diff options
| author | dartraiden <wowemuh@gmail.com> | 2024-09-19 19:35:43 +0300 |
|---|---|---|
| committer | dartraiden <wowemuh@gmail.com> | 2024-09-19 19:38:33 +0300 |
| commit | 487f6abca26f6b70d545d02e296ae6ca7e197882 (patch) | |
| tree | db5399c4868101c94791698b01c9f6b54028d84e /libs | |
| parent | a2da78df63073c27434bd465bec78e8d51a4935e (diff) | |
libcurl: update to 8.10.1
Diffstat (limited to 'libs')
29 files changed, 301 insertions, 682 deletions
diff --git a/libs/libcurl/docs/RELEASE-NOTES b/libs/libcurl/docs/RELEASE-NOTES index fddba01378..42f862ec2c 100644 --- a/libs/libcurl/docs/RELEASE-NOTES +++ b/libs/libcurl/docs/RELEASE-NOTES @@ -1,277 +1,40 @@ -curl and libcurl 8.10.0
+curl and libcurl 8.10.1
- Public curl releases: 260
+ Public curl releases: 261
Command line options: 265
curl_easy_setopt() options: 306
Public functions in libcurl: 94
- Contributors: 3239
+ Contributors: 3246
This release includes the following changes:
- o autotools: add `--enable-windows-unicode` option [103]
- o curl: --help [option] displays documentation for given cmdline option [19]
- o curl: add --skip-existing [54]
- o curl: for -O, use "default" as filename when the URL has none [34]
- o curl: make --rate accept "number of units" [4]
- o curl: make --show-headers the same as --include [6]
- o curl: support --dump-header % to direct to stderr [31]
- o curl: support embedding a CA bundle and --dump-ca-embed [20]
- o curl: support repeated use of the verbose option; -vv etc [35]
- o curl: use libuv for parallel transfers with --test-event [82]
- o getinfo: add CURLINFO_POSTTRANSFER_TIME_T [87]
- o mbedtls: add CURLOPT_TLS13_CIPHERS support [78]
- o rustls: add support for setting TLS version and ciphers [113]
- o vtls: stop offering alpn http/1.1 for http2-prior-knowledge [53]
- o wolfssl: add CURLOPT_TLS13_CIPHERS support [76]
- o wolfssl: add support for ssl cert blob / ssl key blob options [50]
This release includes the following bugfixes:
- o asyn-thread: stop using GetAddrInfoExW on Windows [241]
- o autotools: fix MS-DOS builds [249]
- o autotools: fix typo in tests/data target [30]
- o aws_sigv4: fix canon order for headers with same prefix [74]
- o bearssl: fix setting tls version [203]
- o bearssl: improve shutdown handling [45]
- o BINDINGS: add zig binding [100]
- o build: add `iphlpapi` lib for libssh on Windows [166]
- o build: add `poll()` detection for cross-builds [244]
- o build: add options to disable SHA-512/256 hash algo [239]
- o build: check OS-native IDN first, then libidn2 [223]
- o build: delete unused `REQUIRE_LIB_DEPS` [226]
- o build: drop unused `NROFF` reference [253]
- o build: drop unused feature-detection code for Apple `poll()` [227]
- o build: generate `buildinfo.txt` for test logs [256]
- o build: improve compiler version detection portability
- o build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0 [207]
- o build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds [137]
- o build: use -Wno-format-overflow [195]
- o buildconf.bat: fix tool_hugehelp.c generation [173]
- o cf-socket: fix pollset for listening [179]
- o cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows [185]
- o cfilters: send flush [13]
- o CHANGES: rename to CHANGES.md, no longer generated [40]
- o CI: enable parallel testing in CI builds [18]
- o ci: Update actions/upload-artifact digest to 89ef406 [24]
- o cmake: `Libs.private` improvements [215]
- o cmake: add `CURL_USE_PKGCONFIG` option [138]
- o cmake: add Linux CI job, fix pytest with cmake [71]
- o cmake: add math library when using wolfssl and ngtcp2 [66]
- o cmake: add missing `pkg-config` hints to Find modules [158]
- o cmake: add missing version detection to Find modules [170]
- o cmake: add rustls [116]
- o cmake: add support for versioned symbols option [51]
- o cmake: add wolfSSH support [117]
- o cmake: allow `pkg-config` in more envs [147]
- o cmake: cleanup header paths [59]
- o cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP` [231]
- o cmake: delete MSVC warning suppression for tests/server [101]
- o cmake: detect `nghttp2` via `pkg-config`, enable by default [21]
- o cmake: detect and show VCPKG in platform flags [84]
- o cmake: distcheck for files in CMake subdir [9]
- o cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs [27]
- o cmake: drop libssh CONFIG-style detection [167]
- o cmake: drop no-op `tests/data/CMakeLists.txt` [26]
- o cmake: drop reference to undefined variable [25]
- o cmake: drop unused `HAVE_IDNA_STRERROR` [62]
- o cmake: drop unused internal variable [22]
- o cmake: exclude tests/http/clients builds by default [110]
- o cmake: fix `GSS_VERSION` for Heimdal found via pkg-config [77]
- o cmake: fix `pkg-config`-based detection in `FindGSS.cmake` [94]
- o cmake: fix and tidy up c-ares builds, enable in more CI jobs [156]
- o cmake: fix find rustls [148]
- o cmake: fixup linking libgsasl when detected via CMake-native
- o cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE` [163]
- o cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default [188]
- o cmake: limit libidn2 `pkg-config` detection to `UNIX` [109]
- o cmake: migrate dependency detections to Find modules [183]
- o cmake: more small tidy-ups and fixes [80]
- o cmake: rename wolfSSL and zstd config variables to uppercase [151]
- o cmake: respect cflags/libdirs of native pkg-config detections [175]
- o cmake: show CMake platform/compiler flags [63]
- o cmake: show warning if libpsl is not found [154]
- o cmake: sync code between test/example targets [234]
- o cmake: sync up formatting in Find modules [129]
- o cmake: TLS 1.3 warning only for bearssl and sectranp [118]
- o cmake: update `curl-config.cmake.in` template var list
- o cmake: update list of "advanced" variables [119]
- o cmake: use numeric comparison for `HAVE_WIN32_WINNT` [69]
- o cmdline-opts: language fix for expect100-timeout.md and max-time.md [192]
- o configure: delete unused `CURL_DEFINE_UNQUOTED` function [224]
- o configure: delete unused `HAVE_OPENSSL3` macro [225]
- o configure: delete unused `m4/xc-translit.m4` [114]
- o configure: detect AppleIDN [70]
- o configure: fail if PSL is not disabled but not found [46]
- o configure: fix WinIDN builds targeting old Windows [210]
- o configure: remove USE_EXPLICIT_LIB_DEPS [199]
- o configure: replace nonportable grep -o with awk [111]
- o connect: always prefer ipv6 in IP eyeballing [209]
- o connect: limit update IP info [191]
- o cookie.md: try to articulate the two different uses this option has [92]
- o curl: allow 500MB data URL encode strings [38]
- o curl: find curlrc in XDG_CONFIG_HOME without leading dot [186]
- o curl: fix --proxy-pinnedpubkey [91]
- o curl: fix the -w urle.* variables [153]
- o curl: make the progress bar detect terminal width changes [169]
- o curl: warn on unsupported SSL options [106]
- o Curl_rand_bytes to control env override [17]
- o curl_sha512_256: fix symbol collisions with nettle library [131]
- o CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument [216]
- o CURLOPT_XFERINFOFUNCTION: clarify the callback return codes [141]
- o dist: add missing `docs/examples/CMakeLists.txt` [58]
- o dist: add missing `FindNettle.cmake` [11]
- o dist: add missing `lib/optiontable.pl` [115]
- o dist: add missing `test_*.py` scripts [102]
- o dist: drop buildconf [65]
- o dist: fix reproducible build from release tarball [36]
- o dmaketgz: only run 'make distclean' if Makefile exists
- o docs/SSLCERTS: rewrite [174]
- o docs: add description of effect of --location-trusted on cookie [157]
- o docs: document the (weak) random value situation in rustls builds [252]
- o docs: fix some examples in man pages
- o docs: improve cipher options documentation [159]
- o docs: mention "@-" in more places [67]
- o docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md [105]
- o docs: update CIPHERS.md [140]
- o doh-url.md: point out DOH server IP pinning [37]
- o doh: remove redundant checks [242]
- o easy: fix curl_easy_upkeep for shared connection caches [52]
- o escape: allow curl_easy_escape to generate 3*input length output [39]
- o FEATURES.md: fix typo [180]
- o ftp: always offer line end conversions [219]
- o ftp: flush pingpong before response [73]
- o getinfo: return zero for unsupported options (when disabled) [189]
- o GHA/windows: enable MulitSSL in an MSVC job [2]
- o GHA: scan git repository and detect unvetted binary files [3]
- o gnutls/wolfssl: improve error message when certificate fails [125]
- o gnutls: send all data [230]
- o gtls: fix OCSP stapling management [206]
- o haproxy: send though next filter [222]
- o hash: provide asserts to verify API use [96]
- o http/2: simplify eos/blocked handling [90]
- o http2+h3 filters: fix ctx init [142]
- o http2: fix GOAWAY message sent to server [171]
- o http2: improve rate limiting of downloads [33]
- o http2: improved upload eos handling [41]
- o http3.md: mention how the fallback can be h1 or h2 [194]
- o hyper: call Curl_req_set_upload_done() [126]
- o idn: more strictly check AppleIDN errors [98]
- o idn: support non-UTF-8 input under AppleIDN [99]
- o INSTALL.md: MultiSSL and QUIC are mutually exclusive [7]
- o KNOWN_BUGS: "special characers" in URL works with aws-sigv4 [81]
- o krb5: add Linux/macOS CI tests, fix cmake GSS detection [83]
- o krb5: fix `-Wcast-align` [95]
- o lib: add eos flag to send methods [14]
- o lib: avoid macro collisions between wolfSSL and GnuTLS headers [133]
- o lib: convert some debugf()s into traces [8]
- o lib: delete stray undefs for `vsnprintf`, `vsprintf` [152]
- o lib: fix AIX build issues [112]
- o lib: fix building with wolfSSL without DES support [134]
- o lib: make SSPI global symbols use Curl_ prefix [251]
- o lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name [132]
- o lib: remove the final strncpy() calls [240]
- o lib: remove use of RANDOM_FILE [235]
- o libcurl.def: move from / into lib [238]
- o libcurl.pc: add `Cflags.private` [10]
- o libcurl.pc: add reference to `libgsasl` [150]
- o libcurl/docs: expand on redirect following and secrets to other hosts [85]
- o llist: remove direct struct accesses, use only functions [72]
- o Makefile.dist: fix `ca-firefox` target [254]
- o Makefile.mk: fixup enabling libidn2 [61]
- o Makefile: remove 'scripts' duplicate from DIST_SUBDIRS
- o maketgz: accept option to include latest commit hash [5]
- o maketgz: fix RELEASE-TOOLS.md for daily tarballs [243]
- o maketgz: move from / into scripts [237]
- o managen: fix superfluous leading blank line in quoted sections [211]
- o managen: in man output, remove the leading space from examples [198]
- o managen: wordwrap long example lines in ASCII output [143]
- o manpage: ensure a maximum width for the text version [75]
- o max-filesize.md: mention zero disables the limit [93]
- o mbedtls: add more informative logging [162]
- o mbedtls: fix setting tls version [200]
- o mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL [181]
- o mime: avoid inifite loop in client reader [155]
- o mk-ca-bundle.pl: include a link to the caextract webpage [68]
- o multi: make the "general" list of easy handles a Curl_llist [97]
- o multi: on socket callback error, remove socket hash entry nonetheless [149]
- o ngtcp2/osslq: remove NULL pointer dereferences [213]
- o ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks [79]
- o openssl quic: fix memory leak [229]
- o openssl: certinfo errors now fail correctly [250]
- o openssl: fix the data race when sharing an SSL session between threads [221]
- o openssl: improve shutdown handling [44]
- o pingpong: drain the input buffer when reading responses [193]
- o POP3: fix multi-line responses [168]
- o pop3: use the protocol handler ->write_resp [220]
- o printf: fix mingw-w64 format checks [228]
- o progress: ratelimit/progress tweaks [32]
- o pytests: add tests for HEAD requests in all HTTP versions [42]
- o rand: only provide weak random when needed [233]
- o runtests: if DISABLED cannot be read, error out [56]
- o runtests: log ignored but passed tests [130]
- o runtests: remove "has_textaware" [217]
- o rustls: fix setting tls version [202]
- o rustls: make all tests pass [1]
- o schannel: avoid malloc for CAinfo_blob_digest [247]
- o scorecard: tweak request measurements [139]
- o sectransp: fix setting tls version [204]
- o SECURITY: mention OpenSSF best practices gold badge [161]
- o setopt: allow CURLOPT_INTERFACE to be set to NULL [165]
- o setopt: let CURLOPT_ECH set to NULL reset to default [187]
- o setopt: make CURLOPT_TFTP_BLKSIZE accept bad values [184]
- o sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL [135]
- o share: don't reinitialize conncache [214]
- o sigpipe: init the struct so that first apply ignores [49]
- o smb: convert superflous assign into assert [246]
- o smtp: add tracing feature [120]
- o splay: use access functions, add asserts, use Curl_timediff [121]
- o spnego_gssapi: implement TLS channel bindings for openssl [146]
- o src: delete `curlx_m*printf()` aliases [197]
- o src: fix potential macro confusion in cmake unity builds [208]
- o src: namespace symbols clashing with lib [248]
- o src: replace copy of printf mappings with an include [190]
- o ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) [177]
- o system_win32: fix typo
- o test httpd: tweak cipher list [124]
- o test1521: verify setting options to NULL better [182]
- o test1707: output diff more for debugging differences in CI outputs
- o test556: improve robustness [64]
- o test579: improve robustness [60]
- o test587: improve robustness [123]
- o test649: improve robustness [122]
- o test677: improve robustness [47]
- o tests/runner: only allow [!A-Za-z0-9_-] in %if feature names [55]
- o tests: constrain http pytest to tests/http directory [205]
- o tests: don't mangle output if hostname or type unknown
- o tests: ignore QUIT from FTP protocol comparisons [108]
- o tests: provide docs as curldown, not nroff [12]
- o tidy-up: misc build, tests, `lib/macos.c` [172]
- o tidy-up: OS names [57]
- o tool_operhlp: fix "potentially uninitialized local variable 'pc' used" [48]
- o tool_paramhlp: bump maximum post data size in memory to 16GB [128]
- o transfer: Curl_sendrecv() and event related improvements [164]
- o transfer: remove comments, add asserts [218]
- o transfer: skip EOS read when download done [196]
- o url: dns_entry related improvements [16]
- o url: fix connection reuse for HTTP/2 upgrades [236]
- o urlapi: verify URL *decoded* hostname when set [160]
- o urldata: introduce `data->mid`, a unique identifier inside a multi [127]
- o urldata: remove 'scratch' from the UrlState struct [86]
- o urldata: remove crlf_conversions counter [232]
- o urldata: remove proxy_connect_closed bit [178]
- o verify-release: shell script that verifies a release tarball [29]
- o version: fix shadowing a `libssh.h` symbol [176]
- o vtls: add SSLSUPP_CIPHER_LIST [107]
- o vtls: fix MSVC 'cast truncates constant value' warning [23]
- o vtls: fix static function name collisions between TLS backends [136]
- o vtls: init ssl peer only once [15]
- o websocket: introduce blocking sends [145]
- o wolfssl: avoid taking cached x509 store ref if sslctx already using it [88]
- o wolfssl: fix CURLOPT_SSLVERSION [144]
- o wolfssl: fix setting tls version [201]
- o wolfssl: improve shutdown handling [43]
- o ws: flags to opcodes should ignore CURLWS_CONT flag [104]
- o x509asn1: raise size limit for x509 certification information [28]
+ o autotools: fix `--with-ca-embed` build rule [3]
+ o cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync [8]
+ o cmake: fix MSH3 to appear on the feature list [20]
+ o connect: store connection info when really done [9]
+ o CURLMOPT_TIMERFUNCTION.md: emphasize that only a single timer should run [5]
+ o FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a [34]
+ o http2: when uploading data from stdin, fix eos forwarding [7]
+ o http: make max-filesize check not count ignored bodies [33]
+ o lib: fix AF_INET6 use outside of USE_IPV6 [13]
+ o libcurl-docs: CURLINFO_LOCAL_* work for QUIC as well as TCP [1]
+ o multi: check that the multi handle is valid in curl_multi_assign [14]
+ o QUIC: on connect, keep on trying on draining server [11]
+ o request: correctly reset the eos_sent flag [21]
+ o runtests: accecpt 'quictls' as OpenSSL compatible [2]
+ o rustls: fixed minor logic bug in default cipher selection [12]
+ o rustls: rustls-ffi 0.14.0 update [18]
+ o rustls: support strong CSRNG data [16]
+ o setopt: remove superfluous use of ternary expressions [4]
+ o singleuse: drop `Curl_memrchr()` for no-HTTP builds [24]
+ o test537: cap the rlimit max this test runs [10]
+ o tests: tweak lock file handling and timers [22]
+ o tool_cb_wrt: use "curl_response" if no file name in URL [19]
+ o transfer: fix sendrecv() without interim poll [15]
+ o vtls: fix `Curl_ssl_conn_config_match` doc param [6]
This release includes the following known bugs:
@@ -291,273 +54,36 @@ Planned upcoming removals include: This release would not have looked like this without help, code, reports and
advice from friends like these:
- Aki Sakurai, Alex Snast, Antoine du Hamel, Austin Moore,
- Benjamin Riefenstahl Mecom, Bo Anderson, Chris Swan, Christoph Reiter,
- Dan Fandrich, Daniel Stenberg, David Sardari, dependabot[bot],
- Emanuele Torre, Eric Norris, feelingseas on github, Gruber Glass,
- Hiroki Kurosawa, Ionuț-Francisc Oancea, janedenone on github, Jan Venekamp,
- Jason Hood, Jiacai Liu, Joe Birr-Pixton, John Haugabook, Joshix-1 on github,
- Justin Maggard, Kai Pastor, kit-ty-kate on github, lolbinarycat on github,
- MasterInQuestion on github, Matt Jolly, Max Faxälv, Micah Snyder,
- Moritz Buhl, Pete Cordell, ralfjunker on github, Rasmus Thomsen, Ray Satiro,
- Razvan Pricope, renovate[bot], Ryan Carsten Schmidt, Sam Jessup,
- Sergio Durigan Junior, Slaven Rezić, Stanislav Lange, Stefan Eissing,
- Steffen Kieß, Tal Regev, Tim Yuer, Venkat Krishna R, Viktor Petersson,
- Viktor Szakats, XYenon, Yedaya Katsman, Yoshimasa Ohno, наб, 罗朝辉
- (57 contributors)
+ Brian Inglis, Carlo Cabrera, Daniel McCarney, Daniel Stenberg,
+ dependabot[bot], finkjsc on github, Gabriel Marin, Harry Sintonen,
+ Jan Venekamp, Julian K., MasterInQuestion on github, Michael Osipov,
+ nekopsykose on github, Patrick Steinhardt, rampageX on github,
+ Stefan Eissing, Tal Regev, Victor Kislov, Viktor Szakats
+ (19 contributors)
References to bug reports and discussions on issues:
- [1] = https://curl.se/bug/?i=14317
- [2] = https://curl.se/bug/?i=14276
- [3] = https://curl.se/bug/?i=14333
- [4] = https://curl.se/bug/?i=14245
- [5] = https://curl.se/bug/?i=14363
- [6] = https://curl.se/bug/?i=13987
- [7] = https://curl.se/bug/?i=14308
- [8] = https://curl.se/bug/?i=14322
- [9] = https://curl.se/bug/?i=14323
- [10] = https://curl.se/bug/?i=14321
- [11] = https://curl.se/bug/?i=14285
- [12] = https://curl.se/bug/?i=14324
- [13] = https://curl.se/bug/?i=14271
- [14] = https://curl.se/bug/?i=14220
- [15] = https://curl.se/bug/?i=14152
- [16] = https://curl.se/bug/?i=14195
- [17] = https://curl.se/bug/?i=14264
- [18] = https://curl.se/bug/?i=11510
- [19] = https://curl.se/bug/?i=13997
- [20] = https://curl.se/bug/?i=14059
- [21] = https://curl.se/bug/?i=14136
- [22] = https://curl.se/bug/?i=14361
- [23] = https://curl.se/bug/?i=14341
- [24] = https://curl.se/bug/?i=14359
- [25] = https://curl.se/bug/?i=14358
- [26] = https://curl.se/bug/?i=14357
- [27] = https://curl.se/bug/?i=14356
- [28] = https://curl.se/bug/?i=14352
- [29] = https://curl.se/bug/?i=14350
- [30] = https://curl.se/bug/?i=14355
- [31] = https://curl.se/bug/?i=13992
- [32] = https://curl.se/bug/?i=14335
- [33] = https://curl.se/bug/?i=14326
- [34] = https://curl.se/bug/?i=13988
- [35] = https://curl.se/bug/?i=13977
- [36] = https://curl.se/bug/?i=14336
- [37] = https://curl.se/bug/?i=14377
- [38] = https://curl.se/bug/?i=14337
- [39] = https://curl.se/bug/?i=14339
- [40] = https://curl.se/bug/?i=14331
- [41] = https://curl.se/bug/?i=14253
- [42] = https://curl.se/bug/?i=14367
- [43] = https://curl.se/bug/?i=14376
- [44] = https://curl.se/bug/?i=14375
- [45] = https://curl.se/bug/?i=14374
- [46] = https://curl.se/bug/?i=14373
- [47] = https://curl.se/bug/?i=14455
- [48] = https://curl.se/bug/?i=14389
- [49] = https://curl.se/bug/?i=14344
- [50] = https://curl.se/bug/?i=14018
- [51] = https://curl.se/bug/?i=14349
- [52] = https://curl.se/bug/?i=12677
- [53] = https://curl.se/bug/?i=9963
- [54] = https://curl.se/bug/?i=13993
- [55] = https://curl.se/bug/?i=14403
- [56] = https://curl.se/bug/?i=14411
- [57] = https://curl.se/bug/?i=14360
- [58] = https://curl.se/bug/?i=14380
- [59] = https://curl.se/bug/?i=14416
- [60] = https://curl.se/bug/?i=14454
- [61] = https://curl.se/bug/?i=14421
- [62] = https://curl.se/bug/?i=14420
- [63] = https://curl.se/bug/?i=14417
- [64] = https://curl.se/bug/?i=14453
- [65] = https://curl.se/bug/?i=14412
- [66] = https://curl.se/bug/?i=14343
- [67] = https://curl.se/bug/?i=14402
- [68] = https://github.com/curl/curl-www/issues/374
- [69] = https://curl.se/bug/?i=14409
- [70] = https://curl.se/bug/?i=14401
- [71] = https://curl.se/bug/?i=14382
- [72] = https://curl.se/bug/?i=14485
- [73] = https://curl.se/bug/?i=14452
- [74] = https://curl.se/bug/?i=14370
- [75] = https://curl.se/bug/?i=14423
- [76] = https://curl.se/bug/?i=14385
- [77] = https://curl.se/bug/?i=14393
- [78] = https://curl.se/bug/?i=14384
- [79] = https://curl.se/bug/?i=14394
- [80] = https://curl.se/bug/?i=14450
- [81] = https://curl.se/bug/?i=13754
- [82] = https://curl.se/bug/?i=14298
- [83] = https://curl.se/bug/?i=14447
- [84] = https://curl.se/bug/?i=14451
- [85] = https://curl.se/bug/?i=14472
- [86] = https://curl.se/bug/?i=14500
- [87] = https://curl.se/bug/?i=14189
- [88] = https://curl.se/bug/?i=14442
- [89] = https://curl.se/bug/?i=14492
- [90] = https://curl.se/bug/?i=14435
- [91] = https://curl.se/bug/?i=14438
- [92] = https://curl.se/bug/?i=14491
- [93] = https://curl.se/bug/?i=14440
- [94] = https://curl.se/bug/?i=14430
- [95] = https://curl.se/bug/?i=14433
- [96] = https://curl.se/bug/?i=14503
- [97] = https://curl.se/bug/?i=14474
- [98] = https://curl.se/bug/?i=14431
- [99] = https://curl.se/bug/?i=14431
- [100] = https://curl.se/bug/?i=14437
- [101] = https://curl.se/bug/?i=14428
- [102] = https://curl.se/bug/?i=14427
- [103] = https://curl.se/bug/?i=7229
- [104] = https://curl.se/bug/?i=14397
- [105] = https://curl.se/bug/?i=14553
- [106] = https://curl.se/bug/?i=14406
- [107] = https://curl.se/bug/?i=14406
- [108] = https://curl.se/bug/?i=14404
- [109] = https://curl.se/bug/?i=14405
- [110] = https://curl.se/bug/?i=14477
- [111] = https://curl.se/bug/?i=14469
- [112] = https://curl.se/bug/?i=14464
- [113] = https://curl.se/bug/?i=14535
- [114] = https://curl.se/bug/?i=14459
- [115] = https://curl.se/bug/?i=14467
- [116] = https://curl.se/bug/?i=14534
- [117] = https://curl.se/bug/?i=14568
- [118] = https://curl.se/bug/?i=14566
- [119] = https://curl.se/bug/?i=14540
- [120] = https://curl.se/bug/?i=14531
- [121] = https://curl.se/bug/?i=14562
- [122] = https://curl.se/bug/?i=14526
- [123] = https://curl.se/bug/?i=14525
- [124] = https://curl.se/bug/?i=14502
- [125] = https://curl.se/bug/?i=14501
- [126] = https://curl.se/bug/?i=14539
- [127] = https://curl.se/bug/?i=14414
- [128] = https://curl.se/bug/?i=14521
- [129] = https://curl.se/bug/?i=14527
- [130] = https://curl.se/bug/?i=14457
- [131] = https://curl.se/bug/?i=14514
- [132] = https://curl.se/bug/?i=14513
- [133] = https://curl.se/bug/?i=14511
- [134] = https://curl.se/bug/?i=14512
- [135] = https://curl.se/bug/?i=14515
- [136] = https://curl.se/bug/?i=14516
- [137] = https://curl.se/bug/?i=14510
- [138] = https://curl.se/bug/?i=14504
- [139] = https://curl.se/bug/?i=14564
- [140] = https://curl.se/bug/?i=14460
- [141] = https://curl.se/bug/?i=14627
- [142] = https://curl.se/bug/?i=14505
- [143] = https://curl.se/bug/?i=14543
- [144] = https://curl.se/bug/?i=14480
- [145] = https://curl.se/bug/?i=14458
- [146] = https://curl.se/bug/?i=13098
- [147] = https://curl.se/bug/?i=14483
- [148] = https://curl.se/bug/?i=14567
- [149] = https://curl.se/bug/?i=14557
- [150] = https://curl.se/bug/?i=14556
- [151] = https://curl.se/bug/?i=14574
- [152] = https://curl.se/bug/?i=14631
- [153] = https://curl.se/bug/?i=14550
- [154] = https://curl.se/bug/?i=14533
- [155] = https://curl.se/bug/?i=14532
- [156] = https://curl.se/bug/?i=14541
- [157] = https://curl.se/bug/?i=14471
- [158] = https://curl.se/bug/?i=14545
- [159] = https://curl.se/bug/?i=14407
- [160] = https://curl.se/bug/?i=14656
- [161] = https://curl.se/bug/?i=14319
- [162] = https://curl.se/bug/?i=14444
- [163] = https://curl.se/bug/?i=14626
- [164] = https://curl.se/bug/?i=14561
- [165] = https://curl.se/bug/?i=14629
- [166] = https://curl.se/bug/?i=14618
- [167] = https://curl.se/bug/?i=14614
- [168] = https://curl.se/bug/?i=14677
- [169] = https://curl.se/bug/?i=14565
- [170] = https://curl.se/bug/?i=14548
- [171] = https://curl.se/bug/?i=14623
- [172] = https://curl.se/bug/?i=14558
- [173] = https://curl.se/bug/?i=14622
- [174] = https://curl.se/bug/?i=14616
- [175] = https://curl.se/bug/?i=14641
- [176] = https://curl.se/bug/?i=14617
- [177] = https://curl.se/bug/?i=14612
- [178] = https://curl.se/bug/?i=14708
- [179] = https://curl.se/mail/lib-2024-08/0023.html
- [180] = https://curl.se/bug/?i=14653
- [181] = https://curl.se/bug/?i=14591
- [182] = https://curl.se/bug/?i=14634
- [183] = https://curl.se/bug/?i=14555
- [184] = https://curl.se/bug/?i=14634
- [185] = https://curl.se/bug/?i=14368
- [186] = https://curl.se/bug/?i=12129
- [187] = https://curl.se/bug/?i=14634
- [188] = https://curl.se/bug/?i=14575
- [189] = https://curl.se/bug/?i=14634
- [190] = https://curl.se/bug/?i=14648
- [191] = https://curl.se/bug/?i=14699
- [192] = https://curl.se/bug/?i=14737
- [193] = https://curl.se/bug/?i=14201
- [194] = https://curl.se/bug/?i=14736
- [195] = https://curl.se/bug/?i=14168
- [196] = https://curl.se/bug/?i=14670
- [197] = https://curl.se/bug/?i=14647
- [198] = https://curl.se/bug/?i=14735
- [199] = https://curl.se/bug/?i=14697
- [200] = https://curl.se/bug/?i=14588
- [201] = https://curl.se/bug/?i=14587
- [202] = https://curl.se/bug/?i=14586
- [203] = https://curl.se/bug/?i=14585
- [204] = https://curl.se/bug/?i=14621
- [205] = https://curl.se/bug/?i=14611
- [206] = https://curl.se/bug/?i=14642
- [207] = https://curl.se/bug/?i=14640
- [208] = https://curl.se/bug/?i=14626
- [209] = https://curl.se/bug/?i=14761
- [210] = https://curl.se/bug/?i=12606
- [211] = https://curl.se/bug/?i=14732
- [213] = https://curl.se/bug/?i=14701
- [214] = https://curl.se/bug/?i=14696
- [215] = https://curl.se/bug/?i=14668
- [216] = https://curl.se/bug/?i=14795
- [217] = https://curl.se/bug/?i=14717
- [218] = https://curl.se/bug/?i=14688
- [219] = https://curl.se/bug/?i=14717
- [220] = https://curl.se/bug/?i=14684
- [221] = https://curl.se/bug/?i=14751
- [222] = https://curl.se/bug/?i=14756
- [223] = https://curl.se/bug/?i=14674
- [224] = https://curl.se/bug/?i=14673
- [225] = https://curl.se/bug/?i=14672
- [226] = https://curl.se/bug/?i=14671
- [227] = https://curl.se/bug/?i=14718
- [228] = https://curl.se/bug/?i=14703
- [229] = https://curl.se/bug/?i=14720
- [230] = https://curl.se/bug/?i=14722
- [231] = https://curl.se/bug/?i=14758
- [232] = https://curl.se/bug/?i=14709
- [233] = https://curl.se/bug/?i=14749
- [234] = https://curl.se/bug/?i=14660
- [235] = https://curl.se/bug/?i=14749
- [236] = https://curl.se/bug/?i=14739
- [237] = https://curl.se/bug/?i=14797
- [238] = https://curl.se/bug/?i=14796
- [239] = https://curl.se/bug/?i=14753
- [240] = https://curl.se/bug/?i=14830
- [241] = https://curl.se/bug/?i=13509
- [242] = https://curl.se/bug/?i=14823
- [243] = https://curl.se/bug/?i=14820
- [244] = https://curl.se/bug/?i=14714
- [246] = https://curl.se/bug/?i=14784
- [247] = https://curl.se/bug/?i=14777
- [248] = https://curl.se/bug/?i=14785
- [249] = https://curl.se/bug/?i=14814
- [250] = https://curl.se/bug/?i=14780
- [251] = https://curl.se/bug/?i=14776
- [252] = https://curl.se/bug/?i=14770
- [253] = https://curl.se/bug/?i=14812
- [254] = https://curl.se/bug/?i=14804
- [256] = https://curl.se/bug/?i=14802
+ [1] = https://curl.se/bug/?i=14852
+ [2] = https://curl.se/bug/?i=14850
+ [3] = https://curl.se/bug/?i=14879
+ [4] = https://curl.se/bug/?i=14884
+ [5] = https://curl.se/bug/?i=14886
+ [6] = https://curl.se/bug/?i=14887
+ [7] = https://curl.se/bug/?i=14870
+ [8] = https://curl.se/bug/?i=14872
+ [9] = https://curl.se/bug/?i=14897
+ [10] = https://curl.se/bug/?i=14857
+ [11] = https://curl.se/bug/?i=14863
+ [12] = https://curl.se/bug/?i=14840
+ [13] = https://curl.se/bug/?i=14858
+ [14] = https://curl.se/bug/?i=14860
+ [15] = https://curl.se/bug/?i=14898
+ [16] = https://curl.se/bug/?i=14889
+ [18] = https://curl.se/bug/?i=14889
+ [19] = https://curl.se/bug/?i=14939
+ [20] = https://curl.se/bug/?i=14927
+ [21] = https://marc.info/?l=git&m=172620452502747&w=2
+ [22] = https://curl.se/bug/?i=14835
+ [24] = https://curl.se/bug/?i=14919
+ [33] = https://curl.se/bug/?i=14899
+ [34] = https://curl.se/bug/?i=14873
diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index 89821c3944..5c14145af3 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -454,6 +454,7 @@ Captain Basil Carie Pointer
Carl Zogheib
Carlo Alberto
+Carlo Cabrera
Carlo Cannas
Carlo Marcelo Arenas Belón
Carlo Teubner
@@ -1010,6 +1011,7 @@ fuzzard Gabe
Gabriel Corona
Gabriel Kuri
+Gabriel Marin
Gabriel Simmer
Gabriel Sjoberg
Gaelan Steele
@@ -1533,6 +1535,7 @@ Judson Bishop Juergen Hoetzel
Juergen Wilke
Jukka Pihl
+Julian K.
Julian Montes
Julian Noble
Julian Ospald
@@ -2135,6 +2138,7 @@ Neil Bowers Neil Dunbar
Neil Kolban
Neil Spring
+nekopsykose on github
neutric on github
nevv on HackerOne/curl
Niall McGee
@@ -2271,6 +2275,7 @@ Patrick Rapin Patrick Schlangen
Patrick Scott
Patrick Smith
+Patrick Steinhardt
Patrick Watson
Patrik Thunstrom
Pau Garcia i Quiles
@@ -2445,6 +2450,7 @@ Ralph Langendam Ralph Mitchell
Ram Krushna Mishra
Ramiro Garcia
+rampageX on github
ramsay-jones on github
Ran Mozes
RanBarLavie on github
@@ -3064,6 +3070,7 @@ Venkat Akella Venkat Krishna R
Venkataramana Mokkapati
Vicente Garcia
+Victor Kislov
Victor Magierski
Victor Snezhko
Victor Vieux
diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h index 8c81b42d15..68e26068a4 100644 --- a/libs/libcurl/include/curl/curlver.h +++ b/libs/libcurl/include/curl/curlver.h @@ -32,13 +32,13 @@ /* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "8.10.0"
+#define LIBCURL_VERSION "8.10.1"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 8
#define LIBCURL_VERSION_MINOR 10
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
/* This is the numeric version of the libcurl version number, meant for easier
parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -59,7 +59,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x080a00
+#define LIBCURL_VERSION_NUM 0x080a01
/*
* This is the date and time when the full source package was created. The
@@ -70,7 +70,7 @@ *
* "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "2024-09-11"
+#define LIBCURL_TIMESTAMP "2024-09-18"
#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
#define CURL_AT_LEAST_VERSION(x,y,z) \
diff --git a/libs/libcurl/src/cf-https-connect.c b/libs/libcurl/src/cf-https-connect.c index 2597c0eee5..31a0ac65e8 100644 --- a/libs/libcurl/src/cf-https-connect.c +++ b/libs/libcurl/src/cf-https-connect.c @@ -189,7 +189,6 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, switch(cf->conn->alpn) {
case CURL_HTTP_VERSION_3:
- infof(data, "using HTTP/3");
break;
case CURL_HTTP_VERSION_2:
#ifdef USE_NGHTTP2
@@ -202,10 +201,8 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, return result;
}
#endif
- infof(data, "using HTTP/2");
break;
default:
- infof(data, "using HTTP/1.x");
break;
}
ctx->state = CF_HC_SUCCESS;
diff --git a/libs/libcurl/src/cf-socket.c b/libs/libcurl/src/cf-socket.c index 50b5b51865..97e13903c5 100644 --- a/libs/libcurl/src/cf-socket.c +++ b/libs/libcurl/src/cf-socket.c @@ -1749,7 +1749,11 @@ static CURLcode cf_socket_query(struct Curl_cfilter *cf, return CURLE_OK;
}
case CF_QUERY_IP_INFO:
+#ifdef USE_IPV6
*pres1 = (ctx->addr.family == AF_INET6)? TRUE : FALSE;
+#else
+ *pres1 = FALSE;
+#endif
*(struct ip_quadruple *)pres2 = ctx->ip;
return CURLE_OK;
default:
diff --git a/libs/libcurl/src/cfilters.c b/libs/libcurl/src/cfilters.c index 7ec8f3a79f..b93362aacb 100644 --- a/libs/libcurl/src/cfilters.c +++ b/libs/libcurl/src/cfilters.c @@ -437,6 +437,7 @@ CURLcode Curl_conn_connect(struct Curl_easy *data, cf_cntrl_update_info(data, data->conn);
conn_report_connect_stats(data, data->conn);
data->conn->keepalive = Curl_now();
+ Curl_verboseconnect(data, data->conn, sockindex);
}
else if(result) {
conn_report_connect_stats(data, data->conn);
diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h index 2e6261c745..17924e3dec 100644 --- a/libs/libcurl/src/config-win32.h +++ b/libs/libcurl/src/config-win32.h @@ -149,10 +149,6 @@ /* Define if you have the select function. */
#define HAVE_SELECT 1
-/* Define if libSSH2 is in use */
-#define USE_LIBSSH2 1
-#define HAVE_LIBSSH2_H 1
-
/* Define if you have the setlocale function. */
#define HAVE_SETLOCALE 1
@@ -478,9 +474,6 @@ Vista #define USE_WIN32_LDAP 1
#endif
-/* if SSL is enabled */
-#define USE_OPENSSL 1
-
/* Define to use the Windows crypto library. */
#if !defined(CURL_WINDOWS_APP)
#define USE_WIN32_CRYPTO
diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c index 651b7ff467..ac8d271d35 100644 --- a/libs/libcurl/src/connect.c +++ b/libs/libcurl/src/connect.c @@ -547,9 +547,11 @@ static CURLcode baller_start_next(struct Curl_cfilter *cf, {
if(cf->sockindex == FIRSTSOCKET) {
baller_next_addr(baller);
- /* If we get inconclusive answers from the server(s), we make
- * a second iteration over the address list */
- if(!baller->addr && baller->inconclusive && !baller->rewinded)
+ /* If we get inconclusive answers from the server(s), we start
+ * again until this whole thing times out. This allows us to
+ * connect to servers that are gracefully restarting and the
+ * packet routing to the new instance has not happened yet (e.g. QUIC). */
+ if(!baller->addr && baller->inconclusive)
baller_rewind(baller);
baller_start(cf, data, baller, timeoutms);
}
@@ -800,8 +802,10 @@ static CURLcode start_connect(struct Curl_cfilter *cf, }
else {
/* no user preference, we try ipv6 always first when available */
+#ifdef USE_IPV6
ai_family0 = AF_INET6;
addr0 = addr_first_match(remotehost->addr, ai_family0);
+#endif
/* next candidate is ipv4 */
ai_family1 = AF_INET;
addr1 = addr_first_match(remotehost->addr, ai_family1);
@@ -965,7 +969,17 @@ static CURLcode cf_he_connect(struct Curl_cfilter *cf, if(cf->conn->handler->protocol & PROTO_FAMILY_SSH)
Curl_pgrsTime(data, TIMER_APPCONNECT); /* we are connected already */
- Curl_verboseconnect(data, cf->conn, cf->sockindex);
+ if(Curl_trc_cf_is_verbose(cf, data)) {
+ struct ip_quadruple ipquad;
+ int is_ipv6;
+ if(!Curl_conn_cf_get_ip_info(cf->next, data, &is_ipv6, &ipquad)) {
+ const char *host, *disphost;
+ int port;
+ cf->next->cft->get_host(cf->next, data, &host, &disphost, &port);
+ CURL_TRC_CF(data, cf, "Connected to %s (%s) port %u",
+ disphost, ipquad.remote_ip, ipquad.remote_port);
+ }
+ }
data->info.numconnects++; /* to track the # of connections made */
}
break;
diff --git a/libs/libcurl/src/curl_memrchr.c b/libs/libcurl/src/curl_memrchr.c index 4342b938b6..9b7ab8258b 100644 --- a/libs/libcurl/src/curl_memrchr.c +++ b/libs/libcurl/src/curl_memrchr.c @@ -33,6 +33,9 @@ #include "memdebug.h"
#ifndef HAVE_MEMRCHR
+#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \
+ defined(USE_OPENSSL) || \
+ defined(USE_SCHANNEL)
/*
* Curl_memrchr()
@@ -61,4 +64,5 @@ Curl_memrchr(const void *s, int c, size_t n) return NULL;
}
+#endif
#endif /* HAVE_MEMRCHR */
diff --git a/libs/libcurl/src/curl_memrchr.h b/libs/libcurl/src/curl_memrchr.h index 7e2de316b6..dbced53b38 100644 --- a/libs/libcurl/src/curl_memrchr.h +++ b/libs/libcurl/src/curl_memrchr.h @@ -34,11 +34,15 @@ #endif
#else /* HAVE_MEMRCHR */
+#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \
+ defined(USE_OPENSSL) || \
+ defined(USE_SCHANNEL)
void *Curl_memrchr(const void *s, int c, size_t n);
#define memrchr(x,y,z) Curl_memrchr((x),(y),(z))
+#endif
#endif /* HAVE_MEMRCHR */
#endif /* HEADER_CURL_MEMRCHR_H */
diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h index 7f63658cee..dc56ee9d0b 100644 --- a/libs/libcurl/src/curl_setup.h +++ b/libs/libcurl/src/curl_setup.h @@ -102,6 +102,16 @@ # ifndef NOGDI
# define NOGDI
# endif
+/* Detect Windows App environment which has a restricted access
+ * to the Win32 APIs. */
+# if (defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0602)) || \
+ defined(WINAPI_FAMILY)
+# include <winapifamily.h>
+# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+ !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+# define CURL_WINDOWS_APP
+# endif
+# endif
#endif
/* Compatibility */
diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c index dd3180e592..dd90f54090 100644 --- a/libs/libcurl/src/ftp.c +++ b/libs/libcurl/src/ftp.c @@ -327,6 +327,7 @@ static void freedirs(struct ftp_conn *ftpc) Curl_safefree(ftpc->newhost);
}
+#ifdef CURL_PREFER_LF_LINEENDS
/***********************************************************************
*
* Lineend Conversions
@@ -415,6 +416,7 @@ static const struct Curl_cwtype ftp_cw_lc = { sizeof(struct ftp_cw_lc_ctx)
};
+#endif /* CURL_PREFER_LF_LINEENDS */
/***********************************************************************
*
* AcceptServerConnect()
@@ -4138,22 +4140,27 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done) CURLcode result = CURLE_OK;
struct connectdata *conn = data->conn;
struct ftp_conn *ftpc = &conn->proto.ftpc;
- /* FTP data may need conversion. */
- struct Curl_cwriter *ftp_lc_writer;
*done = FALSE; /* default to false */
ftpc->wait_data_conn = FALSE; /* default to no such wait */
- result = Curl_cwriter_create(&ftp_lc_writer, data, &ftp_cw_lc,
- CURL_CW_CONTENT_DECODE);
- if(result)
- return result;
+#ifdef CURL_PREFER_LF_LINEENDS
+ {
+ /* FTP data may need conversion. */
+ struct Curl_cwriter *ftp_lc_writer;
- result = Curl_cwriter_add(data, ftp_lc_writer);
- if(result) {
- Curl_cwriter_free(data, ftp_lc_writer);
- return result;
+ result = Curl_cwriter_create(&ftp_lc_writer, data, &ftp_cw_lc,
+ CURL_CW_CONTENT_DECODE);
+ if(result)
+ return result;
+
+ result = Curl_cwriter_add(data, ftp_lc_writer);
+ if(result) {
+ Curl_cwriter_free(data, ftp_lc_writer);
+ return result;
+ }
}
+#endif /* CURL_PREFER_LF_LINEENDS */
if(data->state.wildcardmatch) {
result = wc_statemach(data);
diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c index cb585b4571..65189e9dee 100644 --- a/libs/libcurl/src/http.c +++ b/libs/libcurl/src/http.c @@ -3283,10 +3283,13 @@ CURLcode Curl_http_size(struct Curl_easy *data) }
else if(k->size != -1) {
if(data->set.max_filesize &&
- k->size > data->set.max_filesize) {
+ !k->ignorebody &&
+ (k->size > data->set.max_filesize)) {
failf(data, "Maximum file size exceeded");
return CURLE_FILESIZE_EXCEEDED;
}
+ if(k->ignorebody)
+ infof(data, "setting size while ignoring");
Curl_pgrsSetDownloadSize(data, k->size);
k->maxdownload = k->size;
}
@@ -3625,13 +3628,6 @@ static CURLcode http_on_response(struct Curl_easy *data, }
- /* This is the last response that we will got for the current request.
- * Check on the body size and determine if the response is complete.
- */
- result = Curl_http_size(data);
- if(result)
- goto out;
-
/* If we requested a "no body", this is a good time to get
* out and return home.
*/
@@ -3651,6 +3647,12 @@ static CURLcode http_on_response(struct Curl_easy *data, /* final response without error, prepare to receive the body */
result = Curl_http_firstwrite(data);
+ if(!result)
+ /* This is the last response that we get for the current request.
+ * Check on the body size and determine if the response is complete.
+ */
+ result = Curl_http_size(data);
+
out:
if(last_hd) {
/* if not written yet, write it now */
diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c index 7ec8ad6fcb..cd83e564b1 100644 --- a/libs/libcurl/src/http2.c +++ b/libs/libcurl/src/http2.c @@ -1679,12 +1679,11 @@ static ssize_t req_body_read_callback(nghttp2_session *session, CURL_TRC_CF(data_s, cf, "[%d] req_body_read(len=%zu) eos=%d -> %zd, %d",
stream_id, length, stream->body_eos, nread, result);
- if(nread == 0)
- return NGHTTP2_ERR_DEFERRED;
- if(stream->body_eos && Curl_bufq_is_empty(&stream->sendbuf))
+ if(stream->body_eos && Curl_bufq_is_empty(&stream->sendbuf)) {
*data_flags = NGHTTP2_DATA_FLAG_EOF;
-
- return nread;
+ return nread;
+ }
+ return (nread == 0)? NGHTTP2_ERR_DEFERRED : nread;
}
#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c index 051bbd7efa..7aed3f5fc9 100644 --- a/libs/libcurl/src/multi.c +++ b/libs/libcurl/src/multi.c @@ -3688,6 +3688,8 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, void *hashp)
{
struct Curl_sh_entry *there = NULL;
+ if(!GOOD_MULTI_HANDLE(multi))
+ return CURLM_BAD_HANDLE;
there = sh_getentry(&multi->sockhash, s);
diff --git a/libs/libcurl/src/rand.c b/libs/libcurl/src/rand.c index 8cfd7d4a7e..d44bde4014 100644 --- a/libs/libcurl/src/rand.c +++ b/libs/libcurl/src/rand.c @@ -100,9 +100,9 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length) }
#endif
-#if !defined(USE_SSL) || defined(USE_RUSTLS)
+#if !defined(USE_SSL)
/* ---- possibly non-cryptographic version following ---- */
-CURLcode Curl_weak_random(struct Curl_easy *data,
+static CURLcode weak_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length) /* always 4, size of int */
{
@@ -151,7 +151,7 @@ CURLcode Curl_weak_random(struct Curl_easy *data, #ifdef USE_SSL
#define _random(x,y,z) Curl_ssl_random(x,y,z)
#else
-#define _random(x,y,z) Curl_weak_random(x,y,z)
+#define _random(x,y,z) weak_random(x,y,z)
#endif
static CURLcode randit(struct Curl_easy *data, unsigned int *rnd,
diff --git a/libs/libcurl/src/rand.h b/libs/libcurl/src/rand.h index 8a0c754d64..9d0442bcaa 100644 --- a/libs/libcurl/src/rand.h +++ b/libs/libcurl/src/rand.h @@ -36,11 +36,6 @@ CURLcode Curl_rand_bytes(struct Curl_easy *data, #define Curl_rand(a,b,c) Curl_rand_bytes((a), (b), (c))
#endif
-/* ---- non-cryptographic version following ---- */
-CURLcode Curl_weak_random(struct Curl_easy *data,
- unsigned char *rnd,
- size_t length);
-
/*
* Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random
* hexadecimal digits PLUS a null-terminating byte. It must be an odd number
diff --git a/libs/libcurl/src/request.c b/libs/libcurl/src/request.c index 011e8233c4..978d690e58 100644 --- a/libs/libcurl/src/request.c +++ b/libs/libcurl/src/request.c @@ -52,7 +52,11 @@ CURLcode Curl_req_soft_reset(struct SingleRequest *req, req->done = FALSE;
req->upload_done = FALSE;
+ req->upload_aborted = FALSE;
req->download_done = FALSE;
+ req->eos_written = FALSE;
+ req->eos_read = FALSE;
+ req->eos_sent = FALSE;
req->ignorebody = FALSE;
req->shutdown = FALSE;
req->bytecount = 0;
@@ -146,6 +150,7 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) req->download_done = FALSE;
req->eos_written = FALSE;
req->eos_read = FALSE;
+ req->eos_sent = FALSE;
req->upload_done = FALSE;
req->upload_aborted = FALSE;
req->ignorebody = FALSE;
@@ -214,15 +219,19 @@ static CURLcode xfer_send(struct Curl_easy *data, eos = TRUE;
}
result = Curl_xfer_send(data, buf, blen, eos, pnwritten);
- if(!result && *pnwritten) {
- if(hds_len)
- Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf,
- CURLMIN(hds_len, *pnwritten));
- if(*pnwritten > hds_len) {
- size_t body_len = *pnwritten - hds_len;
- Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len);
- data->req.writebytecount += body_len;
- Curl_pgrsSetUploadCounter(data, data->req.writebytecount);
+ if(!result) {
+ if(eos && (blen == *pnwritten))
+ data->req.eos_sent = TRUE;
+ if(*pnwritten) {
+ if(hds_len)
+ Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf,
+ CURLMIN(hds_len, *pnwritten));
+ if(*pnwritten > hds_len) {
+ size_t body_len = *pnwritten - hds_len;
+ Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len);
+ data->req.writebytecount += body_len;
+ Curl_pgrsSetUploadCounter(data, data->req.writebytecount);
+ }
}
}
return result;
@@ -304,8 +313,17 @@ static CURLcode req_flush(struct Curl_easy *data) return Curl_xfer_flush(data);
}
- if(!data->req.upload_done && data->req.eos_read &&
- Curl_bufq_is_empty(&data->req.sendbuf)) {
+ if(data->req.eos_read && !data->req.eos_sent) {
+ char tmp;
+ size_t nwritten;
+ result = xfer_send(data, &tmp, 0, 0, &nwritten);
+ if(result)
+ return result;
+ DEBUGASSERT(data->req.eos_sent);
+ }
+
+ if(!data->req.upload_done && data->req.eos_read && data->req.eos_sent) {
+ DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf));
if(data->req.shutdown) {
bool done;
result = Curl_xfer_send_shutdown(data, &done);
diff --git a/libs/libcurl/src/request.h b/libs/libcurl/src/request.h index 4b40889f3c..ab695ecea0 100644 --- a/libs/libcurl/src/request.h +++ b/libs/libcurl/src/request.h @@ -130,6 +130,7 @@ struct SingleRequest { BIT(download_done); /* set to TRUE when download is complete */
BIT(eos_written); /* iff EOS has been written to client */
BIT(eos_read); /* iff EOS has been read from the client */
+ BIT(eos_sent); /* iff EOS has been sent to the server */
BIT(rewind_read); /* iff reader needs rewind at next start */
BIT(upload_done); /* set to TRUE when all request data has been sent */
BIT(upload_aborted); /* set to TRUE when upload was aborted. Will also
diff --git a/libs/libcurl/src/sendf.c b/libs/libcurl/src/sendf.c index 92b21dc7ea..bba9f5b499 100644 --- a/libs/libcurl/src/sendf.c +++ b/libs/libcurl/src/sendf.c @@ -336,7 +336,7 @@ static CURLcode cw_download_write(struct Curl_easy *data, connclose(data->conn, "excess found in a read");
}
}
- else if(nwrite < nbytes) {
+ else if((nwrite < nbytes) && !data->req.ignorebody) {
failf(data, "Exceeded the maximum allowed file size "
"(%" FMT_OFF_T ") with %" FMT_OFF_T " bytes",
data->set.max_filesize, data->req.bytecount);
@@ -949,6 +949,7 @@ struct cr_lc_ctx { struct bufq buf;
BIT(read_eos); /* we read an EOS from the next reader */
BIT(eos); /* we have returned an EOS */
+ BIT(prev_cr); /* the last byte was a CR */
};
static CURLcode cr_lc_init(struct Curl_easy *data, struct Curl_creader *reader)
@@ -1005,10 +1006,15 @@ static CURLcode cr_lc_read(struct Curl_easy *data, goto out;
}
- /* at least one \n needs conversion to '\r\n', place into ctx->buf */
+ /* at least one \n might need conversion to '\r\n', place into ctx->buf */
for(i = start = 0; i < nread; ++i) {
- if(buf[i] != '\n')
+ /* if this byte is not an LF character, or if the preceding character is
+ a CR (meaning this already is a CRLF pair), go to next */
+ if((buf[i] != '\n') || ctx->prev_cr) {
+ ctx->prev_cr = (buf[i] == '\r');
continue;
+ }
+ ctx->prev_cr = false;
/* on a soft limit bufq, we do not need to check length */
result = Curl_bufq_cwrite(&ctx->buf, buf + start, i - start, &n);
if(!result)
@@ -1101,7 +1107,11 @@ static CURLcode do_init_reader_stack(struct Curl_easy *data, clen = r->crt->total_length(data, r);
/* if we do not have 0 length init, and crlf conversion is wanted,
* add the reader for it */
- if(clen && (data->set.crlf || data->state.prefer_ascii)) {
+ if(clen && (data->set.crlf
+#ifdef CURL_PREFER_LF_LINEENDS
+ || data->state.prefer_ascii
+#endif
+ )) {
result = cr_lc_add(data);
if(result)
return result;
diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c index 488266e9b5..f9902ad80a 100644 --- a/libs/libcurl/src/setopt.c +++ b/libs/libcurl/src/setopt.c @@ -1977,7 +1977,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Enable peer SSL verifying for proxy.
*/
data->set.proxy_ssl.primary.verifypeer =
- (0 != va_arg(param, long))?TRUE:FALSE;
+ (0 != va_arg(param, long));
/* Update the current connection proxy_ssl_config. */
Curl_ssl_conn_config_update(data, TRUE);
@@ -2016,7 +2016,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = va_arg(param, long);
/* Treat both 1 and 2 as TRUE */
- data->set.proxy_ssl.primary.verifyhost = (bool)((arg & 3)?TRUE:FALSE);
+ data->set.proxy_ssl.primary.verifyhost = !!(arg & 3);
/* Update the current connection proxy_ssl_config. */
Curl_ssl_conn_config_update(data, TRUE);
break;
@@ -2622,7 +2622,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break;
case CURLOPT_SSH_COMPRESSION:
- data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE;
+ data->set.ssh_compression = (0 != va_arg(param, long));
break;
#endif /* USE_SSH */
@@ -2986,7 +2986,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_TCP_FASTOPEN:
#if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) || \
defined(TCP_FASTOPEN_CONNECT)
- data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE;
+ data->set.tcp_fastopen = (0 != va_arg(param, long));
#else
result = CURLE_NOT_BUILT_IN;
#endif
@@ -3038,7 +3038,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.connect_to = va_arg(param, struct curl_slist *);
break;
case CURLOPT_SUPPRESS_CONNECT_HEADERS:
- data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE;
+ data->set.suppress_connect_headers = (0 != va_arg(param, long));
break;
case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS:
uarg = va_arg(param, unsigned long);
@@ -3058,7 +3058,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_DOH_URL:
result = Curl_setstropt(&data->set.str[STRING_DOH],
va_arg(param, char *));
- data->set.doh = data->set.str[STRING_DOH]?TRUE:FALSE;
+ data->set.doh = !!(data->set.str[STRING_DOH]);
break;
#endif
case CURLOPT_UPKEEP_INTERVAL_MS:
diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c index 22e3151245..55f868a8ec 100644 --- a/libs/libcurl/src/transfer.c +++ b/libs/libcurl/src/transfer.c @@ -424,53 +424,37 @@ CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp) struct SingleRequest *k = &data->req;
CURLcode result = CURLE_OK;
int didwhat = 0;
- int select_bits = 0;
DEBUGASSERT(nowp);
if(data->state.select_bits) {
if(select_bits_paused(data, data->state.select_bits)) {
/* leave the bits unchanged, so they'll tell us what to do when
* this transfer gets unpaused. */
- /* DEBUGF(infof(data, "sendrecv, select_bits, early return on PAUSED"));
- */
result = CURLE_OK;
goto out;
}
data->state.select_bits = 0;
- /* DEBUGF(infof(data, "sendrecv, select_bits %x, RUN", select_bits)); */
- select_bits = (CURL_CSELECT_OUT|CURL_CSELECT_IN);
- }
- else if(data->last_poll.num) {
- /* The transfer wanted something polled. Let's run all available
- * send/receives. Worst case we EAGAIN on some. */
- /* DEBUGF(infof(data, "sendrecv, had poll sockets, RUN")); */
- select_bits = (CURL_CSELECT_OUT|CURL_CSELECT_IN);
- }
- else if(data->req.keepon & KEEP_SEND_TIMED) {
- /* DEBUGF(infof(data, "sendrecv, KEEP_SEND_TIMED, RUN ul")); */
- select_bits = CURL_CSELECT_OUT;
}
#ifdef USE_HYPER
if(data->conn->datastream) {
- result = data->conn->datastream(data, data->conn, &didwhat, select_bits);
+ result = data->conn->datastream(data, data->conn, &didwhat,
+ CURL_CSELECT_OUT|CURL_CSELECT_IN);
if(result || data->req.done)
goto out;
}
else {
#endif
- /* We go ahead and do a read if we have a readable socket or if
- the stream was rewound (in which case we have data in a
- buffer) */
- if((k->keepon & KEEP_RECV) && (select_bits & CURL_CSELECT_IN)) {
+ /* We go ahead and do a read if we have a readable socket or if the stream
+ was rewound (in which case we have data in a buffer) */
+ if(k->keepon & KEEP_RECV) {
result = sendrecv_dl(data, k, &didwhat);
if(result || data->req.done)
goto out;
}
/* If we still have writing to do, we check if we have a writable socket. */
- if((Curl_req_want_send(data) || (data->req.keepon & KEEP_SEND_TIMED)) &&
- (select_bits & CURL_CSELECT_OUT)) {
+ if(Curl_req_want_send(data) || (data->req.keepon & KEEP_SEND_TIMED)) {
result = sendrecv_ul(data, &didwhat);
if(result)
goto out;
@@ -479,7 +463,7 @@ CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp) }
#endif
- if(select_bits && !didwhat) {
+ if(!didwhat) {
/* Transfer wanted to send/recv, but nothing was possible. */
result = Curl_conn_ev_data_idle(data);
if(result)
@@ -1253,8 +1237,8 @@ CURLcode Curl_xfer_send(struct Curl_easy *data, else if(!result && *pnwritten)
data->info.request_size += *pnwritten;
- DEBUGF(infof(data, "Curl_xfer_send(len=%zu) -> %d, %zu",
- blen, result, *pnwritten));
+ DEBUGF(infof(data, "Curl_xfer_send(len=%zu, eos=%d) -> %d, %zu",
+ blen, eos, result, *pnwritten));
return result;
}
diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c index 5977a41071..336afcdb7d 100644 --- a/libs/libcurl/src/url.c +++ b/libs/libcurl/src/url.c @@ -1274,6 +1274,21 @@ void Curl_verboseconnect(struct Curl_easy *data, infof(data, "Connected to %s (%s) port %u",
CURL_CONN_HOST_DISPNAME(conn), conn->primary.remote_ip,
conn->primary.remote_port);
+#if !defined(CURL_DISABLE_HTTP)
+ if(conn->handler->protocol & PROTO_FAMILY_HTTP) {
+ switch(conn->alpn) {
+ case CURL_HTTP_VERSION_3:
+ infof(data, "using HTTP/3");
+ break;
+ case CURL_HTTP_VERSION_2:
+ infof(data, "using HTTP/2");
+ break;
+ default:
+ infof(data, "using HTTP/1.x");
+ break;
+ }
+ }
+#endif
}
#endif
diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h index 009bbb6232..0ff53676b3 100644 --- a/libs/libcurl/src/urldata.h +++ b/libs/libcurl/src/urldata.h @@ -105,6 +105,12 @@ typedef unsigned int curl_prot_t; #define CURL_DEFAULT_USER "anonymous"
#define CURL_DEFAULT_PASSWORD "ftp@example.com"
+#if !defined(_WIN32) && !defined(MSDOS) && !defined(__EMX__)
+/* do FTP line-end CRLF => LF conversions on platforms that prefer LF-only. It
+ also means: keep CRLF line endings on the CRLF platforms */
+#define CURL_PREFER_LF_LINEENDS
+#endif
+
/* Convenience defines for checking protocols or their SSL based version. Each
protocol handler should only ever have a single CURLPROTO_ in its protocol
field. */
diff --git a/libs/libcurl/src/vquic/curl_ngtcp2.c b/libs/libcurl/src/vquic/curl_ngtcp2.c index 54f3ce6929..bee8689af6 100644 --- a/libs/libcurl/src/vquic/curl_ngtcp2.c +++ b/libs/libcurl/src/vquic/curl_ngtcp2.c @@ -129,7 +129,6 @@ struct cf_ngtcp2_ctx { nghttp3_settings h3settings;
struct curltime started_at; /* time the current attempt started */
struct curltime handshake_at; /* time connect handshake finished */
- struct curltime reconnect_at; /* time the next attempt should start */
struct bufc_pool stream_bufcp; /* chunk pool for streams */
struct dynbuf scratch; /* temp buffer for header construction */
struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */
@@ -2311,12 +2310,6 @@ static CURLcode cf_ngtcp2_connect(struct Curl_cfilter *cf, CF_DATA_SAVE(save, cf, data);
- if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) {
- /* Not time yet to attempt the next connect */
- CURL_TRC_CF(data, cf, "waiting for reconnect time");
- goto out;
- }
-
if(!ctx->qconn) {
ctx->started_at = now;
result = cf_connect_start(cf, data, &pktx);
diff --git a/libs/libcurl/src/vquic/curl_osslq.c b/libs/libcurl/src/vquic/curl_osslq.c index 1f83726e93..4ceceb5ad0 100644 --- a/libs/libcurl/src/vquic/curl_osslq.c +++ b/libs/libcurl/src/vquic/curl_osslq.c @@ -288,7 +288,6 @@ struct cf_osslq_ctx { struct curltime started_at; /* time the current attempt started */
struct curltime handshake_at; /* time connect handshake finished */
struct curltime first_byte_at; /* when first byte was recvd */
- struct curltime reconnect_at; /* time the next attempt should start */
struct bufc_pool stream_bufcp; /* chunk pool for streams */
struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */
size_t max_stream_window; /* max flow window for one stream */
@@ -1686,12 +1685,6 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf, now = Curl_now();
CF_DATA_SAVE(save, cf, data);
- if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) {
- /* Not time yet to attempt the next connect */
- CURL_TRC_CF(data, cf, "waiting for reconnect time");
- goto out;
- }
-
if(!ctx->tls.ossl.ssl) {
ctx->started_at = now;
result = cf_osslq_ctx_start(cf, data);
diff --git a/libs/libcurl/src/vquic/curl_quiche.c b/libs/libcurl/src/vquic/curl_quiche.c index 61b97e2119..fb84f9d709 100644 --- a/libs/libcurl/src/vquic/curl_quiche.c +++ b/libs/libcurl/src/vquic/curl_quiche.c @@ -96,7 +96,6 @@ struct cf_quiche_ctx { uint8_t scid[QUICHE_MAX_CONN_ID_LEN];
struct curltime started_at; /* time the current attempt started */
struct curltime handshake_at; /* time connect handshake finished */
- struct curltime reconnect_at; /* time the next attempt should start */
struct bufc_pool stream_bufcp; /* chunk pool for streams */
struct Curl_hash streams; /* hash `data->mid` to `stream_ctx` */
curl_off_t data_recvd;
@@ -1406,13 +1405,6 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, *done = FALSE;
vquic_ctx_update_time(&ctx->q);
- if(ctx->reconnect_at.tv_sec &&
- Curl_timediff(ctx->q.last_op, ctx->reconnect_at) < 0) {
- /* Not time yet to attempt the next connect */
- CURL_TRC_CF(data, cf, "waiting for reconnect time");
- goto out;
- }
-
if(!ctx->qconn) {
result = cf_quiche_ctx_open(cf, data);
if(result)
diff --git a/libs/libcurl/src/vtls/rustls.c b/libs/libcurl/src/vtls/rustls.c index 668c24dd43..18284eeffd 100644 --- a/libs/libcurl/src/vtls/rustls.c +++ b/libs/libcurl/src/vtls/rustls.c @@ -216,15 +216,15 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, }
rresult = rustls_connection_read(rconn,
- (uint8_t *)plainbuf + plain_bytes_copied,
- plainlen - plain_bytes_copied,
- &n);
+ (uint8_t *)plainbuf + plain_bytes_copied,
+ plainlen - plain_bytes_copied,
+ &n);
if(rresult == RUSTLS_RESULT_PLAINTEXT_EMPTY) {
backend->data_in_pending = FALSE;
}
else if(rresult == RUSTLS_RESULT_UNEXPECTED_EOF) {
failf(data, "rustls: peer closed TCP connection "
- "without first closing TLS connection");
+ "without first closing TLS connection");
*err = CURLE_RECV_ERROR;
nread = -1;
goto out;
@@ -436,7 +436,7 @@ cr_get_selected_ciphers(struct Curl_easy *data, size_t *selected_size)
{
size_t supported_len = *selected_size;
- size_t default_len = rustls_default_ciphersuites_len();
+ size_t default_len = rustls_default_crypto_provider_ciphersuites_len();
const struct rustls_supported_ciphersuite *entry;
const char *ciphers = ciphers12;
size_t count = 0, default13_count = 0, i, j;
@@ -447,10 +447,9 @@ cr_get_selected_ciphers(struct Curl_easy *data, if(!ciphers13) {
/* Add default TLSv1.3 ciphers to selection */
for(j = 0; j < default_len; j++) {
- struct rustls_str s;
- entry = rustls_default_ciphersuites_get_entry(j);
- s = rustls_supported_ciphersuite_get_name(entry);
- if(s.len < 5 || strncmp(s.data, "TLS13", 5) != 0)
+ entry = rustls_default_crypto_provider_ciphersuites_get(j);
+ if(rustls_supported_ciphersuite_protocol_version(entry) !=
+ RUSTLS_TLS_VERSION_TLSV1_3)
continue;
selected[count++] = entry;
@@ -471,7 +470,7 @@ add_ciphers: /* Check if cipher is supported */
if(id) {
for(i = 0; i < supported_len; i++) {
- entry = rustls_all_ciphersuites_get_entry(i);
+ entry = rustls_default_crypto_provider_ciphersuites_get(i);
if(rustls_supported_ciphersuite_get_suite(entry) == id)
break;
}
@@ -505,10 +504,9 @@ add_ciphers: if(!ciphers12) {
/* Add default TLSv1.2 ciphers to selection */
for(j = 0; j < default_len; j++) {
- struct rustls_str s;
- entry = rustls_default_ciphersuites_get_entry(j);
- s = rustls_supported_ciphersuite_get_name(entry);
- if(s.len < 5 || strncmp(s.data, "TLS13", 5) == 0)
+ entry = rustls_default_crypto_provider_ciphersuites_get(j);
+ if(rustls_supported_ciphersuite_protocol_version(entry) ==
+ RUSTLS_TLS_VERSION_TLSV1_3)
continue;
/* No duplicates allowed (so selected cannot overflow) */
@@ -529,6 +527,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, {
struct ssl_connect_data *connssl = cf->ctx;
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+ struct rustls_crypto_provider_builder *custom_provider_builder = NULL;
+ const struct rustls_crypto_provider *custom_provider = NULL;
struct rustls_connection *rconn = NULL;
struct rustls_client_config_builder *config_builder = NULL;
const struct rustls_root_cert_store *roots = NULL;
@@ -554,7 +554,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, };
size_t tls_versions_len = 2;
const struct rustls_supported_ciphersuite **cipher_suites;
- size_t cipher_suites_len = rustls_default_ciphersuites_len();
+ size_t cipher_suites_len =
+ rustls_default_crypto_provider_ciphersuites_len();
switch(conn_config->version) {
case CURL_SSLVERSION_DEFAULT:
@@ -604,8 +605,35 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, return CURLE_SSL_CIPHER;
}
- result = rustls_client_config_builder_new_custom(cipher_suites,
- cipher_suites_len,
+ result = rustls_crypto_provider_builder_new_from_default(
+ &custom_provider_builder);
+ if(result != RUSTLS_RESULT_OK) {
+ failf(data,
+ "rustls: failed to create crypto provider builder from default");
+ return CURLE_SSL_ENGINE_INITFAILED;
+ }
+
+ result =
+ rustls_crypto_provider_builder_set_cipher_suites(
+ custom_provider_builder,
+ cipher_suites,
+ cipher_suites_len);
+ if(result != RUSTLS_RESULT_OK) {
+ failf(data,
+ "rustls: failed to set ciphersuites for crypto provider builder");
+ rustls_crypto_provider_builder_free(custom_provider_builder);
+ return CURLE_SSL_ENGINE_INITFAILED;
+ }
+
+ result = rustls_crypto_provider_builder_build(
+ custom_provider_builder, &custom_provider);
+ if(result != RUSTLS_RESULT_OK) {
+ failf(data, "rustls: failed to build custom crypto provider");
+ rustls_crypto_provider_builder_free(custom_provider_builder);
+ return CURLE_SSL_ENGINE_INITFAILED;
+ }
+
+ result = rustls_client_config_builder_new_custom(custom_provider,
tls_versions,
tls_versions_len,
&config_builder);
@@ -616,6 +644,9 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, }
}
+ rustls_crypto_provider_builder_free(custom_provider_builder);
+ rustls_crypto_provider_free(custom_provider);
+
if(connssl->alpn) {
struct alpn_proto_buf proto;
rustls_slice_bytes alpn[ALPN_ENTRIES_MAX];
@@ -646,8 +677,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(result != RUSTLS_RESULT_OK) {
failf(data, "rustls: failed to parse trusted certificates from blob");
rustls_root_cert_store_builder_free(roots_builder);
- rustls_client_config_free(
- rustls_client_config_builder_build(config_builder));
+ rustls_client_config_builder_free(config_builder);
return CURLE_SSL_CACERT_BADFILE;
}
}
@@ -658,8 +688,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(result != RUSTLS_RESULT_OK) {
failf(data, "rustls: failed to load trusted certificates");
rustls_root_cert_store_builder_free(roots_builder);
- rustls_client_config_free(
- rustls_client_config_builder_build(config_builder));
+ rustls_client_config_builder_free(config_builder);
return CURLE_SSL_CACERT_BADFILE;
}
}
@@ -667,9 +696,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, result = rustls_root_cert_store_builder_build(roots_builder, &roots);
rustls_root_cert_store_builder_free(roots_builder);
if(result != RUSTLS_RESULT_OK) {
- failf(data, "rustls: failed to load trusted certificates");
- rustls_client_config_free(
- rustls_client_config_builder_build(config_builder));
+ failf(data, "rustls: failed to build trusted root certificate store");
+ rustls_client_config_builder_free(config_builder);
return CURLE_SSL_CACERT_BADFILE;
}
@@ -702,10 +730,9 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, verifier_builder, &server_cert_verifier);
rustls_web_pki_server_cert_verifier_builder_free(verifier_builder);
if(result != RUSTLS_RESULT_OK) {
- failf(data, "rustls: failed to load trusted certificates");
+ failf(data, "rustls: failed to build certificate verifier");
rustls_server_cert_verifier_free(server_cert_verifier);
- rustls_client_config_free(
- rustls_client_config_builder_build(config_builder));
+ rustls_client_config_builder_free(config_builder);
return CURLE_SSL_CACERT_BADFILE;
}
@@ -714,7 +741,15 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, rustls_server_cert_verifier_free(server_cert_verifier);
}
- backend->config = rustls_client_config_builder_build(config_builder);
+ result = rustls_client_config_builder_build(
+ config_builder,
+ &backend->config);
+ if(result != RUSTLS_RESULT_OK) {
+ failf(data, "rustls: failed to build client config");
+ rustls_client_config_free(backend->config);
+ return CURLE_SSL_ENGINE_INITFAILED;
+ }
+
DEBUGASSERT(rconn == NULL);
result = rustls_client_connection_new(backend->config,
connssl->peer.hostname, &rconn);
@@ -810,10 +845,7 @@ cr_connect_common(struct Curl_cfilter *cf, /* REALLY Done with the handshake. */
{
uint16_t proto = rustls_connection_get_protocol_version(rconn);
- const rustls_supported_ciphersuite *rcipher =
- rustls_connection_get_negotiated_ciphersuite(rconn);
- uint16_t cipher = rcipher ?
- rustls_supported_ciphersuite_get_suite(rcipher) : 0;
+ uint16_t cipher = rustls_connection_get_negotiated_ciphersuite(rconn);
char buf[64] = "";
const char *ver = "TLS version unknown";
if(proto == RUSTLS_TLS_VERSION_TLSV1_3)
@@ -1024,6 +1056,16 @@ static size_t cr_version(char *buffer, size_t size) return msnprintf(buffer, size, "%.*s", (int)ver.len, ver.data);
}
+static CURLcode
+cr_random(struct Curl_easy *data, unsigned char *entropy, size_t length)
+{
+ rustls_result rresult = 0;
+ (void)data;
+ rresult =
+ rustls_default_crypto_provider_random(entropy, length);
+ return map_error(rresult);
+}
+
const struct Curl_ssl Curl_ssl_rustls = {
{ CURLSSLBACKEND_RUSTLS, "rustls" },
SSLSUPP_CAINFO_BLOB | /* supports */
@@ -1038,7 +1080,7 @@ const struct Curl_ssl Curl_ssl_rustls = { Curl_none_check_cxn, /* check_cxn */
cr_shutdown, /* shutdown */
cr_data_pending, /* data_pending */
- Curl_weak_random, /* random */
+ cr_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */
cr_connect_blocking, /* connect */
cr_connect_nonblocking, /* connect_nonblocking */
diff --git a/libs/libcurl/src/vtls/vtls.h b/libs/libcurl/src/vtls/vtls.h index 10c78c386e..c716b2c6f8 100644 --- a/libs/libcurl/src/vtls/vtls.h +++ b/libs/libcurl/src/vtls/vtls.h @@ -93,7 +93,7 @@ CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data, void Curl_ssl_conn_config_cleanup(struct connectdata *conn);
/**
- * Return TRUE iff SSL configuration from `conn` is functionally the
+ * Return TRUE iff SSL configuration from `data` is functionally the
* same as the one on `candidate`.
* @param proxy match the proxy SSL config or the main one
*/
|