
+/* bypass the default SSL_AuthCertificate() hook in case we do not want to
+ * verify peer */
+static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
+ PRBool isServer)
+{
+ struct connectdata *conn = (struct connectdata *)arg;
+
+#ifdef SSL_ENABLE_OCSP_STAPLING
+ if(SSL_CONN_CONFIG(verifystatus)) {
+ SECStatus cacheResult;
+
+ const SECItemArray *csa = SSL_PeerStapledOCSPResponses(fd);
+ if(!csa) {
+ failf(conn->data, "Invalid OCSP response");
+ return SECFailure;
+ }
+
+ if(csa->len == 0) {
+ failf(conn->data, "No OCSP response received");
+ return SECFailure;
+ }
+
+ cacheResult = CERT_CacheOCSPResponseFromSideChannel(
+ CERT_GetDefaultCertDB(), SSL_PeerCertificate(fd),
+ PR_Now(), &csa->items[0], arg
+ );
+
+ if(cacheResult != SECSuccess) {
+ failf(conn->data, "Invalid OCSP response");
+ return cacheResult;
+ }
+ }
+#endif
+
+ if(!SSL_CONN_CONFIG(verifypeer)) {
+ infof(conn->data, "skipping SSL peer certificate verification\n");
+ return SECSuccess;
+ }
+
+ return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
+}
+
+/**
+ * Inform the application that the handshake is complete.
+ */
+static void HandshakeCallback(PRFileDesc *sock, void *arg)
+{
+ struct connectdata *conn = (struct connectdata*) arg;
+ unsigned int buflenmax = 50;
+ unsigned char buf[50];
+ unsigned int buflen;
+ SSLNextProtoState state;
+
+ if(!conn->bits.tls_enable_npn && !conn->bits.tls_enable_alpn) {
+ return;
+ }
+
+ if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) {
+
+ switch(state) {
+#if NSSVERNUM >= 0x031a00 /* 3.26.0 */
+ /* used by NSS internally to implement 0-RTT */
+ case SSL_NEXT_PROTO_EARLY_VALUE:
+ /* fall through! */
+#endif
+ case SSL_NEXT_PROTO_NO_SUPPORT:
+ case SSL_NEXT_PROTO_NO_OVERLAP:
+ infof(conn->data, "ALPN/NPN, server did not agree to a protocol\n");
+ return;
+#ifdef SSL_ENABLE_ALPN
+ case SSL_NEXT_PROTO_SELECTED:
+ infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf);
+ break;
+#endif
+ case SSL_NEXT_PROTO_NEGOTIATED:
+ infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf);
+ break;
+ }
+
+#ifdef USE_NGHTTP2
+ if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
+ !memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(buflen == ALPN_HTTP_1_1_LENGTH &&
+ !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ }
+}
+
+#if NSSVERNUM >= 0x030f04 /* 3.15.4 */
+static SECStatus CanFalseStartCallback(PRFileDesc *sock, void *client_data,
+ PRBool *canFalseStart)
+{
+ struct connectdata *conn = client_data;
+ struct Curl_easy *data = conn->data;
+
+ SSLChannelInfo channelInfo;
+ SSLCipherSuiteInfo cipherInfo;
+
+ SECStatus rv;
+ PRBool negotiatedExtension;
+
+ *canFalseStart = PR_FALSE;
+
+ if(SSL_GetChannelInfo(sock, &channelInfo, sizeof(channelInfo)) != SECSuccess)
+ return SECFailure;
+
+ if(SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+ sizeof(cipherInfo)) != SECSuccess)
+ return SECFailure;
+
+ /* Prevent version downgrade attacks from TLS 1.2, and avoid False Start for
+ * TLS 1.3 and later. See https://bugzilla.mozilla.org/show_bug.cgi?id=861310
+ */
+ if(channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2)
+ goto end;
+
+ /* Only allow ECDHE key exchange algorithm.
+ * See https://bugzilla.mozilla.org/show_bug.cgi?id=952863 */
+ if(cipherInfo.keaType != ssl_kea_ecdh)
+ goto end;
+
+ /* Prevent downgrade attacks on the symmetric cipher. We do not allow CBC
+ * mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt
+ * design. See https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 */
+ if(cipherInfo.symCipher != ssl_calg_aes_gcm)
+ goto end;
+
+ /* Enforce ALPN or NPN to do False Start, as an indicator of server
+ * compatibility. */
+ rv = SSL_HandshakeNegotiatedExtension(sock, ssl_app_layer_protocol_xtn,
+ &negotiatedExtension);
+ if(rv != SECSuccess || !negotiatedExtension) {
+ rv = SSL_HandshakeNegotiatedExtension(sock, ssl_next_proto_nego_xtn,
+ &negotiatedExtension);
+ }
+
+ if(rv != SECSuccess || !negotiatedExtension)
+ goto end;
+
+ *canFalseStart = PR_TRUE;
+
+ infof(data, "Trying TLS False Start\n");
+
+end:
+ return SECSuccess;
+}
+#endif
+
+static void display_cert_info(struct Curl_easy *data,
+ CERTCertificate *cert)
+{
+ char *subject, *issuer, *common_name;
+ PRExplodedTime printableTime;
+ char timeString[256];
+ PRTime notBefore, notAfter;
+
+ subject = CERT_NameToAscii(&cert->subject);
+ issuer = CERT_NameToAscii(&cert->issuer);
+ common_name = CERT_GetCommonName(&cert->subject);
+ infof(data, "\tsubject: %s\n", subject);
+
+ CERT_GetCertTimes(cert, &notBefore, &notAfter);
+ PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
+ PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
+ infof(data, "\tstart date: %s\n", timeString);
+ PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime);
+ PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
+ infof(data, "\texpire date: %s\n", timeString);
+ infof(data, "\tcommon name: %s\n", common_name);
+ infof(data, "\tissuer: %s\n", issuer);
+
+ PR_Free(subject);
+ PR_Free(issuer);
+ PR_Free(common_name);
+}
+
+static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+{
+ CURLcode result = CURLE_OK;
+ SSLChannelInfo channel;
+ SSLCipherSuiteInfo suite;
+ CERTCertificate *cert;
+ CERTCertificate *cert2;
+ CERTCertificate *cert3;
+ PRTime now;
+ int i;
+
+ if(SSL_GetChannelInfo(sock, &channel, sizeof channel) ==
+ SECSuccess && channel.length == sizeof channel &&
+ channel.cipherSuite) {
+ if(SSL_GetCipherSuiteInfo(channel.cipherSuite,
+ &suite, sizeof suite) == SECSuccess) {
+ infof(conn->data, "SSL connection using %s\n", suite.cipherSuiteName);
+ }
+ }
+
+ cert = SSL_PeerCertificate(sock);
+ if(cert) {
+ infof(conn->data, "Server certificate:\n");
+
+ if(!conn->data->set.ssl.certinfo) {
+ display_cert_info(conn->data, cert);
+ CERT_DestroyCertificate(cert);
+ }
+ else {
+ /* Count certificates in chain. */
+ now = PR_Now();
+ i = 1;
+ if(!cert->isRoot) {
+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
+ while(cert2) {
+ i++;
+ if(cert2->isRoot) {
+ CERT_DestroyCertificate(cert2);
+ break;
+ }
+ cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA);
+ CERT_DestroyCertificate(cert2);
+ cert2 = cert3;
+ }
+ }
+
+ result = Curl_ssl_init_certinfo(conn->data, i);
+ if(!result) {
+ for(i = 0; cert; cert = cert2) {
+ result = Curl_extract_certinfo(conn, i++, (char *)cert->derCert.data,
+ (char *)cert->derCert.data +
+ cert->derCert.len);
+ if(result)
+ break;
+
+ if(cert->isRoot) {
+ CERT_DestroyCertificate(cert);
+ break;
+ }
+
+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
+ CERT_DestroyCertificate(cert);
+ }
+ }
+ }
+ }
+
+ return result;
+}
+
+static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
+{
+ struct connectdata *conn = (struct connectdata *)arg;
+ struct Curl_easy *data = conn->data;
+ PRErrorCode err = PR_GetError();
+ CERTCertificate *cert;
+
+ /* remember the cert verification result */
+ if(SSL_IS_PROXY())
+ data->set.proxy_ssl.certverifyresult = err;
+ else
+ data->set.ssl.certverifyresult = err;
+
+ if(err == SSL_ERROR_BAD_CERT_DOMAIN && !SSL_CONN_CONFIG(verifyhost))
+ /* we are asked not to verify the host name */
+ return SECSuccess;
+
+ /* print only info about the cert, the error is printed off the callback */
+ cert = SSL_PeerCertificate(sock);
+ if(cert) {
+ infof(data, "Server certificate:\n");
+ display_cert_info(data, cert);
+ CERT_DestroyCertificate(cert);
+ }
+
+ return SECFailure;
+}
+
+/**
+ *
+ * Check that the Peer certificate's issuer certificate matches the one found
+ * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the
+ * issuer check, so we provide comments that mimic the OpenSSL
+ * X509_check_issued function (in x509v3/v3_purp.c)
+ */
+static SECStatus check_issuer_cert(PRFileDesc *sock,
+ char *issuer_nickname)
+{
+ CERTCertificate *cert, *cert_issuer, *issuer;
+ SECStatus res = SECSuccess;
+ void *proto_win = NULL;
+
+ cert = SSL_PeerCertificate(sock);
+ cert_issuer = CERT_FindCertIssuer(cert, PR_Now(), certUsageObjectSigner);
+
+ proto_win = SSL_RevealPinArg(sock);
+ issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
+
+ if((!cert_issuer) || (!issuer))
+ res = SECFailure;
+ else if(SECITEM_CompareItem(&cert_issuer->derCert,
+ &issuer->derCert) != SECEqual)
+ res = SECFailure;
+
+ CERT_DestroyCertificate(cert);
+ CERT_DestroyCertificate(issuer);
+ CERT_DestroyCertificate(cert_issuer);
+ return res;
+}
+
+static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl,
+ const char *pinnedpubkey)
+{
+ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ struct Curl_easy *data = BACKEND->data;
+ CERTCertificate *cert;
+
+ if(!pinnedpubkey)
+ /* no pinned public key specified */
+ return CURLE_OK;
+
+ /* get peer certificate */
+ cert = SSL_PeerCertificate(BACKEND->handle);
+ if(cert) {
+ /* extract public key from peer certificate */
+ SECKEYPublicKey *pubkey = CERT_ExtractPublicKey(cert);
+ if(pubkey) {
+ /* encode the public key as DER */
+ SECItem *cert_der = PK11_DEREncodePublicKey(pubkey);
+ if(cert_der) {
+ /* compare the public key with the pinned public key */
+ result = Curl_pin_peer_pubkey(data, pinnedpubkey, cert_der->data,
+ cert_der->len);
+ SECITEM_FreeItem(cert_der, PR_TRUE);
+ }
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ CERT_DestroyCertificate(cert);
+ }
+
+ /* report the resulting status */
+ switch(result) {
+ case CURLE_OK:
+ infof(data, "pinned public key verified successfully!\n");
+ break;
+ case CURLE_SSL_PINNEDPUBKEYNOTMATCH:
+ failf(data, "failed to verify pinned public key");
+ break;
+ default:
+ /* OOM, etc. */
+ break;
+ }
+
+ return result;
+}
+
+/**
+ *
+ * Callback to pick the SSL client certificate.
+ */
+static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
+ struct CERTDistNamesStr *caNames,
+ struct CERTCertificateStr **pRetCert,
+ struct SECKEYPrivateKeyStr **pRetKey)
+{
+ struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
+ struct Curl_easy *data = BACKEND->data;
+ const char *nickname = BACKEND->client_nickname;
+ static const char pem_slotname[] = "PEM Token #1";
+
+ if(BACKEND->obj_clicert) {
+ /* use the cert/key provided by PEM reader */
+ SECItem cert_der = { 0, NULL, 0 };
+ void *proto_win = SSL_RevealPinArg(sock);
+ struct CERTCertificateStr *cert;
+ struct SECKEYPrivateKeyStr *key;
+
+ PK11SlotInfo *slot = nss_find_slot_by_name(pem_slotname);
+ if(NULL == slot) {
+ failf(data, "NSS: PK11 slot not found: %s", pem_slotname);
+ return SECFailure;
+ }
+
+ if(PK11_ReadRawAttribute(PK11_TypeGeneric, BACKEND->obj_clicert, CKA_VALUE,
+ &cert_der) != SECSuccess) {
+ failf(data, "NSS: CKA_VALUE not found in PK11 generic object");
+ PK11_FreeSlot(slot);
+ return SECFailure;
+ }
+
+ cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
+ SECITEM_FreeItem(&cert_der, PR_FALSE);
+ if(NULL == cert) {
+ failf(data, "NSS: client certificate from file not found");
+ PK11_FreeSlot(slot);
+ return SECFailure;
+ }
+
+ key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
+ PK11_FreeSlot(slot);
+ if(NULL == key) {
+ failf(data, "NSS: private key from file not found");
+ CERT_DestroyCertificate(cert);
+ return SECFailure;
+ }
+
+ infof(data, "NSS: client certificate from file\n");
+ display_cert_info(data, cert);
+
+ *pRetCert = cert;
+ *pRetKey = key;
+ return SECSuccess;
+ }
+
+ /* use the default NSS hook */
+ if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
+ pRetCert, pRetKey)
+ || NULL == *pRetCert) {
+
+ if(NULL == nickname)
+ failf(data, "NSS: client certificate not found (nickname not "
+ "specified)");
+ else
+ failf(data, "NSS: client certificate not found: %s", nickname);
+
+ return SECFailure;
+ }
+
+ /* get certificate nickname if any */
+ nickname = (*pRetCert)->nickname;
+ if(NULL == nickname)
+ nickname = "[unknown]";
+
+ if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
+ failf(data, "NSS: refusing previously loaded certificate from file: %s",
+ nickname);
+ return SECFailure;
+ }
+
+ if(NULL == *pRetKey) {
+ failf(data, "NSS: private key not found for certificate: %s", nickname);
+ return SECFailure;
+ }
+
+ infof(data, "NSS: using client certificate: %s\n", nickname);
+ display_cert_info(data, *pRetCert);
+ return SECSuccess;
+}
+
+/* update blocking direction in case of PR_WOULD_BLOCK_ERROR */
+static void nss_update_connecting_state(ssl_connect_state state, void *secret)
+{
+ struct ssl_connect_data *connssl = (struct ssl_connect_data *)secret;
+ if(PR_GetError() != PR_WOULD_BLOCK_ERROR)
+ /* an unrelated error is passing by */
+ return;
+
+ switch(connssl->connecting_state) {
+ case ssl_connect_2:
+ case ssl_connect_2_reading:
+ case ssl_connect_2_writing:
+ break;
+ default:
+ /* we are not called from an SSL handshake */
+ return;
+ }
+
+ /* update the state accordingly */
+ connssl->connecting_state = state;
+}
+
+/* recv() wrapper we use to detect blocking direction during SSL handshake */
+static PRInt32 nspr_io_recv(PRFileDesc *fd, void *buf, PRInt32 amount,
+ PRIntn flags, PRIntervalTime timeout)
+{
+ const PRRecvFN recv_fn = fd->lower->methods->recv;
+ const PRInt32 rv = recv_fn(fd->lower, buf, amount, flags, timeout);
+ if(rv < 0)
+ /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
+ nss_update_connecting_state(ssl_connect_2_reading, fd->secret);
+ return rv;
+}
+
+/* send() wrapper we use to detect blocking direction during SSL handshake */
+static PRInt32 nspr_io_send(PRFileDesc *fd, const void *buf, PRInt32 amount,
+ PRIntn flags, PRIntervalTime timeout)
+{
+ const PRSendFN send_fn = fd->lower->methods->send;
+ const PRInt32 rv = send_fn(fd->lower, buf, amount, flags, timeout);
+ if(rv < 0)
+ /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
+ nss_update_connecting_state(ssl_connect_2_writing, fd->secret);
+ return rv;
+}
+
+/* close() wrapper to avoid assertion failure due to fd->secret != NULL */
+static PRStatus nspr_io_close(PRFileDesc *fd)
+{
+ const PRCloseFN close_fn = PR_GetDefaultIOMethods()->close;
+ fd->secret = NULL;
+ return close_fn(fd);
+}
+
+/* load a PKCS #11 module */
+static CURLcode nss_load_module(SECMODModule **pmod, const char *library,
+ const char *name)
+{
+ char *config_string;
+ SECMODModule *module = *pmod;
+ if(module)
+ /* already loaded */
+ return CURLE_OK;
+
+ config_string = aprintf("library=%s name=%s", library, name);
+ if(!config_string)
+ return CURLE_OUT_OF_MEMORY;
+
+ module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE);
+ free(config_string);
+
+ if(module && module->loaded) {
+ /* loaded successfully */
+ *pmod = module;
+ return CURLE_OK;
+ }
+
+ if(module)
+ SECMOD_DestroyModule(module);
+ return CURLE_FAILED_INIT;
+}
+
+/* unload a PKCS #11 module */
+static void nss_unload_module(SECMODModule **pmod)
+{
+ SECMODModule *module = *pmod;
+ if(!module)
+ /* not loaded */
+ return;
+
+ if(SECMOD_UnloadUserModule(module) != SECSuccess)
+ /* unload failed */
+ return;
+
+ SECMOD_DestroyModule(module);
+ *pmod = NULL;
+}
+
+/* data might be NULL */
+static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
+{
+ NSSInitParameters initparams;
+
+ if(nss_context != NULL)
+ return CURLE_OK;
+
+ memset((void *) &initparams, '\0', sizeof(initparams));
+ initparams.length = sizeof(initparams);
+
+ if(cert_dir) {
+ char *certpath = aprintf("sql:%s", cert_dir);
+ if(!certpath)
+ return CURLE_OUT_OF_MEMORY;
+
+ infof(data, "Initializing NSS with certpath: %s\n", certpath);
+ nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
+ NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
+ free(certpath);
+
+ if(nss_context != NULL)
+ return CURLE_OK;
+
+ infof(data, "Unable to initialize NSS database\n");
+ }
+
+ infof(data, "Initializing NSS with certpath: none\n");
+ nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
+ | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
+ | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
+ if(nss_context != NULL)
+ return CURLE_OK;
+
+ infof(data, "Unable to initialize NSS\n");
+ return CURLE_SSL_CACERT_BADFILE;
+}
+
+/* data might be NULL */
+static CURLcode nss_init(struct Curl_easy *data)
+{
+ char *cert_dir;
+ struct_stat st;
+ CURLcode result;
+
+ if(initialized)
+ return CURLE_OK;
+
+ /* list of all CRL items we need to destroy in Curl_nss_cleanup() */
+ Curl_llist_init(&nss_crl_list, nss_destroy_crl_item);
+
+ /* First we check if $SSL_DIR points to a valid dir */
+ cert_dir = getenv("SSL_DIR");
+ if(cert_dir) {
+ if((stat(cert_dir, &st) != 0) ||
+ (!S_ISDIR(st.st_mode))) {
+ cert_dir = NULL;
+ }
+ }
+
+ /* Now we check if the default location is a valid dir */
+ if(!cert_dir) {
+ if((stat(SSL_DIR, &st) == 0) &&
+ (S_ISDIR(st.st_mode))) {
+ cert_dir = (char *)SSL_DIR;
+ }
+ }
+
+ if(nspr_io_identity == PR_INVALID_IO_LAYER) {
+ /* allocate an identity for our own NSPR I/O layer */
+ nspr_io_identity = PR_GetUniqueIdentity("libcurl");
+ if(nspr_io_identity == PR_INVALID_IO_LAYER)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* the default methods just call down to the lower I/O layer */
+ memcpy(&nspr_io_methods, PR_GetDefaultIOMethods(), sizeof nspr_io_methods);
+
+ /* override certain methods in the table by our wrappers */
+ nspr_io_methods.recv = nspr_io_recv;
+ nspr_io_methods.send = nspr_io_send;
+ nspr_io_methods.close = nspr_io_close;
+ }
+
+ result = nss_init_core(data, cert_dir);
+ if(result)
+ return result;
+
+ if(!any_cipher_enabled())
+ NSS_SetDomesticPolicy();
+
+ initialized = 1;
+
+ return CURLE_OK;
+}
+
+/**
+ * Global SSL init
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
+ */
+static int Curl_nss_init(void)
+{
+ /* curl_global_init() is not thread-safe so this test is ok */
+ if(nss_initlock == NULL) {
+ PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
+ nss_initlock = PR_NewLock();
+ nss_crllock = PR_NewLock();
+ nss_findslot_lock = PR_NewLock();
+ nss_trustload_lock = PR_NewLock();
+ }
+
+ /* We will actually initialize NSS later */
+
+ return 1;
+}
+
+/* data might be NULL */
+CURLcode Curl_nss_force_init(struct Curl_easy *data)
+{
+ CURLcode result;
+ if(!nss_initlock) {
+ if(data)
+ failf(data, "unable to initialize NSS, curl_global_init() should have "
+ "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
+ return CURLE_FAILED_INIT;
+ }
+
+ PR_Lock(nss_initlock);
+ result = nss_init(data);
+ PR_Unlock(nss_initlock);
+
+ return result;
+}
+
+/* Global cleanup */
+static void Curl_nss_cleanup(void)
+{
+ /* This function isn't required to be threadsafe and this is only done
+ * as a safety feature.
+ */
+ PR_Lock(nss_initlock);
+ if(initialized) {
+ /* Free references to client certificates held in the SSL session cache.
+ * Omitting this hampers destruction of the security module owning
+ * the certificates. */
+ SSL_ClearSessionCache();
+
+ nss_unload_module(&pem_module);
+ nss_unload_module(&trust_module);
+ NSS_ShutdownContext(nss_context);
+ nss_context = NULL;
+ }
+
+ /* destroy all CRL items */
+ Curl_llist_destroy(&nss_crl_list, NULL);
+
+ PR_Unlock(nss_initlock);
+
+ PR_DestroyLock(nss_initlock);
+ PR_DestroyLock(nss_crllock);
+ PR_DestroyLock(nss_findslot_lock);
+ PR_DestroyLock(nss_trustload_lock);
+ nss_initlock = NULL;
+
+ initialized = 0;
+}
+
+/*
+ * This function uses SSL_peek to determine connection status.
+ *
+ * Return codes:
+ * 1 means the connection is still in place
+ * 0 means the connection has been closed
+ * -1 means the connection status is unknown
+ */
+static int Curl_nss_check_cxn(struct connectdata *conn)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
+ int rc;
+ char buf;
+
+ rc =
+ PR_Recv(BACKEND->handle, (void *)&buf, 1, PR_MSG_PEEK,
+ PR_SecondsToInterval(1));
+ if(rc > 0)
+ return 1; /* connection still in place */
+
+ if(rc == 0)
+ return 0; /* connection has been closed */
+
+ return -1; /* connection status unknown */
+}
+
+static void nss_close(struct ssl_connect_data *connssl)
+{
+ /* before the cleanup, check whether we are using a client certificate */
+ const bool client_cert = (BACKEND->client_nickname != NULL)
+ || (BACKEND->obj_clicert != NULL);
+
+ free(BACKEND->client_nickname);
+ BACKEND->client_nickname = NULL;
+
+ /* destroy all NSS objects in order to avoid failure of NSS shutdown */
+ Curl_llist_destroy(&BACKEND->obj_list, NULL);
+ BACKEND->obj_clicert = NULL;
+
+ if(BACKEND->handle) {
+ if(client_cert)
+ /* A server might require different authentication based on the
+ * particular path being requested by the client. To support this
+ * scenario, we must ensure that a connection will never reuse the
+ * authentication data from a previous connection. */
+ SSL_InvalidateSession(BACKEND->handle);
+
+ PR_Close(BACKEND->handle);
+ BACKEND->handle = NULL;
+ }
+}
+
+/*
+ * This function is called when an SSL connection is closed.
+ */
+static void Curl_nss_close(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
+
+ if(BACKEND->handle || connssl_proxy->backend->handle) {
+ /* NSS closes the socket we previously handed to it, so we must mark it
+ as closed to avoid double close */
+ fake_sclose(conn->sock[sockindex]);
+ conn->sock[sockindex] = CURL_SOCKET_BAD;
+ }
+
+ if(BACKEND->handle)
+ /* nss_close(connssl) will transitively close also
+ connssl_proxy->backend->handle if both are used. Clear it to avoid
+ a double close leading to crash. */
+ connssl_proxy->backend->handle = NULL;
+
+ nss_close(connssl);
+ nss_close(connssl_proxy);
+}
+
+/* return true if NSS can provide error code (and possibly msg) for the
+ error */
+static bool is_nss_error(CURLcode err)
+{
+ switch(err) {
+ case CURLE_PEER_FAILED_VERIFICATION:
+ case CURLE_SSL_CACERT:
+ case CURLE_SSL_CERTPROBLEM:
+ case CURLE_SSL_CONNECT_ERROR:
+ case CURLE_SSL_ISSUER_ERROR:
+ return true;
+
+ default:
+ return false;
+ }
+}
+
+/* return true if the given error code is related to a client certificate */
+static bool is_cc_error(PRInt32 err)
+{
+ switch(err) {
+ case SSL_ERROR_BAD_CERT_ALERT:
+ case SSL_ERROR_EXPIRED_CERT_ALERT:
+ case SSL_ERROR_REVOKED_CERT_ALERT:
+ return true;
+
+ default:
+ return false;
+ }
+}
+
+static Curl_recv nss_recv;
+static Curl_send nss_send;
+
+static CURLcode nss_load_ca_certificates(struct connectdata *conn,
+ int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ const char *cafile = SSL_CONN_CONFIG(CAfile);
+ const char *capath = SSL_CONN_CONFIG(CApath);
+ bool use_trust_module;
+ CURLcode result = CURLE_OK;
+
+ /* treat empty string as unset */
+ if(cafile && !cafile[0])
+ cafile = NULL;
+ if(capath && !capath[0])
+ capath = NULL;
+
+ infof(data, " CAfile: %s\n CApath: %s\n",
+ cafile ? cafile : "none",
+ capath ? capath : "none");
+
+ /* load libnssckbi.so if no other trust roots were specified */
+ use_trust_module = !cafile && !capath;
+
+ PR_Lock(nss_trustload_lock);
+ if(use_trust_module && !trust_module) {
+ /* libnssckbi.so needed but not yet loaded --> load it! */
+ result = nss_load_module(&trust_module, trust_library, "trust");
+ infof(data, "%s %s\n", (result) ? "failed to load" : "loaded",
+ trust_library);
+ if(result == CURLE_FAILED_INIT)
+ /* make the error non-fatal if we are not going to verify peer */
+ result = CURLE_SSL_CACERT_BADFILE;
+ }
+ else if(!use_trust_module && trust_module) {
+ /* libnssckbi.so not needed but already loaded --> unload it! */
+ infof(data, "unloading %s\n", trust_library);
+ nss_unload_module(&trust_module);
+ }
+ PR_Unlock(nss_trustload_lock);
+
+ if(cafile)
+ result = nss_load_cert(&conn->ssl[sockindex], cafile, PR_TRUE);
+
+ if(result)
+ return result;
+
+ if(capath) {
+ struct_stat st;
+ if(stat(capath, &st) == -1)
+ return CURLE_SSL_CACERT_BADFILE;
+
+ if(S_ISDIR(st.st_mode)) {
+ PRDirEntry *entry;
+ PRDir *dir = PR_OpenDir(capath);
+ if(!dir)
+ return CURLE_SSL_CACERT_BADFILE;
+
+ while((entry = PR_ReadDir(dir, PR_SKIP_BOTH | PR_SKIP_HIDDEN))) {
+ char *fullpath = aprintf("%s/%s", capath, entry->name);
+ if(!fullpath) {
+ PR_CloseDir(dir);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ if(CURLE_OK != nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE))
+ /* This is purposefully tolerant of errors so non-PEM files can
+ * be in the same directory */
+ infof(data, "failed to load '%s' from CURLOPT_CAPATH\n", fullpath);
+
+ free(fullpath);
+ }
+
+ PR_CloseDir(dir);
+ }
+ else
+ infof(data, "warning: CURLOPT_CAPATH not a directory (%s)\n", capath);
+ }
+
+ return CURLE_OK;
+}
+
+static CURLcode nss_sslver_from_curl(PRUint16 *nssver, long version)
+{
+ switch(version) {
+ case CURL_SSLVERSION_TLSv1:
+ /* TODO: set sslver->max to SSL_LIBRARY_VERSION_TLS_1_3 once stable */
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+ *nssver = SSL_LIBRARY_VERSION_TLS_1_2;
+#elif defined SSL_LIBRARY_VERSION_TLS_1_1
+ *nssver = SSL_LIBRARY_VERSION_TLS_1_1;
+#else
+ *nssver = SSL_LIBRARY_VERSION_TLS_1_0;
+#endif
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_SSLv2:
+ *nssver = SSL_LIBRARY_VERSION_2;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_SSLv3:
+ *nssver = SSL_LIBRARY_VERSION_3_0;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_TLSv1_0:
+ *nssver = SSL_LIBRARY_VERSION_TLS_1_0;
+ return CURLE_OK;
+
+ case CURL_SSLVERSION_TLSv1_1:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_1
+ *nssver = SSL_LIBRARY_VERSION_TLS_1_1;
+ return CURLE_OK;
+#else
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+
+ case CURL_SSLVERSION_TLSv1_2:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_2
+ *nssver = SSL_LIBRARY_VERSION_TLS_1_2;
+ return CURLE_OK;
+#else
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+
+ case CURL_SSLVERSION_TLSv1_3:
+#ifdef SSL_LIBRARY_VERSION_TLS_1_3
+ *nssver = SSL_LIBRARY_VERSION_TLS_1_3;
+ return CURLE_OK;
+#else
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+
+ default:
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+}
+
+static CURLcode nss_init_sslver(SSLVersionRange *sslver,
+ struct Curl_easy *data,
+ struct connectdata *conn)
+{
+ CURLcode result;
+ const long min = SSL_CONN_CONFIG(version);
+ const long max = SSL_CONN_CONFIG(version_max);
+
+ /* map CURL_SSLVERSION_DEFAULT to NSS default */
+ if(min == CURL_SSLVERSION_DEFAULT || max == CURL_SSLVERSION_MAX_DEFAULT) {
+ /* map CURL_SSLVERSION_DEFAULT to NSS default */
+ if(SSL_VersionRangeGetDefault(ssl_variant_stream, sslver) != SECSuccess)
+ return CURLE_SSL_CONNECT_ERROR;
+ /* ... but make sure we use at least TLSv1.0 according to libcurl API */
+ if(sslver->min < SSL_LIBRARY_VERSION_TLS_1_0)
+ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+ }
+
+ switch(min) {
+ case CURL_SSLVERSION_DEFAULT:
+ break;
+ case CURL_SSLVERSION_TLSv1:
+ sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
+ break;
+ default:
+ result = nss_sslver_from_curl(&sslver->min, min);
+ if(result) {
+ failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+ if(max == CURL_SSLVERSION_MAX_NONE)
+ sslver->max = sslver->min;
+ }
+
+ switch(max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ break;
+ default:
+ result = nss_sslver_from_curl(&sslver->max, max >> 16);
+ if(result) {
+ failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+ }
+
+ return CURLE_OK;
+}
+
+static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
+ struct Curl_easy *data,
+ CURLcode curlerr)
+{
+ PRErrorCode err = 0;
+
+ if(is_nss_error(curlerr)) {
+ /* read NSPR error code */
+ err = PR_GetError();
+ if(is_cc_error(err))
+ curlerr = CURLE_SSL_CERTPROBLEM;
+
+ /* print the error number and error string */
+ infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
+
+ /* print a human-readable message describing the error if available */
+ nss_print_error_message(data, err);
+ }
+
+ /* cleanup on connection failure */
+ Curl_llist_destroy(&BACKEND->obj_list, NULL);
+
+ return curlerr;
+}
+
+/* Switch the SSL socket into blocking or non-blocking mode. */
+static CURLcode nss_set_blocking(struct ssl_connect_data *connssl,
+ struct Curl_easy *data,
+ bool blocking)
+{
+ static PRSocketOptionData sock_opt;
+ sock_opt.option = PR_SockOpt_Nonblocking;
+ sock_opt.value.non_blocking = !blocking;
+
+ if(PR_SetSocketOption(BACKEND->handle, &sock_opt) != PR_SUCCESS)
+ return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR);
+
+ return CURLE_OK;
+}
+
+static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
+{
+ PRFileDesc *model = NULL;
+ PRFileDesc *nspr_io = NULL;
+ PRFileDesc *nspr_io_stub = NULL;
+ PRBool ssl_no_cache;
+ PRBool ssl_cbc_random_iv;
+ struct Curl_easy *data = conn->data;
+ curl_socket_t sockfd = conn->sock[sockindex];
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ CURLcode result;
+ bool second_layer = FALSE;
+
+ SSLVersionRange sslver = {
+ SSL_LIBRARY_VERSION_TLS_1_0, /* min */
+ SSL_LIBRARY_VERSION_TLS_1_0 /* max */
+ };
+
+ BACKEND->data = data;
+
+ /* list of all NSS objects we need to destroy in Curl_nss_close() */
+ Curl_llist_init(&BACKEND->obj_list, nss_destroy_object);
+
+ /* FIXME. NSS doesn't support multiple databases open at the same time. */
+ PR_Lock(nss_initlock);
+ result = nss_init(conn->data);
+ if(result) {
+ PR_Unlock(nss_initlock);
+ goto error;
+ }
+
+ PK11_SetPasswordFunc(nss_get_password);
+
+ result = nss_load_module(&pem_module, pem_library, "PEM");
+ PR_Unlock(nss_initlock);
+ if(result == CURLE_FAILED_INIT)
+ infof(data, "WARNING: failed to load NSS PEM library %s. Using "
+ "OpenSSL PEM certificates will not work.\n", pem_library);
+ else if(result)
+ goto error;
+
+ result = CURLE_SSL_CONNECT_ERROR;
+
+ model = PR_NewTCPSocket();
+ if(!model)
+ goto error;
+ model = SSL_ImportFD(NULL, model);
+
+ if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+ goto error;
+ if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+ goto error;
+ if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess)
+ goto error;
+
+ /* do not use SSL cache if disabled or we are not going to verify peer */
+ ssl_no_cache = (SSL_SET_OPTION(primary.sessionid)
+ && SSL_CONN_CONFIG(verifypeer)) ? PR_FALSE : PR_TRUE;
+ if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
+ goto error;
+
+ /* enable/disable the requested SSL version(s) */
+ if(nss_init_sslver(&sslver, data, conn) != CURLE_OK)
+ goto error;
+ if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
+ goto error;
+
+ ssl_cbc_random_iv = !SSL_SET_OPTION(enable_beast);
+#ifdef SSL_CBC_RANDOM_IV
+ /* unless the user explicitly asks to allow the protocol vulnerability, we
+ use the work-around */
+ if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
+ infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n",
+ ssl_cbc_random_iv);
+#else
+ if(ssl_cbc_random_iv)
+ infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n");
+#endif
+
+ if(SSL_CONN_CONFIG(cipher_list)) {
+ if(set_ciphers(data, model, SSL_CONN_CONFIG(cipher_list)) != SECSuccess) {
+ result = CURLE_SSL_CIPHER;
+ goto error;
+ }
+ }
+
+ if(!SSL_CONN_CONFIG(verifypeer) && SSL_CONN_CONFIG(verifyhost))
+ infof(data, "warning: ignoring value of ssl.verifyhost\n");
+
+ /* bypass the default SSL_AuthCertificate() hook in case we do not want to
+ * verify peer */
+ if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, conn) != SECSuccess)
+ goto error;
+
+ /* not checked yet */
+ if(SSL_IS_PROXY())
+ data->set.proxy_ssl.certverifyresult = 0;
+ else
+ data->set.ssl.certverifyresult = 0;
+
+ if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
+ goto error;
+
+ if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
+ goto error;
+
+ {
+ const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
+ if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
+ /* not a fatal error because we are not going to verify the peer */
+ infof(data, "warning: CA certificates failed to load\n");
+ else if(rv) {
+ result = rv;
+ goto error;
+ }
+ }
+
+ if(SSL_SET_OPTION(CRLfile)) {
+ const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile));
+ if(rv) {
+ result = rv;
+ goto error;
+ }
+ infof(data, " CRLfile: %s\n", SSL_SET_OPTION(CRLfile));
+ }
+
+ if(SSL_SET_OPTION(cert)) {
+ char *nickname = dup_nickname(data, SSL_SET_OPTION(cert));
+ if(nickname) {
+ /* we are not going to use libnsspem.so to read the client cert */
+ BACKEND->obj_clicert = NULL;
+ }
+ else {
+ CURLcode rv = cert_stuff(conn, sockindex, SSL_SET_OPTION(cert),
+ SSL_SET_OPTION(key));
+ if(rv) {
+ /* failf() is already done in cert_stuff() */
+ result = rv;
+ goto error;
+ }
+ }
+
+ /* store the nickname for SelectClientCert() called during handshake */
+ BACKEND->client_nickname = nickname;
+ }
+ else
+ BACKEND->client_nickname = NULL;
+
+ if(SSL_GetClientAuthDataHook(model, SelectClientCert,
+ (void *)connssl) != SECSuccess) {
+ result = CURLE_SSL_CERTPROBLEM;
+ goto error;
+ }
+
+ if(conn->proxy_ssl[sockindex].use) {
+ DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
+ DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL);
+ nspr_io = conn->proxy_ssl[sockindex].backend->handle;
+ second_layer = TRUE;
+ }
+ else {
+ /* wrap OS file descriptor by NSPR's file descriptor abstraction */
+ nspr_io = PR_ImportTCPSocket(sockfd);
+ if(!nspr_io)
+ goto error;
+ }
+
+ /* create our own NSPR I/O layer */
+ nspr_io_stub = PR_CreateIOLayerStub(nspr_io_identity, &nspr_io_methods);
+ if(!nspr_io_stub) {
+ if(!second_layer)
+ PR_Close(nspr_io);
+ goto error;
+ }
+
+ /* make the per-connection data accessible from NSPR I/O callbacks */
+ nspr_io_stub->secret = (void *)connssl;
+
+ /* push our new layer to the NSPR I/O stack */
+ if(PR_PushIOLayer(nspr_io, PR_TOP_IO_LAYER, nspr_io_stub) != PR_SUCCESS) {
+ if(!second_layer)
+ PR_Close(nspr_io);
+ PR_Close(nspr_io_stub);
+ goto error;
+ }
+
+ /* import our model socket onto the current I/O stack */
+ BACKEND->handle = SSL_ImportFD(model, nspr_io);
+ if(!BACKEND->handle) {
+ if(!second_layer)
+ PR_Close(nspr_io);
+ goto error;
+ }
+
+ PR_Close(model); /* We don't need this any more */
+ model = NULL;
+
+ /* This is the password associated with the cert that we're using */
+ if(SSL_SET_OPTION(key_passwd)) {
+ SSL_SetPKCS11PinArg(BACKEND->handle, SSL_SET_OPTION(key_passwd));
+ }
+
+#ifdef SSL_ENABLE_OCSP_STAPLING
+ if(SSL_CONN_CONFIG(verifystatus)) {
+ if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_OCSP_STAPLING, PR_TRUE)
+ != SECSuccess)
+ goto error;
+ }
+#endif
+
+#ifdef SSL_ENABLE_NPN
+ if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_NPN, conn->bits.tls_enable_npn
+ ? PR_TRUE : PR_FALSE) != SECSuccess)
+ goto error;
+#endif
+
+#ifdef SSL_ENABLE_ALPN
+ if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_ALPN, conn->bits.tls_enable_alpn
+ ? PR_TRUE : PR_FALSE) != SECSuccess)
+ goto error;
+#endif
+
+#if NSSVERNUM >= 0x030f04 /* 3.15.4 */
+ if(data->set.ssl.falsestart) {
+ if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_FALSE_START, PR_TRUE)
+ != SECSuccess)
+ goto error;
+
+ if(SSL_SetCanFalseStartCallback(BACKEND->handle, CanFalseStartCallback,
+ conn) != SECSuccess)
+ goto error;
+ }
+#endif
+
+#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
+ if(conn->bits.tls_enable_npn || conn->bits.tls_enable_alpn) {
+ int cur = 0;
+ unsigned char protocols[128];
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
+ protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
+ memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN);
+ cur += NGHTTP2_PROTO_VERSION_ID_LEN;
+ }
+#endif
+ protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
+ memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
+ cur += ALPN_HTTP_1_1_LENGTH;
+
+ if(SSL_SetNextProtoNego(BACKEND->handle, protocols, cur) != SECSuccess)
+ goto error;
+ }
+#endif
+
+
+ /* Force handshake on next I/O */
+ if(SSL_ResetHandshake(BACKEND->handle, /* asServer */ PR_FALSE)
+ != SECSuccess)
+ goto error;
+
+ /* propagate hostname to the TLS layer */
+ if(SSL_SetURL(BACKEND->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name) != SECSuccess)
+ goto error;
+
+ /* prevent NSS from re-using the session for a different hostname */
+ if(SSL_SetSockPeerID(BACKEND->handle, SSL_IS_PROXY() ?
+ conn->http_proxy.host.name : conn->host.name)
+ != SECSuccess)
+ goto error;
+
+ return CURLE_OK;
+
+error:
+ if(model)
+ PR_Close(model);
+
+ return nss_fail_connect(connssl, data, result);
+}
+
+static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+ CURLcode result = CURLE_SSL_CONNECT_ERROR;
+ PRUint32 timeout;
+ long * const certverifyresult = SSL_IS_PROXY() ?
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+
+
+ /* check timeout situation */
+ const time_t time_left = Curl_timeleft(data, NULL, TRUE);
+ if(time_left < 0) {
+ failf(data, "timed out before SSL handshake");
+ result = CURLE_OPERATION_TIMEDOUT;
+ goto error;
+ }
+
+ /* Force the handshake now */
+ timeout = PR_MillisecondsToInterval((PRUint32) time_left);
+ if(SSL_ForceHandshakeWithTimeout(BACKEND->handle, timeout) != SECSuccess) {
+ if(PR_GetError() == PR_WOULD_BLOCK_ERROR)
+ /* blocking direction is updated by nss_update_connecting_state() */
+ return CURLE_AGAIN;
+ else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ else if(*certverifyresult != 0)
+ result = CURLE_SSL_CACERT;
+ goto error;
+ }
+
+ result = display_conn_info(conn, BACKEND->handle);
+ if(result)
+ goto error;
+
+ if(SSL_SET_OPTION(issuercert)) {
+ SECStatus ret = SECFailure;
+ char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert));
+ if(nickname) {
+ /* we support only nicknames in case of issuercert for now */
+ ret = check_issuer_cert(BACKEND->handle, nickname);
+ free(nickname);
+ }
+
+ if(SECFailure == ret) {
+ infof(data, "SSL certificate issuer check failed\n");
+ result = CURLE_SSL_ISSUER_ERROR;
+ goto error;
+ }
+ else {
+ infof(data, "SSL certificate issuer check ok\n");
+ }
+ }
+
+ result = cmp_peer_pubkey(connssl, pinnedpubkey);
+ if(result)
+ /* status already printed */
+ goto error;
+
+ return CURLE_OK;
+
+error:
+ return nss_fail_connect(connssl, data, result);
+}
+
+static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
+ bool *done)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+ const bool blocking = (done == NULL);
+ CURLcode result;
+
+ if(connssl->state == ssl_connection_complete) {
+ if(!blocking)
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ if(connssl->connecting_state == ssl_connect_1) {
+ result = nss_setup_connect(conn, sockindex);
+ if(result)
+ /* we do not expect CURLE_AGAIN from nss_setup_connect() */
+ return result;
+
+ connssl->connecting_state = ssl_connect_2;
+ }
+
+ /* enable/disable blocking mode before handshake */
+ result = nss_set_blocking(connssl, data, blocking);
+ if(result)
+ return result;
+
+ result = nss_do_connect(conn, sockindex);
+ switch(result) {
+ case CURLE_OK:
+ break;
+ case CURLE_AGAIN:
+ if(!blocking)
+ /* CURLE_AGAIN in non-blocking mode is not an error */
+ return CURLE_OK;
+ /* fall through */
+ default:
+ return result;
+ }
+
+ if(blocking) {
+ /* in blocking mode, set NSS non-blocking mode _after_ SSL handshake */
+ result = nss_set_blocking(connssl, data, /* blocking */ FALSE);
+ if(result)
+ return result;
+ }
+ else
+ /* signal completed SSL handshake */
+ *done = TRUE;
+
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = nss_recv;
+ conn->send[sockindex] = nss_send;
+
+ /* ssl_connect_done is never used outside, go back to the initial state */
+ connssl->connecting_state = ssl_connect_1;
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+{
+ return nss_connect_common(conn, sockindex, /* blocking */ NULL);
+}
+
+static CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ return nss_connect_common(conn, sockindex, done);
+}
+
+static ssize_t nss_send(struct connectdata *conn, /* connection data */
+ int sockindex, /* socketindex */
+ const void *mem, /* send this data */
+ size_t len, /* amount to write */
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ ssize_t rc;
+
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
+ handle stored in nss_setup_connect() could have already been freed. */
+ BACKEND->data = conn->data;
+
+ rc = PR_Send(BACKEND->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT);
+ if(rc < 0) {
+ PRInt32 err = PR_GetError();
+ if(err == PR_WOULD_BLOCK_ERROR)
+ *curlcode = CURLE_AGAIN;
+ else {
+ /* print the error number and error string */
+ const char *err_name = nss_error_to_name(err);
+ infof(conn->data, "SSL write: error %d (%s)\n", err, err_name);
+
+ /* print a human-readable message describing the error if available */
+ nss_print_error_message(conn->data, err);
+
+ *curlcode = (is_cc_error(err))
+ ? CURLE_SSL_CERTPROBLEM
+ : CURLE_SEND_ERROR;
+ }
+
+ return -1;
+ }
+
+ return rc; /* number of bytes */
+}
+
+static ssize_t nss_recv(struct connectdata *conn, /* connection data */
+ int sockindex, /* socketindex */
+ char *buf, /* store read data here */
+ size_t buffersize, /* max amount to read */
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ ssize_t nread;
+
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
+ handle stored in nss_setup_connect() could have already been freed. */
+ BACKEND->data = conn->data;
+
+ nread = PR_Recv(BACKEND->handle, buf, (int)buffersize, 0,
+ PR_INTERVAL_NO_WAIT);
+ if(nread < 0) {
+ /* failed SSL read */
+ PRInt32 err = PR_GetError();
+
+ if(err == PR_WOULD_BLOCK_ERROR)
+ *curlcode = CURLE_AGAIN;
+ else {
+ /* print the error number and error string */
+ const char *err_name = nss_error_to_name(err);
+ infof(conn->data, "SSL read: errno %d (%s)\n", err, err_name);
+
+ /* print a human-readable message describing the error if available */
+ nss_print_error_message(conn->data, err);
+
+ *curlcode = (is_cc_error(err))
+ ? CURLE_SSL_CERTPROBLEM
+ : CURLE_RECV_ERROR;
+ }
+
+ return -1;
+ }
+
+ return nread;
+}
+
+static size_t Curl_nss_version(char *buffer, size_t size)
+{
+ return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
+}
+
+/* data might be NULL */
+static int Curl_nss_seed(struct Curl_easy *data)
+{
+ /* make sure that NSS is initialized */
+ return !!Curl_nss_force_init(data);
+}
+
+/* data might be NULL */
+static CURLcode Curl_nss_random(struct Curl_easy *data,
+ unsigned char *entropy,
+ size_t length)
+{
+ Curl_nss_seed(data); /* Initiate the seed if not already done */
+
+ if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
+ /* signal a failure */
+ return CURLE_FAILED_INIT;
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_nss_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
+{
+ PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
+ unsigned int MD5out;
+
+ PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen));
+ PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len));
+ PK11_DestroyContext(MD5pw, PR_TRUE);
+
+ return CURLE_OK;
+}
+
+static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
+{
+ PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256);
+ unsigned int SHA256out;
+
+ PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen));
+ PK11_DigestFinal(SHA256pw, sha256sum, &SHA256out, curlx_uztoui(sha256len));
+ PK11_DestroyContext(SHA256pw, PR_TRUE);
+}
+
+static bool Curl_nss_cert_status_request(void)
+{
+#ifdef SSL_ENABLE_OCSP_STAPLING
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}
+
+static bool Curl_nss_false_start(void)
+{
+#if NSSVERNUM >= 0x030f04 /* 3.15.4 */
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}
+
+static void *Curl_nss_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return BACKEND->handle;
+}
+
+const struct Curl_ssl Curl_ssl_nss = {
+ { CURLSSLBACKEND_NSS, "nss" }, /* info */
+
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ 1, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_nss_init, /* init */
+ Curl_nss_cleanup, /* cleanup */
+ Curl_nss_version, /* version */
+ Curl_nss_check_cxn, /* check_cxn */
+ /* NSS has no shutdown function provided and thus always fail */
+ Curl_none_shutdown, /* shutdown */
+ Curl_none_data_pending, /* data_pending */
+ Curl_nss_random, /* random */
+ Curl_nss_cert_status_request, /* cert_status_request */
+ Curl_nss_connect, /* connect */
+ Curl_nss_connect_nonblocking, /* connect_nonblocking */
+ Curl_nss_get_internals, /* get_internals */
+ Curl_nss_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ /* NSS has its own session ID cache */
+ Curl_none_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_nss_false_start, /* false_start */
+ Curl_nss_md5sum, /* md5sum */
+ Curl_nss_sha256sum /* sha256sum */
+};
+
+#endif /* USE_NSS */
diff --git a/libs/libcurl/src/vtls/nssg.h b/libs/libcurl/src/vtls/nssg.h
new file mode 100644
index 0000000000..41e51b021d
--- /dev/null
+++ b/libs/libcurl/src/vtls/nssg.h
@@ -0,0 +1,39 @@
+#ifndef HEADER_CURL_NSSG_H
+#define HEADER_CURL_NSSG_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_NSS
+/*
+ * This header should only be needed to get included by vtls.c and nss.c
+ */
+
+#include "urldata.h"
+
+/* initialize NSS library if not already */
+CURLcode Curl_nss_force_init(struct Curl_easy *data);
+
+extern const struct Curl_ssl Curl_ssl_nss;
+
+#endif /* USE_NSS */
+#endif /* HEADER_CURL_NSSG_H */
diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c
new file mode 100644
index 0000000000..7b04edfd6b
--- /dev/null
+++ b/libs/libcurl/src/vtls/openssl.c
@@ -0,0 +1,3661 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ */
+
+/*
+ * The original SSLeay-using code for curl was written by Linas Vepstas and
+ * Sampo Kellomaki 1998.
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_OPENSSL
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "formdata.h" /* for the boundary function */
+#include "url.h" /* for the ssl config check function */
+#include "inet_pton.h"
+#include "openssl.h"
+#include "connect.h"
+#include "slist.h"
+#include "select.h"
+#include "vtls.h"
+#include "strcase.h"
+#include "hostcheck.h"
+#include "curl_printf.h"
+#include <openssl/ssl.h>
+#ifdef HAVE_OPENSSL_ENGINE_H
+#include <openssl/engine.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include <openssl/md5.h>
+#include <openssl/conf.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/bio.h>
+#include <openssl/buffer.h>
+
+#ifndef OPENSSL_IS_BORINGSSL
+/* BoringSSL does not support PKCS12 */
+#define HAVE_PKCS12_SUPPORT 1
+#include <openssl/pkcs12.h>
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
+#include <openssl/ocsp.h>
+#endif
+
+#include "warnless.h"
+#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+#ifndef OPENSSL_VERSION_NUMBER
+#error "OPENSSL_VERSION_NUMBER not defined"
+#endif
+
+#if defined(HAVE_OPENSSL_ENGINE_H)
+#include <openssl/ui.h>
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+#define SSL_METHOD_QUAL const
+#else
+#define SSL_METHOD_QUAL
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#define HAVE_ERR_REMOVE_THREAD_STATE 1
+#endif
+
+#if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
+ OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
+#undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
+#define OPENSSL_NO_SSL2
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
+ !defined(LIBRESSL_VERSION_NUMBER)
+#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
+#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
+#define CONST_EXTS const
+#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
+#else
+/* For OpenSSL before 1.1.0 */
+#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
+#define X509_get0_notBefore(x) X509_get_notBefore(x)
+#define X509_get0_notAfter(x) X509_get_notAfter(x)
+#define CONST_EXTS /* nope */
+#ifdef LIBRESSL_VERSION_NUMBER
+static unsigned long OpenSSL_version_num(void)
+{
+ return LIBRESSL_VERSION_NUMBER;
+}
+#else
+#define OpenSSL_version_num() SSLeay()
+#endif
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
+ !defined(LIBRESSL_VERSION_NUMBER)
+#define HAVE_X509_GET0_SIGNATURE 1
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
+ OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
+ !defined(OPENSSL_NO_COMP)
+#define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
+#endif
+
+#if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
+/* not present in older OpenSSL */
+#define OPENSSL_load_builtin_modules(x)
+#endif
+
+/*
+ * Whether SSL_CTX_set_keylog_callback is available.
+ * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
+ * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
+ * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
+ * lies and pretends to be OpenSSL 2.0.0).
+ */
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
+ !defined(LIBRESSL_VERSION_NUMBER)) || \
+ defined(OPENSSL_IS_BORINGSSL)
+#define HAVE_KEYLOG_CALLBACK
+#endif
+
+#if defined(LIBRESSL_VERSION_NUMBER)
+#define OSSL_PACKAGE "LibreSSL"
+#elif defined(OPENSSL_IS_BORINGSSL)
+#define OSSL_PACKAGE "BoringSSL"
+#else
+#define OSSL_PACKAGE "OpenSSL"
+#endif
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+/* up2date versions of OpenSSL maintain the default reasonably secure without
+ * breaking compatibility, so it is better not to override the default by curl
+ */
+#define DEFAULT_CIPHER_SELECTION NULL
+#else
+/* ... but it is not the case with old versions of OpenSSL */
+#define DEFAULT_CIPHER_SELECTION \
+ "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
+#endif
+
+#ifdef ENABLE_SSLKEYLOGFILE
+typedef struct ssl_tap_state {
+ int master_key_length;
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+} ssl_tap_state_t;
+#endif /* ENABLE_SSLKEYLOGFILE */
+
+struct ssl_backend_data {
+ /* these ones requires specific SSL-types */
+ SSL_CTX* ctx;
+ SSL* handle;
+ X509* server_cert;
+#ifdef ENABLE_SSLKEYLOGFILE
+ /* tap_state holds the last seen master key if we're logging them */
+ ssl_tap_state_t tap_state;
+#endif
+};
+
+#define BACKEND connssl->backend
+
+/*
+ * Number of bytes to read from the random number seed file. This must be
+ * a finite value (because some entropy "files" like /dev/urandom have
+ * an infinite length), but must be large enough to provide enough
+ * entropy to properly seed OpenSSL's PRNG.
+ */
+#define RAND_LOAD_LENGTH 1024
+
+#ifdef ENABLE_SSLKEYLOGFILE
+/* The fp for the open SSLKEYLOGFILE, or NULL if not open */
+static FILE *keylog_file_fp;
+
+#ifdef HAVE_KEYLOG_CALLBACK
+static void ossl_keylog_callback(const SSL *ssl, const char *line)
+{
+ (void)ssl;
+
+ /* Using fputs here instead of fprintf since libcurl's fprintf replacement
+ may not be thread-safe. */
+ if(keylog_file_fp && line && *line) {
+ char stackbuf[256];
+ char *buf;
+ size_t linelen = strlen(line);
+
+ if(linelen <= sizeof(stackbuf) - 2)
+ buf = stackbuf;
+ else {
+ buf = malloc(linelen + 2);
+ if(!buf)
+ return;
+ }
+ strncpy(buf, line, linelen);
+ buf[linelen] = '\n';
+ buf[linelen + 1] = '\0';
+
+ fputs(buf, keylog_file_fp);
+ if(buf != stackbuf)
+ free(buf);
+ }
+}
+#else
+#define KEYLOG_PREFIX "CLIENT_RANDOM "
+#define KEYLOG_PREFIX_LEN (sizeof(KEYLOG_PREFIX) - 1)
+/*
+ * tap_ssl_key is called by libcurl to make the CLIENT_RANDOMs if the OpenSSL
+ * being used doesn't have native support for doing that.
+ */
+static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state)
+{
+ const char *hex = "0123456789ABCDEF";
+ int pos, i;
+ char line[KEYLOG_PREFIX_LEN + 2 * SSL3_RANDOM_SIZE + 1 +
+ 2 * SSL_MAX_MASTER_KEY_LENGTH + 1 + 1];
+ const SSL_SESSION *session = SSL_get_session(ssl);
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ int master_key_length = 0;
+
+ if(!session || !keylog_file_fp)
+ return;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
+ * we have a valid SSL context if we have a non-NULL session. */
+ SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
+ master_key_length =
+ SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
+#else
+ if(ssl->s3 && session->master_key_length > 0) {
+ master_key_length = session->master_key_length;
+ memcpy(master_key, session->master_key, session->master_key_length);
+ memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
+ }
+#endif
+
+ if(master_key_length <= 0)
+ return;
+
+ /* Skip writing keys if there is no key or it did not change. */
+ if(state->master_key_length == master_key_length &&
+ !memcmp(state->master_key, master_key, master_key_length) &&
+ !memcmp(state->client_random, client_random, SSL3_RANDOM_SIZE)) {
+ return;
+ }
+
+ state->master_key_length = master_key_length;
+ memcpy(state->master_key, master_key, master_key_length);
+ memcpy(state->client_random, client_random, SSL3_RANDOM_SIZE);
+
+ memcpy(line, KEYLOG_PREFIX, KEYLOG_PREFIX_LEN);
+ pos = KEYLOG_PREFIX_LEN;
+
+ /* Client Random for SSLv3/TLS */
+ for(i = 0; i < SSL3_RANDOM_SIZE; i++) {
+ line[pos++] = hex[client_random[i] >> 4];
+ line[pos++] = hex[client_random[i] & 0xF];
+ }
+ line[pos++] = ' ';
+
+ /* Master Secret (size is at most SSL_MAX_MASTER_KEY_LENGTH) */
+ for(i = 0; i < master_key_length; i++) {
+ line[pos++] = hex[master_key[i] >> 4];
+ line[pos++] = hex[master_key[i] & 0xF];
+ }
+ line[pos++] = '\n';
+ line[pos] = '\0';
+
+ /* Using fputs here instead of fprintf since libcurl's fprintf replacement
+ may not be thread-safe. */
+ fputs(line, keylog_file_fp);
+}
+#endif /* !HAVE_KEYLOG_CALLBACK */
+#endif /* ENABLE_SSLKEYLOGFILE */
+
+static const char *SSL_ERROR_to_str(int err)
+{
+ switch(err) {
+ case SSL_ERROR_NONE:
+ return "SSL_ERROR_NONE";
+ case SSL_ERROR_SSL:
+ return "SSL_ERROR_SSL";
+ case SSL_ERROR_WANT_READ:
+ return "SSL_ERROR_WANT_READ";
+ case SSL_ERROR_WANT_WRITE:
+ return "SSL_ERROR_WANT_WRITE";
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ return "SSL_ERROR_WANT_X509_LOOKUP";
+ case SSL_ERROR_SYSCALL:
+ return "SSL_ERROR_SYSCALL";
+ case SSL_ERROR_ZERO_RETURN:
+ return "SSL_ERROR_ZERO_RETURN";
+ case SSL_ERROR_WANT_CONNECT:
+ return "SSL_ERROR_WANT_CONNECT";
+ case SSL_ERROR_WANT_ACCEPT:
+ return "SSL_ERROR_WANT_ACCEPT";
+#if defined(SSL_ERROR_WANT_ASYNC)
+ case SSL_ERROR_WANT_ASYNC:
+ return "SSL_ERROR_WANT_ASYNC";
+#endif
+#if defined(SSL_ERROR_WANT_ASYNC_JOB)
+ case SSL_ERROR_WANT_ASYNC_JOB:
+ return "SSL_ERROR_WANT_ASYNC_JOB";
+#endif
+#if defined(SSL_ERROR_WANT_EARLY)
+ case SSL_ERROR_WANT_EARLY:
+ return "SSL_ERROR_WANT_EARLY";
+#endif
+ default:
+ return "SSL_ERROR unknown";
+ }
+}
+
+/* Return error string for last OpenSSL error
+ */
+static char *ossl_strerror(unsigned long error, char *buf, size_t size)
+{
+ ERR_error_string_n(error, buf, size);
+ return buf;
+}
+
+static int passwd_callback(char *buf, int num, int encrypting,
+ void *global_passwd)
+{
+ DEBUGASSERT(0 == encrypting);
+
+ if(!encrypting) {
+ int klen = curlx_uztosi(strlen((char *)global_passwd));
+ if(num > klen) {
+ memcpy(buf, global_passwd, klen + 1);
+ return klen;
+ }
+ }
+ return 0;
+}
+
+/*
+ * rand_enough() returns TRUE if we have seeded the random engine properly.
+ */
+static bool rand_enough(void)
+{
+ return (0 != RAND_status()) ? TRUE : FALSE;
+}
+
+static CURLcode Curl_ossl_seed(struct Curl_easy *data)
+{
+ /* we have the "SSL is seeded" boolean static to prevent multiple
+ time-consuming seedings in vain */
+ static bool ssl_seeded = FALSE;
+ char fname[256];
+
+ if(ssl_seeded)
+ return CURLE_OK;
+
+ if(rand_enough()) {
+ /* OpenSSL 1.1.0+ will return here */
+ ssl_seeded = TRUE;
+ return CURLE_OK;
+ }
+
+#ifndef RANDOM_FILE
+ /* if RANDOM_FILE isn't defined, we only perform this if an option tells
+ us to! */
+ if(data->set.str[STRING_SSL_RANDOM_FILE])
+#define RANDOM_FILE "" /* doesn't matter won't be used */
+#endif
+ {
+ /* let the option override the define */
+ RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
+ data->set.str[STRING_SSL_RANDOM_FILE]:
+ RANDOM_FILE),
+ RAND_LOAD_LENGTH);
+ if(rand_enough())
+ return CURLE_OK;
+ }
+
+#if defined(HAVE_RAND_EGD)
+ /* only available in OpenSSL 0.9.5 and later */
+ /* EGD_SOCKET is set at configure time or not at all */
+#ifndef EGD_SOCKET
+ /* If we don't have the define set, we only do this if the egd-option
+ is set */
+ if(data->set.str[STRING_SSL_EGDSOCKET])
+#define EGD_SOCKET "" /* doesn't matter won't be used */
+#endif
+ {
+ /* If there's an option and a define, the option overrides the
+ define */
+ int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
+ data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
+ if(-1 != ret) {
+ if(rand_enough())
+ return CURLE_OK;
+ }
+ }
+#endif
+
+ /* fallback to a custom seeding of the PRNG using a hash based on a current
+ time */
+ do {
+ unsigned char randb[64];
+ size_t len = sizeof(randb);
+ size_t i, i_max;
+ for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
+ struct curltime tv = Curl_now();
+ Curl_wait_ms(1);
+ tv.tv_sec *= i + 1;
+ tv.tv_usec *= (unsigned int)i + 2;
+ tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
+ (i + 3)) << 8;
+ tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
+ Curl_now().tv_usec) *
+ (i + 4)) << 16;
+ memcpy(&randb[i * sizeof(struct curltime)], &tv,
+ sizeof(struct curltime));
+ }
+ RAND_add(randb, (int)len, (double)len/2);
+ } while(!rand_enough());
+
+ /* generates a default path for the random seed file */
+ fname[0] = 0; /* blank it first */
+ RAND_file_name(fname, sizeof(fname));
+ if(fname[0]) {
+ /* we got a file name to try */
+ RAND_load_file(fname, RAND_LOAD_LENGTH);
+ if(rand_enough())
+ return CURLE_OK;
+ }
+
+ infof(data, "libcurl is now using a weak random seed!\n");
+ return (rand_enough() ? CURLE_OK :
+ CURLE_SSL_CONNECT_ERROR /* confusing error code */);
+}
+
+#ifndef SSL_FILETYPE_ENGINE
+#define SSL_FILETYPE_ENGINE 42
+#endif
+#ifndef SSL_FILETYPE_PKCS12
+#define SSL_FILETYPE_PKCS12 43
+#endif
+static int do_file_type(const char *type)
+{
+ if(!type || !type[0])
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "PEM"))
+ return SSL_FILETYPE_PEM;
+ if(strcasecompare(type, "DER"))
+ return SSL_FILETYPE_ASN1;
+ if(strcasecompare(type, "ENG"))
+ return SSL_FILETYPE_ENGINE;
+ if(strcasecompare(type, "P12"))
+ return SSL_FILETYPE_PKCS12;
+ return -1;
+}
+
+#if defined(HAVE_OPENSSL_ENGINE_H)
+/*
+ * Supply default password to the engine user interface conversation.
+ * The password is passed by OpenSSL engine from ENGINE_load_private_key()
+ * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
+ */
+static int ssl_ui_reader(UI *ui, UI_STRING *uis)
+{
+ const char *password;
+ switch(UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ password = (const char *)UI_get0_user_data(ui);
+ if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ default:
+ break;
+ }
+ return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
+}
+
+/*
+ * Suppress interactive request for a default password if available.
+ */
+static int ssl_ui_writer(UI *ui, UI_STRING *uis)
+{
+ switch(UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ if(UI_get0_user_data(ui) &&
+ (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
+ return 1;
+ }
+ default:
+ break;
+ }
+ return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
+}
+#endif
+
+static
+int cert_stuff(struct connectdata *conn,
+ SSL_CTX* ctx,
+ char *cert_file,
+ const char *cert_type,
+ char *key_file,
+ const char *key_type,
+ char *key_passwd)
+{
+ struct Curl_easy *data = conn->data;
+ char error_buffer[256];
+ bool check_privkey = TRUE;
+
+ int file_type = do_file_type(cert_type);
+
+ if(cert_file || (file_type == SSL_FILETYPE_ENGINE)) {
+ SSL *ssl;
+ X509 *x509;
+ int cert_done = 0;
+
+ if(key_passwd) {
+ /* set the password in the callback userdata */
+ SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
+ /* Set passwd callback: */
+ SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
+ }
+
+
+ switch(file_type) {
+ case SSL_FILETYPE_PEM:
+ /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
+ if(SSL_CTX_use_certificate_chain_file(ctx,
+ cert_file) != 1) {
+ failf(data,
+ "could not load PEM client certificate, " OSSL_PACKAGE
+ " error %s, "
+ "(no key found, wrong pass phrase, or wrong file format?)",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ return 0;
+ }
+ break;
+
+ case SSL_FILETYPE_ASN1:
+ /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
+ we use the case above for PEM so this can only be performed with
+ ASN1 files. */
+ if(SSL_CTX_use_certificate_file(ctx,
+ cert_file,
+ file_type) != 1) {
+ failf(data,
+ "could not load ASN1 client certificate, " OSSL_PACKAGE
+ " error %s, "
+ "(no key found, wrong pass phrase, or wrong file format?)",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ return 0;
+ }
+ break;
+ case SSL_FILETYPE_ENGINE:
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
+ {
+ if(data->state.engine) {
+ const char *cmd_name = "LOAD_CERT_CTRL";
+ struct {
+ const char *cert_id;
+ X509 *cert;
+ } params;
+
+ params.cert_id = cert_file;
+ params.cert = NULL;
+
+ /* Does the engine supports LOAD_CERT_CTRL ? */
+ if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
+ 0, (void *)cmd_name, NULL)) {
+ failf(data, "ssl engine does not support loading certificates");
+ return 0;
+ }
+
+ /* Load the certificate from the engine */
+ if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
+ 0, &params, NULL, 1)) {
+ failf(data, "ssl engine cannot load client cert with id"
+ " '%s' [%s]", cert_file,
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)));
+ return 0;
+ }
+
+ if(!params.cert) {
+ failf(data, "ssl engine didn't initialized the certificate "
+ "properly.");
+ return 0;
+ }
+
+ if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
+ failf(data, "unable to set client certificate");
+ X509_free(params.cert);
+ return 0;
+ }
+ X509_free(params.cert); /* we don't need the handle any more... */
+ }
+ else {
+ failf(data, "crypto engine not set, can't load certificate");
+ return 0;
+ }
+ }
+ break;
+#else
+ failf(data, "file type ENG for certificate not implemented");
+ return 0;
+#endif
+
+ case SSL_FILETYPE_PKCS12:
+ {
+#ifdef HAVE_PKCS12_SUPPORT
+ FILE *f;
+ PKCS12 *p12;
+ EVP_PKEY *pri;
+ STACK_OF(X509) *ca = NULL;
+
+ f = fopen(cert_file, "rb");
+ if(!f) {
+ failf(data, "could not open PKCS12 file '%s'", cert_file);
+ return 0;
+ }
+ p12 = d2i_PKCS12_fp(f, NULL);
+ fclose(f);
+
+ if(!p12) {
+ failf(data, "error reading PKCS12 file '%s'", cert_file);
+ return 0;
+ }
+
+ PKCS12_PBE_add();
+
+ if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
+ &ca)) {
+ failf(data,
+ "could not parse PKCS12 file, check password, " OSSL_PACKAGE
+ " error %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ PKCS12_free(p12);
+ return 0;
+ }
+
+ PKCS12_free(p12);
+
+ if(SSL_CTX_use_certificate(ctx, x509) != 1) {
+ failf(data,
+ "could not load PKCS12 client certificate, " OSSL_PACKAGE
+ " error %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ goto fail;
+ }
+
+ if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
+ failf(data, "unable to use private key from PKCS12 file '%s'",
+ cert_file);
+ goto fail;
+ }
+
+ if(!SSL_CTX_check_private_key (ctx)) {
+ failf(data, "private key from PKCS12 file '%s' "
+ "does not match certificate in same file", cert_file);
+ goto fail;
+ }
+ /* Set Certificate Verification chain */
+ if(ca) {
+ while(sk_X509_num(ca)) {
+ /*
+ * Note that sk_X509_pop() is used below to make sure the cert is
+ * removed from the stack properly before getting passed to
+ * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
+ * we used sk_X509_value() instead, but then we'd clean it in the
+ * subsequent sk_X509_pop_free() call.
+ */
+ X509 *x = sk_X509_pop(ca);
+ if(!SSL_CTX_add_client_CA(ctx, x)) {
+ X509_free(x);
+ failf(data, "cannot add certificate to client CA list");
+ goto fail;
+ }
+ if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
+ X509_free(x);
+ failf(data, "cannot add certificate to certificate chain");
+ goto fail;
+ }
+ }
+ }
+
+ cert_done = 1;
+ fail:
+ EVP_PKEY_free(pri);
+ X509_free(x509);
+ sk_X509_pop_free(ca, X509_free);
+
+ if(!cert_done)
+ return 0; /* failure! */
+ break;
+#else
+ failf(data, "file type P12 for certificate not supported");
+ return 0;
+#endif
+ }
+ default:
+ failf(data, "not supported file type '%s' for certificate", cert_type);
+ return 0;
+ }
+
+ file_type = do_file_type(key_type);
+
+ switch(file_type) {
+ case SSL_FILETYPE_PEM:
+ if(cert_done)
+ break;
+ if(!key_file)
+ /* cert & key can only be in PEM case in the same file */
+ key_file = cert_file;
+ /* FALLTHROUGH */
+ case SSL_FILETYPE_ASN1:
+ if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
+ failf(data, "unable to set private key file: '%s' type %s",
+ key_file, key_type?key_type:"PEM");
+ return 0;
+ }
+ break;
+ case SSL_FILETYPE_ENGINE:
+#ifdef HAVE_OPENSSL_ENGINE_H
+ { /* XXXX still needs some work */
+ EVP_PKEY *priv_key = NULL;
+ if(data->state.engine) {
+ UI_METHOD *ui_method =
+ UI_create_method((char *)"curl user interface");
+ if(!ui_method) {
+ failf(data, "unable do create " OSSL_PACKAGE
+ " user-interface method");
+ return 0;
+ }
+ UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
+ UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
+ UI_method_set_reader(ui_method, ssl_ui_reader);
+ UI_method_set_writer(ui_method, ssl_ui_writer);
+ /* the typecast below was added to please mingw32 */
+ priv_key = (EVP_PKEY *)
+ ENGINE_load_private_key(data->state.engine, key_file,
+ ui_method,
+ key_passwd);
+ UI_destroy_method(ui_method);
+ if(!priv_key) {
+ failf(data, "failed to load private key from crypto engine");
+ return 0;
+ }
+ if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
+ failf(data, "unable to set private key");
+ EVP_PKEY_free(priv_key);
+ return 0;
+ }
+ EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
+ }
+ else {
+ failf(data, "crypto engine not set, can't load private key");
+ return 0;
+ }
+ }
+ break;
+#else
+ failf(data, "file type ENG for private key not supported");
+ return 0;
+#endif
+ case SSL_FILETYPE_PKCS12:
+ if(!cert_done) {
+ failf(data, "file type P12 for private key not supported");
+ return 0;
+ }
+ break;
+ default:
+ failf(data, "not supported file type for private key");
+ return 0;
+ }
+
+ ssl = SSL_new(ctx);
+ if(!ssl) {
+ failf(data, "unable to create an SSL structure");
+ return 0;
+ }
+
+ x509 = SSL_get_certificate(ssl);
+
+ /* This version was provided by Evan Jordan and is supposed to not
+ leak memory as the previous version: */
+ if(x509) {
+ EVP_PKEY *pktmp = X509_get_pubkey(x509);
+ EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
+ EVP_PKEY_free(pktmp);
+ }
+
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL)
+ {
+ /* If RSA is used, don't check the private key if its flags indicate
+ * it doesn't support it. */
+ EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
+ int pktype;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ pktype = EVP_PKEY_id(priv_key);
+#else
+ pktype = priv_key->type;
+#endif
+ if(pktype == EVP_PKEY_RSA) {
+ RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
+ if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
+ check_privkey = FALSE;
+ RSA_free(rsa); /* Decrement reference count */
+ }
+ }
+#endif
+
+ SSL_free(ssl);
+
+ /* If we are using DSA, we can copy the parameters from
+ * the private key */
+
+ if(check_privkey == TRUE) {
+ /* Now we know that a key and cert have been set against
+ * the SSL context */
+ if(!SSL_CTX_check_private_key(ctx)) {
+ failf(data, "Private key does not match the certificate public key");
+ return 0;
+ }
+ }
+ }
+ return 1;
+}
+
+/* returns non-zero on failure */
+static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
+{
+#if 0
+ return X509_NAME_oneline(a, buf, size);
+#else
+ BIO *bio_out = BIO_new(BIO_s_mem());
+ BUF_MEM *biomem;
+ int rc;
+
+ if(!bio_out)
+ return 1; /* alloc failed! */
+
+ rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
+ BIO_get_mem_ptr(bio_out, &biomem);
+
+ if((size_t)biomem->length < size)
+ size = biomem->length;
+ else
+ size--; /* don't overwrite the buffer end */
+
+ memcpy(buf, biomem->data, size);
+ buf[size] = 0;
+
+ BIO_free(bio_out);
+
+ return !rc;
+#endif
+}
+
+/**
+ * Global SSL init
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
+ */
+static int Curl_ossl_init(void)
+{
+#ifdef ENABLE_SSLKEYLOGFILE
+ const char *keylog_file_name;
+#endif
+
+ OPENSSL_load_builtin_modules();
+
+#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+ ENGINE_load_builtin_engines();
+#endif
+
+ /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
+ that function makes an exit() call on wrongly formatted config files
+ which makes it hard to use in some situations. OPENSSL_config() itself
+ calls CONF_modules_load_file() and we use that instead and we ignore
+ its return code! */
+
+ /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and
+ 0.9.8e */
+#ifndef CONF_MFLAGS_DEFAULT_SECTION
+#define CONF_MFLAGS_DEFAULT_SECTION 0x0
+#endif
+
+ CONF_modules_load_file(NULL, NULL,
+ CONF_MFLAGS_DEFAULT_SECTION|
+ CONF_MFLAGS_IGNORE_MISSING_FILE);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+ !defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL 1.1.0+ takes care of initialization itself */
+#else
+ /* Lets get nice error messages */
+ SSL_load_error_strings();
+
+ /* Init the global ciphers and digests */
+ if(!SSLeay_add_ssl_algorithms())
+ return 0;
+
+ OpenSSL_add_all_algorithms();
+#endif
+
+#ifdef ENABLE_SSLKEYLOGFILE
+ keylog_file_name = curl_getenv("SSLKEYLOGFILE");
+ if(keylog_file_name && !keylog_file_fp) {
+ keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
+ if(keylog_file_fp) {
+ if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) {
+ fclose(keylog_file_fp);
+ keylog_file_fp = NULL;
+ }
+ }
+ }
+#endif
+
+ return 1;
+}
+
+/* Global cleanup */
+static void Curl_ossl_cleanup(void)
+{
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+ !defined(LIBRESSL_VERSION_NUMBER)
+ /* OpenSSL 1.1 deprecates all these cleanup functions and
+ turns them into no-ops in OpenSSL 1.0 compatibility mode */
+#else
+ /* Free ciphers and digests lists */
+ EVP_cleanup();
+
+#ifdef HAVE_ENGINE_CLEANUP
+ /* Free engine list */
+ ENGINE_cleanup();
+#endif
+
+ /* Free OpenSSL error strings */
+ ERR_free_strings();
+
+ /* Free thread local error state, destroying hash upon zero refcount */
+#ifdef HAVE_ERR_REMOVE_THREAD_STATE
+ ERR_remove_thread_state(NULL);
+#else
+ ERR_remove_state(0);
+#endif
+
+ /* Free all memory allocated by all configuration modules */
+ CONF_modules_free();
+
+#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
+ SSL_COMP_free_compression_methods();
+#endif
+#endif
+
+#ifdef ENABLE_SSLKEYLOGFILE
+ if(keylog_file_fp) {
+ fclose(keylog_file_fp);
+ keylog_file_fp = NULL;
+ }
+#endif
+}
+
+/*
+ * This function is used to determine connection status.
+ *
+ * Return codes:
+ * 1 means the connection is still in place
+ * 0 means the connection has been closed
+ * -1 means the connection status is unknown
+ */
+static int Curl_ossl_check_cxn(struct connectdata *conn)
+{
+ /* SSL_peek takes data out of the raw recv buffer without peeking so we use
+ recv MSG_PEEK instead. Bug #795 */
+#ifdef MSG_PEEK
+ char buf;
+ ssize_t nread;
+ nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
+ (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK);
+ if(nread == 0)
+ return 0; /* connection has been closed */
+ if(nread == 1)
+ return 1; /* connection still in place */
+ else if(nread == -1) {
+ int err = SOCKERRNO;
+ if(err == EINPROGRESS ||
+#if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
+ err == EAGAIN ||
+#endif
+ err == EWOULDBLOCK)
+ return 1; /* connection still in place */
+ if(err == ECONNRESET ||
+#ifdef ECONNABORTED
+ err == ECONNABORTED ||
+#endif
+#ifdef ENETDOWN
+ err == ENETDOWN ||
+#endif
+#ifdef ENETRESET
+ err == ENETRESET ||
+#endif
+#ifdef ESHUTDOWN
+ err == ESHUTDOWN ||
+#endif
+#ifdef ETIMEDOUT
+ err == ETIMEDOUT ||
+#endif
+ err == ENOTCONN)
+ return 0; /* connection has been closed */
+ }
+#endif
+ return -1; /* connection status unknown */
+}
+
+/* Selects an OpenSSL crypto engine
+ */
+static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
+ const char *engine)
+{
+#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+ ENGINE *e;
+
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+ e = ENGINE_by_id(engine);
+#else
+ /* avoid memory leak */
+ for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
+ const char *e_id = ENGINE_get_id(e);
+ if(!strcmp(engine, e_id))
+ break;
+ }
+#endif
+
+ if(!e) {
+ failf(data, "SSL Engine '%s' not found", engine);
+ return CURLE_SSL_ENGINE_NOTFOUND;
+ }
+
+ if(data->state.engine) {
+ ENGINE_finish(data->state.engine);
+ ENGINE_free(data->state.engine);
+ data->state.engine = NULL;
+ }
+ if(!ENGINE_init(e)) {
+ char buf[256];
+
+ ENGINE_free(e);
+ failf(data, "Failed to initialise SSL Engine '%s':\n%s",
+ engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
+ return CURLE_SSL_ENGINE_INITFAILED;
+ }
+ data->state.engine = e;
+ return CURLE_OK;
+#else
+ (void)engine;
+ failf(data, "SSL Engine not supported");
+ return CURLE_SSL_ENGINE_NOTFOUND;
+#endif
+}
+
+/* Sets engine as default for all SSL operations
+ */
+static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
+{
+#ifdef HAVE_OPENSSL_ENGINE_H
+ if(data->state.engine) {
+ if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
+ infof(data, "set default crypto engine '%s'\n",
+ ENGINE_get_id(data->state.engine));
+ }
+ else {
+ failf(data, "set default crypto engine '%s' failed",
+ ENGINE_get_id(data->state.engine));
+ return CURLE_SSL_ENGINE_SETFAILED;
+ }
+ }
+#else
+ (void) data;
+#endif
+ return CURLE_OK;
+}
+
+/* Return list of OpenSSL crypto engine names.
+ */
+static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
+{
+ struct curl_slist *list = NULL;
+#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+ struct curl_slist *beg;
+ ENGINE *e;
+
+ for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
+ beg = curl_slist_append(list, ENGINE_get_id(e));
+ if(!beg) {
+ curl_slist_free_all(list);
+ return NULL;
+ }
+ list = beg;
+ }
+#endif
+ (void) data;
+ return list;
+}
+
+
+static void ossl_close(struct ssl_connect_data *connssl)
+{
+ if(BACKEND->handle) {
+ (void)SSL_shutdown(BACKEND->handle);
+ SSL_set_connect_state(BACKEND->handle);
+
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = NULL;
+ }
+ if(BACKEND->ctx) {
+ SSL_CTX_free(BACKEND->ctx);
+ BACKEND->ctx = NULL;
+ }
+}
+
+/*
+ * This function is called when an SSL connection is closed.
+ */
+static void Curl_ossl_close(struct connectdata *conn, int sockindex)
+{
+ ossl_close(&conn->ssl[sockindex]);
+ ossl_close(&conn->proxy_ssl[sockindex]);
+}
+
+/*
+ * This function is called to shut down the SSL layer but keep the
+ * socket open (CCC - Clear Command Channel)
+ */
+static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
+{
+ int retval = 0;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+ char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
+ to be at least 256 bytes long. */
+ unsigned long sslerror;
+ ssize_t nread;
+ int buffsize;
+ int err;
+ int done = 0;
+
+ /* This has only been tested on the proftpd server, and the mod_tls code
+ sends a close notify alert without waiting for a close notify alert in
+ response. Thus we wait for a close notify alert from the server, but
+ we do not send one. Let's hope other servers do the same... */
+
+ if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
+ (void)SSL_shutdown(BACKEND->handle);
+
+ if(BACKEND->handle) {
+ buffsize = (int)sizeof(buf);
+ while(!done) {
+ int what = SOCKET_READABLE(conn->sock[sockindex],
+ SSL_SHUTDOWN_TIMEOUT);
+ if(what > 0) {
+ ERR_clear_error();
+
+ /* Something to read, let's do it and hope that it is the close
+ notify alert from the server */
+ nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
+ err = SSL_get_error(BACKEND->handle, (int)nread);
+
+ switch(err) {
+ case SSL_ERROR_NONE: /* this is not an error */
+ case SSL_ERROR_ZERO_RETURN: /* no more data */
+ /* This is the expected response. There was no data but only
+ the close notify alert */
+ done = 1;
+ break;
+ case SSL_ERROR_WANT_READ:
+ /* there's data pending, re-invoke SSL_read() */
+ infof(data, "SSL_ERROR_WANT_READ\n");
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ /* SSL wants a write. Really odd. Let's bail out. */
+ infof(data, "SSL_ERROR_WANT_WRITE\n");
+ done = 1;
+ break;
+ default:
+ /* openssl/ssl.h says "look at error stack/return value/errno" */
+ sslerror = ERR_get_error();
+ failf(conn->data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
+ (sslerror ?
+ ossl_strerror(sslerror, buf, sizeof(buf)) :
+ SSL_ERROR_to_str(err)),
+ SOCKERRNO);
+ done = 1;
+ break;
+ }
+ }
+ else if(0 == what) {
+ /* timeout */
+ failf(data, "SSL shutdown timeout");
+ done = 1;
+ }
+ else {
+ /* anything that gets here is fatally bad */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ retval = -1;
+ done = 1;
+ }
+ } /* while()-loop for the select() */
+
+ if(data->set.verbose) {
+#ifdef HAVE_SSL_GET_SHUTDOWN
+ switch(SSL_get_shutdown(BACKEND->handle)) {
+ case SSL_SENT_SHUTDOWN:
+ infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
+ break;
+ case SSL_RECEIVED_SHUTDOWN:
+ infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
+ break;
+ case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
+ infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
+ "SSL_RECEIVED__SHUTDOWN\n");
+ break;
+ }
+#endif
+ }
+
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = NULL;
+ }
+ return retval;
+}
+
+static void Curl_ossl_session_free(void *ptr)
+{
+ /* free the ID */
+ SSL_SESSION_free(ptr);
+}
+
+/*
+ * This function is called when the 'data' struct is going away. Close
+ * down everything and free all resources!
+ */
+static void Curl_ossl_close_all(struct Curl_easy *data)
+{
+#ifdef HAVE_OPENSSL_ENGINE_H
+ if(data->state.engine) {
+ ENGINE_finish(data->state.engine);
+ ENGINE_free(data->state.engine);
+ data->state.engine = NULL;
+ }
+#else
+ (void)data;
+#endif
+#if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
+ defined(HAVE_ERR_REMOVE_THREAD_STATE)
+ /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
+ so we need to clean it here in case the thread will be killed. All OpenSSL
+ code should extract the error in association with the error so clearing
+ this queue here should be harmless at worst. */
+ ERR_remove_thread_state(NULL);
+#endif
+}
+
+/* ====================================================== */
+
+
+/* Quote from RFC2818 section 3.1 "Server Identity"
+
+ If a subjectAltName extension of type dNSName is present, that MUST
+ be used as the identity. Otherwise, the (most specific) Common Name
+ field in the Subject field of the certificate MUST be used. Although
+ the use of the Common Name is existing practice, it is deprecated and
+ Certification Authorities are encouraged to use the dNSName instead.
+
+ Matching is performed using the matching rules specified by
+ [RFC2459]. If more than one identity of a given type is present in
+ the certificate (e.g., more than one dNSName name, a match in any one
+ of the set is considered acceptable.) Names may contain the wildcard
+ character * which is considered to match any single domain name
+ component or component fragment. E.g., *.a.com matches foo.a.com but
+ not bar.foo.a.com. f*.com matches foo.com but not bar.com.
+
+ In some cases, the URI is specified as an IP address rather than a
+ hostname. In this case, the iPAddress subjectAltName must be present
+ in the certificate and must exactly match the IP in the URI.
+
+*/
+static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
+{
+ bool matched = FALSE;
+ int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
+ size_t addrlen = 0;
+ struct Curl_easy *data = conn->data;
+ STACK_OF(GENERAL_NAME) *altnames;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+ CURLcode result = CURLE_OK;
+ bool dNSName = FALSE; /* if a dNSName field exists in the cert */
+ bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const char * const dispname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.dispname : conn->host.dispname;
+
+#ifdef ENABLE_IPV6
+ if(conn->bits.ipv6_ip &&
+ Curl_inet_pton(AF_INET6, hostname, &addr)) {
+ target = GEN_IPADD;
+ addrlen = sizeof(struct in6_addr);
+ }
+ else
+#endif
+ if(Curl_inet_pton(AF_INET, hostname, &addr)) {
+ target = GEN_IPADD;
+ addrlen = sizeof(struct in_addr);
+ }
+
+ /* get a "list" of alternative names */
+ altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
+
+ if(altnames) {
+ int numalts;
+ int i;
+ bool dnsmatched = FALSE;
+ bool ipmatched = FALSE;
+
+ /* get amount of alternatives, RFC2459 claims there MUST be at least
+ one, but we don't depend on it... */
+ numalts = sk_GENERAL_NAME_num(altnames);
+
+ /* loop through all alternatives - until a dnsmatch */
+ for(i = 0; (i < numalts) && !dnsmatched; i++) {
+ /* get a handle to alternative name number i */
+ const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
+
+ if(check->type == GEN_DNS)
+ dNSName = TRUE;
+ else if(check->type == GEN_IPADD)
+ iPAddress = TRUE;
+
+ /* only check alternatives of the same type the target is */
+ if(check->type == target) {
+ /* get data and length */
+ const char *altptr = (char *)ASN1_STRING_get0_data(check->d.ia5);
+ size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
+
+ switch(target) {
+ case GEN_DNS: /* name/pattern comparison */
+ /* The OpenSSL man page explicitly says: "In general it cannot be
+ assumed that the data returned by ASN1_STRING_data() is null
+ terminated or does not contain embedded nulls." But also that
+ "The actual format of the data will depend on the actual string
+ type itself: for example for and IA5String the data will be ASCII"
+
+ Gisle researched the OpenSSL sources:
+ "I checked the 0.9.6 and 0.9.8 sources before my patch and
+ it always 0-terminates an IA5String."
+ */
+ if((altlen == strlen(altptr)) &&
+ /* if this isn't true, there was an embedded zero in the name
+ string and we cannot match it. */
+ Curl_cert_hostcheck(altptr, hostname)) {
+ dnsmatched = TRUE;
+ infof(data,
+ " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
+ dispname, altptr);
+ }
+ break;
+
+ case GEN_IPADD: /* IP address comparison */
+ /* compare alternative IP address if the data chunk is the same size
+ our server IP address is */
+ if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
+ ipmatched = TRUE;
+ infof(data,
+ " subjectAltName: host \"%s\" matched cert's IP address!\n",
+ dispname);
+ }
+ break;
+ }
+ }
+ }
+ GENERAL_NAMES_free(altnames);
+
+ if(dnsmatched || ipmatched)
+ matched = TRUE;
+ }
+
+ if(matched)
+ /* an alternative name matched */
+ ;
+ else if(dNSName || iPAddress) {
+ infof(data, " subjectAltName does not match %s\n", dispname);
+ failf(data, "SSL: no alternative certificate subject name matches "
+ "target host name '%s'", dispname);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else {
+ /* we have to look to the last occurrence of a commonName in the
+ distinguished one to get the most significant one. */
+ int j, i = -1;
+
+ /* The following is done because of a bug in 0.9.6b */
+
+ unsigned char *nulstr = (unsigned char *)"";
+ unsigned char *peer_CN = nulstr;
+
+ X509_NAME *name = X509_get_subject_name(server_cert);
+ if(name)
+ while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
+ i = j;
+
+ /* we have the name entry and we will now convert this to a string
+ that we can use for comparison. Doing this we support BMPstring,
+ UTF8 etc. */
+
+ if(i >= 0) {
+ ASN1_STRING *tmp =
+ X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+
+ /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
+ is already UTF-8 encoded. We check for this case and copy the raw
+ string manually to avoid the problem. This code can be made
+ conditional in the future when OpenSSL has been fixed. Work-around
+ brought by Alexis S. L. Carvalho. */
+ if(tmp) {
+ if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
+ j = ASN1_STRING_length(tmp);
+ if(j >= 0) {
+ peer_CN = OPENSSL_malloc(j + 1);
+ if(peer_CN) {
+ memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
+ peer_CN[j] = '\0';
+ }
+ }
+ }
+ else /* not a UTF8 name */
+ j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
+
+ if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
+ /* there was a terminating zero before the end of string, this
+ cannot match and we return failure! */
+ failf(data, "SSL: illegal cert name field");
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ }
+ }
+
+ if(peer_CN == nulstr)
+ peer_CN = NULL;
+ else {
+ /* convert peer_CN from UTF8 */
+ CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN,
+ strlen((char *)peer_CN));
+ /* Curl_convert_from_utf8 calls failf if unsuccessful */
+ if(rc) {
+ OPENSSL_free(peer_CN);
+ return rc;
+ }
+ }
+
+ if(result)
+ /* error already detected, pass through */
+ ;
+ else if(!peer_CN) {
+ failf(data,
+ "SSL: unable to obtain common name from peer certificate");
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
+ failf(data, "SSL: certificate subject name '%s' does not match "
+ "target host name '%s'", peer_CN, dispname);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else {
+ infof(data, " common name: %s (matched)\n", peer_CN);
+ }
+ if(peer_CN)
+ OPENSSL_free(peer_CN);
+ }
+
+ return result;
+}
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+static CURLcode verifystatus(struct connectdata *conn,
+ struct ssl_connect_data *connssl)
+{
+ int i, ocsp_status;
+ const unsigned char *p;
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+
+ OCSP_RESPONSE *rsp = NULL;
+ OCSP_BASICRESP *br = NULL;
+ X509_STORE *st = NULL;
+ STACK_OF(X509) *ch = NULL;
+
+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
+
+ if(!p) {
+ failf(data, "No OCSP response received");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+ if(!rsp) {
+ failf(data, "Invalid OCSP response");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ ocsp_status = OCSP_response_status(rsp);
+ if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+ failf(data, "Invalid OCSP response status: %s (%d)",
+ OCSP_response_status_str(ocsp_status), ocsp_status);
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ br = OCSP_response_get1_basic(rsp);
+ if(!br) {
+ failf(data, "Invalid OCSP response");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ ch = SSL_get_peer_cert_chain(BACKEND->handle);
+ st = SSL_CTX_get_cert_store(BACKEND->ctx);
+
+#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
+ (defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
+ /* The authorized responder cert in the OCSP response MUST be signed by the
+ peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
+ no problem, but if it's an intermediate cert OpenSSL has a bug where it
+ expects this issuer to be present in the chain embedded in the OCSP
+ response. So we add it if necessary. */
+
+ /* First make sure the peer cert chain includes both a peer and an issuer,
+ and the OCSP response contains a responder cert. */
+ if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
+ X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
+
+ /* Find issuer of responder cert and add it to the OCSP response chain */
+ for(i = 0; i < sk_X509_num(ch); i++) {
+ X509 *issuer = sk_X509_value(ch, i);
+ if(X509_check_issued(issuer, responder) == X509_V_OK) {
+ if(!OCSP_basic_add1_cert(br, issuer)) {
+ failf(data, "Could not add issuer cert to OCSP response");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+ }
+ }
+ }
+#endif
+
+ if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
+ failf(data, "OCSP response verification failed");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ for(i = 0; i < OCSP_resp_count(br); i++) {
+ int cert_status, crl_reason;
+ OCSP_SINGLERESP *single = NULL;
+
+ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+ single = OCSP_resp_get0(br, i);
+ if(!single)
+ continue;
+
+ cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
+ &thisupd, &nextupd);
+
+ if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
+ failf(data, "OCSP response has expired");
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+
+ infof(data, "SSL certificate status: %s (%d)\n",
+ OCSP_cert_status_str(cert_status), cert_status);
+
+ switch(cert_status) {
+ case V_OCSP_CERTSTATUS_GOOD:
+ break;
+
+ case V_OCSP_CERTSTATUS_REVOKED:
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+
+ failf(data, "SSL certificate revocation reason: %s (%d)",
+ OCSP_crl_reason_str(crl_reason), crl_reason);
+ goto end;
+
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto end;
+ }
+ }
+
+end:
+ if(br) OCSP_BASICRESP_free(br);
+ OCSP_RESPONSE_free(rsp);
+
+ return result;
+}
+#endif
+
+#endif /* USE_OPENSSL */
+
+/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
+ and thus this cannot be done there. */
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+
+static const char *ssl_msg_type(int ssl_ver, int msg)
+{
+#ifdef SSL2_VERSION_MAJOR
+ if(ssl_ver == SSL2_VERSION_MAJOR) {
+ switch(msg) {
+ case SSL2_MT_ERROR:
+ return "Error";
+ case SSL2_MT_CLIENT_HELLO:
+ return "Client hello";
+ case SSL2_MT_CLIENT_MASTER_KEY:
+ return "Client key";
+ case SSL2_MT_CLIENT_FINISHED:
+ return "Client finished";
+ case SSL2_MT_SERVER_HELLO:
+ return "Server hello";
+ case SSL2_MT_SERVER_VERIFY:
+ return "Server verify";
+ case SSL2_MT_SERVER_FINISHED:
+ return "Server finished";
+ case SSL2_MT_REQUEST_CERTIFICATE:
+ return "Request CERT";
+ case SSL2_MT_CLIENT_CERTIFICATE:
+ return "Client CERT";
+ }
+ }
+ else
+#endif
+ if(ssl_ver == SSL3_VERSION_MAJOR) {
+ switch(msg) {
+ case SSL3_MT_HELLO_REQUEST:
+ return "Hello request";
+ case SSL3_MT_CLIENT_HELLO:
+ return "Client hello";
+ case SSL3_MT_SERVER_HELLO:
+ return "Server hello";
+#ifdef SSL3_MT_NEWSESSION_TICKET
+ case SSL3_MT_NEWSESSION_TICKET:
+ return "Newsession Ticket";
+#endif
+ case SSL3_MT_CERTIFICATE:
+ return "Certificate";
+ case SSL3_MT_SERVER_KEY_EXCHANGE:
+ return "Server key exchange";
+ case SSL3_MT_CLIENT_KEY_EXCHANGE:
+ return "Client key exchange";
+ case SSL3_MT_CERTIFICATE_REQUEST:
+ return "Request CERT";
+ case SSL3_MT_SERVER_DONE:
+ return "Server finished";
+ case SSL3_MT_CERTIFICATE_VERIFY:
+ return "CERT verify";
+ case SSL3_MT_FINISHED:
+ return "Finished";
+#ifdef SSL3_MT_CERTIFICATE_STATUS
+ case SSL3_MT_CERTIFICATE_STATUS:
+ return "Certificate Status";
+#endif
+ }
+ }
+ return "Unknown";
+}
+
+static const char *tls_rt_type(int type)
+{
+ switch(type) {
+#ifdef SSL3_RT_HEADER
+ case SSL3_RT_HEADER:
+ return "TLS header";
+#endif
+ case SSL3_RT_CHANGE_CIPHER_SPEC:
+ return "TLS change cipher";
+ case SSL3_RT_ALERT:
+ return "TLS alert";
+ case SSL3_RT_HANDSHAKE:
+ return "TLS handshake";
+ case SSL3_RT_APPLICATION_DATA:
+ return "TLS app data";
+ default:
+ return "TLS Unknown";
+ }
+}
+
+
+/*
+ * Our callback from the SSL/TLS layers.
+ */
+static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
+ const void *buf, size_t len, SSL *ssl,
+ void *userp)
+{
+ struct Curl_easy *data;
+ const char *msg_name, *tls_rt_name;
+ char ssl_buf[1024];
+ char unknown[32];
+ int msg_type, txt_len;
+ const char *verstr = NULL;
+ struct connectdata *conn = userp;
+
+ if(!conn || !conn->data || !conn->data->set.fdebug ||
+ (direction != 0 && direction != 1))
+ return;
+
+ data = conn->data;
+
+ switch(ssl_ver) {
+#ifdef SSL2_VERSION /* removed in recent versions */
+ case SSL2_VERSION:
+ verstr = "SSLv2";
+ break;
+#endif
+#ifdef SSL3_VERSION
+ case SSL3_VERSION:
+ verstr = "SSLv3";
+ break;
+#endif
+ case TLS1_VERSION:
+ verstr = "TLSv1.0";
+ break;
+#ifdef TLS1_1_VERSION
+ case TLS1_1_VERSION:
+ verstr = "TLSv1.1";
+ break;
+#endif
+#ifdef TLS1_2_VERSION
+ case TLS1_2_VERSION:
+ verstr = "TLSv1.2";
+ break;
+#endif
+#ifdef TLS1_3_VERSION
+ case TLS1_3_VERSION:
+ verstr = "TLSv1.3";
+ break;
+#endif
+ case 0:
+ break;
+ default:
+ snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
+ verstr = unknown;
+ break;
+ }
+
+ if(ssl_ver) {
+ /* the info given when the version is zero is not that useful for us */
+
+ ssl_ver >>= 8; /* check the upper 8 bits only below */
+
+ /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
+ * always pass-up content-type as 0. But the interesting message-type
+ * is at 'buf[0]'.
+ */
+ if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
+ tls_rt_name = tls_rt_type(content_type);
+ else
+ tls_rt_name = "";
+
+ msg_type = *(char *)buf;
+ msg_name = ssl_msg_type(ssl_ver, msg_type);
+
+ txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
+ verstr, direction?"OUT":"IN",
+ tls_rt_name, msg_name, msg_type);
+ Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
+ }
+
+ Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
+ CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
+ (void) ssl;
+}
+#endif
+
+#ifdef USE_OPENSSL
+/* ====================================================== */
+
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+# define use_sni(x) sni = (x)
+#else
+# define use_sni(x) Curl_nop_stmt
+#endif
+
+/* Check for OpenSSL 1.0.2 which has ALPN support. */
+#undef HAS_ALPN
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L \
+ && !defined(OPENSSL_NO_TLSEXT)
+# define HAS_ALPN 1
+#endif
+
+/* Check for OpenSSL 1.0.1 which has NPN support. */
+#undef HAS_NPN
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
+ && !defined(OPENSSL_NO_TLSEXT) \
+ && !defined(OPENSSL_NO_NEXTPROTONEG)
+# define HAS_NPN 1
+#endif
+
+#ifdef HAS_NPN
+
+/*
+ * in is a list of length prefixed strings. this function has to select
+ * the protocol we want to use from the list and write its string into out.
+ */
+
+static int
+select_next_protocol(unsigned char **out, unsigned char *outlen,
+ const unsigned char *in, unsigned int inlen,
+ const char *key, unsigned int keylen)
+{
+ unsigned int i;
+ for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
+ if(memcmp(&in[i + 1], key, keylen) == 0) {
+ *out = (unsigned char *) &in[i + 1];
+ *outlen = in[i];
+ return 0;
+ }
+ }
+ return -1;
+}
+
+static int
+select_next_proto_cb(SSL *ssl,
+ unsigned char **out, unsigned char *outlen,
+ const unsigned char *in, unsigned int inlen,
+ void *arg)
+{
+ struct connectdata *conn = (struct connectdata*) arg;
+
+ (void)ssl;
+
+#ifdef USE_NGHTTP2
+ if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN)) {
+ infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
+ NGHTTP2_PROTO_VERSION_ID);
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ return SSL_TLSEXT_ERR_OK;
+ }
+#endif
+
+ if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
+ ALPN_HTTP_1_1_LENGTH)) {
+ infof(conn->data, "NPN, negotiated HTTP1.1\n");
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ return SSL_TLSEXT_ERR_OK;
+ }
+
+ infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
+ *out = (unsigned char *)ALPN_HTTP_1_1;
+ *outlen = ALPN_HTTP_1_1_LENGTH;
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+
+ return SSL_TLSEXT_ERR_OK;
+}
+#endif /* HAS_NPN */
+
+static const char *
+get_ssl_version_txt(SSL *ssl)
+{
+ if(!ssl)
+ return "";
+
+ switch(SSL_version(ssl)) {
+#ifdef TLS1_3_VERSION
+ case TLS1_3_VERSION:
+ return "TLSv1.3";
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ case TLS1_2_VERSION:
+ return "TLSv1.2";
+ case TLS1_1_VERSION:
+ return "TLSv1.1";
+#endif
+ case TLS1_VERSION:
+ return "TLSv1.0";
+ case SSL3_VERSION:
+ return "SSLv3";
+ case SSL2_VERSION:
+ return "SSLv2";
+ }
+ return "unknown";
+}
+
+static CURLcode
+set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
+ int sockindex)
+{
+#if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
+ /* convoluted #if condition just to avoid compiler warnings on unused
+ variable */
+ struct Curl_easy *data = conn->data;
+#endif
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+
+ if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
+ ssl_version_max = ssl_version << 16;
+ }
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_TLSv1_3:
+#ifdef TLS1_3_VERSION
+ {
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SSL_CTX_set_max_proto_version(BACKEND->ctx, TLS1_3_VERSION);
+ *ctx_options |= SSL_OP_NO_TLSv1_2;
+ }
+#else
+ (void)sockindex;
+ failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_TLSv1_2:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1_1;
+#else
+ failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_TLSv1_1:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1;
+#else
+ failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_TLSv1_0:
+ *ctx_options |= SSL_OP_NO_SSLv2;
+ *ctx_options |= SSL_OP_NO_SSLv3;
+ break;
+ }
+
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_TLSv1_0:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1_1;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_MAX_TLSv1_1:
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ *ctx_options |= SSL_OP_NO_TLSv1_2;
+#endif
+ /* FALLTHROUGH */
+ case CURL_SSLVERSION_MAX_TLSv1_2:
+ case CURL_SSLVERSION_MAX_DEFAULT:
+#ifdef TLS1_3_VERSION
+ *ctx_options |= SSL_OP_NO_TLSv1_3;
+#endif
+ break;
+ case CURL_SSLVERSION_MAX_TLSv1_3:
+#ifdef TLS1_3_VERSION
+ break;
+#else
+ failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+ }
+ return CURLE_OK;
+}
+
+static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
+{
+ CURLcode result = CURLE_OK;
+ char *ciphers;
+ struct Curl_easy *data = conn->data;
+ SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
+ X509_LOOKUP *lookup = NULL;
+ curl_socket_t sockfd = conn->sock[sockindex];
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ long ctx_options = 0;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ bool sni;
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr;
+#else
+ struct in_addr addr;
+#endif
+#endif
+ long * const certverifyresult = SSL_IS_PROXY() ?
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ const long int ssl_version = SSL_CONN_CONFIG(version);
+#ifdef USE_TLS_SRP
+ const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
+#endif
+ char * const ssl_cert = SSL_SET_OPTION(cert);
+ const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
+ const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
+ const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
+ const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
+ const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
+ char error_buffer[256];
+
+ DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
+
+ /* Make funny stuff to get random input */
+ result = Curl_ossl_seed(data);
+ if(result)
+ return result;
+
+ *certverifyresult = !X509_V_OK;
+
+ /* check to see if we've been told to use an explicit SSL/TLS version */
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ /* it will be handled later with the context options */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
+ !defined(LIBRESSL_VERSION_NUMBER)
+ req_method = TLS_client_method();
+#else
+ req_method = SSLv23_client_method();
+#endif
+ use_sni(TRUE);
+ break;
+ case CURL_SSLVERSION_SSLv2:
+#ifdef OPENSSL_NO_SSL2
+ failf(data, OSSL_PACKAGE " was built without SSLv2 support");
+ return CURLE_NOT_BUILT_IN;
+#else
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP)
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+ req_method = SSLv2_client_method();
+ use_sni(FALSE);
+ break;
+#endif
+ case CURL_SSLVERSION_SSLv3:
+#ifdef OPENSSL_NO_SSL3_METHOD
+ failf(data, OSSL_PACKAGE " was built without SSLv3 support");
+ return CURLE_NOT_BUILT_IN;
+#else
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP)
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
+ req_method = SSLv3_client_method();
+ use_sni(FALSE);
+ break;
+#endif
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(BACKEND->ctx)
+ SSL_CTX_free(BACKEND->ctx);
+ BACKEND->ctx = SSL_CTX_new(req_method);
+
+ if(!BACKEND->ctx) {
+ failf(data, "SSL: couldn't create a context: %s",
+ ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode(BACKEND->ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+
+#ifdef SSL_CTRL_SET_MSG_CALLBACK
+ if(data->set.fdebug && data->set.verbose) {
+ /* the SSL trace callback is only used for verbose logging */
+ SSL_CTX_set_msg_callback(BACKEND->ctx, ssl_tls_trace);
+ SSL_CTX_set_msg_callback_arg(BACKEND->ctx, conn);
+ }
+#endif
+
+ /* OpenSSL contains code to work-around lots of bugs and flaws in various
+ SSL-implementations. SSL_CTX_set_options() is used to enabled those
+ work-arounds. The man page for this option states that SSL_OP_ALL enables
+ all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
+ enable the bug workaround options if compatibility with somewhat broken
+ implementations is desired."
+
+ The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
+ disable "rfc4507bis session ticket support". rfc4507bis was later turned
+ into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
+
+ The enabled extension concerns the session management. I wonder how often
+ libcurl stops a connection and then resumes a TLS session. also, sending
+ the session data is some overhead. .I suggest that you just use your
+ proposed patch (which explicitly disables TICKET).
+
+ If someone writes an application with libcurl and openssl who wants to
+ enable the feature, one can do this in the SSL callback.
+
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
+ interoperability with web server Netscape Enterprise Server 2.0.1 which
+ was released back in 1996.
+
+ Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
+ become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
+ CVE-2010-4180 when using previous OpenSSL versions we no longer enable
+ this option regardless of OpenSSL version and SSL_OP_ALL definition.
+
+ OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
+ (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
+ SSL_OP_ALL that _disables_ that work-around despite the fact that
+ SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
+ keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
+ must not be set.
+ */
+
+ ctx_options = SSL_OP_ALL;
+
+#ifdef SSL_OP_NO_TICKET
+ ctx_options |= SSL_OP_NO_TICKET;
+#endif
+
+#ifdef SSL_OP_NO_COMPRESSION
+ ctx_options |= SSL_OP_NO_COMPRESSION;
+#endif
+
+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ /* mitigate CVE-2010-4180 */
+ ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
+#endif
+
+#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ /* unless the user explicitly ask to allow the protocol vulnerability we
+ use the work-around */
+ if(!SSL_SET_OPTION(enable_beast))
+ ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_SSLv3:
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP) {
+ infof(data, "Set version TLSv1.x for SRP authorisation\n");
+ }
+#endif
+ ctx_options |= SSL_OP_NO_SSLv2;
+ ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ ctx_options |= SSL_OP_NO_TLSv1_1;
+ ctx_options |= SSL_OP_NO_TLSv1_2;
+#ifdef TLS1_3_VERSION
+ ctx_options |= SSL_OP_NO_TLSv1_3;
+#endif
+#endif
+ break;
+
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ ctx_options |= SSL_OP_NO_SSLv2;
+ ctx_options |= SSL_OP_NO_SSLv3;
+ break;
+
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
+ if(result != CURLE_OK)
+ return result;
+ break;
+
+ case CURL_SSLVERSION_SSLv2:
+#ifndef OPENSSL_NO_SSL2
+ ctx_options |= SSL_OP_NO_SSLv3;
+ ctx_options |= SSL_OP_NO_TLSv1;
+#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ ctx_options |= SSL_OP_NO_TLSv1_1;
+ ctx_options |= SSL_OP_NO_TLSv1_2;
+#ifdef TLS1_3_VERSION
+ ctx_options |= SSL_OP_NO_TLSv1_3;
+#endif
+#endif
+ break;
+#else
+ failf(data, OSSL_PACKAGE " was built without SSLv2 support");
+ return CURLE_NOT_BUILT_IN;
+#endif
+
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ SSL_CTX_set_options(BACKEND->ctx, ctx_options);
+
+#ifdef HAS_NPN
+ if(conn->bits.tls_enable_npn)
+ SSL_CTX_set_next_proto_select_cb(BACKEND->ctx, select_next_proto_cb, conn);
+#endif
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ int cur = 0;
+ unsigned char protocols[128];
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
+ protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
+
+ memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN);
+ cur += NGHTTP2_PROTO_VERSION_ID_LEN;
+ infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+#endif
+
+ protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
+ memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
+ cur += ALPN_HTTP_1_1_LENGTH;
+ infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+ /* expects length prefixed preference ordered list of protocols in wire
+ * format
+ */
+ SSL_CTX_set_alpn_protos(BACKEND->ctx, protocols, cur);
+ }
+#endif
+
+ if(ssl_cert || ssl_cert_type) {
+ if(!cert_stuff(conn, BACKEND->ctx, ssl_cert, ssl_cert_type,
+ SSL_SET_OPTION(key), SSL_SET_OPTION(key_type),
+ SSL_SET_OPTION(key_passwd))) {
+ /* failf() is already done in cert_stuff() */
+ return CURLE_SSL_CERTPROBLEM;
+ }
+ }
+
+ ciphers = SSL_CONN_CONFIG(cipher_list);
+ if(!ciphers)
+ ciphers = (char *)DEFAULT_CIPHER_SELECTION;
+ if(ciphers) {
+ if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
+ failf(data, "failed setting cipher list: %s", ciphers);
+ return CURLE_SSL_CIPHER;
+ }
+ infof(data, "Cipher selection: %s\n", ciphers);
+ }
+
+#ifdef USE_TLS_SRP
+ if(ssl_authtype == CURL_TLSAUTH_SRP) {
+ char * const ssl_username = SSL_SET_OPTION(username);
+
+ infof(data, "Using TLS-SRP username: %s\n", ssl_username);
+
+ if(!SSL_CTX_set_srp_username(BACKEND->ctx, ssl_username)) {
+ failf(data, "Unable to set SRP user name");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ if(!SSL_CTX_set_srp_password(BACKEND->ctx, SSL_SET_OPTION(password))) {
+ failf(data, "failed setting SRP password");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ if(!SSL_CONN_CONFIG(cipher_list)) {
+ infof(data, "Setting cipher list SRP\n");
+
+ if(!SSL_CTX_set_cipher_list(BACKEND->ctx, "SRP")) {
+ failf(data, "failed setting SRP cipher list");
+ return CURLE_SSL_CIPHER;
+ }
+ }
+ }
+#endif
+
+ if(ssl_cafile || ssl_capath) {
+ /* tell SSL where to find CA certificates that are used to verify
+ the servers certificate. */
+ if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
+ if(verifypeer) {
+ /* Fail if we insist on successfully verifying the server. */
+ failf(data, "error setting certificate verify locations:\n"
+ " CAfile: %s\n CApath: %s",
+ ssl_cafile ? ssl_cafile : "none",
+ ssl_capath ? ssl_capath : "none");
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ /* Just continue with a warning if no strict certificate verification
+ is required. */
+ infof(data, "error setting certificate verify locations,"
+ " continuing anyway:\n");
+ }
+ else {
+ /* Everything is fine. */
+ infof(data, "successfully set certificate verify locations:\n");
+ }
+ infof(data,
+ " CAfile: %s\n"
+ " CApath: %s\n",
+ ssl_cafile ? ssl_cafile : "none",
+ ssl_capath ? ssl_capath : "none");
+ }
+#ifdef CURL_CA_FALLBACK
+ else if(verifypeer) {
+ /* verfying the peer without any CA certificates won't
+ work so use openssl's built in default as fallback */
+ SSL_CTX_set_default_verify_paths(BACKEND->ctx);
+ }
+#endif
+
+ if(ssl_crlfile) {
+ /* tell SSL where to find CRL file that is used to check certificate
+ * revocation */
+ lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(BACKEND->ctx),
+ X509_LOOKUP_file());
+ if(!lookup ||
+ (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
+ failf(data, "error loading CRL file: %s", ssl_crlfile);
+ return CURLE_SSL_CRL_BADFILE;
+ }
+ /* Everything is fine. */
+ infof(data, "successfully load CRL file:\n");
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
+ X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
+
+ infof(data, " CRLfile: %s\n", ssl_crlfile);
+ }
+
+ /* Try building a chain using issuers in the trusted store first to avoid
+ problems with server-sent legacy intermediates.
+ Newer versions of OpenSSL do alternate chain checking by default which
+ gives us the same fix without as much of a performance hit (slight), so we
+ prefer that if available.
+ https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
+ */
+#if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
+ if(verifypeer) {
+ X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
+ X509_V_FLAG_TRUSTED_FIRST);
+ }
+#endif
+
+ /* SSL always tries to verify the peer, this only says whether it should
+ * fail to connect if the verification fails, or if it should continue
+ * anyway. In the latter case the result of the verification is checked with
+ * SSL_get_verify_result() below. */
+ SSL_CTX_set_verify(BACKEND->ctx,
+ verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
+
+ /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
+#if defined(ENABLE_SSLKEYLOGFILE) && defined(HAVE_KEYLOG_CALLBACK)
+ if(keylog_file) {
+ SSL_CTX_set_keylog_callback(connssl->ctx, ossl_keylog_callback);
+ }
+#endif
+
+ /* give application a chance to interfere with SSL set up. */
+ if(data->set.ssl.fsslctx) {
+ result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx,
+ data->set.ssl.fsslctxp);
+ if(result) {
+ failf(data, "error signaled by ssl ctx callback");
+ return result;
+ }
+ }
+
+ /* Lets make an SSL structure */
+ if(BACKEND->handle)
+ SSL_free(BACKEND->handle);
+ BACKEND->handle = SSL_new(BACKEND->ctx);
+ if(!BACKEND->handle) {
+ failf(data, "SSL: couldn't create a context (handle)!");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+ if(SSL_CONN_CONFIG(verifystatus))
+ SSL_set_tlsext_status_type(BACKEND->handle, TLSEXT_STATUSTYPE_ocsp);
+#endif
+
+ SSL_set_connect_state(BACKEND->handle);
+
+ BACKEND->server_cert = 0x0;
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
+#ifdef ENABLE_IPV6
+ (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
+#endif
+ sni &&
+ !SSL_set_tlsext_host_name(BACKEND->handle, hostname))
+ infof(data, "WARNING: failed to configure server name indication (SNI) "
+ "TLS extension\n");
+#endif
+
+ /* Check if there's a cached ID we can/should use here! */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ void *ssl_sessionid = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
+ /* we got a session id, use it! */
+ if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "SSL: SSL_set_session failed: %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ /* Informational message */
+ infof(data, "SSL re-using session ID\n");
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ if(conn->proxy_ssl[sockindex].use) {
+ BIO *const bio = BIO_new(BIO_f_ssl());
+ SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
+ DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
+ DEBUGASSERT(handle != NULL);
+ DEBUGASSERT(bio != NULL);
+ BIO_set_ssl(bio, handle, FALSE);
+ SSL_set_bio(BACKEND->handle, bio, bio);
+ }
+ else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
+ /* pass the raw socket into the SSL layers */
+ failf(data, "SSL: SSL_set_fd failed: %s",
+ ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ connssl->connecting_state = ssl_connect_2;
+
+ return CURLE_OK;
+}
+
+static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ int err;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ long * const certverifyresult = SSL_IS_PROXY() ?
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
+ || ssl_connect_2_reading == connssl->connecting_state
+ || ssl_connect_2_writing == connssl->connecting_state);
+
+ ERR_clear_error();
+
+ err = SSL_connect(BACKEND->handle);
+ /* If keylogging is enabled but the keylog callback is not supported then log
+ secrets here, immediately after SSL_connect by using tap_ssl_key. */
+#if defined(ENABLE_SSLKEYLOGFILE) && !defined(HAVE_KEYLOG_CALLBACK)
+ tap_ssl_key(BACKEND->handle, &BACKEND->tap_state);
+#endif
+
+ /* 1 is fine
+ 0 is "not successful but was shut down controlled"
+ <0 is "handshake was not successful, because a fatal error occurred" */
+ if(1 != err) {
+ int detail = SSL_get_error(BACKEND->handle, err);
+
+ if(SSL_ERROR_WANT_READ == detail) {
+ connssl->connecting_state = ssl_connect_2_reading;
+ return CURLE_OK;
+ }
+ if(SSL_ERROR_WANT_WRITE == detail) {
+ connssl->connecting_state = ssl_connect_2_writing;
+ return CURLE_OK;
+ }
+ else {
+ /* untreated error */
+ unsigned long errdetail;
+ char error_buffer[256]="";
+ CURLcode result;
+ long lerr;
+ int lib;
+ int reason;
+
+ /* the connection failed, we're not waiting for anything else. */
+ connssl->connecting_state = ssl_connect_2;
+
+ /* Get the earliest error code from the thread's error queue and removes
+ the entry. */
+ errdetail = ERR_get_error();
+
+ /* Extract which lib and reason */
+ lib = ERR_GET_LIB(errdetail);
+ reason = ERR_GET_REASON(errdetail);
+
+ if((lib == ERR_LIB_SSL) &&
+ (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
+ result = CURLE_SSL_CACERT;
+
+ lerr = SSL_get_verify_result(BACKEND->handle);
+ if(lerr != X509_V_OK) {
+ *certverifyresult = lerr;
+ snprintf(error_buffer, sizeof(error_buffer),
+ "SSL certificate problem: %s",
+ X509_verify_cert_error_string(lerr));
+ }
+ else
+ /* strcpy() is fine here as long as the string fits within
+ error_buffer */
+ strcpy(error_buffer, "SSL certificate verification failed");
+ }
+ else {
+ result = CURLE_SSL_CONNECT_ERROR;
+ ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
+ }
+
+ /* detail is already set to the SSL error above */
+
+ /* If we e.g. use SSLv2 request-method and the server doesn't like us
+ * (RST connection etc.), OpenSSL gives no explanation whatsoever and
+ * the SO_ERROR is also lost.
+ */
+ if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
+ const char * const hostname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.name : conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+ failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%ld ",
+ SSL_ERROR_to_str(detail), hostname, port);
+ return result;
+ }
+
+ /* Could be a CERT problem */
+ failf(data, "%s", error_buffer);
+
+ return result;
+ }
+ }
+ else {
+ /* we have been connected fine, we're not waiting for anything else. */
+ connssl->connecting_state = ssl_connect_3;
+
+ /* Informational message */
+ infof(data, "SSL connection using %s / %s\n",
+ get_ssl_version_txt(BACKEND->handle),
+ SSL_get_cipher(BACKEND->handle));
+
+#ifdef HAS_ALPN
+ /* Sets data and len to negotiated protocol, len is 0 if no protocol was
+ * negotiated
+ */
+ if(conn->bits.tls_enable_alpn) {
+ const unsigned char *neg_protocol;
+ unsigned int len;
+ SSL_get0_alpn_selected(BACKEND->handle, &neg_protocol, &len);
+ if(len != 0) {
+ infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
+
+#ifdef USE_NGHTTP2
+ if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
+ !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(len == ALPN_HTTP_1_1_LENGTH &&
+ !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ }
+ else
+ infof(data, "ALPN, server did not agree to a protocol\n");
+ }
+#endif
+
+ return CURLE_OK;
+ }
+}
+
+static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
+{
+ int i, ilen;
+
+ ilen = (int)len;
+ if(ilen < 0)
+ return 1; /* buffer too big */
+
+ i = i2t_ASN1_OBJECT(buf, ilen, a);
+
+ if(i >= ilen)
+ return 1; /* buffer too small */
+
+ return 0;
+}
+
+#define push_certinfo(_label, _num) \
+do { \
+ long info_len = BIO_get_mem_data(mem, &ptr); \
+ Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
+ if(1 != BIO_reset(mem)) \
+ break; \
+} WHILE_FALSE
+
+static void pubkey_show(struct Curl_easy *data,
+ BIO *mem,
+ int num,
+ const char *type,
+ const char *name,
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ const
+#endif
+ BIGNUM *bn)
+{
+ char *ptr;
+ char namebuf[32];
+
+ snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
+
+ if(bn)
+ BN_print(mem, bn);
+ push_certinfo(namebuf, num);
+}
+
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+#define print_pubkey_BN(_type, _name, _num) \
+ pubkey_show(data, mem, _num, #_type, #_name, _name)
+
+#else
+#define print_pubkey_BN(_type, _name, _num) \
+do { \
+ if(_type->_name) { \
+ pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
+ } \
+} WHILE_FALSE
+#endif
+
+static int X509V3_ext(struct Curl_easy *data,
+ int certnum,
+ CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
+{
+ int i;
+ size_t j;
+
+ if((int)sk_X509_EXTENSION_num(exts) <= 0)
+ /* no extensions, bail out */
+ return 1;
+
+ for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+ BUF_MEM *biomem;
+ char buf[512];
+ char *ptr = buf;
+ char namebuf[128];
+ BIO *bio_out = BIO_new(BIO_s_mem());
+
+ if(!bio_out)
+ return 1;
+
+ obj = X509_EXTENSION_get_object(ext);
+
+ asn1_object_dump(obj, namebuf, sizeof(namebuf));
+
+ if(!X509V3_EXT_print(bio_out, ext, 0, 0))
+ ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
+
+ BIO_get_mem_ptr(bio_out, &biomem);
+
+ for(j = 0; j < (size_t)biomem->length; j++) {
+ const char *sep = "";
+ if(biomem->data[j] == '\n') {
+ sep = ", ";
+ j++; /* skip the newline */
+ };
+ while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
+ j++;
+ if(j<(size_t)biomem->length)
+ ptr += snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
+ biomem->data[j]);
+ }
+
+ Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
+
+ BIO_free(bio_out);
+
+ }
+ return 0; /* all is fine */
+}
+
+static CURLcode get_cert_chain(struct connectdata *conn,
+ struct ssl_connect_data *connssl)
+
+{
+ CURLcode result;
+ STACK_OF(X509) *sk;
+ int i;
+ struct Curl_easy *data = conn->data;
+ int numcerts;
+ BIO *mem;
+
+ sk = SSL_get_peer_cert_chain(BACKEND->handle);
+ if(!sk) {
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ numcerts = sk_X509_num(sk);
+
+ result = Curl_ssl_init_certinfo(data, numcerts);
+ if(result) {
+ return result;
+ }
+
+ mem = BIO_new(BIO_s_mem());
+
+ for(i = 0; i < numcerts; i++) {
+ ASN1_INTEGER *num;
+ X509 *x = sk_X509_value(sk, i);
+ EVP_PKEY *pubkey = NULL;
+ int j;
+ char *ptr;
+ const ASN1_BIT_STRING *psig = NULL;
+
+ X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+ push_certinfo("Subject", i);
+
+ X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+ push_certinfo("Issuer", i);
+
+ BIO_printf(mem, "%lx", X509_get_version(x));
+ push_certinfo("Version", i);
+
+ num = X509_get_serialNumber(x);
+ if(num->type == V_ASN1_NEG_INTEGER)
+ BIO_puts(mem, "-");
+ for(j = 0; j < num->length; j++)
+ BIO_printf(mem, "%02x", num->data[j]);
+ push_certinfo("Serial Number", i);
+
+#if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
+ {
+ const X509_ALGOR *palg = NULL;
+ ASN1_STRING *a = ASN1_STRING_new();
+ if(a) {
+ X509_get0_signature(&psig, &palg, x);
+ X509_signature_print(mem, palg, a);
+ ASN1_STRING_free(a);
+
+ if(palg) {
+ i2a_ASN1_OBJECT(mem, palg->algorithm);
+ push_certinfo("Public Key Algorithm", i);
+ }
+ }
+ X509V3_ext(data, i, X509_get0_extensions(x));
+ }
+#else
+ {
+ /* before OpenSSL 1.0.2 */
+ X509_CINF *cinf = x->cert_info;
+
+ i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
+ push_certinfo("Signature Algorithm", i);
+
+ i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
+ push_certinfo("Public Key Algorithm", i);
+
+ X509V3_ext(data, i, cinf->extensions);
+
+ psig = x->signature;
+ }
+#endif
+
+ ASN1_TIME_print(mem, X509_get0_notBefore(x));
+ push_certinfo("Start date", i);
+
+ ASN1_TIME_print(mem, X509_get0_notAfter(x));
+ push_certinfo("Expire date", i);
+
+ pubkey = X509_get_pubkey(x);
+ if(!pubkey)
+ infof(data, " Unable to load public key\n");
+ else {
+ int pktype;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ pktype = EVP_PKEY_id(pubkey);
+#else
+ pktype = pubkey->type;
+#endif
+ switch(pktype) {
+ case EVP_PKEY_RSA:
+ {
+ RSA *rsa;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ rsa = EVP_PKEY_get0_RSA(pubkey);
+#else
+ rsa = pubkey->pkey.rsa;
+#endif
+
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ {
+ const BIGNUM *n;
+ const BIGNUM *e;
+
+ RSA_get0_key(rsa, &n, &e, NULL);
+ BN_print(mem, n);
+ push_certinfo("RSA Public Key", i);
+ print_pubkey_BN(rsa, n, i);
+ print_pubkey_BN(rsa, e, i);
+ }
+#else
+ BIO_printf(mem, "%d", BN_num_bits(rsa->n));
+ push_certinfo("RSA Public Key", i);
+ print_pubkey_BN(rsa, n, i);
+ print_pubkey_BN(rsa, e, i);
+#endif
+
+ break;
+ }
+ case EVP_PKEY_DSA:
+ {
+#ifndef OPENSSL_NO_DSA
+ DSA *dsa;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ dsa = EVP_PKEY_get0_DSA(pubkey);
+#else
+ dsa = pubkey->pkey.dsa;
+#endif
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ {
+ const BIGNUM *p;
+ const BIGNUM *q;
+ const BIGNUM *g;
+ const BIGNUM *pub_key;
+
+ DSA_get0_pqg(dsa, &p, &q, &g);
+ DSA_get0_key(dsa, &pub_key, NULL);
+
+ print_pubkey_BN(dsa, p, i);
+ print_pubkey_BN(dsa, q, i);
+ print_pubkey_BN(dsa, g, i);
+ print_pubkey_BN(dsa, pub_key, i);
+ }
+#else
+ print_pubkey_BN(dsa, p, i);
+ print_pubkey_BN(dsa, q, i);
+ print_pubkey_BN(dsa, g, i);
+ print_pubkey_BN(dsa, pub_key, i);
+#endif
+#endif /* !OPENSSL_NO_DSA */
+ break;
+ }
+ case EVP_PKEY_DH:
+ {
+ DH *dh;
+#ifdef HAVE_OPAQUE_EVP_PKEY
+ dh = EVP_PKEY_get0_DH(pubkey);
+#else
+ dh = pubkey->pkey.dh;
+#endif
+#ifdef HAVE_OPAQUE_RSA_DSA_DH
+ {
+ const BIGNUM *p;
+ const BIGNUM *q;
+ const BIGNUM *g;
+ const BIGNUM *pub_key;
+ DH_get0_pqg(dh, &p, &q, &g);
+ DH_get0_key(dh, &pub_key, NULL);
+ print_pubkey_BN(dh, p, i);
+ print_pubkey_BN(dh, q, i);
+ print_pubkey_BN(dh, g, i);
+ print_pubkey_BN(dh, pub_key, i);
+ }
+#else
+ print_pubkey_BN(dh, p, i);
+ print_pubkey_BN(dh, g, i);
+ print_pubkey_BN(dh, pub_key, i);
+#endif
+ break;
+ }
+#if 0
+ case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
+ /* left TODO */
+ break;
+#endif
+ }
+ EVP_PKEY_free(pubkey);
+ }
+
+ if(psig) {
+ for(j = 0; j < psig->length; j++)
+ BIO_printf(mem, "%02x:", psig->data[j]);
+ push_certinfo("Signature", i);
+ }
+
+ PEM_write_bio_X509(mem, x);
+ push_certinfo("Cert", i);
+ }
+
+ BIO_free(mem);
+
+ return CURLE_OK;
+}
+
+/*
+ * Heavily modified from:
+ * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
+ */
+static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
+ const char *pinnedpubkey)
+{
+ /* Scratch */
+ int len1 = 0, len2 = 0;
+ unsigned char *buff1 = NULL, *temp = NULL;
+
+ /* Result is returned to caller */
+ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+
+ /* if a path wasn't specified, don't pin */
+ if(!pinnedpubkey)
+ return CURLE_OK;
+
+ if(!cert)
+ return result;
+
+ do {
+ /* Begin Gyrations to get the subjectPublicKeyInfo */
+ /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
+
+ /* https://groups.google.com/group/mailing.openssl.users/browse_thread
+ /thread/d61858dae102c6c7 */
+ len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
+ if(len1 < 1)
+ break; /* failed */
+
+ /* https://www.openssl.org/docs/crypto/buffer.html */
+ buff1 = temp = malloc(len1);
+ if(!buff1)
+ break; /* failed */
+
+ /* https://www.openssl.org/docs/crypto/d2i_X509.html */
+ len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
+
+ /*
+ * These checks are verifying we got back the same values as when we
+ * sized the buffer. It's pretty weak since they should always be the
+ * same. But it gives us something to test.
+ */
+ if((len1 != len2) || !temp || ((temp - buff1) != len1))
+ break; /* failed */
+
+ /* End Gyrations */
+
+ /* The one good exit point */
+ result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
+ } while(0);
+
+ /* https://www.openssl.org/docs/crypto/buffer.html */
+ if(buff1)
+ free(buff1);
+
+ return result;
+}
+
+/*
+ * Get the server cert, verify it and show it etc, only call failf() if the
+ * 'strict' argument is TRUE as otherwise all this is for informational
+ * purposes only!
+ *
+ * We check certificates to authenticate the server; otherwise we risk
+ * man-in-the-middle attack.
+ */
+static CURLcode servercert(struct connectdata *conn,
+ struct ssl_connect_data *connssl,
+ bool strict)
+{
+ CURLcode result = CURLE_OK;
+ int rc;
+ long lerr, len;
+ struct Curl_easy *data = conn->data;
+ X509 *issuer;
+ FILE *fp;
+ char buffer[2048];
+ const char *ptr;
+ long * const certverifyresult = SSL_IS_PROXY() ?
+ &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
+ BIO *mem = BIO_new(BIO_s_mem());
+
+ if(data->set.ssl.certinfo)
+ /* we've been asked to gather certificate info! */
+ (void)get_cert_chain(conn, connssl);
+
+ BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
+ if(!BACKEND->server_cert) {
+ BIO_free(mem);
+ if(!strict)
+ return CURLE_OK;
+
+ failf(data, "SSL: couldn't get peer certificate!");
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server");
+
+ rc = x509_name_oneline(X509_get_subject_name(BACKEND->server_cert),
+ buffer, sizeof(buffer));
+ infof(data, " subject: %s\n", rc?"[NONE]":buffer);
+
+ ASN1_TIME_print(mem, X509_get0_notBefore(BACKEND->server_cert));
+ len = BIO_get_mem_data(mem, (char **) &ptr);
+ infof(data, " start date: %.*s\n", len, ptr);
+ (void)BIO_reset(mem);
+
+ ASN1_TIME_print(mem, X509_get0_notAfter(BACKEND->server_cert));
+ len = BIO_get_mem_data(mem, (char **) &ptr);
+ infof(data, " expire date: %.*s\n", len, ptr);
+ (void)BIO_reset(mem);
+
+ BIO_free(mem);
+
+ if(SSL_CONN_CONFIG(verifyhost)) {
+ result = verifyhost(conn, BACKEND->server_cert);
+ if(result) {
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ return result;
+ }
+ }
+
+ rc = x509_name_oneline(X509_get_issuer_name(BACKEND->server_cert),
+ buffer, sizeof(buffer));
+ if(rc) {
+ if(strict)
+ failf(data, "SSL: couldn't get X509-issuer name!");
+ result = CURLE_SSL_CONNECT_ERROR;
+ }
+ else {
+ infof(data, " issuer: %s\n", buffer);
+
+ /* We could do all sorts of certificate verification stuff here before
+ deallocating the certificate. */
+
+ /* e.g. match issuer name with provided issuer certificate */
+ if(SSL_SET_OPTION(issuercert)) {
+ fp = fopen(SSL_SET_OPTION(issuercert), FOPEN_READTEXT);
+ if(!fp) {
+ if(strict)
+ failf(data, "SSL: Unable to open issuer cert (%s)",
+ SSL_SET_OPTION(issuercert));
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+
+ issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
+ if(!issuer) {
+ if(strict)
+ failf(data, "SSL: Unable to read issuer cert (%s)",
+ SSL_SET_OPTION(issuercert));
+ X509_free(BACKEND->server_cert);
+ X509_free(issuer);
+ fclose(fp);
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+
+ fclose(fp);
+
+ if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) {
+ if(strict)
+ failf(data, "SSL: Certificate issuer check failed (%s)",
+ SSL_SET_OPTION(issuercert));
+ X509_free(BACKEND->server_cert);
+ X509_free(issuer);
+ BACKEND->server_cert = NULL;
+ return CURLE_SSL_ISSUER_ERROR;
+ }
+
+ infof(data, " SSL certificate issuer check ok (%s)\n",
+ SSL_SET_OPTION(issuercert));
+ X509_free(issuer);
+ }
+
+ lerr = *certverifyresult = SSL_get_verify_result(BACKEND->handle);
+
+ if(*certverifyresult != X509_V_OK) {
+ if(SSL_CONN_CONFIG(verifypeer)) {
+ /* We probably never reach this, because SSL_connect() will fail
+ and we return earlier if verifypeer is set? */
+ if(strict)
+ failf(data, "SSL certificate verify result: %s (%ld)",
+ X509_verify_cert_error_string(lerr), lerr);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ else
+ infof(data, " SSL certificate verify result: %s (%ld),"
+ " continuing anyway.\n",
+ X509_verify_cert_error_string(lerr), lerr);
+ }
+ else
+ infof(data, " SSL certificate verify ok.\n");
+ }
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+ if(SSL_CONN_CONFIG(verifystatus)) {
+ result = verifystatus(conn, connssl);
+ if(result) {
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ return result;
+ }
+ }
+#endif
+
+ if(!strict)
+ /* when not strict, we don't bother about the verify cert problems */
+ result = CURLE_OK;
+
+ ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+ if(!result && ptr) {
+ result = pkp_pin_peer_pubkey(data, BACKEND->server_cert, ptr);
+ if(result)
+ failf(data, "SSL: public key does not match pinned public key!");
+ }
+
+ X509_free(BACKEND->server_cert);
+ BACKEND->server_cert = NULL;
+ connssl->connecting_state = ssl_connect_done;
+
+ return result;
+}
+
+static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
+{
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ bool incache;
+ SSL_SESSION *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
+
+ our_ssl_sessionid = SSL_get1_session(BACKEND->handle);
+
+ /* SSL_get1_session() will increment the reference count and the session
+ will stay in memory until explicitly freed with SSL_SESSION_free(3),
+ regardless of its state. */
+
+ Curl_ssl_sessionid_lock(conn);
+ incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
+ sockindex));
+ if(incache) {
+ if(old_ssl_sessionid != our_ssl_sessionid) {
+ infof(data, "old SSL session ID is stale, removing\n");
+ Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+ incache = FALSE;
+ }
+ }
+
+ if(!incache) {
+ result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
+ 0 /* unknown size */, sockindex);
+ if(result) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "failed to store ssl session");
+ return result;
+ }
+ }
+ else {
+ /* Session was incache, so refcount already incremented earlier.
+ * Avoid further increments with each SSL_get1_session() call.
+ * This does not free the session as refcount remains > 0
+ */
+ SSL_SESSION_free(our_ssl_sessionid);
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ /*
+ * We check certificates to authenticate the server; otherwise we risk
+ * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
+ * verify the peer ignore faults and failures from the server cert
+ * operations.
+ */
+
+ result = servercert(conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
+ SSL_CONN_CONFIG(verifyhost)));
+
+ if(!result)
+ connssl->connecting_state = ssl_connect_done;
+
+ return result;
+}
+
+static Curl_recv ossl_recv;
+static Curl_send ossl_send;
+
+static CURLcode ossl_connect_common(struct connectdata *conn,
+ int sockindex,
+ bool nonblocking,
+ bool *done)
+{
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ curl_socket_t sockfd = conn->sock[sockindex];
+ time_t timeout_ms;
+ int what;
+
+ /* check if the connection has already been established */
+ if(ssl_connection_complete == connssl->state) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ if(ssl_connect_1 == connssl->connecting_state) {
+ /* Find out how much more time we're allowed */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ result = ossl_connect_step1(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ while(ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state) {
+
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ /* if ssl is expecting something, check if it's available. */
+ if(connssl->connecting_state == ssl_connect_2_reading ||
+ connssl->connecting_state == ssl_connect_2_writing) {
+
+ curl_socket_t writefd = ssl_connect_2_writing ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+ curl_socket_t readfd = ssl_connect_2_reading ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking?0:timeout_ms);
+ if(what < 0) {
+ /* fatal error */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ if(0 == what) {
+ if(nonblocking) {
+ *done = FALSE;
+ return CURLE_OK;
+ }
+ /* timeout */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ /* socket is readable or writable */
+ }
+
+ /* Run transaction, and return to the caller if it failed or if this
+ * connection is done nonblocking and this loop would execute again. This
+ * permits the owner of a multi handle to abort a connection attempt
+ * before step2 has completed while ensuring that a client using select()
+ * or epoll() will always have a valid fdset to wait on.
+ */
+ result = ossl_connect_step2(conn, sockindex);
+ if(result || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return result;
+
+ } /* repeat step2 until all transactions are done. */
+
+ if(ssl_connect_3 == connssl->connecting_state) {
+ result = ossl_connect_step3(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ if(ssl_connect_done == connssl->connecting_state) {
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = ossl_recv;
+ conn->send[sockindex] = ossl_send;
+ *done = TRUE;
+ }
+ else
+ *done = FALSE;
+
+ /* Reset our connect state machine */
+ connssl->connecting_state = ssl_connect_1;
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
+ int sockindex,
+ bool *done)
+{
+ return ossl_connect_common(conn, sockindex, TRUE, done);
+}
+
+static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+ bool done = FALSE;
+
+ result = ossl_connect_common(conn, sockindex, FALSE, &done);
+ if(result)
+ return result;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+static bool Curl_ossl_data_pending(const struct connectdata *conn,
+ int connindex)
+{
+ const struct ssl_connect_data *connssl = &conn->ssl[connindex];
+ const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex];
+ if(BACKEND->handle)
+ /* SSL is in use */
+ return (0 != SSL_pending(BACKEND->handle) ||
+ (proxyssl->backend->handle &&
+ 0 != SSL_pending(proxyssl->backend->handle))) ?
+ TRUE : FALSE;
+ return FALSE;
+}
+
+static size_t Curl_ossl_version(char *buffer, size_t size);
+
+static ssize_t ossl_send(struct connectdata *conn,
+ int sockindex,
+ const void *mem,
+ size_t len,
+ CURLcode *curlcode)
+{
+ /* SSL_write() is said to return 'int' while write() and send() returns
+ 'size_t' */
+ int err;
+ char error_buffer[256];
+ unsigned long sslerror;
+ int memlen;
+ int rc;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ ERR_clear_error();
+
+ memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
+ rc = SSL_write(BACKEND->handle, mem, memlen);
+
+ if(rc <= 0) {
+ err = SSL_get_error(BACKEND->handle, rc);
+
+ switch(err) {
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ /* The operation did not complete; the same TLS/SSL I/O function
+ should be called again later. This is basically an EWOULDBLOCK
+ equivalent. */
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ case SSL_ERROR_SYSCALL:
+ failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
+ SOCKERRNO);
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ case SSL_ERROR_SSL:
+ /* A failure in the SSL library occurred, usually a protocol error.
+ The OpenSSL error queue contains more information on the error. */
+ sslerror = ERR_get_error();
+ if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL &&
+ ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET &&
+ conn->ssl[sockindex].state == ssl_connection_complete &&
+ conn->proxy_ssl[sockindex].state == ssl_connection_complete) {
+ char ver[120];
+ Curl_ossl_version(ver, 120);
+ failf(conn->data, "Error: %s does not support double SSL tunneling.",
+ ver);
+ }
+ else
+ failf(conn->data, "SSL_write() error: %s",
+ ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ }
+ /* a true error */
+ failf(conn->data, OSSL_PACKAGE " SSL_write: %s, errno %d",
+ SSL_ERROR_to_str(err), SOCKERRNO);
+ *curlcode = CURLE_SEND_ERROR;
+ return -1;
+ }
+ *curlcode = CURLE_OK;
+ return (ssize_t)rc; /* number of bytes */
+}
+
+static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
+ int num, /* socketindex */
+ char *buf, /* store read data here */
+ size_t buffersize, /* max amount to read */
+ CURLcode *curlcode)
+{
+ char error_buffer[256];
+ unsigned long sslerror;
+ ssize_t nread;
+ int buffsize;
+ struct ssl_connect_data *connssl = &conn->ssl[num];
+
+ ERR_clear_error();
+
+ buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
+ nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
+ if(nread <= 0) {
+ /* failed SSL_read */
+ int err = SSL_get_error(BACKEND->handle, (int)nread);
+
+ switch(err) {
+ case SSL_ERROR_NONE: /* this is not an error */
+ case SSL_ERROR_ZERO_RETURN: /* no more data */
+ break;
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ /* there's data pending, re-invoke SSL_read() */
+ *curlcode = CURLE_AGAIN;
+ return -1;
+ default:
+ /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
+ value/errno" */
+ /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
+ sslerror = ERR_get_error();
+ if((nread < 0) || sslerror) {
+ /* If the return code was negative or there actually is an error in the
+ queue */
+ failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d",
+ (sslerror ?
+ ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)) :
+ SSL_ERROR_to_str(err)),
+ SOCKERRNO);
+ *curlcode = CURLE_RECV_ERROR;
+ return -1;
+ }
+ }
+ }
+ return nread;
+}
+
+static size_t Curl_ossl_version(char *buffer, size_t size)
+{
+#ifdef OPENSSL_IS_BORINGSSL
+ return snprintf(buffer, size, OSSL_PACKAGE);
+#else /* OPENSSL_IS_BORINGSSL */
+ char sub[3];
+ unsigned long ssleay_value;
+ sub[2]='\0';
+ sub[1]='\0';
+ ssleay_value = OpenSSL_version_num();
+ if(ssleay_value < 0x906000) {
+ ssleay_value = SSLEAY_VERSION_NUMBER;
+ sub[0]='\0';
+ }
+ else {
+ if(ssleay_value&0xff0) {
+ int minor_ver = (ssleay_value >> 4) & 0xff;
+ if(minor_ver > 26) {
+ /* handle extended version introduced for 0.9.8za */
+ sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
+ sub[0] = 'z';
+ }
+ else {
+ sub[0] = (char) (minor_ver + 'a' - 1);
+ }
+ }
+ else
+ sub[0]='\0';
+ }
+
+ return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
+ OSSL_PACKAGE,
+ (ssleay_value>>28)&0xf,
+ (ssleay_value>>20)&0xff,
+ (ssleay_value>>12)&0xff,
+ sub);
+#endif /* OPENSSL_IS_BORINGSSL */
+}
+
+/* can be called with data == NULL */
+static CURLcode Curl_ossl_random(struct Curl_easy *data,
+ unsigned char *entropy, size_t length)
+{
+ int rc;
+ if(data) {
+ if(Curl_ossl_seed(data)) /* Initiate the seed if not already done */
+ return CURLE_FAILED_INIT; /* couldn't seed for some reason */
+ }
+ else {
+ if(!rand_enough())
+ return CURLE_FAILED_INIT;
+ }
+ /* RAND_bytes() returns 1 on success, 0 otherwise. */
+ rc = RAND_bytes(entropy, curlx_uztosi(length));
+ return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT);
+}
+
+static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum /* output */,
+ size_t unused)
+{
+ MD5_CTX MD5pw;
+ (void)unused;
+ MD5_Init(&MD5pw);
+ MD5_Update(&MD5pw, tmp, tmplen);
+ MD5_Final(md5sum, &MD5pw);
+ return CURLE_OK;
+}
+
+#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
+static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum /* output */,
+ size_t unused)
+{
+ SHA256_CTX SHA256pw;
+ (void)unused;
+ SHA256_Init(&SHA256pw);
+ SHA256_Update(&SHA256pw, tmp, tmplen);
+ SHA256_Final(sha256sum, &SHA256pw);
+}
+#endif
+
+static bool Curl_ossl_cert_status_request(void)
+{
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(OPENSSL_NO_OCSP)
+ return TRUE;
+#else
+ return FALSE;
+#endif
+}
+
+static void *Curl_ossl_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info)
+{
+ /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
+ return info == CURLINFO_TLS_SESSION ?
+ (void *)BACKEND->ctx : (void *)BACKEND->handle;
+}
+
+const struct Curl_ssl Curl_ssl_openssl = {
+ { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
+
+ 1, /* have_ca_path */
+ 1, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 1, /* have_ssl_ctx */
+ 1, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_ossl_init, /* init */
+ Curl_ossl_cleanup, /* cleanup */
+ Curl_ossl_version, /* version */
+ Curl_ossl_check_cxn, /* check_cxn */
+ Curl_ossl_shutdown, /* shutdown */
+ Curl_ossl_data_pending, /* data_pending */
+ Curl_ossl_random, /* random */
+ Curl_ossl_cert_status_request, /* cert_status_request */
+ Curl_ossl_connect, /* connect */
+ Curl_ossl_connect_nonblocking, /* connect_nonblocking */
+ Curl_ossl_get_internals, /* get_internals */
+ Curl_ossl_close, /* close_one */
+ Curl_ossl_close_all, /* close_all */
+ Curl_ossl_session_free, /* session_free */
+ Curl_ossl_set_engine, /* set_engine */
+ Curl_ossl_set_engine_default, /* set_engine_default */
+ Curl_ossl_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_ossl_md5sum, /* md5sum */
+#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
+ Curl_ossl_sha256sum /* sha256sum */
+#else
+ NULL /* sha256sum */
+#endif
+};
+
+#endif /* USE_OPENSSL */
diff --git a/libs/libcurl/src/vtls/openssl.h b/libs/libcurl/src/vtls/openssl.h
new file mode 100644
index 0000000000..114dc4baeb
--- /dev/null
+++ b/libs/libcurl/src/vtls/openssl.h
@@ -0,0 +1,37 @@
+#ifndef HEADER_CURL_SSLUSE_H
+#define HEADER_CURL_SSLUSE_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#ifdef USE_OPENSSL
+/*
+ * This header should only be needed to get included by vtls.c and openssl.c
+ */
+
+#include "urldata.h"
+
+extern const struct Curl_ssl Curl_ssl_openssl;
+
+#endif /* USE_OPENSSL */
+#endif /* HEADER_CURL_SSLUSE_H */
diff --git a/libs/libcurl/src/vtls/polarssl.c b/libs/libcurl/src/vtls/polarssl.c
new file mode 100644
index 0000000000..df29fa945e
--- /dev/null
+++ b/libs/libcurl/src/vtls/polarssl.c
@@ -0,0 +1,937 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all PolarSSL-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_POLARSSL
+#include <polarssl/net.h>
+#include <polarssl/ssl.h>
+#include <polarssl/certs.h>
+#include <polarssl/x509.h>
+#include <polarssl/version.h>
+#include <polarssl/sha256.h>
+
+#if POLARSSL_VERSION_NUMBER < 0x01030000
+#error too old PolarSSL
+#endif
+
+#include <polarssl/error.h>
+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "polarssl.h"
+#include "vtls.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "strcase.h"
+#include "polarssl_threadlock.h"
+#include "curl_printf.h"
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* See https://tls.mbed.org/discussions/generic/
+ howto-determine-exact-buffer-len-for-mbedtls_pk_write_pubkey_der
+*/
+#define RSA_PUB_DER_MAX_BYTES (38 + 2 * POLARSSL_MPI_MAX_SIZE)
+#define ECP_PUB_DER_MAX_BYTES (30 + 2 * POLARSSL_ECP_MAX_BYTES)
+
+#define PUB_DER_MAX_BYTES (RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
+ RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES)
+
+struct ssl_backend_data {
+ ctr_drbg_context ctr_drbg;
+ entropy_context entropy;
+ ssl_context ssl;
+ int server_fd;
+ x509_crt cacert;
+ x509_crt clicert;
+ x509_crl crl;
+ rsa_context rsa;
+};
+
+#define BACKEND connssl->backend
+
+/* apply threading? */
+#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+#define THREADING_SUPPORT
+#endif
+
+#ifndef POLARSSL_ERROR_C
+#define error_strerror(x,y,z)
+#endif /* POLARSSL_ERROR_C */
+
+
+#if defined(THREADING_SUPPORT)
+static entropy_context entropy;
+
+static int entropy_init_initialized = 0;
+
+/* start of entropy_init_mutex() */
+static void entropy_init_mutex(entropy_context *ctx)
+{
+ /* lock 0 = entropy_init_mutex() */
+ Curl_polarsslthreadlock_lock_function(0);
+ if(entropy_init_initialized == 0) {
+ entropy_init(ctx);
+ entropy_init_initialized = 1;
+ }
+ Curl_polarsslthreadlock_unlock_function(0);
+}
+/* end of entropy_init_mutex() */
+
+/* start of entropy_func_mutex() */
+static int entropy_func_mutex(void *data, unsigned char *output, size_t len)
+{
+ int ret;
+ /* lock 1 = entropy_func_mutex() */
+ Curl_polarsslthreadlock_lock_function(1);
+ ret = entropy_func(data, output, len);
+ Curl_polarsslthreadlock_unlock_function(1);
+
+ return ret;
+}
+/* end of entropy_func_mutex() */
+
+#endif /* THREADING_SUPPORT */
+
+/* Define this to enable lots of debugging for PolarSSL */
+#undef POLARSSL_DEBUG
+
+#ifdef POLARSSL_DEBUG
+static void polarssl_debug(void *context, int level, const char *line)
+{
+ struct Curl_easy *data = NULL;
+
+ if(!context)
+ return;
+
+ data = (struct Curl_easy *)context;
+
+ infof(data, "%s", line);
+ (void) level;
+}
+#else
+#endif
+
+/* ALPN for http2? */
+#ifdef POLARSSL_SSL_ALPN
+# define HAS_ALPN
+#endif
+
+static Curl_recv polarssl_recv;
+static Curl_send polarssl_send;
+
+static CURLcode polarssl_version_from_curl(int *polarver, long ssl_version)
+{
+ switch(ssl_version) {
+ case CURL_SSLVERSION_TLSv1_0:
+ *polarver = SSL_MINOR_VERSION_1;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_1:
+ *polarver = SSL_MINOR_VERSION_2;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_2:
+ *polarver = SSL_MINOR_VERSION_3;
+ return CURLE_OK;
+ case CURL_SSLVERSION_TLSv1_3:
+ break;
+ }
+ return CURLE_SSL_CONNECT_ERROR;
+}
+
+static CURLcode
+set_ssl_version_min_max(struct connectdata *conn, int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ int ssl_min_ver = SSL_MINOR_VERSION_1;
+ int ssl_max_ver = SSL_MINOR_VERSION_1;
+ CURLcode result = CURLE_OK;
+
+ switch(ssl_version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ ssl_version = CURL_SSLVERSION_TLSv1_0;
+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
+ break;
+ }
+
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ ssl_version_max = ssl_version << 16;
+ break;
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
+ break;
+ }
+
+ result = polarssl_version_from_curl(&ssl_min_ver, ssl_version);
+ if(result) {
+ failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+ result = polarssl_version_from_curl(&ssl_max_ver, ssl_version_max >> 16);
+ if(result) {
+ failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
+ return result;
+ }
+
+ ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3, ssl_min_ver);
+ ssl_set_max_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3, ssl_max_ver);
+
+ return result;
+}
+
+static CURLcode
+polarssl_connect_step1(struct connectdata *conn,
+ int sockindex)
+{
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+ const char *capath = SSL_CONN_CONFIG(CApath);
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+ const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+ int ret = -1;
+ char errorbuf[128];
+ errorbuf[0] = 0;
+
+ /* PolarSSL only supports SSLv3 and TLSv1 */
+ if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) {
+ failf(data, "PolarSSL does not support SSLv2");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+#ifdef THREADING_SUPPORT
+ entropy_init_mutex(&entropy);
+
+ if((ret = ctr_drbg_init(&BACKEND->ctr_drbg, entropy_func_mutex, &entropy,
+ NULL, 0)) != 0) {
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+#else
+ entropy_init(&BACKEND->entropy);
+
+ if((ret = ctr_drbg_init(&BACKEND->ctr_drbg, entropy_func, &BACKEND->entropy,
+ NULL, 0)) != 0) {
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n",
+ -ret, errorbuf);
+ }
+#endif /* THREADING_SUPPORT */
+
+ /* Load the trusted CA */
+ memset(&BACKEND->cacert, 0, sizeof(x509_crt));
+
+ if(SSL_CONN_CONFIG(CAfile)) {
+ ret = x509_crt_parse_file(&BACKEND->cacert,
+ SSL_CONN_CONFIG(CAfile));
+
+ if(ret<0) {
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "Error reading ca cert file %s - PolarSSL: (-0x%04X) %s",
+ SSL_CONN_CONFIG(CAfile), -ret, errorbuf);
+
+ if(SSL_CONN_CONFIG(verifypeer))
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ }
+
+ if(capath) {
+ ret = x509_crt_parse_path(&BACKEND->cacert, capath);
+
+ if(ret<0) {
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "Error reading ca cert path %s - PolarSSL: (-0x%04X) %s",
+ capath, -ret, errorbuf);
+
+ if(SSL_CONN_CONFIG(verifypeer))
+ return CURLE_SSL_CACERT_BADFILE;
+ }
+ }
+
+ /* Load the client certificate */
+ memset(&BACKEND->clicert, 0, sizeof(x509_crt));
+
+ if(SSL_SET_OPTION(cert)) {
+ ret = x509_crt_parse_file(&BACKEND->clicert,
+ SSL_SET_OPTION(cert));
+
+ if(ret) {
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "Error reading client cert file %s - PolarSSL: (-0x%04X) %s",
+ SSL_SET_OPTION(cert), -ret, errorbuf);
+
+ return CURLE_SSL_CERTPROBLEM;
+ }
+ }
+
+ /* Load the client private key */
+ if(SSL_SET_OPTION(key)) {
+ pk_context pk;
+ pk_init(&pk);
+ ret = pk_parse_keyfile(&pk, SSL_SET_OPTION(key),
+ SSL_SET_OPTION(key_passwd));
+ if(ret == 0 && !pk_can_do(&pk, POLARSSL_PK_RSA))
+ ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
+ if(ret == 0)
+ rsa_copy(&BACKEND->rsa, pk_rsa(pk));
+ else
+ rsa_free(&BACKEND->rsa);
+ pk_free(&pk);
+
+ if(ret) {
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "Error reading private key %s - PolarSSL: (-0x%04X) %s",
+ SSL_SET_OPTION(key), -ret, errorbuf);
+
+ return CURLE_SSL_CERTPROBLEM;
+ }
+ }
+
+ /* Load the CRL */
+ memset(&BACKEND->crl, 0, sizeof(x509_crl));
+
+ if(SSL_SET_OPTION(CRLfile)) {
+ ret = x509_crl_parse_file(&BACKEND->crl,
+ SSL_SET_OPTION(CRLfile));
+
+ if(ret) {
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "Error reading CRL file %s - PolarSSL: (-0x%04X) %s",
+ SSL_SET_OPTION(CRLfile), -ret, errorbuf);
+
+ return CURLE_SSL_CRL_BADFILE;
+ }
+ }
+
+ infof(data, "PolarSSL: Connecting to %s:%d\n", hostname, port);
+
+ if(ssl_init(&BACKEND->ssl)) {
+ failf(data, "PolarSSL: ssl_init failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ switch(SSL_CONN_CONFIG(version)) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,
+ SSL_MINOR_VERSION_1);
+ break;
+ case CURL_SSLVERSION_SSLv3:
+ ssl_set_min_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,
+ SSL_MINOR_VERSION_0);
+ ssl_set_max_version(&BACKEND->ssl, SSL_MAJOR_VERSION_3,
+ SSL_MINOR_VERSION_0);
+ infof(data, "PolarSSL: Forced min. SSL Version to be SSLv3\n");
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ {
+ CURLcode result = set_ssl_version_min_max(conn, sockindex);
+ if(result != CURLE_OK)
+ return result;
+ break;
+ }
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ ssl_set_endpoint(&BACKEND->ssl, SSL_IS_CLIENT);
+ ssl_set_authmode(&BACKEND->ssl, SSL_VERIFY_OPTIONAL);
+
+ ssl_set_rng(&BACKEND->ssl, ctr_drbg_random,
+ &BACKEND->ctr_drbg);
+ ssl_set_bio(&BACKEND->ssl,
+ net_recv, &conn->sock[sockindex],
+ net_send, &conn->sock[sockindex]);
+
+ ssl_set_ciphersuites(&BACKEND->ssl, ssl_list_ciphersuites());
+
+ /* Check if there's a cached ID we can/should use here! */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ void *old_session = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &old_session, NULL, sockindex)) {
+ ret = ssl_set_session(&BACKEND->ssl, old_session);
+ if(ret) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "ssl_set_session returned -0x%x", -ret);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ infof(data, "PolarSSL re-using session\n");
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ ssl_set_ca_chain(&BACKEND->ssl,
+ &BACKEND->cacert,
+ &BACKEND->crl,
+ hostname);
+
+ ssl_set_own_cert_rsa(&BACKEND->ssl,
+ &BACKEND->clicert, &BACKEND->rsa);
+
+ if(ssl_set_hostname(&BACKEND->ssl, hostname)) {
+ /* ssl_set_hostname() sets the name to use in CN/SAN checks *and* the name
+ to set in the SNI extension. So even if curl connects to a host
+ specified as an IP address, this function must be used. */
+ failf(data, "couldn't set hostname in PolarSSL");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ static const char *protocols[3];
+ int cur = 0;
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+ protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
+ infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+#endif
+
+ protocols[cur++] = ALPN_HTTP_1_1;
+ infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+ protocols[cur] = NULL;
+
+ ssl_set_alpn_protocols(&BACKEND->ssl, protocols);
+ }
+#endif
+
+#ifdef POLARSSL_DEBUG
+ ssl_set_dbg(&BACKEND->ssl, polarssl_debug, data);
+#endif
+
+ connssl->connecting_state = ssl_connect_2;
+
+ return CURLE_OK;
+}
+
+static CURLcode
+polarssl_connect_step2(struct connectdata *conn,
+ int sockindex)
+{
+ int ret;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+ char buffer[1024];
+ const char * const pinnedpubkey = SSL_IS_PROXY() ?
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
+
+
+ char errorbuf[128];
+ errorbuf[0] = 0;
+
+ conn->recv[sockindex] = polarssl_recv;
+ conn->send[sockindex] = polarssl_send;
+
+ ret = ssl_handshake(&BACKEND->ssl);
+
+ switch(ret) {
+ case 0:
+ break;
+
+ case POLARSSL_ERR_NET_WANT_READ:
+ connssl->connecting_state = ssl_connect_2_reading;
+ return CURLE_OK;
+
+ case POLARSSL_ERR_NET_WANT_WRITE:
+ connssl->connecting_state = ssl_connect_2_writing;
+ return CURLE_OK;
+
+ default:
+ error_strerror(ret, errorbuf, sizeof(errorbuf));
+ failf(data, "ssl_handshake returned - PolarSSL: (-0x%04X) %s",
+ -ret, errorbuf);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ infof(data, "PolarSSL: Handshake complete, cipher is %s\n",
+ ssl_get_ciphersuite(&BACKEND->ssl) );
+
+ ret = ssl_get_verify_result(&BACKEND->ssl);
+
+ if(ret && SSL_CONN_CONFIG(verifypeer)) {
+ if(ret & BADCERT_EXPIRED)
+ failf(data, "Cert verify failed: BADCERT_EXPIRED");
+
+ if(ret & BADCERT_REVOKED) {
+ failf(data, "Cert verify failed: BADCERT_REVOKED");
+ return CURLE_SSL_CACERT;
+ }
+
+ if(ret & BADCERT_CN_MISMATCH)
+ failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
+
+ if(ret & BADCERT_NOT_TRUSTED)
+ failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");
+
+ return CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ if(ssl_get_peer_cert(&(BACKEND->ssl))) {
+ /* If the session was resumed, there will be no peer certs */
+ memset(buffer, 0, sizeof(buffer));
+
+ if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ",
+ ssl_get_peer_cert(&(BACKEND->ssl))) != -1)
+ infof(data, "Dumping cert info:\n%s\n", buffer);
+ }
+
+ /* adapted from mbedtls.c */
+ if(pinnedpubkey) {
+ int size;
+ CURLcode result;
+ x509_crt *p;
+ unsigned char pubkey[PUB_DER_MAX_BYTES];
+ const x509_crt *peercert;
+
+ peercert = ssl_get_peer_cert(&BACKEND->ssl);
+
+ if(!peercert || !peercert->raw.p || !peercert->raw.len) {
+ failf(data, "Failed due to missing peer certificate");
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ p = calloc(1, sizeof(*p));
+
+ if(!p)
+ return CURLE_OUT_OF_MEMORY;
+
+ x509_crt_init(p);
+
+ /* Make a copy of our const peercert because pk_write_pubkey_der
+ needs a non-const key, for now.
+ https://github.com/ARMmbed/mbedtls/issues/396 */
+ if(x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) {
+ failf(data, "Failed copying peer certificate");
+ x509_crt_free(p);
+ free(p);
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ size = pk_write_pubkey_der(&p->pk, pubkey, PUB_DER_MAX_BYTES);
+
+ if(size <= 0) {
+ failf(data, "Failed copying public key from peer certificate");
+ x509_crt_free(p);
+ free(p);
+ return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ }
+
+ /* pk_write_pubkey_der writes data at the end of the buffer. */
+ result = Curl_pin_peer_pubkey(data,
+ pinnedpubkey,
+ &pubkey[PUB_DER_MAX_BYTES - size], size);
+ if(result) {
+ x509_crt_free(p);
+ free(p);
+ return result;
+ }
+
+ x509_crt_free(p);
+ free(p);
+ }
+
+#ifdef HAS_ALPN
+ if(conn->bits.tls_enable_alpn) {
+ const char *next_protocol = ssl_get_alpn_protocol(&BACKEND->ssl);
+
+ if(next_protocol != NULL) {
+ infof(data, "ALPN, server accepted to use %s\n", next_protocol);
+
+#ifdef USE_NGHTTP2
+ if(!strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID,
+ NGHTTP2_PROTO_VERSION_ID_LEN)) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(!strncmp(next_protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ }
+ else
+ infof(data, "ALPN, server did not agree to a protocol\n");
+ }
+#endif
+
+ connssl->connecting_state = ssl_connect_3;
+ infof(data, "SSL connected\n");
+
+ return CURLE_OK;
+}
+
+static CURLcode
+polarssl_connect_step3(struct connectdata *conn,
+ int sockindex)
+{
+ CURLcode retcode = CURLE_OK;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ struct Curl_easy *data = conn->data;
+
+ DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ int ret;
+ ssl_session *our_ssl_sessionid;
+ void *old_ssl_sessionid = NULL;
+
+ our_ssl_sessionid = malloc(sizeof(ssl_session));
+ if(!our_ssl_sessionid)
+ return CURLE_OUT_OF_MEMORY;
+
+ memset(our_ssl_sessionid, 0, sizeof(ssl_session));
+
+ ret = ssl_get_session(&BACKEND->ssl, our_ssl_sessionid);
+ if(ret) {
+ failf(data, "ssl_get_session returned -0x%x", -ret);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* If there's already a matching session in the cache, delete it */
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, sockindex))
+ Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+
+ retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, 0, sockindex);
+ Curl_ssl_sessionid_unlock(conn);
+ if(retcode) {
+ free(our_ssl_sessionid);
+ failf(data, "failed to store ssl session");
+ return retcode;
+ }
+ }
+
+ connssl->connecting_state = ssl_connect_done;
+
+ return CURLE_OK;
+}
+
+static ssize_t polarssl_send(struct connectdata *conn,
+ int sockindex,
+ const void *mem,
+ size_t len,
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ int ret = -1;
+
+ ret = ssl_write(&BACKEND->ssl,
+ (unsigned char *)mem, len);
+
+ if(ret < 0) {
+ *curlcode = (ret == POLARSSL_ERR_NET_WANT_WRITE) ?
+ CURLE_AGAIN : CURLE_SEND_ERROR;
+ ret = -1;
+ }
+
+ return ret;
+}
+
+static void Curl_polarssl_close(struct connectdata *conn, int sockindex)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ rsa_free(&BACKEND->rsa);
+ x509_crt_free(&BACKEND->clicert);
+ x509_crt_free(&BACKEND->cacert);
+ x509_crl_free(&BACKEND->crl);
+ ssl_free(&BACKEND->ssl);
+}
+
+static ssize_t polarssl_recv(struct connectdata *conn,
+ int num,
+ char *buf,
+ size_t buffersize,
+ CURLcode *curlcode)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[num];
+ int ret = -1;
+ ssize_t len = -1;
+
+ memset(buf, 0, buffersize);
+ ret = ssl_read(&BACKEND->ssl, (unsigned char *)buf, buffersize);
+
+ if(ret <= 0) {
+ if(ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
+ return 0;
+
+ *curlcode = (ret == POLARSSL_ERR_NET_WANT_READ) ?
+ CURLE_AGAIN : CURLE_RECV_ERROR;
+ return -1;
+ }
+
+ len = ret;
+
+ return len;
+}
+
+static void Curl_polarssl_session_free(void *ptr)
+{
+ ssl_session_free(ptr);
+ free(ptr);
+}
+
+/* 1.3.10 was the first rebranded version. All new releases (in 1.3 branch and
+ higher) will be mbed TLS branded.. */
+
+static size_t Curl_polarssl_version(char *buffer, size_t size)
+{
+ unsigned int version = version_get_number();
+ return snprintf(buffer, size, "%s/%d.%d.%d",
+ version >= 0x01030A00?"mbedTLS":"PolarSSL",
+ version>>24, (version>>16)&0xff, (version>>8)&0xff);
+}
+
+static CURLcode
+polarssl_connect_common(struct connectdata *conn,
+ int sockindex,
+ bool nonblocking,
+ bool *done)
+{
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ curl_socket_t sockfd = conn->sock[sockindex];
+ long timeout_ms;
+ int what;
+
+ /* check if the connection has already been established */
+ if(ssl_connection_complete == connssl->state) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ if(ssl_connect_1 == connssl->connecting_state) {
+ /* Find out how much more time we're allowed */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ result = polarssl_connect_step1(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ while(ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state) {
+
+ /* check allowed time left */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ /* if ssl is expecting something, check if it's available. */
+ if(connssl->connecting_state == ssl_connect_2_reading ||
+ connssl->connecting_state == ssl_connect_2_writing) {
+
+ curl_socket_t writefd = ssl_connect_2_writing ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+ curl_socket_t readfd = ssl_connect_2_reading ==
+ connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking?0:timeout_ms);
+ if(what < 0) {
+ /* fatal error */
+ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else if(0 == what) {
+ if(nonblocking) {
+ *done = FALSE;
+ return CURLE_OK;
+ }
+ else {
+ /* timeout */
+ failf(data, "SSL connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ }
+ /* socket is readable or writable */
+ }
+
+ /* Run transaction, and return to the caller if it failed or if
+ * this connection is part of a multi handle and this loop would
+ * execute again. This permits the owner of a multi handle to
+ * abort a connection attempt before step2 has completed while
+ * ensuring that a client using select() or epoll() will always
+ * have a valid fdset to wait on.
+ */
+ result = polarssl_connect_step2(conn, sockindex);
+ if(result || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return result;
+
+ } /* repeat step2 until all transactions are done. */
+
+ if(ssl_connect_3 == connssl->connecting_state) {
+ result = polarssl_connect_step3(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ if(ssl_connect_done == connssl->connecting_state) {
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = polarssl_recv;
+ conn->send[sockindex] = polarssl_send;
+ *done = TRUE;
+ }
+ else
+ *done = FALSE;
+
+ /* Reset our connect state machine */
+ connssl->connecting_state = ssl_connect_1;
+
+ return CURLE_OK;
+}
+
+static CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ return polarssl_connect_common(conn, sockindex, TRUE, done);
+}
+
+
+static CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+ bool done = FALSE;
+
+ result = polarssl_connect_common(conn, sockindex, FALSE, &done);
+ if(result)
+ return result;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+/*
+ * return 0 error initializing SSL
+ * return 1 SSL initialized successfully
+ */
+static int Curl_polarssl_init(void)
+{
+ return Curl_polarsslthreadlock_thread_setup();
+}
+
+static void Curl_polarssl_cleanup(void)
+{
+ (void)Curl_polarsslthreadlock_thread_cleanup();
+}
+
+static bool Curl_polarssl_data_pending(const struct connectdata *conn,
+ int sockindex)
+{
+ const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ return ssl_get_bytes_avail(&BACKEND->ssl) != 0;
+}
+
+static void Curl_polarssl_sha256sum(const unsigned char *input,
+ size_t inputlen,
+ unsigned char *sha256sum,
+ size_t sha256len UNUSED_PARAM)
+{
+ (void)sha256len;
+ sha256(input, inputlen, sha256sum, 0);
+}
+
+static void *Curl_polarssl_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return &BACKEND->ssl;
+}
+
+const struct Curl_ssl Curl_ssl_polarssl = {
+ { CURLSSLBACKEND_POLARSSL, "polarssl" }, /* info */
+
+ 1, /* have_ca_path */
+ 0, /* have_certinfo */
+ 1, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_polarssl_init, /* init */
+ Curl_polarssl_cleanup, /* cleanup */
+ Curl_polarssl_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ Curl_none_shutdown, /* shutdown */
+ Curl_polarssl_data_pending, /* data_pending */
+ /* This might cause libcurl to use a weeker random!
+ * TODO: use Polarssl's CTR-DRBG or HMAC-DRBG
+ */
+ Curl_none_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_polarssl_connect, /* connect */
+ Curl_polarssl_connect_nonblocking, /* connect_nonblocking */
+ Curl_polarssl_get_internals, /* get_internals */
+ Curl_polarssl_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_polarssl_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ Curl_polarssl_sha256sum /* sha256sum */
+};
+
+#endif /* USE_POLARSSL */
diff --git a/libs/libcurl/src/vtls/polarssl.h b/libs/libcurl/src/vtls/polarssl.h
new file mode 100644
index 0000000000..23c3636ee6
--- /dev/null
+++ b/libs/libcurl/src/vtls/polarssl.h
@@ -0,0 +1,32 @@
+#ifndef HEADER_CURL_POLARSSL_H
+#define HEADER_CURL_POLARSSL_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_POLARSSL
+
+extern const struct Curl_ssl Curl_ssl_polarssl;
+
+#endif /* USE_POLARSSL */
+#endif /* HEADER_CURL_POLARSSL_H */
diff --git a/libs/libcurl/src/polarssl_threadlock.c b/libs/libcurl/src/vtls/polarssl_threadlock.c
index ad18715375..dd5fbd7ec2 100644
--- a/libs/libcurl/src/polarssl_threadlock.c
+++ b/libs/libcurl/src/vtls/polarssl_threadlock.c
@@ -5,12 +5,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
+ * Copyright (C) 2013-2017, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,7 +22,7 @@
***************************************************************************/
#include "curl_setup.h"
-#if defined(USE_POLARSSL) && \
+#if (defined(USE_POLARSSL) || defined(USE_MBEDTLS)) && \
(defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32))
#if defined(USE_THREADS_POSIX)
@@ -36,10 +36,7 @@
#endif
#include "polarssl_threadlock.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -50,12 +47,12 @@
/* This array will store all of the mutexes available to PolarSSL. */
static POLARSSL_MUTEX_T *mutex_buf = NULL;
-int polarsslthreadlock_thread_setup(void)
+int Curl_polarsslthreadlock_thread_setup(void)
{
int i;
int ret;
- mutex_buf = malloc(NUMT * sizeof(POLARSSL_MUTEX_T));
+ mutex_buf = calloc(NUMT * sizeof(POLARSSL_MUTEX_T), 1);
if(!mutex_buf)
return 0; /* error, no number of threads defined */
@@ -76,7 +73,7 @@ int polarsslthreadlock_thread_setup(void)
return 1; /* OK */
}
-int polarsslthreadlock_thread_cleanup(void)
+int Curl_polarsslthreadlock_thread_cleanup(void)
{
int i;
int ret;
@@ -103,7 +100,7 @@ int polarsslthreadlock_thread_cleanup(void)
return 1; /* OK */
}
-int polarsslthreadlock_lock_function(int n)
+int Curl_polarsslthreadlock_lock_function(int n)
{
int ret;
#ifdef HAVE_PTHREAD_H
@@ -117,7 +114,7 @@ int polarsslthreadlock_lock_function(int n)
}
#elif defined(HAVE_PROCESS_H)
if(n < NUMT) {
- ret = (WaitForSingleObject(mutex_buf[n], INFINITE)==WAIT_FAILED?1:0);
+ ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_lock_function failed\n"));
@@ -128,7 +125,7 @@ int polarsslthreadlock_lock_function(int n)
return 1; /* OK */
}
-int polarsslthreadlock_unlock_function(int n)
+int Curl_polarsslthreadlock_unlock_function(int n)
{
int ret;
#ifdef HAVE_PTHREAD_H
@@ -153,4 +150,4 @@ int polarsslthreadlock_unlock_function(int n)
return 1; /* OK */
}
-#endif /* USE_POLARSSL */
+#endif /* USE_POLARSSL || USE_MBEDTLS */
diff --git a/libs/libcurl/src/polarssl_threadlock.h b/libs/libcurl/src/vtls/polarssl_threadlock.h
index b67b3f9abd..dda5359b81 100644
--- a/libs/libcurl/src/polarssl_threadlock.h
+++ b/libs/libcurl/src/vtls/polarssl_threadlock.h
@@ -7,12 +7,12 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
+ * Copyright (C) 2013-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com>
- * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,7 +24,7 @@
***************************************************************************/
#include "curl_setup.h"
-#ifdef USE_POLARSSL
+#if (defined USE_POLARSSL) || (defined USE_MBEDTLS)
#if defined(USE_THREADS_POSIX)
# define POLARSSL_MUTEX_T pthread_mutex_t
@@ -34,17 +34,17 @@
#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
-int polarsslthreadlock_thread_setup(void);
-int polarsslthreadlock_thread_cleanup(void);
-int polarsslthreadlock_lock_function(int n);
-int polarsslthreadlock_unlock_function(int n);
+int Curl_polarsslthreadlock_thread_setup(void);
+int Curl_polarsslthreadlock_thread_cleanup(void);
+int Curl_polarsslthreadlock_lock_function(int n);
+int Curl_polarsslthreadlock_unlock_function(int n);
#else
-#define polarsslthreadlock_thread_setup() 1
-#define polarsslthreadlock_thread_cleanup() 1
-#define polarsslthreadlock_lock_function(x) 1
-#define polarsslthreadlock_unlock_function(x) 1
+#define Curl_polarsslthreadlock_thread_setup() 1
+#define Curl_polarsslthreadlock_thread_cleanup() 1
+#define Curl_polarsslthreadlock_lock_function(x) 1
+#define Curl_polarsslthreadlock_unlock_function(x) 1
#endif /* USE_THREADS_POSIX || USE_THREADS_WIN32 */
diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c
new file mode 100644
index 0000000000..85c64cf446
--- /dev/null
+++ b/libs/libcurl/src/vtls/schannel.c
@@ -0,0 +1,1852 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de>
+ * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com>
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all SChannel-specific code for the TLS/SSL layer. No code
+ * but vtls.c should ever call or use these functions.
+ *
+ */
+
+/*
+ * Based upon the PolarSSL implementation in polarssl.c and polarssl.h:
+ * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
+ *
+ * Based upon the CyaSSL implementation in cyassl.c and cyassl.h:
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * Thanks for code and inspiration!
+ */
+
+#include "curl_setup.h"
+
+#ifdef USE_SCHANNEL
+
+#ifndef USE_WINDOWS_SSPI
+# error "Can't compile SCHANNEL support without SSPI."
+#endif
+
+#include <schnlsp.h>
+#include <schannel.h>
+#include "curl_sspi.h"
+#include "schannel.h"
+#include "vtls.h"
+#include "sendf.h"
+#include "connect.h" /* for the connect timeout */
+#include "strerror.h"
+#include "select.h" /* for the socket readyness */
+#include "inet_pton.h" /* for IP addr SNI check */
+#include "curl_multibyte.h"
+#include "warnless.h"
+#include "x509asn1.h"
+#include "curl_printf.h"
+#include "system_win32.h"
+#include "hostcheck.h"
+
+ /* The last #include file should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/* ALPN requires version 8.1 of the Windows SDK, which was
+ shipped with Visual Studio 2013, aka _MSC_VER 1800:
+
+ https://technet.microsoft.com/en-us/library/hh831771%28v=ws.11%29.aspx
+*/
+#if defined(_MSC_VER) && (_MSC_VER >= 1800) && !defined(_USING_V110_SDK71_)
+# define HAS_ALPN 1
+#endif
+
+#ifndef UNISP_NAME_A
+#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
+#endif
+
+#ifndef UNISP_NAME_W
+#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
+#endif
+
+#ifndef UNISP_NAME
+#ifdef UNICODE
+#define UNISP_NAME UNISP_NAME_W
+#else
+#define UNISP_NAME UNISP_NAME_A
+#endif
+#endif
+
+#ifndef SP_PROT_SSL2_CLIENT
+#define SP_PROT_SSL2_CLIENT 0x00000008
+#endif
+
+#ifndef SP_PROT_SSL3_CLIENT
+#define SP_PROT_SSL3_CLIENT 0x00000008
+#endif
+
+#ifndef SP_PROT_TLS1_CLIENT
+#define SP_PROT_TLS1_CLIENT 0x00000080
+#endif
+
+#ifndef SP_PROT_TLS1_0_CLIENT
+#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
+#endif
+
+#ifndef SP_PROT_TLS1_1_CLIENT
+#define SP_PROT_TLS1_1_CLIENT 0x00000200
+#endif
+
+#ifndef SP_PROT_TLS1_2_CLIENT
+#define SP_PROT_TLS1_2_CLIENT 0x00000800
+#endif
+
+#ifndef SECBUFFER_ALERT
+#define SECBUFFER_ALERT 17
+#endif
+
+/* Both schannel buffer sizes must be > 0 */
+#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096
+#define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024
+
+/* Uncomment to force verbose output
+ * #define infof(x, y, ...) printf(y, __VA_ARGS__)
+ * #define failf(x, y, ...) printf(y, __VA_ARGS__)
+ */
+
+/* Structs to store Schannel handles */
+struct curl_schannel_cred {
+ CredHandle cred_handle;
+ TimeStamp time_stamp;
+ int refcount;
+};
+
+struct curl_schannel_ctxt {
+ CtxtHandle ctxt_handle;
+ TimeStamp time_stamp;
+};
+
+struct ssl_backend_data {
+ struct curl_schannel_cred *cred;
+ struct curl_schannel_ctxt *ctxt;
+ SecPkgContext_StreamSizes stream_sizes;
+ size_t encdata_length, decdata_length;
+ size_t encdata_offset, decdata_offset;
+ unsigned char *encdata_buffer, *decdata_buffer;
+ /* encdata_is_incomplete: if encdata contains only a partial record that
+ can't be decrypted without another Curl_read_plain (that is, status is
+ SEC_E_INCOMPLETE_MESSAGE) then set this true. after Curl_read_plain writes
+ more bytes into encdata then set this back to false. */
+ bool encdata_is_incomplete;
+ unsigned long req_flags, ret_flags;
+ CURLcode recv_unrecoverable_err; /* schannel_recv had an unrecoverable err */
+ bool recv_sspi_close_notify; /* true if connection closed by close_notify */
+ bool recv_connection_closed; /* true if connection closed, regardless how */
+ bool use_alpn; /* true if ALPN is used for this connection */
+};
+
+#define BACKEND connssl->backend
+
+static Curl_recv schannel_recv;
+static Curl_send schannel_send;
+
+#ifdef _WIN32_WCE
+static CURLcode verify_certificate(struct connectdata *conn, int sockindex);
+#endif
+
+static void InitSecBuffer(SecBuffer *buffer, unsigned long BufType,
+ void *BufDataPtr, unsigned long BufByteSize)
+{
+ buffer->cbBuffer = BufByteSize;
+ buffer->BufferType = BufType;
+ buffer->pvBuffer = BufDataPtr;
+}
+
+static void InitSecBufferDesc(SecBufferDesc *desc, SecBuffer *BufArr,
+ unsigned long NumArrElem)
+{
+ desc->ulVersion = SECBUFFER_VERSION;
+ desc->pBuffers = BufArr;
+ desc->cBuffers = NumArrElem;
+}
+
+static CURLcode
+set_ssl_version_min_max(SCHANNEL_CRED *schannel_cred, struct connectdata *conn)
+{
+ struct Curl_easy *data = conn->data;
+ long ssl_version = SSL_CONN_CONFIG(version);
+ long ssl_version_max = SSL_CONN_CONFIG(version_max);
+ long i = ssl_version;
+
+ switch(ssl_version_max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ ssl_version_max = ssl_version << 16;
+ break;
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
+ break;
+ }
+ for(; i <= (ssl_version_max >> 16); ++i) {
+ switch(i) {
+ case CURL_SSLVERSION_TLSv1_0:
+ schannel_cred->grbitEnabledProtocols |= SP_PROT_TLS1_0_CLIENT;
+ break;
+ case CURL_SSLVERSION_TLSv1_1:
+ schannel_cred->grbitEnabledProtocols |= SP_PROT_TLS1_1_CLIENT;
+ break;
+ case CURL_SSLVERSION_TLSv1_2:
+ schannel_cred->grbitEnabledProtocols |= SP_PROT_TLS1_2_CLIENT;
+ break;
+ case CURL_SSLVERSION_TLSv1_3:
+ failf(data, "Schannel: TLS 1.3 is not yet supported");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+ return CURLE_OK;
+}
+
+static CURLcode
+schannel_connect_step1(struct connectdata *conn, int sockindex)
+{
+ ssize_t written = -1;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SecBuffer outbuf;
+ SecBufferDesc outbuf_desc;
+ SecBuffer inbuf;
+ SecBufferDesc inbuf_desc;
+#ifdef HAS_ALPN
+ unsigned char alpn_buffer[128];
+#endif
+ SCHANNEL_CRED schannel_cred;
+ SECURITY_STATUS sspi_status = SEC_E_OK;
+ struct curl_schannel_cred *old_cred = NULL;
+ struct in_addr addr;
+#ifdef ENABLE_IPV6
+ struct in6_addr addr6;
+#endif
+ TCHAR *host_name;
+ CURLcode result;
+ char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+
+ infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
+ hostname, conn->remote_port);
+
+ if(Curl_verify_windows_version(5, 1, PLATFORM_WINNT,
+ VERSION_LESS_THAN_EQUAL)) {
+ /* SChannel in Windows XP (OS version 5.1) uses legacy handshakes and
+ algorithms that may not be supported by all servers. */
+ infof(data, "schannel: WinSSL version is old and may not be able to "
+ "connect to some servers due to lack of SNI, algorithms, etc.\n");
+ }
+
+#ifdef HAS_ALPN
+ /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above.
+ Also it doesn't seem to be supported for Wine, see curl bug #983. */
+ BACKEND->use_alpn = conn->bits.tls_enable_alpn &&
+ !GetProcAddress(GetModuleHandleA("ntdll"),
+ "wine_get_version") &&
+ Curl_verify_windows_version(6, 3, PLATFORM_WINNT,
+ VERSION_GREATER_THAN_EQUAL);
+#else
+ BACKEND->use_alpn = false;
+#endif
+
+ BACKEND->cred = NULL;
+
+ /* check for an existing re-usable credential handle */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ Curl_ssl_sessionid_lock(conn);
+ if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) {
+ BACKEND->cred = old_cred;
+ infof(data, "schannel: re-using existing credential handle\n");
+
+ /* increment the reference counter of the credential/session handle */
+ BACKEND->cred->refcount++;
+ infof(data, "schannel: incremented credential handle refcount = %d\n",
+ BACKEND->cred->refcount);
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ if(!BACKEND->cred) {
+ /* setup Schannel API options */
+ memset(&schannel_cred, 0, sizeof(schannel_cred));
+ schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
+
+ if(conn->ssl_config.verifypeer) {
+#ifdef _WIN32_WCE
+ /* certificate validation on CE doesn't seem to work right; we'll
+ do it following a more manual process. */
+ schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
+ SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+#else
+ schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION;
+ /* TODO s/data->set.ssl.no_revoke/SSL_SET_OPTION(no_revoke)/g */
+ if(data->set.ssl.no_revoke)
+ schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+ else
+ schannel_cred.dwFlags |= SCH_CRED_REVOCATION_CHECK_CHAIN;
+#endif
+ if(data->set.ssl.no_revoke)
+ infof(data, "schannel: disabled server certificate revocation "
+ "checks\n");
+ else
+ infof(data, "schannel: checking server certificate revocation\n");
+ }
+ else {
+ schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
+ SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+ infof(data, "schannel: disabled server certificate revocation checks\n");
+ }
+
+ if(!conn->ssl_config.verifyhost) {
+ schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
+ infof(data, "schannel: verifyhost setting prevents Schannel from "
+ "comparing the supplied target name with the subject "
+ "names in server certificates.\n");
+ }
+
+ switch(conn->ssl_config.version) {
+ case CURL_SSLVERSION_DEFAULT:
+ case CURL_SSLVERSION_TLSv1:
+ schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
+ SP_PROT_TLS1_1_CLIENT |
+ SP_PROT_TLS1_2_CLIENT;
+ break;
+ case CURL_SSLVERSION_TLSv1_0:
+ case CURL_SSLVERSION_TLSv1_1:
+ case CURL_SSLVERSION_TLSv1_2:
+ case CURL_SSLVERSION_TLSv1_3:
+ {
+ result = set_ssl_version_min_max(&schannel_cred, conn);
+ if(result != CURLE_OK)
+ return result;
+ break;
+ }
+ case CURL_SSLVERSION_SSLv3:
+ schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
+ break;
+ case CURL_SSLVERSION_SSLv2:
+ schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
+ break;
+ default:
+ failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* allocate memory for the re-usable credential handle */
+ BACKEND->cred = (struct curl_schannel_cred *)
+ malloc(sizeof(struct curl_schannel_cred));
+ if(!BACKEND->cred) {
+ failf(data, "schannel: unable to allocate memory");
+ return CURLE_OUT_OF_MEMORY;
+ }
+ memset(BACKEND->cred, 0, sizeof(struct curl_schannel_cred));
+ BACKEND->cred->refcount = 1;
+
+ /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx
+ */
+ sspi_status =
+ s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME,
+ SECPKG_CRED_OUTBOUND, NULL,
+ &schannel_cred, NULL, NULL,
+ &BACKEND->cred->cred_handle,
+ &BACKEND->cred->time_stamp);
+
+ if(sspi_status != SEC_E_OK) {
+ if(sspi_status == SEC_E_WRONG_PRINCIPAL)
+ failf(data, "schannel: SNI or certificate check failed: %s",
+ Curl_sspi_strerror(conn, sspi_status));
+ else
+ failf(data, "schannel: AcquireCredentialsHandle failed: %s",
+ Curl_sspi_strerror(conn, sspi_status));
+ Curl_safefree(BACKEND->cred);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+
+ /* Warn if SNI is disabled due to use of an IP address */
+ if(Curl_inet_pton(AF_INET, hostname, &addr)
+#ifdef ENABLE_IPV6
+ || Curl_inet_pton(AF_INET6, hostname, &addr6)
+#endif
+ ) {
+ infof(data, "schannel: using IP address, SNI is not supported by OS.\n");
+ }
+
+#ifdef HAS_ALPN
+ if(BACKEND->use_alpn) {
+ int cur = 0;
+ int list_start_index = 0;
+ unsigned int *extension_len = NULL;
+ unsigned short* list_len = NULL;
+
+ /* The first four bytes will be an unsigned int indicating number
+ of bytes of data in the rest of the the buffer. */
+ extension_len = (unsigned int *)(&alpn_buffer[cur]);
+ cur += sizeof(unsigned int);
+
+ /* The next four bytes are an indicator that this buffer will contain
+ ALPN data, as opposed to NPN, for example. */
+ *(unsigned int *)&alpn_buffer[cur] =
+ SecApplicationProtocolNegotiationExt_ALPN;
+ cur += sizeof(unsigned int);
+
+ /* The next two bytes will be an unsigned short indicating the number
+ of bytes used to list the preferred protocols. */
+ list_len = (unsigned short*)(&alpn_buffer[cur]);
+ cur += sizeof(unsigned short);
+
+ list_start_index = cur;
+
+#ifdef USE_NGHTTP2
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+ memcpy(&alpn_buffer[cur], NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN);
+ cur += NGHTTP2_PROTO_ALPN_LEN;
+ infof(data, "schannel: ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
+ }
+#endif
+
+ alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH;
+ memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
+ cur += ALPN_HTTP_1_1_LENGTH;
+ infof(data, "schannel: ALPN, offering %s\n", ALPN_HTTP_1_1);
+
+ *list_len = curlx_uitous(cur - list_start_index);
+ *extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short);
+
+ InitSecBuffer(&inbuf, SECBUFFER_APPLICATION_PROTOCOLS, alpn_buffer, cur);
+ InitSecBufferDesc(&inbuf_desc, &inbuf, 1);
+ }
+ else
+ {
+ InitSecBuffer(&inbuf, SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&inbuf_desc, &inbuf, 1);
+ }
+#else /* HAS_ALPN */
+ InitSecBuffer(&inbuf, SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&inbuf_desc, &inbuf, 1);
+#endif
+
+ /* setup output buffer */
+ InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
+
+ /* setup request flags */
+ BACKEND->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
+ ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
+ ISC_REQ_STREAM;
+
+ /* allocate memory for the security context handle */
+ BACKEND->ctxt = (struct curl_schannel_ctxt *)
+ malloc(sizeof(struct curl_schannel_ctxt));
+ if(!BACKEND->ctxt) {
+ failf(data, "schannel: unable to allocate memory");
+ return CURLE_OUT_OF_MEMORY;
+ }
+ memset(BACKEND->ctxt, 0, sizeof(struct curl_schannel_ctxt));
+
+ host_name = Curl_convert_UTF8_to_tchar(hostname);
+ if(!host_name)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Schannel InitializeSecurityContext:
+ https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx
+
+ At the moment we don't pass inbuf unless we're using ALPN since we only
+ use it for that, and Wine (for which we currently disable ALPN) is giving
+ us problems with inbuf regardless. https://github.com/curl/curl/issues/983
+ */
+ sspi_status = s_pSecFn->InitializeSecurityContext(
+ &BACKEND->cred->cred_handle, NULL, host_name, BACKEND->req_flags, 0, 0,
+ (BACKEND->use_alpn ? &inbuf_desc : NULL),
+ 0, &BACKEND->ctxt->ctxt_handle,
+ &outbuf_desc, &BACKEND->ret_flags, &BACKEND->ctxt->time_stamp);
+
+ Curl_unicodefree(host_name);
+
+ if(sspi_status != SEC_I_CONTINUE_NEEDED) {
+ if(sspi_status == SEC_E_WRONG_PRINCIPAL)
+ failf(data, "schannel: SNI or certificate check failed: %s",
+ Curl_sspi_strerror(conn, sspi_status));
+ else
+ failf(data, "schannel: initial InitializeSecurityContext failed: %s",
+ Curl_sspi_strerror(conn, sspi_status));
+ Curl_safefree(BACKEND->ctxt);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ infof(data, "schannel: sending initial handshake data: "
+ "sending %lu bytes...\n", outbuf.cbBuffer);
+
+ /* send initial handshake data which is now stored in output buffer */
+ result = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
+ outbuf.cbBuffer, &written);
+ s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
+ if((result != CURLE_OK) || (outbuf.cbBuffer != (size_t) written)) {
+ failf(data, "schannel: failed to send initial handshake data: "
+ "sent %zd of %lu bytes", written, outbuf.cbBuffer);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ infof(data, "schannel: sent initial handshake data: "
+ "sent %zd bytes\n", written);
+
+ BACKEND->recv_unrecoverable_err = CURLE_OK;
+ BACKEND->recv_sspi_close_notify = false;
+ BACKEND->recv_connection_closed = false;
+ BACKEND->encdata_is_incomplete = false;
+
+ /* continue to second handshake step */
+ connssl->connecting_state = ssl_connect_2;
+
+ return CURLE_OK;
+}
+
+static CURLcode
+schannel_connect_step2(struct connectdata *conn, int sockindex)
+{
+ int i;
+ ssize_t nread = -1, written = -1;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ unsigned char *reallocated_buffer;
+ size_t reallocated_length;
+ SecBuffer outbuf[3];
+ SecBufferDesc outbuf_desc;
+ SecBuffer inbuf[2];
+ SecBufferDesc inbuf_desc;
+ SECURITY_STATUS sspi_status = SEC_E_OK;
+ TCHAR *host_name;
+ CURLcode result;
+ bool doread;
+ char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+
+ doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE;
+
+ infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)\n",
+ hostname, conn->remote_port);
+
+ if(!BACKEND->cred || !BACKEND->ctxt)
+ return CURLE_SSL_CONNECT_ERROR;
+
+ /* buffer to store previously received and decrypted data */
+ if(BACKEND->decdata_buffer == NULL) {
+ BACKEND->decdata_offset = 0;
+ BACKEND->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
+ BACKEND->decdata_buffer = malloc(BACKEND->decdata_length);
+ if(BACKEND->decdata_buffer == NULL) {
+ failf(data, "schannel: unable to allocate memory");
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+
+ /* buffer to store previously received and encrypted data */
+ if(BACKEND->encdata_buffer == NULL) {
+ BACKEND->encdata_is_incomplete = false;
+ BACKEND->encdata_offset = 0;
+ BACKEND->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE;
+ BACKEND->encdata_buffer = malloc(BACKEND->encdata_length);
+ if(BACKEND->encdata_buffer == NULL) {
+ failf(data, "schannel: unable to allocate memory");
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+
+ /* if we need a bigger buffer to read a full message, increase buffer now */
+ if(BACKEND->encdata_length - BACKEND->encdata_offset <
+ CURL_SCHANNEL_BUFFER_FREE_SIZE) {
+ /* increase internal encrypted data buffer */
+ reallocated_length = BACKEND->encdata_offset +
+ CURL_SCHANNEL_BUFFER_FREE_SIZE;
+ reallocated_buffer = realloc(BACKEND->encdata_buffer,
+ reallocated_length);
+
+ if(reallocated_buffer == NULL) {
+ failf(data, "schannel: unable to re-allocate memory");
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else {
+ BACKEND->encdata_buffer = reallocated_buffer;
+ BACKEND->encdata_length = reallocated_length;
+ }
+ }
+
+ for(;;) {
+ if(doread) {
+ /* read encrypted handshake data from socket */
+ result = Curl_read_plain(conn->sock[sockindex],
+ (char *) (BACKEND->encdata_buffer +
+ BACKEND->encdata_offset),
+ BACKEND->encdata_length -
+ BACKEND->encdata_offset,
+ &nread);
+ if(result == CURLE_AGAIN) {
+ if(connssl->connecting_state != ssl_connect_2_writing)
+ connssl->connecting_state = ssl_connect_2_reading;
+ infof(data, "schannel: failed to receive handshake, "
+ "need more data\n");
+ return CURLE_OK;
+ }
+ else if((result != CURLE_OK) || (nread == 0)) {
+ failf(data, "schannel: failed to receive handshake, "
+ "SSL/TLS connection failed");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* increase encrypted data buffer offset */
+ BACKEND->encdata_offset += nread;
+ BACKEND->encdata_is_incomplete = false;
+ infof(data, "schannel: encrypted data got %zd\n", nread);
+ }
+
+ infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
+ BACKEND->encdata_offset, BACKEND->encdata_length);
+
+ /* setup input buffers */
+ InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(BACKEND->encdata_offset),
+ curlx_uztoul(BACKEND->encdata_offset));
+ InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&inbuf_desc, inbuf, 2);
+
+ /* setup output buffers */
+ InitSecBuffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0);
+ InitSecBuffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0);
+ InitSecBuffer(&outbuf[2], SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&outbuf_desc, outbuf, 3);
+
+ if(inbuf[0].pvBuffer == NULL) {
+ failf(data, "schannel: unable to allocate memory");
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ /* copy received handshake data into input buffer */
+ memcpy(inbuf[0].pvBuffer, BACKEND->encdata_buffer,
+ BACKEND->encdata_offset);
+
+ host_name = Curl_convert_UTF8_to_tchar(hostname);
+ if(!host_name)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx
+ */
+ sspi_status = s_pSecFn->InitializeSecurityContext(
+ &BACKEND->cred->cred_handle, &BACKEND->ctxt->ctxt_handle,
+ host_name, BACKEND->req_flags, 0, 0, &inbuf_desc, 0, NULL,
+ &outbuf_desc, &BACKEND->ret_flags, &BACKEND->ctxt->time_stamp);
+
+ Curl_unicodefree(host_name);
+
+ /* free buffer for received handshake data */
+ Curl_safefree(inbuf[0].pvBuffer);
+
+ /* check if the handshake was incomplete */
+ if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {
+ BACKEND->encdata_is_incomplete = true;
+ connssl->connecting_state = ssl_connect_2_reading;
+ infof(data, "schannel: received incomplete message, need more data\n");
+ return CURLE_OK;
+ }
+
+ /* If the server has requested a client certificate, attempt to continue
+ the handshake without one. This will allow connections to servers which
+ request a client certificate but do not require it. */
+ if(sspi_status == SEC_I_INCOMPLETE_CREDENTIALS &&
+ !(BACKEND->req_flags & ISC_REQ_USE_SUPPLIED_CREDS)) {
+ BACKEND->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS;
+ connssl->connecting_state = ssl_connect_2_writing;
+ infof(data, "schannel: a client certificate has been requested\n");
+ return CURLE_OK;
+ }
+
+ /* check if the handshake needs to be continued */
+ if(sspi_status == SEC_I_CONTINUE_NEEDED || sspi_status == SEC_E_OK) {
+ for(i = 0; i < 3; i++) {
+ /* search for handshake tokens that need to be send */
+ if(outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
+ infof(data, "schannel: sending next handshake data: "
+ "sending %lu bytes...\n", outbuf[i].cbBuffer);
+
+ /* send handshake token to server */
+ result = Curl_write_plain(conn, conn->sock[sockindex],
+ outbuf[i].pvBuffer, outbuf[i].cbBuffer,
+ &written);
+ if((result != CURLE_OK) ||
+ (outbuf[i].cbBuffer != (size_t) written)) {
+ failf(data, "schannel: failed to send next handshake data: "
+ "sent %zd of %lu bytes", written, outbuf[i].cbBuffer);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ }
+
+ /* free obsolete buffer */
+ if(outbuf[i].pvBuffer != NULL) {
+ s_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer);
+ }
+ }
+ }
+ else {
+ if(sspi_status == SEC_E_WRONG_PRINCIPAL)
+ failf(data, "schannel: SNI or certificate check failed: %s",
+ Curl_sspi_strerror(conn, sspi_status));
+ else
+ failf(data, "schannel: next InitializeSecurityContext failed: %s",
+ Curl_sspi_strerror(conn, sspi_status));
+ return sspi_status == SEC_E_UNTRUSTED_ROOT ?
+ CURLE_SSL_CACERT : CURLE_SSL_CONNECT_ERROR;
+ }
+
+ /* check if there was additional remaining encrypted data */
+ if(inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
+ infof(data, "schannel: encrypted data length: %lu\n", inbuf[1].cbBuffer);
+ /*
+ There are two cases where we could be getting extra data here:
+ 1) If we're renegotiating a connection and the handshake is already
+ complete (from the server perspective), it can encrypted app data
+ (not handshake data) in an extra buffer at this point.
+ 2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a
+ connection and this extra data is part of the handshake.
+ We should process the data immediately; waiting for the socket to
+ be ready may fail since the server is done sending handshake data.
+ */
+ /* check if the remaining data is less than the total amount
+ and therefore begins after the already processed data */
+ if(BACKEND->encdata_offset > inbuf[1].cbBuffer) {
+ memmove(BACKEND->encdata_buffer,
+ (BACKEND->encdata_buffer + BACKEND->encdata_offset) -
+ inbuf[1].cbBuffer, inbuf[1].cbBuffer);
+ BACKEND->encdata_offset = inbuf[1].cbBuffer;
+ if(sspi_status == SEC_I_CONTINUE_NEEDED) {
+ doread = FALSE;
+ continue;
+ }
+ }
+ }
+ else {
+ BACKEND->encdata_offset = 0;
+ }
+ break;
+ }
+
+ /* check if the handshake needs to be continued */
+ if(sspi_status == SEC_I_CONTINUE_NEEDED) {
+ connssl->connecting_state = ssl_connect_2_reading;
+ return CURLE_OK;
+ }
+
+ /* check if the handshake is complete */
+ if(sspi_status == SEC_E_OK) {
+ connssl->connecting_state = ssl_connect_3;
+ infof(data, "schannel: SSL/TLS handshake complete\n");
+ }
+
+#ifdef _WIN32_WCE
+ /* Windows CE doesn't do any server certificate validation.
+ We have to do it manually. */
+ if(conn->ssl_config.verifypeer)
+ return verify_certificate(conn, sockindex);
+#endif
+
+ return CURLE_OK;
+}
+
+static CURLcode
+schannel_connect_step3(struct connectdata *conn, int sockindex)
+{
+ CURLcode result = CURLE_OK;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SECURITY_STATUS sspi_status = SEC_E_OK;
+ CERT_CONTEXT *ccert_context = NULL;
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+ const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+#endif
+#ifdef HAS_ALPN
+ SecPkgContext_ApplicationProtocol alpn_result;
+#endif
+
+ DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
+
+ infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)\n",
+ hostname, conn->remote_port);
+
+ if(!BACKEND->cred)
+ return CURLE_SSL_CONNECT_ERROR;
+
+ /* check if the required context attributes are met */
+ if(BACKEND->ret_flags != BACKEND->req_flags) {
+ if(!(BACKEND->ret_flags & ISC_RET_SEQUENCE_DETECT))
+ failf(data, "schannel: failed to setup sequence detection");
+ if(!(BACKEND->ret_flags & ISC_RET_REPLAY_DETECT))
+ failf(data, "schannel: failed to setup replay detection");
+ if(!(BACKEND->ret_flags & ISC_RET_CONFIDENTIALITY))
+ failf(data, "schannel: failed to setup confidentiality");
+ if(!(BACKEND->ret_flags & ISC_RET_ALLOCATED_MEMORY))
+ failf(data, "schannel: failed to setup memory allocation");
+ if(!(BACKEND->ret_flags & ISC_RET_STREAM))
+ failf(data, "schannel: failed to setup stream orientation");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+#ifdef HAS_ALPN
+ if(BACKEND->use_alpn) {
+ sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
+ SECPKG_ATTR_APPLICATION_PROTOCOL, &alpn_result);
+
+ if(sspi_status != SEC_E_OK) {
+ failf(data, "schannel: failed to retrieve ALPN result");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(alpn_result.ProtoNegoStatus ==
+ SecApplicationProtocolNegotiationStatus_Success) {
+
+ infof(data, "schannel: ALPN, server accepted to use %.*s\n",
+ alpn_result.ProtocolIdSize, alpn_result.ProtocolId);
+
+#ifdef USE_NGHTTP2
+ if(alpn_result.ProtocolIdSize == NGHTTP2_PROTO_VERSION_ID_LEN &&
+ !memcmp(NGHTTP2_PROTO_VERSION_ID, alpn_result.ProtocolId,
+ NGHTTP2_PROTO_VERSION_ID_LEN)) {
+ conn->negnpn = CURL_HTTP_VERSION_2;
+ }
+ else
+#endif
+ if(alpn_result.ProtocolIdSize == ALPN_HTTP_1_1_LENGTH &&
+ !memcmp(ALPN_HTTP_1_1, alpn_result.ProtocolId,
+ ALPN_HTTP_1_1_LENGTH)) {
+ conn->negnpn = CURL_HTTP_VERSION_1_1;
+ }
+ }
+ else
+ infof(data, "ALPN, server did not agree to a protocol\n");
+ }
+#endif
+
+ /* save the current session data for possible re-use */
+ if(SSL_SET_OPTION(primary.sessionid)) {
+ bool incache;
+ struct curl_schannel_cred *old_cred = NULL;
+
+ Curl_ssl_sessionid_lock(conn);
+ incache = !(Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL,
+ sockindex));
+ if(incache) {
+ if(old_cred != BACKEND->cred) {
+ infof(data, "schannel: old credential handle is stale, removing\n");
+ /* we're not taking old_cred ownership here, no refcount++ is needed */
+ Curl_ssl_delsessionid(conn, (void *)old_cred);
+ incache = FALSE;
+ }
+ }
+ if(!incache) {
+ result = Curl_ssl_addsessionid(conn, (void *)BACKEND->cred,
+ sizeof(struct curl_schannel_cred),
+ sockindex);
+ if(result) {
+ Curl_ssl_sessionid_unlock(conn);
+ failf(data, "schannel: failed to store credential handle");
+ return result;
+ }
+ else {
+ /* this cred session is now also referenced by sessionid cache */
+ BACKEND->cred->refcount++;
+ infof(data, "schannel: stored credential handle in session cache\n");
+ }
+ }
+ Curl_ssl_sessionid_unlock(conn);
+ }
+
+ if(data->set.ssl.certinfo) {
+ sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
+ SECPKG_ATTR_REMOTE_CERT_CONTEXT, &ccert_context);
+
+ if((sspi_status != SEC_E_OK) || (ccert_context == NULL)) {
+ failf(data, "schannel: failed to retrieve remote cert context");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ result = Curl_ssl_init_certinfo(data, 1);
+ if(!result) {
+ if(((ccert_context->dwCertEncodingType & X509_ASN_ENCODING) != 0) &&
+ (ccert_context->cbCertEncoded > 0)) {
+
+ const char *beg = (const char *) ccert_context->pbCertEncoded;
+ const char *end = beg + ccert_context->cbCertEncoded;
+ result = Curl_extract_certinfo(conn, 0, beg, end);
+ }
+ }
+ CertFreeCertificateContext(ccert_context);
+ if(result)
+ return result;
+ }
+
+ connssl->connecting_state = ssl_connect_done;
+
+ return CURLE_OK;
+}
+
+static CURLcode
+schannel_connect_common(struct connectdata *conn, int sockindex,
+ bool nonblocking, bool *done)
+{
+ CURLcode result;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ curl_socket_t sockfd = conn->sock[sockindex];
+ time_t timeout_ms;
+ int what;
+
+ /* check if the connection has already been established */
+ if(ssl_connection_complete == connssl->state) {
+ *done = TRUE;
+ return CURLE_OK;
+ }
+
+ if(ssl_connect_1 == connssl->connecting_state) {
+ /* check out how much more time we're allowed */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL/TLS connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ result = schannel_connect_step1(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ while(ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state) {
+
+ /* check out how much more time we're allowed */
+ timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+ if(timeout_ms < 0) {
+ /* no need to continue if time already is up */
+ failf(data, "SSL/TLS connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+
+ /* if ssl is expecting something, check if it's available. */
+ if(connssl->connecting_state == ssl_connect_2_reading
+ || connssl->connecting_state == ssl_connect_2_writing) {
+
+ curl_socket_t writefd = ssl_connect_2_writing ==
+ connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
+ curl_socket_t readfd = ssl_connect_2_reading ==
+ connssl->connecting_state ? sockfd : CURL_SOCKET_BAD;
+
+ what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
+ nonblocking ? 0 : timeout_ms);
+ if(what < 0) {
+ /* fatal error */
+ failf(data, "select/poll on SSL/TLS socket, errno: %d", SOCKERRNO);
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+ else if(0 == what) {
+ if(nonblocking) {
+ *done = FALSE;
+ return CURLE_OK;
+ }
+ else {
+ /* timeout */
+ failf(data, "SSL/TLS connection timeout");
+ return CURLE_OPERATION_TIMEDOUT;
+ }
+ }
+ /* socket is readable or writable */
+ }
+
+ /* Run transaction, and return to the caller if it failed or if
+ * this connection is part of a multi handle and this loop would
+ * execute again. This permits the owner of a multi handle to
+ * abort a connection attempt before step2 has completed while
+ * ensuring that a client using select() or epoll() will always
+ * have a valid fdset to wait on.
+ */
+ result = schannel_connect_step2(conn, sockindex);
+ if(result || (nonblocking &&
+ (ssl_connect_2 == connssl->connecting_state ||
+ ssl_connect_2_reading == connssl->connecting_state ||
+ ssl_connect_2_writing == connssl->connecting_state)))
+ return result;
+
+ } /* repeat step2 until all transactions are done. */
+
+ if(ssl_connect_3 == connssl->connecting_state) {
+ result = schannel_connect_step3(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ if(ssl_connect_done == connssl->connecting_state) {
+ connssl->state = ssl_connection_complete;
+ conn->recv[sockindex] = schannel_recv;
+ conn->send[sockindex] = schannel_send;
+ *done = TRUE;
+ }
+ else
+ *done = FALSE;
+
+ /* reset our connection state machine */
+ connssl->connecting_state = ssl_connect_1;
+
+ return CURLE_OK;
+}
+
+static ssize_t
+schannel_send(struct connectdata *conn, int sockindex,
+ const void *buf, size_t len, CURLcode *err)
+{
+ ssize_t written = -1;
+ size_t data_len = 0;
+ unsigned char *data = NULL;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ SecBuffer outbuf[4];
+ SecBufferDesc outbuf_desc;
+ SECURITY_STATUS sspi_status = SEC_E_OK;
+ CURLcode result;
+
+ /* check if the maximum stream sizes were queried */
+ if(BACKEND->stream_sizes.cbMaximumMessage == 0) {
+ sspi_status = s_pSecFn->QueryContextAttributes(
+ &BACKEND->ctxt->ctxt_handle,
+ SECPKG_ATTR_STREAM_SIZES,
+ &BACKEND->stream_sizes);
+ if(sspi_status != SEC_E_OK) {
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+ }
+
+ /* check if the buffer is longer than the maximum message length */
+ if(len > BACKEND->stream_sizes.cbMaximumMessage) {
+ len = BACKEND->stream_sizes.cbMaximumMessage;
+ }
+
+ /* calculate the complete message length and allocate a buffer for it */
+ data_len = BACKEND->stream_sizes.cbHeader + len +
+ BACKEND->stream_sizes.cbTrailer;
+ data = (unsigned char *) malloc(data_len);
+ if(data == NULL) {
+ *err = CURLE_OUT_OF_MEMORY;
+ return -1;
+ }
+
+ /* setup output buffers (header, data, trailer, empty) */
+ InitSecBuffer(&outbuf[0], SECBUFFER_STREAM_HEADER,
+ data, BACKEND->stream_sizes.cbHeader);
+ InitSecBuffer(&outbuf[1], SECBUFFER_DATA,
+ data + BACKEND->stream_sizes.cbHeader, curlx_uztoul(len));
+ InitSecBuffer(&outbuf[2], SECBUFFER_STREAM_TRAILER,
+ data + BACKEND->stream_sizes.cbHeader + len,
+ BACKEND->stream_sizes.cbTrailer);
+ InitSecBuffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&outbuf_desc, outbuf, 4);
+
+ /* copy data into output buffer */
+ memcpy(outbuf[1].pvBuffer, buf, len);
+
+ /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */
+ sspi_status = s_pSecFn->EncryptMessage(&BACKEND->ctxt->ctxt_handle, 0,
+ &outbuf_desc, 0);
+
+ /* check if the message was encrypted */
+ if(sspi_status == SEC_E_OK) {
+ written = 0;
+
+ /* send the encrypted message including header, data and trailer */
+ len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
+
+ /*
+ It's important to send the full message which includes the header,
+ encrypted payload, and trailer. Until the client receives all the
+ data a coherent message has not been delivered and the client
+ can't read any of it.
+
+ If we wanted to buffer the unwritten encrypted bytes, we would
+ tell the client that all data it has requested to be sent has been
+ sent. The unwritten encrypted bytes would be the first bytes to
+ send on the next invocation.
+ Here's the catch with this - if we tell the client that all the
+ bytes have been sent, will the client call this method again to
+ send the buffered data? Looking at who calls this function, it
+ seems the answer is NO.
+ */
+
+ /* send entire message or fail */
+ while(len > (size_t)written) {
+ ssize_t this_write;
+ time_t timeleft;
+ int what;
+
+ this_write = 0;
+
+ timeleft = Curl_timeleft(conn->data, NULL, FALSE);
+ if(timeleft < 0) {
+ /* we already got the timeout */
+ failf(conn->data, "schannel: timed out sending data "
+ "(bytes sent: %zd)", written);
+ *err = CURLE_OPERATION_TIMEDOUT;
+ written = -1;
+ break;
+ }
+
+ what = SOCKET_WRITABLE(conn->sock[sockindex], timeleft);
+ if(what < 0) {
+ /* fatal error */
+ failf(conn->data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+ *err = CURLE_SEND_ERROR;
+ written = -1;
+ break;
+ }
+ else if(0 == what) {
+ failf(conn->data, "schannel: timed out sending data "
+ "(bytes sent: %zd)", written);
+ *err = CURLE_OPERATION_TIMEDOUT;
+ written = -1;
+ break;
+ }
+ /* socket is writable */
+
+ result = Curl_write_plain(conn, conn->sock[sockindex], data + written,
+ len - written, &this_write);
+ if(result == CURLE_AGAIN)
+ continue;
+ else if(result != CURLE_OK) {
+ *err = result;
+ written = -1;
+ break;
+ }
+
+ written += this_write;
+ }
+ }
+ else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) {
+ *err = CURLE_OUT_OF_MEMORY;
+ }
+ else{
+ *err = CURLE_SEND_ERROR;
+ }
+
+ Curl_safefree(data);
+
+ if(len == (size_t)written)
+ /* Encrypted message including header, data and trailer entirely sent.
+ The return value is the number of unencrypted bytes that were sent. */
+ written = outbuf[1].cbBuffer;
+
+ return written;
+}
+
+static ssize_t
+schannel_recv(struct connectdata *conn, int sockindex,
+ char *buf, size_t len, CURLcode *err)
+{
+ size_t size = 0;
+ ssize_t nread = -1;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ unsigned char *reallocated_buffer;
+ size_t reallocated_length;
+ bool done = FALSE;
+ SecBuffer inbuf[4];
+ SecBufferDesc inbuf_desc;
+ SECURITY_STATUS sspi_status = SEC_E_OK;
+ /* we want the length of the encrypted buffer to be at least large enough
+ that it can hold all the bytes requested and some TLS record overhead. */
+ size_t min_encdata_length = len + CURL_SCHANNEL_BUFFER_FREE_SIZE;
+
+ /****************************************************************************
+ * Don't return or set BACKEND->recv_unrecoverable_err unless in the cleanup.
+ * The pattern for return error is set *err, optional infof, goto cleanup.
+ *
+ * Our priority is to always return as much decrypted data to the caller as
+ * possible, even if an error occurs. The state of the decrypted buffer must
+ * always be valid. Transfer of decrypted data to the caller's buffer is
+ * handled in the cleanup.
+ */
+
+ infof(data, "schannel: client wants to read %zu bytes\n", len);
+ *err = CURLE_OK;
+
+ if(len && len <= BACKEND->decdata_offset) {
+ infof(data, "schannel: enough decrypted data is already available\n");
+ goto cleanup;
+ }
+ else if(BACKEND->recv_unrecoverable_err) {
+ *err = BACKEND->recv_unrecoverable_err;
+ infof(data, "schannel: an unrecoverable error occurred in a prior call\n");
+ goto cleanup;
+ }
+ else if(BACKEND->recv_sspi_close_notify) {
+ /* once a server has indicated shutdown there is no more encrypted data */
+ infof(data, "schannel: server indicated shutdown in a prior call\n");
+ goto cleanup;
+ }
+ else if(!len) {
+ /* It's debatable what to return when !len. Regardless we can't return
+ immediately because there may be data to decrypt (in the case we want to
+ decrypt all encrypted cached data) so handle !len later in cleanup.
+ */
+ ; /* do nothing */
+ }
+ else if(!BACKEND->recv_connection_closed) {
+ /* increase enc buffer in order to fit the requested amount of data */
+ size = BACKEND->encdata_length - BACKEND->encdata_offset;
+ if(size < CURL_SCHANNEL_BUFFER_FREE_SIZE ||
+ BACKEND->encdata_length < min_encdata_length) {
+ reallocated_length = BACKEND->encdata_offset +
+ CURL_SCHANNEL_BUFFER_FREE_SIZE;
+ if(reallocated_length < min_encdata_length) {
+ reallocated_length = min_encdata_length;
+ }
+ reallocated_buffer = realloc(BACKEND->encdata_buffer,
+ reallocated_length);
+ if(reallocated_buffer == NULL) {
+ *err = CURLE_OUT_OF_MEMORY;
+ failf(data, "schannel: unable to re-allocate memory");
+ goto cleanup;
+ }
+
+ BACKEND->encdata_buffer = reallocated_buffer;
+ BACKEND->encdata_length = reallocated_length;
+ size = BACKEND->encdata_length - BACKEND->encdata_offset;
+ infof(data, "schannel: encdata_buffer resized %zu\n",
+ BACKEND->encdata_length);
+ }
+
+ infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
+ BACKEND->encdata_offset, BACKEND->encdata_length);
+
+ /* read encrypted data from socket */
+ *err = Curl_read_plain(conn->sock[sockindex],
+ (char *)(BACKEND->encdata_buffer +
+ BACKEND->encdata_offset),
+ size, &nread);
+ if(*err) {
+ nread = -1;
+ if(*err == CURLE_AGAIN)
+ infof(data, "schannel: Curl_read_plain returned CURLE_AGAIN\n");
+ else if(*err == CURLE_RECV_ERROR)
+ infof(data, "schannel: Curl_read_plain returned CURLE_RECV_ERROR\n");
+ else
+ infof(data, "schannel: Curl_read_plain returned error %d\n", *err);
+ }
+ else if(nread == 0) {
+ BACKEND->recv_connection_closed = true;
+ infof(data, "schannel: server closed the connection\n");
+ }
+ else if(nread > 0) {
+ BACKEND->encdata_offset += (size_t)nread;
+ BACKEND->encdata_is_incomplete = false;
+ infof(data, "schannel: encrypted data got %zd\n", nread);
+ }
+ }
+
+ infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
+ BACKEND->encdata_offset, BACKEND->encdata_length);
+
+ /* decrypt loop */
+ while(BACKEND->encdata_offset > 0 && sspi_status == SEC_E_OK &&
+ (!len || BACKEND->decdata_offset < len ||
+ BACKEND->recv_connection_closed)) {
+ /* prepare data buffer for DecryptMessage call */
+ InitSecBuffer(&inbuf[0], SECBUFFER_DATA, BACKEND->encdata_buffer,
+ curlx_uztoul(BACKEND->encdata_offset));
+
+ /* we need 3 more empty input buffers for possible output */
+ InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
+ InitSecBuffer(&inbuf[2], SECBUFFER_EMPTY, NULL, 0);
+ InitSecBuffer(&inbuf[3], SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&inbuf_desc, inbuf, 4);
+
+ /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx
+ */
+ sspi_status = s_pSecFn->DecryptMessage(&BACKEND->ctxt->ctxt_handle,
+ &inbuf_desc, 0, NULL);
+
+ /* check if everything went fine (server may want to renegotiate
+ or shutdown the connection context) */
+ if(sspi_status == SEC_E_OK || sspi_status == SEC_I_RENEGOTIATE ||
+ sspi_status == SEC_I_CONTEXT_EXPIRED) {
+ /* check for successfully decrypted data, even before actual
+ renegotiation or shutdown of the connection context */
+ if(inbuf[1].BufferType == SECBUFFER_DATA) {
+ infof(data, "schannel: decrypted data length: %lu\n",
+ inbuf[1].cbBuffer);
+
+ /* increase buffer in order to fit the received amount of data */
+ size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_FREE_SIZE ?
+ inbuf[1].cbBuffer : CURL_SCHANNEL_BUFFER_FREE_SIZE;
+ if(BACKEND->decdata_length - BACKEND->decdata_offset < size ||
+ BACKEND->decdata_length < len) {
+ /* increase internal decrypted data buffer */
+ reallocated_length = BACKEND->decdata_offset + size;
+ /* make sure that the requested amount of data fits */
+ if(reallocated_length < len) {
+ reallocated_length = len;
+ }
+ reallocated_buffer = realloc(BACKEND->decdata_buffer,
+ reallocated_length);
+ if(reallocated_buffer == NULL) {
+ *err = CURLE_OUT_OF_MEMORY;
+ failf(data, "schannel: unable to re-allocate memory");
+ goto cleanup;
+ }
+ BACKEND->decdata_buffer = reallocated_buffer;
+ BACKEND->decdata_length = reallocated_length;
+ }
+
+ /* copy decrypted data to internal buffer */
+ size = inbuf[1].cbBuffer;
+ if(size) {
+ memcpy(BACKEND->decdata_buffer + BACKEND->decdata_offset,
+ inbuf[1].pvBuffer, size);
+ BACKEND->decdata_offset += size;
+ }
+
+ infof(data, "schannel: decrypted data added: %zu\n", size);
+ infof(data, "schannel: decrypted data cached: offset %zu length %zu\n",
+ BACKEND->decdata_offset, BACKEND->decdata_length);
+ }
+
+ /* check for remaining encrypted data */
+ if(inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
+ infof(data, "schannel: encrypted data length: %lu\n",
+ inbuf[3].cbBuffer);
+
+ /* check if the remaining data is less than the total amount
+ * and therefore begins after the already processed data
+ */
+ if(BACKEND->encdata_offset > inbuf[3].cbBuffer) {
+ /* move remaining encrypted data forward to the beginning of
+ buffer */
+ memmove(BACKEND->encdata_buffer,
+ (BACKEND->encdata_buffer + BACKEND->encdata_offset) -
+ inbuf[3].cbBuffer, inbuf[3].cbBuffer);
+ BACKEND->encdata_offset = inbuf[3].cbBuffer;
+ }
+
+ infof(data, "schannel: encrypted data cached: offset %zu length %zu\n",
+ BACKEND->encdata_offset, BACKEND->encdata_length);
+ }
+ else {
+ /* reset encrypted buffer offset, because there is no data remaining */
+ BACKEND->encdata_offset = 0;
+ }
+
+ /* check if server wants to renegotiate the connection context */
+ if(sspi_status == SEC_I_RENEGOTIATE) {
+ infof(data, "schannel: remote party requests renegotiation\n");
+ if(*err && *err != CURLE_AGAIN) {
+ infof(data, "schannel: can't renogotiate, an error is pending\n");
+ goto cleanup;
+ }
+ if(BACKEND->encdata_offset) {
+ *err = CURLE_RECV_ERROR;
+ infof(data, "schannel: can't renogotiate, "
+ "encrypted data available\n");
+ goto cleanup;
+ }
+ /* begin renegotiation */
+ infof(data, "schannel: renegotiating SSL/TLS connection\n");
+ connssl->state = ssl_connection_negotiating;
+ connssl->connecting_state = ssl_connect_2_writing;
+ *err = schannel_connect_common(conn, sockindex, FALSE, &done);
+ if(*err) {
+ infof(data, "schannel: renegotiation failed\n");
+ goto cleanup;
+ }
+ /* now retry receiving data */
+ sspi_status = SEC_E_OK;
+ infof(data, "schannel: SSL/TLS connection renegotiated\n");
+ continue;
+ }
+ /* check if the server closed the connection */
+ else if(sspi_status == SEC_I_CONTEXT_EXPIRED) {
+ /* In Windows 2000 SEC_I_CONTEXT_EXPIRED (close_notify) is not
+ returned so we have to work around that in cleanup. */
+ BACKEND->recv_sspi_close_notify = true;
+ if(!BACKEND->recv_connection_closed) {
+ BACKEND->recv_connection_closed = true;
+ infof(data, "schannel: server closed the connection\n");
+ }
+ goto cleanup;
+ }
+ }
+ else if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) {
+ BACKEND->encdata_is_incomplete = true;
+ if(!*err)
+ *err = CURLE_AGAIN;
+ infof(data, "schannel: failed to decrypt data, need more data\n");
+ goto cleanup;
+ }
+ else {
+ *err = CURLE_RECV_ERROR;
+ infof(data, "schannel: failed to read data from server: %s\n",
+ Curl_sspi_strerror(conn, sspi_status));
+ goto cleanup;
+ }
+ }
+
+ infof(data, "schannel: encrypted data buffer: offset %zu length %zu\n",
+ BACKEND->encdata_offset, BACKEND->encdata_length);
+
+ infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n",
+ BACKEND->decdata_offset, BACKEND->decdata_length);
+
+cleanup:
+ /* Warning- there is no guarantee the encdata state is valid at this point */
+ infof(data, "schannel: schannel_recv cleanup\n");
+
+ /* Error if the connection has closed without a close_notify.
+ Behavior here is a matter of debate. We don't want to be vulnerable to a
+ truncation attack however there's some browser precedent for ignoring the
+ close_notify for compatibility reasons.
+ Additionally, Windows 2000 (v5.0) is a special case since it seems it doesn't
+ return close_notify. In that case if the connection was closed we assume it
+ was graceful (close_notify) since there doesn't seem to be a way to tell.
+ */
+ if(len && !BACKEND->decdata_offset && BACKEND->recv_connection_closed &&
+ !BACKEND->recv_sspi_close_notify) {
+ bool isWin2k = Curl_verify_windows_version(5, 0, PLATFORM_WINNT,
+ VERSION_EQUAL);
+
+ if(isWin2k && sspi_status == SEC_E_OK)
+ BACKEND->recv_sspi_close_notify = true;
+ else {
+ *err = CURLE_RECV_ERROR;
+ infof(data, "schannel: server closed abruptly (missing close_notify)\n");
+ }
+ }
+
+ /* Any error other than CURLE_AGAIN is an unrecoverable error. */
+ if(*err && *err != CURLE_AGAIN)
+ BACKEND->recv_unrecoverable_err = *err;
+
+ size = len < BACKEND->decdata_offset ? len : BACKEND->decdata_offset;
+ if(size) {
+ memcpy(buf, BACKEND->decdata_buffer, size);
+ memmove(BACKEND->decdata_buffer, BACKEND->decdata_buffer + size,
+ BACKEND->decdata_offset - size);
+ BACKEND->decdata_offset -= size;
+
+ infof(data, "schannel: decrypted data returned %zu\n", size);
+ infof(data, "schannel: decrypted data buffer: offset %zu length %zu\n",
+ BACKEND->decdata_offset, BACKEND->decdata_length);
+ *err = CURLE_OK;
+ return (ssize_t)size;
+ }
+
+ if(!*err && !BACKEND->recv_connection_closed)
+ *err = CURLE_AGAIN;
+
+ /* It's debatable what to return when !len. We could return whatever error we
+ got from decryption but instead we override here so the return is consistent.
+ */
+ if(!len)
+ *err = CURLE_OK;
+
+ return *err ? -1 : 0;
+}
+
+static CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ return schannel_connect_common(conn, sockindex, TRUE, done);
+}
+
+static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+ bool done = FALSE;
+
+ result = schannel_connect_common(conn, sockindex, FALSE, &done);
+ if(result)
+ return result;
+
+ DEBUGASSERT(done);
+
+ return CURLE_OK;
+}
+
+static bool Curl_schannel_data_pending(const struct connectdata *conn,
+ int sockindex)
+{
+ const struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+ if(connssl->use) /* SSL/TLS is in use */
+ return (BACKEND->decdata_offset > 0 ||
+ (BACKEND->encdata_offset > 0 && !BACKEND->encdata_is_incomplete));
+ else
+ return FALSE;
+}
+
+static void Curl_schannel_close(struct connectdata *conn, int sockindex)
+{
+ if(conn->ssl[sockindex].use)
+ /* if the SSL/TLS channel hasn't been shut down yet, do that now. */
+ Curl_ssl_shutdown(conn, sockindex);
+}
+
+static void Curl_schannel_session_free(void *ptr)
+{
+ /* this is expected to be called under sessionid lock */
+ struct curl_schannel_cred *cred = ptr;
+
+ cred->refcount--;
+ if(cred->refcount == 0) {
+ s_pSecFn->FreeCredentialsHandle(&cred->cred_handle);
+ Curl_safefree(cred);
+ }
+}
+
+static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
+{
+ /* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx
+ * Shutting Down an Schannel Connection
+ */
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+ conn->host.name;
+
+ infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n",
+ hostname, conn->remote_port);
+
+ if(BACKEND->cred && BACKEND->ctxt) {
+ SecBufferDesc BuffDesc;
+ SecBuffer Buffer;
+ SECURITY_STATUS sspi_status;
+ SecBuffer outbuf;
+ SecBufferDesc outbuf_desc;
+ CURLcode result;
+ TCHAR *host_name;
+ DWORD dwshut = SCHANNEL_SHUTDOWN;
+
+ InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut));
+ InitSecBufferDesc(&BuffDesc, &Buffer, 1);
+
+ sspi_status = s_pSecFn->ApplyControlToken(&BACKEND->ctxt->ctxt_handle,
+ &BuffDesc);
+
+ if(sspi_status != SEC_E_OK)
+ failf(data, "schannel: ApplyControlToken failure: %s",
+ Curl_sspi_strerror(conn, sspi_status));
+
+ host_name = Curl_convert_UTF8_to_tchar(hostname);
+ if(!host_name)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* setup output buffer */
+ InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
+ InitSecBufferDesc(&outbuf_desc, &outbuf, 1);
+
+ sspi_status = s_pSecFn->InitializeSecurityContext(
+ &BACKEND->cred->cred_handle,
+ &BACKEND->ctxt->ctxt_handle,
+ host_name,
+ BACKEND->req_flags,
+ 0,
+ 0,
+ NULL,
+ 0,
+ &BACKEND->ctxt->ctxt_handle,
+ &outbuf_desc,
+ &BACKEND->ret_flags,
+ &BACKEND->ctxt->time_stamp);
+
+ Curl_unicodefree(host_name);
+
+ if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) {
+ /* send close message which is in output buffer */
+ ssize_t written;
+ result = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer,
+ outbuf.cbBuffer, &written);
+
+ s_pSecFn->FreeContextBuffer(outbuf.pvBuffer);
+ if((result != CURLE_OK) || (outbuf.cbBuffer != (size_t) written)) {
+ infof(data, "schannel: failed to send close msg: %s"
+ " (bytes written: %zd)\n", curl_easy_strerror(result), written);
+ }
+ }
+ }
+
+ /* free SSPI Schannel API security context handle */
+ if(BACKEND->ctxt) {
+ infof(data, "schannel: clear security context handle\n");
+ s_pSecFn->DeleteSecurityContext(&BACKEND->ctxt->ctxt_handle);
+ Curl_safefree(BACKEND->ctxt);
+ }
+
+ /* free SSPI Schannel API credential handle */
+ if(BACKEND->cred) {
+ Curl_ssl_sessionid_lock(conn);
+ Curl_schannel_session_free(BACKEND->cred);
+ Curl_ssl_sessionid_unlock(conn);
+ BACKEND->cred = NULL;
+ }
+
+ /* free internal buffer for received encrypted data */
+ if(BACKEND->encdata_buffer != NULL) {
+ Curl_safefree(BACKEND->encdata_buffer);
+ BACKEND->encdata_length = 0;
+ BACKEND->encdata_offset = 0;
+ BACKEND->encdata_is_incomplete = false;
+ }
+
+ /* free internal buffer for received decrypted data */
+ if(BACKEND->decdata_buffer != NULL) {
+ Curl_safefree(BACKEND->decdata_buffer);
+ BACKEND->decdata_length = 0;
+ BACKEND->decdata_offset = 0;
+ }
+
+ return CURLE_OK;
+}
+
+static int Curl_schannel_init(void)
+{
+ return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0);
+}
+
+static void Curl_schannel_cleanup(void)
+{
+ Curl_sspi_global_cleanup();
+}
+
+static size_t Curl_schannel_version(char *buffer, size_t size)
+{
+ size = snprintf(buffer, size, "WinSSL");
+
+ return size;
+}
+
+static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
+ unsigned char *entropy, size_t length)
+{
+ HCRYPTPROV hCryptProv = 0;
+
+ (void)data;
+
+ if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+ return CURLE_FAILED_INIT;
+
+ if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) {
+ CryptReleaseContext(hCryptProv, 0UL);
+ return CURLE_FAILED_INIT;
+ }
+
+ CryptReleaseContext(hCryptProv, 0UL);
+ return CURLE_OK;
+}
+
+#ifdef _WIN32_WCE
+static CURLcode verify_certificate(struct connectdata *conn, int sockindex)
+{
+ SECURITY_STATUS status;
+ struct Curl_easy *data = conn->data;
+ struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+ CURLcode result = CURLE_OK;
+ CERT_CONTEXT *pCertContextServer = NULL;
+ const CERT_CHAIN_CONTEXT *pChainContext = NULL;
+ const char * const conn_hostname = SSL_IS_PROXY() ?
+ conn->http_proxy.host.name :
+ conn->host.name;
+
+ status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
+ SECPKG_ATTR_REMOTE_CERT_CONTEXT,
+ &pCertContextServer);
+
+ if((status != SEC_E_OK) || (pCertContextServer == NULL)) {
+ failf(data, "schannel: Failed to read remote certificate context: %s",
+ Curl_sspi_strerror(conn, status));
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ if(result == CURLE_OK) {
+ CERT_CHAIN_PARA ChainPara;
+ memset(&ChainPara, 0, sizeof(ChainPara));
+ ChainPara.cbSize = sizeof(ChainPara);
+
+ if(!CertGetCertificateChain(NULL,
+ pCertContextServer,
+ NULL,
+ pCertContextServer->hCertStore,
+ &ChainPara,
+ (data->set.ssl.no_revoke ? 0 :
+ CERT_CHAIN_REVOCATION_CHECK_CHAIN),
+ NULL,
+ &pChainContext)) {
+ failf(data, "schannel: CertGetCertificateChain failed: %s",
+ Curl_sspi_strerror(conn, GetLastError()));
+ pChainContext = NULL;
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+
+ if(result == CURLE_OK) {
+ CERT_SIMPLE_CHAIN *pSimpleChain = pChainContext->rgpChain[0];
+ DWORD dwTrustErrorMask = ~(DWORD)(CERT_TRUST_IS_NOT_TIME_NESTED);
+ dwTrustErrorMask &= pSimpleChain->TrustStatus.dwErrorStatus;
+ if(dwTrustErrorMask) {
+ if(dwTrustErrorMask & CERT_TRUST_IS_REVOKED)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_REVOKED");
+ else if(dwTrustErrorMask & CERT_TRUST_IS_PARTIAL_CHAIN)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_PARTIAL_CHAIN");
+ else if(dwTrustErrorMask & CERT_TRUST_IS_UNTRUSTED_ROOT)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_UNTRUSTED_ROOT");
+ else if(dwTrustErrorMask & CERT_TRUST_IS_NOT_TIME_VALID)
+ failf(data, "schannel: CertGetCertificateChain trust error"
+ " CERT_TRUST_IS_NOT_TIME_VALID");
+ else
+ failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x",
+ dwTrustErrorMask);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ }
+ }
+
+ if(result == CURLE_OK) {
+ if(conn->ssl_config.verifyhost) {
+ TCHAR cert_hostname_buff[256];
+ DWORD len;
+
+ /* TODO: Fix this for certificates with multiple alternative names.
+ Right now we're only asking for the first preferred alternative name.
+ Instead we'd need to do all via CERT_NAME_SEARCH_ALL_NAMES_FLAG
+ (if WinCE supports that?) and run this section in a loop for each.
+ https://msdn.microsoft.com/en-us/library/windows/desktop/aa376086.aspx
+ curl: (51) schannel: CertGetNameString() certificate hostname
+ (.google.com) did not match connection (google.com)
+ */
+ len = CertGetNameString(pCertContextServer,
+ CERT_NAME_DNS_TYPE,
+ CERT_NAME_DISABLE_IE4_UTF8_FLAG,
+ NULL,
+ cert_hostname_buff,
+ 256);
+ if(len > 0) {
+ const char *cert_hostname;
+
+ /* Comparing the cert name and the connection hostname encoded as UTF-8
+ * is acceptable since both values are assumed to use ASCII
+ * (or some equivalent) encoding
+ */
+ cert_hostname = Curl_convert_tchar_to_UTF8(cert_hostname_buff);
+ if(!cert_hostname) {
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ else{
+ int match_result;
+
+ match_result = Curl_cert_hostcheck(cert_hostname, conn->host.name);
+ if(match_result == CURL_HOST_MATCH) {
+ infof(data,
+ "schannel: connection hostname (%s) validated "
+ "against certificate name (%s)\n",
+ conn->host.name,
+ cert_hostname);
+ result = CURLE_OK;
+ }
+ else{
+ failf(data,
+ "schannel: connection hostname (%s) "
+ "does not match certificate name (%s)",
+ conn->host.name,
+ cert_hostname);
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ Curl_unicodefree(cert_hostname);
+ }
+ }
+ else {
+ failf(data,
+ "schannel: CertGetNameString did not provide any "
+ "certificate name information");
+ result = CURLE_PEER_FAILED_VERIFICATION;
+ }
+ }
+ }
+
+ if(pChainContext)
+ CertFreeCertificateChain(pChainContext);
+
+ if(pCertContextServer)
+ CertFreeCertificateContext(pCertContextServer);
+
+ return result;
+}
+#endif /* _WIN32_WCE */
+
+static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info UNUSED_PARAM)
+{
+ (void)info;
+ return &BACKEND->ctxt->ctxt_handle;
+}
+
+const struct Curl_ssl Curl_ssl_schannel = {
+ { CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */
+
+ 0, /* have_ca_path */
+ 1, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ sizeof(struct ssl_backend_data),
+
+ Curl_schannel_init, /* init */
+ Curl_schannel_cleanup, /* cleanup */
+ Curl_schannel_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ Curl_schannel_shutdown, /* shutdown */
+ Curl_schannel_data_pending, /* data_pending */
+ Curl_schannel_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_schannel_connect, /* connect */
+ Curl_schannel_connect_nonblocking, /* connect_nonblocking */
+ Curl_schannel_get_internals, /* get_internals */
+ Curl_schannel_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_schannel_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
+};
+
+#endif /* USE_SCHANNEL */
diff --git a/libs/libcurl/src/vtls/schannel.h b/libs/libcurl/src/vtls/schannel.h
new file mode 100644
index 0000000000..932103da47
--- /dev/null
+++ b/libs/libcurl/src/vtls/schannel.h
@@ -0,0 +1,34 @@
+#ifndef HEADER_CURL_SCHANNEL_H
+#define HEADER_CURL_SCHANNEL_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
+ * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#ifdef USE_SCHANNEL
+
+#include "urldata.h"
+
+extern const struct Curl_ssl Curl_ssl_schannel;
+
+#endif /* USE_SCHANNEL */
+#endif /* HEADER_CURL_SCHANNEL_H */
diff --git a/libs/libcurl/src/vtls/vtls.c b/libs/libcurl/src/vtls/vtls.c
new file mode 100644
index 0000000000..56e6317713
--- /dev/null
+++ b/libs/libcurl/src/vtls/vtls.c
@@ -0,0 +1,1326 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* This file is for implementing all "generic" SSL functions that all libcurl
+ internals should use. It is then responsible for calling the proper
+ "backend" function.
+
+ SSL-functions in libcurl should call functions in this source file, and not
+ to any specific SSL-layer.
+
+ Curl_ssl_ - prefix for generic ones
+
+ Note that this source code uses the functions of the configured SSL
+ backend via the global Curl_ssl instance.
+
+ "SSL/TLS Strong Encryption: An Introduction"
+ https://httpd.apache.org/docs/2.0/ssl/ssl_intro.html
+*/
+
+#include "curl_setup.h"
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
+#include "urldata.h"
+
+#include "vtls.h" /* generic SSL protos etc */
+#include "slist.h"
+#include "sendf.h"
+#include "strcase.h"
+#include "url.h"
+#include "progress.h"
+#include "share.h"
+#include "multiif.h"
+#include "timeval.h"
+#include "curl_md5.h"
+#include "warnless.h"
+#include "curl_base64.h"
+#include "curl_printf.h"
+
+/* The last #include files should be: */
+#include "curl_memory.h"
+#include "memdebug.h"
+
+/* convenience macro to check if this handle is using a shared SSL session */
+#define SSLSESSION_SHARED(data) (data->share && \
+ (data->share->specifier & \
+ (1<<CURL_LOCK_DATA_SSL_SESSION)))
+
+#define CLONE_STRING(var) \
+ if(source->var) { \
+ dest->var = strdup(source->var); \
+ if(!dest->var) \
+ return FALSE; \
+ } \
+ else \
+ dest->var = NULL;
+
+bool
+Curl_ssl_config_matches(struct ssl_primary_config* data,
+ struct ssl_primary_config* needle)
+{
+ if((data->version == needle->version) &&
+ (data->version_max == needle->version_max) &&
+ (data->verifypeer == needle->verifypeer) &&
+ (data->verifyhost == needle->verifyhost) &&
+ (data->verifystatus == needle->verifystatus) &&
+ Curl_safe_strcasecompare(data->CApath, needle->CApath) &&
+ Curl_safe_strcasecompare(data->CAfile, needle->CAfile) &&
+ Curl_safe_strcasecompare(data->clientcert, needle->clientcert) &&
+ Curl_safe_strcasecompare(data->random_file, needle->random_file) &&
+ Curl_safe_strcasecompare(data->egdsocket, needle->egdsocket) &&
+ Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list))
+ return TRUE;
+
+ return FALSE;
+}
+
+bool
+Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
+ struct ssl_primary_config *dest)
+{
+ dest->version = source->version;
+ dest->version_max = source->version_max;
+ dest->verifypeer = source->verifypeer;
+ dest->verifyhost = source->verifyhost;
+ dest->verifystatus = source->verifystatus;
+ dest->sessionid = source->sessionid;
+
+ CLONE_STRING(CApath);
+ CLONE_STRING(CAfile);
+ CLONE_STRING(clientcert);
+ CLONE_STRING(random_file);
+ CLONE_STRING(egdsocket);
+ CLONE_STRING(cipher_list);
+
+ return TRUE;
+}
+
+void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc)
+{
+ Curl_safefree(sslc->CApath);
+ Curl_safefree(sslc->CAfile);
+ Curl_safefree(sslc->clientcert);
+ Curl_safefree(sslc->random_file);
+ Curl_safefree(sslc->egdsocket);
+ Curl_safefree(sslc->cipher_list);
+}
+
+#ifdef USE_SSL
+static int multissl_init(const struct Curl_ssl *backend);
+#endif
+
+int Curl_ssl_backend(void)
+{
+#ifdef USE_SSL
+ multissl_init(NULL);
+ return Curl_ssl->info.id;
+#else
+ return (int)CURLSSLBACKEND_NONE;
+#endif
+}
+
+#ifdef USE_SSL
+
+/* "global" init done? */
+static bool init_ssl = FALSE;
+
+/**
+ * Global SSL init
+ *
+ * @retval 0 error initializing SSL
+ * @retval 1 SSL initialized successfully
+ */
+int Curl_ssl_init(void)
+{
+ /* make sure this is only done once */
+ if(init_ssl)
+ return 1;
+ init_ssl = TRUE; /* never again */
+
+ return Curl_ssl->init();
+}
+
+
+/* Global cleanup */
+void Curl_ssl_cleanup(void)
+{
+ if(init_ssl) {
+ /* only cleanup if we did a previous init */
+ Curl_ssl->cleanup();
+ init_ssl = FALSE;
+ }
+}
+
+static bool ssl_prefs_check(struct Curl_easy *data)
+{
+ /* check for CURLOPT_SSLVERSION invalid parameter value */
+ const long sslver = data->set.ssl.primary.version;
+ if((sslver < 0) || (sslver >= CURL_SSLVERSION_LAST)) {
+ failf(data, "Unrecognized parameter value passed via CURLOPT_SSLVERSION");
+ return FALSE;
+ }
+
+ switch(data->set.ssl.primary.version_max) {
+ case CURL_SSLVERSION_MAX_NONE:
+ case CURL_SSLVERSION_MAX_DEFAULT:
+ break;
+
+ default:
+ if((data->set.ssl.primary.version_max >> 16) < sslver) {
+ failf(data, "CURL_SSLVERSION_MAX incompatible with CURL_SSLVERSION");
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
+static CURLcode
+ssl_connect_init_proxy(struct connectdata *conn, int sockindex)
+{
+ DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]);
+ if(ssl_connection_complete == conn->ssl[sockindex].state &&
+ !conn->proxy_ssl[sockindex].use) {
+ struct ssl_backend_data *pbdata;
+
+ if(!Curl_ssl->support_https_proxy)
+ return CURLE_NOT_BUILT_IN;
+
+ /* The pointers to the ssl backend data, which is opaque here, are swapped
+ rather than move the contents. */
+ pbdata = conn->proxy_ssl[sockindex].backend;
+ conn->proxy_ssl[sockindex] = conn->ssl[sockindex];
+
+ memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));
+ memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data);
+
+ conn->ssl[sockindex].backend = pbdata;
+ }
+ return CURLE_OK;
+}
+
+CURLcode
+Curl_ssl_connect(struct connectdata *conn, int sockindex)
+{
+ CURLcode result;
+
+ if(conn->bits.proxy_ssl_connected[sockindex]) {
+ result = ssl_connect_init_proxy(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ if(!ssl_prefs_check(conn->data))
+ return CURLE_SSL_CONNECT_ERROR;
+
+ /* mark this is being ssl-enabled from here on. */
+ conn->ssl[sockindex].use = TRUE;
+ conn->ssl[sockindex].state = ssl_connection_negotiating;
+
+ result = Curl_ssl->connect(conn, sockindex);
+
+ if(!result)
+ Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
+
+ return result;
+}
+
+CURLcode
+Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
+ bool *done)
+{
+ CURLcode result;
+ if(conn->bits.proxy_ssl_connected[sockindex]) {
+ result = ssl_connect_init_proxy(conn, sockindex);
+ if(result)
+ return result;
+ }
+
+ if(!ssl_prefs_check(conn->data))
+ return CURLE_SSL_CONNECT_ERROR;
+
+ /* mark this is being ssl requested from here on. */
+ conn->ssl[sockindex].use = TRUE;
+ result = Curl_ssl->connect_nonblocking(conn, sockindex, done);
+ if(!result && *done)
+ Curl_pgrsTime(conn->data, TIMER_APPCONNECT); /* SSL is connected */
+ return result;
+}
+
+/*
+ * Lock shared SSL session data
+ */
+void Curl_ssl_sessionid_lock(struct connectdata *conn)
+{
+ if(SSLSESSION_SHARED(conn->data))
+ Curl_share_lock(conn->data,
+ CURL_LOCK_DATA_SSL_SESSION, CURL_LOCK_ACCESS_SINGLE);
+}
+
+/*
+ * Unlock shared SSL session data
+ */
+void Curl_ssl_sessionid_unlock(struct connectdata *conn)
+{
+ if(SSLSESSION_SHARED(conn->data))
+ Curl_share_unlock(conn->data, CURL_LOCK_DATA_SSL_SESSION);
+}
+
+/*
+ * Check if there's a session ID for the given connection in the cache, and if
+ * there's one suitable, it is provided. Returns TRUE when no entry matched.
+ */
+bool Curl_ssl_getsessionid(struct connectdata *conn,
+ void **ssl_sessionid,
+ size_t *idsize, /* set 0 if unknown */
+ int sockindex)
+{
+ struct curl_ssl_session *check;
+ struct Curl_easy *data = conn->data;
+ size_t i;
+ long *general_age;
+ bool no_match = TRUE;
+
+ const bool isProxy = CONNECT_PROXY_SSL();
+ struct ssl_primary_config * const ssl_config = isProxy ?
+ &conn->proxy_ssl_config :
+ &conn->ssl_config;
+ const char * const name = isProxy ? conn->http_proxy.host.name :
+ conn->host.name;
+ int port = isProxy ? (int)conn->port : conn->remote_port;
+ *ssl_sessionid = NULL;
+
+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
+
+ if(!SSL_SET_OPTION(primary.sessionid))
+ /* session ID re-use is disabled */
+ return TRUE;
+
+ /* Lock if shared */
+ if(SSLSESSION_SHARED(data))
+ general_age = &data->share->sessionage;
+ else
+ general_age = &data->state.sessionage;
+
+ for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) {
+ check = &data->state.session[i];
+ if(!check->sessionid)
+ /* not session ID means blank entry */
+ continue;
+ if(strcasecompare(name, check->name) &&
+ ((!conn->bits.conn_to_host && !check->conn_to_host) ||
+ (conn->bits.conn_to_host && check->conn_to_host &&
+ strcasecompare(conn->conn_to_host.name, check->conn_to_host))) &&
+ ((!conn->bits.conn_to_port && check->conn_to_port == -1) ||
+ (conn->bits.conn_to_port && check->conn_to_port != -1 &&
+ conn->conn_to_port == check->conn_to_port)) &&
+ (port == check->remote_port) &&
+ strcasecompare(conn->handler->scheme, check->scheme) &&
+ Curl_ssl_config_matches(ssl_config, &check->ssl_config)) {
+ /* yes, we have a session ID! */
+ (*general_age)++; /* increase general age */
+ check->age = *general_age; /* set this as used in this age */
+ *ssl_sessionid = check->sessionid;
+ if(idsize)
+ *idsize = check->idsize;
+ no_match = FALSE;
+ break;
+ }
+ }
+
+ return no_match;
+}
+
+/*
+ * Kill a single session ID entry in the cache.
+ */
+void Curl_ssl_kill_session(struct curl_ssl_session *session)
+{
+ if(session->sessionid) {
+ /* defensive check */
+
+ /* free the ID the SSL-layer specific way */
+ Curl_ssl->session_free(session->sessionid);
+
+ session->sessionid = NULL;
+ session->age = 0; /* fresh */
+
+ Curl_free_primary_ssl_config(&session->ssl_config);
+
+ Curl_safefree(session->name);
+ Curl_safefree(session->conn_to_host);
+ }
+}
+
+/*
+ * Delete the given session ID from the cache.
+ */
+void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid)
+{
+ size_t i;
+ struct Curl_easy *data = conn->data;
+
+ for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++) {
+ struct curl_ssl_session *check = &data->state.session[i];
+
+ if(check->sessionid == ssl_sessionid) {
+ Curl_ssl_kill_session(check);
+ break;
+ }
+ }
+}
+
+/*
+ * Store session id in the session cache. The ID passed on to this function
+ * must already have been extracted and allocated the proper way for the SSL
+ * layer. Curl_XXXX_session_free() will be called to free/kill the session ID
+ * later on.
+ */
+CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+ void *ssl_sessionid,
+ size_t idsize,
+ int sockindex)
+{
+ size_t i;
+ struct Curl_easy *data = conn->data; /* the mother of all structs */
+ struct curl_ssl_session *store = &data->state.session[0];
+ long oldest_age = data->state.session[0].age; /* zero if unused */
+ char *clone_host;
+ char *clone_conn_to_host;
+ int conn_to_port;
+ long *general_age;
+ const bool isProxy = CONNECT_PROXY_SSL();
+ struct ssl_primary_config * const ssl_config = isProxy ?
+ &conn->proxy_ssl_config :
+ &conn->ssl_config;
+
+ DEBUGASSERT(SSL_SET_OPTION(primary.sessionid));
+
+ clone_host = strdup(isProxy ? conn->http_proxy.host.name : conn->host.name);
+ if(!clone_host)
+ return CURLE_OUT_OF_MEMORY; /* bail out */
+
+ if(conn->bits.conn_to_host) {
+ clone_conn_to_host = strdup(conn->conn_to_host.name);
+ if(!clone_conn_to_host) {
+ free(clone_host);
+ return CURLE_OUT_OF_MEMORY; /* bail out */
+ }
+ }
+ else
+ clone_conn_to_host = NULL;
+
+ if(conn->bits.conn_to_port)
+ conn_to_port = conn->conn_to_port;
+ else
+ conn_to_port = -1;
+
+ /* Now we should add the session ID and the host name to the cache, (remove
+ the oldest if necessary) */
+
+ /* If using shared SSL session, lock! */
+ if(SSLSESSION_SHARED(data)) {
+ general_age = &data->share->sessionage;
+ }
+ else {
+ general_age = &data->state.sessionage;
+ }
+
+ /* find an empty slot for us, or find the oldest */
+ for(i = 1; (i < data->set.general_ssl.max_ssl_sessions) &&
+ data->state.session[i].sessionid; i++) {
+ if(data->state.session[i].age < oldest_age) {
+ oldest_age = data->state.session[i].age;
+ store = &data->state.session[i];
+ }
+ }
+ if(i == data->set.general_ssl.max_ssl_sessions)
+ /* cache is full, we must "kill" the oldest entry! */
+ Curl_ssl_kill_session(store);
+ else
+ store = &data->state.session[i]; /* use this slot */
+
+ /* now init the session struct wisely */
+ store->sessionid = ssl_sessionid;
+ store->idsize = idsize;
+ store->age = *general_age; /* set current age */
+ /* free it if there's one already present */
+ free(store->name);
+ free(store->conn_to_host);
+ store->name = clone_host; /* clone host name */
+ store->conn_to_host = clone_conn_to_host; /* clone connect to host name */
+ store->conn_to_port = conn_to_port; /* connect to port number */
+ /* port number */
+ store->remote_port = isProxy ? (int)conn->port : conn->remote_port;
+ store->scheme = conn->handler->scheme;
+
+ if(!Curl_clone_primary_ssl_config(ssl_config, &store->ssl_config)) {
+ store->sessionid = NULL; /* let caller free sessionid */
+ free(clone_host);
+ free(clone_conn_to_host);
+ return CURLE_OUT_OF_MEMORY;
+ }
+
+ return CURLE_OK;
+}
+
+
+void Curl_ssl_close_all(struct Curl_easy *data)
+{
+ size_t i;
+ /* kill the session ID cache if not shared */
+ if(data->state.session && !SSLSESSION_SHARED(data)) {
+ for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++)
+ /* the single-killer function handles empty table slots */
+ Curl_ssl_kill_session(&data->state.session[i]);
+
+ /* free the cache data */
+ Curl_safefree(data->state.session);
+ }
+
+ Curl_ssl->close_all(data);
+}
+
+#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
+ defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS) || \
+ defined(USE_MBEDTLS)
+int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks,
+ int numsocks)
+{
+ struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
+
+ if(!numsocks)
+ return GETSOCK_BLANK;
+
+ if(connssl->connecting_state == ssl_connect_2_writing) {
+ /* write mode */
+ socks[0] = conn->sock[FIRSTSOCKET];
+ return GETSOCK_WRITESOCK(0);
+ }
+ if(connssl->connecting_state == ssl_connect_2_reading) {
+ /* read mode */
+ socks[0] = conn->sock[FIRSTSOCKET];
+ return GETSOCK_READSOCK(0);
+ }
+
+ return GETSOCK_BLANK;
+}
+#else
+int Curl_ssl_getsock(struct connectdata *conn,
+ curl_socket_t *socks,
+ int numsocks)
+{
+ (void)conn;
+ (void)socks;
+ (void)numsocks;
+ return GETSOCK_BLANK;
+}
+/* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL || USE_DARWINSSL || USE_NSS */
+#endif
+
+void Curl_ssl_close(struct connectdata *conn, int sockindex)
+{
+ DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
+ Curl_ssl->close_one(conn, sockindex);
+}
+
+CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
+{
+ if(Curl_ssl->shutdown(conn, sockindex))
+ return CURLE_SSL_SHUTDOWN_FAILED;
+
+ conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
+ conn->ssl[sockindex].state = ssl_connection_none;
+
+ conn->recv[sockindex] = Curl_recv_plain;
+ conn->send[sockindex] = Curl_send_plain;
+
+ return CURLE_OK;
+}
+
+/* Selects an SSL crypto engine
+ */
+CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine)
+{
+ return Curl_ssl->set_engine(data, engine);
+}
+
+/* Selects the default SSL crypto engine
+ */
+CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data)
+{
+ return Curl_ssl->set_engine_default(data);
+}
+
+/* Return list of OpenSSL crypto engine names. */
+struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data)
+{
+ return Curl_ssl->engines_list(data);
+}
+
+/*
+ * This sets up a session ID cache to the specified size. Make sure this code
+ * is agnostic to what underlying SSL technology we use.
+ */
+CURLcode Curl_ssl_initsessions(struct Curl_easy *data, size_t amount)
+{
+ struct curl_ssl_session *session;
+
+ if(data->state.session)
+ /* this is just a precaution to prevent multiple inits */
+ return CURLE_OK;
+
+ session = calloc(amount, sizeof(struct curl_ssl_session));
+ if(!session)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* store the info in the SSL section */
+ data->set.general_ssl.max_ssl_sessions = amount;
+ data->state.session = session;
+ data->state.sessionage = 1; /* this is brand new */
+ return CURLE_OK;
+}
+
+static size_t Curl_multissl_version(char *buffer, size_t size);
+
+size_t Curl_ssl_version(char *buffer, size_t size)
+{
+#ifdef CURL_WITH_MULTI_SSL
+ return Curl_multissl_version(buffer, size);
+#else
+ return Curl_ssl->version(buffer, size);
+#endif
+}
+
+/*
+ * This function tries to determine connection status.
+ *
+ * Return codes:
+ * 1 means the connection is still in place
+ * 0 means the connection has been closed
+ * -1 means the connection status is unknown
+ */
+int Curl_ssl_check_cxn(struct connectdata *conn)
+{
+ return Curl_ssl->check_cxn(conn);
+}
+
+bool Curl_ssl_data_pending(const struct connectdata *conn,
+ int connindex)
+{
+ return Curl_ssl->data_pending(conn, connindex);
+}
+
+void Curl_ssl_free_certinfo(struct Curl_easy *data)
+{
+ int i;
+ struct curl_certinfo *ci = &data->info.certs;
+
+ if(ci->num_of_certs) {
+ /* free all individual lists used */
+ for(i = 0; i<ci->num_of_certs; i++) {
+ curl_slist_free_all(ci->certinfo[i]);
+ ci->certinfo[i] = NULL;
+ }
+
+ free(ci->certinfo); /* free the actual array too */
+ ci->certinfo = NULL;
+ ci->num_of_certs = 0;
+ }
+}
+
+CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num)
+{
+ struct curl_certinfo *ci = &data->info.certs;
+ struct curl_slist **table;
+
+ /* Free any previous certificate information structures */
+ Curl_ssl_free_certinfo(data);
+
+ /* Allocate the required certificate information structures */
+ table = calloc((size_t) num, sizeof(struct curl_slist *));
+ if(!table)
+ return CURLE_OUT_OF_MEMORY;
+
+ ci->num_of_certs = num;
+ ci->certinfo = table;
+
+ return CURLE_OK;
+}
+
+/*
+ * 'value' is NOT a zero terminated string
+ */
+CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data,
+ int certnum,
+ const char *label,
+ const char *value,
+ size_t valuelen)
+{
+ struct curl_certinfo *ci = &data->info.certs;
+ char *output;
+ struct curl_slist *nl;
+ CURLcode result = CURLE_OK;
+ size_t labellen = strlen(label);
+ size_t outlen = labellen + 1 + valuelen + 1; /* label:value\0 */
+
+ output = malloc(outlen);
+ if(!output)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* sprintf the label and colon */
+ snprintf(output, outlen, "%s:", label);
+
+ /* memcpy the value (it might not be zero terminated) */
+ memcpy(&output[labellen + 1], value, valuelen);
+
+ /* zero terminate the output */
+ output[labellen + 1 + valuelen] = 0;
+
+ nl = Curl_slist_append_nodup(ci->certinfo[certnum], output);
+ if(!nl) {
+ free(output);
+ curl_slist_free_all(ci->certinfo[certnum]);
+ result = CURLE_OUT_OF_MEMORY;
+ }
+
+ ci->certinfo[certnum] = nl;
+ return result;
+}
+
+/*
+ * This is a convenience function for push_certinfo_len that takes a zero
+ * terminated value.
+ */
+CURLcode Curl_ssl_push_certinfo(struct Curl_easy *data,
+ int certnum,
+ const char *label,
+ const char *value)
+{
+ size_t valuelen = strlen(value);
+
+ return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
+}
+
+CURLcode Curl_ssl_random(struct Curl_easy *data,
+ unsigned char *entropy,
+ size_t length)
+{
+ return Curl_ssl->random(data, entropy, length);
+}
+
+/*
+ * Public key pem to der conversion
+ */
+
+static CURLcode pubkey_pem_to_der(const char *pem,
+ unsigned char **der, size_t *der_len)
+{
+ char *stripped_pem, *begin_pos, *end_pos;
+ size_t pem_count, stripped_pem_count = 0, pem_len;
+ CURLcode result;
+
+ /* if no pem, exit. */
+ if(!pem)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ begin_pos = strstr(pem, "-----BEGIN PUBLIC KEY-----");
+ if(!begin_pos)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ pem_count = begin_pos - pem;
+ /* Invalid if not at beginning AND not directly following \n */
+ if(0 != pem_count && '\n' != pem[pem_count - 1])
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ /* 26 is length of "-----BEGIN PUBLIC KEY-----" */
+ pem_count += 26;
+
+ /* Invalid if not directly following \n */
+ end_pos = strstr(pem + pem_count, "\n-----END PUBLIC KEY-----");
+ if(!end_pos)
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ pem_len = end_pos - pem;
+
+ stripped_pem = malloc(pem_len - pem_count + 1);
+ if(!stripped_pem)
+ return CURLE_OUT_OF_MEMORY;
+
+ /*
+ * Here we loop through the pem array one character at a time between the
+ * correct indices, and place each character that is not '\n' or '\r'
+ * into the stripped_pem array, which should represent the raw base64 string
+ */
+ while(pem_count < pem_len) {
+ if('\n' != pem[pem_count] && '\r' != pem[pem_count])
+ stripped_pem[stripped_pem_count++] = pem[pem_count];
+ ++pem_count;
+ }
+ /* Place the null terminator in the correct place */
+ stripped_pem[stripped_pem_count] = '\0';
+
+ result = Curl_base64_decode(stripped_pem, der, der_len);
+
+ Curl_safefree(stripped_pem);
+
+ return result;
+}
+
+/*
+ * Generic pinned public key check.
+ */
+
+CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
+ const char *pinnedpubkey,
+ const unsigned char *pubkey, size_t pubkeylen)
+{
+ FILE *fp;
+ unsigned char *buf = NULL, *pem_ptr = NULL;
+ long filesize;
+ size_t size, pem_len;
+ CURLcode pem_read;
+ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
+ CURLcode encode;
+ size_t encodedlen, pinkeylen;
+ char *encoded, *pinkeycopy, *begin_pos, *end_pos;
+ unsigned char *sha256sumdigest = NULL;
+
+ /* if a path wasn't specified, don't pin */
+ if(!pinnedpubkey)
+ return CURLE_OK;
+ if(!pubkey || !pubkeylen)
+ return result;
+
+ /* only do this if pinnedpubkey starts with "sha256//", length 8 */
+ if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
+ if(!Curl_ssl->sha256sum) {
+ /* without sha256 support, this cannot match */
+ return result;
+ }
+
+ /* compute sha256sum of public key */
+ sha256sumdigest = malloc(CURL_SHA256_DIGEST_LENGTH);
+ if(!sha256sumdigest)
+ return CURLE_OUT_OF_MEMORY;
+ Curl_ssl->sha256sum(pubkey, pubkeylen,
+ sha256sumdigest, CURL_SHA256_DIGEST_LENGTH);
+ encode = Curl_base64_encode(data, (char *)sha256sumdigest,
+ CURL_SHA256_DIGEST_LENGTH, &encoded,
+ &encodedlen);
+ Curl_safefree(sha256sumdigest);
+
+ if(encode)
+ return encode;
+
+ infof(data, "\t public key hash: sha256//%s\n", encoded);
+
+ /* it starts with sha256//, copy so we can modify it */
+ pinkeylen = strlen(pinnedpubkey) + 1;
+ pinkeycopy = malloc(pinkeylen);
+ if(!pinkeycopy) {
+ Curl_safefree(encoded);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ memcpy(pinkeycopy, pinnedpubkey, pinkeylen);
+ /* point begin_pos to the copy, and start extracting keys */
+ begin_pos = pinkeycopy;
+ do {
+ end_pos = strstr(begin_pos, ";sha256//");
+ /*
+ * if there is an end_pos, null terminate,
+ * otherwise it'll go to the end of the original string
+ */
+ if(end_pos)
+ end_pos[0] = '\0';
+
+ /* compare base64 sha256 digests, 8 is the length of "sha256//" */
+ if(encodedlen == strlen(begin_pos + 8) &&
+ !memcmp(encoded, begin_pos + 8, encodedlen)) {
+ result = CURLE_OK;
+ break;
+ }
+
+ /*
+ * change back the null-terminator we changed earlier,
+ * and look for next begin
+ */
+ if(end_pos) {
+ end_pos[0] = ';';
+ begin_pos = strstr(end_pos, "sha256//");
+ }
+ } while(end_pos && begin_pos);
+ Curl_safefree(encoded);
+ Curl_safefree(pinkeycopy);
+ return result;
+ }
+
+ fp = fopen(pinnedpubkey, "rb");
+ if(!fp)
+ return result;
+
+ do {
+ /* Determine the file's size */
+ if(fseek(fp, 0, SEEK_END))
+ break;
+ filesize = ftell(fp);
+ if(fseek(fp, 0, SEEK_SET))
+ break;
+ if(filesize < 0 || filesize > MAX_PINNED_PUBKEY_SIZE)
+ break;
+
+ /*
+ * if the size of our certificate is bigger than the file
+ * size then it can't match
+ */
+ size = curlx_sotouz((curl_off_t) filesize);
+ if(pubkeylen > size)
+ break;
+
+ /*
+ * Allocate buffer for the pinned key
+ * With 1 additional byte for null terminator in case of PEM key
+ */
+ buf = malloc(size + 1);
+ if(!buf)
+ break;
+
+ /* Returns number of elements read, which should be 1 */
+ if((int) fread(buf, size, 1, fp) != 1)
+ break;
+
+ /* If the sizes are the same, it can't be base64 encoded, must be der */
+ if(pubkeylen == size) {
+ if(!memcmp(pubkey, buf, pubkeylen))
+ result = CURLE_OK;
+ break;
+ }
+
+ /*
+ * Otherwise we will assume it's PEM and try to decode it
+ * after placing null terminator
+ */
+ buf[size] = '\0';
+ pem_read = pubkey_pem_to_der((const char *)buf, &pem_ptr, &pem_len);
+ /* if it wasn't read successfully, exit */
+ if(pem_read)
+ break;
+
+ /*
+ * if the size of our certificate doesn't match the size of
+ * the decoded file, they can't be the same, otherwise compare
+ */
+ if(pubkeylen == pem_len && !memcmp(pubkey, pem_ptr, pubkeylen))
+ result = CURLE_OK;
+ } while(0);
+
+ Curl_safefree(buf);
+ Curl_safefree(pem_ptr);
+ fclose(fp);
+
+ return result;
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+CURLcode Curl_ssl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len)
+{
+ return Curl_ssl->md5sum(tmp, tmplen, md5sum, md5len);
+}
+#endif
+
+/*
+ * Check whether the SSL backend supports the status_request extension.
+ */
+bool Curl_ssl_cert_status_request(void)
+{
+ return Curl_ssl->cert_status_request();
+}
+
+/*
+ * Check whether the SSL backend supports false start.
+ */
+bool Curl_ssl_false_start(void)
+{
+ return Curl_ssl->false_start();
+}
+
+/*
+ * Default implementations for unsupported functions.
+ */
+
+int Curl_none_init(void)
+{
+ return 1;
+}
+
+void Curl_none_cleanup(void)
+{ }
+
+int Curl_none_shutdown(struct connectdata *conn UNUSED_PARAM,
+ int sockindex UNUSED_PARAM)
+{
+ (void)conn;
+ (void)sockindex;
+ return 0;
+}
+
+int Curl_none_check_cxn(struct connectdata *conn UNUSED_PARAM)
+{
+ (void)conn;
+ return -1;
+}
+
+CURLcode Curl_none_random(struct Curl_easy *data UNUSED_PARAM,
+ unsigned char *entropy UNUSED_PARAM,
+ size_t length UNUSED_PARAM)
+{
+ (void)data;
+ (void)entropy;
+ (void)length;
+ return CURLE_NOT_BUILT_IN;
+}
+
+void Curl_none_close_all(struct Curl_easy *data UNUSED_PARAM)
+{
+ (void)data;
+}
+
+void Curl_none_session_free(void *ptr UNUSED_PARAM)
+{
+ (void)ptr;
+}
+
+bool Curl_none_data_pending(const struct connectdata *conn UNUSED_PARAM,
+ int connindex UNUSED_PARAM)
+{
+ (void)conn;
+ (void)connindex;
+ return 0;
+}
+
+bool Curl_none_cert_status_request(void)
+{
+ return FALSE;
+}
+
+CURLcode Curl_none_set_engine(struct Curl_easy *data UNUSED_PARAM,
+ const char *engine UNUSED_PARAM)
+{
+ (void)data;
+ (void)engine;
+ return CURLE_NOT_BUILT_IN;
+}
+
+CURLcode Curl_none_set_engine_default(struct Curl_easy *data UNUSED_PARAM)
+{
+ (void)data;
+ return CURLE_NOT_BUILT_IN;
+}
+
+struct curl_slist *Curl_none_engines_list(struct Curl_easy *data UNUSED_PARAM)
+{
+ (void)data;
+ return (struct curl_slist *)NULL;
+}
+
+bool Curl_none_false_start(void)
+{
+ return FALSE;
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
+ unsigned char *md5sum, size_t md5len UNUSED_PARAM)
+{
+ MD5_context *MD5pw;
+
+ (void)md5len;
+
+ MD5pw = Curl_MD5_init(Curl_DIGEST_MD5);
+ if(!MD5pw)
+ return CURLE_OUT_OF_MEMORY;
+ Curl_MD5_update(MD5pw, input, curlx_uztoui(inputlen));
+ Curl_MD5_final(MD5pw, md5sum);
+ return CURLE_OK;
+}
+#else
+CURLcode Curl_none_md5sum(unsigned char *input UNUSED_PARAM,
+ size_t inputlen UNUSED_PARAM,
+ unsigned char *md5sum UNUSED_PARAM,
+ size_t md5len UNUSED_PARAM)
+{
+ (void)input;
+ (void)inputlen;
+ (void)md5sum;
+ (void)md5len;
+ return CURLE_NOT_BUILT_IN;
+}
+#endif
+
+static int Curl_multissl_init(void)
+{
+ if(multissl_init(NULL))
+ return 1;
+ return Curl_ssl->init();
+}
+
+static CURLcode Curl_multissl_connect(struct connectdata *conn, int sockindex)
+{
+ if(multissl_init(NULL))
+ return CURLE_FAILED_INIT;
+ return Curl_ssl->connect(conn, sockindex);
+}
+
+static CURLcode Curl_multissl_connect_nonblocking(struct connectdata *conn,
+ int sockindex, bool *done)
+{
+ if(multissl_init(NULL))
+ return CURLE_FAILED_INIT;
+ return Curl_ssl->connect_nonblocking(conn, sockindex, done);
+}
+
+static void *Curl_multissl_get_internals(struct ssl_connect_data *connssl,
+ CURLINFO info)
+{
+ if(multissl_init(NULL))
+ return NULL;
+ return Curl_ssl->get_internals(connssl, info);
+}
+
+static void Curl_multissl_close(struct connectdata *conn, int sockindex)
+{
+ if(multissl_init(NULL))
+ return;
+ Curl_ssl->close_one(conn, sockindex);
+}
+
+static const struct Curl_ssl Curl_ssl_multi = {
+ { CURLSSLBACKEND_NONE, "multi" }, /* info */
+
+ 0, /* have_ca_path */
+ 0, /* have_certinfo */
+ 0, /* have_pinnedpubkey */
+ 0, /* have_ssl_ctx */
+ 0, /* support_https_proxy */
+
+ (size_t)-1, /* something insanely large to be on the safe side */
+
+ Curl_multissl_init, /* init */
+ Curl_none_cleanup, /* cleanup */
+ Curl_multissl_version, /* version */
+ Curl_none_check_cxn, /* check_cxn */
+ Curl_none_shutdown, /* shutdown */
+ Curl_none_data_pending, /* data_pending */
+ Curl_none_random, /* random */
+ Curl_none_cert_status_request, /* cert_status_request */
+ Curl_multissl_connect, /* connect */
+ Curl_multissl_connect_nonblocking, /* connect_nonblocking */
+ Curl_multissl_get_internals, /* get_internals */
+ Curl_multissl_close, /* close_one */
+ Curl_none_close_all, /* close_all */
+ Curl_none_session_free, /* session_free */
+ Curl_none_set_engine, /* set_engine */
+ Curl_none_set_engine_default, /* set_engine_default */
+ Curl_none_engines_list, /* engines_list */
+ Curl_none_false_start, /* false_start */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
+};
+
+const struct Curl_ssl *Curl_ssl =
+#if defined(CURL_WITH_MULTI_SSL)
+ &Curl_ssl_multi;
+#elif defined(USE_AXTLS)
+ &Curl_ssl_axtls;
+#elif defined(USE_CYASSL)
+ &Curl_ssl_cyassl;
+#elif defined(USE_DARWINSSL)
+ &Curl_ssl_darwinssl;
+#elif defined(USE_GNUTLS)
+ &Curl_ssl_gnutls;
+#elif defined(USE_GSKIT)
+ &Curl_ssl_gskit;
+#elif defined(USE_MBEDTLS)
+ &Curl_ssl_mbedtls;
+#elif defined(USE_NSS)
+ &Curl_ssl_nss;
+#elif defined(USE_OPENSSL)
+ &Curl_ssl_openssl;
+#elif defined(USE_POLARSSL)
+ &Curl_ssl_polarssl;
+#elif defined(USE_SCHANNEL)
+ &Curl_ssl_schannel;
+#else
+#error "Missing struct Curl_ssl for selected SSL backend"
+#endif
+
+static const struct Curl_ssl *available_backends[] = {
+#if defined(USE_AXTLS)
+ &Curl_ssl_axtls,
+#endif
+#if defined(USE_CYASSL)
+ &Curl_ssl_cyassl,
+#endif
+#if defined(USE_DARWINSSL)
+ &Curl_ssl_darwinssl,
+#endif
+#if defined(USE_GNUTLS)
+ &Curl_ssl_gnutls,
+#endif
+#if defined(USE_GSKIT)
+ &Curl_ssl_gskit,
+#endif
+#if defined(USE_MBEDTLS)
+ &Curl_ssl_mbedtls,
+#endif
+#if defined(USE_NSS)
+ &Curl_ssl_nss,
+#endif
+#if defined(USE_OPENSSL)
+ &Curl_ssl_openssl,
+#endif
+#if defined(USE_POLARSSL)
+ &Curl_ssl_polarssl,
+#endif
+#if defined(USE_SCHANNEL)
+ &Curl_ssl_schannel,
+#endif
+ NULL
+};
+
+static size_t Curl_multissl_version(char *buffer, size_t size)
+{
+ static const struct Curl_ssl *selected;
+ static char backends[200];
+ static size_t total;
+ const struct Curl_ssl *current;
+
+ current = Curl_ssl == &Curl_ssl_multi ? available_backends[0] : Curl_ssl;
+
+ if(current != selected) {
+ char *p = backends;
+ int i;
+
+ selected = current;
+
+ for(i = 0; available_backends[i]; i++) {
+ if(i)
+ *(p++) = ' ';
+ if(selected != available_backends[i])
+ *(p++) = '(';
+ p += available_backends[i]->version(p, backends + sizeof(backends) - p);
+ if(selected != available_backends[i])
+ *(p++) = ')';
+ }
+ *p = '\0';
+ total = p - backends;
+ }
+
+ if(size < total)
+ memcpy(buffer, backends, total + 1);
+ else {
+ memcpy(buffer, backends, size - 1);
+ buffer[size - 1] = '\0';
+ }
+
+ return total;
+}
+
+static int multissl_init(const struct Curl_ssl *backend)
+{
+ const char *env;
+ int i;
+
+ if(Curl_ssl != &Curl_ssl_multi)
+ return 1;
+
+ if(backend) {
+ Curl_ssl = backend;
+ return 0;
+ }
+
+ if(!available_backends[0])
+ return 1;
+
+ env = getenv("CURL_SSL_BACKEND");
+#ifdef CURL_DEFAULT_SSL_BACKEND
+ if(!env)
+ env = CURL_DEFAULT_SSL_BACKEND;
+#endif
+ if(env) {
+ for(i = 0; available_backends[i]; i++) {
+ if(strcasecompare(env, available_backends[i]->info.name)) {
+ Curl_ssl = available_backends[i];
+ return 0;
+ }
+ }
+ }
+
+ /* Fall back to first available backend */
+ Curl_ssl = available_backends[0];
+ return 0;
+}
+
+CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
+ const curl_ssl_backend ***avail)
+{
+ int i;
+
+ if(Curl_ssl != &Curl_ssl_multi)
+ return id == Curl_ssl->info.id ? CURLSSLSET_OK : CURLSSLSET_TOO_LATE;
+
+ for(i = 0; available_backends[i]; i++) {
+ if(available_backends[i]->info.id == id ||
+ (name && strcasecompare(available_backends[i]->info.name, name))) {
+ multissl_init(available_backends[i]);
+ return CURLSSLSET_OK;
+ }
+ }
+
+ if(avail)
+ *avail = (const curl_ssl_backend **)&available_backends;
+ return CURLSSLSET_UNKNOWN_BACKEND;
+}
+
+#else /* USE_SSL */
+CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
+ const curl_ssl_backend ***avail)
+{
+ (void)id;
+ (void)name;
+ (void)avail;
+ return CURLSSLSET_NO_BACKENDS;
+}
+
+#endif /* !USE_SSL */
diff --git a/libs/libcurl/src/vtls/vtls.h b/libs/libcurl/src/vtls/vtls.h
new file mode 100644
index 0000000000..c5f9d4a3fa
--- /dev/null
+++ b/libs/libcurl/src/vtls/vtls.h
@@ -0,0 +1,274 @@
+#ifndef HEADER_CURL_VTLS_H
+#define HEADER_CURL_VTLS_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+struct connectdata;
+struct ssl_connect_data;
+
+struct Curl_ssl {
+ /*
+ * This *must* be the first entry to allow returning the list of available
+ * backends in curl_global_sslset().
+ */
+ curl_ssl_backend info;
+
+ unsigned have_ca_path:1; /* supports CAPATH */
+ unsigned have_certinfo:1; /* supports CURLOPT_CERTINFO */
+ unsigned have_pinnedpubkey:1; /* supports CURLOPT_PINNEDPUBLICKEY */
+ unsigned have_ssl_ctx:1; /* supports CURLOPT_SSL_CTX_* */
+
+ unsigned support_https_proxy:1; /* supports access via HTTPS proxies */
+
+ size_t sizeof_ssl_backend_data;
+
+ int (*init)(void);
+ void (*cleanup)(void);
+
+ size_t (*version)(char *buffer, size_t size);
+ int (*check_cxn)(struct connectdata *cxn);
+ int (*shutdown)(struct connectdata *conn, int sockindex);
+ bool (*data_pending)(const struct connectdata *conn,
+ int connindex);
+
+ /* return 0 if a find random is filled in */
+ CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
+ size_t length);
+ bool (*cert_status_request)(void);
+
+ CURLcode (*connect)(struct connectdata *conn, int sockindex);
+ CURLcode (*connect_nonblocking)(struct connectdata *conn, int sockindex,
+ bool *done);
+ void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info);
+ void (*close_one)(struct connectdata *conn, int sockindex);
+ void (*close_all)(struct Curl_easy *data);
+ void (*session_free)(void *ptr);
+
+ CURLcode (*set_engine)(struct Curl_easy *data, const char *engine);
+ CURLcode (*set_engine_default)(struct Curl_easy *data);
+ struct curl_slist *(*engines_list)(struct Curl_easy *data);
+
+ bool (*false_start)(void);
+
+ CURLcode (*md5sum)(unsigned char *input, size_t inputlen,
+ unsigned char *md5sum, size_t md5sumlen);
+ void (*sha256sum)(const unsigned char *input, size_t inputlen,
+ unsigned char *sha256sum, size_t sha256sumlen);
+};
+
+#ifdef USE_SSL
+extern const struct Curl_ssl *Curl_ssl;
+#endif
+
+int Curl_none_init(void);
+void Curl_none_cleanup(void);
+int Curl_none_shutdown(struct connectdata *conn, int sockindex);
+int Curl_none_check_cxn(struct connectdata *conn);
+CURLcode Curl_none_random(struct Curl_easy *data, unsigned char *entropy,
+ size_t length);
+void Curl_none_close_all(struct Curl_easy *data);
+void Curl_none_session_free(void *ptr);
+bool Curl_none_data_pending(const struct connectdata *conn, int connindex);
+bool Curl_none_cert_status_request(void);
+CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine);
+CURLcode Curl_none_set_engine_default(struct Curl_easy *data);
+struct curl_slist *Curl_none_engines_list(struct Curl_easy *data);
+bool Curl_none_false_start(void);
+CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen,
+ unsigned char *md5sum, size_t md5len);
+
+#include "openssl.h" /* OpenSSL versions */
+#include "gtls.h" /* GnuTLS versions */
+#include "nssg.h" /* NSS versions */
+#include "gskit.h" /* Global Secure ToolKit versions */
+#include "polarssl.h" /* PolarSSL versions */
+#include "axtls.h" /* axTLS versions */
+#include "cyassl.h" /* CyaSSL versions */
+#include "schannel.h" /* Schannel SSPI version */
+#include "darwinssl.h" /* SecureTransport (Darwin) version */
+#include "mbedtls.h" /* mbedTLS versions */
+
+#ifndef MAX_PINNED_PUBKEY_SIZE
+#define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */
+#endif
+
+#ifndef MD5_DIGEST_LENGTH
+#define MD5_DIGEST_LENGTH 16 /* fixed size */
+#endif
+
+#ifndef CURL_SHA256_DIGEST_LENGTH
+#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
+#endif
+
+/* see https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 */
+#define ALPN_HTTP_1_1_LENGTH 8
+#define ALPN_HTTP_1_1 "http/1.1"
+
+/* set of helper macros for the backends to access the correct fields. For the
+ proxy or for the remote host - to properly support HTTPS proxy */
+
+#define SSL_IS_PROXY() (CURLPROXY_HTTPS == conn->http_proxy.proxytype && \
+ ssl_connection_complete != conn->proxy_ssl[conn->sock[SECONDARYSOCKET] == \
+ CURL_SOCKET_BAD ? FIRSTSOCKET : SECONDARYSOCKET].state)
+#define SSL_SET_OPTION(var) (SSL_IS_PROXY() ? data->set.proxy_ssl.var : \
+ data->set.ssl.var)
+#define SSL_CONN_CONFIG(var) (SSL_IS_PROXY() ? \
+ conn->proxy_ssl_config.var : conn->ssl_config.var)
+
+bool Curl_ssl_config_matches(struct ssl_primary_config* data,
+ struct ssl_primary_config* needle);
+bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
+ struct ssl_primary_config *dest);
+void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc);
+int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks,
+ int numsocks);
+
+int Curl_ssl_backend(void);
+
+#ifdef USE_SSL
+int Curl_ssl_init(void);
+void Curl_ssl_cleanup(void);
+CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
+CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
+ int sockindex,
+ bool *done);
+/* tell the SSL stuff to close down all open information regarding
+ connections (and thus session ID caching etc) */
+void Curl_ssl_close_all(struct Curl_easy *data);
+void Curl_ssl_close(struct connectdata *conn, int sockindex);
+CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
+CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine);
+/* Sets engine as default for all SSL operations */
+CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data);
+struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data);
+
+/* init the SSL session ID cache */
+CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t);
+size_t Curl_ssl_version(char *buffer, size_t size);
+bool Curl_ssl_data_pending(const struct connectdata *conn,
+ int connindex);
+int Curl_ssl_check_cxn(struct connectdata *conn);
+
+/* Certificate information list handling. */
+
+void Curl_ssl_free_certinfo(struct Curl_easy *data);
+CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num);
+CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, int certnum,
+ const char *label, const char *value,
+ size_t valuelen);
+CURLcode Curl_ssl_push_certinfo(struct Curl_easy *data, int certnum,
+ const char *label, const char *value);
+
+/* Functions to be used by SSL library adaptation functions */
+
+/* Lock session cache mutex.
+ * Call this before calling other Curl_ssl_*session* functions
+ * Caller should unlock this mutex as soon as possible, as it may block
+ * other SSL connection from making progress.
+ * The purpose of explicitly locking SSL session cache data is to allow
+ * individual SSL engines to manage session lifetime in their specific way.
+ */
+void Curl_ssl_sessionid_lock(struct connectdata *conn);
+
+/* Unlock session cache mutex */
+void Curl_ssl_sessionid_unlock(struct connectdata *conn);
+
+/* extract a session ID
+ * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
+ * Caller must make sure that the ownership of returned sessionid object
+ * is properly taken (e.g. its refcount is incremented
+ * under sessionid mutex).
+ */
+bool Curl_ssl_getsessionid(struct connectdata *conn,
+ void **ssl_sessionid,
+ size_t *idsize, /* set 0 if unknown */
+ int sockindex);
+/* add a new session ID
+ * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
+ * Caller must ensure that it has properly shared ownership of this sessionid
+ * object with cache (e.g. incrementing refcount on success)
+ */
+CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
+ void *ssl_sessionid,
+ size_t idsize,
+ int sockindex);
+/* Kill a single session ID entry in the cache
+ * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
+ * This will call engine-specific curlssl_session_free function, which must
+ * take sessionid object ownership from sessionid cache
+ * (e.g. decrement refcount).
+ */
+void Curl_ssl_kill_session(struct curl_ssl_session *session);
+/* delete a session from the cache
+ * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
+ * This will call engine-specific curlssl_session_free function, which must
+ * take sessionid object ownership from sessionid cache
+ * (e.g. decrement refcount).
+ */
+void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid);
+
+/* get N random bytes into the buffer */
+CURLcode Curl_ssl_random(struct Curl_easy *data, unsigned char *buffer,
+ size_t length);
+CURLcode Curl_ssl_md5sum(unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *md5sum, /* output */
+ size_t md5len);
+/* Check pinned public key. */
+CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
+ const char *pinnedpubkey,
+ const unsigned char *pubkey, size_t pubkeylen);
+
+bool Curl_ssl_cert_status_request(void);
+
+bool Curl_ssl_false_start(void);
+
+#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
+
+#else
+
+/* When SSL support is not present, just define away these function calls */
+#define Curl_ssl_init() 1
+#define Curl_ssl_cleanup() Curl_nop_stmt
+#define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_close_all(x) Curl_nop_stmt
+#define Curl_ssl_close(x,y) Curl_nop_stmt
+#define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
+#define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
+#define Curl_ssl_engines_list(x) NULL
+#define Curl_ssl_send(a,b,c,d,e) -1
+#define Curl_ssl_recv(a,b,c,d,e) -1
+#define Curl_ssl_initsessions(x,y) CURLE_OK
+#define Curl_ssl_version(x,y) 0
+#define Curl_ssl_data_pending(x,y) 0
+#define Curl_ssl_check_cxn(x) 0
+#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
+#define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN
+#define Curl_ssl_kill_session(x) Curl_nop_stmt
+#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
+#define Curl_ssl_cert_status_request() FALSE
+#define Curl_ssl_false_start() FALSE
+#endif
+
+#endif /* HEADER_CURL_VTLS_H */
diff --git a/libs/libcurl/src/warnless.c b/libs/libcurl/src/warnless.c
index 7a4b01eb6d..05d9038dc3 100644
--- a/libs/libcurl/src/warnless.c
+++ b/libs/libcurl/src/warnless.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -69,36 +69,36 @@
# error "SIZEOF_INT not defined"
#endif
-#if (CURL_SIZEOF_LONG == 2)
+#if (SIZEOF_LONG == 2)
# define CURL_MASK_SLONG 0x7FFFL
# define CURL_MASK_ULONG 0xFFFFUL
-#elif (CURL_SIZEOF_LONG == 4)
+#elif (SIZEOF_LONG == 4)
# define CURL_MASK_SLONG 0x7FFFFFFFL
# define CURL_MASK_ULONG 0xFFFFFFFFUL
-#elif (CURL_SIZEOF_LONG == 8)
+#elif (SIZEOF_LONG == 8)
# define CURL_MASK_SLONG 0x7FFFFFFFFFFFFFFFL
# define CURL_MASK_ULONG 0xFFFFFFFFFFFFFFFFUL
-#elif (CURL_SIZEOF_LONG == 16)
+#elif (SIZEOF_LONG == 16)
# define CURL_MASK_SLONG 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL
# define CURL_MASK_ULONG 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFUL
#else
-# error "CURL_SIZEOF_LONG not defined"
+# error "SIZEOF_LONG not defined"
#endif
-#if (CURL_SIZEOF_CURL_OFF_T == 2)
+#if (SIZEOF_CURL_OFF_T == 2)
# define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFF)
# define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFF)
-#elif (CURL_SIZEOF_CURL_OFF_T == 4)
+#elif (SIZEOF_CURL_OFF_T == 4)
# define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFFFFFF)
# define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFFFFFF)
-#elif (CURL_SIZEOF_CURL_OFF_T == 8)
+#elif (SIZEOF_CURL_OFF_T == 8)
# define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFFFFFFFFFFFFFF)
# define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFFFFFFFFFFFFFF)
-#elif (CURL_SIZEOF_CURL_OFF_T == 16)
+#elif (SIZEOF_CURL_OFF_T == 16)
# define CURL_MASK_SCOFFT CURL_OFF_T_C(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
# define CURL_MASK_UCOFFT CURL_OFF_TU_C(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF)
#else
-# error "CURL_SIZEOF_CURL_OFF_T not defined"
+# error "SIZEOF_CURL_OFF_T not defined"
#endif
#if (SIZEOF_SIZE_T == SIZEOF_SHORT)
@@ -107,10 +107,10 @@
#elif (SIZEOF_SIZE_T == SIZEOF_INT)
# define CURL_MASK_SSIZE_T CURL_MASK_SINT
# define CURL_MASK_USIZE_T CURL_MASK_UINT
-#elif (SIZEOF_SIZE_T == CURL_SIZEOF_LONG)
+#elif (SIZEOF_SIZE_T == SIZEOF_LONG)
# define CURL_MASK_SSIZE_T CURL_MASK_SLONG
# define CURL_MASK_USIZE_T CURL_MASK_ULONG
-#elif (SIZEOF_SIZE_T == CURL_SIZEOF_CURL_OFF_T)
+#elif (SIZEOF_SIZE_T == SIZEOF_CURL_OFF_T)
# define CURL_MASK_SSIZE_T CURL_MASK_SCOFFT
# define CURL_MASK_USIZE_T CURL_MASK_UCOFFT
#else
@@ -175,6 +175,28 @@ int curlx_ultosi(unsigned long ulnum)
}
/*
+** unsigned size_t to signed curl_off_t
+*/
+
+curl_off_t curlx_uztoso(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+# pragma warning(push)
+# pragma warning(disable:810) /* conversion may lose significant bits */
+#elif defined(_MSC_VER)
+# pragma warning(push)
+# pragma warning(disable:4310) /* cast truncates constant value */
+#endif
+
+ DEBUGASSERT(uznum <= (size_t) CURL_MASK_SCOFFT);
+ return (curl_off_t)(uznum & (size_t) CURL_MASK_SCOFFT);
+
+#if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+# pragma warning(pop)
+#endif
+}
+
+/*
** unsigned size_t to signed int
*/
@@ -204,7 +226,7 @@ unsigned long curlx_uztoul(size_t uznum)
# pragma warning(disable:810) /* conversion may lose significant bits */
#endif
-#if (CURL_SIZEOF_LONG < SIZEOF_SIZE_T)
+#if (SIZEOF_LONG < SIZEOF_SIZE_T)
DEBUGASSERT(uznum <= (size_t) CURL_MASK_ULONG);
#endif
return (unsigned long)(uznum & (size_t) CURL_MASK_ULONG);
@@ -247,7 +269,7 @@ int curlx_sltosi(long slnum)
#endif
DEBUGASSERT(slnum >= 0);
-#if (SIZEOF_INT < CURL_SIZEOF_LONG)
+#if (SIZEOF_INT < SIZEOF_LONG)
DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_SINT);
#endif
return (int)(slnum & (long) CURL_MASK_SINT);
@@ -269,7 +291,7 @@ unsigned int curlx_sltoui(long slnum)
#endif
DEBUGASSERT(slnum >= 0);
-#if (SIZEOF_INT < CURL_SIZEOF_LONG)
+#if (SIZEOF_INT < SIZEOF_LONG)
DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_UINT);
#endif
return (unsigned int)(slnum & (long) CURL_MASK_UINT);
@@ -360,6 +382,63 @@ int curlx_sztosi(ssize_t sznum)
}
/*
+** unsigned int to unsigned short
+*/
+
+unsigned short curlx_uitous(unsigned int uinum)
+{
+#ifdef __INTEL_COMPILER
+# pragma warning(push)
+# pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+ DEBUGASSERT(uinum <= (unsigned int) CURL_MASK_USHORT);
+ return (unsigned short) (uinum & (unsigned int) CURL_MASK_USHORT);
+
+#ifdef __INTEL_COMPILER
+# pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned int to unsigned char
+*/
+
+unsigned char curlx_uitouc(unsigned int uinum)
+{
+#ifdef __INTEL_COMPILER
+# pragma warning(push)
+# pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+ DEBUGASSERT(uinum <= (unsigned int) CURL_MASK_UCHAR);
+ return (unsigned char) (uinum & (unsigned int) CURL_MASK_UCHAR);
+
+#ifdef __INTEL_COMPILER
+# pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned int to signed int
+*/
+
+int curlx_uitosi(unsigned int uinum)
+{
+#ifdef __INTEL_COMPILER
+# pragma warning(push)
+# pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+ DEBUGASSERT(uinum <= (unsigned int) CURL_MASK_SINT);
+ return (int) (uinum & (unsigned int) CURL_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+# pragma warning(pop)
+#endif
+}
+
+/*
** signed int to unsigned size_t
*/
@@ -400,6 +479,20 @@ curl_socket_t curlx_sitosk(int i)
#endif /* USE_WINSOCK */
+#if defined(WIN32) || defined(_WIN32)
+
+ssize_t curlx_read(int fd, void *buf, size_t count)
+{
+ return (ssize_t)read(fd, buf, curlx_uztoui(count));
+}
+
+ssize_t curlx_write(int fd, const void *buf, size_t count)
+{
+ return (ssize_t)write(fd, buf, curlx_uztoui(count));
+}
+
+#endif /* WIN32 || _WIN32 */
+
#if defined(__INTEL_COMPILER) && defined(__unix__)
int curlx_FD_ISSET(int fd, fd_set *fdset)
diff --git a/libs/libcurl/src/warnless.h b/libs/libcurl/src/warnless.h
index f22f0bae4f..ab6d29998d 100644
--- a/libs/libcurl/src/warnless.h
+++ b/libs/libcurl/src/warnless.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -34,6 +34,8 @@ int curlx_ultosi(unsigned long ulnum);
int curlx_uztosi(size_t uznum);
+curl_off_t curlx_uztoso(size_t uznum);
+
unsigned long curlx_uztoul(size_t uznum);
unsigned int curlx_uztoui(size_t uznum);
@@ -50,6 +52,12 @@ size_t curlx_sotouz(curl_off_t sonum);
int curlx_sztosi(ssize_t sznum);
+unsigned short curlx_uitous(unsigned int uinum);
+
+unsigned char curlx_uitouc(unsigned int uinum);
+
+int curlx_uitosi(unsigned int uinum);
+
size_t curlx_sitouz(int sinum);
#ifdef USE_WINSOCK
@@ -60,6 +68,21 @@ curl_socket_t curlx_sitosk(int i);
#endif /* USE_WINSOCK */
+#if defined(WIN32) || defined(_WIN32)
+
+ssize_t curlx_read(int fd, void *buf, size_t count);
+
+ssize_t curlx_write(int fd, const void *buf, size_t count);
+
+#ifndef BUILDING_WARNLESS_C
+# undef read
+# define read(fd, buf, count) curlx_read(fd, buf, count)
+# undef write
+# define write(fd, buf, count) curlx_write(fd, buf, count)
+#endif
+
+#endif /* WIN32 || _WIN32 */
+
#if defined(__INTEL_COMPILER) && defined(__unix__)
int curlx_FD_ISSET(int fd, fd_set *fdset);
diff --git a/libs/libcurl/src/wildcard.c b/libs/libcurl/src/wildcard.c
index 7130d5e494..af45c79bd3 100644
--- a/libs/libcurl/src/wildcard.c
+++ b/libs/libcurl/src/wildcard.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,23 +25,16 @@
#include "wildcard.h"
#include "llist.h"
#include "fileinfo.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
CURLcode Curl_wildcard_init(struct WildcardData *wc)
{
- DEBUGASSERT(wc->filelist == NULL);
- /* now allocate only wc->filelist, everything else
- will be allocated if it is needed. */
- wc->filelist = Curl_llist_alloc(Curl_fileinfo_dtor);
- if(!wc->filelist) {;
- return CURLE_OUT_OF_MEMORY;
- }
+ Curl_llist_init(&wc->filelist, Curl_fileinfo_dtor);
+ wc->state = CURLWC_INIT;
+
return CURLE_OK;
}
@@ -57,20 +50,13 @@ void Curl_wildcard_dtor(struct WildcardData *wc)
}
DEBUGASSERT(wc->tmp == NULL);
- if(wc->filelist) {
- Curl_llist_destroy(wc->filelist, NULL);
- wc->filelist = NULL;
- }
+ Curl_llist_destroy(&wc->filelist, NULL);
- if(wc->path) {
- free(wc->path);
- wc->path = NULL;
- }
- if(wc->pattern) {
- free(wc->pattern);
- wc->pattern = NULL;
- }
+ free(wc->path);
+ wc->path = NULL;
+ free(wc->pattern);
+ wc->pattern = NULL;
wc->customptr = NULL;
wc->state = CURLWC_INIT;
diff --git a/libs/libcurl/src/wildcard.h b/libs/libcurl/src/wildcard.h
index 16c80ecbed..8a5e4b769b 100644
--- a/libs/libcurl/src/wildcard.h
+++ b/libs/libcurl/src/wildcard.h
@@ -7,11 +7,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -24,9 +24,12 @@
#include <curl/curl.h>
+#include "llist.h"
+
/* list of wildcard process states */
typedef enum {
- CURLWC_INIT = 0,
+ CURLWC_CLEAR = 0,
+ CURLWC_INIT = 1,
CURLWC_MATCHING, /* library is trying to get list of addresses for
downloading */
CURLWC_DOWNLOADING,
@@ -44,7 +47,7 @@ struct WildcardData {
curl_wildcard_states state;
char *path; /* path to the directory, where we trying wildcard-match */
char *pattern; /* wildcard pattern */
- struct curl_llist *filelist; /* llist with struct Curl_fileinfo */
+ struct curl_llist filelist; /* llist with struct Curl_fileinfo */
void *tmp; /* pointer to protocol specific temporary data */
curl_wildcard_tmp_dtor tmp_dtor;
void *customptr; /* for CURLOPT_CHUNK_DATA pointer */
@@ -53,6 +56,6 @@ struct WildcardData {
CURLcode Curl_wildcard_init(struct WildcardData *wc);
void Curl_wildcard_dtor(struct WildcardData *wc);
-struct SessionHandle;
+struct Curl_easy;
#endif /* HEADER_CURL_WILDCARD_H */
diff --git a/libs/libcurl/src/x509asn1.c b/libs/libcurl/src/x509asn1.c
index 94b89b2be0..bba20233f2 100644
--- a/libs/libcurl/src/x509asn1.c
+++ b/libs/libcurl/src/x509asn1.c
@@ -5,11 +5,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -22,25 +22,27 @@
#include "curl_setup.h"
-#if defined(USE_QSOSSL) || defined(USE_GSKIT)
+#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \
+ defined(USE_CYASSL) || defined(USE_SCHANNEL)
#include <curl/curl.h>
#include "urldata.h"
-#include "strequal.h"
+#include "strcase.h"
#include "hostcheck.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
#include "sendf.h"
#include "inet_pton.h"
#include "curl_base64.h"
#include "x509asn1.h"
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+/* The last 3 #include files should be in this order */
+#include "curl_printf.h"
#include "curl_memory.h"
-/* The last #include file should be: */
#include "memdebug.h"
+/* For overflow checks. */
+#define CURL_SIZE_T_MAX ((size_t)-1)
+
/* ASN.1 OIDs. */
static const char cnOID[] = "2.5.4.3"; /* Common name. */
@@ -106,8 +108,8 @@ static const curl_OID OIDtable[] = {
*/
-const char * Curl_getASN1Element(curl_asn1Element * elem,
- const char * beg, const char * end)
+const char *Curl_getASN1Element(curl_asn1Element *elem,
+ const char *beg, const char *end)
{
unsigned char b;
unsigned long len;
@@ -117,11 +119,12 @@ const char * Curl_getASN1Element(curl_asn1Element * elem,
ending at `end'.
Returns a pointer in source string after the parsed element, or NULL
if an error occurs. */
-
- if(beg >= end || !*beg)
+ if(!beg || !end || beg >= end || !*beg ||
+ (size_t)(end - beg) > CURL_ASN1_MAX)
return (const char *) NULL;
/* Process header byte. */
+ elem->header = beg;
b = (unsigned char) *beg++;
elem->constructed = (b & 0x20) != 0;
elem->class = (b >> 6) & 3;
@@ -152,7 +155,7 @@ const char * Curl_getASN1Element(curl_asn1Element * elem,
elem->end = beg;
return beg + 1;
}
- else if(beg + b > end)
+ else if((unsigned)b > (size_t)(end - beg))
return (const char *) NULL; /* Does not fit in source. */
else {
/* Get long length. */
@@ -163,28 +166,28 @@ const char * Curl_getASN1Element(curl_asn1Element * elem,
len = (len << 8) | (unsigned char) *beg++;
} while(--b);
}
- if((unsigned long) (end - beg) < len)
+ if(len > (size_t)(end - beg))
return (const char *) NULL; /* Element data does not fit in source. */
elem->beg = beg;
elem->end = beg + len;
return elem->end;
}
-static const curl_OID * searchOID(const char * oid)
+static const curl_OID * searchOID(const char *oid)
{
- const curl_OID * op;
+ const curl_OID *op;
/* Search the null terminated OID or OID identifier in local table.
Return the table entry pointer or NULL if not found. */
for(op = OIDtable; op->numoid; op++)
- if(!strcmp(op->numoid, oid) || curl_strequal(op->textoid, oid))
+ if(!strcmp(op->numoid, oid) || strcasecompare(op->textoid, oid))
return op;
return (const curl_OID *) NULL;
}
-static const char * bool2str(const char * beg, const char * end)
+static const char *bool2str(const char *beg, const char *end)
{
/* Convert an ASN.1 Boolean value into its string representation.
Return the dynamically allocated string, or NULL if source is not an
@@ -195,23 +198,24 @@ static const char * bool2str(const char * beg, const char * end)
return strdup(*beg? "TRUE": "FALSE");
}
-static const char * octet2str(const char * beg, const char * end)
+static const char *octet2str(const char *beg, const char *end)
{
size_t n = end - beg;
- char * buf;
+ char *buf = NULL;
/* Convert an ASN.1 octet string to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
- buf = malloc(3 * n + 1);
- if(buf)
- for(n = 0; beg < end; n += 3)
- snprintf(buf + n, 4, "%02x:", *(const unsigned char *) beg++);
+ if(n <= (CURL_SIZE_T_MAX - 1) / 3) {
+ buf = malloc(3 * n + 1);
+ if(buf)
+ for(n = 0; beg < end; n += 3)
+ snprintf(buf + n, 4, "%02x:", *(const unsigned char *) beg++);
+ }
return buf;
}
-static const char * bit2str(const char * beg, const char * end)
-
+static const char *bit2str(const char *beg, const char *end)
{
/* Convert an ASN.1 bit string to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
@@ -221,7 +225,7 @@ static const char * bit2str(const char * beg, const char * end)
return octet2str(beg, end);
}
-static const char * int2str(const char * beg, const char * end)
+static const char *int2str(const char *beg, const char *end)
{
long val = 0;
size_t n = end - beg;
@@ -247,14 +251,14 @@ static const char * int2str(const char * beg, const char * end)
}
static ssize_t
-utf8asn1str(char * * to, int type, const char * from, const char * end)
+utf8asn1str(char **to, int type, const char *from, const char *end)
{
size_t inlength = end - from;
int size = 1;
size_t outlength;
- int chsize;
+ int charsize;
unsigned int wc;
- char * buf;
+ char *buf;
/* Perform a lazy conversion from an ASN.1 typed string to UTF8. Allocate the
destination buffer dynamically. The allocation size will normally be too
@@ -263,7 +267,7 @@ utf8asn1str(char * * to, int type, const char * from, const char * end)
string length. */
*to = (char *) NULL;
- switch (type) {
+ switch(type) {
case CURL_ASN1_BMP_STRING:
size = 2;
break;
@@ -283,6 +287,8 @@ utf8asn1str(char * * to, int type, const char * from, const char * end)
if(inlength % size)
return -1; /* Length inconsistent with character size. */
+ if(inlength / size > (CURL_SIZE_T_MAX - 1) / 4)
+ return -1; /* Too big. */
buf = malloc(4 * (inlength / size) + 1);
if(!buf)
return -1; /* Not enough memory. */
@@ -296,16 +302,18 @@ utf8asn1str(char * * to, int type, const char * from, const char * end)
else {
for(outlength = 0; from < end;) {
wc = 0;
- switch (size) {
+ switch(size) {
case 4:
wc = (wc << 8) | *(const unsigned char *) from++;
wc = (wc << 8) | *(const unsigned char *) from++;
+ /* fallthrough */
case 2:
wc = (wc << 8) | *(const unsigned char *) from++;
+ /* fallthrough */
default: /* case 1: */
wc = (wc << 8) | *(const unsigned char *) from++;
}
- chsize = 1;
+ charsize = 1;
if(wc >= 0x00000080) {
if(wc >= 0x00000800) {
if(wc >= 0x00010000) {
@@ -315,18 +323,18 @@ utf8asn1str(char * * to, int type, const char * from, const char * end)
}
buf[outlength + 3] = (char) (0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x00010000;
- chsize++;
+ charsize++;
}
buf[outlength + 2] = (char) (0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x00000800;
- chsize++;
+ charsize++;
}
buf[outlength + 1] = (char) (0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x000000C0;
- chsize++;
+ charsize++;
}
buf[outlength] = (char) wc;
- outlength += chsize;
+ outlength += charsize;
}
}
buf[outlength] = '\0';
@@ -334,9 +342,9 @@ utf8asn1str(char * * to, int type, const char * from, const char * end)
return outlength;
}
-static const char * string2str(int type, const char * beg, const char * end)
+static const char *string2str(int type, const char *beg, const char *end)
{
- char * buf;
+ char *buf;
/* Convert an ASN.1 String into its UTF-8 string representation.
Return the dynamically allocated string, or NULL if an error occurs. */
@@ -346,7 +354,7 @@ static const char * string2str(int type, const char * beg, const char * end)
return buf;
}
-static int encodeUint(char * buf, int n, unsigned int x)
+static int encodeUint(char *buf, int n, unsigned int x)
{
int i = 0;
unsigned int y = x / 10;
@@ -366,7 +374,7 @@ static int encodeUint(char * buf, int n, unsigned int x)
return i;
}
-static int encodeOID(char * buf, int n, const char * beg, const char * end)
+static int encodeOID(char *buf, int n, const char *beg, const char *end)
{
int i = 0;
unsigned int x;
@@ -405,9 +413,9 @@ static int encodeOID(char * buf, int n, const char * beg, const char * end)
return i;
}
-static const char * OID2str(const char * beg, const char * end, bool symbolic)
+static const char *OID2str(const char *beg, const char *end, bool symbolic)
{
- char * buf = (char *) NULL;
+ char *buf = (char *) NULL;
const curl_OID * op;
int n;
@@ -435,14 +443,14 @@ static const char * OID2str(const char * beg, const char * end, bool symbolic)
return buf;
}
-static const char * GTime2str(const char * beg, const char * end)
+static const char *GTime2str(const char *beg, const char *end)
{
- const char * tzp;
- const char * fracp;
+ const char *tzp;
+ const char *fracp;
char sec1, sec2;
size_t fracl;
size_t tzl;
- const char * sep = "";
+ const char *sep = "";
/* Convert an ASN.1 Generalized time to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
@@ -452,12 +460,13 @@ static const char * GTime2str(const char * beg, const char * end)
/* Get seconds digits. */
sec1 = '0';
- switch (fracp - beg - 12) {
+ switch(fracp - beg - 12) {
case 0:
sec2 = '0';
break;
case 2:
sec1 = fracp[-2];
+ /* FALLTHROUGH */
case 1:
sec2 = fracp[-1];
break;
@@ -498,11 +507,11 @@ static const char * GTime2str(const char * beg, const char * end)
sep, tzl, tzp);
}
-static const char * UTime2str(const char * beg, const char * end)
+static const char *UTime2str(const char *beg, const char *end)
{
- const char * tzp;
+ const char *tzp;
size_t tzl;
- const char * sec;
+ const char *sec;
/* Convert an ASN.1 UTC time to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
@@ -511,7 +520,7 @@ static const char * UTime2str(const char * beg, const char * end)
;
/* Get the seconds. */
sec = beg + 10;
- switch (tzp - sec) {
+ switch(tzp - sec) {
case 0:
sec = "00";
case 2:
@@ -537,10 +546,8 @@ static const char * UTime2str(const char * beg, const char * end)
tzl, tzp);
}
-const char * Curl_ASN1tostr(curl_asn1Element * elem, int type)
+const char *Curl_ASN1tostr(curl_asn1Element *elem, int type)
{
- static const char zero = '\0';
-
/* Convert an ASN.1 element to a printable string.
Return the dynamically allocated string, or NULL if an error occurs. */
@@ -550,7 +557,7 @@ const char * Curl_ASN1tostr(curl_asn1Element * elem, int type)
if(!type)
type = elem->tag; /* Type not forced: use element tag as type. */
- switch (type) {
+ switch(type) {
case CURL_ASN1_BOOLEAN:
return bool2str(elem->beg, elem->end);
case CURL_ASN1_INTEGER:
@@ -561,7 +568,7 @@ const char * Curl_ASN1tostr(curl_asn1Element * elem, int type)
case CURL_ASN1_OCTET_STRING:
return octet2str(elem->beg, elem->end);
case CURL_ASN1_NULL:
- return strdup(&zero);
+ return strdup("");
case CURL_ASN1_OBJECT_IDENTIFIER:
return OID2str(elem->beg, elem->end, TRUE);
case CURL_ASN1_UTC_TIME:
@@ -582,17 +589,17 @@ const char * Curl_ASN1tostr(curl_asn1Element * elem, int type)
return (const char *) NULL; /* Unsupported. */
}
-static ssize_t encodeDN(char * buf, size_t n, curl_asn1Element * dn)
+static ssize_t encodeDN(char *buf, size_t n, curl_asn1Element *dn)
{
curl_asn1Element rdn;
curl_asn1Element atv;
curl_asn1Element oid;
curl_asn1Element value;
size_t l = 0;
- const char * p1;
- const char * p2;
- const char * p3;
- const char * str;
+ const char *p1;
+ const char *p2;
+ const char *p3;
+ const char *str;
/* ASCII encode distinguished name at `dn' into the `n'-byte buffer at `buf'.
Return the total string length, even if larger than `n'. */
@@ -648,9 +655,9 @@ static ssize_t encodeDN(char * buf, size_t n, curl_asn1Element * dn)
return l;
}
-const char * Curl_DNtostr(curl_asn1Element * dn)
+const char *Curl_DNtostr(curl_asn1Element *dn)
{
- char * buf = (char *) NULL;
+ char *buf = (char *) NULL;
ssize_t n = encodeDN(buf, 0, dn);
/* Convert an ASN.1 distinguished name into a printable string.
@@ -666,52 +673,29 @@ const char * Curl_DNtostr(curl_asn1Element * dn)
return (const char *) buf;
}
-static const char * checkOID(const char * beg, const char * end,
- const char * oid)
-{
- curl_asn1Element e;
- const char * ccp;
- const char * p;
- bool matched;
-
- /* Check if first ASN.1 element at `beg' is the given OID.
- Return a pointer in the source after the OID if found, else NULL. */
-
- ccp = Curl_getASN1Element(&e, beg, end);
- if(!ccp || e.tag != CURL_ASN1_OBJECT_IDENTIFIER)
- return (const char *) NULL;
-
- p = OID2str(e.beg, e.end, FALSE);
- if(!p)
- return (const char *) NULL;
-
- matched = !strcmp(p, oid);
- free((char *) p);
- return matched? ccp: (const char *) NULL;
-}
-
-
/*
* X509 parser.
*/
-void Curl_parseX509(curl_X509certificate * cert,
- const char * beg, const char * end)
+int Curl_parseX509(curl_X509certificate *cert,
+ const char *beg, const char *end)
{
curl_asn1Element elem;
curl_asn1Element tbsCertificate;
- const char * ccp;
+ const char *ccp;
static const char defaultVersion = 0; /* v1. */
/* ASN.1 parse an X509 certificate into structure subfields.
Syntax is assumed to have already been checked by the SSL backend.
See RFC 5280. */
+ cert->certificate.header = NULL;
cert->certificate.beg = beg;
cert->certificate.end = end;
/* Get the sequence content. */
- Curl_getASN1Element(&elem, beg, end);
+ if(!Curl_getASN1Element(&elem, beg, end))
+ return -1; /* Invalid bounds/size. */
beg = elem.beg;
end = elem.end;
@@ -726,6 +710,7 @@ void Curl_parseX509(curl_X509certificate * cert,
beg = tbsCertificate.beg;
end = tbsCertificate.end;
/* Get optional version, get serialNumber. */
+ cert->version.header = NULL;
cert->version.beg = &defaultVersion;
cert->version.end = &defaultVersion + sizeof defaultVersion;;
beg = Curl_getASN1Element(&elem, beg, end);
@@ -745,15 +730,19 @@ void Curl_parseX509(curl_X509certificate * cert,
/* Get subject. */
beg = Curl_getASN1Element(&cert->subject, beg, end);
/* Get subjectPublicKeyAlgorithm and subjectPublicKey. */
- beg = Curl_getASN1Element(&elem, beg, end);
+ beg = Curl_getASN1Element(&cert->subjectPublicKeyInfo, beg, end);
ccp = Curl_getASN1Element(&cert->subjectPublicKeyAlgorithm,
- elem.beg, elem.end);
- Curl_getASN1Element(&cert->subjectPublicKey, ccp, elem.end);
+ cert->subjectPublicKeyInfo.beg,
+ cert->subjectPublicKeyInfo.end);
+ Curl_getASN1Element(&cert->subjectPublicKey, ccp,
+ cert->subjectPublicKeyInfo.end);
/* Get optional issuerUiqueID, subjectUniqueID and extensions. */
cert->issuerUniqueID.tag = cert->subjectUniqueID.tag = 0;
cert->extensions.tag = elem.tag = 0;
+ cert->issuerUniqueID.header = cert->subjectUniqueID.header = NULL;
cert->issuerUniqueID.beg = cert->issuerUniqueID.end = "";
cert->subjectUniqueID.beg = cert->subjectUniqueID.end = "";
+ cert->extensions.header = NULL;
cert->extensions.beg = cert->extensions.end = "";
if(beg < end)
beg = Curl_getASN1Element(&elem, beg, end);
@@ -769,9 +758,10 @@ void Curl_parseX509(curl_X509certificate * cert,
}
if(elem.tag == 3)
Curl_getASN1Element(&cert->extensions, elem.beg, elem.end);
+ return 0;
}
-static size_t copySubstring(char * to, const char * from)
+static size_t copySubstring(char *to, const char *from)
{
size_t i;
@@ -788,14 +778,15 @@ static size_t copySubstring(char * to, const char * from)
return i;
}
-static const char * dumpAlgo(curl_asn1Element * param,
- const char * beg, const char * end)
+static const char *dumpAlgo(curl_asn1Element *param,
+ const char *beg, const char *end)
{
curl_asn1Element oid;
/* Get algorithm parameters and return algorithm name. */
beg = Curl_getASN1Element(&oid, beg, end);
+ param->header = NULL;
param->tag = 0;
param->beg = param->end = end;
if(beg < end)
@@ -803,29 +794,31 @@ static const char * dumpAlgo(curl_asn1Element * param,
return OID2str(oid.beg, oid.end, TRUE);
}
-static void do_pubkey_field(struct SessionHandle *data, int certnum,
- const char * label, curl_asn1Element * elem)
+static void do_pubkey_field(struct Curl_easy *data, int certnum,
+ const char *label, curl_asn1Element *elem)
{
- const char * output;
+ const char *output;
/* Generate a certificate information record for the public key. */
output = Curl_ASN1tostr(elem, 0);
if(output) {
- Curl_ssl_push_certinfo(data, certnum, label, output);
- infof(data, " %s: %s\n", label, output);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, label, output);
+ if(!certnum)
+ infof(data, " %s: %s\n", label, output);
free((char *) output);
}
}
-static void do_pubkey(struct SessionHandle * data, int certnum,
- const char * algo, curl_asn1Element * param,
- curl_asn1Element * pubkey)
+static void do_pubkey(struct Curl_easy *data, int certnum,
+ const char *algo, curl_asn1Element *param,
+ curl_asn1Element *pubkey)
{
curl_asn1Element elem;
curl_asn1Element pk;
- const char * p;
- const char * q;
+ const char *p;
+ const char *q;
unsigned long len;
unsigned int i;
@@ -834,29 +827,32 @@ static void do_pubkey(struct SessionHandle * data, int certnum,
/* Get the public key (single element). */
Curl_getASN1Element(&pk, pubkey->beg + 1, pubkey->end);
- if(curl_strequal(algo, "rsaEncryption")) {
+ if(strcasecompare(algo, "rsaEncryption")) {
p = Curl_getASN1Element(&elem, pk.beg, pk.end);
/* Compute key length. */
for(q = elem.beg; !*q && q < elem.end; q++)
;
- len = (elem.end - q) * 8;
+ len = (unsigned long)((elem.end - q) * 8);
if(len)
for(i = *(unsigned char *) q; !(i & 0x80); i <<= 1)
len--;
if(len > 32)
elem.beg = q; /* Strip leading zero bytes. */
- infof(data, " RSA Public Key (%lu bits)\n", len);
- q = curl_maprintf("%lu", len);
- if(q) {
- Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q);
- free((char *) q);
+ if(!certnum)
+ infof(data, " RSA Public Key (%lu bits)\n", len);
+ if(data->set.ssl.certinfo) {
+ q = curl_maprintf("%lu", len);
+ if(q) {
+ Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q);
+ free((char *) q);
+ }
}
/* Generate coefficients. */
do_pubkey_field(data, certnum, "rsa(n)", &elem);
Curl_getASN1Element(&elem, p, pk.end);
do_pubkey_field(data, certnum, "rsa(e)", &elem);
}
- else if(curl_strequal(algo, "dsa")) {
+ else if(strcasecompare(algo, "dsa")) {
p = Curl_getASN1Element(&elem, param->beg, param->end);
do_pubkey_field(data, certnum, "dsa(p)", &elem);
p = Curl_getASN1Element(&elem, p, param->end);
@@ -865,7 +861,7 @@ static void do_pubkey(struct SessionHandle * data, int certnum,
do_pubkey_field(data, certnum, "dsa(g)", &elem);
do_pubkey_field(data, certnum, "dsa(pub_key)", &pk);
}
- else if(curl_strequal(algo, "dhpublicnumber")) {
+ else if(strcasecompare(algo, "dhpublicnumber")) {
p = Curl_getASN1Element(&elem, param->beg, param->end);
do_pubkey_field(data, certnum, "dh(p)", &elem);
Curl_getASN1Element(&elem, param->beg, param->end);
@@ -873,67 +869,81 @@ static void do_pubkey(struct SessionHandle * data, int certnum,
do_pubkey_field(data, certnum, "dh(pub_key)", &pk);
}
#if 0 /* Patent-encumbered. */
- else if(curl_strequal(algo, "ecPublicKey")) {
+ else if(strcasecompare(algo, "ecPublicKey")) {
/* Left TODO. */
}
#endif
}
-CURLcode Curl_extract_certinfo(struct connectdata * conn,
+CURLcode Curl_extract_certinfo(struct connectdata *conn,
int certnum,
- const char * beg,
- const char * end)
+ const char *beg,
+ const char *end)
{
curl_X509certificate cert;
- struct SessionHandle * data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_asn1Element param;
- const char * ccp;
- char * cp1;
+ const char *ccp;
+ char *cp1;
size_t cl1;
- char * cp2;
- CURLcode cc;
+ char *cp2;
+ CURLcode result;
unsigned long version;
size_t i;
size_t j;
+ if(!data->set.ssl.certinfo)
+ if(certnum)
+ return CURLE_OK;
+
/* Prepare the certificate information for curl_easy_getinfo(). */
/* Extract the certificate ASN.1 elements. */
- Curl_parseX509(&cert, beg, end);
+ if(Curl_parseX509(&cert, beg, end))
+ return CURLE_OUT_OF_MEMORY;
/* Subject. */
ccp = Curl_DNtostr(&cert.subject);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Subject", ccp);
- infof(data, "%2d Subject: %s\n", certnum, ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Subject", ccp);
+ if(!certnum)
+ infof(data, "%2d Subject: %s\n", certnum, ccp);
free((char *) ccp);
/* Issuer. */
ccp = Curl_DNtostr(&cert.issuer);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp);
- infof(data, " Issuer: %s\n", ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Issuer", ccp);
+ if(!certnum)
+ infof(data, " Issuer: %s\n", ccp);
free((char *) ccp);
/* Version (always fits in less than 32 bits). */
version = 0;
for(ccp = cert.version.beg; ccp < cert.version.end; ccp++)
version = (version << 8) | *(const unsigned char *) ccp;
- ccp = curl_maprintf("%lx", version);
- if(!ccp)
- return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Version", ccp);
- free((char *) ccp);
- infof(data, " Version: %lu (0x%lx)\n", version + 1, version);
+ if(data->set.ssl.certinfo) {
+ ccp = curl_maprintf("%lx", version);
+ if(!ccp)
+ return CURLE_OUT_OF_MEMORY;
+ Curl_ssl_push_certinfo(data, certnum, "Version", ccp);
+ free((char *) ccp);
+ }
+ if(!certnum)
+ infof(data, " Version: %lu (0x%lx)\n", version + 1, version);
/* Serial number. */
ccp = Curl_ASN1tostr(&cert.serialNumber, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp);
- infof(data, " Serial Number: %s\n", ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Serial Number", ccp);
+ if(!certnum)
+ infof(data, " Serial Number: %s\n", ccp);
free((char *) ccp);
/* Signature algorithm .*/
@@ -941,24 +951,30 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
cert.signatureAlgorithm.end);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp);
- infof(data, " Signature Algorithm: %s\n", ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp);
+ if(!certnum)
+ infof(data, " Signature Algorithm: %s\n", ccp);
free((char *) ccp);
/* Start Date. */
ccp = Curl_ASN1tostr(&cert.notBefore, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp);
- infof(data, " Start Date: %s\n", ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Start Date", ccp);
+ if(!certnum)
+ infof(data, " Start Date: %s\n", ccp);
free((char *) ccp);
/* Expire Date. */
ccp = Curl_ASN1tostr(&cert.notAfter, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp);
- infof(data, " Expire Date: %s\n", ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Expire Date", ccp);
+ if(!certnum)
+ infof(data, " Expire Date: %s\n", ccp);
free((char *) ccp);
/* Public Key Algorithm. */
@@ -966,8 +982,10 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
cert.subjectPublicKeyAlgorithm.end);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp);
- infof(data, " Public Key Algorithm: %s\n", ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Public Key Algorithm", ccp);
+ if(!certnum)
+ infof(data, " Public Key Algorithm: %s\n", ccp);
do_pubkey(data, certnum, ccp, &param, &cert.subjectPublicKey);
free((char *) ccp);
@@ -977,17 +995,19 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
ccp = Curl_ASN1tostr(&cert.signature, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl_push_certinfo(data, certnum, "Signature", ccp);
- infof(data, " Signature: %s\n", ccp);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Signature", ccp);
+ if(!certnum)
+ infof(data, " Signature: %s\n", ccp);
free((char *) ccp);
/* Generate PEM certificate. */
- cc = Curl_base64_encode(data, cert.certificate.beg,
- cert.certificate.end - cert.certificate.beg,
- &cp1, &cl1);
- if(cc != CURLE_OK)
- return cc;
- /* Compute the number of charaters in final certificate string. Format is:
+ result = Curl_base64_encode(data, cert.certificate.beg,
+ cert.certificate.end - cert.certificate.beg,
+ &cp1, &cl1);
+ if(result)
+ return result;
+ /* Compute the number of characters in final certificate string. Format is:
-----BEGIN CERTIFICATE-----\n
<max 64 base64 characters>\n
.
@@ -1008,29 +1028,62 @@ CURLcode Curl_extract_certinfo(struct connectdata * conn,
i += copySubstring(cp2 + i, "-----END CERTIFICATE-----");
cp2[i] = '\0';
free(cp1);
- Curl_ssl_push_certinfo(data, certnum, "Cert", cp2);
- infof(data, "%s\n", cp2);
+ if(data->set.ssl.certinfo)
+ Curl_ssl_push_certinfo(data, certnum, "Cert", cp2);
+ if(!certnum)
+ infof(data, "%s\n", cp2);
free(cp2);
return CURLE_OK;
}
+#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL or USE_SCHANNEL */
+
+#if defined(USE_GSKIT)
+
+static const char *checkOID(const char *beg, const char *end,
+ const char *oid)
+{
+ curl_asn1Element e;
+ const char *ccp;
+ const char *p;
+ bool matched;
+
+ /* Check if first ASN.1 element at `beg' is the given OID.
+ Return a pointer in the source after the OID if found, else NULL. */
+
+ ccp = Curl_getASN1Element(&e, beg, end);
+ if(!ccp || e.tag != CURL_ASN1_OBJECT_IDENTIFIER)
+ return (const char *) NULL;
+
+ p = OID2str(e.beg, e.end, FALSE);
+ if(!p)
+ return (const char *) NULL;
+
+ matched = !strcmp(p, oid);
+ free((char *) p);
+ return matched? ccp: (const char *) NULL;
+}
-CURLcode Curl_verifyhost(struct connectdata * conn,
- const char * beg, const char * end)
+CURLcode Curl_verifyhost(struct connectdata *conn,
+ const char *beg, const char *end)
{
- struct SessionHandle * data = conn->data;
+ struct Curl_easy *data = conn->data;
curl_X509certificate cert;
curl_asn1Element dn;
curl_asn1Element elem;
curl_asn1Element ext;
curl_asn1Element name;
- int i;
- const char * p;
- const char * q;
- char * dnsname;
+ const char *p;
+ const char *q;
+ char *dnsname;
int matched = -1;
size_t addrlen = (size_t) -1;
ssize_t len;
+ const char * const hostname = SSL_IS_PROXY()? conn->http_proxy.host.name:
+ conn->host.name;
+ const char * const dispname = SSL_IS_PROXY()?
+ conn->http_proxy.host.dispname:
+ conn->host.dispname;
#ifdef ENABLE_IPV6
struct in6_addr addr;
#else
@@ -1040,20 +1093,19 @@ CURLcode Curl_verifyhost(struct connectdata * conn,
/* Verify that connection server matches info in X509 certificate at
`beg'..`end'. */
- if(!data->set.ssl.verifyhost)
+ if(!SSL_CONN_CONFIG(verifyhost))
return CURLE_OK;
- if(!beg)
+ if(Curl_parseX509(&cert, beg, end))
return CURLE_PEER_FAILED_VERIFICATION;
- Curl_parseX509(&cert, beg, end);
/* Get the server IP address. */
#ifdef ENABLE_IPV6
- if(conn->bits.ipv6_ip && Curl_inet_pton(AF_INET6, conn->host.name, &addr))
+ if(conn->bits.ipv6_ip && Curl_inet_pton(AF_INET6, hostname, &addr))
addrlen = sizeof(struct in6_addr);
else
#endif
- if(Curl_inet_pton(AF_INET, conn->host.name, &addr))
+ if(Curl_inet_pton(AF_INET, hostname, &addr))
addrlen = sizeof(struct in_addr);
/* Process extensions. */
@@ -1071,19 +1123,15 @@ CURLcode Curl_verifyhost(struct connectdata * conn,
/* Check all GeneralNames. */
for(q = elem.beg; matched != 1 && q < elem.end;) {
q = Curl_getASN1Element(&name, q, elem.end);
- switch (name.tag) {
+ switch(name.tag) {
case 2: /* DNS name. */
- i = 0;
len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING,
name.beg, name.end);
- if(len > 0)
- if(strlen(dnsname) == (size_t) len)
- i = Curl_cert_hostcheck((const char *) dnsname, conn->host.name);
- if(dnsname)
- free(dnsname);
- if(!i)
- return CURLE_PEER_FAILED_VERIFICATION;
- matched = i;
+ if(len > 0 && (size_t)len == strlen(dnsname))
+ matched = Curl_cert_hostcheck(dnsname, hostname);
+ else
+ matched = 0;
+ free(dnsname);
break;
case 7: /* IP address. */
@@ -1095,19 +1143,20 @@ CURLcode Curl_verifyhost(struct connectdata * conn,
}
}
- switch (matched) {
+ switch(matched) {
case 1:
/* an alternative name matched the server hostname */
- infof(data, "\t subjectAltName: %s matched\n", conn->host.dispname);
+ infof(data, "\t subjectAltName: %s matched\n", dispname);
return CURLE_OK;
case 0:
/* an alternative name field existed, but didn't match and then
we MUST fail */
- infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+ infof(data, "\t subjectAltName does not match %s\n", dispname);
return CURLE_PEER_FAILED_VERIFICATION;
}
/* Process subject. */
+ name.header = NULL;
name.beg = name.end = "";
q = cert.subject.beg;
/* we have to look to the last occurrence of a commonName in the
@@ -1134,18 +1183,18 @@ CURLcode Curl_verifyhost(struct connectdata * conn,
}
if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */
failf(data, "SSL: illegal cert name field");
- else if(Curl_cert_hostcheck((const char *) dnsname, conn->host.name)) {
+ else if(Curl_cert_hostcheck((const char *) dnsname, hostname)) {
infof(data, "\t common name: %s (matched)\n", dnsname);
free(dnsname);
return CURLE_OK;
}
else
failf(data, "SSL: certificate subject name '%s' does not match "
- "target host name '%s'", dnsname, conn->host.dispname);
+ "target host name '%s'", dnsname, dispname);
free(dnsname);
}
return CURLE_PEER_FAILED_VERIFICATION;
}
-#endif /* USE_QSOSSL or USE_GSKIT */
+#endif /* USE_GSKIT */
diff --git a/libs/libcurl/src/x509asn1.h b/libs/libcurl/src/x509asn1.h
index 2276b5b641..ce40297927 100644
--- a/libs/libcurl/src/x509asn1.h
+++ b/libs/libcurl/src/x509asn1.h
@@ -8,11 +8,11 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
@@ -25,7 +25,8 @@
#include "curl_setup.h"
-#if defined(USE_QSOSSL) || defined(USE_GSKIT)
+#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \
+ defined(USE_CYASSL) || defined(USE_SCHANNEL)
#include "urldata.h"
@@ -33,6 +34,9 @@
* Constants.
*/
+/* Largest supported ASN.1 structure. */
+#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */
+
/* ASN.1 classes. */
#define CURL_ASN1_UNIVERSAL 0
#define CURL_ASN1_APPLICATION 1
@@ -76,8 +80,9 @@
/* ASN.1 parsed element. */
typedef struct {
+ const char * header; /* Pointer to header byte. */
const char * beg; /* Pointer to element data. */
- const char * end; /* Pointer to 1st byte after element data. */
+ const char * end; /* Pointer to 1st byte after element. */
unsigned char class; /* ASN.1 element class. */
unsigned char tag; /* ASN.1 element tag. */
bool constructed; /* Element is constructed. */
@@ -102,6 +107,7 @@ typedef struct {
curl_asn1Element notBefore;
curl_asn1Element notAfter;
curl_asn1Element subject;
+ curl_asn1Element subjectPublicKeyInfo;
curl_asn1Element subjectPublicKeyAlgorithm;
curl_asn1Element subjectPublicKey;
curl_asn1Element issuerUniqueID;
@@ -114,16 +120,15 @@ typedef struct {
* Prototypes.
*/
-const char * Curl_getASN1Element(curl_asn1Element * elem,
- const char * beg, const char * end);
-const char * Curl_ASN1tostr(curl_asn1Element * elem, int type);
-const char * Curl_DNtostr(curl_asn1Element * dn);
-void Curl_parseX509(curl_X509certificate * cert,
- const char * beg, const char * end);
-CURLcode Curl_extract_certinfo(struct connectdata * conn, int certnum,
- const char * beg, const char * end);
-CURLcode Curl_verifyhost(struct connectdata * conn,
- const char * beg, const char * end);
-
-#endif /* USE_QSOSSL or USE_GSKIT */
+const char *Curl_getASN1Element(curl_asn1Element *elem,
+ const char *beg, const char *end);
+const char *Curl_ASN1tostr(curl_asn1Element *elem, int type);
+const char *Curl_DNtostr(curl_asn1Element *dn);
+int Curl_parseX509(curl_X509certificate *cert,
+ const char *beg, const char *end);
+CURLcode Curl_extract_certinfo(struct connectdata *conn, int certnum,
+ const char *beg, const char *end);
+CURLcode Curl_verifyhost(struct connectdata *conn,
+ const char *beg, const char *end);
+#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL or USE_SCHANNEL */
#endif /* HEADER_CURL_X509ASN1_H */
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-16 04:26:06 +0000