diff options
50 files changed, 883 insertions, 1192 deletions
diff --git a/libs/libcurl/docs/RELEASE-NOTES b/libs/libcurl/docs/RELEASE-NOTES index ef4c109d18..3a3787bb36 100644 --- a/libs/libcurl/docs/RELEASE-NOTES +++ b/libs/libcurl/docs/RELEASE-NOTES @@ -1,287 +1,95 @@ -curl and libcurl 8.11.0
+curl and libcurl 8.11.1
- Public curl releases: 262
+ Public curl releases: 263
Command line options: 266
curl_easy_setopt() options: 306
Public functions in libcurl: 94
- Contributors: 3267
+ Contributors: 3298
This release includes the following changes:
- o curl: --create-dirs works for --dump-header as well [4]
- o gtls: Add P12 format support [9]
- o ipfs: add options to disable [8]
- o TLS: TLSv1.3 earlydata support for curl [140]
- o WebSockets: make support official (non-experimental) [106]
This release includes the following bugfixes:
- o alt-svc: honor data->state.httpwant [19]
- o altsvc: avoid using local buffer and memcpy [124]
- o asyn-ares: remove typecast, fix expire [113]
- o autotools: add support for 'unity' builds, enable in CI [15]
- o bearssl: avoid strpcy() when generating TLS version log message [120]
- o bearssl: improved session handling, test exceptions [233]
- o bufq: unwrite fix [121]
- o build: add `ldap` to `libcurl.pc` `Requires:` [139]
- o build: add pytest targets [71]
- o build: clarify CA embed is for curl tool, mark default, improve summary [72]
- o build: detect and use `_setmode()` with Cygwin/MSYS, also use on Windows [136]
- o build: disable warning `-Wunreachable-code-break` [195]
- o build: fix clang-cl builds, add CI job [254]
- o build: fix cross-compile check for poll with bionic [70]
- o build: fix possible `-Wformat-overflow` in lib557 [85]
- o build: limit arc4random detection to no-SSL configs [43]
- o build: show if CA bundle to embed was found [83]
- o build: tidy up and improve versioned-symbols options [5]
- o build: tidy up deprecation suppression, enable warnings for clang [12]
- o certs: add missing `-CAcreateserial` option for LibreSSL [247]
- o checksrc: add check for spaces around logical AND operators [220]
- o checksrc: Added checks for colon operator in ternary expressions [77]
- o checksrc: check for spaces around '?', '>' and '<' [46]
- o ci: dump `curl_config.h` to log in all jobs [199]
- o CI: run with standard mod_http2 [214]
- o cmake, Makefile.mk: use -isystem for headers, silence BearSSL issues [37]
- o cmake/FindCares: fix version detection for c-ares 1.34.1 [209]
- o cmake/FindNGTCP2: use library path as hint for finding crypto module [40]
- o cmake: add missed variable to comment
- o cmake: add native `pkg-config` detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL [149]
- o cmake: allow building tests in unity mode [31]
- o cmake: apply `WIN32_LEAN_AND_MEAN` to all feature checks
- o cmake: avoid setting `BUILD_TESTING` [179]
- o cmake: clear package version after `pkg-config` detection [207]
- o cmake: delete unused NEED_LBER_H, HAVE_LDAP_H [38]
- o cmake: detect `HAVE_NETINET_IN6_H`, `HAVE_CLOSESOCKET_CAMEL`, `HAVE_PROTO_BSDSOCKET_H` [132]
- o cmake: detect GNU GSS [127]
- o cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled [44]
- o cmake: do not propagate unused `HAVE_GSSAPI_GSSAPI_KRB5_H` to C [131]
- o cmake: document `-D` and env build options [208]
- o cmake: drop obsolete items from `TODO` and `INSTALL-CMAKE` [228]
- o cmake: drop redundant assignments [49]
- o cmake: drop redundant zlib var, rename function (internals) [50]
- o cmake: expand CURL_USE_PKGCONFIG to non-cross MINGW [13]
- o cmake: fix broken dependency chain for cmdline-opts, tidy-ups [11]
- o cmake: fix compile warnings for clang-cl [218]
- o cmake: fix missing spacing in log message [205]
- o cmake: limit `CURL_STATIC_CRT` to MSVC [217]
- o cmake: make `test-ci` target skip building dependencies [88]
- o cmake: mark as advanced some internal Find* variables [212]
- o cmake: readd `generate-curl.1` dependency for `src` just in case [86]
- o cmake: rename LDAP dependency config variables to match Find modules [144]
- o cmake: replace `check_include_file_concat()` for LDAP and GSS detection [143]
- o cmake: replace `CURL_*_DIR` with `{PROJECT,CMAKE_CURRENT}_*_DIR` [211]
- o cmake: require quictls (or fork) when using msh3 on non-Windows [14]
- o cmake: separate target for examples, optimize CI, fix fallouts [16]
- o cmake: set version for `project()` and add CPack support [123]
- o cmake: stop adding dependency headers to global `CMAKE_REQUIRED_INCLUDES` [146]
- o cmake: sync torture test parallelism with autotools [35]
- o cmake: tidy up `CURL_DISABLE_FORM_API` initialization [225]
- o cmake: tidy up and shorten symbol hiding initialization [213]
- o cmake: tidy up line order
- o cmake: tidy up picky warning initialization [215]
- o cmake: tidy-ups and rebase fixups [191]
- o cmake: tweaks around debug mode and hidden symbols [194]
- o cmake: untangle feature detection interdependencies [198]
- o cmake: use `list(APPEND)` on `CURL_INCLUDES` [223]
- o cmake: use OpenSSL for LDAP detection only if available [102]
- o cmake: use the `BSD` variable [210]
- o config: rename the OS define to CURL_OS to reduce collision risk [256]
- o configure: add GSS to `libcurl.pc` `Depends:` [126]
- o configure: catch Apple in more target triplets [6]
- o configure: drop duplicate feature checks for `poll()`, `if_nametoindex()` [135]
- o configure: drop unused bare `socket.h` detection [133]
- o configure: improve help string for some options [78]
- o conncache: find bundle again in case it is removed [129]
- o conncache: more efficient implementation of cpool_remove_bundle [176]
- o cookie: overhaul and cleanup [142]
- o curl-rustls.m4: set linker flags to allow rustls build on macos [186]
- o curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs [174]
- o curl: add build options for safe/no CA bundle search (Windows) [26]
- o curl: detect ECH support dynamically, not at build time [230]
- o curl_addrinfo: support operating systems with only getaddrinfo(3) [239]
- o curl_multi_perform.md: fix typo [224]
- o curl_trc: fix build with verbose messages disabled [79]
- o curl_url_set.md: document HOST handling when URL is parsed [2]
- o curl_ws_recv.md: the 'meta' pointer is only returned on success [221]
- o curl_ws_recv: return recv 0 and point meta to NULL on all errors [222]
- o CURLMOPT_PIPELINING.md: clarify that CURLPIPE_NOTHING is not default [54]
- o CURLOPT_APPEND.md: goes for SFTP as well [128]
- o CURLOPT_HEADERFUNCTION.md: do not modify the passed in buffer [107]
- o DISABLED: disable test 1060 with hyper [154]
- o DISTROS: avoid use of "very"
- o Dockerfile: update Docker digest to d830561 [226]
- o docs/cmdline-opts: GnuTLS supports PKCS#11 URI in --cert option [101]
- o docs: clarify FTP over HTTP proxy functionality somewhat [203]
- o docs: fix a typo in some cipher options
- o ech: spelling, whitespace, say `--ech` default config [137]
- o ftp: fix 0-length last write on upload from stdin [76]
- o ftp: move listen handling to socket filter [183]
- o GHA: optimize test prereq steps [188]
- o gnutls: use session cache for QUIC [196]
- o hsts: avoid the local buffer and memcpy on lookup [125]
- o hsts: improve subdomain handling [158]
- o hsts: support "implied LWS" properly around max-age [229]
- o http2: auto reset stream on server eos [147]
- o http_aws_sigv4: avoid local buffer and strcpy [92]
- o INSTALL-CMAKE.md: mention focus on shared libraries [73]
- o INSTALL-CMAKE: fix punctuation and a typo
- o INSTALL.md: fix a typo that slipped in to RISC OS
- o json.md: cli-option `--json` is an alias of `--data-binary` [89]
- o lib, src, tests: added space around ternary expressions [56]
- o lib/cw-out: initialize 'flush_all' directly [62]
- o lib/src: white space edits to comply better with code style [47]
- o lib: avoid assigning 'result' temporarily [97]
- o lib: fix disabled-verbose-strings + enable-debug build warnings
- o lib: fix unity builds with BearSSL, MSH3, Quiche, OmniOS [32]
- o lib: move curl_path.[ch] into vssh/ [182]
- o lib: msnprintf tidy-ups [245]
- o lib: remove Curl_ prefix from static functions [202]
- o lib: remove function pointer typecasts for hmac/sha256/md5 [175]
- o lib: use bool/TRUE/FALSE properly [48]
- o libcurl/opts: improve phrasing for connection cap related options [145]
- o libssh.c: handle EGAINS during proto-connect correctly [23]
- o libssh2: delete duplicate `break` [190]
- o libssh2: put the readdir buffers into struct [170]
- o libssh2: use the Curl_* memory functions to avoid memdebug [22]
- o libssh2: use the filename buffer when getting the homedir [169]
- o libtests: generate the lib1521 atomically [148]
- o mbedTLS: fix handling of TLSv1.3 sessions [184]
- o mbedtls: handle session as blobs [234]
- o mbedtls: remove failf() use from mbedtls_random [255]
- o mk-lib1521: fix the long return code check [204]
- o mprintf: do not ignore length modifiers of `%o`, `%x`, `%X` [164]
- o mprintf: treat `%o` as unsigned, add tests for `%o`, `%x`, `%X` [162]
- o mqtt: fix mqtt.md wording and add clearer explanation [172]
- o multi.c: make stronger check for paused transfer before asserting [24]
- o multi.c: warn/assert on stall only without timer [80]
- o multi: avoid reading whole struct pointer from pointer [10]
- o multi: convert Curl_follow to static multi_follow [141]
- o multi: make curl_multi_cleanup invalidate magic latter [159]
- o multi: make multi_handle_timeout use the connect timeout [98]
- o multi: split multi_runsingle into sub functions [200]
- o negotiate: conditional check around GSS & SSL specific code [1]
- o netrc: cache the netrc file in memory [138]
- o ngtcp2: do not loop on recv [251]
- o ngtcp2: set max window size to 10x of initial (128KB) [232]
- o openssl quic: populate x509 store before handshake [117]
- o openssl: convert a memcpy to dynbuf use [57]
- o openssl: extend the OpenSSL error messages [238]
- o openssl: improve retries on shutdown [151]
- o openssl: remove two strcpy() calls [64]
- o OS400: don't delete source files when building with debug [235]
- o packages/OS400/curlmain: remove the strncpy calls [155]
- o processhelp.pm: improve taskkill calls (Windows) [52]
- o pytest: fix run against multissl curl [236]
- o pytest: improve pytest_07_42a reliability [118]
- o pytest: include `buildinfo.txt` in the output [189]
- o pytest: include curl version string and python platform in log [242]
- o pytest: show curl features and protocols [150]
- o quic: use send/recvmmsg when available [93]
- o quic: use the session cache with wolfSSL as well [231]
- o request: on shutdown send, proceed normally on timeout [18]
- o runtests.md: suggest a value for -j for torture tests
- o runtests: add comment for handle64 pathsep requirement
- o runtests: drop unused code for old/classic-mingw support [87]
- o runtests: pass single backslashes with Windows Perl [243]
- o runtests: use deterministic sort for `TESTINFO` lines [201]
- o schannel: fix TLS cert verification by IP SAN [253]
- o schannel: ignore error on recv beyond close notify [167]
- o schannel: reclassify extra-verbose schannel_recv messages [153]
- o select: use poll() if existing, avoid poll() with no sockets [75]
- o sendf: add condition to max-filesize check [3]
- o server/mqttd: fix two memory leaks [178]
- o setopt: avoid superfluous length checks before strcmp() [105]
- o setopt: return error for bad input to CURLOPT_RTSP_REQUEST [240]
- o setopt_cptr: make overflow check only done when needed [241]
- o singleuse: make `git grep` faster, add Apple `nm` support [109]
- o smb: do not redefine `getpid` on Windows [187]
- o smb: replace use of strcpy() with snprintf() [122]
- o socks_gssapi: switch to dynbuf from buffer with strcpy [42]
- o source: avoid use of 'very' in comments
- o src/lib: remove redundant ternary operators [244]
- o src: guard for double declaration of `curl_ca_embed` in unity builds [166]
- o sws: fix unused static function with `TCP_NODELAY` undefined [134]
- o telnet: avoid two strcpy() by pointing to the strings instead [99]
- o test1035: convert host name back to utf8 as should be [63]
- o test1515: add tracing and more debug info [119]
- o test1540: add debug logging [58]
- o test190: replace %FTPTIME2 with a fixed value [34]
- o test1915: add tracing and connect timeout [114]
- o test1915: remove wrong comment
- o test2502: add libtest debug tracing [60]
- o test504: fix handling on pending connect [59]
- o testrun: explicitly set proper IP address for stunnel listen/connect [61]
- o tests/http: fix ubuntu GnuTLS CI failures [161]
- o tests/scorecard: allow remote server test [171]
- o tests/server/util.c: remove use of strncpy [156]
- o tests/valgrind.pm: fix warnings with no valgrind report to show [25]
- o tests/valgrind.supp: remove a travis suppression, add a Debian [116]
- o tests: add and use `%PERL` variable to refer to the Perl binary [82]
- o tests: add codeset-utf8 as a feature [66]
- o tests: add file: tests with existing files [45]
- o tests: allow pytests to run in out-of-tree builds [192]
- o tests: capture stdin to get the vsftpd version number [165]
- o tests: change Python code style to pass ruff checks
- o tests: check http/2 and http/3 server responsiveness [28]
- o tests: delete duplicate macro check [53]
- o tests: enable additional ruff Python lint options
- o tests: fix `%POSIX_PWD` on native Windows Perl [111]
- o tests: fix callback signatures to please UndefinedBehaviorSanitizer [173]
- o tests: Fix FILEFORMAT <file name=""> directive [206]
- o tests: fix keyword for test1411
- o tests: fix shell quoting on native Windows Perl [110]
- o tests: fix some Python typing issues
- o tests: fixup `checkcmd` `PATH` on non-unixy platforms [108]
- o tests: improve mqtt server handling [27]
- o tests: introduce %CLIENT6IP-NB [67]
- o tests: let openssl generate random cert serials [91]
- o tests: libtests and unit tests need explicit #include memdebug [7]
- o tests: make precheck for HTTP on 127.0.0.1 into a feature [68]
- o tests: Only log warnings or worse by default in smbserver [33]
- o tests: postcheck is now in verify [69]
- o tests: remove all valgrind disable instructions [21]
- o tests: remove debug requirement on 38 tests [100]
- o tests: remove the %FTPTIME3 variable [41]
- o tests: replace `%PWD` with `%FILE_PWD` for `file://` [84]
- o tests: replace `%PWD` with `%SSH_PWD` in SCP/SFTP tests [112]
- o tests: replace hard-coded `/dev/null` with variable [81]
- o tests: simplify `pathhelp.pm`, avoid using external tools [95]
- o tests: speed up builds with single-binary test bundles [29]
- o tests: testrunner fairness [39]
- o tests: testrunner reliability improvements [55]
- o tests: use '-4' where needed [17]
- o tests: use a set for several of the curl_props [249]
- o tftp: avoid two memcpy/strcpy [94]
- o tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP [36]
- o tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED [246]
- o tool: support --show-headers AND --remote-header-name [103]
- o tool_doswin: simplify; remove unused options and strncpy calls [65]
- o tool_getparam: drop unused time() call [177]
- o tool_getparam: replace two uses of strncpy(), ban strncpy [157]
- o tool_operate: make --skip-existing work for --parallel [180]
- o tool_operate: reuse the schannel backend check [130]
- o tool_xattr: create the user.creator xattr attribute [197]
- o unit1307: tidy up Apple OS detection [252]
- o unit1660: fix unreachable code warning in no-SSL builds [30]
- o url: connection reuse on h3 connections [20]
- o url: use same credentials on redirect [181]
- o urlapi: drop unused header [51]
- o urlapi: normalize the IPv6 address [115]
- o version: minor cleanups [152]
- o version: say quictls in MSH3 builds [219]
- o vquic: fix compiler warning with gcc + MUSL [168]
- o vquic: recv_mmsg, use fewer, but larger buffers [250]
- o vtls: convert Curl_pin_peer_pubkey to use dynbuf [74]
- o vtls: convert pubkey_pem_to_der to use dynbuf [90]
- o warnless: remove curlx_sktosi and curlx_sitosk [104]
- o winbuild/README: consolidate command prompt section [193]
- o winbuild/README: document how to clean a build [163]
- o winbuild: add initial wolfSSL support [227]
- o winbuild: drop `gen_resp_file.bat` [248]
- o wolfssl: convert malloc + memcpys to dynbuf for cipher string [96]
- o wolfSSL: fix handling of TLSv1.3 sessions [185]
- o wolfssl: no more use of the OpenSSL API [216]
- o wolfssl: use old version API without openssl extra [160]
+ o build: fix ECH to always enable HTTPS RR [35]
+ o build: fix MSVC UWP builds [32]
+ o build: omit certain deps from `libcurl.pc` unless found via `pkg-config` [27]
+ o build: use `_fseeki64()` on Windows, drop detections [41]
+ o cmake: do not echo most inherited `LDFLAGS` to config files [55]
+ o cmake: drop cmake args list from `buildinfo.txt` [8]
+ o cmake: include `wolfssl/options.h` first [53]
+ o cmake: remove legacy unused IMMEDIATE keyword [21]
+ o cmake: restore cmake args list in `buildinfo.txt` [26]
+ o cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF` [64]
+ o cmake: sync GSS config code with other deps [28]
+ o cmake: typo in comment
+ o cmake: work around `ios.toolchain.cmake` breaking feature-detections [37]
+ o cmakelint: fix to check root `CMakeLists.txt` [36]
+ o cmdline/ech.md: formatting cleanups [13]
+ o configure: add FIXMEs for disabled pkg-config references
+ o configure: do not echo most inherited `LDFLAGS` to config files [31]
+ o configure: replace `$#` shell syntax [25]
+ o cookie: treat cookie name case sensitively [4]
+ o curl-rustls.m4: keep existing `CPPFLAGS`/`LDFLAGS` when detected [40]
+ o curl.h: mark two error codes as obsolete [19]
+ o curl: --continue-at is mutually exclusive with --no-clobber [51]
+ o curl: --continue-at is mutually exclusive with --range [61]
+ o curl: --continue-at is mutually exclusive with --remove-on-error [50]
+ o curl: --test-duphandle in debug builds runs "duphandled" [6]
+ o curl: do more command line parsing in sub functions [71]
+ o curl: rename struct var to fix AIX build [24]
+ o curl: use realtime in trace timestamps [52]
+ o curl_multi_socket_all.md: soften the deprecation warning [56]
+ o CURLOPT_PREREQFUNCTION.md: add result code on failure [23]
+ o digest: produce a shorter cnonce in Digest headers [70]
+ o DISTROS: update Alt Linux links
+ o dmaketgz: use --no-cache when building docker image [66]
+ o docs: bring back ALTSVC.md and HSTS.md [76]
+ o docs: document default `User-Agent` [57]
+ o docs: suggest --ssl-reqd instead of --ftp-ssl [62]
+ o duphandle: also init netrc [3]
+ o ECH: enable support for the AWS-LC backend [5]
+ o hostip: don't use the resolver for FQDN localhost [45]
+ o http_negotiate: allow for a one byte larger channel binding buffer [63]
+ o http_proxy: move dynhds_add_custom here from http.c [18]
+ o KNOWN_BUGS: setting a disabled option should return CURLE_NOT_BUILT_IN [74]
+ o krb5: fix socket/sockindex confusion, MSVC compiler warnings [22]
+ o lib: fixes for wolfSSL OPENSSL_COEXIST [73]
+ o libssh: use libssh sftp_aio to upload file [47]
+ o libssh: when using IPv6 numerical address, add brackets [43]
+ o macos: disable gcc `availability` workaround as needed [7]
+ o mbedtls: call psa_crypt_init() in global init [2]
+ o mime: fix reader stall on small read lengths [65]
+ o mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions [39]
+ o mprintf: fix the integer overflow checks [44]
+ o multi: add clarifying comment for wakeup_write() [9]
+ o multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again when... [48]
+ o netrc: address several netrc parser flaws [17]
+ o netrc: support large file, longer lines, longer tokens [14]
+ o nghttp2: use custom memory functions [1]
+ o OpenSSL: improvde error message on expired certificate [59]
+ o openssl: remove three "Useless Assignments" [72]
+ o openssl: stop using SSL_CTX_ function prefix for our functions [20]
+ o os400: Fix IBMi builds [33]
+ o os400: Fix IBMi EBCDIC conversion of arguments [34]
+ o pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS [60]
+ o rtsp: check EOS in the RTSP receive and return an error code [49]
+ o schannel: remove TLS 1.3 ciphersuite-list support [54]
+ o setopt: fix CURLOPT_HTTP_CONTENT_DECODING [15]
+ o setopt: fix missing options for builds without HTTP & MQTT [10]
+ o show-headers.md: clarify the headers are saved with the data [58]
+ o socket: handle binding to "host!<ip>" [16]
+ o socketpair: fix enabling `USE_EVENTFD` [30]
+ o strtok: use namespaced `strtok_r` macro instead of redefining it [29]
+ o tests: add the ending time stamp in testcurl.pl
+ o tests: re-enable 2086, and 472, 1299, 1613 for Windows [38]
+ o TODO: consider OCSP stapling by default [11]
+ o tool_formparse: remove use of sscanf() [68]
+ o tool_getparam: parse --localport without using sscanf [67]
+ o tool_getpass: fix UWP `-Wnull-dereference` [46]
+ o tool_getpass: replace `getch()` call with `_getch()` on Windows [42]
+ o tool_urlglob: parse character globbing range without sscanf [69]
+ o vtls: fix compile warning when ALPN is not available [12]
This release includes the following known bugs:
@@ -293,7 +101,6 @@ For all changes ever done in curl: Planned upcoming removals include:
- o Hyper support
o TLS libraries not supporting TLS 1.3
See https://curl.se/dev/deprecate.html for details
@@ -301,275 +108,94 @@ Planned upcoming removals include: This release would not have looked like this without help, code, reports and
advice from friends like these:
- ad-chaos on github, Aki Sakurai, Baruch Siach, Chris Stubbs, Colton Willey,
- Dan Fandrich, Daniel Stenberg, Denis Goleshchikhin, Deniz Sökmen,
- dependabot[bot], Dylam De La Torre, edmcln, elvinasp on github,
- Emanuel Komínek, Gabriel Marin, Ian Spence, Jeroen Ooms, jkamp-aws on github,
- John Haugabook, Jonas 'Sortie' Termansen, Jon Rumsey, Kai Pastor, Kazuho Oku,
- koujaz on github, lomberd2 on github, MacKenzie, Marwan Yassini, Max Dymond,
- Michael Kaufmann, Montg0mery on github, Moritz Knüsel, Nemos2024 on github,
- newfunction, Nicolas George, Pavel Kropachev, Pierre-Etienne Meunier,
- ralfjunker on github, Rasmus Melchior Jacobsen, Ray Satiro, renovate[bot],
- Robert Maynard, Sebastian Walz, Sinkevich Artem, Stefan Eissing, Tal Regev,
- Tatsuhiro Tsujikawa, Tobias Bora, Tobias Wendorff, Venkat Krishna R,
- Viktor Szakats, Vollstrecker on github, vvb2060 on github,
- wxiaoguang on github, Yedaya Katsman, zjyhjqs
- (55 contributors)
+ Alexis Savin, Andrew Ayer, Andrew Kirillov, Andy Fiddaman, Ben Greear,
+ Bo Anderson, Brendon Smith, chemodax, Dan Fandrich, Daniel Engberg,
+ Daniel Pouzzner, Daniel Stenberg, Dan Rosser, delogicsreal on github,
+ dengjfzh on github, Ethan Everett, Florian Eckert, galen11 on github,
+ Harmen Stoppels, Harry Sintonen, henrikjehgmti on github, hiimmat on github,
+ Jacob Champion, Jeroen Ooms, Jesus Malo Poyatos, jethrogb on github,
+ Kai Pastor, Logan Buth, Maarten Billemont, marcos-ng on github, Moritz,
+ newfunction on hackerone, Nicolas F., Peter Kokot, Peter Marko, Ray Satiro,
+ renovate[bot], Samuel Henrique, Stefan Eissing, SuperStormer on github,
+ Tal Regev, Thomas, tinyboxvk, tkzv on github, tranzystorekk on github,
+ Viktor Szakats, Vladislavs Sokurenko, wxiaoguang on github, Wyatt O'Day,
+ xiaofeng, Yoshimasa Ohno
+ (51 contributors)
References to bug reports and discussions on issues:
- [1] = https://curl.se/bug/?i=14938
- [2] = https://curl.se/bug/?i=14942
- [3] = https://curl.se/bug/?i=14958
- [4] = https://curl.se/bug/?i=14941
- [5] = https://curl.se/bug/?i=14818
- [6] = https://curl.se/bug/?i=14728
- [7] = https://curl.se/bug/?i=15007
- [8] = https://curl.se/bug/?i=14824
- [9] = https://curl.se/bug/?i=14991
- [10] = https://curl.se/bug/?i=15063
- [11] = https://curl.se/bug/?i=14883
- [12] = https://curl.se/bug/?i=14789
- [13] = https://curl.se/bug/?i=14658
- [14] = https://curl.se/bug/?i=15003
- [15] = https://curl.se/bug/?i=14815
- [16] = https://curl.se/bug/?i=14906
- [17] = https://curl.se/bug/?i=15060
- [18] = https://curl.se/bug/?i=14843
- [19] = https://curl.se/bug/?i=14966
- [20] = https://curl.se/bug/?i=14890
- [21] = https://curl.se/bug/?i=14983
- [22] = https://curl.se/bug/?i=14984
- [23] = https://curl.se/bug/?i=14982
- [24] = https://curl.se/bug/?i=14981
- [25] = https://curl.se/bug/?i=14977
- [26] = https://curl.se/bug/?i=14582
- [27] = https://curl.se/bug/?i=15059
- [28] = https://curl.se/bug/?i=15058
- [29] = https://curl.se/bug/?i=14772
- [30] = https://curl.se/bug/?i=14971
- [31] = https://curl.se/bug/?i=14765
- [32] = https://curl.se/bug/?i=14932
- [33] = https://curl.se/bug/?i=14950
- [34] = https://curl.se/bug/?i=15056
- [35] = https://curl.se/bug/?i=14969
- [36] = https://curl.se/bug/?i=14881
- [37] = https://curl.se/bug/?i=14763
- [38] = https://curl.se/bug/?i=14690
- [39] = https://curl.se/bug/?i=14967
- [40] = https://github.com/curl/curl-for-win/blob/8b8909e1206de1dcca356a8dd33eb1e4ffeea7fd/curl.sh#L289
- [41] = https://curl.se/bug/?i=15064
- [42] = https://curl.se/bug/?i=15057
- [43] = https://curl.se/bug/?i=14909
- [44] = https://curl.se/bug/?i=14828
- [45] = https://curl.se/bug/?i=15045
- [46] = https://curl.se/bug/?i=14921
- [47] = https://curl.se/bug/?i=14921
- [48] = https://curl.se/bug/?i=15123
- [49] = https://curl.se/bug/?i=14924
- [50] = https://curl.se/bug/?i=14918
- [51] = https://curl.se/bug/?i=14867
- [52] = https://curl.se/bug/?i=14959
- [53] = https://curl.se/bug/?i=14963
- [54] = https://curl.se/bug/?i=14961
- [55] = https://curl.se/bug/?i=14960
- [56] = https://curl.se/bug/?i=14912
- [57] = https://curl.se/bug/?i=15049
- [58] = https://curl.se/bug/?i=15055
- [59] = https://curl.se/bug/?i=15054
- [60] = https://curl.se/bug/?i=15053
- [61] = https://curl.se/bug/?i=15051
- [62] = https://curl.se/bug/?i=15044
- [63] = https://curl.se/bug/?i=15050
- [64] = https://curl.se/bug/?i=15052
- [65] = https://curl.se/bug/?i=15047
- [66] = https://curl.se/bug/?i=15039
- [67] = https://curl.se/bug/?i=15039
- [68] = https://curl.se/bug/?i=15039
- [69] = https://curl.se/bug/?i=15046
- [70] = https://curl.se/bug/?i=15013
- [71] = https://curl.se/bug/?i=15034
- [72] = https://curl.se/bug/?i=15035
- [73] = https://curl.se/bug/?i=14845
- [74] = https://curl.se/bug/?i=15126
- [75] = https://curl.se/bug/?i=15096
- [76] = https://curl.se/bug/?i=15101
- [77] = https://curl.se/bug/?i=14990
- [78] = https://curl.se/bug/?i=15033
- [79] = https://curl.se/bug/?i=15026
- [80] = https://curl.se/bug/?i=15028
- [81] = https://curl.se/bug/?i=15098
- [82] = https://curl.se/bug/?i=15097
- [83] = https://curl.se/bug/?i=15027
- [84] = https://curl.se/bug/?i=15090
- [85] = https://curl.se/bug/?i=15012
- [86] = https://curl.se/bug/?i=15088
- [87] = https://curl.se/bug/?i=15087
- [88] = https://curl.se/bug/?i=15001
- [89] = https://curl.se/bug/?i=15197
- [90] = https://curl.se/bug/?i=15126
- [91] = https://curl.se/bug/?i=15129
- [92] = https://curl.se/bug/?i=15200
- [93] = https://curl.se/bug/?i=14880
- [94] = https://curl.se/bug/?i=15199
- [95] = https://curl.se/bug/?i=15111
- [96] = https://curl.se/bug/?i=15124
- [97] = https://curl.se/bug/?i=15122
- [98] = https://curl.se/bug/?i=15100
- [99] = https://curl.se/bug/?i=15198
- [100] = https://curl.se/bug/?i=15114
- [101] = https://curl.se/bug/?i=15075
- [102] = https://curl.se/bug/?i=15077
- [103] = https://curl.se/bug/?i=15110
- [104] = https://curl.se/bug/?i=15153
- [105] = https://curl.se/bug/?i=15192
- [106] = https://curl.se/bug/?i=14936
- [107] = https://curl.se/bug/?i=15148
- [108] = https://curl.se/bug/?i=15106
- [109] = https://curl.se/bug/?i=15070
- [110] = https://curl.se/bug/?i=15105
- [111] = https://curl.se/bug/?i=15104
- [112] = https://curl.se/bug/?i=15103
- [113] = https://curl.se/bug/?i=15145
- [114] = https://curl.se/bug/?i=15107
- [115] = https://curl.se/bug/?i=15143
- [116] = https://curl.se/bug/?i=15142
- [117] = https://curl.se/bug/?i=15137
- [118] = https://curl.se/bug/?i=15138
- [119] = https://curl.se/bug/?i=15140
- [120] = https://curl.se/bug/?i=15194
- [121] = https://curl.se/bug/?i=15136
- [122] = https://curl.se/bug/?i=15196
- [123] = https://curl.se/bug/?i=15281
- [124] = https://curl.se/bug/?i=15191
- [125] = https://curl.se/bug/?i=15190
- [126] = https://curl.se/bug/?i=15177
- [127] = https://curl.se/bug/?i=15176
- [128] = https://curl.se/bug/?i=15181
- [129] = https://curl.se/bug/?i=15185
- [130] = https://curl.se/bug/?i=15323
- [131] = https://curl.se/bug/?i=15174
- [132] = https://curl.se/bug/?i=15172
- [133] = https://curl.se/bug/?i=15173
- [134] = https://curl.se/bug/?i=15171
- [135] = https://curl.se/bug/?i=15170
- [136] = https://curl.se/bug/?i=15169
- [137] = https://curl.se/bug/?i=15167
- [138] = https://curl.se/bug/?i=15248
- [139] = https://curl.se/bug/?i=15163
- [140] = https://curl.se/bug/?i=15211
- [141] = https://curl.se/bug/?i=15260
- [142] = https://curl.se/bug/?i=15247
- [143] = https://curl.se/bug/?i=15157
- [144] = https://curl.se/bug/?i=15255
- [145] = https://curl.se/bug/?i=15324
- [146] = https://curl.se/bug/?i=15252
- [147] = https://curl.se/bug/?i=15316
- [148] = https://curl.se/bug/?i=15258
- [149] = https://curl.se/bug/?i=15193
- [150] = https://curl.se/bug/?i=15452
- [151] = https://curl.se/bug/?i=15321
- [152] = https://curl.se/bug/?i=15393
- [153] = https://curl.se/bug/?i=14826
- [154] = https://curl.se/bug/?i=15319
- [155] = https://curl.se/bug/?i=15214
- [156] = https://curl.se/bug/?i=15213
- [157] = https://curl.se/bug/?i=15212
- [158] = https://curl.se/bug/?i=15210
- [159] = https://curl.se/bug/?i=15201
- [160] = https://curl.se/bug/?i=15205
- [161] = https://curl.se/bug/?i=15310
- [162] = https://curl.se/bug/?i=15348
- [163] = https://curl.se/bug/?i=15291
- [164] = https://curl.se/bug/?i=15348
- [165] = https://curl.se/bug/?i=15278
- [166] = https://curl.se/bug/?i=15307
- [167] = https://curl.se/bug/?i=15381
- [168] = https://curl.se/bug/?i=15303
- [169] = https://curl.se/bug/?i=15285
- [170] = https://curl.se/bug/?i=15285
- [171] = https://curl.se/bug/?i=15415
- [172] = https://curl.se/bug/?i=15451
- [173] = https://curl.se/bug/?i=15289
- [174] = https://curl.se/bug/?i=15289
- [175] = https://curl.se/bug/?i=15289
- [176] = https://curl.se/bug/?i=15292
- [177] = https://curl.se/bug/?i=15420
- [178] = https://curl.se/bug/?i=15290
- [179] = https://curl.se/bug/?i=15351
- [180] = https://curl.se/bug/?i=15261
- [181] = https://curl.se/bug/?i=15262
- [182] = https://curl.se/bug/?i=15284
- [183] = https://curl.se/bug/?i=14798
- [184] = https://curl.se/bug/?i=15245
- [185] = https://curl.se/bug/?i=15243
- [186] = https://curl.se/bug/?i=15175
- [187] = https://curl.se/bug/?i=15263
- [188] = https://curl.se/bug/?i=15275
- [189] = https://curl.se/bug/?i=15279
- [190] = https://curl.se/bug/?i=15384
- [191] = https://curl.se/bug/?i=15271
- [192] = https://curl.se/bug/?i=15257
- [193] = https://curl.se/bug/?i=15313
- [194] = https://curl.se/bug/?i=15414
- [195] = https://curl.se/bug/?i=15416
- [196] = https://curl.se/bug/?i=15265
- [197] = https://curl.se/bug/?i=15237
- [198] = https://curl.se/bug/?i=15164
- [199] = https://curl.se/bug/?i=15266
- [200] = https://curl.se/bug/?i=15418
- [201] = https://curl.se/bug/?i=15374
- [202] = https://curl.se/bug/?i=15419
- [203] = https://curl.se/bug/?i=15417
- [204] = https://curl.se/bug/?i=15372
- [205] = https://curl.se/bug/?i=15411
- [206] = https://curl.se/bug/?i=15371
- [207] = https://curl.se/bug/?i=15409
- [208] = https://curl.se/bug/?i=14885
- [209] = https://curl.se/bug/?i=15368
- [210] = https://curl.se/bug/?i=15367
- [211] = https://curl.se/bug/?i=15331
- [212] = https://curl.se/bug/?i=15407
- [213] = https://curl.se/bug/?i=15400
- [214] = https://curl.se/bug/?i=15353
- [215] = https://curl.se/bug/?i=15404
- [216] = https://curl.se/bug/?i=15480
- [217] = https://curl.se/bug/?i=15403
- [218] = https://curl.se/bug/?i=15337
- [219] = https://curl.se/bug/?i=15335
- [220] = https://curl.se/bug/?i=15144
- [221] = https://curl.se/bug/?i=15340
- [222] = https://curl.se/bug/?i=15342
- [223] = https://curl.se/bug/?i=15399
- [224] = https://curl.se/bug/?i=15339
- [225] = https://curl.se/bug/?i=15394
- [226] = https://curl.se/bug/?i=15315
- [227] = https://curl.se/bug/?i=15264
- [228] = https://curl.se/bug/?i=15405
- [229] = https://curl.se/bug/?i=15330
- [230] = https://curl.se/bug/?i=15402
- [231] = https://curl.se/bug/?i=15358
- [232] = https://curl.se/bug/?i=15392
- [233] = https://curl.se/bug/?i=15395
- [234] = https://curl.se/bug/?i=15398
- [235] = https://curl.se/bug/?i=15445
- [236] = https://curl.se/bug/?i=15443
- [238] = https://curl.se/bug/?i=15473
- [239] = https://curl.se/bug/?i=15475
- [240] = https://curl.se/bug/?i=15440
- [241] = https://curl.se/bug/?i=15439
- [242] = https://curl.se/bug/?i=15470
- [243] = https://curl.se/bug/?i=15436
- [244] = https://curl.se/bug/?i=15435
- [245] = https://curl.se/bug/?i=15434
- [246] = https://curl.se/bug/?i=15430
- [247] = https://curl.se/bug/?i=15471
- [248] = https://curl.se/bug/?i=15463
- [249] = https://curl.se/bug/?i=15462
- [250] = https://curl.se/bug/?i=15267
- [251] = https://curl.se/bug/?i=15466
- [252] = https://curl.se/bug/?i=15461
- [253] = https://curl.se/bug/?i=15149
- [254] = https://curl.se/bug/?i=15449
- [255] = https://curl.se/bug/?i=15485
- [256] = https://curl.se/bug/?i=15455
+ [1] = https://curl.se/bug/?i=15527
+ [2] = https://curl.se/bug/?i=15500
+ [3] = https://curl.se/bug/?i=15496
+ [4] = https://curl.se/bug/?i=15492
+ [5] = https://curl.se/bug/?i=15499
+ [6] = https://curl.se/bug/?i=15504
+ [7] = https://curl.se/bug/?i=15508
+ [8] = https://curl.se/bug/?i=15501
+ [9] = https://curl.se/bug/?i=15600
+ [10] = https://curl.se/bug/?i=15634
+ [11] = https://curl.se/bug/?i=15483
+ [12] = https://curl.se/bug/?i=15515
+ [13] = https://curl.se/bug/?i=15506
+ [14] = https://curl.se/bug/?i=15513
+ [15] = https://curl.se/bug/?i=15511
+ [16] = https://curl.se/bug/?i=15553
+ [17] = https://curl.se/bug/?i=15586
+ [18] = https://curl.se/bug/?i=15672
+ [19] = https://curl.se/bug/?i=15538
+ [20] = https://curl.se/bug/?i=15673
+ [21] = https://curl.se/bug/?i=15661
+ [22] = https://curl.se/bug/?i=15585
+ [23] = https://curl.se/bug/?i=15542
+ [24] = https://curl.se/bug/?i=15580
+ [25] = https://curl.se/bug/?i=15584
+ [26] = https://curl.se/bug/?i=15563
+ [27] = https://curl.se/bug/?i=15469
+ [28] = https://curl.se/bug/?i=15545
+ [29] = https://curl.se/bug/?i=15549
+ [30] = https://curl.se/bug/?i=15561
+ [31] = https://curl.se/bug/?i=15533
+ [32] = https://curl.se/bug/?i=15657
+ [33] = https://curl.se/bug/?i=15566
+ [34] = https://curl.se/bug/?i=15570
+ [35] = https://curl.se/bug/?i=15648
+ [36] = https://curl.se/bug/?i=15565
+ [37] = https://curl.se/bug/?i=15557
+ [38] = https://curl.se/bug/?i=15644
+ [39] = https://curl.se/bug/?i=15547
+ [40] = https://curl.se/bug/?i=15546
+ [41] = https://curl.se/bug/?i=15525
+ [42] = https://curl.se/bug/?i=15642
+ [43] = https://curl.se/bug/?i=15522
+ [44] = https://curl.se/bug/?i=15699
+ [45] = https://curl.se/bug/?i=15676
+ [46] = https://curl.se/bug/?i=15638
+ [47] = https://curl.se/bug/?i=15625
+ [48] = https://curl.se/bug/?i=15627
+ [49] = https://curl.se/bug/?i=15624
+ [50] = https://curl.se/bug/?i=15645
+ [51] = https://curl.se/bug/?i=15645
+ [52] = https://curl.se/bug/?i=15614
+ [53] = https://curl.se/bug/?i=15620
+ [54] = https://hackerone.com/reports/2792484
+ [55] = https://curl.se/bug/?i=15617
+ [56] = https://curl.se/mail/lib-2024-11/0029.html
+ [57] = https://curl.se/bug/?i=15608
+ [58] = https://curl.se/bug/?i=15605
+ [59] = https://curl.se/bug/?i=15612
+ [60] = https://curl.se/bug/?i=15494
+ [61] = https://curl.se/bug/?i=15646
+ [62] = https://curl.se/bug/?i=15658
+ [63] = https://curl.se/bug/?i=15685
+ [64] = https://curl.se/bug/?i=15695
+ [65] = https://curl.se/bug/?i=15688
+ [66] = https://curl.se/bug/?i=15689
+ [67] = https://curl.se/bug/?i=15681
+ [68] = https://curl.se/bug/?i=15683
+ [69] = https://curl.se/bug/?i=15682
+ [70] = https://curl.se/bug/?i=15653
+ [71] = https://curl.se/bug/?i=15680
+ [72] = https://curl.se/bug/?i=15679
+ [73] = https://curl.se/bug/?i=15650
+ [74] = https://curl.se/bug/?i=15472
+ [76] = https://curl.se/bug/?i=15705
diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index 6687282748..46b2897cf2 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -131,6 +131,7 @@ Alexey Simak Alexey Zakhlestin
Alexis Carvalho
Alexis La Goutte
+Alexis Savin
Alexis Vachette
Alfonso Martone
Alfred Gebert
@@ -188,6 +189,7 @@ Andrei Valeriu BICA Andrei Virtosu
Andrej E Baranov
Andrew
+Andrew Ayer
Andrew Barnert
Andrew Barnes
Andrew Benham
@@ -198,6 +200,7 @@ Andrew Francis Andrew Fuller
Andrew Ishchuk
Andrew Kaster
+Andrew Kirillov
Andrew Krieger
Andrew Kurushin
Andrew Lambert
@@ -398,6 +401,7 @@ Brandon Dong Brandon Wang
BratSinot on github
Brendan Jurd
+Brendon Smith
Brennan Kinney
Brent Beardsley
Brett Buddin
@@ -479,6 +483,7 @@ Charles Cazabon Charles Kerr
Charles Romestant
Charlie C
+chemodax
Chen Prog
chensong1211 on github
Cherish98 on github
@@ -616,6 +621,7 @@ Dan McDonald Dan McNulty
Dan Nelson
Dan Petitt
+Dan Rosser
Dan Torop
Dan Zitter
Daniel at touchtunes
@@ -624,6 +630,7 @@ Daniel Black Daniel Carpenter
Daniel Cater
Daniel Egger
+Daniel Engberg
Daniel Faust
Daniel Gustafsson
Daniel Hallberg
@@ -641,6 +648,7 @@ Daniel Marjamäki Daniel McCarney
Daniel Melani
Daniel Mentz
+Daniel Pouzzner
Daniel Romero
Daniel Schauenberg
Daniel Seither
@@ -722,6 +730,7 @@ dbrowndan on github dEajL3kA on github
Deal(一线灵)
dekerser on github
+delogicsreal on github
dengjfzh on github
Dengminwen
Denis Baručić
@@ -925,6 +934,7 @@ Erwan Legrand Erwin Authried
Esdras de Morais da Silva
Estanislau Augé-Pujadas
+Ethan Everett
Ethan Glasser Camp
Etienne Simard
Eugene Kotlyarov
@@ -976,6 +986,7 @@ finkjsc on github Firefox OS
Flameborn on github
Flavio Medeiros
+Florian Eckert
Florian Kohnhäuser
Florian Pritz
Florian Schoppmann
@@ -1022,6 +1033,7 @@ Gabriel Marin Gabriel Simmer
Gabriel Sjoberg
Gaelan Steele
+galen11 on github
Gambit Communications
Ganesh Kamath
gaoxingwang on github
@@ -1165,6 +1177,7 @@ Henri Gomez Henrik Gaßmann
Henrik Holst
Henrik Storner
+henrikjehgmti on github
Henry Ludemann
Henry Roeland
Herve Amblard
@@ -1173,6 +1186,7 @@ hgdagon on github Hide Ishikawa
Hidemoto Nakada
highmtworks on github
+hiimmat on github
Himanshu Gupta
Hind Montassif
Hiroki Kurosawa
@@ -1257,6 +1271,7 @@ Jackarain on github JackBoosY on github
Jacky Lam
Jacob Barthelmeh
+Jacob Champion
Jacob Hoffman-Andrews
Jacob Mealey
Jacob Meuser
@@ -1391,6 +1406,7 @@ Jess Lowe Jesse Chisholm
Jesse Noller
Jesse Tan
+Jesus Malo Poyatos
jethrogb on github
jhoyla on github
Jiacai Liu
@@ -1766,6 +1782,7 @@ lllaffer on github Lloyd Fournier
Lluís Batlle i Rossell
locpyl-tidnyd on github
+Logan Buth
Loganaden Velvindron
Loic Dachary
lolbinarycat on github
@@ -1810,6 +1827,7 @@ lwthiker on github Lyman Epp
Lyndon Hill
M.R.T on github
+Maarten Billemont
Maciej Domanski
Maciej Karpiuk
Maciej Puzio
@@ -1857,6 +1875,7 @@ Marco G. Salvagno Marco Kamner
Marco Maggi
Marcos Diazr
+marcos-ng on github
Marcus Hoffmann
Marcus Klein
Marcus Müller
@@ -2111,6 +2130,7 @@ MonkeybreadSoftware on github Montg0mery on github
moohoorama on github
Morgan Willcock
+Moritz
Moritz Buhl
Moritz Knüsel
Morten Minde Neergaard
@@ -2156,6 +2176,7 @@ Nemos2024 on github neutric on github
nevv on HackerOne/curl
newfunction
+newfunction on hackerone
Niall McGee
Niall O'Reilly
nian6324 on github
@@ -2177,6 +2198,7 @@ Nico Rieck nico-abram on github
Nicolas Berloquin
Nicolas Croiset
+Nicolas F.
Nicolas François
Nicolas George
Nicolas Grekas
@@ -2354,12 +2376,14 @@ Peter Gal Peter Goodman
Peter Heuchert
Peter Hjalmarsson
+Peter Kokot
Peter Korsgaard
Peter Krefting
Peter Körner
Peter Lamare
Peter Lamberg
Peter Laser
+Peter Marko
Peter O'Gorman
Peter Pentchev
Peter Piekarski
@@ -2881,6 +2905,7 @@ Sune Ahlgren Sunny Bean
Sunny Purushe
SuperIlu on github
+SuperStormer on github
Sven Anders
Sven Blumenstein
Sven Neuhaus
@@ -2921,6 +2946,7 @@ Theodore Dubois therealhirudo on github
Thiago Suchorski
tholin on github
+Thomas
Thomas Bouzerar
Thomas Braun
Thomas Danielsson
@@ -2975,8 +3001,10 @@ Timothy Gu Timothy Polich
Timur Artikov
Tinus van den Berg
+tinyboxvk
TJ Saunders
Tk Xiong
+tkzv on github
tlahn on github
tmkk on github
Tobias Blomberg
@@ -3047,6 +3075,7 @@ Toshiyuki Maezawa tpaukrt on github
Traian Nicolescu
Trail of Bits
+tranzystorekk on github
Travis Burtrum
Travis Obenhaus
Trivikram Kamat
@@ -3119,6 +3148,7 @@ Vladimir Kotal Vladimir Lazarenko
Vladimir Panteleev
Vladimir Varlamov
+Vladislavs Sokurenko
Vlastimil Ovčáčík
vlkl-sap on github
vlubart on github
@@ -3182,6 +3212,7 @@ Xi Ruoyao Xiang Xiao
Xiangbin Li
xianghongai on github
+xiaofeng
Xiaoke Wang
Xiaoyin Liu
XmiliaH on github
diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h index e4a4d972c6..2b495fff6d 100644 --- a/libs/libcurl/include/curl/curl.h +++ b/libs/libcurl/include/curl/curl.h @@ -551,14 +551,14 @@ typedef enum { CURLE_FTP_COULDNT_USE_REST, /* 31 - the REST command failed */
CURLE_OBSOLETE32, /* 32 - NOT USED */
CURLE_RANGE_ERROR, /* 33 - RANGE "command" did not work */
- CURLE_HTTP_POST_ERROR, /* 34 */
+ CURLE_OBSOLETE34, /* 34 */
CURLE_SSL_CONNECT_ERROR, /* 35 - wrong when connecting with SSL */
CURLE_BAD_DOWNLOAD_RESUME, /* 36 - could not resume download */
CURLE_FILE_COULDNT_READ_FILE, /* 37 */
CURLE_LDAP_CANNOT_BIND, /* 38 */
CURLE_LDAP_SEARCH_FAILED, /* 39 */
CURLE_OBSOLETE40, /* 40 - NOT USED */
- CURLE_FUNCTION_NOT_FOUND, /* 41 - NOT USED starting with 7.53.0 */
+ CURLE_OBSOLETE41, /* 41 - NOT USED starting with 7.53.0 */
CURLE_ABORTED_BY_CALLBACK, /* 42 */
CURLE_BAD_FUNCTION_ARGUMENT, /* 43 */
CURLE_OBSOLETE44, /* 44 - NOT USED */
@@ -643,6 +643,12 @@ typedef enum { #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
the obsolete stuff removed! */
+/* removed in 7.53.0 */
+#define CURLE_FUNCTION_NOT_FOUND CURLE_OBSOLETE41
+
+/* removed in 7.56.0 */
+#define CURLE_HTTP_POST_ERROR CURLE_OBSOLETE34
+
/* Previously obsolete error code reused in 7.38.0 */
#define CURLE_OBSOLETE16 CURLE_HTTP2
diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h index 7efc6c21b9..4d1f60896d 100644 --- a/libs/libcurl/include/curl/curlver.h +++ b/libs/libcurl/include/curl/curlver.h @@ -32,13 +32,13 @@ /* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "8.11.0"
+#define LIBCURL_VERSION "8.11.1"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 8
#define LIBCURL_VERSION_MINOR 11
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
/* This is the numeric version of the libcurl version number, meant for easier
parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -59,7 +59,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x080b00
+#define LIBCURL_VERSION_NUM 0x080b01
/*
* This is the date and time when the full source package was created. The
@@ -70,7 +70,7 @@ *
* "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "2024-11-06"
+#define LIBCURL_TIMESTAMP "2024-12-11"
#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
#define CURL_AT_LEAST_VERSION(x,y,z) \
diff --git a/libs/libcurl/src/CMakeLists.txt b/libs/libcurl/src/CMakeLists.txt index 7ba1780edb..6173ceac1b 100644 --- a/libs/libcurl/src/CMakeLists.txt +++ b/libs/libcurl/src/CMakeLists.txt @@ -125,7 +125,7 @@ if(BUILD_STATIC_LIBS) add_library(${LIB_STATIC} STATIC ${LIB_SOURCE})
add_library(${PROJECT_NAME}::${LIB_STATIC} ALIAS ${LIB_STATIC})
if(WIN32)
- set_property(TARGET ${LIB_OBJECT} APPEND PROPERTY COMPILE_DEFINITIONS "CURL_STATICLIB")
+ set_property(TARGET ${LIB_STATIC} APPEND PROPERTY COMPILE_DEFINITIONS "CURL_STATICLIB")
endif()
target_link_libraries(${LIB_STATIC} PRIVATE ${CURL_LIBS})
# Remove the "lib" prefix since the library is already named "libcurl".
diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in index abe6e4cdb7..c9cfc9a5d5 100644 --- a/libs/libcurl/src/Makefile.in +++ b/libs/libcurl/src/Makefile.in @@ -1066,6 +1066,7 @@ LD = @LD@ LDFLAGS = @LDFLAGS@
LIBCURL_PC_CFLAGS = @LIBCURL_PC_CFLAGS@
LIBCURL_PC_CFLAGS_PRIVATE = @LIBCURL_PC_CFLAGS_PRIVATE@
+LIBCURL_PC_LDFLAGS_PRIVATE = @LIBCURL_PC_LDFLAGS_PRIVATE@
LIBCURL_PC_LIBS = @LIBCURL_PC_LIBS@
LIBCURL_PC_LIBS_PRIVATE = @LIBCURL_PC_LIBS_PRIVATE@
LIBCURL_PC_REQUIRES = @LIBCURL_PC_REQUIRES@
diff --git a/libs/libcurl/src/cf-h2-proxy.c b/libs/libcurl/src/cf-h2-proxy.c index e978b83804..92c2bbb93c 100644 --- a/libs/libcurl/src/cf-h2-proxy.c +++ b/libs/libcurl/src/cf-h2-proxy.c @@ -277,6 +277,8 @@ static int proxy_h2_client_new(struct Curl_cfilter *cf, {
struct cf_h2_proxy_ctx *ctx = cf->ctx;
nghttp2_option *o;
+ nghttp2_mem mem = {NULL, Curl_nghttp2_malloc, Curl_nghttp2_free,
+ Curl_nghttp2_calloc, Curl_nghttp2_realloc};
int rc = nghttp2_option_new(&o);
if(rc)
@@ -289,7 +291,7 @@ static int proxy_h2_client_new(struct Curl_cfilter *cf, HTTP field value. */
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation(o, 1);
#endif
- rc = nghttp2_session_client_new2(&ctx->h2, cbs, cf, o);
+ rc = nghttp2_session_client_new3(&ctx->h2, cbs, cf, o, &mem);
nghttp2_option_del(o);
return rc;
}
diff --git a/libs/libcurl/src/cf-socket.c b/libs/libcurl/src/cf-socket.c index 89f19cb317..c2e633f7e6 100644 --- a/libs/libcurl/src/cf-socket.c +++ b/libs/libcurl/src/cf-socket.c @@ -600,36 +600,39 @@ static CURLcode bindlocal(struct Curl_easy *data, struct connectdata *conn, if(!iface && !host && !port)
/* no local kind of binding was requested */
return CURLE_OK;
+ else if(iface && (strlen(iface) >= 255) )
+ return CURLE_BAD_FUNCTION_ARGUMENT;
memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
- if(iface && (strlen(iface) < 255) ) {
+ if(iface || host) {
char myhost[256] = "";
int done = 0; /* -1 for error, 1 for address found */
if2ip_result_t if2ip_result = IF2IP_NOT_FOUND;
- /* interface */
#ifdef SO_BINDTODEVICE
- /*
- * This binds the local socket to a particular interface. This will
- * force even requests to other local interfaces to go out the external
- * interface. Only bind to the interface when specified as interface,
- * not just as a hostname or ip address.
- *
- * The interface might be a VRF, eg: vrf-blue, which means it cannot be
- * converted to an IP address and would fail Curl_if2ip. Simply try to
- * use it straight away.
- */
- if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
- iface, (curl_socklen_t)strlen(iface) + 1) == 0) {
- /* This is often "errno 1, error: Operation not permitted" if you are
- * not running as root or another suitable privileged user. If it
- * succeeds it means the parameter was a valid interface and not an IP
- * address. Return immediately.
- */
- if(!host_input) {
- infof(data, "socket successfully bound to interface '%s'", iface);
- return CURLE_OK;
+ if(iface) {
+ /*
+ * This binds the local socket to a particular interface. This will
+ * force even requests to other local interfaces to go out the external
+ * interface. Only bind to the interface when specified as interface,
+ * not just as a hostname or ip address.
+ *
+ * The interface might be a VRF, eg: vrf-blue, which means it cannot be
+ * converted to an IP address and would fail Curl_if2ip. Simply try to
+ * use it straight away.
+ */
+ if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+ iface, (curl_socklen_t)strlen(iface) + 1) == 0) {
+ /* This is often "errno 1, error: Operation not permitted" if you are
+ * not running as root or another suitable privileged user. If it
+ * succeeds it means the parameter was a valid interface and not an IP
+ * address. Return immediately.
+ */
+ if(!host_input) {
+ infof(data, "socket successfully bound to interface '%s'", iface);
+ return CURLE_OK;
+ }
}
}
#endif
diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h index 7b4c9d2748..6aa9f0d292 100644 --- a/libs/libcurl/src/config-win32.h +++ b/libs/libcurl/src/config-win32.h @@ -149,10 +149,6 @@ /* Define if you have the select function. */
#define HAVE_SELECT 1
-/* Define if libSSH2 is in use */
-#define USE_LIBSSH2 1
-#define HAVE_LIBSSH2_H 1
-
/* Define if you have the setlocale function. */
#define HAVE_SETLOCALE 1
@@ -431,10 +427,6 @@ Vista # endif
#endif
-#ifdef USE_WIN32_LARGE_FILES
-#define HAVE__FSEEKI64
-#endif
-
/* Define to the size of `off_t', as computed by sizeof. */
#if defined(__MINGW32__) && \
defined(_FILE_OFFSET_BITS) && (_FILE_OFFSET_BITS == 64)
@@ -481,9 +473,6 @@ Vista #define USE_WIN32_LDAP 1
#endif
-/* if SSL is enabled */
-#define USE_OPENSSL 1
-
/* Define to use the Windows crypto library. */
#if !defined(CURL_WINDOWS_UWP)
#define USE_WIN32_CRYPTO
diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c index b190bb3767..44197b586c 100644 --- a/libs/libcurl/src/cookie.c +++ b/libs/libcurl/src/cookie.c @@ -833,14 +833,16 @@ parse_netscape(struct Cookie *co, if(ptr)
*ptr = 0; /* clear it */
- firstptr = strtok_r((char *)lineptr, "\t", &tok_buf); /* tokenize on TAB */
+ /* tokenize on TAB */
+ firstptr = Curl_strtok_r((char *)lineptr, "\t", &tok_buf);
/*
* Now loop through the fields and init the struct we already have
* allocated
*/
fields = 0;
- for(ptr = firstptr; ptr; ptr = strtok_r(NULL, "\t", &tok_buf), fields++) {
+ for(ptr = firstptr; ptr;
+ ptr = Curl_strtok_r(NULL, "\t", &tok_buf), fields++) {
switch(fields) {
case 0:
if(ptr[0]=='.') /* skip preceding dots */
@@ -989,7 +991,7 @@ replace_existing(struct Curl_easy *data, size_t myhash = cookiehash(co->domain);
for(n = Curl_llist_head(&ci->cookielist[myhash]); n; n = Curl_node_next(n)) {
struct Cookie *clist = Curl_node_elem(n);
- if(strcasecompare(clist->name, co->name)) {
+ if(!strcmp(clist->name, co->name)) {
/* the names are identical */
bool matching_domains = FALSE;
@@ -1029,7 +1031,7 @@ replace_existing(struct Curl_easy *data, }
}
- if(!replace_n && strcasecompare(clist->name, co->name)) {
+ if(!replace_n && !strcmp(clist->name, co->name)) {
/* the names are identical */
if(clist->domain && co->domain) {
diff --git a/libs/libcurl/src/curl_config.h.cmake b/libs/libcurl/src/curl_config.h.cmake index 6f318d1cf4..3fa058aa19 100644 --- a/libs/libcurl/src/curl_config.h.cmake +++ b/libs/libcurl/src/curl_config.h.cmake @@ -246,9 +246,6 @@ /* Define to 1 if you have the fseeko declaration. */
#cmakedefine HAVE_DECL_FSEEKO 1
-/* Define to 1 if you have the _fseeki64 function. */
-#cmakedefine HAVE__FSEEKI64 1
-
/* Define to 1 if you have the ftruncate function. */
#cmakedefine HAVE_FTRUNCATE 1
diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in index 89b1a8a6cf..60ad77859b 100644 --- a/libs/libcurl/src/curl_config.h.in +++ b/libs/libcurl/src/curl_config.h.in @@ -792,9 +792,6 @@ /* Define to 1 if you have the <zstd.h> header file. */
#undef HAVE_ZSTD_H
-/* Define to 1 if you have the `_fseeki64' function. */
-#undef HAVE__FSEEKI64
-
/* Define to 1 if you have the `_setmode' function. */
#undef HAVE__SETMODE
@@ -881,7 +878,7 @@ /* GSASL support enabled */
#undef USE_GSASL
-/* force HTTPS RR support for ECH */
+/* enable HTTPS RR support */
#undef USE_HTTPSRR
/* if hyper is in use */
diff --git a/libs/libcurl/src/curl_ntlm_core.c b/libs/libcurl/src/curl_ntlm_core.c index 70474b269c..944bfa2c09 100644 --- a/libs/libcurl/src/curl_ntlm_core.c +++ b/libs/libcurl/src/curl_ntlm_core.c @@ -71,13 +71,6 @@ # include <openssl/md5.h>
# include <openssl/ssl.h>
# include <openssl/rand.h>
-#else
-# include <wolfssl/openssl/des.h>
-# include <wolfssl/openssl/md5.h>
-# include <wolfssl/openssl/ssl.h>
-# include <wolfssl/openssl/rand.h>
-#endif
-
# if (defined(OPENSSL_VERSION_NUMBER) && \
(OPENSSL_VERSION_NUMBER < 0x00907001L)) && !defined(USE_WOLFSSL)
# define DES_key_schedule des_key_schedule
@@ -95,6 +88,25 @@ # define DESKEYARG(x) *x
# define DESKEY(x) &x
# endif
+#else
+# include <wolfssl/openssl/des.h>
+# include <wolfssl/openssl/md5.h>
+# include <wolfssl/openssl/ssl.h>
+# include <wolfssl/openssl/rand.h>
+# if defined(OPENSSL_COEXIST)
+# define DES_key_schedule WOLFSSL_DES_key_schedule
+# define DES_cblock WOLFSSL_DES_cblock
+# define DES_set_odd_parity wolfSSL_DES_set_odd_parity
+# define DES_set_key wolfSSL_DES_set_key
+# define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked
+# define DES_ecb_encrypt wolfSSL_DES_ecb_encrypt
+# define DESKEY(x) ((WOLFSSL_DES_key_schedule *)(x))
+# define DESKEYARG(x) *x
+# else
+# define DESKEYARG(x) *x
+# define DESKEY(x) &x
+# endif
+#endif
#elif defined(USE_GNUTLS)
diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h index dc4a4553aa..7c057097ec 100644 --- a/libs/libcurl/src/curl_setup.h +++ b/libs/libcurl/src/curl_setup.h @@ -43,7 +43,7 @@ #include <_mingw.h>
#endif
-/* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0)
+/* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0, 14.2.0 (initial build)
that started advertising the `availability` attribute, which then gets used
by Apple SDK, but, in a way incompatible with gcc, resulting in misc errors
inside SDK headers, e.g.:
@@ -51,13 +51,16 @@ definition
error: expected ',' or '}' before
Followed by missing declarations.
- Fix it by overriding the built-in feature-check macro used by the headers
- to enable the problematic attributes. This makes the feature check fail. */
-#if defined(__APPLE__) && \
- !defined(__clang__) && \
- defined(__GNUC__) && __GNUC__ >= 12 && \
+ Work it around by overriding the built-in feature-check macro used by the
+ headers to enable the problematic attributes. This makes the feature check
+ fail. Fixed in 14.2.0_1. Disable the workaround if the fix is detected. */
+#if defined(__APPLE__) && !defined(__clang__) && defined(__GNUC__) && \
defined(__has_attribute)
-#define availability curl_pp_attribute_disabled
+# if !defined(__has_feature)
+# define availability curl_pp_attribute_disabled
+# elif !__has_feature(attribute_availability)
+# define availability curl_pp_attribute_disabled
+# endif
#endif
#if defined(__APPLE__)
@@ -102,6 +105,16 @@ # ifndef NOGDI
# define NOGDI
# endif
+/* Detect Windows App environment which has a restricted access
+ * to the Win32 APIs. */
+# if (defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0602)) || \
+ defined(WINAPI_FAMILY)
+# include <winapifamily.h>
+# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \
+ !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+# define CURL_WINDOWS_UWP
+# endif
+# endif
#endif
/* Compatibility */
@@ -277,6 +290,14 @@ # define CURL_DISABLE_HTTP_AUTH 1
#endif
+/*
+ * ECH requires HTTPSRR.
+ */
+
+#if defined(USE_ECH) && !defined(USE_HTTPSRR)
+# define USE_HTTPSRR
+#endif
+
/* ================================================================ */
/* No system header file shall be included in this file before this */
/* point. */
@@ -444,6 +465,12 @@ #include <curl/stdcheaders.h>
#endif
+#ifdef _WIN32
+#define Curl_getpid() GetCurrentProcessId()
+#else
+#define Curl_getpid() getpid()
+#endif
+
/*
* Large file (>2Gb) support using Win32 functions.
*/
diff --git a/libs/libcurl/src/curl_trc.c b/libs/libcurl/src/curl_trc.c index 3385cd3da2..9075de25fd 100644 --- a/libs/libcurl/src/curl_trc.c +++ b/libs/libcurl/src/curl_trc.c @@ -365,7 +365,7 @@ static CURLcode trc_opt(const char *config) if(!tmp)
return CURLE_OUT_OF_MEMORY;
- token = strtok_r(tmp, ", ", &tok_buf);
+ token = Curl_strtok_r(tmp, ", ", &tok_buf);
while(token) {
switch(*token) {
case '-':
@@ -391,7 +391,7 @@ static CURLcode trc_opt(const char *config) else
trc_apply_level_by_name(token, lvl);
- token = strtok_r(NULL, ", ", &tok_buf);
+ token = Curl_strtok_r(NULL, ", ", &tok_buf);
}
free(tmp);
return CURLE_OK;
diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c index ae99f6d84c..54269e34d9 100644 --- a/libs/libcurl/src/easy.c +++ b/libs/libcurl/src/easy.c @@ -940,6 +940,7 @@ CURL *curl_easy_duphandle(CURL *d) goto fail;
Curl_dyn_init(&outcurl->state.headerb, CURL_MAX_HTTP_HEADER);
+ Curl_netrc_init(&outcurl->state.netrc);
/* the connection pool is setup on demand */
outcurl->state.lastconnect_id = -1;
diff --git a/libs/libcurl/src/formdata.c b/libs/libcurl/src/formdata.c index 2f45376413..84ad27891d 100644 --- a/libs/libcurl/src/formdata.c +++ b/libs/libcurl/src/formdata.c @@ -793,7 +793,7 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len) /* wrap call to fseeko so it matches the calling convention of callback */
static int fseeko_wrapper(void *stream, curl_off_t offset, int whence)
{
-#if defined(HAVE__FSEEKI64)
+#if defined(_WIN32) && defined(USE_WIN32_LARGE_FILES)
return _fseeki64(stream, (__int64)offset, whence);
#elif defined(HAVE_FSEEKO) && defined(HAVE_DECL_FSEEKO)
return fseeko(stream, (off_t)offset, whence);
diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c index 2629492504..151fc7bf9d 100644 --- a/libs/libcurl/src/hostip.c +++ b/libs/libcurl/src/hostip.c @@ -798,7 +798,9 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, return CURLRESOLV_ERROR;
if(strcasecompare(hostname, "localhost") ||
- tailmatch(hostname, ".localhost"))
+ strcasecompare(hostname, "localhost.") ||
+ tailmatch(hostname, ".localhost") ||
+ tailmatch(hostname, ".localhost."))
addr = get_localhost(port, hostname);
#ifndef CURL_DISABLE_DOH
else if(allowDOH && data->set.doh && !ipnum)
diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c index 6d61a9ec34..ed8a3598f1 100644 --- a/libs/libcurl/src/http.c +++ b/libs/libcurl/src/http.c @@ -1229,163 +1229,6 @@ static const char *get_http_string(const struct Curl_easy *data, }
#endif
-enum proxy_use {
- HEADER_SERVER, /* direct to server */
- HEADER_PROXY, /* regular request to proxy */
- HEADER_CONNECT /* sending CONNECT to a proxy */
-};
-
-static bool hd_name_eq(const char *n1, size_t n1len,
- const char *n2, size_t n2len)
-{
- if(n1len == n2len) {
- return strncasecompare(n1, n2, n1len);
- }
- return FALSE;
-}
-
-CURLcode Curl_dynhds_add_custom(struct Curl_easy *data,
- bool is_connect,
- struct dynhds *hds)
-{
- struct connectdata *conn = data->conn;
- char *ptr;
- struct curl_slist *h[2];
- struct curl_slist *headers;
- int numlists = 1; /* by default */
- int i;
-
-#ifndef CURL_DISABLE_PROXY
- enum proxy_use proxy;
-
- if(is_connect)
- proxy = HEADER_CONNECT;
- else
- proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy ?
- HEADER_PROXY : HEADER_SERVER;
-
- switch(proxy) {
- case HEADER_SERVER:
- h[0] = data->set.headers;
- break;
- case HEADER_PROXY:
- h[0] = data->set.headers;
- if(data->set.sep_headers) {
- h[1] = data->set.proxyheaders;
- numlists++;
- }
- break;
- case HEADER_CONNECT:
- if(data->set.sep_headers)
- h[0] = data->set.proxyheaders;
- else
- h[0] = data->set.headers;
- break;
- }
-#else
- (void)is_connect;
- h[0] = data->set.headers;
-#endif
-
- /* loop through one or two lists */
- for(i = 0; i < numlists; i++) {
- for(headers = h[i]; headers; headers = headers->next) {
- const char *name, *value;
- size_t namelen, valuelen;
-
- /* There are 2 quirks in place for custom headers:
- * 1. setting only 'name:' to suppress a header from being sent
- * 2. setting only 'name;' to send an empty (illegal) header
- */
- ptr = strchr(headers->data, ':');
- if(ptr) {
- name = headers->data;
- namelen = ptr - headers->data;
- ptr++; /* pass the colon */
- while(*ptr && ISSPACE(*ptr))
- ptr++;
- if(*ptr) {
- value = ptr;
- valuelen = strlen(value);
- }
- else {
- /* quirk #1, suppress this header */
- continue;
- }
- }
- else {
- ptr = strchr(headers->data, ';');
-
- if(!ptr) {
- /* neither : nor ; in provided header value. We seem
- * to ignore this silently */
- continue;
- }
-
- name = headers->data;
- namelen = ptr - headers->data;
- ptr++; /* pass the semicolon */
- while(*ptr && ISSPACE(*ptr))
- ptr++;
- if(!*ptr) {
- /* quirk #2, send an empty header */
- value = "";
- valuelen = 0;
- }
- else {
- /* this may be used for something else in the future,
- * ignore this for now */
- continue;
- }
- }
-
- DEBUGASSERT(name && value);
- if(data->state.aptr.host &&
- /* a Host: header was sent already, do not pass on any custom Host:
- header as that will produce *two* in the same request! */
- hd_name_eq(name, namelen, STRCONST("Host:")))
- ;
- else if(data->state.httpreq == HTTPREQ_POST_FORM &&
- /* this header (extended by formdata.c) is sent later */
- hd_name_eq(name, namelen, STRCONST("Content-Type:")))
- ;
- else if(data->state.httpreq == HTTPREQ_POST_MIME &&
- /* this header is sent later */
- hd_name_eq(name, namelen, STRCONST("Content-Type:")))
- ;
- else if(data->req.authneg &&
- /* while doing auth neg, do not allow the custom length since
- we will force length zero then */
- hd_name_eq(name, namelen, STRCONST("Content-Length:")))
- ;
- else if(data->state.aptr.te &&
- /* when asking for Transfer-Encoding, do not pass on a custom
- Connection: */
- hd_name_eq(name, namelen, STRCONST("Connection:")))
- ;
- else if((conn->httpversion >= 20) &&
- hd_name_eq(name, namelen, STRCONST("Transfer-Encoding:")))
- /* HTTP/2 does not support chunked requests */
- ;
- else if((hd_name_eq(name, namelen, STRCONST("Authorization:")) ||
- hd_name_eq(name, namelen, STRCONST("Cookie:"))) &&
- /* be careful of sending this potentially sensitive header to
- other hosts */
- !Curl_auth_allowed_to_host(data))
- ;
- else {
- CURLcode result;
-
- result = Curl_dynhds_add(hds, name, namelen, value, valuelen);
- if(result)
- return result;
- }
- }
- }
-
- return CURLE_OK;
-}
-
CURLcode Curl_add_custom_headers(struct Curl_easy *data,
bool is_connect,
#ifndef USE_HYPER
@@ -1403,7 +1246,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, int i;
#ifndef CURL_DISABLE_PROXY
- enum proxy_use proxy;
+ enum Curl_proxy_use proxy;
if(is_connect)
proxy = HEADER_CONNECT;
diff --git a/libs/libcurl/src/http.h b/libs/libcurl/src/http.h index 677825ae73..c1b02dd992 100644 --- a/libs/libcurl/src/http.h +++ b/libs/libcurl/src/http.h @@ -89,9 +89,6 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, void *headers
#endif
);
-CURLcode Curl_dynhds_add_custom(struct Curl_easy *data,
- bool is_connect,
- struct dynhds *hds);
void Curl_http_method(struct Curl_easy *data, struct connectdata *conn,
const char **method, Curl_HttpReq *);
diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c index b9a21d2987..c5f10c678b 100644 --- a/libs/libcurl/src/http2.c +++ b/libs/libcurl/src/http2.c @@ -433,6 +433,8 @@ static int h2_client_new(struct Curl_cfilter *cf, {
struct cf_h2_ctx *ctx = cf->ctx;
nghttp2_option *o;
+ nghttp2_mem mem = {NULL, Curl_nghttp2_malloc, Curl_nghttp2_free,
+ Curl_nghttp2_calloc, Curl_nghttp2_realloc};
int rc = nghttp2_option_new(&o);
if(rc)
@@ -445,7 +447,7 @@ static int h2_client_new(struct Curl_cfilter *cf, HTTP field value. */
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation(o, 1);
#endif
- rc = nghttp2_session_client_new2(&ctx->h2, cbs, cf, o);
+ rc = nghttp2_session_client_new3(&ctx->h2, cbs, cf, o, &mem);
nghttp2_option_del(o);
return rc;
}
@@ -2960,6 +2962,30 @@ bool Curl_h2_http_1_1_error(struct Curl_easy *data) return FALSE;
}
+void *Curl_nghttp2_malloc(size_t size, void *user_data)
+{
+ (void)user_data;
+ return Curl_cmalloc(size);
+}
+
+void Curl_nghttp2_free(void *ptr, void *user_data)
+{
+ (void)user_data;
+ Curl_cfree(ptr);
+}
+
+void *Curl_nghttp2_calloc(size_t nmemb, size_t size, void *user_data)
+{
+ (void)user_data;
+ return Curl_ccalloc(nmemb, size);
+}
+
+void *Curl_nghttp2_realloc(void *ptr, size_t size, void *user_data)
+{
+ (void)user_data;
+ return Curl_crealloc(ptr, size);
+}
+
#else /* !USE_NGHTTP2 */
/* Satisfy external references even if http2 is not compiled in. */
diff --git a/libs/libcurl/src/http2.h b/libs/libcurl/src/http2.h index 3c6ffae278..b67a7e170d 100644 --- a/libs/libcurl/src/http2.h +++ b/libs/libcurl/src/http2.h @@ -60,6 +60,11 @@ CURLcode Curl_http2_upgrade(struct Curl_easy *data, struct connectdata *conn, int sockindex,
const char *ptr, size_t nread);
+void *Curl_nghttp2_malloc(size_t size, void *user_data);
+void Curl_nghttp2_free(void *ptr, void *user_data);
+void *Curl_nghttp2_calloc(size_t nmemb, size_t size, void *user_data);
+void *Curl_nghttp2_realloc(void *ptr, size_t size, void *user_data);
+
extern struct Curl_cftype Curl_cft_nghttp2;
#else /* USE_NGHTTP2 */
diff --git a/libs/libcurl/src/http_negotiate.c b/libs/libcurl/src/http_negotiate.c index 858a797d8b..d8b44abdd1 100644 --- a/libs/libcurl/src/http_negotiate.c +++ b/libs/libcurl/src/http_negotiate.c @@ -110,7 +110,7 @@ CURLcode Curl_input_negotiate(struct Curl_easy *data, struct connectdata *conn, /* Check if the connection is using SSL and get the channel binding data */
#if defined(USE_SSL) && defined(HAVE_GSSAPI)
if(conn->handler->flags & PROTOPT_SSL) {
- Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE);
+ Curl_dyn_init(&neg_ctx->channel_binding_data, SSL_CB_MAX_SIZE + 1);
result = Curl_ssl_get_channel_binding(
data, FIRSTSOCKET, &neg_ctx->channel_binding_data);
if(result) {
diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c index c2c7ef6e37..684bd738b6 100644 --- a/libs/libcurl/src/http_proxy.c +++ b/libs/libcurl/src/http_proxy.c @@ -45,12 +45,155 @@ #include "vtls/vtls.h"
#include "transfer.h"
#include "multiif.h"
+#include "vauth/vauth.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
#include "memdebug.h"
+static bool hd_name_eq(const char *n1, size_t n1len,
+ const char *n2, size_t n2len)
+{
+ return (n1len == n2len) ? strncasecompare(n1, n2, n1len) : FALSE;
+}
+
+static CURLcode dynhds_add_custom(struct Curl_easy *data,
+ bool is_connect,
+ struct dynhds *hds)
+{
+ struct connectdata *conn = data->conn;
+ char *ptr;
+ struct curl_slist *h[2];
+ struct curl_slist *headers;
+ int numlists = 1; /* by default */
+ int i;
+
+ enum Curl_proxy_use proxy;
+
+ if(is_connect)
+ proxy = HEADER_CONNECT;
+ else
+ proxy = conn->bits.httpproxy && !conn->bits.tunnel_proxy ?
+ HEADER_PROXY : HEADER_SERVER;
+
+ switch(proxy) {
+ case HEADER_SERVER:
+ h[0] = data->set.headers;
+ break;
+ case HEADER_PROXY:
+ h[0] = data->set.headers;
+ if(data->set.sep_headers) {
+ h[1] = data->set.proxyheaders;
+ numlists++;
+ }
+ break;
+ case HEADER_CONNECT:
+ if(data->set.sep_headers)
+ h[0] = data->set.proxyheaders;
+ else
+ h[0] = data->set.headers;
+ break;
+ }
+
+ /* loop through one or two lists */
+ for(i = 0; i < numlists; i++) {
+ for(headers = h[i]; headers; headers = headers->next) {
+ const char *name, *value;
+ size_t namelen, valuelen;
+
+ /* There are 2 quirks in place for custom headers:
+ * 1. setting only 'name:' to suppress a header from being sent
+ * 2. setting only 'name;' to send an empty (illegal) header
+ */
+ ptr = strchr(headers->data, ':');
+ if(ptr) {
+ name = headers->data;
+ namelen = ptr - headers->data;
+ ptr++; /* pass the colon */
+ while(*ptr && ISSPACE(*ptr))
+ ptr++;
+ if(*ptr) {
+ value = ptr;
+ valuelen = strlen(value);
+ }
+ else {
+ /* quirk #1, suppress this header */
+ continue;
+ }
+ }
+ else {
+ ptr = strchr(headers->data, ';');
+
+ if(!ptr) {
+ /* neither : nor ; in provided header value. We seem
+ * to ignore this silently */
+ continue;
+ }
+
+ name = headers->data;
+ namelen = ptr - headers->data;
+ ptr++; /* pass the semicolon */
+ while(*ptr && ISSPACE(*ptr))
+ ptr++;
+ if(!*ptr) {
+ /* quirk #2, send an empty header */
+ value = "";
+ valuelen = 0;
+ }
+ else {
+ /* this may be used for something else in the future,
+ * ignore this for now */
+ continue;
+ }
+ }
+
+ DEBUGASSERT(name && value);
+ if(data->state.aptr.host &&
+ /* a Host: header was sent already, do not pass on any custom Host:
+ header as that will produce *two* in the same request! */
+ hd_name_eq(name, namelen, STRCONST("Host:")))
+ ;
+ else if(data->state.httpreq == HTTPREQ_POST_FORM &&
+ /* this header (extended by formdata.c) is sent later */
+ hd_name_eq(name, namelen, STRCONST("Content-Type:")))
+ ;
+ else if(data->state.httpreq == HTTPREQ_POST_MIME &&
+ /* this header is sent later */
+ hd_name_eq(name, namelen, STRCONST("Content-Type:")))
+ ;
+ else if(data->req.authneg &&
+ /* while doing auth neg, do not allow the custom length since
+ we will force length zero then */
+ hd_name_eq(name, namelen, STRCONST("Content-Length:")))
+ ;
+ else if(data->state.aptr.te &&
+ /* when asking for Transfer-Encoding, do not pass on a custom
+ Connection: */
+ hd_name_eq(name, namelen, STRCONST("Connection:")))
+ ;
+ else if((conn->httpversion >= 20) &&
+ hd_name_eq(name, namelen, STRCONST("Transfer-Encoding:")))
+ /* HTTP/2 does not support chunked requests */
+ ;
+ else if((hd_name_eq(name, namelen, STRCONST("Authorization:")) ||
+ hd_name_eq(name, namelen, STRCONST("Cookie:"))) &&
+ /* be careful of sending this potentially sensitive header to
+ other hosts */
+ !Curl_auth_allowed_to_host(data))
+ ;
+ else {
+ CURLcode result;
+
+ result = Curl_dynhds_add(hds, name, namelen, value, valuelen);
+ if(result)
+ return result;
+ }
+ }
+ }
+
+ return CURLE_OK;
+}
CURLcode Curl_http_proxy_get_destination(struct Curl_cfilter *cf,
const char **phostname,
@@ -146,7 +289,7 @@ CURLcode Curl_http_proxy_create_CONNECT(struct httpreq **preq, goto out;
}
- result = Curl_dynhds_add_custom(data, TRUE, &req->headers);
+ result = dynhds_add_custom(data, TRUE, &req->headers);
out:
if(result && req) {
diff --git a/libs/libcurl/src/http_proxy.h b/libs/libcurl/src/http_proxy.h index 5566a7c0bd..95f4c7522c 100644 --- a/libs/libcurl/src/http_proxy.h +++ b/libs/libcurl/src/http_proxy.h @@ -30,6 +30,12 @@ #include "urldata.h"
+enum Curl_proxy_use {
+ HEADER_SERVER, /* direct to server */
+ HEADER_PROXY, /* regular request to proxy */
+ HEADER_CONNECT /* sending CONNECT to a proxy */
+};
+
CURLcode Curl_http_proxy_get_destination(struct Curl_cfilter *cf,
const char **phostname,
int *pport, bool *pipv6_ip);
diff --git a/libs/libcurl/src/krb5.c b/libs/libcurl/src/krb5.c index 22eef17139..bb1ea644a8 100644 --- a/libs/libcurl/src/krb5.c +++ b/libs/libcurl/src/krb5.c @@ -202,7 +202,8 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) data->set.str[STRING_SERVICE_NAME] :
"ftp";
const char *srv_host = "host";
- gss_buffer_desc input_buffer, output_buffer, _gssresp, *gssresp;
+ gss_buffer_desc input_buffer, output_buffer, *gssresp;
+ gss_buffer_desc _gssresp = GSS_C_EMPTY_BUFFER;
OM_uint32 maj, min;
gss_name_t gssname;
gss_ctx_id_t *context = app_data;
@@ -363,7 +364,7 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) free(_gssresp.value);
if(ret == AUTH_OK || service == srv_host)
- return ret;
+ break;
service = srv_host;
}
@@ -372,13 +373,13 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) static void krb5_end(void *app_data)
{
- OM_uint32 min;
- gss_ctx_id_t *context = app_data;
- if(*context != GSS_C_NO_CONTEXT) {
- OM_uint32 maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
- (void)maj;
- DEBUGASSERT(maj == GSS_S_COMPLETE);
- }
+ OM_uint32 min;
+ gss_ctx_id_t *context = app_data;
+ if(*context != GSS_C_NO_CONTEXT) {
+ OM_uint32 maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+ (void)maj;
+ DEBUGASSERT(maj == GSS_S_COMPLETE);
+ }
}
static const struct Curl_sec_client_mech Curl_krb5_client_mech = {
@@ -612,10 +613,10 @@ static ssize_t sec_recv(struct Curl_easy *data, int sockindex, return total_read;
}
-/* Send |length| bytes from |from| to the |fd| socket taking care of encoding
- and negotiating with the server. |from| can be NULL. */
+/* Send |length| bytes from |from| to the |sockindex| socket taking care of
+ encoding and negotiating with the server. |from| can be NULL. */
static void do_sec_send(struct Curl_easy *data, struct connectdata *conn,
- curl_socket_t fd, const char *from, int length)
+ int sockindex, const char *from, int length)
{
int bytes, htonl_bytes; /* 32-bit integers for htonl */
char *buffer = NULL;
@@ -649,12 +650,12 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, static const char *enc = "ENC ";
static const char *mic = "MIC ";
if(prot_level == PROT_PRIVATE)
- socket_write(data, fd, enc, 4);
+ socket_write(data, sockindex, enc, 4);
else
- socket_write(data, fd, mic, 4);
+ socket_write(data, sockindex, mic, 4);
- socket_write(data, fd, cmd_buffer, cmd_size);
- socket_write(data, fd, "\r\n", 2);
+ socket_write(data, sockindex, cmd_buffer, cmd_size);
+ socket_write(data, sockindex, "\r\n", 2);
infof(data, "Send: %s%s", prot_level == PROT_PRIVATE ? enc : mic,
cmd_buffer);
free(cmd_buffer);
@@ -662,14 +663,14 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, }
else {
htonl_bytes = (int)htonl((OM_uint32)bytes);
- socket_write(data, fd, &htonl_bytes, sizeof(htonl_bytes));
- socket_write(data, fd, buffer, curlx_sitouz(bytes));
+ socket_write(data, sockindex, &htonl_bytes, sizeof(htonl_bytes));
+ socket_write(data, sockindex, buffer, curlx_sitouz(bytes));
}
free(buffer);
}
static ssize_t sec_write(struct Curl_easy *data, struct connectdata *conn,
- curl_socket_t fd, const char *buffer, size_t length)
+ int sockindex, const char *buffer, size_t length)
{
ssize_t tx = 0, len = conn->buffer_size;
@@ -679,7 +680,7 @@ static ssize_t sec_write(struct Curl_easy *data, struct connectdata *conn, if(length < (size_t)len)
len = length;
- do_sec_send(data, conn, fd, buffer, curlx_sztosi(len));
+ do_sec_send(data, conn, sockindex, buffer, curlx_sztosi(len));
length -= len;
buffer += len;
tx += len;
@@ -693,10 +694,9 @@ static ssize_t sec_send(struct Curl_easy *data, int sockindex, CURLcode *err)
{
struct connectdata *conn = data->conn;
- curl_socket_t fd = conn->sock[sockindex];
(void)eos; /* unused */
*err = CURLE_OK;
- return sec_write(data, conn, fd, buffer, len);
+ return sec_write(data, conn, sockindex, buffer, len);
}
int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn,
diff --git a/libs/libcurl/src/ldap.c b/libs/libcurl/src/ldap.c index 6bc73526d7..4e73c241d8 100644 --- a/libs/libcurl/src/ldap.c +++ b/libs/libcurl/src/ldap.c @@ -825,8 +825,8 @@ static bool split_str(char *str, char ***out, size_t *count) if(!res)
return FALSE;
- for(i = 0, s = strtok_r(str, ",", &lasts); s && i < items;
- s = strtok_r(NULL, ",", &lasts), i++)
+ for(i = 0, s = Curl_strtok_r(str, ",", &lasts); s && i < items;
+ s = Curl_strtok_r(NULL, ",", &lasts), i++)
res[i] = s;
*out = res;
diff --git a/libs/libcurl/src/md4.c b/libs/libcurl/src/md4.c index cbeaa0ff55..f7e5865bae 100644 --- a/libs/libcurl/src/md4.c +++ b/libs/libcurl/src/md4.c @@ -115,6 +115,13 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) #elif defined(USE_WOLFSSL) && !defined(WOLFSSL_NO_MD4)
+#ifdef OPENSSL_COEXIST
+ #define MD4_CTX WOLFSSL_MD4_CTX
+ #define MD4_Init wolfSSL_MD4_Init
+ #define MD4_Update wolfSSL_MD4_Update
+ #define MD4_Final wolfSSL_MD4_Final
+#endif
+
#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
#elif defined(AN_APPLE_OS)
diff --git a/libs/libcurl/src/md5.c b/libs/libcurl/src/md5.c index 2f7f913ad6..ed0f801aa2 100644 --- a/libs/libcurl/src/md5.c +++ b/libs/libcurl/src/md5.c @@ -106,7 +106,8 @@ static void my_md5_final(unsigned char *digest, void *ctx) md5_digest(ctx, 16, digest);
}
-#elif defined(USE_OPENSSL_MD5) || defined(USE_WOLFSSL_MD5)
+#elif defined(USE_OPENSSL_MD5) || \
+ (defined(USE_WOLFSSL_MD5) && !defined(OPENSSL_COEXIST))
typedef MD5_CTX my_md5_ctx;
@@ -130,6 +131,30 @@ static void my_md5_final(unsigned char *digest, void *ctx) (void)MD5_Final(digest, ctx);
}
+#elif defined(USE_WOLFSSL_MD5)
+
+typedef WOLFSSL_MD5_CTX my_md5_ctx;
+
+static CURLcode my_md5_init(void *ctx)
+{
+ if(!wolfSSL_MD5_Init(ctx))
+ return CURLE_OUT_OF_MEMORY;
+
+ return CURLE_OK;
+}
+
+static void my_md5_update(void *ctx,
+ const unsigned char *input,
+ unsigned int len)
+{
+ (void)wolfSSL_MD5_Update(ctx, input, len);
+}
+
+static void my_md5_final(unsigned char *digest, void *ctx)
+{
+ (void)wolfSSL_MD5_Final(digest, ctx);
+}
+
#elif defined(USE_MBEDTLS)
typedef mbedtls_md5_context my_md5_ctx;
diff --git a/libs/libcurl/src/mime.c b/libs/libcurl/src/mime.c index a07449888d..e9aba3488a 100644 --- a/libs/libcurl/src/mime.c +++ b/libs/libcurl/src/mime.c @@ -1926,6 +1926,7 @@ struct cr_mime_ctx { curl_off_t total_len;
curl_off_t read_len;
CURLcode error_result;
+ struct bufq tmpbuf;
BIT(seen_eos);
BIT(errored);
};
@@ -1937,9 +1938,18 @@ static CURLcode cr_mime_init(struct Curl_easy *data, (void)data;
ctx->total_len = -1;
ctx->read_len = 0;
+ Curl_bufq_init2(&ctx->tmpbuf, 1024, 1, BUFQ_OPT_NO_SPARES);
return CURLE_OK;
}
+static void cr_mime_close(struct Curl_easy *data,
+ struct Curl_creader *reader)
+{
+ struct cr_mime_ctx *ctx = reader->ctx;
+ (void)data;
+ Curl_bufq_free(&ctx->tmpbuf);
+}
+
/* Real client reader to installed client callbacks. */
static CURLcode cr_mime_read(struct Curl_easy *data,
struct Curl_creader *reader,
@@ -1948,6 +1958,7 @@ static CURLcode cr_mime_read(struct Curl_easy *data, {
struct cr_mime_ctx *ctx = reader->ctx;
size_t nread;
+ char tmp[256];
/* Once we have errored, we will return the same error forever */
@@ -1973,18 +1984,46 @@ static CURLcode cr_mime_read(struct Curl_easy *data, blen = (size_t)remain;
}
- if(blen <= 4) {
- /* TODO: Curl_mime_read() may go into an infinite loop when reading
- * such small lengths. Returning 0 bytes read is a fix that only works
- * as request upload buffers will get flushed eventually and larger
- * reads will happen again. */
- CURL_TRC_READ(data, "cr_mime_read(len=%zu), too small, return", blen);
- *pnread = 0;
- *peos = FALSE;
- goto out;
+ if(!Curl_bufq_is_empty(&ctx->tmpbuf)) {
+ CURLcode result = CURLE_OK;
+ ssize_t n = Curl_bufq_read(&ctx->tmpbuf, (unsigned char *)buf, blen,
+ &result);
+ if(n < 0) {
+ ctx->errored = TRUE;
+ ctx->error_result = result;
+ return result;
+ }
+ nread = (size_t)n;
+ }
+ else if(blen <= 4) {
+ /* Curl_mime_read() may go into an infinite loop when reading
+ * via a base64 encoder, as it stalls when the read buffer is too small
+ * to contain a complete 3 byte encoding. Read into a larger buffer
+ * and use that until empty. */
+ CURL_TRC_READ(data, "cr_mime_read(len=%zu), small read, using tmp", blen);
+ nread = Curl_mime_read(tmp, 1, sizeof(tmp), ctx->part);
+ if(nread <= sizeof(tmp)) {
+ CURLcode result = CURLE_OK;
+ ssize_t n = Curl_bufq_write(&ctx->tmpbuf, (unsigned char *)tmp, nread,
+ &result);
+ if(n < 0) {
+ ctx->errored = TRUE;
+ ctx->error_result = result;
+ return result;
+ }
+ /* stored it, read again */
+ n = Curl_bufq_read(&ctx->tmpbuf, (unsigned char *)buf, blen, &result);
+ if(n < 0) {
+ ctx->errored = TRUE;
+ ctx->error_result = result;
+ return result;
+ }
+ nread = (size_t)n;
+ }
}
+ else
+ nread = Curl_mime_read(buf, 1, blen, ctx->part);
- nread = Curl_mime_read(buf, 1, blen, ctx->part);
CURL_TRC_READ(data, "cr_mime_read(len=%zu), mime_read() -> %zd",
blen, nread);
@@ -2044,7 +2083,6 @@ static CURLcode cr_mime_read(struct Curl_easy *data, break;
}
-out:
CURL_TRC_READ(data, "cr_mime_read(len=%zu, total=%" FMT_OFF_T
", read=%"FMT_OFF_T") -> %d, %zu, %d",
blen, ctx->total_len, ctx->read_len, CURLE_OK, *pnread, *peos);
@@ -2140,7 +2178,7 @@ static const struct Curl_crtype cr_mime = { "cr-mime",
cr_mime_init,
cr_mime_read,
- Curl_creader_def_close,
+ cr_mime_close,
cr_mime_needs_rewind,
cr_mime_total_length,
cr_mime_resume_from,
diff --git a/libs/libcurl/src/mprintf.c b/libs/libcurl/src/mprintf.c index 2e4a2580a3..5722c6d838 100644 --- a/libs/libcurl/src/mprintf.c +++ b/libs/libcurl/src/mprintf.c @@ -321,10 +321,10 @@ static int parsefmt(const char *format, fmt++;
}
while(ISDIGIT(*fmt)) {
- if(precision > INT_MAX/10)
+ int n = *fmt - '0';
+ if(precision > (INT_MAX - n) / 10)
return PFMT_PREC;
- precision *= 10;
- precision += *fmt - '0';
+ precision = precision * 10 + n;
fmt++;
}
if(is_neg)
@@ -397,10 +397,10 @@ static int parsefmt(const char *format, width = 0;
fmt--;
do {
- if(width > INT_MAX/10)
+ int n = *fmt - '0';
+ if(width > (INT_MAX - n) / 10)
return PFMT_WIDTH;
- width *= 10;
- width += *fmt - '0';
+ width = width * 10 + n;
fmt++;
} while(ISDIGIT(*fmt));
break;
diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c index d89657e2f3..b79a577d9e 100644 --- a/libs/libcurl/src/multi.c +++ b/libs/libcurl/src/multi.c @@ -1541,6 +1541,9 @@ CURLMcode curl_multi_wakeup(CURLM *m) if(multi->wakeup_pair[1] != CURL_SOCKET_BAD) {
#ifdef USE_EVENTFD
buf = &val;
+ /* eventfd has a stringent rule of requiring the 8-byte buffer when
+ calling write(2) on it, which makes the sizeof(buf) below fine since
+ this is only used on 64-bit systems and then the pointer is 64-bit */
#else
buf[0] = 1;
#endif
@@ -3586,6 +3589,14 @@ static CURLMcode multi_socket(struct Curl_multi *multi, }
}
}
+ else {
+ /* Asked to run due to time-out. Clear the 'last_expire_ts' variable to
+ force Curl_update_timer() to trigger a callback to the app again even
+ if the same timeout is still the one to run after this call. That
+ handles the case when the application asks libcurl to run the timeout
+ prematurely. */
+ memset(&multi->last_expire_ts, 0, sizeof(multi->last_expire_ts));
+ }
result = multi_run_expired(&mrc);
if(result)
diff --git a/libs/libcurl/src/netrc.c b/libs/libcurl/src/netrc.c index 59759fe4a9..fed826a12d 100644 --- a/libs/libcurl/src/netrc.c +++ b/libs/libcurl/src/netrc.c @@ -54,13 +54,16 @@ enum found_state { PASSWORD
};
+#define FOUND_LOGIN 1
+#define FOUND_PASSWORD 2
+
#define NETRC_FILE_MISSING 1
#define NETRC_FAILED -1
#define NETRC_SUCCESS 0
-#define MAX_NETRC_LINE 4096
-#define MAX_NETRC_FILE (64*1024)
-#define MAX_NETRC_TOKEN 128
+#define MAX_NETRC_LINE 16384
+#define MAX_NETRC_FILE (128*1024)
+#define MAX_NETRC_TOKEN 4096
static CURLcode file2memory(const char *filename, struct dynbuf *filebuf)
{
@@ -94,24 +97,24 @@ done: */
static int parsenetrc(struct store_netrc *store,
const char *host,
- char **loginp,
+ char **loginp, /* might point to a username */
char **passwordp,
const char *netrcfile)
{
int retcode = NETRC_FILE_MISSING;
char *login = *loginp;
- char *password = *passwordp;
- bool specific_login = (login && *login != 0);
- bool login_alloc = FALSE;
- bool password_alloc = FALSE;
+ char *password = NULL;
+ bool specific_login = !!login; /* points to something */
enum host_lookup_state state = NOTHING;
- enum found_state found = NONE;
- bool our_login = TRUE; /* With specific_login, found *our* login name (or
- login-less line) */
+ enum found_state keyword = NONE;
+ unsigned char found = 0; /* login + password found bits, as they can come in
+ any order */
+ bool our_login = FALSE; /* found our login name */
bool done = FALSE;
char *netrcbuffer;
struct dynbuf token;
struct dynbuf *filebuf = &store->filebuf;
+ DEBUGASSERT(!*passwordp);
Curl_dyn_init(&token, MAX_NETRC_TOKEN);
if(!store->loaded) {
@@ -124,7 +127,7 @@ static int parsenetrc(struct store_netrc *store, while(!done) {
char *tok = netrcbuffer;
- while(tok) {
+ while(tok && !done) {
char *tok_end;
bool quoted;
Curl_dyn_reset(&token);
@@ -198,11 +201,6 @@ static int parsenetrc(struct store_netrc *store, }
}
- if((login && *login) && (password && *password)) {
- done = TRUE;
- break;
- }
-
tok = Curl_dyn_ptr(&token);
switch(state) {
@@ -212,11 +210,18 @@ static int parsenetrc(struct store_netrc *store, contents begin with the next .netrc line and continue until a
null line (consecutive new-line characters) is encountered. */
state = MACDEF;
- else if(strcasecompare("machine", tok))
+ else if(strcasecompare("machine", tok)) {
/* the next tok is the machine name, this is in itself the delimiter
that starts the stuff entered for this machine, after this we
need to search for 'login' and 'password'. */
state = HOSTFOUND;
+ keyword = NONE;
+ found = 0;
+ our_login = FALSE;
+ Curl_safefree(password);
+ if(!specific_login)
+ Curl_safefree(login);
+ }
else if(strcasecompare("default", tok)) {
state = HOSTVALID;
retcode = NETRC_SUCCESS; /* we did find our host */
@@ -238,44 +243,54 @@ static int parsenetrc(struct store_netrc *store, break;
case HOSTVALID:
/* we are now parsing sub-keywords concerning "our" host */
- if(found == LOGIN) {
- if(specific_login) {
+ if(keyword == LOGIN) {
+ if(specific_login)
our_login = !Curl_timestrcmp(login, tok);
- }
- else if(!login || Curl_timestrcmp(login, tok)) {
- if(login_alloc)
- free(login);
+ else {
+ our_login = TRUE;
+ free(login);
login = strdup(tok);
if(!login) {
retcode = NETRC_FAILED; /* allocation failed */
goto out;
}
- login_alloc = TRUE;
}
- found = NONE;
+ found |= FOUND_LOGIN;
+ keyword = NONE;
}
- else if(found == PASSWORD) {
- if((our_login || !specific_login) &&
- (!password || Curl_timestrcmp(password, tok))) {
- if(password_alloc)
- free(password);
- password = strdup(tok);
- if(!password) {
- retcode = NETRC_FAILED; /* allocation failed */
- goto out;
- }
- password_alloc = TRUE;
+ else if(keyword == PASSWORD) {
+ free(password);
+ password = strdup(tok);
+ if(!password) {
+ retcode = NETRC_FAILED; /* allocation failed */
+ goto out;
}
- found = NONE;
+ found |= FOUND_PASSWORD;
+ keyword = NONE;
}
else if(strcasecompare("login", tok))
- found = LOGIN;
+ keyword = LOGIN;
else if(strcasecompare("password", tok))
- found = PASSWORD;
+ keyword = PASSWORD;
else if(strcasecompare("machine", tok)) {
- /* ok, there is machine here go => */
+ /* a new machine here */
state = HOSTFOUND;
- found = NONE;
+ keyword = NONE;
+ found = 0;
+ Curl_safefree(password);
+ if(!specific_login)
+ Curl_safefree(login);
+ }
+ else if(strcasecompare("default", tok)) {
+ state = HOSTVALID;
+ retcode = NETRC_SUCCESS; /* we did find our host */
+ Curl_safefree(password);
+ if(!specific_login)
+ Curl_safefree(login);
+ }
+ if((found == (FOUND_PASSWORD|FOUND_LOGIN)) && our_login) {
+ done = TRUE;
+ break;
}
break;
} /* switch (state) */
@@ -294,23 +309,23 @@ static int parsenetrc(struct store_netrc *store, out:
Curl_dyn_free(&token);
+ if(!retcode && !password && our_login) {
+ /* success without a password, set a blank one */
+ password = strdup("");
+ if(!password)
+ retcode = 1; /* out of memory */
+ }
if(!retcode) {
/* success */
- if(login_alloc) {
- free(*loginp);
+ if(!specific_login)
*loginp = login;
- }
- if(password_alloc) {
- free(*passwordp);
- *passwordp = password;
- }
+ *passwordp = password;
}
else {
Curl_dyn_free(filebuf);
- if(login_alloc)
+ if(!specific_login)
free(login);
- if(password_alloc)
- free(password);
+ free(password);
}
return retcode;
diff --git a/libs/libcurl/src/rtsp.c b/libs/libcurl/src/rtsp.c index 0aff2d4bb8..356515a3f4 100644 --- a/libs/libcurl/src/rtsp.c +++ b/libs/libcurl/src/rtsp.c @@ -213,6 +213,11 @@ static CURLcode rtsp_done(struct Curl_easy *data, (data->conn->proto.rtspc.rtp_channel == -1)) {
infof(data, "Got an RTP Receive with a CSeq of %ld", CSeq_recv);
}
+ if(data->set.rtspreq == RTSPREQ_RECEIVE &&
+ data->req.eos_written) {
+ failf(data, "Server prematurely closed the RTSP connection.");
+ return CURLE_RECV_ERROR;
+ }
}
return httpStatus;
diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c index d02fca6c8f..13a4754da3 100644 --- a/libs/libcurl/src/setopt.c +++ b/libs/libcurl/src/setopt.c @@ -1146,7 +1146,7 @@ static CURLcode setopt_long(struct Curl_easy *data, CURLoption option, /*
* raw data passed to the application when content encoding is used
*/
- data->set.http_ce_skip = enabled;
+ data->set.http_ce_skip = !enabled; /* reversed */
break;
#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
@@ -1768,6 +1768,7 @@ static CURLcode setopt_cptr(struct Curl_easy *data, CURLoption option, Curl_safefree(data->set.str[STRING_COPYPOSTFIELDS]);
data->set.method = HTTPREQ_POST;
break;
+#endif /* ! CURL_DISABLE_HTTP || ! CURL_DISABLE_MQTT */
#ifndef CURL_DISABLE_HTTP
case CURLOPT_ACCEPT_ENCODING:
@@ -2186,7 +2187,7 @@ static CURLcode setopt_cptr(struct Curl_easy *data, CURLoption option, * proxy exception list
*/
return Curl_setstropt(&data->set.str[STRING_NOPROXY], ptr);
-#endif
+#endif /* ! CURL_DISABLE_PROXY */
case CURLOPT_RANGE:
/*
@@ -2194,7 +2195,6 @@ static CURLcode setopt_cptr(struct Curl_easy *data, CURLoption option, */
return Curl_setstropt(&data->set.str[STRING_SET_RANGE], ptr);
-#endif /* ! CURL_DISABLE_PROXY */
case CURLOPT_CURLU:
/*
* pass CURLU to set URL
diff --git a/libs/libcurl/src/smb.c b/libs/libcurl/src/smb.c index b99064820b..34439a6510 100644 --- a/libs/libcurl/src/smb.c +++ b/libs/libcurl/src/smb.c @@ -27,12 +27,6 @@ #if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE)
-#ifdef _WIN32
-#define Curl_getpid() ((unsigned int)GetCurrentProcessId())
-#else
-#define Curl_getpid() ((unsigned int)getpid())
-#endif
-
#include "smb.h"
#include "urldata.h"
#include "sendf.h"
@@ -548,7 +542,7 @@ static void smb_format_message(struct Curl_easy *data, struct smb_header *h, h->flags2 = smb_swap16(SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAME);
h->uid = smb_swap16(smbc->uid);
h->tid = smb_swap16(req->tid);
- pid = Curl_getpid();
+ pid = (unsigned int)Curl_getpid();
h->pid_high = smb_swap16((unsigned short)(pid >> 16));
h->pid = smb_swap16((unsigned short) pid);
}
diff --git a/libs/libcurl/src/socketpair.h b/libs/libcurl/src/socketpair.h index d3fa60c135..a8a011d753 100644 --- a/libs/libcurl/src/socketpair.h +++ b/libs/libcurl/src/socketpair.h @@ -27,14 +27,14 @@ #include "curl_setup.h"
#if defined(HAVE_EVENTFD) && \
- defined(__x86_64__) && \
- defined(__aarch64__) && \
- defined(__ia64__) && \
- defined(__ppc64__) && \
- defined(__mips64) && \
- defined(__sparc64__) && \
- defined(__riscv_64e) && \
- defined(__s390x__)
+ (defined(__x86_64__) || \
+ defined(__aarch64__) || \
+ defined(__ia64__) || \
+ defined(__ppc64__) || \
+ defined(__mips64) || \
+ defined(__sparc64__) || \
+ defined(__riscv_64e) || \
+ defined(__s390x__))
/* Use eventfd only with 64-bit CPU architectures because eventfd has a
* stringent rule of requiring the 8-byte buffer when calling read(2) and
diff --git a/libs/libcurl/src/strerror.c b/libs/libcurl/src/strerror.c index 7b8d4876c8..41c8887f54 100644 --- a/libs/libcurl/src/strerror.c +++ b/libs/libcurl/src/strerror.c @@ -151,9 +151,6 @@ curl_easy_strerror(CURLcode error) case CURLE_RANGE_ERROR:
return "Requested range was not delivered by the server";
- case CURLE_HTTP_POST_ERROR:
- return "Internal problem setting up the POST";
-
case CURLE_SSL_CONNECT_ERROR:
return "SSL connect error";
@@ -169,9 +166,6 @@ curl_easy_strerror(CURLcode error) case CURLE_LDAP_SEARCH_FAILED:
return "LDAP: search failed";
- case CURLE_FUNCTION_NOT_FOUND:
- return "A required function in the library was not found";
-
case CURLE_ABORTED_BY_CALLBACK:
return "Operation was aborted by an application callback";
@@ -330,7 +324,9 @@ curl_easy_strerror(CURLcode error) case CURLE_OBSOLETE24:
case CURLE_OBSOLETE29:
case CURLE_OBSOLETE32:
+ case CURLE_OBSOLETE34:
case CURLE_OBSOLETE40:
+ case CURLE_OBSOLETE41:
case CURLE_OBSOLETE44:
case CURLE_OBSOLETE46:
case CURLE_OBSOLETE50:
diff --git a/libs/libcurl/src/strtok.h b/libs/libcurl/src/strtok.h index 0cff3213ab..9890090b56 100644 --- a/libs/libcurl/src/strtok.h +++ b/libs/libcurl/src/strtok.h @@ -26,11 +26,11 @@ #include "curl_setup.h"
#include <stddef.h>
-#ifndef HAVE_STRTOK_R
-char *Curl_strtok_r(char *s, const char *delim, char **last);
-#define strtok_r Curl_strtok_r
-#else
+#ifdef HAVE_STRTOK_R
#include <string.h>
+#define Curl_strtok_r strtok_r
+#else
+char *Curl_strtok_r(char *s, const char *delim, char **last);
#endif
#endif /* HEADER_CURL_STRTOK_H */
diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c index 28c37019ea..dcb3e2ab2b 100644 --- a/libs/libcurl/src/url.c +++ b/libs/libcurl/src/url.c @@ -2651,6 +2651,17 @@ static CURLcode parse_remote_port(struct Curl_easy *data, return CURLE_OK;
}
+static bool str_has_ctrl(const char *input)
+{
+ const unsigned char *str = (const unsigned char *)input;
+ while(*str) {
+ if(*str < 0x20)
+ return TRUE;
+ str++;
+ }
+ return FALSE;
+}
+
/*
* Override the login details from the URL with that in the CURLOPT_USERPWD
* option or a .netrc file, if applicable.
@@ -2682,29 +2693,40 @@ static CURLcode override_login(struct Curl_easy *data, if(data->state.aptr.user &&
(data->state.creds_from != CREDS_NETRC)) {
- /* there was a username in the URL. Use the URL decoded version */
+ /* there was a username with a length in the URL. Use the URL decoded
+ version */
userp = &data->state.aptr.user;
url_provided = TRUE;
}
- ret = Curl_parsenetrc(&data->state.netrc, conn->host.name,
- userp, passwdp,
- data->set.str[STRING_NETRC_FILE]);
- if(ret > 0) {
- infof(data, "Couldn't find host %s in the %s file; using defaults",
- conn->host.name,
- (data->set.str[STRING_NETRC_FILE] ?
- data->set.str[STRING_NETRC_FILE] : ".netrc"));
- }
- else if(ret < 0) {
- failf(data, ".netrc parser error");
- return CURLE_READ_ERROR;
- }
- else {
- /* set bits.netrc TRUE to remember that we got the name from a .netrc
- file, so that it is safe to use even if we followed a Location: to a
- different host or similar. */
- conn->bits.netrc = TRUE;
+ if(!*passwdp) {
+ ret = Curl_parsenetrc(&data->state.netrc, conn->host.name,
+ userp, passwdp,
+ data->set.str[STRING_NETRC_FILE]);
+ if(ret > 0) {
+ infof(data, "Couldn't find host %s in the %s file; using defaults",
+ conn->host.name,
+ (data->set.str[STRING_NETRC_FILE] ?
+ data->set.str[STRING_NETRC_FILE] : ".netrc"));
+ }
+ else if(ret < 0) {
+ failf(data, ".netrc parser error");
+ return CURLE_READ_ERROR;
+ }
+ else {
+ if(!(conn->handler->flags&PROTOPT_USERPWDCTRL)) {
+ /* if the protocol can't handle control codes in credentials, make
+ sure there are none */
+ if(str_has_ctrl(*userp) || str_has_ctrl(*passwdp)) {
+ failf(data, "control code detected in .netrc credentials");
+ return CURLE_READ_ERROR;
+ }
+ }
+ /* set bits.netrc TRUE to remember that we got the name from a .netrc
+ file, so that it is safe to use even if we followed a Location: to a
+ different host or similar. */
+ conn->bits.netrc = TRUE;
+ }
}
if(url_provided) {
Curl_safefree(conn->user);
diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c index 84a706afc5..98e32900db 100644 --- a/libs/libcurl/src/vauth/digest.c +++ b/libs/libcurl/src/vauth/digest.c @@ -227,12 +227,12 @@ static CURLcode auth_digest_get_qop_values(const char *options, int *value) *value = 0;
/* Tokenise the list of qop values. Use a temporary clone of the buffer since
- strtok_r() ruins it. */
+ Curl_strtok_r() ruins it. */
tmp = strdup(options);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
- token = strtok_r(tmp, ",", &tok_buf);
+ token = Curl_strtok_r(tmp, ",", &tok_buf);
while(token) {
if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH))
*value |= DIGEST_QOP_VALUE_AUTH;
@@ -241,7 +241,7 @@ static CURLcode auth_digest_get_qop_values(const char *options, int *value) else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_CONF))
*value |= DIGEST_QOP_VALUE_AUTH_CONF;
- token = strtok_r(NULL, ",", &tok_buf);
+ token = Curl_strtok_r(NULL, ",", &tok_buf);
}
free(tmp);
@@ -553,12 +553,12 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, else if(strcasecompare(value, "qop")) {
char *tok_buf = NULL;
/* Tokenize the list and choose auth if possible, use a temporary
- clone of the buffer since strtok_r() ruins it */
+ clone of the buffer since Curl_strtok_r() ruins it */
tmp = strdup(content);
if(!tmp)
return CURLE_OUT_OF_MEMORY;
- token = strtok_r(tmp, ",", &tok_buf);
+ token = Curl_strtok_r(tmp, ",", &tok_buf);
while(token) {
/* Pass additional spaces here */
while(*token && ISBLANK(*token))
@@ -569,7 +569,7 @@ CURLcode Curl_auth_decode_digest_http_message(const char *chlg, else if(strcasecompare(token, DIGEST_QOP_VALUE_STRING_AUTH_INT)) {
foundAuthInt = TRUE;
}
- token = strtok_r(NULL, ",", &tok_buf);
+ token = Curl_strtok_r(NULL, ",", &tok_buf);
}
free(tmp);
@@ -709,13 +709,17 @@ static CURLcode auth_create_digest_http_message( digest->nc = 1;
if(!digest->cnonce) {
- char cnoncebuf[33];
- result = Curl_rand_hex(data, (unsigned char *)cnoncebuf,
- sizeof(cnoncebuf));
+ char cnoncebuf[12];
+ result = Curl_rand_bytes(data,
+#ifdef DEBUGBUILD
+ TRUE,
+#endif
+ (unsigned char *)cnoncebuf,
+ sizeof(cnoncebuf));
if(result)
return result;
- result = Curl_base64_encode(cnoncebuf, strlen(cnoncebuf),
+ result = Curl_base64_encode(cnoncebuf, sizeof(cnoncebuf),
&cnonce, &cnonce_sz);
if(result)
return result;
diff --git a/libs/libcurl/src/version.c b/libs/libcurl/src/version.c index 34eaa314f2..6e92c1c5ee 100644 --- a/libs/libcurl/src/version.c +++ b/libs/libcurl/src/version.c @@ -551,7 +551,7 @@ static const struct feat features_table[] = { #ifdef HAVE_ZSTD
FEATURE("zstd", NULL, CURL_VERSION_ZSTD),
#endif
- {NULL, NULL, 0}
+ {NULL, NULL, 0}
};
static const char *feature_names[sizeof(features_table) /
diff --git a/libs/libcurl/src/vssh/libssh.c b/libs/libcurl/src/vssh/libssh.c index b1e9e79396..2e84fbeea8 100644 --- a/libs/libcurl/src/vssh/libssh.c +++ b/libs/libcurl/src/vssh/libssh.c @@ -1368,7 +1368,9 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) state machine to move on as soon as possible so we set a very short
timeout here */
Curl_expire(data, 0, EXPIRE_RUN_NOW);
-
+#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
+ sshc->sftp_send_state = 0;
+#endif
state(data, SSH_STOP);
break;
}
@@ -1772,6 +1774,13 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* during times we get here due to a broken transfer and then the
sftp_handle might not have been taken down so make sure that is done
before we proceed */
+ ssh_set_blocking(sshc->ssh_session, 0);
+#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
+ if(sshc->sftp_aio) {
+ sftp_aio_free(sshc->sftp_aio);
+ sshc->sftp_aio = NULL;
+ }
+#endif
if(sshc->sftp_file) {
sftp_close(sshc->sftp_file);
@@ -2191,7 +2200,14 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done) return CURLE_FAILED_INIT;
}
- rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
+ if(conn->bits.ipv6_ip) {
+ char ipv6[MAX_IPADR_LEN];
+ msnprintf(ipv6, sizeof(ipv6), "[%s]", conn->host.name);
+ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, ipv6);
+ }
+ else
+ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_HOST, conn->host.name);
+
if(rc != SSH_OK) {
failf(data, "Could not set remote host");
return CURLE_FAILED_INIT;
@@ -2563,7 +2579,39 @@ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, */
if(len > 32768)
len = 32768;
-
+#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
+ switch(conn->proto.sshc.sftp_send_state) {
+ case 0:
+ sftp_file_set_nonblocking(conn->proto.sshc.sftp_file);
+ if(sftp_aio_begin_write(conn->proto.sshc.sftp_file, mem, len,
+ &conn->proto.sshc.sftp_aio) == SSH_ERROR) {
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+ conn->proto.sshc.sftp_send_state = 1;
+ FALLTHROUGH();
+ case 1:
+ nwrite = sftp_aio_wait_write(&conn->proto.sshc.sftp_aio);
+ myssh_block2waitfor(conn, (nwrite == SSH_AGAIN) ? TRUE : FALSE);
+ if(nwrite == SSH_AGAIN) {
+ *err = CURLE_AGAIN;
+ return 0;
+ }
+ else if(nwrite < 0) {
+ *err = CURLE_SEND_ERROR;
+ return -1;
+ }
+ if(conn->proto.sshc.sftp_aio) {
+ sftp_aio_free(conn->proto.sshc.sftp_aio);
+ conn->proto.sshc.sftp_aio = NULL;
+ }
+ conn->proto.sshc.sftp_send_state = 0;
+ return nwrite;
+ default:
+ /* we never reach here */
+ return -1;
+ }
+#else
nwrite = sftp_write(conn->proto.sshc.sftp_file, mem, len);
myssh_block2waitfor(conn, FALSE);
@@ -2581,6 +2629,7 @@ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, }
return nwrite;
+#endif
}
/*
diff --git a/libs/libcurl/src/vssh/ssh.h b/libs/libcurl/src/vssh/ssh.h index 192c1d7970..3178e305bd 100644 --- a/libs/libcurl/src/vssh/ssh.h +++ b/libs/libcurl/src/vssh/ssh.h @@ -177,6 +177,10 @@ struct ssh_conn { sftp_dir sftp_dir;
unsigned sftp_recv_state; /* 0 or 1 */
+#if LIBSSH_VERSION_INT > SSH_VERSION_INT(0, 11, 0)
+ sftp_aio sftp_aio;
+ unsigned sftp_send_state; /* 0 or 1 */
+#endif
int sftp_file_index; /* for async read */
sftp_attributes readdir_attrs; /* used by the SFTP readdir actions */
sftp_attributes readdir_link_attrs; /* used by the SFTP readdir actions */
diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c index 20226b74bd..ae2acdb0a0 100644 --- a/libs/libcurl/src/vtls/mbedtls.c +++ b/libs/libcurl/src/vtls/mbedtls.c @@ -54,7 +54,7 @@ # ifdef MBEDTLS_DEBUG
# include <mbedtls/debug.h>
# endif
-#endif
+#endif /* MBEDTLS_VERSION_MAJOR >= 2 */
#include "cipher_suite.h"
#include "strcase.h"
@@ -122,7 +122,7 @@ struct mbed_ssl_backend_data { #define HAS_SESSION_TICKETS
#endif
-#if defined(THREADING_SUPPORT)
+#ifdef THREADING_SUPPORT
static mbedtls_entropy_context ts_entropy;
static int entropy_init_initialized = 0;
@@ -585,16 +585,6 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_NOT_BUILT_IN;
}
-#ifdef TLS13_SUPPORT
- ret = psa_crypto_init();
- if(ret != PSA_SUCCESS) {
- mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
- failf(data, "mbedTLS psa_crypto_init returned (-0x%04X) %s",
- -ret, errorbuf);
- return CURLE_SSL_CONNECT_ERROR;
- }
-#endif /* TLS13_SUPPORT */
-
#ifdef THREADING_SUPPORT
mbedtls_ctr_drbg_init(&backend->ctr_drbg);
@@ -1571,6 +1561,20 @@ static int mbedtls_init(void) #ifdef THREADING_SUPPORT
entropy_init_mutex(&ts_entropy);
#endif
+#ifdef TLS13_SUPPORT
+ {
+ int ret;
+#ifdef THREADING_SUPPORT
+ Curl_mbedtlsthreadlock_lock_function(0);
+#endif
+ ret = psa_crypto_init();
+#ifdef THREADING_SUPPORT
+ Curl_mbedtlsthreadlock_unlock_function(0);
+#endif
+ if(ret != PSA_SUCCESS)
+ return 0;
+ }
+#endif /* TLS13_SUPPORT */
return 1;
}
diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c index 86931089b1..ed4dd5df1f 100644 --- a/libs/libcurl/src/vtls/openssl.c +++ b/libs/libcurl/src/vtls/openssl.c @@ -83,7 +83,7 @@ #include <openssl/evp.h>
#ifdef USE_ECH
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
# include <openssl/ech.h>
# endif
# include "curl_base64.h"
@@ -1152,9 +1152,8 @@ static bool is_pkcs11_uri(const char *string) static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine);
-static int
-SSL_CTX_use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob,
- int type, const char *key_passwd)
+static int use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob,
+ int type, const char *key_passwd)
{
int ret = 0;
X509 *x = NULL;
@@ -1190,9 +1189,8 @@ end: return ret;
}
-static int
-SSL_CTX_use_PrivateKey_blob(SSL_CTX *ctx, const struct curl_blob *blob,
- int type, const char *key_passwd)
+static int use_privatekey_blob(SSL_CTX *ctx, const struct curl_blob *blob,
+ int type, const char *key_passwd)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
@@ -1205,14 +1203,12 @@ SSL_CTX_use_PrivateKey_blob(SSL_CTX *ctx, const struct curl_blob *blob, (void *)key_passwd);
else if(type == SSL_FILETYPE_ASN1)
pkey = d2i_PrivateKey_bio(in, NULL);
- else {
- ret = 0;
+ else
goto end;
- }
- if(!pkey) {
- ret = 0;
+
+ if(!pkey)
goto end;
- }
+
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
EVP_PKEY_free(pkey);
end:
@@ -1221,8 +1217,8 @@ end: }
static int
-SSL_CTX_use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
- const char *key_passwd)
+use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
+ const char *key_passwd)
{
/* SSL_CTX_add1_chain_cert introduced in OpenSSL 1.0.2 */
#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* OpenSSL 1.0.2 or later */ \
@@ -1239,11 +1235,8 @@ SSL_CTX_use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob, x = PEM_read_bio_X509_AUX(in, NULL,
passwd_callback, (void *)key_passwd);
-
- if(!x) {
- ret = 0;
+ if(!x)
goto end;
- }
ret = SSL_CTX_use_certificate(ctx, x);
@@ -1324,7 +1317,7 @@ int cert_stuff(struct Curl_easy *data, case SSL_FILETYPE_PEM:
/* SSL_CTX_use_certificate_chain_file() only works on PEM files */
cert_use_result = cert_blob ?
- SSL_CTX_use_certificate_chain_blob(ctx, cert_blob, key_passwd) :
+ use_certificate_chain_blob(ctx, cert_blob, key_passwd) :
SSL_CTX_use_certificate_chain_file(ctx, cert_file);
if(cert_use_result != 1) {
failf(data,
@@ -1344,8 +1337,7 @@ int cert_stuff(struct Curl_easy *data, ASN1 files. */
cert_use_result = cert_blob ?
- SSL_CTX_use_certificate_blob(ctx, cert_blob,
- file_type, key_passwd) :
+ use_certificate_blob(ctx, cert_blob, file_type, key_passwd) :
SSL_CTX_use_certificate_file(ctx, cert_file, file_type);
if(cert_use_result != 1) {
failf(data,
@@ -1554,7 +1546,7 @@ fail: FALLTHROUGH();
case SSL_FILETYPE_ASN1:
cert_use_result = key_blob ?
- SSL_CTX_use_PrivateKey_blob(ctx, key_blob, file_type, key_passwd) :
+ use_privatekey_blob(ctx, key_blob, file_type, key_passwd) :
SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type);
if(cert_use_result != 1) {
failf(data, "unable to set private key file: '%s' type %s",
@@ -3674,14 +3666,14 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, SSL_CTX_set_mode(octx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif
-#ifdef HAS_ALPN
if(alpn && alpn_len) {
+#ifdef HAS_ALPN
if(SSL_CTX_set_alpn_protos(octx->ssl_ctx, alpn, (int)alpn_len)) {
failf(data, "Error setting ALPN");
return CURLE_SSL_CONNECT_ERROR;
}
- }
#endif
+ }
if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
if(!result &&
@@ -3849,15 +3841,15 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, if(data->set.tls_ech & CURLECH_GREASE) {
infof(data, "ECH: will GREASE ClientHello");
-# ifdef OPENSSL_IS_BORINGSSL
+# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
SSL_set_enable_ech_grease(octx->ssl, 1);
# else
SSL_set_options(octx->ssl, SSL_OP_ECH_GREASE);
# endif
}
else if(data->set.tls_ech & CURLECH_CLA_CFG) {
-# ifdef OPENSSL_IS_BORINGSSL
- /* have to do base64 decode here for boring */
+# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
+ /* have to do base64 decode here for BoringSSL */
const char *b64 = data->set.str[STRING_ECH_CONFIG];
if(!b64) {
@@ -3917,7 +3909,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, size_t elen = rinfo->echconfiglist_len;
infof(data, "ECH: ECHConfig from DoH HTTPS RR");
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
if(SSL_ech_set1_echconfig(octx->ssl, ecl, elen) != 1) {
infof(data, "ECH: SSL_ECH_set1_echconfig failed");
if(data->set.tls_ech & CURLECH_HARD)
@@ -3925,7 +3917,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, }
# else
if(SSL_set1_ech_config_list(octx->ssl, ecl, elen) != 1) {
- infof(data, "ECH: SSL_set1_ech_config_list failed (boring)");
+ infof(data, "ECH: SSL_set1_ech_config_list failed (BoringSSL)");
if(data->set.tls_ech & CURLECH_HARD)
return CURLE_SSL_CONNECT_ERROR;
}
@@ -3943,7 +3935,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, Curl_resolv_unlink(data, &dns);
}
}
-# ifdef OPENSSL_IS_BORINGSSL
+# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
if(trying_ech_now && outername) {
infof(data, "ECH: setting public_name not supported with BoringSSL");
return CURLE_SSL_CONNECT_ERROR;
@@ -3960,7 +3952,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, return CURLE_SSL_CONNECT_ERROR;
}
}
-# endif /* not BORING */
+# endif /* OPENSSL_IS_BORINGSSL || OPENSSL_IS_AWSLC */
if(trying_ech_now
&& SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {
infof(data, "ECH: cannot force TLSv1.3 [ERROR]");
@@ -4071,7 +4063,7 @@ static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl, CURLcode result = CURLE_OK;
size_t rcl = 0;
int rv = 1;
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
char *inner = NULL;
unsigned char *rcs = NULL;
char *outer = NULL;
@@ -4086,7 +4078,7 @@ static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl, /* nothing to trace if not doing ECH */
if(!ECH_ENABLED(data))
return;
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
rv = SSL_ech_get_retry_config(ssl, &rcs, &rcl);
# else
SSL_get0_ech_retry_configs(ssl, &rcs, &rcl);
@@ -4103,23 +4095,23 @@ static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl, if(!result && b64str)
infof(data, "ECH: retry_configs %s", b64str);
free(b64str);
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
rv = SSL_ech_get_status(ssl, &inner, &outer);
infof(data, "ECH: retry_configs for %s from %s, %d %d",
inner ? inner : "NULL", outer ? outer : "NULL", reason, rv);
-#else
+# else
rv = SSL_ech_accepted(ssl);
servername_type = SSL_get_servername_type(ssl);
inner = SSL_get_servername(ssl, servername_type);
SSL_get0_ech_name_override(ssl, &outer, &out_name_len);
- /* TODO: get the inner from boring */
+ /* TODO: get the inner from BoringSSL */
infof(data, "ECH: retry_configs for %s from %s, %d %d",
inner ? inner : "NULL", outer ? outer : "NULL", reason, rv);
-#endif
+# endif
}
else
infof(data, "ECH: no retry_configs (rv = %d)", rv);
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
OPENSSL_free((void *)rcs);
# endif
return;
@@ -4220,14 +4212,11 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, lerr = SSL_get_verify_result(octx->ssl);
if(lerr != X509_V_OK) {
ssl_config->certverifyresult = lerr;
- msnprintf(error_buffer, sizeof(error_buffer),
- "SSL certificate problem: %s",
- X509_verify_cert_error_string(lerr));
+ failf(data, "SSL certificate problem: %s",
+ X509_verify_cert_error_string(lerr));
}
- else {
+ else
failf(data, "%s", "SSL certificate verification failed");
- return result;
- }
}
#if defined(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)
/* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
@@ -4243,7 +4232,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, #endif
#ifdef USE_ECH
else if((lib == ERR_LIB_SSL) &&
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
(reason == SSL_R_ECH_REQUIRED)) {
# else
(reason == SSL_R_ECH_REJECTED)) {
@@ -4278,7 +4267,6 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%d ",
extramsg[0] ? extramsg : SSL_ERROR_to_str(detail),
connssl->peer.hostname, connssl->peer.port);
- return result;
}
return result;
@@ -4309,7 +4297,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, OBJ_nid2sn(psigtype_nid));
#ifdef USE_ECH
-# ifndef OPENSSL_IS_BORINGSSL
+# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
if(ECH_ENABLED(data)) {
char *inner = NULL, *outer = NULL;
const char *status = NULL;
@@ -4367,7 +4355,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, else {
infof(data, "ECH: result: status is not attempted");
}
-# endif /* BORING */
+# endif /* !OPENSSL_IS_BORINGSSL && !OPENSSL_IS_AWSLC */
#endif /* USE_ECH */
#ifdef HAS_ALPN
diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c index 85d018d322..1c9ecc673a 100644 --- a/libs/libcurl/src/vtls/schannel.c +++ b/libs/libcurl/src/vtls/schannel.c @@ -451,11 +451,6 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, }
#endif
-static bool algo(const char *check, char *namep, size_t nlen)
-{
- return (strlen(check) == nlen) && !strncmp(check, namep, nlen);
-}
-
static CURLcode
schannel_acquire_credential_handle(struct Curl_cfilter *cf,
struct Curl_easy *data)
@@ -781,187 +776,14 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, curlx_verify_windows_version(10, 0, 17763, PLATFORM_WINNT,
VERSION_GREATER_THAN_EQUAL)) {
- char *ciphers13 = 0;
-
- bool disable_aes_gcm_sha384 = FALSE;
- bool disable_aes_gcm_sha256 = FALSE;
- bool disable_chacha_poly = FALSE;
- bool disable_aes_ccm_8_sha256 = FALSE;
- bool disable_aes_ccm_sha256 = FALSE;
-
SCH_CREDENTIALS credentials = { 0 };
TLS_PARAMETERS tls_parameters = { 0 };
- CRYPTO_SETTINGS crypto_settings[4] = { { 0 } };
- UNICODE_STRING blocked_ccm_modes[1] = { { 0 } };
- UNICODE_STRING blocked_gcm_modes[1] = { { 0 } };
-
- int crypto_settings_idx = 0;
-
-
- /* If TLS 1.3 ciphers are explicitly listed, then
- * disable all the ciphers and re-enable which
- * ciphers the user has provided.
- */
- ciphers13 = conn_config->cipher_list13;
- if(ciphers13) {
- const int remaining_ciphers = 5;
-
- /* detect which remaining ciphers to enable
- and then disable everything else.
- */
-
- char *startCur = ciphers13;
- int algCount = 0;
- char *nameEnd;
-
- disable_aes_gcm_sha384 = TRUE;
- disable_aes_gcm_sha256 = TRUE;
- disable_chacha_poly = TRUE;
- disable_aes_ccm_8_sha256 = TRUE;
- disable_aes_ccm_sha256 = TRUE;
-
- while(startCur && (0 != *startCur) && (algCount < remaining_ciphers)) {
- size_t n;
- char *namep;
- nameEnd = strchr(startCur, ':');
- n = nameEnd ? (size_t)(nameEnd - startCur) : strlen(startCur);
- namep = startCur;
-
- if(disable_aes_gcm_sha384 &&
- algo("TLS_AES_256_GCM_SHA384", namep, n)) {
- disable_aes_gcm_sha384 = FALSE;
- }
- else if(disable_aes_gcm_sha256
- && algo("TLS_AES_128_GCM_SHA256", namep, n)) {
- disable_aes_gcm_sha256 = FALSE;
- }
- else if(disable_chacha_poly
- && algo("TLS_CHACHA20_POLY1305_SHA256", namep, n)) {
- disable_chacha_poly = FALSE;
- }
- else if(disable_aes_ccm_8_sha256
- && algo("TLS_AES_128_CCM_8_SHA256", namep, n)) {
- disable_aes_ccm_8_sha256 = FALSE;
- }
- else if(disable_aes_ccm_sha256
- && algo("TLS_AES_128_CCM_SHA256", namep, n)) {
- disable_aes_ccm_sha256 = FALSE;
- }
- else {
- failf(data, "schannel: Unknown TLS 1.3 cipher: %.*s", (int)n, namep);
- return CURLE_SSL_CIPHER;
- }
-
- startCur = nameEnd;
- if(startCur)
- startCur++;
-
- algCount++;
- }
- }
-
- if(disable_aes_gcm_sha384 && disable_aes_gcm_sha256
- && disable_chacha_poly && disable_aes_ccm_8_sha256
- && disable_aes_ccm_sha256) {
- failf(data, "schannel: All available TLS 1.3 ciphers were disabled");
- return CURLE_SSL_CIPHER;
- }
-
- /* Disable TLS_AES_128_CCM_8_SHA256 and/or TLS_AES_128_CCM_SHA256 */
- if(disable_aes_ccm_8_sha256 || disable_aes_ccm_sha256) {
- /*
- Disallow AES_CCM algorithm.
- */
- blocked_ccm_modes[0].Length = sizeof(BCRYPT_CHAIN_MODE_CCM);
- blocked_ccm_modes[0].MaximumLength = sizeof(BCRYPT_CHAIN_MODE_CCM);
- blocked_ccm_modes[0].Buffer = (PWSTR)BCRYPT_CHAIN_MODE_CCM;
-
- crypto_settings[crypto_settings_idx].eAlgorithmUsage =
- TlsParametersCngAlgUsageCipher;
- crypto_settings[crypto_settings_idx].rgstrChainingModes =
- blocked_ccm_modes;
- crypto_settings[crypto_settings_idx].cChainingModes =
- ARRAYSIZE(blocked_ccm_modes);
- crypto_settings[crypto_settings_idx].strCngAlgId.Length =
- sizeof(BCRYPT_AES_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
- sizeof(BCRYPT_AES_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.Buffer =
- (PWSTR)BCRYPT_AES_ALGORITHM;
-
- /* only disabling one of the CCM modes */
- if(disable_aes_ccm_8_sha256 != disable_aes_ccm_sha256) {
- if(disable_aes_ccm_8_sha256)
- crypto_settings[crypto_settings_idx].dwMinBitLength = 128;
- else /* disable_aes_ccm_sha256 */
- crypto_settings[crypto_settings_idx].dwMaxBitLength = 64;
- }
-
- crypto_settings_idx++;
- }
-
- /* Disable TLS_AES_256_GCM_SHA384 and/or TLS_AES_128_GCM_SHA256 */
- if(disable_aes_gcm_sha384 || disable_aes_gcm_sha256) {
-
- /*
- Disallow AES_GCM algorithm
- */
- blocked_gcm_modes[0].Length = sizeof(BCRYPT_CHAIN_MODE_GCM);
- blocked_gcm_modes[0].MaximumLength = sizeof(BCRYPT_CHAIN_MODE_GCM);
- blocked_gcm_modes[0].Buffer = (PWSTR)BCRYPT_CHAIN_MODE_GCM;
-
- /* if only one is disabled, then explicitly disable the
- digest cipher suite (sha384 or sha256) */
- if(disable_aes_gcm_sha384 != disable_aes_gcm_sha256) {
- crypto_settings[crypto_settings_idx].eAlgorithmUsage =
- TlsParametersCngAlgUsageDigest;
- crypto_settings[crypto_settings_idx].strCngAlgId.Length =
- sizeof(disable_aes_gcm_sha384 ?
- BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
- sizeof(disable_aes_gcm_sha384 ?
- BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.Buffer =
- (PWSTR)(disable_aes_gcm_sha384 ?
- BCRYPT_SHA384_ALGORITHM : BCRYPT_SHA256_ALGORITHM);
- }
- else { /* Disable both AES_GCM ciphers */
- crypto_settings[crypto_settings_idx].eAlgorithmUsage =
- TlsParametersCngAlgUsageCipher;
- crypto_settings[crypto_settings_idx].strCngAlgId.Length =
- sizeof(BCRYPT_AES_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
- sizeof(BCRYPT_AES_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.Buffer =
- (PWSTR)BCRYPT_AES_ALGORITHM;
- }
-
- crypto_settings[crypto_settings_idx].rgstrChainingModes =
- blocked_gcm_modes;
- crypto_settings[crypto_settings_idx].cChainingModes = 1;
-
- crypto_settings_idx++;
- }
-
- /*
- Disable ChaCha20-Poly1305.
- */
- if(disable_chacha_poly) {
- crypto_settings[crypto_settings_idx].eAlgorithmUsage =
- TlsParametersCngAlgUsageCipher;
- crypto_settings[crypto_settings_idx].strCngAlgId.Length =
- sizeof(BCRYPT_CHACHA20_POLY1305_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.MaximumLength =
- sizeof(BCRYPT_CHACHA20_POLY1305_ALGORITHM);
- crypto_settings[crypto_settings_idx].strCngAlgId.Buffer =
- (PWSTR)BCRYPT_CHACHA20_POLY1305_ALGORITHM;
- crypto_settings_idx++;
- }
+ CRYPTO_SETTINGS crypto_settings[1] = { { 0 } };
tls_parameters.pDisabledCrypto = crypto_settings;
/* The number of blocked suites */
- tls_parameters.cDisabledCrypto = (DWORD)crypto_settings_idx;
+ tls_parameters.cDisabledCrypto = (DWORD)0;
credentials.pTlsParameters = &tls_parameters;
credentials.cTlsParameters = 1;
@@ -986,9 +808,8 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, &backend->cred->time_stamp);
}
else {
- /* Pre-Windows 10 1809 or the user set a legacy algorithm list. Although MS
- does not document it, currently Schannel will not negotiate TLS 1.3 when
- SCHANNEL_CRED is used. */
+ /* Pre-Windows 10 1809 or the user set a legacy algorithm list.
+ Schannel will not negotiate TLS 1.3 when SCHANNEL_CRED is used. */
ALG_ID algIds[NUM_CIPHERS];
char *ciphers = conn_config->cipher_list;
SCHANNEL_CRED schannel_cred = { 0 };
@@ -998,16 +819,10 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, if(ciphers) {
if((enabled_protocols & SP_PROT_TLS1_3_CLIENT)) {
- infof(data, "schannel: WARNING: This version of Schannel may "
- "negotiate a less-secure TLS version than TLS 1.3 because the "
+ infof(data, "schannel: WARNING: This version of Schannel "
+ "negotiates a less-secure TLS version than TLS 1.3 because the "
"user set an algorithm cipher list.");
}
- if(conn_config->cipher_list13) {
- failf(data, "schannel: This version of Schannel does not support "
- "setting an algorithm cipher list and TLS 1.3 cipher list at "
- "the same time");
- return CURLE_SSL_CIPHER;
- }
result = set_ssl_ciphers(&schannel_cred, ciphers, algIds);
if(CURLE_OK != result) {
failf(data, "schannel: Failed setting algorithm cipher list");
@@ -2974,7 +2789,6 @@ const struct Curl_ssl Curl_ssl_schannel = { #ifndef CURL_WINDOWS_UWP
SSLSUPP_PINNEDPUBKEY |
#endif
- SSLSUPP_TLS13_CIPHERSUITES |
SSLSUPP_CA_CACHE |
SSLSUPP_HTTPS_PROXY |
SSLSUPP_CIPHER_LIST,
diff --git a/libs/libcurl/src/vtls/schannel_verify.c b/libs/libcurl/src/vtls/schannel_verify.c index ee960ed2c5..42f7f517e4 100644 --- a/libs/libcurl/src/vtls/schannel_verify.c +++ b/libs/libcurl/src/vtls/schannel_verify.c @@ -554,7 +554,7 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, }
}
- if(p->size) {
+ if(p->size && alt_name_info) {
for(i = 0; i < alt_name_info->cAltEntry; ++i) {
PCERT_ALT_NAME_ENTRY entry = &alt_name_info->rgAltEntry[i];
if(entry->dwAltNameChoice == CERT_ALT_NAME_IP_ADDRESS) {
@@ -571,7 +571,6 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, }
}
}
-
else {
/* Determine the size of the string needed for the cert hostname */
len = cert_get_name_string(data, pCertContextServer,
diff --git a/libs/libcurl/src/vtls/sectransp.c b/libs/libcurl/src/vtls/sectransp.c index bf1d44dbdf..765ce36d92 100644 --- a/libs/libcurl/src/vtls/sectransp.c +++ b/libs/libcurl/src/vtls/sectransp.c @@ -354,8 +354,8 @@ CF_INLINE void GetDarwinVersionNumber(int *major, int *minor) }
/* Parse the version: */
- os_version_major = strtok_r(os_version, ".", &tok_buf);
- os_version_minor = strtok_r(NULL, ".", &tok_buf);
+ os_version_major = Curl_strtok_r(os_version, ".", &tok_buf);
+ os_version_minor = Curl_strtok_r(NULL, ".", &tok_buf);
*major = atoi(os_version_major);
*minor = atoi(os_version_minor);
free(os_version);
diff --git a/libs/libcurl/src/vtls/wolfssl.c b/libs/libcurl/src/vtls/wolfssl.c index 9a05f82946..a624d3ff0c 100644 --- a/libs/libcurl/src/vtls/wolfssl.c +++ b/libs/libcurl/src/vtls/wolfssl.c @@ -33,8 +33,8 @@ #ifdef USE_WOLFSSL
#define WOLFSSL_OPTIONS_IGNORE_SYS
-#include <wolfssl/version.h>
#include <wolfssl/options.h>
+#include <wolfssl/version.h>
#if LIBWOLFSSL_VERSION_HEX < 0x03004006 /* wolfSSL 3.4.6 (2015) */
#error "wolfSSL version should be at least 3.4.6"
|