diff options
Diffstat (limited to 'libs')
165 files changed, 9063 insertions, 13573 deletions
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES index 692f78f2bb..25ab5236b6 100644 --- a/libs/libcurl/docs/CHANGES +++ b/libs/libcurl/docs/CHANGES @@ -6,6 +6,3734 @@ Changelog +Version 7.83.1 (11 May 2022) + +Daniel Stenberg (11 May 2022) +- RELEASE-NOTES: synced + + curl 7.83.1 release + +- THANKS: added contributors from 7.83.1 + +- zuul: fix the ngtcp2-gnutls build + + Add packages and tweak the configure options. + + Use the GnuTLS 3.7.4 branch (not main). + + Closes #8829 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: add ca-fallback support for OpenSSL backend + + Closes #8828 + +- url: check SSH config match on connection reuse + + CVE-2022-27782 + + Reported-by: Harry Sintonen + Bug: https://curl.se/docs/CVE-2022-27782.html + Closes #8825 + +- tls: check more TLS details for connection reuse + + CVE-2022-27782 + + Reported-by: Harry Sintonen + Bug: https://curl.se/docs/CVE-2022-27782.html + Closes #8825 + +- cookies: make bad_domain() not consider a trailing dot fine + + The check for a dot in the domain must not consider a single trailing + dot to be fine, as then TLD + trailing dot is fine and curl will accept + setting cookies for it. + + CVE-2022-27779 + + Reported-by: Axel Chong + Bug: https://curl.se/docs/CVE-2022-27779.html + Closes #8820 + +- test977: reproduce ability to set cookie on TLD + + When PSL is not enabled + +- scripts/contributors.sh: correct the copyright range + +- docs/RELEASE-PROCEDURE.md: refreshed and adjsuted the release dates + +- test379: verify --remove-on-error with --no-clobber + +- post_per_transfer: remove the updated file name + + When --remove-on-error is used with --no-clobber, it might have an + updated file name to remove. + + Bug: https://curl.se/docs/CVE-2022-27778.html + + CVE-2022-27778 + + Reported-by: Harry Sintonen + + Closes #8824 + +- hsts: ignore trailing dots when comparing hosts names + + CVE-2022-30115 + + Reported-by: Axel Chong + Bug: https://curl.se/docs/CVE-2022-30115.html + Closes #8821 + +- test440/441: verify HSTS with trailing dots + +- libtest/lib1560: verify the host name percent decode fix + +- urlapi: reject percent-decoding host name into separator bytes + + CVE-2022-27780 + + Reported-by: Axel Chong + Bug: https://curl.se/docs/CVE-2022-27780.html + Closes #8826 + +- nss: return error if seemingly stuck in a cert loop + + CVE-2022-27781 + + Reported-by: Florian Kohnhäuser + Bug: https://curl.se/docs/CVE-2022-27781.html + Closes #8822 + +- test412/413: verify alt-svc with trailing dots + +- altsvc: fix host name matching for trailing dots + + Closes #8819 + +- [Garrett Squire brought this change] + + hyper: fix test 357 + + This change fixes the hyper API such that PUT requests that receive a + 417 response can retry without the Expect header. + + Closes #8811 + +- [Harry Sintonen brought this change] + + sectransp: bail out if SSLSetPeerDomainName fails + + Before the code would just warn about SSLSetPeerDomainName() errors. + + Closes #8798 + +- http_proxy/hyper: handle closed connections + + Enable test 1021 for hyper builds. + + Patched-by: Prithvi MK + Fixes #8700 + Closes #8806 + +- KNOWN_BUGS: timeout when reusing a http3 connection + + Closes #8764 + +- KNOWN_BUGS: configure --with-ca-fallback is not supported by h3 + + Closes #8696 + +- [Ryan Schmidt brought this change] + + Makefile: fix "make ca-firefox" + + Closes #8804 + +Daniel Gustafsson (5 May 2022) +- tests: fix markdown formatting in README + + The asterisk in the abbreviation *NIX (for UNIX/Linux) needs to be + escaped to not mean start of italic formatting. This is consistent + with docs/RELEASE-PROCEDURE.md. + + Closes: #8802 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (5 May 2022) +- TODO: expand on "Expose tried IP addresses that failed" + + Ref: #8794 + +Daniel Gustafsson (5 May 2022) +- [Fabian Keil brought this change] + + tests/server: declare variable 'reqlogfile' static + + Silences the warning: + + CC socksd-socksd.o + socksd.c:143:13: warning: no previous extern declaration for + non-static variable 'reqlogfile' [-Wmissing-variable-declarations] + const char *reqlogfile = DEFAULT_REQFILE; + ^ + socksd.c:143:7: note: declare 'static' if the variable is not + intended to be used outside of this translation unit + const char *reqlogfile = DEFAULT_REQFILE; + ^ + 1 warning generated. + + ... when compiling with clang 13. + + Closes: #8799 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +- HTTP-COOKIES: add missing CURLOPT_COOKIESESSION + + Commit 980a47b42 added support for ignoring session cookies, but it + was never added to the documentation. + + Closes: #8795 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (5 May 2022) +- docs/THANKS: remove name duplicate + +- [Philip H brought this change] + + .mailmap: update + + Closes #8800 + +Jay Satiro (5 May 2022) +- mbedtls: fix some error messages + + Prior to this change some of the error messages misidentified the + function that failed. + +Daniel Stenberg (5 May 2022) +- RELEASE-NOTES: synced + +- [Sergey Markelov brought this change] + + x509asn1: make do_pubkey handle EC public keys + + Closes #8757 + +- [Harry Sintonen brought this change] + + mbedtls: bail out if rng init fails + + There was a failf() call but no actual error return. + + Closes #8796 + +- [Sergey Markelov brought this change] + + urlapi: address (harmless) UndefinedBehavior sanitizer warning + + `while(i--)` causes runtime error: unsigned integer overflow: 0 - 1 + cannot be represented in type 'size_t' (aka 'unsigned long') + + Closes #8797 + +- [Fabian Keil brought this change] + + test{898,974,976}: add 'HTTP proxy' keywords + + ... so the tests can be automatically skipped when + testing external HTTP proxies like Privoxy. + + Closes #8791 + +- [Harry Sintonen brought this change] + + gskit_connect_step1: fixed bogus setsockopt calls + + setsockopt takes a reference to value, not value. With the current + code this just leads to -1 return value with errno EFAULT. + + Closes #8793 + +- CURLOPT_SSH_AUTH_TYPES.3: fix the default + + The default is all possible methods. + + Closes #8792 + +- CURLOPT_DOH_URL.3: mention the known bug + + It is mostly duplicating info from KNOWN_BUGS but make it easier to find + for users of this option. + + Closes #8790 + +- CURLOPT_HSTS*FUNCTION.3: document the involved structs as well + + Reviewed-By: Daniel Gustafsson + Closes #8788 + +- docs/SECURITY-PROCESS.md: "Visible command line arguments" + +- SECURITY-PROCESS: mention "URL inconsistencies" + + ... as common problems that are *not* vulns. + +Daniel Gustafsson (2 May 2022) +- contributors: strip off final comma + + The final row of contributors should not end with a comma as it's the + end of the list. + + Closes: #8785 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (2 May 2022) +- [Philip H brought this change] + + misc: use "autoreconf -fi" instead buildconf + + Signed-off-by: Philip H <47042125+pheiduck@users.noreply.github.com> + Closes #8777 + +Daniel Gustafsson (2 May 2022) +- [Philip H brought this change] + + cirrus: Use pip for Python packages on FreeBSD + + Using pip instead of easy_install is more in line with how other + CI images are being maintained. + + Closes: #8783 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +- [Philip H brought this change] + + cirrus: Update to FreeBSD 12.3 + + Closes: #8783 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +- tool_getparam: simplify conditional statement + + param_place cannot be NULL here since we immediately efter this block + perform arithmetic on it (and use it in order to get here) so there is + little reason to check. + + Closes: #8786 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- RELEASE-NOTES: synced + +- gskit: remove unused function set_callback + + This function has been unused since the initial commit of the GSKit + backend in 0eba02fd4. The motivation for the code was getting the + whole certificate chain: the only place where the latter is available + is as a callback parameter. Unfortunately it is not possible to pass + a user pointer to this callback, which precludes the possibility to + associate the cert chain with a data/conn structure. + + For further information, search for pgsk_cert_validation_callback on: + https://www.ibm.com/docs/api/v1/content/ssw_ibm_i_71/apis/gsk_attribute_set_callback.htm + + As the upstream library never added a parameter like that to the API, + we give up the wait and remove the dead code. + + Closes: #8782 + Reviewed-by: Patrick Monnerat <patrick@monnerat.net> + +- curl: free resource in error path + + If the new filename cannot be generated due to memory pressure, free + the allocated aname on the way out to avoid a small leak. + + Closes: #8770 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- curl: guard against size_t wraparound in no-clobber code + + When generating the new filename, make sure we aren't overflowing the + size_t limit when calculating the new length. This is mostly academic + but good code hygeine nonetheless. + + Closes: #8771 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (30 Apr 2022) +- gha: build msh3 + + Closes #8779 + +- scripts/cijobs.pl: try "current branch" first then "master" + +- [Yusuke Nakamura brought this change] + + msh3: get msh3 version from MsH3Version + + Closes #8762 + +- [Yusuke Nakamura brought this change] + + msh3: psss remote_port to MsH3ConnectionOpen + + MsH3 supported additional "Port" parameter to connect not hosted on + 443 port QUIC website. + + * https://github.com/nibanks/msh3/releases/tag/v0.3.0 + * https://github.com/nibanks/msh3/pull/37 + + Closes #8762 + +- [Christian Weisgerber brought this change] + + openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl + + SSL_CTX_set1_curves_list() has been available since LibreSSL 2.5.3, + released five years ago. + + Bug: https://curl.se/mail/lib-2022-04/0059.html + Closes #8773 + +- http: move Curl_allow_auth_to_host() + + It was mistakenly put within the CURL_DISABLE_HTTP_AUTH #ifdef + + Reported-by: Michael Olbrich + Fixes #8772 + Closes #8775 + +Daniel Gustafsson (29 Apr 2022) +- msh3: print boolean value as text representation + + Print the boolean value as its string representation instead of with + %hhu which isn't a format we typically use. + + Closes: #8763 + Reviewed-by: Nick Banks <nibanks@microsoft.com> + +Daniel Stenberg (29 Apr 2022) +- data/test376: set a proper name + +- GHA/mbedtls: enabled nghttp2 in the build + + Closes #8767 + +- mbedtls: fix compile when h2-enabled + + Fixes #8766 + Reported-by: LigH-de on github + Closes #8768 + +- RELEASE-NOTES: synced + + bumped curlver to 7.83.1-dev + +- SECURITY-PROCESS: extended + + Also clarify BUG-BOUNTY.md with IBB details. + + Closes #8754 + +- [Adam Rosenfield brought this change] + + conn: fix typo 'connnection' -> 'connection' in two function names + + Closes #8759 + +Version 7.83.0 (27 Apr 2022) + +Daniel Stenberg (27 Apr 2022) +- RELEASE-NOTES: synced + + The 7.83.0 release + +- docs/THANKS: contributors from 7.83.0 + +- test 898/974/976: require proxy to run + + Fixes #8755 + Reported-by: Marc Hörsken + Closes #8756 + +- gnutls: don't leak the SRP credentials in redirects + + Follow-up to 620ea21410030 and 139a54ed0a172a + + Reported-by: Harry Sintonen + Closes #8752 + +- CURLOPT*TLSAUTH: they only work with OpenSSL or GnuTLS + + Closes #8753 + +- openssl: don't leak the SRP credentials in redirects either + + Follow-up to 620ea21410030 + + Reported-by: Harry Sintonen + Closes #8751 + +- [Liam Warfield brought this change] + + hyper: fix tests 580 and 581 for hyper + + Hyper now has the ability to preserve header order. This commit adds a + few lines setting the connection options for this feature. + + Related to issue #8617 + Closes #8707 + +- conncache: remove name arg from Curl_conncache_find_bundle + + To simplify, and also since the returned name is not the full actual + name used for the check. The port number and zone id is also involved, + so just showing the name is misleading. + + Closes #8750 + +- tests: verify the fix for CVE-2022-27774 + + - Test 973 redirects from HTTP to FTP, clear auth + - Test 974 redirects from HTTP to HTTP different port, clear auth + - Test 975 redirects from HTTP to FTP, permitted to keep auth + - Test 976 redirects from HTTP to HTTP different port, permitted to keep + auth + +- transfer: redirects to other protocols or ports clear auth + + ... unless explicitly permitted. + + Bug: https://curl.se/docs/CVE-2022-27774.html + Reported-by: Harry Sintonen + Closes #8748 + +- connect: store "conn_remote_port" in the info struct + + To make it available after the connection ended. + +- cookie.d: clarify when cookies are always sent + +- test898: verify the fix for CVE-2022-27776 + + Do not pass on Authorization headers on redirects to another port + +- http: avoid auth/cookie on redirects same host diff port + + CVE-2022-27776 + + Reported-by: Harry Sintonen + Bug: https://curl.se/docs/CVE-2022-27776.html + Closes #8749 + +- libssh2: make the md5 comparison fail if wrong length + + Making it just skip the check unless exactly 32 is too brittle. Even if + the docs says it needs to be exactly 32, it is be safer to make the + comparison fail here instead. + + Reported-by: Harry Sintonen + Bug: https://hackerone.com/reports/1549461 + Closes #8745 + +- conncache: include the zone id in the "bundle" hashkey + + Make connections to two separate IPv6 zone ids create separate + connections. + + Reported-by: Harry Sintonen + Bug: https://curl.se/docs/CVE-2022-27775.html + Closes #8747 + +- [Patrick Monnerat brought this change] + + url: check sasl additional parameters for connection reuse. + + Also move static function safecmp() as non-static Curl_safecmp() since + its purpose is needed at several places. + + Bug: https://curl.se/docs/CVE-2022-22576.html + + CVE-2022-22576 + + Closes #8746 + +- libssh2: compare sha256 strings case sensitively + + Reported-by: Harry Sintonen + Bug: https://hackerone.com/reports/1549435 + Closes #8744 + +- tool_getparam: error out on missing -K file + + Add test 411 to verify. + + Reported-by: Median Median Stride + Bug: https://hackerone.com/reports/1542881 + Closes #8731 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: deal with sub-millisecond timeout + + Closes #8738 + +- misc: update copyright year ranges + +- c_escape: escape '?' in generated --libcurl code + + In order to avoid the risk of it being used in an accidental trigraph in + the generated code. + + Reported-by: Harry Sintonen + Bug: https://hackerone.com/reports/1548535 + Closes #8742 + +- [Philip H brought this change] + + mlc: curl.zuul.vexxhost.dev is reachable again + + remove it from ignorelist for linkcheck + + Closes #8736 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: avoid busy loop in low CWND situation + + Closes #8739 + +- TODO: telnet - exit immediately upon connection if stdin is /dev/null + + Suggested-by: Robin A. Meade + URL: https://curl.se/mail/archive-2022-04/0027.html + +- [Kushal Das brought this change] + + docs: updates spellings with full words + + Closes #8730 + +- tests/FILEFORMAT.md: spellfix + +Daniel Gustafsson (21 Apr 2022) +- misc: fix typos + + Fix a few random typos is comments and workflow names. + +- macos: fix .plist installation into framework + + The copy command introduced in e498a9b1f had leftover '>' from the + previous sed command it replaced, which broke its syntax. Fix by + removing. + + Reported-by: Emanuele Torre <torreemanuele6@gmail.com> + +Daniel Stenberg (21 Apr 2022) +- [Christopher Degawa brought this change] + + Makefile: fix ca-bundle due to mk-ca-bundle.pl being moved + + The script was moved in 8e22fc68e7dda43e9f but the lines that called it + was not changed to reflect it's new position + + Signed-off-by: Christopher Degawa <ccom@randomderp.com> + + Closes #8728 + +Daniel Gustafsson (20 Apr 2022) +- macos: set .plist version in autoconf + + Set the libcurl version in libcurl.plist like how libcurl.vers is + created. + + Closes: #8692 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Nick Zitzmann <nickzman@gmail.com> + +- cookies: Improve errorhandling for reading cookiefile + + The existing programming had some issues with errorhandling for reading + the cookie file. If the file failed to open, we would silently ignore it + and continue as if there was no file (or stdin) passed. In this case, we + would also call fclose() on the NULL FILE pointer, which is undefined + behavior. Fix by ensuring that the FILE pointer is set before calling + fclose on it, and issue a warning in case the file cannot be opened. + Erroring out on nonexisting file would break backwards compatibility of + very old behavior so we can't really go there. + + Closes: #8699 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + Reviewed-by: Jay Satiro <raysatiro@yahoo.com> + +Daniel Stenberg (20 Apr 2022) +- libcurl-tutorial.3: spellfix and minor polish + +- CURLINFO_PRIMARY_PORT.3: spellfix + + Reported-by: Patrick Monnerat + +- [Jay Dommaschk brought this change] + + libssh: fix double close + + libssh closes the socket in ssh_diconnect() so make sure that libcurl + does not also close it. + + Fixes #8708 + Closes #8718 + +Jay Satiro (20 Apr 2022) +- [Gisle Vanem brought this change] + + unit1620: call global_init before calling Curl_open + + Curl_open calls the resolver init and on Windows if the resolver backend + is c-ares then the Windows sockets library (winsock) must already have + been initialized (via global init). + + Ref: https://github.com/curl/curl/pull/8540#issuecomment-1059771800 + + Closes https://github.com/curl/curl/pull/8719 + +Daniel Stenberg (19 Apr 2022) +- CURLINFO_PRIMARY_PORT.3: clarify which port this is + + As it was not entirely clear previously. + + Closes #8725 + +- CURLOPT_UNRESTRICTED_AUTH.3: extended explanation + + Include details about Authentication headers. + + Reported-by: Brad Spencer + Fixes #8724 + Closes #8726 + +- .github/workflows/macos.yml: add a libssh job with c-ares + + ... to enable the memdebug system + + Closes #8720 + +- RELEASE-NOTES: synced + +Jay Satiro (17 Apr 2022) +- [Gisle Vanem brought this change] + + docs/HTTP3.md: fix typo + + also fix msh3 section formatting + + Ref: https://github.com/curl/curl/commit/37492ebb#r70980087 + +Marc Hoersken (17 Apr 2022) +- timediff.[ch]: add curlx helper functions for timeval conversions + + Also move timediff_t definitions from timeval.h to timediff.h and + then make timeval.h include the new standalone-capable timediff.h. + + Reviewed-by: Jay Satiro + Reviewed-by: Daniel Stenberg + + Supersedes #5888 + Closes #8595 + +Daniel Stenberg (17 Apr 2022) +- [Balakrishnan Balasubramanian brought this change] + + tests: refactor server/socksd.c to support --unix-socket + + Closes #8687 + +- [Emanuele Torre brought this change] + + tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) + + This loop was using the number of bytes read from the file as condition + to keep reading. + + From Linux's fread(3) man page: + > On success, fread() and fwrite() return the number of items read or + > written. This number equals the number of bytes transferred only when + > size is 1. If an error occurs, or the end of the file is reached, the + > return value is a short item count (or zero). + > + > The file position indicator for the stream is advanced by the number + > of bytes successfully read or written. + > + > fread() does not distinguish between end-of-file and error, and + > callers must use feof(3) and ferror(3) to determine which occurred. + + This means that nread!=0 doesn't make much sense as an end condition for + the loop: nread==0 doesn't necessarily mean that EOF has been reached or + an error has occured (but that is usually the case) and nread!=0 doesn't + necessarily mean that EOF has not been reached or that no read errors + have occured. feof(3) and ferror(3) should be uses when using fread(3). + + Currently curl has to performs an extra fread(3) call to get a return + value equal to 0 to stop looping. + + This usually "works" (even though nread==0 shouldn't be interpreted as + EOF) if stdin is a pipe because EOF usually marks the "real" end of the + stream, so the extra fread(3) call will return immediately and the extra + read syscall won't be noticeable: + + bash-5.1$ strace -e read curl -s -F file=@- 0x0.st <<< a 2>&1 | + > tail -n 5 + read(0, "a\n", 4096) = 2 + read(0, "", 4096) = 0 + read(0, "", 4096) = 0 + http://0x0.st/oRs.txt + +++ exited with 0 +++ + bash-5.1$ + + But this doesn't work if curl is reading from stdin, stdin is a + terminal, and the EOF is being emulated using a shell with ^D. Two + consecutive ^D will be required in this case to actually make curl stop + reading: + + bash-5.1$ curl -F file=@- 0x0.st + a + ^D^D + http://0x0.st/oRs.txt + bash-5.1$ + + A possible workaround to this issue is to use a program that handles EOF + correctly to indirectly send data to curl's stdin: + + bash-5.1$ cat - | curl -F file=@- 0x0.st + a + ^D + http://0x0.st/oRs.txt + bash-5.1$ + + This patch makes curl handle EOF properly when using fread(3) in + file2memory() so that the workaround is not necessary. + + Since curl was previously ignoring read errors caused by this fread(3), + ferror(3) is also used in the condition of the loop: read errors and EOF + will have the same meaning; this is done to somewhat preserve the old + behaviour instead of making the command fail when a read error occurs. + + Closes #8701 + +- gen.pl: change wording for mutexed options + + Instead of saying "This option overrides NNN", now say "This option is + mutually exclusive to NNN" in the generated man page ouput, as the + option does not in all cases actually override the others but they are + always mutually exclusive. + + Ref: #8704 + Closes #8716 + +- curl: error out if -T and -d are used for the same URL + + As one implies PUT and the other POST, both cannot be used + simultaneously. + + Add test 378 to verify. + + Reported-by: Boris Verkhovskiy + Fixes #8704 + Closes #8715 + +- lib: remove exclamation marks + + ... from infof() and failf() calls. Make them less attention seeking. + + Closes #8713 + +- fail.d: tweak the description + + Reviewed-by: Daniel Gustafsson + Suggested-by: Robert Charles Muir + Ref: https://twitter.com/rcmuir/status/1514915401574010887 + + Closes #8714 + +Daniel Gustafsson (15 Apr 2022) +- docs: Fix missing semicolon in example code + + Multiple share examples were missing a semicolon on the line defining + the CURLSHcode variable. + + Closes: #8697 + Reported-by: Michael Kaufmann <mail@michael-kaufmann.ch> + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- infof: consistent capitalization of warning messages + + Ensure that all infof calls with a warning message are capitalized + in the same way. At some point we should probably set up a style- + guide for infof but until then let's aim for a little consistenncy + where we can. + + Closes: #8711 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +- RELEASE-NOTES: synced + +- [Matteo Baccan brought this change] + + perl: removed a double semicolon at end of line + + Remove double semicolons at end of line in Perl code. + + Closes: #8709 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +- curl_easy_header: fix typos in documentation + + Closes: #8694 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Marcel Raad (11 Apr 2022) +- appveyor: add Cygwin build + + Closes https://github.com/curl/curl/pull/8693 + +- appveyor: only add MSYS2 to PATH where required + + Closes https://github.com/curl/curl/pull/8693 + +Daniel Stenberg (10 Apr 2022) +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: fix memory leak + + Closes #8691 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: remove remote_addr which is not used in a meaningful way + + Closes #8689 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: enlarge H3_SEND_SIZE + + Make h3_SEND_SIZE larger because current value (20KiB) is too small + for the high latency environment. + + Closes #8690 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: fix HTTP/3 upload stall and avoid busy loop + + This commit fixes HTTP/3 upload stall if upload data is larger than + H3_SEND_SIZE. Only check writability of socket if a stream is + writable to avoid busy loop when QUIC flow control window is filled + up, or upload buffer is full. + + Closes #8688 + +- [Nick Banks brought this change] + + msh3: add support for QUIC and HTTP/3 using msh3 + + Considered experimental, as the other HTTP/3 backends. + + Closes #8517 + +- TODO: "SFTP with SCP://" + +- GHA: move bearssl jobs over from zuul + + Closes #8684 + +- data/DISABLED: disable test 313 on bearssl builds + + Closes #8684 + +- runtests: add 'bearssl' as testable feature + + Closes #8684 + +- GHA: add openssl3 jobs moved over from zuul + + Closes #8683 + +- schannel: remove dead code that will never run + + As the condition can't ever evaluate true + + Reported-by: Andrey Alifanov + Ref: #8675 + Closes #8677 + +- connecache: remove duplicate connc->closure_handle check + + The superfluous extra check could cause analyzer false positives + and doesn't serve any purpose. + + Closes #8676 + +- [Michał Antoniak brought this change] + + mbedtls: remove server_fd from backend + + Closes #8682 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: use token when detecting :status header field + + Closes #8679 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: make curl 1ms faster + + Pass 0 for an already expired timer. + + Closes #8678 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: fix QUIC_IDLE_TIMEOUT + + QUIC_IDLE_TIMEOUT should be of type ngtcp2_duration which is + nanoseconds resolution. + + Closes #8678 + +- English: use American spelling consistently + + Authorization, Initialization, Organization etc. + + Closes #8673 + +Daniel Gustafsson (5 Apr 2022) +- [Sascha Zengler brought this change] + + BUGS: Fix incorrect punctuation + + Closes #8672 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +Daniel Stenberg (4 Apr 2022) +- tool_listhelp.c: uppercase URL + +- RELEASE-NOTES: synced + +- http: streamclose "already downloaded" + + Instead of connclose()ing, since when HTTP/2 is used it doesn't need to + close the connection as stopping the current transfer is enough. + + Reported-by: Evangelos Foutras + Closes #8665 + +Jay Satiro (1 Apr 2022) +- ftp: fix error message for partial file upload + + - Show the count of bytes written on partial file upload. + + Prior to this change the error message mistakenly showed the count of + bytes read, not written. + + Bug: https://github.com/curl/curl/discussions/8637 + Reported-by: Taras Kushnir + + Closes https://github.com/curl/curl/pull/8649 + +Daniel Stenberg (1 Apr 2022) +- http: correct the header error message to say colon + + Not semicolon + + Reported-by: Gisle Vanem + Ref: #8666 + Closes #8667 + +- lib: #ifdef on USE_HTTP2 better + + ... as nghttp2 might not be the library that provides HTTP/2 support. + + Closes #8661 + +- [Michał Antoniak brought this change] + + mbedtls: remove 'protocols' array from backend when ALPN is not used + + Closes #8663 + +- http2: RST the stream if we stop it on our own will + + For the "simulated 304" case the done-call isn't considered "premature" + but since the server didn't close the stream it needs to be reset to + stop delivering data. + + Closes #8664 + +- http: close the stream (not connection) on time condition abort + + Closes #8664 + +- http2: handle DONE called for the paused stream + + As it could otherwise stall all streams on the connection + + Reported-by: Evangelos Foutras + Fixes #8626 + Closes #8664 + +- tls: make mbedtls and NSS check for h2, not nghttp2 + + This makes them able to also negotiate HTTP/2 even when built to use + hyper for h2. + + Closes #8656 + +- tests/libtest/lib670.c: fixup the copyright year range + + follow-up to b54e18640ea4b7 + +- [Leandro Coutinho brought this change] + + lib670: avoid double check result + + Closes #8660 + +- vtls: use a generic "ALPN, server accepted" message + + Closes #8657 + +- vtls: use a backend standard message for "ALPN: offers %s" + + I call it VTLS_INFOF_ALPN_OFFER_1STR, the '1str' meaning that the + infof() call also needs a string argument: the ALPN ID. + + Closes #8657 + +- [Christian Schmitz brought this change] + + strcase.h: add comment about the return code + + Tool often we run into expecting this to work like strcmp, but it + returns 1 instead of 0 for match. + + Closes #8658 + +- vtls: provide a unified APLN-disagree string for all backends + + Also rephrase to make it sound less dangerous: + + "ALPN: server did not agree on a protocol. Uses default." + + Reported-by: Nick Coghlan + Fixes #8643 + Closes #8651 + +- projects/README: converted to markdown + + Closes #8652 + +- misc: spelling fixes + + Mostly in comments but also in the -w documentation for headers_json. + + Closes #8647 + +- KNOW_BUGS: HTTP3/Transfer closed with n bytes remaining to read + + "HTTP/3 does not support client certs" considered fixed, at least with + the ngtcp2 backend. + + Closes #8523 + +- CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs + + Also add to quote.d. Add to TODO as something to add in a future. + + Reported-by: anon00000000 on github + Closes #8602 + Closes #8648 + +- RELEASE-NOTES: synced + +- pop3/smtp: return *WEIRD_SERVER_REPLY when not understood + + This leaves the CURLE_RECV_ERROR error code for explicit failure to + receive network data and allows users to better separate the problems. + + Ref #8356 + Reported-by: Rianov Viacheslav + Closes #8506 + +- docs: lots of minor language polish + + Mostly based on recent language decisions from "everything curl": + + - remove contractions (isn't => is not) + - *an* HTTP (consistency) + - runtime (no hyphen) + - backend (no hyphen) + - URL is uppercase + + Closes #8646 + +Jay Satiro (29 Mar 2022) +- projects: Update VC version names for VS2017, VS2022 + + - Rename VC15 -> VC14.10, VC17 -> VC14.30. + + The projects directory that holds the pre-generated Visual Studio + project files uses VC<ver> to indicate the MSVC version. At some point + support for Visual Studio 2017 (Visual Studio version 15 which uses MSVC + 14.10) was added as VC15. Visual Studio 2022 (Visual Studio version 17 + which uses MSVC 14.30) project files were recently added and followed + that same format using VC17. + + There is no such MSVC version (yet) as VC15 or VC17. + + For VS 2017 for example, the name we use is correct as either VS17, + VS2017, VC14.10. I opted for the latter since we use VC for earlier + versions (eg VC10, VC12, etc). + + Ref: https://github.com/curl/curl/pull/8438#issuecomment-1037070192 + + Closes https://github.com/curl/curl/pull/8447 + +Daniel Stenberg (29 Mar 2022) +- mqtt: better handling of TCP disconnect mid-message + + Reported-by: Jenny Heino + Bug: https://hackerone.com/reports/1521610 + Closes #8644 + +- CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL + +- [Ian Blanes brought this change] + + docs/DYNBUF: clarify documentation for Curl_dyn_ptr and Curl_dyn_uptr + + Closes #8606 + +- [Ian Blanes brought this change] + + curl: fix segmentation fault for empty output file names. + + Function glob_match_url set *result to NULL when called with filename = + "", producing an indirect NULL pointer dereference. + + Closes #8606 + +- TODO: Read keys from ~/.ssh/id_ecdsa, id_ed25519 + + It would be nice to expand the list of key locations curl uses for the + newer key types supported by libssh2. + + Closes #8586 + +- ngtcp2: update to work after recent ngtcp2 updates + + Assisted-by: Tatsuhiro Tsujikawa + Reported-by: jurisuk on github + Fixes #8638 + Closes #8639 + +- [Farzin brought this change] + + CURLOPT_PROGRESSFUNCTION.3: fix typo in example + + Closes #8636 + +- curl/header_json: output the header names in lowercase + + To better allow json[“header”]. + + Reported-by: Peter Korsgaard + Bug: https://daniel.haxx.se/blog/2022/03/24/easier-header-picking-with-curl/comment-page-1/#comment-25878 + Closes #8633 + +- RELEASE-NOTES: synced + +- headers.h: make Curl_headers_push() be CURLE_OK when not built + + ... to avoid errors when the function isn't there. + + Reported-by: Marcel Raad + Fixes #8627 + Closes #8628 + +- scripts: move three scripts from lib/ to scripts/ + + Move checksrc.pl, firefox-db2pem.sh and mk-ca-bundle.pl since they don't + particularly belong in lib/ + + Also created an EXTRA_DIST= in scripts/Makefile.am instead of specifying + those files in the root Makefile.am + + Closes #8625 + +Marc Hoersken (23 Mar 2022) +- lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 + + curl_setup.h automatically defines WIN32 if just _WIN32 is defined. + + Therefore make sure curl_setup.h is included through warnless.h. + + Reviewed-by: Daniel Stenberg + Reviewed-by: Jay Satiro + + Closes #8594 + +- tests/server/util.h: align WIN32 condition with util.c + + There is no need to test for both _WIN32 and WIN32 as curl_setup.h + automatically defines the later if the first one is defined. + + Also tests/server/util.c is only checking for WIN32 arouund the + implementation of win32_perror, so just defining _WIN32 + would not be sufficient for a successful compilation. + + Reviewed-by: Daniel Stenberg + Reviewed-by: Jay Satiro + + Closes #8594 + +Daniel Stenberg (22 Mar 2022) +- [Philip H brought this change] + + firefox-db2pem.sh: make the shell script safer + + Reported by lift + + Closes #8616 + +Jay Satiro (22 Mar 2022) +- gtls: fix build for disabled TLS-SRP + + Prior to this change if, at build time, the GnuTLS backend was found to + have TLS-SRP support (HAVE_GNUTLS_SRP) but TLS-SRP was disabled in curl + via --disable-tls-srp (!USE_TLS_SRP) then a build error would occur. + + Bug: https://curl.se/mail/lib-2022-03/0046.html + Reported-by: Robert Brose + + Closes https://github.com/curl/curl/pull/8604 + +- winbuild: Add a Visual Studio example to the README + + - Add an example that explains in detail how the user can add libcurl to + their Visual Studio project. + + Ref: https://github.com/curl/curl/issues/8591 + + Closes https://github.com/curl/curl/pull/8592 + +- docs/opts: Mention Schannel client cert type is P12 + + Schannel backend code behaves same as Secure Transport, it expects a P12 + certificate file or the name of a certificate already in the user's OS + key store. Also, both backends ignore CURLOPT_SSLKEY (tool: --key) + because they expect the private key to already be available from the + keystore or P12 certificate. + + Ref: https://github.com/curl/curl/discussions/8581#discussioncomment-2337260 + + Closes https://github.com/curl/curl/pull/8587 + +Daniel Stenberg (22 Mar 2022) +- lib1945: fix compiler warning 4706 on MSVC + + Follow-up from d1e4a677340c + + Closes #8623 + +- [Philip H brought this change] + + ci/event-based.yml: improve impacket install + + skip python3-pip + install impacket with library module + + Closes #8621 + +- test1459: disable for oldlibssh + + This test with libssh 0.9.3 works fine on github but fails on circleci. + Might as well disable this test for oldlibssh installations. + + Closes #8622 + +- test1135: sync with recent API updates + + This test verifies that the order of functions in public headers remain + the same but hasn't been updated to care for recently added header + files. The order is important for some few platforms - or VERSIONINFO + needs to updated. + + This fix also updates VERSIONINFO to be sure. + + Closes #8620 + +- curl_easy_nextheader.3: fix two typos + + Reported-by: Timothe Litt + Bug: https://curl.se/mail/lib-2022-03/0060.html + +- options: remove mistaken space before paren in prototype + +- cirrus: add --enable-headers-api for some windows builds + +- GHA: --enable-headers-api in all workflows + +- lib: make the headers API depend on --enable-headers-api + +- configure: add --enable-headers-api to enable the headers API + + Defaults to disabled while labeled EXPERIMENTAL. + + Make all the headers API tests require 'headers-api' to run. + +- test1671: verify -w '%{header_json} + +- test1670: verify -w %header{} + +- curl: add %{header_json} support in -w handling + + Outputs all response headers as a JSON object. + +- curl: add %header{name} support in -w handling + + Outputs the response header 'name' + +- header api: add curl_easy_header and curl_easy_nextheader + + Add test 1940 to 1946 to verify. + + Closes #8593 + +- test1459: remove the different exit code for oldlibssh + + When using libssh/0.9.3/openssl/zlib, we seem to be getting the "right" + error code. + + Closes #8490 + +- libssh: unstick SFTP transfers when done event-based + + Test 604 and 606 (at least). + + Closes #8490 + +- gha: move the event-based test over from Zuul + + Switched libssh2 to libssh + + Closes #8490 + +- RELEASE-NOTES: synced + +- http: return error on colon-less HTTP headers + + It's a protocol violation and accepting them leads to no good. + + Add test case 398 to verify + + Closes #8610 + +- test718: edited slightly to return better HTTP + + Since hyper is picky and won't play ball otherwise. + + Bug: https://github.com/hyperium/hyper/issues/2783 + Reported-by: Daniel Valenzuela + Closes #8614 + +- hyper: no h2c support + + Make tests require h2c feature present to run, and only set h2c if + nghttp2 is used in the build. Hyper does not support it. + + Remove those tests from DISABLED + + Fixes #8605 + Closes #8613 + +- configure: bump the copyright year range int the generated output + +- [Andreas Falkenhahn brought this change] + + BINDINGS.md: add Hollywood binding + + Closes #8609 + +- HISTORY: add some 2022 data + +- scripts/copyright.pl: ignore the new mlc_config.json file + +- [Philip H brought this change] + + mlc_config.json: add file to ignore known troublesome URLs + + This is the config file for the CI markdown link checker and lets us + filter URLs that are known to cause problems. Like + https://curl.zuul.vexxhost.dev/ for now. + + Closes #8597 + +- [Philip H brought this change] + + winbuild/README.md: fixup dead link + + Closes #8597 + +Jay Satiro (18 Mar 2022) +- rtsp: don't let CSeq error override earlier errors + + - When done, if an error has already occurred then don't check the + sequence numbers for mismatch. + + A sequence number may not have been received if an error occurred. + + Prior to this change a sequence mismatch error would override earlier + errors. For example, a server that returns nothing would cause error + CURLE_GOT_NOTHING in Curl_http_done which was then overridden by + CURLE_RTSP_CSEQ_ERROR in rtsp_done. + + Closes https://github.com/curl/curl/pull/8525 + +- lib: fix some misuse of curlx_convert_wchar_to_UTF8 + + curlx_convert_wchar_to_UTF8 must be freed by curlx_unicodefree, but + prior to this change some uses mistakenly called free. + + I've reviewed all other uses of curlx_convert_wchar_to_UTF8 and + curlx_convert_UTF8_to_wchar. + + Ref: https://github.com/curl/curl/commit/1d5d0ae + + Closes https://github.com/curl/curl/pull/8521 + +- mk-ca-bundle.pl: Use stricter logic to process the certificates + + .. and bump version to 1.29. + + This change makes the script properly ignore unknown blocks and + otherwise fail when Mozilla changes the certdata format in ways we + don't expect. Though this is less flexible behavior it makes it far less + likely that an invalid certificate can slip through. + + Prior to this change the state machine did not always properly reset, + and it was possible that a certificate marked as invalid could then + later be marked as valid when there was conflicting trust info or + an unknown block was erroneously processed as part of the certificate. + + Ref: https://github.com/curl/curl/pull/7801#pullrequestreview-768384569 + + Closes https://github.com/curl/curl/pull/8411 + +Marcel Raad (17 Mar 2022) +- test375: fix line endings on Windows + + Closes https://github.com/curl/curl/pull/8599 + +Daniel Stenberg (17 Mar 2022) +- http: reject header contents with nul bytes + + They are not allowed by the protocol and allowing them risk that curl + misbehaves somewhere where C functions are used but won't work on the + full contents. Further, they are not supported by hyper and they cause + problems for the new coming headers API work. + + Updated test 262 to verify and enabled it for hyper as well + + Closes #8601 + +- [Philip H brought this change] + + CI: Do not use buildconf. Instead, just use: autoreconf -fi + + Closes #8596 + +- RELEASE-NOTES: synced + +Jay Satiro (14 Mar 2022) +- libssh: Improve fix for missing SSH_S_ stat macros + + - If building libcurl against an old libssh version missing SSH_S_IFMT + and SSH_S_IFLNK then use the values from a supported version. + + Prior to this change if libssh did not define SSH_S_IFMT and SSH_S_IFLNK + then S_IFMT and S_IFLNK, respectively, were used instead. The problem + with that is the user's S_ stat macros don't have the same values across + platforms. For example Windows has values different from Linux. + + Follow-up to 7b0fd39. + + Ref: https://github.com/curl/curl/pull/8511#discussion_r815292391 + Ref: https://github.com/curl/curl/pull/8574 + + Closes https://github.com/curl/curl/pull/8588 + +Marc Hoersken (13 Mar 2022) +- tool and tests: force flush of all buffers at end of program + + On Windows data can be lost in buffers in case of abnormal program + termination, especially in process chains as seen due to flaky tests. + Therefore flushing all buffers manually should avoid this data loss. + + In the curl tool we play the safe game by only flushing write buffers, + but in the testsuite where we manage all buffers, we flush everything. + + This should drastically reduce Windows CI and testsuite flakiness. + + Reviewed-by: Daniel Stenberg + + Supersedes #7833 and #6064 + Closes #8516 + +Daniel Stenberg (12 Mar 2022) +- [Jan Venekamp brought this change] + + BearSSL: add CURLOPT_SSL_CTX_FUNCTION support + + Closes #8478 + +- [Jan Venekamp brought this change] + + BearSSL: add CURLOPT_SSL_CIPHER_LIST support + + Closes #8477 + +Dan Fandrich (11 Mar 2022) +- tool_cb_hdr: Turn the Location: into a terminal hyperlink + + This turns even relative URLs into clickable hyperlinks in a supported + terminal when --styled-output is enabled. Many terminals already turn + URLs into clickable links but there is not enough information in a + relative URL to do this automatically otherwise. + +- keepalive-time.d: It takes many probes to detect brokenness + +Daniel Stenberg (11 Mar 2022) +- [HexTheDragon brought this change] + + curl: add --no-clobber + + Does not overwrite output files if they already exist + + Closes #7708 + Co-authored-by: Daniel Stenberg + +- RELEASE-NOTES: synced + + also bump next pending version to become 7.83.0 + +- [Jean-Philippe Menil brought this change] + + openssl: check SSL_get_peer_cert_chain return value + + Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> + Closes #8579 + +- [Jay Satiro brought this change] + + mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl + + mk-ca-bundle.vbs is a Windows-specific script for Mozilla certificate + extraction, similar to mk-ca-bundle.pl which runs on any platform. The + vbs version has not been maintained while the perl version has been + maintained with improvements and security fixes. I don't think it's + worth the work to maintain both versions. Windows users should be able + to use mk-ca-bundle.pl without any problems, as long as they have perl. + + Closes #8412 + +- CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype + + Copy and paste error + + Reported-by: Francisco Olarte + Fixes #8573 + Closes #8577 + +- remove-on-error.d: typo + + Reported-by: Colin Leroy + Bug: https://github.com/curl/curl/pull/8503#pullrequestreview-906520081 + +- curl: add --remove-on-error + + If a transfer returns an error, using this option makes curl remove the + leftover downloded (partial) local file before exiting. + + Added test 376 to verify + + Closes #8503 + +- libssh: fix build with old libssh versions + + ... that don't have the SSH_S_* defines. Spotted on a machine using + libssh 0.7.3 + + Closes #8574 + +- hyper: fix status_line() return code + + Detected while working on #7708 that happened to trigger an error here + with a new test case. + + Closes #8572 + +- [Alejandro R. Sedeño brought this change] + + configure.ac: move -pthread CFLAGS setting back where it used to be + + The fix for #8276 proposed in #8374 set `CFLAGS="$CFLAGS -pthead"` + earlier than it used to be set, applying it in cases where it should not + have been applied. + + This moves the AIX XLC check to a new `case $host in` block inside of + the `if test "$USE_THREADS_POSIX" != "1"` block, where `CFLAGS="$CFLAGS + -pthead"` used to happen. + + Fixes #8541 + Closes #8542 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: add client certificate authentication for OpenSSL + + Closes #8522 + +- tool_operate: fix a scan-build warning + + ... and avoid the temp storing of the return code in a diff variable. + + Closes #8565 + +- test375: verify that --proxy errors out if proxy is disabled in the build + + Closes #8565 + +- curl: error out when options need features not present in libcurl + + Trying to use a proxy when libcurl was built with proxy support disabled + should make curl error out properly. + + Remove knowledge of disabled features from the tool code and instead + make it properly respond to what libcurl returns. Update all tests to + properly require the necessary features to be present/absent so that the + test suite can still be run even with libcurl builds with disabled + features. + + Ref: https://curl.se/mail/archive-2022-03/0013.html + Closes #8565 + +- ngtcp2: disconnect the QUIC connection proper + + Reported-by: mehatzri on github + Reviewed-by: Tatsuhiro Tsujikawa + Fixes #8534 + closes #8569 + +Dan Fandrich (9 Mar 2022) +- test386: Fix an incorrect test markup tag + +Daniel Stenberg (9 Mar 2022) +- [Don J Olmstead brought this change] + + nonblock: restore setsockopt method to curlx_nonblock + + The implementation using setsockopt was removed when BeOS support was + purged. However this functionality wasn't BeOS specific, it is still + used by for example Orbis OS (Playstation 4/5 OS). + + Closes #8562 + +- openssl: fix CN check error code + + Due to a missing 'else' this returns error too easily. + + Regressed in: d15692ebb + + Reported-by: Kristoffer Gleditsch + Fixes #8559 + Closes #8560 + +- [Frank Meier brought this change] + + connect: make Curl_getconnectinfo work with conn cache from share handle + + Closes #8524 + +- [lwthiker brought this change] + + openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL + + The CURLOPT_SSL_EC_CURVES option (used by the '--curves' flag) in + libcurl was ignored when compiling with BoringSSL because + HAVE_SSL_CTX_SET_EC_CURVES was explicitly disabled if BoringSSL was + detected. However, this feature is supported in BoringSSL since + 5fd1807d. This commit enables it, and also reduces the required minimal + OpenSSL version to 1.0.2 as per OpenSSL's official documentation. + + Fixes #8553 + Closes #8556 + +- [Samuel Henrique brought this change] + + json.d: fix typo (overriden -> overridden) + + Closes #8557 + +- wolfssl: fix compiler error without IPv6 + + Reported-by: Joseph Chen + Fixes #8550 + Closes #8552 + +- RELEASE-NOTES: synced + + and bump pending version to 7.82.1 + +- [Paul Howarth brought this change] + + runtests: make 'oldlibssh' be before 0.9.4 + + The 'oldlibssh' feature indicates that the error code returned by libssh + for a broken known_hosts file should be 67 rather than 60 (test1459). + This feature was added as part of #8444 with 'oldlibssh' mapping to + libssh versions prior to 0.9.6, and then refined as part of #8511 to map + to versions prior to 0.9.5. + + In Red Hat Enterprise Linux 8.5 there is a patched version of libssh + version 0.9.4 (https://git.centos.org/rpms/libssh/blob/c8/f/SOURCES) in + which test1459 fails because it returns the "new" value rather than the + "old" one. It's plausible that one of the patches is responsible for + this rather than the underlying code but I don't think so. + + This change therefore drops the 'oldlibssh' version check to map to + libssh versions older than 0.9.4, which fixes builds on RHEL-8. + + Closes #8548 + +- ipv4/6.d: clarify that they are about using IP addresses + + ... they may still *resolve* other families, but not use those + addresses. + + Ref: #8530 + Closes #8543 + +- [r-a-sattarov brought this change] + + curl/system.h: update ifdef condition for MCST-LCC compiler + + in mcst-lcc compiler => 1.25 added a new macro definition to determine + compiler + + Closes #8546 + +Marc Hoersken (6 Mar 2022) +- CI: install Python package impacket to run SMB test 1451 + + Install Python package impacket in relevant CI workflows. + + Follow up to #7935 + Supersedes #7940 + Closes #8544 + +Daniel Stenberg (5 Mar 2022) +- [Michał Antoniak brought this change] + + connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined + + Closes #8539 + +- docs/HYPER.md: updated to reflect current hyper build needs + +- GHA: build hyper with nightly rustc + + Closes #8545 + +Version 7.82.0 (5 Mar 2022) + +Daniel Stenberg (5 Mar 2022) +- RELEASE-NOTES: synced + + The 7.82.0 release + +- THANKS: updates from the 7.82.0 release notes + +- misc: update copyright year ranges + +Jay Satiro (5 Mar 2022) +- unit1610: init SSL library before calling SHA256 functions + + The SSL library must be initialized (via global initialization) because + libcurl's SHA256 functions may call SHA256 functions in the SSL library. + + Reported-by: Gisle Vanem + + Fixes https://github.com/curl/curl/issues/8538 + Closes https://github.com/curl/curl/pull/8540 + +- examples/curlx: support building with OpenSSL 1.1.0+ + + - Access members of X509_STORE_CTX in OpenSSL 1.1.0+ by using API + functions. + + The X509_STORE_CTX struct has been opaque since OpenSSL 1.1.0. + + Ref: https://curl.se/mail/lib-2022-03/0004.html + + Closes https://github.com/curl/curl/pull/8529 + +- h2h3: fix typo + + Bug: https://github.com/curl/curl/issues/8381#issuecomment-1055440241 + Reported-by: Michael Kaufmann + +- [Farzin brought this change] + + CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment + + Closes https://github.com/curl/curl/pull/8519 + +Daniel Stenberg (26 Feb 2022) +- azure-pipelines: add a build on Windows with libssh + + Closes #8511 + +- runtests: make 'oldlibssh' be before 0.9.5 + + Closes #8511 + +- libssh: fix include files and defines use for Windows builds + + Reported-by: 梦终无痕 + Bug: https://curl.se/mail/lib-2022-02/0131.html + Closes #8511 + +- RELEASE-NOTES: synced + +- [illusory-dream brought this change] + + winbuild: add parameter WITH_SSH + + For building with libssh + Closes #8514 + +- configure: change output for cross-compiled alt-svc support + + It said 'no', while it actually is 'yes' + + Closes #8512 + +- gha: add a macOS CI job with libssh + + Closes #8513 + +- TODO: remove "Bring back libssh tests on Travis" + + The job was added to Circle CI in d8ddd0e7536 + +- TODO: remove "better persistency for HTTP/1.0" + + Let's not bother. + +- TODO: remove "Option to ignore private IP" + + ... as curl ignores the IP entirely by default these days. + +- TODO: remove "hardcode the "localhost" addresses" + + This is implmented since 1a0ebf6632f88 + +- TODO: 1.24 was a dupe of 1.1 + +- TODO: remove "Typesafe curl_easy_setopt()" + + I don't consider this a serious TODO item + +- KNOWN_BUGS: remove "Uploading HTTP/3 files gets interrupted" + + This works now + +- KNOWN_BUGS: remove "HTTP/3 multipart POST with quiche fails" + + It works now + +- quiche: remove two leftover debug infof() outputs + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: Reset dynbuf when it is fully drained + + Reported-by: vl409 on github + Fixes #7351 + Closes #8504 + +- [Stewart Gebbie brought this change] + + hostip: avoid unused parameter error in Curl_resolv_check + + When built without DNS-over-HTTP and without asynchronous resolvers, + neither the dns nor the data parameters are used. + + That is Curl_resolv_check appears to call + Curl_resolver_is_resolved(data, dns). But, + with CURL_DISABLE_DOH without CURLRES_ASYNCH, the call is actually + elided via a macro definition. + + This fix resolves the resultant: "unused parameter 'data'" error. + + Closes #8505 + +- http2: move two infof calls to debug-h2-only + + and remove a superflous one + + Ref: https://github.com/curl/curl/discussions/8498 + Closes #8502 + +- [Jean-Philippe Menil brought this change] + + quiche: fix upload for bigger content-length + + Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> + Closes #8421 + +Jay Satiro (23 Feb 2022) +- [Farzin brought this change] + + CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment + + Closes https://github.com/curl/curl/pull/8500 + +Daniel Stenberg (22 Feb 2022) +- [Rob Boeckermann brought this change] + + OS400/README: clarify compilation steps + + Closes #8494 + +- [Rob Boeckermann brought this change] + + OS400: fix typos in rpg include file + + This resolves issues compiling rpg code that includes the curl header + file. + + Closes #8494 + +- [Michał Antoniak brought this change] + + vtls: fix socket check conditions + + fix condition to check the second socket during associate and + disassociate connection + + Closes #8493 + +- libssh2: don't typecast socket to int for libssh2_session_handshake + + Since libssh2_socket_t uses SOCKET on windows which can be larger than + int. + + Closes #8492 + +- RELEASE-NOTES: fix typo and make one desc shorter + +- RELEASE-NOTES: synced + +- CURLOPT_XFERINFOFUNCTION.3: fix typo in example + + Reported-by: coralw on github + Fixes #8487 + Closes #8488 + +- README: disable linkchecks for the sponsor links + + Closes #8489 + +Jay Satiro (21 Feb 2022) +- openssl: check if sessionid flag is enabled before retrieving session + + Ideally, Curl_ssl_getsessionid should not be called unless sessionid + caching is enabled. There is a debug assertion in the function to help + ensure that. Therefore, the pattern in all vtls is basically: + + if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();} + + There was one instance in openssl.c where sessionid was not checked + beforehand and this change fixes that. + + Prior to this change an assertion would occur in openssl debug builds + during connection stage if session caching was disabled. + + Reported-by: Jim Beveridge + + Fixes https://github.com/curl/curl/issues/8472 + Closes https://github.com/curl/curl/pull/8484 + +- multi: allow user callbacks to call curl_multi_assign + + Several years ago a change was made to block user callbacks from calling + back into the API when not supported (recursive calls). One of the calls + blocked was curl_multi_assign. Recently the blocking was extended to the + multi interface API, however curl_multi_assign may need to be called + from within those user callbacks (eg CURLMOPT_SOCKETFUNCTION). + + I can't think of any callback where it would be unsafe to call + curl_multi_assign so I removed the restriction entirely. + + Reported-by: Michael Wallner + + Ref: https://github.com/curl/curl/commit/b46cfbc + Ref: https://github.com/curl/curl/commit/340bb19 + + Fixes https://github.com/curl/curl/issues/8480 + Closes https://github.com/curl/curl/pull/8483 + +Daniel Stenberg (21 Feb 2022) +- [Michał Antoniak brought this change] + + ssl: reduce allocated space for ssl backend when FTP is disabled + + Add assert() for the backend pointer in many places + + Closes #8471 + +- [Michał Antoniak brought this change] + + checkprefix: remove strlen calls + + Closes #8481 + +Jay Satiro (20 Feb 2022) +- [1337vt brought this change] + + curl.h: fix typo + + Closes https://github.com/curl/curl/pull/8482 + +- [Jan Venekamp brought this change] + + sectransp: mark a 3DES cipher as weak + + - Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak. + + All other 3DES ciphers are already marked as weak. + + Closes https://github.com/curl/curl/pull/8479 + +- [Jan Venekamp brought this change] + + bearssl: fix EXC_BAD_ACCESS on incomplete CA cert + + - Do not create trust anchor object for a CA certificate until after it + is processed. + + Prior to this change the object was created at state BR_PEM_BEGIN_OBJ + (certificate processing begin state). An incomplete certificate (for + example missing a newline at the end) never reaches BR_PEM_END_OBJ + (certificate processing end state) and therefore the trust anchor data + was not set in those objects, which caused EXC_BAD_ACCESS. + + Ref: https://github.com/curl/curl/pull/8106 + + Closes https://github.com/curl/curl/pull/8476 + +- [Jan Venekamp brought this change] + + bearssl: fix connect error on expired cert and no verify + + - When peer verification is disabled use the x509_decode engine instead + of the x509_minimal engine to parse and extract the public key from + the first cert of the chain. + + Prior to this change in such a case no key was extracted and that caused + CURLE_SSL_CONNECT_ERROR. The x509_minimal engine will stop parsing if + any validity check fails but the x509_decode won't. + + Ref: https://github.com/curl/curl/pull/8106 + + Closes https://github.com/curl/curl/pull/8475 + +- [Jan Venekamp brought this change] + + bearssl: fix session resumption (session id) + + Prior to this change br_ssl_client_reset was mistakenly called with + resume_session param set to 0, which disabled session resumption. + + Ref: https://github.com/curl/curl/pull/8106 + + Closes https://github.com/curl/curl/pull/8474 + +Daniel Stenberg (18 Feb 2022) +- [Michał Antoniak brought this change] + + openssl: fix build for version < 1.1.0 + + Closes #8470 + +- [Joel Depooter brought this change] + + schannel: move the algIds array out of schannel.h + + This array is only used by the SCHANNEL_CRED struct in the + schannel_acquire_credential_handle function. It can therefore be kept as + a local variable. This is a minor update to + bbb71507b7bab52002f9b1e0880bed6a32834511. + + This change also updates the NUM_CIPHERS value to accurately count the + number of ciphers options listed in schannel.c, which is 47 instead of + 45. It is unlikely that anyone tries to set all 47 values, but if they + had tried, the last two would not have been set. + + Closes #8469 + +- [Alejandro R. Sedeño brought this change] + + configure.ac: use user-specified gssapi dir when using pkg-config + + Using the system pkg-config path in the face of a user-specified + library path is asking to link the wrong library. + + Reported-by: Michael Kaufmann + Fixes #8289 + Closes #8456 + +- [Kevin Adler brought this change] + + os400: Add link to QADRT devkit to README.OS400 + + Closes #8455 + +- [Kevin Adler brought this change] + + os400: Add function wrapper for system command + + The wrapper will exit if the system command failed instead of blindly + continuing on. + + In addition, only copy docs which exist, since now the copy failure will + cause the build to stop. + + Closes #8455 + +- [Kevin Adler brought this change] + + os400: Default build to target current release + + V6R1M0 is not available as a target release since IBM i 7.2. To keep + from having to keep this up to date in git, default to the current + release. Users can configure this to whatever release they want to + actually build for. + + Closes #8455 + +- docs/INTERNALS.md: clean up, refer to the book + + The explanatory parts are now in the everything curl book (which can + also use images etc). This document now refers to that resource and only + leaves listings of supported versions of libs, tools and operating + systems. See https://everything.curl.dev/internals + + Closes #8467 + +Marcel Raad (17 Feb 2022) +- des: fix compile break for OpenSSL without DES + + When `USE_OPENSSL` was defined but OpenSSL had no DES support and a + different crypto library was used for that, `Curl_des_set_odd_parity` + was called but not defined. This could for example happen on Windows + and macOS when using OpenSSL v3 with deprecated features disabled. + + Use the same condition for the function definition as used at the + caller side, but leaving out the OpenSSL part to avoid including + OpenSSL headers. + + Closes https://github.com/curl/curl/pull/8459 + +Daniel Stenberg (17 Feb 2022) +- RELEASE-NOTES: synced + +- docs/DEPRECATE: remove NPN support in August 2022 + + Closes #8458 + +- ftp: provide error message for control bytes in path + + Closes #8460 + +- http: fix "unused parameter ‘conn’" warning + + Follow-up from 7d600ad1c395 + + Spotted on appveyor + + Closes #8465 + +Jay Satiro (17 Feb 2022) +- [Alejandro R. Sedeño brought this change] + + sha256: Fix minimum OpenSSL version + + - Change the minimum OpenSSL version for using their SHA256 + implementation from 0.9.7 to 0.9.8. + + EVP_sha256() does not appear in the OpenSSL source before 0.9.7h, and + does not get built by default until 0.9.8, so trying to use it for all + 0.9.7 is wrong, and before 0.9.8 is unreliable. + + Closes https://github.com/curl/curl/pull/8464 + +Daniel Stenberg (16 Feb 2022) +- KNOWN_BUGS: remove "slow connect to localhost on Windows" + + localhost is not resolved anymore since 1a0ebf6632f88 + +- KNOWN_BUGS: remove "HTTP/3 download is 5x times slower than HTTP/2" + + It's not actually a bug. More like room for improvement. + +- KNOWN_BUGS: remove "HTTP/3 download with quiche halts after a while" + + Follow-up to 96f85a0fef694 + +- KNOWN_BUGS: remove "pulseUI vpn" as a problem + + We haven't heard about this for a long time and rumours have it they + might have fixed it. + +- urldata: remove conn->bits.user_passwd + + The authentication status should be told by the transfer and not the + connection. + + Reported-by: John H. Ayad + Fixes #8449 + Closes #8451 + +- [Kevin Adler brought this change] + + gskit: Convert to using Curl_poll + + As mentioned in 32766cb, gskit was the last user of Curl_select which is + now gone. Convert to using Curl_poll to allow build to work on IBM i. + + Closes #8454 + +- [Kevin Adler brought this change] + + gskit: Fix initialization of Curl_ssl_gskit struct + + In c30bf22, Curl_ssl_getsock was factored out in to a member of + struct Curl_ssl but the gskit initialization was not updated to reflect + this new member. + + Closes #8454 + +- [Kevin Adler brought this change] + + gskit: Fix errors from Curl_strerror refactor + + 2f0bb864c1 replaced sterror with Curl_strerror, but the strerror buffer + shadows the set_buffer "buffer" parameter. To keep consistency with the + other functions that use Curl_strerror, rename the parameter. + + In addition, strerror.h is needed for the definition of STRERROR_LEN. + + Closes #8454 + +Marcel Raad (15 Feb 2022) +- ntlm: remove unused feature defines + + They're not used anymore and always supported. + + Closes https://github.com/curl/curl/pull/8453 + +Daniel Stenberg (15 Feb 2022) +- [Kantanat Wannapaka brought this change] + + README.md: fix link and layout + + replace <a></a> tags and <img></img> tags + + Closes #8448 + +- KNOWN_BUGS: fix typo "libpsl" + +Jay Satiro (14 Feb 2022) +- h2h3: fix compiler warning due to function prototype mismatch + + - Add missing const qualifier in Curl_pseudo_headers declaration. + +Daniel Stenberg (14 Feb 2022) +- [Stefan Eissing brought this change] + + urlapi: handle "redirects" smarter + + - avoid one malloc when setting a new url via curl_url_set() + and CURLUPART_URL. + - extract common pattern into a new static function. + + Closes #8450 + +- cijobs: pick up circleci configure lines better + +- circleci: add a job using wolfSSH + + Build only, no tests. + + Closes #8445 + +- scripts/ciconfig.pl: show used options not available + +- circleci: add a job using libssh + + Closes #8444 + +- runtests: set 'oldlibssh' for libssh versions before 0.9.6 + + ... and make test 1459 check for the different return code then. + + Closes #8444 + +Jay Satiro (13 Feb 2022) +- Makefile.am: Generate VS 2022 projects + + Follow-up to f13d4d0 which added VS 2022 project support. + + Ref: https://github.com/curl/curl/pull/8438 + +- [Daniel Stenberg brought this change] + + projects: remove support for MSVC before VC10 (Visual Studio 2010) + + - Remove Visual Studio project files for VC6, VC7, VC7.1, VC8 and VC9. + + Those versions are too old to be maintained any longer. + + Closes https://github.com/curl/curl/pull/8442 + +- [Stav Nir brought this change] + + projects: add support for Visual Studio 17 (2022) + + Closes https://github.com/curl/curl/pull/8438 + +Daniel Stenberg (13 Feb 2022) +- RELEASE-NOTES: synced + +- connect: follow-up fix the copyright year + +- [Michał Antoniak brought this change] + + misc: remove unused data when IPv6 is not supported + + Closes #8430 + +- scripts/ciconfig: show CI job config info + + Closes #8446 + +- quiche: handle stream reset + + A stream reset now causes a CURLE_PARTIAL_FILE error. I'm not convinced + this is the right action nor the right error code. + + Reported-by: Lucas Pardue + Fixes #8437 + Closes #8440 + +- mime: use a define instead of the magic number 24 + + MIME_BOUNDARY_DASHES is now the number of leading dashes in the + generated boundary string. + + Closes #8441 + +- [Henrik Holst brought this change] + + hostcheck: reduce strlen calls on chained certificates + + Closes #8428 + +- [Patrick Monnerat brought this change] + + mime: some more strlen() call removals. + + Closes #8423 + +- scripts/cijobs.pl: detect zuul cmake jobs better + +- url: exclude zonefrom_url when no ipv6 is available + + Closes #8439 + +- if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled + + Closes #8439 + +- [Henrik Holst brought this change] + + mprintf: remove strlen calls on empty strings in dprintf_formatf + + Turns out that in dprintf_formatf we did a strlen on empty strings, a + bit strange is how common this actually is, 24 alone when doing a simple + GET from https://curl.se + + Closes #8427 + +- wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case + + Closes #8431 + +- wolfssl: when SSL_read() returns zero, check the error + + Returning zero indicates end of connection, so if there's no data read + but the connection is alive, it needs to return -1 with CURLE_AGAIN. + + Closes #8431 + +- quiche: after leaving h3_recving state, poll again + + This could otherwise easily leave libcurl "hanging" after the entire + transfer is done but without noticing the end-of-transfer signal. + + Assisted-by: Lucas Pardue + Closes #8436 + +- quiche: when *recv_body() returns data, drain it before polling again + + Assisted-by: Lucas Pardue + + Closes #8429 + +- [gaoxingwang on github brought this change] + + configure: fix '--enable-code-coverage' typo + + Fixes #8425 + Closes #8426 + +- lib/h2h3: #ifdef on ENABLE_QUIC, not the wrong define + + Otherwise the build fails when H3 is enabled but the build doesn't + include nghttp2. + + Closes #8424 + +- hostcheck: pass in pattern length too, to avoid a strlen call + + Removes one strlen() call per SAN name in a cert-check. + + Closes #8418 + +- [Henrik Holst brought this change] + + misc: remove strlen for Curl_checkheaders + Curl_checkProxyheaders + + Closes #8409 + +- configure: requires --with-nss-deprecated to build with NSS + + Add deprecation plans to docs/DEPRECATE.md + + Closes #8395 + +- mqtt: free 'sendleftovers' in disconnect + + Fix a memory-leak + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646 + Closes #8415 + +- [Patrick Monnerat brought this change] + + openldap: pass string length arguments to client_write() + + This uses the new STRCONST() macro and saves 2 strlen() calls on short + string constants per LDIF output line. + + Closes #8404 + +- [Henrik Holst brought this change] + + misc: reduce strlen() calls with Curl_dyn_add() + + Use STRCONST() to switch from Curl_dyn_add() to Curl_dyn_addn() for + string literals. + + Closes #8398 + +- http2: fix the array copy to nghttp2_nv + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44517 + Follow-up to 9f985a11e794 + Closes #8414 + +- RELEASE-NOTES: synced + +- scripts/cijobs.pl: output data about all currect CI jobs + + This script parses the config files for all the CI services currently in + use and output the information in a uniform way. The idea is that the + output from this script should be possible to massage into informational + tables or graphs to help us visualize what they are all testing and NOT + testing. + + Closes #8408 + +- maketgz: return error if 'make dist' fails + + To better detect this problem in CI jobs + + Reported-by: Marcel Raad + Bug: https://curl.se/mail/lib-2022-02/0070.html + Closes #8402 + +- h2h3: pass correct argument types to infof() + + Detected by Coverity. CID 1497993 + + Closes #8401 + +- lib/Makefile: remove config-tpf.h from the dist + + Follow-up from da15443dddea2bfb. Missed before because the 'distcheck' + CI job was not working as intended. + + Reported-by: Marcel Raad + Bug: https://curl.se/mail/lib-2022-02/0070.html + Closes #8403 + +- configure: remove support for "embedded ares" + + In March 2010 (commit 4259d2df7dd) we removed the embedded 'ares' + directory from the curl source tree but we have since supported + especially detecting and using that build directory. The time has come + to remove that kludge and ask users to specify the c-ares dir correctly + with --enable-ares. + + Closes #8397 + +- [Sebastian Sterk brought this change] + + github/workflows/mbedtls: fix indent & remove unnecessary line breaks + + Closes #8399 + +- CI: move the NSS job from zuul to GHA + + Closes #8396 + +- tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine + + Closes #8396 + +Marcel Raad (7 Feb 2022) +- curl-openssl: fix SRP check for OpenSSL 3.0 + + When OpenSSL 3.0 is built with `--api=3.0` and `no-deprecated`, the SRP + functions exist in the library, but are disabled for user code. Check + if they are actually usable instead of only if they exist. Also, check + for the functions actually required for TLS-SRP. + + TLS-SRP support is still enabled if OpenSSL is configured with just + `--api=3.0` or with `--api=1.1.1 no-deprecated`. + + Closes https://github.com/curl/curl/pull/8394 + +Daniel Stenberg (7 Feb 2022) +- [Henrik Holst brought this change] + + http: make Curl_compareheader() take string length arguments too + + Also add STRCONST, a macro that returns a string literal and it's length + for functions that take "string,len" + + Removes unnecesary calls to strlen(). + + Closes #8391 + +- vquic/vquic.h: removed the unused H3 psuedo defines + +- ngtcp2: use Curl_pseudo_headers + +- quiche: use Curl_pseudo_headers + +- http2: use Curl_pseudo_headers + +- h2h3: added Curl_pseudo_headers() + + For use with both http2 and http3 requests. + +- ngtcp2/quiche: make :scheme possible to set + +- http2: allow CURLOPT_HTTPHEADER change ":scheme" + + The only h2 psuedo header that wasn't previously possible to change by a + user. This change also makes it impossible to send a HTTP/1 header that + starts with a colon, which I don't think anyone does anyway. + + The other pseudo headers are possible to change indirectly by doing the + rightly crafted request. + + Reported-by: siddharthchhabrap on github + Fixes #8381 + Closes #8393 + +- h2/h3: provide and refer to pseudo headers as defines + + ... and do sizeof() on the defines to use constants better. + + Closes #8389 + +- [Michał Antoniak brought this change] + + smb: passing a socket for writing and reading data instead of FIRSTSOCKET + + Closes #8383 + +- x509asn1: toggle off functions not needed for diff tls backends + + ... and clean the header file from private defines/structs (move to C + file) and unused function prototypes. + + Closes #8386 + +- lib: move hostcheck and x509sn1 sources to vtls/ + + ... since they are used strictly by TLS code. + + Closes #8386 + +Marcel Raad (4 Feb 2022) +- version_win32: fix warning for `CURL_WINDOWS_APP` + + The build version is not supported by the UWP code. + + Closes https://github.com/curl/curl/pull/8385 + +Daniel Stenberg (4 Feb 2022) +- tests/disable-scan.pl: properly detect multiple symbols per line + + Test 1165 would fail on some systems because it didn't detect + CURL_DISABLE_* symbols that were used to the right of another one on the + same line! The script would only detect and extract the first one. + + Reported-by: Marcel Raad + Fixes #8384 + Closes #8388 + +Jay Satiro (4 Feb 2022) +- config.d: Clarify _curlrc filename is still valid on Windows + + Recent changes added support for filename .curlrc on Windows, and + when it's not found curl falls back on the original Windows filename + _curlrc. _curlrc was removed from the doc, however it is still valid. + + Closes https://github.com/curl/curl/pull/8382 + +Daniel Stenberg (4 Feb 2022) +- lib: remove support for CURL_DOES_CONVERSIONS + + TPF was the only user and support for that was dropped. + + Closes #8378 + +- TPF: drop support + + There has been no TPF related changes done since September 2010 (commit + 7e1a45e224e57) and since this is a platform that is relatively different + than many others (== needs attention), I draw the conclusion that this + build is broken since a long time. + + Closes #8378 + +- scripts/delta: check the file delta for current branch + + ... also polish the output style a little bit + +Jay Satiro (3 Feb 2022) +- [Fabian Keil brought this change] + + runtests.pl: tolerate test directories without Makefile.inc + + Silences the following warnings when using a Makefile.inc-free + TESTDIR using the "-o" argument: + + readline() on closed filehandle D at ./runtests.pl line 592. + Use of uninitialized value $disttests in pattern match (m//) at + ./runtests.pl line 3602. + + Closes https://github.com/curl/curl/pull/8379 + +Daniel Stenberg (3 Feb 2022) +- [Henrik Holst brought this change] + + setopt: do bounds-check before strdup + + Curl_setstropt() allocated memory for the string before checking if the + string was within bounds. The bounds check should be done first. + + Closes #8377 + +- [Michał Antoniak brought this change] + + mbedtls: enable use of mbedtls without filesystem functions support + + Closes #8376 + +- [Bernhard Walle brought this change] + + configure: support specification of a nghttp2 library path + + This enables using --with-nghttp2=<dir> on systems without pkg-config. + + Closes #8375 + +- scripts/release-notes.pl: remove leftover debug output + +- RELEASE-NOTES: synced + +- scripts/release-notes.pl: fix number extraction for full URLs + +- [Leah Neukirchen brought this change] + + scripts/completion.pl: improve zsh completion + + - Detect all spellings of <file>, <file name> etc as well as <path>. + - Only complete directories for <dir>. + - Complete URLs for <URL>. + - Complete --request and --ftp-method. + + Closes #8363 + +- [Davide Cassioli brought this change] + + configure: use correct CFLAGS for threaded resolver with xlC on AIX + + Fixes #8276 + Closes #8374 + +- mailmap: Henrik Holst + +Jay Satiro (2 Feb 2022) +- build: fix ngtcp2 crypto library detection + + - Change library link check for ngtcp2_crypto_{gnutls,openssl} to + to use function ngtcp2_crypto_recv_client_initial_cb instead of + ngtcp2_crypto_ctx_initial. + + The latter function is no longer external since two days ago in + ngtcp2/ngtcp2@533451f. curl HTTP/3 CI builds have been failing since + then because they would not link to the ngtcp2 crypto library. + + Ref: https://github.com/ngtcp2/ngtcp2/pull/356 + + Closes https://github.com/curl/curl/pull/8372 + +- [Henrik Holst brought this change] + + urlapi: remove an unnecessary call to strlen + + - Use strcpy instead of strlen+memcpy to copy the url path. + + Ref: https://curl.se/mail/lib-2022-02/0006.html + + Closes https://github.com/curl/curl/pull/8370 + +Daniel Stenberg (1 Feb 2022) +- scripts/copyright.pl: fix for handling removed files better + +- vxworks: drop support + + No changes or fixes in vxworks related code since 2009 leads me to + believe that this doesn't work anymore. + + Closes #8362 + +- [Henrik Holst brought this change] + + base64: remove an unnecessary call to strlen + + Closes #8369 + +- tool_getparam: initial --json support + + Adds these test cases: + + 383 - simple single command line option + 384 - reading it from stdin + 385 - getting two --json options on command line + 386 - --next works after --json + + Closes #8314 + +- [Bjarni Ingi Gislason brought this change] + + curl_getdate.3: remove pointless .PP line + + mandoc: WARNING: skipping paragraph macro: PP empty + + Reported-by: Samuel Henrique + Closes #8365 + +- [Sebastian Sterk brought this change] + + multi: grammar fix in comment + + After 'must', the verb is used without 'to'. Correct: "must" or "have + to" + + Closes #8368 + +- openldap: fix compiler warning when built without SSL support + + openldap.c:841:52: error: unused parameter ‘data’ [-Werror=unused-parameter] + + Closes #8367 + +- [Samuel Henrique brought this change] + + CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" + + Found when packaging 7.81.0 for Debian. + + Closes #8364 + +- netware: remove support + + There are no current users and no Netware related changes done in the + code for over 13 years is a clear sign this is abandoned. + + Closes #8358 + +- CI: move two jobs from Zuul to Circle CI + + - openssl-no-verbose + - openssl-no-proxy + + Closes #8359 + +- cirlceci: also run a c-ares job on arm with debug enabled + + Closes #8357 + +- ci: move the OpenSSL + c-ares job from Zuul to Circle CI + + Closes #8357 + +- mailmap: Jan-Piet Mens + +- [luminixinc on github brought this change] + + multi: remember connection_id before returning connection to pool + + Fix a bug that does not require a new CVE as discussed on hackerone.com. + Previously `connection_id` was accessed after returning connection to + the shared pool. + + Bug: https://hackerone.com/reports/1463013 + Closes #8355 + +Jay Satiro (31 Jan 2022) +- write-out.d: Fix num_headers formatting + +- [Jan-Piet Mens brought this change] + + docs: capitalize the name 'Netscape' + + Closes https://github.com/curl/curl/pull/8354 + +Daniel Stenberg (30 Jan 2022) +- RELEASE-NOTES: synced + +- [Antoine Pietri brought this change] + + docs: grammar proofread, typo fixes + + (Partially automated) proofread of most of the documentation, leading to + various typo fixes. + + Closes #8353 + +- urldata: CONN_IS_PROXIED replaces bits.close when proxy can be disabled + + To remove run-time checks for such builds. + + Closes #8350 + +- setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds + + Closes #8350 + +- conncache: make conncache_add_bundle return the pointer + + Simplifies the logic a little and avoids a ternary operator. + + Ref: #8346 + Closes #8349 + +- mailmap: neutric on github + +Jay Satiro (30 Jan 2022) +- [neutric on github brought this change] + + docs/TheArtOfHttpScripting: fix example POST URL + + Closes https://github.com/curl/curl/pull/8352 + +Daniel Stenberg (28 Jan 2022) +- nss: handshake callback during shutdown has no conn->bundle + + The callback gets called because of the call to PR_Recv() done to + attempt to avoid RST on the TCP connection. The conn->bundle pointer is + already cleared at this point so avoid dereferencing it. + + Reported-by: Eric Musser + Fixes #8341 + Closes #8342 + +- [Michał Antoniak brought this change] + + mbedtls: remove #include <mbedtls/certs.h> + + mbedtls/certs.h file contains only certificates example (all definitions + is beginning by mbedtls_test_*). None of them is used so we can avoid + include the file. + + Closes #8343 + +- [Michał Antoniak brought this change] + + mbedtls: enable use of mbedtls without CRL support + + Closes #8344 + +- [Bernhard Walle brought this change] + + configure: set CURL_LIBRARY_PATH for nghttp2 + + To execute the test program, we might need the library path so that the + lib is found at runtime. + + Closes #8340 + +Jay Satiro (28 Jan 2022) +- schannel: restore debug message in schannel_connect_step2 + + This is a follow-up to recent commit 2218c3a which removed the debug + message to avoid an unused variable warning. The message has been + reworked to avoid the warning. + + Ref: https://github.com/curl/curl/pull/8320#issuecomment-1022957904 + + Closes https://github.com/curl/curl/pull/8336 + +- test3021: disable all msys2 path transformation + + - Disable all MSYS2 path transformation in test3021 and test3022. + + Prior to this change path transformation in those tests was disabled + only for arguments that start with forward slashes. However arguments + that are in base64 contain forward slashes at any position and caused + unwanted translations. + + == Info: Denied establishing ssh session: mismatch sha256 fingerprint. + Remote +/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw= is not equal to + +C:/msys64/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw + + In the above example an argument containing a base64 sha256 fingerprint + was passed to curl after MSYS2 translated +/ into +C:/msys64/, and then + the fingerprint didn't match what was expected. + + Ref: https://www.msys2.org/wiki/Porting/ + + Fixes https://github.com/curl/curl/issues/8084 + Closes https://github.com/curl/curl/pull/8325 + +Daniel Stenberg (27 Jan 2022) +- CI: move scan-build job from Zuul to Azure Pipelines + + Closes #8338 + +Marcel Raad (27 Jan 2022) +- openssl: fix `ctx_option_t` for OpenSSL v3+ + + The options have been changed to `uint64_t` in + https://github.com/openssl/openssl/commit/56bd17830f2d5855b533d923d4e0649d3ed61d11. + + Closes https://github.com/curl/curl/pull/8331 + +Daniel Stenberg (27 Jan 2022) +- CI: move 'distcheck' job from zuul to azure pipelines + + Assisted-by: Kushal Das + + Closes #8334 + +- vtls: pass on the right SNI name + + The TLS backends convert the host name to SNI name and need to use that. + This involves cutting off any trailing dot and lowercasing. + + Co-authored-by: Jay Satiro + Closes #8320 + +- url: revert the removal of trailing dot from host name + + Reverts 5de8d84098db1bd24e (May 2014, shipped in 7.37.0) and the + follow-up changes done afterward. + + Keep the dot in names for everything except the SNI to make curl behave + more similar to current browsers. This means 'name' and 'name.' send the + same SNI for different 'Host:' headers. + + Updated test 1322 accordingly + + Fixes #8290 + Reported-by: Charles Cazabon + Closes #8320 + +- [neutric on github brought this change] + + docs/TheArtOfHttpScripting: fix capitalization + + Closes #8333 + +- tests/memanalyze.pl: also count and show "total allocations" + + This is the total number of bytes allocated, increasing for new + allocations and never reduced when freed. The existing "Maximum + allocated" is the high water mark. + + Closes #8330 + +- mailmap: spellfix githuh => github + +- RELEASE-NOTES: synced + +- hostcheck: fixed to not touch used input strings + + Avoids the need to clone the strings before check, thus avoiding + mallocs, which for cases where there are many SAN names in a cert could + end up numerous. + + Closes #8321 + +- ngtcp2: adapt to changed end of headers callback proto + + Closes #8322 + +- [Xiaoke Wang brought this change] + + openssl: check SSL_get_ex_data to prevent potential NULL dereference + + Closes #8268 + +Jay Satiro (23 Jan 2022) +- md5: check md5_init_func return value + + Prior to this change the md5_init_func (my_md5_init) return value was + ignored. + + Closes https://github.com/curl/curl/pull/8319 + +- md5: refactor for standard compliance + + - Wrap OpenSSL / wolfSSL MD5 functions instead of taking their function + addresses during static initialization. + + Depending on how curl was built the old way may have used a dllimport + function address during static initialization, which is not standard + compliant, resulting in Visual Studio warning C4232 (nonstandard + extension). Instead the function pointers now point to the wrappers + which call the MD5 functions. + + This change only affects OpenSSL and wolfSSL because calls to other SSL + libraries' md5 functions were already wrapped. Also sha256.c already + does this for all SSL libraries. + + Ref: https://github.com/curl/curl/pull/8298 + + Closes https://github.com/curl/curl/pull/8318 + +Daniel Stenberg (21 Jan 2022) +- [Lucas Pardue brought this change] + + docs: update IETF links to use datatracker + + The tools.ietf.org domain has been deprecated a while now, with the + links being redirected to datatracker.ietf.org. + + Rather than make people eat that redirect time, this change switches the + URL to a more canonical source. + + Closes #8317 + +- [Harry Sarson brought this change] + + CI: test building wolfssl with --enable-opensslextra + + Closes #8315 + +- [Harry Sarson brought this change] + + misc: allow curl to build with wolfssl --enable-opensslextra + + put all #include of openssl files behind wolfssl ifdefs so that we can + use the wolfssl/ prefixed include paths. Without these curl only builds + when wolfssl is built with enable-all. + + Fixes #8292 + Closes #8315 + +- [Lucas Pardue brought this change] + + quiche: change qlog file extension to `.sqlog` + + quiche has just switched it's qlog serialization format to JSON-SEQ by + default . The spec says this SHOULD use `.sqlog` extension. + + I believe ngtcp2 also supports JSON-SEQ by default as of + https://github.com/ngtcp2/ngtcp2/commit/9baf06fc3f352a1d062b6953ae1de22cae30639d + + Let's update curl so that tools know what format we are using! + + Closes #8316 + +Jay Satiro (21 Jan 2022) +- projects: Fix Visual Studio wolfSSL configurations + + - Change build-wolfssl.bat to disable SSLv3, enable TLSv1.3, enable + wolfSSL_DES_ecb_encrypt (needed by NTLM) and enable alt cert chains. + + - Disable warning C4214 'bit field types other than int'. + + - Add include directory wolfssl\wolfssl. + + wolfSSL offers OpenSSL API compatibility that libcurl uses, and some + recent change in libcurl included an include file for wolfSSL like + openssl/foo.h, which has a path like wolfssl\wolfssl\openssl\foo.h. + + The include directory issue was reported in #8292 but it's currently + unclear whether this type of change is needed for other build systems. + + Bug: https://github.com/curl/curl/issues/8292 + Reported-by: Harry Sarson + + Closes https://github.com/curl/curl/pull/8298 + +Daniel Stenberg (21 Jan 2022) +- openssl: return error if TLS 1.3 is requested when not supported + + Previously curl would just silently ignore it if the necessary defines + are not present at build-time. + + Reported-by: Stefan Eissing + Fixes #8309 + Closes #8310 + +- TODO: Passing NOTIFY option to CURLOPT_MAIL_RCPT + + Closes #8232 + +- [Philip H brought this change] + + workflows/wolfssl: install impacket + + needed Python Package for SMB tests + + Closes #8307 + +- url: make Curl_disconnect return void + + 1. The function would only ever return CURLE_OK anyway + 2. Only one caller actually used the return code + 3. Most callers did (void)Curl_disconnect() + + Closes #8303 + +- docs: document HTTP/2 not insisting on TLS 1.2 + + Both for --http2 and CURLOPT_HTTP_VERSION. + + Reported-by: jhoyla on github + Fixes #8235 + Closes #8300 + +- cmdline-opts/gen.pl: fix option matching to improve references + + Previously it could mistakenly match partial names when there are + options that start with the same prefix, leading to the wrong references + used. + + Closes #8299 + +- TODO: Less memory massaging with Schannel + +- [Patrick Monnerat brought this change] + + runtests.pl: disable debuginfod + + Valgrind and gdb implement this feature: as this highly slows down tests, + disable it. + + Closes #8291 + +- RELEASE-NOTES: synced + +- CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples + + ... to not call libcurl recursively back. + + Closes #8286 + +- multi: set in_callback for multi interface callbacks + + This makes most libcurl functions return error if called from within a + callback using the same multi handle. For example timer or socket + callbacks calling curl_multi_socket_action. + + Reported-by: updatede on github + Fixes #8282 + Closes #8286 + +- docs/HISTORY.md: mention alt-svc and HSTS + +- misc: remove the final watcom references + + Follow-up to bbf8cae44dedc495e6 + + We removed support for the watcom builds files back in September + 2020. This removes all remaining watcom references and ifdefs. + + Closes #8287 + +- misc: remove BeOS code and references + + There has not been a mention of this OS in any commit since December + 2004 (58f4af7973e3d2). The OS is also long gone. + + Closes #8288 + +- tool_getparam: DNS options that need c-ares now fail without it + + Just silently accepting the options and then not having any effect is + not good. + + Ref: #8283 + Closes #8285 + +- curl: remove "separators" (when using globbed URLs) + + Unless muted (with -s) When doing globbing, curl would output mime-like + separators between the separate transfers. This is not documented + anywhere, surprises users and clobbers the output. Gone now. + + Updated test 18 and 1235 + + Reported-by: jonny112 on github + Bug: https://github.com/curl/curl/discussions/8257 + Closes #8278 + +Jay Satiro (15 Jan 2022) +- [Niels Martignène brought this change] + + mbedtls: fix CURLOPT_SSLCERT_BLOB (again) + + - Increase the buffer length passed to mbedtls_x509_crt_parse to account + for the null byte appended to the temporary blob. + + Follow-up to 867ad1c which uses a null terminated copy of the + certificate blob, because mbedtls_x509_crt_parse requires PEM data + to be null terminated. + + Ref: https://github.com/curl/curl/commit/867ad1c#r63439893 + Ref: https://github.com/curl/curl/pull/8146 + + Closes https://github.com/curl/curl/pull/8260 + +Daniel Stenberg (15 Jan 2022) +- [Alessandro Ghedini brought this change] + + quiche: verify the server cert on connect + + Similarly to c148f0f551f9bea0e3d0, make quiche correctly acknowledge + `CURLOPT_SSL_VERIFYPEER` and `CURLOPT_SSL_VERIFYHOST`. + + Fixes #8173 + Closes #8275 + +- [Ikko Ashimine brought this change] + + checksrc: fix typo in comment + + enfore -> enforce + + Closes #8281 + +- curl-openssl: remove the OpenSSL headers and library versions check + + It is more work to maintain that check than the (any?) benefit it + brings. + + Fixes #8279 + Reported-by: Satadru Pramanik + Closes #8280 + +- mqtt: free any leftover when done + + Oss-fuzz found an issue when the "sendleftovers" pointer could leak memory. + Fix this by always freeing it (if still assigned) in the done function. + + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515 + Closes #8274 + +- formdata: avoid size_t => long typecast overflows + + Typically a problem for platforms with 32 bit long and 64 bit size_t + + Reported-by: Fabian Yamaguchi + Bug: https://hackerone.com/reports/1444539 + Closes #8272 + +- RELEASE-NOTES: synced + + bump next release to become 7.82.0 + +Marcel Raad (13 Jan 2022) +- build: enable -Warith-conversion + + This makes the behavior consistent between GCC 10 and earlier versions. + + Closes https://github.com/curl/curl/pull/8271 + +- build: fix -Wenum-conversion handling + + Don't enable that warning when warnings are disabled. + Also add it to CMake. + + Closes https://github.com/curl/curl/pull/8271 + +- appveyor: use VS 2017 image for the autotools builds + + The newer images don't have all required MSYS2 packages. + + Fixes https://github.com/curl/curl/issues/8248 + Closes https://github.com/curl/curl/pull/8265 + +- appveyor: update images from VS 2019 to 2022 + + Closes https://github.com/curl/curl/pull/8265 + +Daniel Stenberg (12 Jan 2022) +- [Michał Antoniak brought this change] + + mbedtls: return CURLcode result instead of a mbedtls error code + + ... when a certificate fails to be loaded from a blob + + Closes #8266 + +- curl_multi_socket.3: remove callback and typical usage descriptions + + 1. The callback is better described in the option for setting it. Having + it in a single place reduces the risk that one of them is wrong. + + 2. The "typical usage" is wrong since the functions described in this + man page are both deprecated so they cannot be used in any "typical" way + anymore. + + Closes #8262 + +- curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE + + Mostly reverts ba0657c343f, but now instead just run the plain macro on + darwin. The approach as used on other platforms is simply not necessary + on macOS. + + Fixes #8229 + Reported-by: Ryan Schmidt + Closes #8247 + +- [Patrick Monnerat brought this change] + + openldap: implement SASL authentication + + As credentials can be quite different depending on the mechanism used, + there are no default mechanisms for LDAP and simple bind with a DN is + then used. + + The caller has to provide mechanism(s) using CURLOPT_LOGIN_OPTIONS to + enable SASL authentication and disable simple bind. + + Closes #8152 + +Jay Satiro (10 Jan 2022) +- [Cameron Will brought this change] + + CURLOPT_RESOLVE.3: change example port to 443 + + 83cc966 changed documentation from using http to https. However, + CURLOPT_RESOLVE being set to port 80 in the documentation means that it + isn't valid for the new URL. Update to 443. + + Closes https://github.com/curl/curl/pull/8258 + +Daniel Stenberg (10 Jan 2022) +- [Fabian Keil brought this change] + + test374: gif data without new line at the end + + Closes #8239 + +- [Fabian Keil brought this change] + + runtests.pl: support the nonewline attribute for the data part + + Added to FILEFORMAT + + Closes #8239 + +- [Patrick Monnerat brought this change] + + curl tool: erase some more sensitive command line arguments + + As the ps command may reveal sensitive command line info, obfuscate + options --tlsuser, --tlspasswd, --proxy-tlsuser, --proxy-tlspassword and + --oauth2-bearer arguments. + + Reported-by: Stephen Boost <s.booth@epcc.ed.ac.uk> + + Closes #7964 + +- mesalink: remove support + + Mesalink has ceased development. We can no longer encourage use of it. + It seems to be continued under the name TabbySSL, but no attempts have + (yet) been to make curl support it. + + Fixes #8188 + Closes #8191 + +- ldap: return CURLE_URL_MALFORMAT for bad URL + + For consistency, use the same return code for URL malformats, + independently of what scheme that is used. Previously this would return + CURLE_LDAP_INVALID_URL, but starting now that error cannot be returned. + + Closes #8170 + +- docs/cmdline-opts: add "mutexed" options for more http versions + + Update four http version man page sections. + + Closes #8254 + +- [Stephen M. Coakley brought this change] + + rustls: add CURLOPT_CAINFO_BLOB support + + Add support for `CURLOPT_CAINFO_BLOB` `CURLOPT_PROXY_CAINFO_BLOB` to the + rustls TLS backend. Multiple certificates in a single PEM string are + supported just like OpenSSL does with this option. + + This is compatible at least with rustls-ffi 0.8+ which is our new + minimum version anyway. + + I was able to build and run this on Windows, pulling trusted certs from + the system and then add them to rustls by setting + `CURLOPT_CAINFO_BLOB`. Handy! + + Closes #8255 + +- scripts/copyright.pl: ignore missing files + +- RELEASE-NOTES: synced + +- data/DISABLED: disable test 313 for wolfssl builds + + It was previously disabled only in the CI jobs yaml + + Closes #8252 + +- runtests: make 'wolfssl' a testable feature + + Closes #8252 + +- GHA: install stunnel in the medbtls + wolfssl CI jobs + + Closes #8252 + +- CI: move the rustls CI job to GHA from Zuul + + Closes #8251 + +- DISABLE: disable a dozen tests in the rustls build + + Disables tests that don't yet work with the rustls backend. + + Fixes #8004 + Closes #8250 + +- runtests: make 'rustls' a testable feature + +- remote-header-name.d: clarify + + - it strips off the path from the server provided name + - it saves in current directory or --output-dir + + Ref: https://curl.se/mail/archive-2022-01/0032.html + Closes #8249 + +- url: given a user in the URL, find pwd for that user in netrc + + Add test 380 and 381 to verify, edited test 133 + + Reported-by: Manfred Schwarb + Fixes #8241 + Closes #8243 + +- [Niels Martignène brought this change] + + mbedtls: Fix ssl_init error with mbedTLS 3.1.0+ + + Since mbedTLS 3.1.0, mbedtls_ssl_setup() fails if the provided + config struct is not valid. + + mbedtls_ssl_config_defaults() needs to be called before the config + struct is passed to mbedtls_ssl_setup(). + + Closes #8238 + +- [Filip Lundgren brought this change] + + cmake: fix iOS CMake project generation error + + Closes #8244 + +- ngtcp2: fix declaration of ‘result’ shadows a previous local + + Follow-up to 8fbd6feddfa587cfd3 + + Closes #8245 + +- openssl.h: avoid including OpenSSL headers here + + ... by instead using the struct version of the typedef'ed pointer. To + fix build errors when both Schannel and OpenSSL are enabled. + + Fixes #8240 + Reported-by: Jan Ehrhardt + Closes #8246 + +- curl_url_set.3: mention when CURLU_ALLOW_SPACE was added + +- tool_findfile: free mem properly + + Follow-up to 764e4f066d5 + + Closes #8242 + +- tool_findfile: check ~/.config/curlrc too + + ... after the initial checks for .curlrc and if XDG_CONFIG_HOME is not + set, use $HOME and $CURL_HOME to check if ~/.config/curlrc is present. + + Add test 436 to verify + + Reported-by: Sandro Jaeckel + Fixes #8208 + Closes #8213 + +- runtests: allow client/file to specify multiple directories + + ... and make sure to mkdir them all + +- scripts/copyright.pl: support many provided file names on the cmdline + +- [Fabian Keil brought this change] + + tests/FILEFORMAT.md: fix typo + +- [Fabian Keil brought this change] + + Add test373: multiple chunks with binary zeros + +- [Fabian Keil brought this change] + + Add test372: binary zero in data element + +- [Fabian Keil brought this change] + + tests/server/getpart.c: properly deal with binary data containing NUL bytes + +- [Fabian Keil brought this change] + + runtests.pl: properly print the test if it contains binary zeros + +- mailmap: Xiaoke Wang + +- openssl: copyright year update + + Follow-up to 30aea2b1ede + +- scripts/copyright.pl: hush unless -v (for verbose) is used + +- [Xiaoke Wang brought this change] + + openssl: check the return value of BIO_new_mem_buf() + + Closes #8233 + +- examples/multi-app.c: call curl_multi_remove_handle as well + + Fixes #8234 + Reported-by: Melroy van den Berg + Closes #8236 + +- COPYING: bump copyright year range + +- RELEASE-NOTES: synced + + and bump curlver after release + +- docs: fix mandoc -T lint formatting complaints + + Closes #8228 + +- next.d. remove .fi/.nf as they are handled by gen.pl + + Closes #8228 + +- gen.pl: terminate "example" sections better + + If the example (section that is prefixed with spaces) ends the + description gen.pl would previously miss to output the terminating .fi + + Closes #8228 + +- [Satadru Pramanik brought this change] + + curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval + + $$ usage in a m4 file introduces the PID in linux. + Instead, just duplicate previous working code with a case switch. + + Fixes #8229 + Closes #8230 + Version 7.81.0 (5 Jan 2022) Daniel Stenberg (5 Jan 2022) @@ -457,7 +4185,7 @@ Daniel Stenberg (13 Dec 2021) Closes #8137 -- [x2018 brought this change] +- [Xiaoke Wang brought this change] sha256/md5: return errors when init fails @@ -761,7 +4489,7 @@ Jay Satiro (2 Dec 2021) Prior to this change the fingerprint was mistakenly printed in binary. Daniel Stenberg (1 Dec 2021) -- [x2018 brought this change] +- [Xiaoke Wang brought this change] openssl: check the return value of BIO_new() @@ -1698,7 +5426,7 @@ Daniel Stenberg (29 Oct 2021) Closes #7885 -- [x2018 brought this change] +- [Xiaoke Wang brought this change] url: check the return value of curl_url() @@ -3761,4180 +7489,3 @@ Daniel Stenberg (23 Aug 2021) Reported-by: Randall S. Becker Fixes #7606 Closes #7608 - -Jay Satiro (22 Aug 2021) -- mksymbolsmanpage.pl: Fix showing symbol's last used version - - Prior to this change the symbol's deprecated version was erroneously - shown as its last used version. - - Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509 - Reported-by: i-ky@users.noreply.github.com - -Daniel Stenberg (21 Aug 2021) -- mksymbolsmanpage.pl: match symbols case insenitively - - Follow-up to 4e53b9430c750 which made this bug show. - - Reported-by: i-ky - Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253 - Closes #7607 - -- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results - - As this leaks memory otherwise - - Follow-up to ba904db0705c931 - - Closes #7599 - -- [Ehren Bendler brought this change] - - wolfssl: clean up wolfcrypt error queue - - If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error - queue gets added on to for each session and never freed. Fix it by - calling ERR_clear_error() like in vtls/openssl when needed. This func is - a no-op in wolfcrypt if the error queue is not enabled. - - Closes #7594 - -- man pages: remove trailing whitespaces - - Extended test 1173 (via the manpage-syntax.pl script) to detect and warn - for them. - - Ref: #7602 - Reported-by: a1346054 on github - Closes #7604 - -- mailmap: add Gleb Ivanovsky - -- config.d: escape the backslash properly - - Closes #7603 - -- [Don J Olmstead brought this change] - - curl_setup.h: sync values for HTTP_ONLY - - The values for HTTP_ONLY differed between CMakeLists.txt and - curl_setup.h. Sync them and sort the values in curl_setup.h to make it - easier to spot differences. - - Closes #7601 - -Jay Satiro (21 Aug 2021) -- configure: set classic mingw minimum OS version to XP - - - If the user has not specified a minimum OS version (via WINVER or - _WIN32_WINNT macros) then set it to Windows XP. - - Prior to this change classic MinGW defaulted the minimum OS version - to Windows NT 4.0 which is way too old. At least Windows XP is needed - for getaddrinfo (which resolves hostnames to IPv6 addresses). - - Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034 - - Closes https://github.com/curl/curl/pull/7581 - -- schannel: Work around typo in classic mingw macro - - - Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH. - - Prior to this change there was an incomplete fix to ignore the - CALG_TLS1PRF macro on those versions of MinGW where it uses the - ALG_CLASS_DHASH typoed macro. - - Ref: 48cf45c - Ref: https://osdn.net/projects/mingw/ticket/38391 - Ref: https://github.com/curl/curl/issues/2924 - - Closes https://github.com/curl/curl/pull/7580 - -Daniel Stenberg (20 Aug 2021) -- RELEASE-NOTES: synced - -- http_proxy: fix user-agent and custom headers for CONNECT with hyper - - Enable test 287 - - Closes #7598 - -- c-hyper: initial support for "dumping" 1xx HTTP responses - - With the use hyper_request_on_informational() - - Enable test 155 and 158 - - Closes #7597 - -Marc Hoersken (18 Aug 2021) -- tests/*server.pl: flush output before executing subprocess - - Also avoid shell processes staying around by using exec. - This is necessary to avoid output data being buffering - inside the process chain of Perl, Bash/Shell and our - test server binaries. On non-Windows systems the exec - will also make the subprocess replace the intermediate - shell, but on Windows it will at least bind the processes - together since there is no real fork or exec available. - - See: https://cygwin.com/cygwin-ug-net/highlights.html - and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions - Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010 - - Reviewed-by: Daniel Stenberg - Reviewed-by: Jay Satiro - Closes #7530 - -- CI: use GitHub Container Registry instead of Docker Hub - - Avoid limits on Docker Hub and improve image pull/download speed. - - Closes #7587 - -Daniel Stenberg (18 Aug 2021) -- openssl: when creating a new context, there cannot be an old one - - Remove the previous handling that would call SSL_CTX_free(), and instead - add an assert that halts a debug build if there ever is a context - already set at this point. - - Closes #7585 - -Jay Satiro (18 Aug 2021) -- KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend - - Closes https://github.com/curl/curl/issues/6785 - -Viktor Szakats (17 Aug 2021) -- docs/BINDINGS: URL update - -Marc Hoersken (17 Aug 2021) -- tests/server/*.c: align handling of portfile argument and file - - 1. Call the internal variable portname (like pidname) everywhere. - 2. Have a variable wroteportfile (like wrotepidfile) everywhere. - 3. Make sure the file is cleaned up on exit (like pidfile). - 4. Add parameter --portfile to usage outputs everywhere. - - Reviewed-by: Daniel Stenberg - - Replaces #7523 - Closes #7574 - -Daniel Gustafsson (17 Aug 2021) -- KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS - - Fixes a set of typos found in section 11.3. - -Daniel Stenberg (17 Aug 2021) -- getparameter: fix the --local-port number parser - - It could previously get tricked into parsing the uninitialized stack - based buffer. - - Reported-by: Brian Carpenter - Closes #7582 - -- KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit - - Closes #7048 - -- [Jan Verbeek brought this change] - - curl: add warning for ignored data after quoted form parameter - - In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc` - is ignored. This adds a warning if the ignored data isn't all - whitespace. - - Closes #7394 - -Jay Satiro (17 Aug 2021) -- codeql: fix error "Resource not accessible by integration" - - - Enable codeql writing security-events. - - GitHub set the default permissions to read, apparently since earlier - this year. - - Ref: https://github.com/github/codeql-action/issues/464 - Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ - - Fixes https://github.com/curl/curl/issues/7575 - Closes https://github.com/curl/curl/pull/7576 - -- tool_operate: Fix --fail-early with parallel transfers - - - Abort via progress callback to fail early during parallel transfers. - - When a critical error occurs during a transfer (eg --fail-early - constraint) then other running transfers will be aborted via progress - callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this - case, the callback error does not become the most recent error and a - custom error message is used for those transfers: - - curld --fail --fail-early --parallel - https://httpbin.org/status/404 https://httpbin.org/delay/10 - - curl: (22) The requested URL returned error: 404 - curl: (42) Transfer aborted due to critical error in another transfer - - > echo %ERRORLEVEL% - 22 - - Fixes https://github.com/curl/curl/issues/6939 - Closes https://github.com/curl/curl/pull/6984 - -Daniel Stenberg (17 Aug 2021) -- [Sergey Markelov brought this change] - - sectransp: support CURLINFO_CERTINFO - - Fixes #4130 - Closes #7372 - -- ngtcp2: remove the acked_crypto_offset struct field init - - ... as it is gone from the API upstream. - - Closes #7578 - -- misc: update incorrect copyright year ranges - - Closes #7577 - -- KNOWN_BUGS: HTTP/3 quiche upload large file fails - - Closes #7532 - -- KNOWN_BUGS: CMake build with MIT Kerberos does not work - - Closes #6904 - -- TODO: add asynch getaddrinfo support - - Closes #6746 - -- RELEASE-NOTES: synced - -- [Artur Sinila brought this change] - - http2: revert call the handle-closed function correctly on closed stream - - Reverts 252790c5335a221 - - Assisted-by: Gergely Nagy - Fixes #7400 - Closes #7525 - -- [Patrick Monnerat brought this change] - - auth: do not append zero-terminator to authorisation id in kerberos - - RFC4752 Section 3.1 states "The authorization identity is not terminated - with a zero-valued (%x00) octet". Although a comment in code said it may - be needed anyway, nothing confirms it. In addition, servers may consider - it as part of the identity, causing a failure. - - Closes #7008 - -- [Patrick Monnerat brought this change] - - auth: use sasl authzid option in kerberos - - ... instead of deriving it from active ticket. - Closes #7008 - -- [Patrick Monnerat brought this change] - - auth: we do not support a security layer after kerberos authentication - - Closes #7008 - -- [Patrick Monnerat brought this change] - - auth: properly handle byte order in kerberos security message - - Closes #7008 - -- [z2_ brought this change] - - x509asn1: fix heap over-read when parsing x509 certificates - - Assisted-by: Patrick Monnerat - Closes #7536 - -- KNOWN_BUGS: Disconnects don't do verbose - - Closes #6995 - -- mailmap: fixup Michał Antoniak - -- [Michał Antoniak brought this change] - - build: fix compiler warnings - - For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both - active. - - - socks.c : warning C4100: 'lineno': unreferenced formal parameter - (co-authored by Daniel Stenberg) - - - mbedtls.c: warning C4189: 'port': local variable is initialized but - not referenced - - - schannel.c: warning C4189: 'hostname': local variable is initialized - but not referenced - - Cloes #7528 - -- [Gleb Ivanovsky brought this change] - - CODE_STYLE-md: fix bold font style - - Markdown gets confused with abundance of asterisks, so use underscores - instead. - - Reviewed-by: Daniel Gustafsson - Closes #7569 - -- [Gleb Ivanovsky brought this change] - - CODE_STYLE-md: add missing comma - - Reviewed-by: Daniel Gustafsson - Closes #7570 - -- [Daniel Gustafsson brought this change] - - examples/ephiperfifo.c: simplify signal handler - - The signal handler registered for SIGINT is only handling SIGINT - so there isn't much need for inspecting the signo. While there, - rename the handler to be more specific. - - g_should_exit should really be of sig_atomic_t type, but relying - on autoconf in the examples seems like a bad idea so keep that - for now. - - Reviewed-by: Daniel Stenberg - Closes #7310 - -- c-hyper: initial step for 100-continue support - - Enabled test 154 - - Closes #7568 - -- [Ikko Ashimine brought this change] - - vtls: fix typo in schannel_verify.c - - occurence -> occurrence - - Closes #7566 - -- [Emil Engler brought this change] - - curl_url_get.3: clarify about path and query - - The current man-page lacks some details regarding the obtained path and - query. - - Closes #7563 - -- c-hyper: fix header value passed to debug callback - - Closes #7567 - -Viktor Szakats (12 Aug 2021) -- cleanup: URL updates - - - replace broken URL with the one it was most probably pointing to - when added (lib/tftp.c) - - replace broken URL with archive.org link (lib/curl_ntlm_wb.c) - - delete unnecessary protocol designator from archive.org URL - (docs/BINDINGS.md) - - Closes #7562 - -Daniel Stenberg (12 Aug 2021) -- [April King brought this change] - - DEPRECATE.md: linkify curl-library mailing list - - Closes #7561 - -- [Barry Pollard brought this change] - - output.d: add method to suppress response bodies - - Closes #7560 - -- TODO: remove 'c-ares deviates on http://1346569778' - - Fixed since 56a037cc0ad1b2 (7.77.0) - -- [Colin O'Dell brought this change] - - BINDINGS.md: update links to use https where available - - Closes #7558 - -- asyn-ares.c: move all version number checks to the top - - ... and use #ifdef [feature] in the code as per our guidelines. - -- ares: use ares_getaddrinfo() - - ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced - in version 1.16.0. - - With older c-ares versions, curl invokes ares_gethostbyname() twice - once for - IPv4 and once for IPv6 to resolve both addresses, and then combines the - returned results. - - Reported-by: jjandesmet - Fixes #7364 - Closes #7552 - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: utilize crypto API functions to simplify - - Closes #7551 - -- [megatronking brought this change] - - ngtcp2: reset the oustanding send buffer again when drained - - Closes #7538 - -Michael Kaufmann (10 Aug 2021) -- progress: fix a compile warning on some systems - - lib/progress.c:380:40: warning: conversion to 'long double' from - 'curl_off_t {aka long long int}' may alter its value [-Wconversion] - - Closes #7549 - -Daniel Stenberg (10 Aug 2021) -- RELEASE-NOTES: synced - -- http: consider cookies over localhost to be secure - - Updated test31. - Added test 392 to verify secure cookies used for http://localhost - - Reviewed-by: Daniel Gustafsson - Fixes #6733 - Closes #7263 - -- TODO: erase secrets from heap/stack after use - - Closes #7268 - -Jay Satiro (10 Aug 2021) -- hostip: Make Curl_ipv6works function independent of getaddrinfo - - - Do not assume IPv6 is not working when getaddrinfo is not present. - - The check to see if IPv6 actually works is now independent of whether - there is any resolver that can potentially resolve a hostname to IPv6. - - Prior to this change if getaddrinfo() was not found at compile time then - Curl_ipv6works() would be defined as a macro that returns FALSE. - - When getaddrinfo is not found then libcurl is built with CURLRES_IPV4 - defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups - in the traditional way. With this commit if libcurl is built with IPv6 - support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the - IPv6 stack is actually working, then it is possible for libcurl to - resolve IPv6 addresses by using DoH. - - Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378 - - Closes https://github.com/curl/curl/pull/7529 - -- test1565: fix windows build errors - - - Use our wait_ms() instead of sleep() since Windows doesn't have the - latter. - - - Use a separate variable to keep track of whether the pthread_t thread - id is valid. - - On Windows pthread_t is not an integer type. pthread offers no macro for - invalid pthread_t thread id, so validity is kept track of separately. - - Closes https://github.com/curl/curl/pull/7527 - -- [Jeremy Falcon brought this change] - - winbuild/README.md: clarify GEN_PDB option - - - Document that GEN_PDB option creates an external database. - - Ref: https://github.com/curl/curl/issues/7502 - -Daniel Stenberg (9 Aug 2021) -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read - - Closes #7546 - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream - - Rework the return value handling of ngtcp2_conn_writev_stream and treat - NGTCP2_ERR_STREAM_SHUT_WR separately. - - Closes #7546 - -- configure: error out if both ngtcp2 and quiche are specified - - Reported-by: Vincent Grande - See #7539 - Closes #7545 - -- [Jeff Mears brought this change] - - easy: use a custom implementation of wcsdup on Windows - - ... so that malloc/free overrides from curl_global_init are used for - wcsdup correctly. - - Closes #7540 - -- zuul: add an mbedtls3 CI job - - Closes #7544 - -- [Benau brought this change] - - mbedTLS: initial 3.0.0 support - - Closes #7428 - -- RELEASE-NOTES: synced - -- configure.ac: revert bad nghttp2 library detection improvements - - This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b. - - The logic is now back to assuming that the nghttp2 lib is called nghttp2 and - nothing else. - - Reported-by: Rui Pinheiro - Reported-by: Alex Crichton - Fixes #7514 - Closes #7515 - -- happy-eyeballs-timeout-ms.d: polish the wording - - Reported-by: Josh Soref - Fixes #7433 - Closes #7542 - -- [modbw brought this change] - - mbedtls_threadlock: fix unused variable warning - - Closes #7393 - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: compile with the latest ngtcp2 and nghttp3 - - Closes #7541 - -Marc Hoersken (31 Jul 2021) -- CI/cirrus: reduce compile time with increased parallism - - Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds. - - Reviewed-by: Daniel Stenberg - Closes #7505 - -Daniel Stenberg (30 Jul 2021) -- [Bin Lan brought this change] - - tool/tests: fix potential year 2038 issues - - The length of 'long' in a 32-bit system is 32 bits, which cannot be used - to save timestamps after 2038. Most operating systems have extended - time_t to 64 bits. - - Remove the castings to long. - - Closes #7466 - -- compressed.d: it's a request, not an order - - Clarified - - Reported-by: Dan Jacobson - Reviewed-by: Daniel Gustafsson - Fixes #7516 - Closes #7517 - -- [Bernhard M. Wiedemann brought this change] - - tests: make three tests pass until 2037 - - after 2038 something in test1915 fails on 32-bit OSes - - Closes #7512 - -Daniel Gustafsson (30 Jul 2021) -- connect: remove superfluous conditional - - Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos, - but the move left a conditional on ai which no longer is needed as - the while loop reevaluation will cover it. - - Closes #7511 - Reviewed-by: Carlo Marcelo Arenas Belón - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Daniel Stenberg (29 Jul 2021) -- RELEASE-NOTES: synced - - and bump curlver to 7.79.0 for next release - -Marc Hoersken (29 Jul 2021) -- tests/*server.py: remove pidfile on server termination - - Avoid pidfile leaking/laying around after server already exited. - - Reviewed-by: Daniel Stenberg - Closes #7506 - -Daniel Gustafsson (27 Jul 2021) -- tool_main: fix typo in comment - - The referred to library is NSPR, so fix the switched around characters. - -Daniel Stenberg (28 Jul 2021) -- [Aleksandr Krotov brought this change] - - bearssl: support CURLOPT_CAINFO_BLOB - - Closes #7468 - -- curl.1: mention "global" flags - - Mention options that are "global". A global command line option is one - that doesn't get reset at --next uses and therefore don't need to be - used again. - - Reported-by: Josh Soref - - Fixes #7457 - Closes #7510 - -- CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited - - Reported-by: Daniel Woelfel - Fixes #7441 - Closes #7509 - -- KNOWN_BUGS: add more HTTP/3 problems - - Closes #7351 - Closes #7339 - Closes #7125 - -Marc Hoersken (27 Jul 2021) -- CI/azure: reduce compile time with increased parallism - - Azure Pipelines CI VMs have 2 CPUs, let's use them. - - Closes #7489 - -Jay Satiro (27 Jul 2021) -- [Josh Soref brought this change] - - docs: fix grammar - - Fixes https://github.com/curl/curl/issues/7444 - Fixes https://github.com/curl/curl/issues/7451 - Fixes https://github.com/curl/curl/issues/7465 - Closes https://github.com/curl/curl/pull/7495 - -- mail-rcpt.d: fix grammar - - Remove confusing sentence that says to specify an e-mail address for - mail transfer, since that's implied. - - Reported-by: Josh Soref - - Fixes https://github.com/curl/curl/issues/7452 - Closes https://github.com/curl/curl/pull/7495 - -Daniel Stenberg (27 Jul 2021) -- c-hyper: remove the hyper_executor_poll() loop from Curl_http - - 1. it's superfluous - 2. it didn't work identically to the Curl_hyper_stream one which could - cause problems like #7486 - - Pointed-out-by: David Cook - Closes #7499 - -- curl-openssl.m4: check lib64 for the pkg-config file - - OpenSSL recently started putting the libs in $prefix/lib64 on 'make - install', so we check that directory for pkg-config data if the 'lib' - check fails. - - Closes #7503 - -- CURLOPT_SSL_CTX_*.3: tidy up the example - - Use the proper code style. Don't store return codes that aren't read. - Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well. - - Closes #7500 - -- example/cookie_interface: fix scan-build printf warning - - Follow-up to 4b79c4fb565 - - Fixes #7497 - Closes #7498 - -- [Josh Soref brought this change] - - limit-rate.d: clarify base unit - - Fixes #7439 - Closes #7494 - -- [Carlo Marcelo Arenas Belón brought this change] - - examples/cookie_interface: avoid printfing time_t directly - - time_t representation is undefined and varies on bitsize and signedness, - and as of C11 could be even non integer. - - instead of casting to unsigned long (which would truncate in systems - with a 32bit long after 2106) use difftime to get the elapsed time as a - double and print that (without decimals) instead. - - alternatively a cast to curl_off_t and its corresponding print - formatting could have been used (at least in POSIX) but portability and - curl agnostic code was prioritized. - - Closes #7490 - -Marc Hoersken (25 Jul 2021) -- tests/servers: remove obsolete pid variable - - Variable is not used since pidfile handling moved to util.[ch] - - Reviewed-by: Jay Satiro - Closes #7482 - -- tests/servers: use our platform-aware pid for server verification - - The pid used for server verification is later stored as pid2 in - the hash of running test servers and therefore used for shutdown. - - The pid used for shutdown must be the platform-aware (Win32) pid - to avoid leaking test servers while running them using Cygwin/msys. - - Reviewed-by: Jay Satiro - Closes #7481 - -- tests/runtests.pl: cleanup copy&paste mistakes and unused code - - Reviewed-by: Jay Satiro - Part of #7481 - -Daniel Stenberg (25 Jul 2021) -- RELEASE-NOTES: synced - - bumped to 7.78.1 for next release - -- http_proxy: clear 'sending' when the outgoing request is sent - - ... so that Curl_connect_getsock() will know how to wait for the socket - to become readable and not writable after the entire CONNECT request has - been issued. - - Regression added in 7.77.0 - - Reported-by: zloi-user on github - Assisted-by: Jay Satiro - Fixes #7155 - Closes #7484 - -Jay Satiro (25 Jul 2021) -- [Josh Soref brought this change] - - openssl: fix grammar - - Closes https://github.com/curl/curl/pull/7480 - -- configure.ac: tweak nghttp2 library name fix again - - - Change extraction to handle multiple library names returned by - pkg-config (eg a possible scenario with pkg-config --static). - - Ref: https://github.com/curl/curl/pull/7472 - - Closes https://github.com/curl/curl/pull/7485 - -Dan Fandrich (23 Jul 2021) -- Get rid of the unused HAVE_SIG_ATOMIC_T et. al. - - It was added in 2006 but I see no evidence it was ever used. - -Jay Satiro (23 Jul 2021) -- docs: change max-filesize caveat again - - - Add protocols field to max-filesize.d. - - - Revert wording on unknown file size caveat and do not discuss specific - protocols in that section. - - Partial revert of ecf0225. All max-filesize options now have the list of - protocols and it's clearer just to have that list without discussing - specific protocols in the caveat. - - Reported-by: Josh Soref - - Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762 - -Daniel Stenberg (22 Jul 2021) -- [Christian Weisgerber brought this change] - - configure: tweak nghttp2 library name fix - - commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by - assuming that LIB_H2 does not have any leading whitespace. At least - OpenBSD's native pkg-config can produce such whitespace, though: - - $ pkg-config --libs-only-l libnghttp2 - -lnghttp2 - - As a result, the configure check for libnghttp2 will erroneously fail. - - Bug: https://curl.se/mail/lib-2021-07/0050.html - Closes #7472 - -- [Bastian Krause brought this change] - - docs/MQTT: update state of username/password support - - PR #7243 implemented username/password support for MQTT, so let's drop - these items from the caveats. - - Signed-off-by: Bastian Krause <bst@pengutronix.de> - - Closes #7474 - -- [Oleg Pudeyev brought this change] - - CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" - - Closes #7470 - -Version 7.78.0 (21 Jul 2021) - -Daniel Stenberg (21 Jul 2021) -- RELEASE-NOTES: synced - - curl 7.78.0 release - -- winbuild/MakefileBuild.vc: bump copyright year - -Jay Satiro (21 Jul 2021) -- docs: mention max-filesize options also apply to MQTT transfers - - Also make it clearer that the caveat 'if the file size is unknown it - the option will have no effect' may apply to protocols other than FTP - and HTTP. - - Reported-by: Josh Soref - - Fixes https://github.com/curl/curl/issues/7453 - -- [Josh Soref brought this change] - - docs/cmdline: fix grammar and typos - -- [Josh Soref brought this change] - - dump-header.d: Drop suggestion to use for cookie storage - - Since --cookie-jar is the preferred way to store cookies, no longer - suggest using --dump-header to do so. - - Co-authored-by: Daniel Stenberg - - Closes https://github.com/curl/curl/issues/7414 - -- [Josh Soref brought this change] - - doc/cmdline: fix grammar and typos - - Closes https://github.com/curl/curl/pull/7454 - Closes https://github.com/curl/curl/pull/7455 - Closes https://github.com/curl/curl/pull/7456 - Closes https://github.com/curl/curl/pull/7459 - Closes https://github.com/curl/curl/pull/7460 - Closes https://github.com/curl/curl/pull/7461 - Closes https://github.com/curl/curl/pull/7462 - Closes https://github.com/curl/curl/pull/7463 - -Daniel Stenberg (20 Jul 2021) -- vtls: fix connection reuse checks for issuer cert and case sensitivity - - CVE-2021-22924 - - Reported-by: Harry Sintonen - Bug: https://curl.se/docs/CVE-2021-22924.html - -- sectransp: check for client certs by name first, then file - - CVE-2021-22926 - - Bug: https://curl.se/docs/CVE-2021-22926.html - - Assisted-by: Daniel Gustafsson - Reported-by: Harry Sintonen - -- telnet: fix option parser to not send uninitialized contents - - CVS-2021-22925 - - Reported-by: Red Hat Product Security - Bug: https://curl.se/docs/CVE-2021-22925.html - -Jay Satiro (20 Jul 2021) -- connect: fix wrong format specifier in connect error string - - 0842175 (not in any release) used the wrong format specifier (long int) - for timediff_t. On an OS such as Windows libcurl's timediff_t (usually - 64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the - upper 32-bits of the timediff_t were erroneously then used by the next - format specifier. Usually since the timeout isn't larger than 32-bits - this would result in null as a pointer to the string with the reason for - the connection failing. On other OSes or maybe other compilers it could - probably result in garbage values (ie crash on deref). - - Before: - Failed to connect to localhost port 12345 after 1201 ms: (nil) - - After: - Failed to connect to localhost port 12345 after 1203 ms: Connection refused - - Closes https://github.com/curl/curl/pull/7449 - -- winbuild: support alternate nghttp2 static lib name - - - Support both nghttp2.lib and nghttp2_static.lib for static nghttp2. - - nghttp2 briefly changed its static lib name to nghttp2_static, but then - made the _static suffix optional. - - Ref: https://github.com/nghttp2/nghttp2/pull/1394 - Ref: https://github.com/nghttp2/nghttp2/pull/1418 - Ref: https://github.com/nghttp2/nghttp2/issues/1466 - - Reported-by: Pierre Yager - - Fixes https://github.com/curl/curl/issues/7446 - Closes https://github.com/curl/curl/pull/7447 - -- [Josh Soref brought this change] - - docs/cmdline: fix grammar and typos - - Closes https://github.com/curl/curl/pull/7432 - Closes https://github.com/curl/curl/pull/7436 - Closes https://github.com/curl/curl/pull/7438 - Closes https://github.com/curl/curl/pull/7440 - Closes https://github.com/curl/curl/pull/7445 - -- [Josh Soref brought this change] - - delegation.d: mention what happens when used multiple times - - Closes https://github.com/curl/curl/pull/7408 - -- [Josh Soref brought this change] - - create-file-mode.d: mention what happens when used multiple times - - Closes https://github.com/curl/curl/pull/7407 - -- [Josh Soref brought this change] - - config.d: split comments and option-per line - - Closes https://github.com/curl/curl/pull/7405 - -Daniel Stenberg (19 Jul 2021) -- misc: copyright year range updates - -- mailmap: add Tobias and Timur - -Daniel Gustafsson (18 Jul 2021) -- [Josh Soref brought this change] - - docs: spell out directories instead of dirs in create-dirs - - Write out directories rather than using the dirs abbrevation. Also - use plural form consistently, even if the code in the end might just - create a single directory. - - Closes #7406 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - Reviewed-by: Daniel Gustafsson <daniel@yesql.se> - -- [Tobias Nyholm brought this change] - - docs: correct spelling errors and a broken link - - Update grammar and spelling in docs and source code comments. - - Closes: #7427 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Marc Hoersken (18 Jul 2021) -- CI/cirrus: install impacket from PyPI instead of FreeBSD packages - - Availability of impacket as FreeBSD package is too flaky. - - Stick to legacy version of cryptography which still - supports OpenSSL version 1.0.2 due to FreeBSD 11. - - Reviewed-by: Daniel Stenberg - - Closes #7418 - -Daniel Stenberg (18 Jul 2021) -- [Josh Soref brought this change] - - docs/cmdline: mention what happens when used multiple times - - For --dns-ipv4-addr, --dns-ipv6-addr and --dns-servers - - Closes #7410 - Closes #7411 - Closes #7412 - -- [Michał Antoniak brought this change] - - lib: fix compiler warnings with CURL_DISABLE_NETRC - - warning C4189: 'netrc_user_changed': local variable is initialized but - not referenced - - warning C4189: 'netrc_passwd_changed': local variable is initialized but - not referenced - - Closes #7423 - -- disable-epsv.d: remove duplicate "(FTP)" - - ... since the tooling adds that to the output based on the "Protocols:" - tag. - -- [Max Zettlmeißl brought this change] - - docs: make the documentation for --etag-save match the program behaviour - - When using curl with the option `--etag-save` I expected it to save the - ETag without its surrounding quotes, as stated by the documentation in - the repository and by the generated man pages. - - My first endeavour was to fix the program, but while investigating the - history of the relevant parts, I discovered that curl once saved the - ETag without the quotes. This was undone by Daniel Stenberg in commit - `98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in - this case the documentation should be adjusted to match the behaviour of - curl. - - The changed save behaviour also made parts of the `--etag-compare` - documentation wrong or superfluous, so I adjusted those accordingly. - - Closes #7429 - -- [Josh Soref brought this change] - - write-out.d: add missing periods - - Closes #7404 - -- [Josie Huddleston brought this change] - - easy: during upkeep, attach Curl_easy to connections in the cache - - During the protocol-specific parts of connection upkeep, some code - assumes that the data->conn pointer already is set correctly. However, - there's currently no guarantee of that in the code. - - This fix temporarily attaches each connection to the Curl_easy object - before performing the protocol-specific connection check on it, in a - similar manner to the connection checking in extract_if_dead(). - - Fixes #7386 - Closes #7387 - Reported-by: Josie Huddleston - -- [Josh Soref brought this change] - - cleanup: spell DoH with a lowercase o - - Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> - - Closes #7413 - -- [Josh Soref brought this change] - - TheArtOfHttpScripting: polish - - - add missing backticks and comma - - - fix proxy description: - - * example proxy isn't local - * locally doesn't really make sense - - Closes #7416 - -- [Josh Soref brought this change] - - form.d: add examples of `,`/`;` for file[name] - - Fixes #7415 - Closes #7417 - -- [Michał Antoniak brought this change] - - mbedtls: Remove unnecessary include - - - curl_setup.h: all references to mbedtls_md4* functions and structures - are in the md4.c. This file already includes the <mbedtls/md4.h> file - along with the file existence control (defined (MBEDTLS_MD4_C)) - - - curl_ntlm_core.c: unnecessary include - repeated below - - Closes #7419 - -- RELEASE-NOTES: synced - -Jay Satiro (16 Jul 2021) -- [User Sg brought this change] - - multi: fix crash in curl_multi_wait / curl_multi_poll - - Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a - VALID_SOCK check to one of the loops through the sockets but not the - other. - - Reported-by: sylgal@users.noreply.github.com - Authored-by: sylgal@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/7379 - Closes https://github.com/curl/curl/pull/7389 - -- [Daniel Gustafsson brought this change] - - tool_help: remove unused define - - The PRINT_LINES_PAUSE macro is no longer used, and has been mostly - cleaned out but one occurrence remained. - - Closes https://github.com/curl/curl/pull/7380 - -- [Sergey Markelov brought this change] - - build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS - - fix compiler warnings about unused variables and parameters when - built with --disable-verbose. - - Closes https://github.com/curl/curl/pull/7377 - -- [Andrea Pappacoda brought this change] - - build: fix IoctlSocket FIONBIO check - - Prior to this change HAVE_IOCTLSOCKET_CAMEL_FIONBIO mistakenly checked - for (lowercase) ioctlsocket when it should have checked for IoctlSocket. - - Closes https://github.com/curl/curl/pull/7375 - -- [Timur Artikov brought this change] - - configure: fix nghttp2 library name for static builds - - Don't hardcode the nghttp2 library name, - because it can vary, be "nghttp2_static" for example. - - Fixes https://github.com/curl/curl/issues/7367 - Closes https://github.com/curl/curl/pull/7368 - -Gisle Vanem (16 Jul 2021) -- [PellesC] fix _lseeki64() macro - -- [SChannel] Use '_tcsncmp()' instead - - Revert previous change for PellesC. - - Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`. - -- [PellesC] missing '_tcsnccmp' - - PellesC compiler does not have this macro in it's `<tchar.h>` - -Daniel Gustafsson (14 Jul 2021) -- TODO: add mention of mbedTLS 3 incompatibilities - - Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible - and curl no longer builds with it. Document the need to fix our support - until so has been done. - - Closes #7390 - Fixes #7385 - Reported-by: Wyatt OʼDay - Reviewed-by: Jay Satiro <raysatiro@yahoo.com> - -- docs: fix inconsistencies in EGDSOCKET documentation - - Only the OpenSSL backend actually use the EGDSOCKET, and also use - TLS consistently rather than mixing SSL and TLS. While there, also - fix a minor spelling nit. - - Closes: #7391 - Reviewed-by: Jay Satiro <raysatiro@yahoo.com> - -- [Борис Верховский brought this change] - - docs: document missing arguments to commands - - This is a followup to commit f410b9e538129e77607fef1 fixing a few - more commands which takes arguments. - - Closes #7382 - Reviewed-by: Daniel Gustafsson <daniel@yesql.se> - -- [Randolf J brought this change] - - docs: fix incorrect argument name reference - - The documentation for the read callback was erroneously referencing - the nitems argument by nmemb. The error was introduced in commit - ce0881edee3c7. - - Closes #7383 - Reviewed-by: Daniel Gustafsson <daniel@yesql.se> - -- [Борис Верховский brought this change] - - tool_help: Document that --tlspassword takes a password - - Closes #7378 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -- scripts: Fix typo in release-notes instructions - - The command to run had a typo in the pathname which prevented copy - pasting it to work, which has annoyed me enough to fix this now. - -- RELEASE-NOTES: synced - -Jay Satiro (10 Jul 2021) -- write-out.d: Clarify urlnum is not unique for de-globbed URLs - - Reported-by: Коваленко Анатолий Викторович - - Fixes https://github.com/curl/curl/issues/7342 - Closes https://github.com/curl/curl/pull/7369 - -Daniel Gustafsson (3 Jul 2021) -- [William Desportes brought this change] - - docs: Fix typos - - Closes: #7370 - Reviewed-by: Daniel Gustafsson <daniel@yesql.se> - -Daniel Stenberg (8 Jul 2021) -- [Jonathan Wernberg brought this change] - - Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" - - The reverted commit introduced a logic error in code that was - correct. - - The client using libcurl would notice the error since FTP file - uploads in active transfer mode would somtimes complete with - success despite no transfer having been performed and the - "uploaded" file thus not being on the remote server afterwards. - - The FTP server would notice the error because it receives a - RST on the data connection it has established with the client - before any data was transferred at all. - - The logic error happens if the STOR response from the server have - arrived by the time ftp_multi_statemach() in the affected code path - is called, but the incoming data connection have not arrived yet. - In that case, the processing of the STOR response will cause - 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment - in the code. Since 'complete' will also be set, later logic would - believe the transfer was done. - - In most cases, the STOR response will not have arrived yet when - the affected code path is executed, or the incoming connection will - also have arrived, and thus the error would not express itself. - But if the speed difference of the device using libcurl and the - FTP server is exactly right, the error may happen as often as in - one out of hundred file transfers. - - This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab. - - Bug: https://curl.se/mail/lib-2021-07/0025.html - Closes #7362 - -- msnprintf: return number of printed characters excluding null byte - - ... even when the output is "capped" by the maximum length argument. - - Clarified in the docs. - - Closes #7361 - -- infof: remove newline from format strings, always append it - - - the data needs to be "line-based" anyway since it's also passed to the - debug callback/application - - - it makes infof() work like failf() and consistency is good - - - there's an assert that triggers on newlines in the format string - - - Also removes a few instances of "..." - - - Removes the code that would append "..." to the end of the data *iff* - it was truncated in infof() - - Closes #7357 - -- examples/multi-single: fix scan-build warning - - warning: Value stored to 'mc' during its initialization is never read - - Follow-up to ae8e11ed5fd2ce - - Closes #7360 - -- wolfssl: failing to set a session id is not reason to error out - - ... as it is *probably* just timed out. - - Reported-by: Francisco Munoz - - Closes #7358 - -- docs/examples: use curl_multi_poll() in multi examples - - The API is soon two years old and deserves being shown as the primary - way to drive multi code as it makes it much easier to write code. - - multi-poll: removed - - multi-legacy: add to show how we did multi API use before - curl_multi_wait/poll. - - Closes #7352 - -- KNOWN_BUGS: flaky Windows CI builds - - Closes #6972 - -- RELEASE-NOTES: synced - -- test1147: hyper doesn't allow "crazy" request headers like built-in - - ... so strip that from the test. - - Closes #7349 - -- c-hyper: bail on too long response headers - - To match with built-in behaviors. Makes test 1154 work. - - Closes #7350 - -- test1151: added missing CRLF to work with hyper - - Closes #7350 - -- c-hyper: add support for transfer-encoding in the request - - Closes #7348 - -- [Andrea Pappacoda brought this change] - - cmake: remove libssh2 feature checks - - libssh2 features are detected based on version since commit - 9dbbba997608f7c3c5de1c627c77c8cd2aa85b73 - - Closes #7343 - -- test1116: hyper doesn't pass through "surprise-trailers" - - Closes #7344 - -- socks4: scan for the IPv4 address in resolve results - - Follow-up to 84d2839740 which changed the resolving to always resolve - both address families, but since SOCKS4 only supports IPv4 it should - scan for and use the first available IPv4 address. - - Reported-by: shithappens2016 on github - Fixes #7345 - Closes #7346 - -Jay Satiro (5 Jul 2021) -- proto.d: fix formatting for paragraphs after margin changes - - Closes https://github.com/curl/curl/pull/7341 - -- pinnedpubkey.d: fix formatting for version support lists - - Closes https://github.com/curl/curl/pull/7340 - -Daniel Stenberg (2 Jul 2021) -- TODO: "Support in-memory certs/ca certs/keys" done - - Has been suppored for a while now with the *BLOB options. - -- examples: safer and more proper read callback logic - - The same callback code is used in: - - imap-append.c - smtp-authzid.c - smtp-mail.c - smtp-multi.c - smtp-ssl.c - smtp-tls.c - - It should not assume that it can copy full lines into the buffer as it - will encourage sloppy coding practices. Instead use byte-wise logic and - check/acknowledge the buffer size appropriately. - - Reported-by: Harry Sintonen - Fixes #7330 - Closes #7331 - -- test1519: adjusted to work with hyper - - Closes #7333 - -- test1518: adjusted to work with hyper - - ... by making sure the stdout output doesn't look like HTTP headers. - - Closes #7333 - -- test1514: add a CRLF to the response to make it correct - - Makes hyper accept it fine instead returning HYPERE_UNEXPECTED_EOF on - us. - - Closes #7334 - -- formdata: avoid "Argument cannot be negative" warning - - ... when converting a curl_off_t to size_t, by using - CURL_ZERO_TERMINATED before passing the argument to the function. - - Detected by Coverity CID 1486590. - - Closes #7328 - Assisted-by: Daniel Gustafsson - -- lib: more %u for port and int for %*s fixes - - Detected by Coverity - - Closes #7329 - -- doh: (void)-prefix call to curl_easy_setopt - -- lib: fix type of len passed to *printf's %*s - - ... it needs to be 'int'. Detected by Coverity CID 1486611 (etc) - - Closes #7326 - -- lib: use %u instead of %ld for port number printf - - Follow-up to 764c6bd3bf which changed the type of some port number - fields. Detected by Coverity (CID 1486624) etc. - - Closes #7325 - -- version: turn version number functions into returning void - - ... as we never use the return codes from them. - - Reviewed-by: Daniel Gustafsson - Closes #7319 - -- mqtt: extend the error message for no topic - - ... and mention that it needs URL encoding. - - Reported-by: Peter Körner - Fixes #7316 - Closes #7317 - -- formdata: correct typecast in curl_mime_data call - - Coverity pointed out it the mismatch. CID 1486590 - - Closes #7327 - -- url: (void)-prefix a curl_url_get() call - - Coverity (CID 1486645) pointed out a use of curl_url_get() in the - parse_proxy function where the return code wasn't checked. A - (void)-prefix makes the intention obvious. - - Closes #7320 - -- glob: pass an 'int' as len when using printf's %*s - - Detected by Coverity CID 1486629. - - Closes #7324 - -- vtls: use free() not curl_free() - - curl_free() is provided for users of the API to free returned data, - there's no need to use it internally. - - Closes #7318 - -- zuul: use the new rustls directory name - - Follow-up to 6d972c8b1cbb3 which missed updating this directory name. - - Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1 - - Closes #7311 - -Jay Satiro (29 Jun 2021) -- http: fix crash in rate-limited upload - - - Don't set the size of the piece of data to send to the rate limit if - that limit is larger than the buffer size that will hold the piece. - - Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE - (curl tool: --limit-rate) was set then it was possible that a temporary - buffer used for uploading could be written to out of bounds. A likely - scenario for this would be a non-trivial amount of post data combined - with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k). - - The bug was introduced in 24e469f which is in releases since 7.76.0. - - perl -e "print '0' x 200000" > tmp - curl --limit-rate 128k -d @tmp httpbin.org/post - - Reported-by: Richard Marion - - Fixes https://github.com/curl/curl/issues/7308 - Closes https://github.com/curl/curl/pull/7315 - -Daniel Stenberg (29 Jun 2021) -- copyright: add boiler-plate headers to CI config files - - And whitelist .zuul.ignore - - Closes #7314 - -- CI: remove travis details - - Rename still used leftovers to "zuul" as that's now the CI using them. - - Closes #7313 - -- RELEASE-NOTES: synced - -- openssl: avoid static variable for seed flag - - Avoid the race condition risk by instead storing the "seeded" flag in - the multi handle. Modern OpenSSL versions handle the seeding itself so - doing the seeding once per multi-handle instead of once per process is - less of an issue. - - Reported-by: Gerrit Renker - Fixes #7296 - Closes #7306 - -- configure: inhibit the implicit-fallthrough warning on gcc-12 - - ... since it no longer acknowledges the comment markup we use for that - purpose. - - Reported-by: Younes El-karama - Fixes #7295 - Closes #7307 - -Daniel Gustafsson (28 Jun 2021) -- [Andrei Rybak brought this change] - - misc: fix typos in comments which repeat a word - - Fix typos in code comments which repeat various words. In trivial - cases, just delete the repeated word. Reword the affected sentence in - "lib/url.c" for it to make sense. - - Closes #7303 - Reviewed-by: Daniel Gustafsson <daniel@yesql.se> - -Daniel Stenberg (27 Jun 2021) -- lib677: make it survive torture testing - - Follow-up to a5ab72d5edd7 - - Closes #7300 - -- [Tommy Chiang brought this change] - - docs/BINDINGS: fix outdated links - - * luacurl page is now not accessible, fix it with wayback machine page - * Scheme one seems not providing https now, change it back to http one - - Closes #7301 - -- [Jacob Hoffman-Andrews brought this change] - - curstls: bump crustls version and use new URL - - crustls moved to https://github.com/rustls/rustls-ffi. This also bumps - the expected version to 0.7.0. - - Closes #7297 - -- RELEASE-NOTES: synced - -- examples: length-limit two sscanf() uses of %s - - Reported-by: Jishan Shaikh - Fixes #7293 - Closes #7294 - -- [Richard Whitehouse brought this change] - - multi: alter transfer timeout ordering - - - Check whether a connection has succeded before checking whether it's - timed out. - - This means if we've connected quickly, but subsequently been - descheduled, we allow the connection to succeed. Note, if we timeout, - but between checking the timeout, and connecting to the server the - connection succeeds, we will allow it to go ahead. This is viewed as - an acceptable trade off. - - - Add additional failf logging around failed connection attempts to - propogate the cause up to the caller. - - Co-Authored-by: Martin Howarth - Closes #7178 - -- test677: IMAP CONNECT_ONLY, custom command and then exit - - Adjusted ftpserver.pl to add support for the IMAP IDLE command - - Adjusted test 660 to sync with the fix - -- multi: do not switch off connect_only flag when closing - - ... as it made protocol specific disconnect commands wrongly get used. - - Bug: https://curl.se/mail/lib-2021-06/0024.html - Reported-by: Aleksander Mazur - Closes #7288 - -- http: make the haproxy support work with unix domain sockets - - ... it should then pass on "PROXY UNKNOWN" since it doesn't know the - involved IP addresses. - - Reported-by: Valentín Gutiérrez - Fixes #7290 - Closes #7291 - -- [Xiang Xiao brought this change] - - curl.h: include sys/select.h for NuttX RTOS - - Closes #7287 - -- [Bin Meng brought this change] - - curl.h: remove the execution bit - - The execution bit of curl.h file was wrongly added: - - commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") - - and should be removed. - - Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7") - Signed-off-by: Bin Meng <bmeng.cn@gmail.com> - Closes #7286 - -- [Bin Lan brought this change] - - curl.h: <sys/select.h> is supported by VxWorks7 - - Closes #7285 - -- [Bachue Zhou brought this change] - - quiche: use send() instead of sendto() to avoid macOS issue - - sendto() always returns "Socket is already connected" error on macos - - Closes #7260 - -- [Li Xinwei brought this change] - - cmake: fix support for UnixSockets feature on Win32 - - Move the definition of sockaddr_un struct from config-win32.h to - curl_setup.h, so that it could be shared by all build systems. - - Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use - unix sockets. - - Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS - is defined. - - Closes #7034 - -- [Gregory Muchka brought this change] - - hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies - - From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A - dictionary of key-value pairs that represent the current internet proxy - settings, or NULL if no proxy settings have been defined or if an error - occurred. You must release the returned value." - - Failure to release the returned value of SCDynamicStoreCopyProxies can - result in a memory leak. - - Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies - - Closes #7265 - -- RELEASE-NOTES: synced - -Jay Satiro (21 Jun 2021) -- vtls: fix warning due to function prototype mismatch - - b09c8ee changed the function prototype. Caught by Visual Studio. - -- curl_multibyte: Remove local encoding fallbacks - - - If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then - no longer fall back to assuming the string is in a local encoding. - - Background: - - Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to - pass to the Windows CRT API wide-character functions since in Windows - UTF-8 is not a valid locale (or at least 99% of the time right now). - - Prior to this change if the Unicode encoding conversion failed then - libcurl would assume, for backwards compatibility with applications that - may have written their code for non-Unicode builds, attempt to convert - the string from local encoding to UTF-16. - - That type of "best effort" could theoretically cause some type of - security or other problem if a string that was locally encoded was also - valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion - could occur. - - Ref: https://github.com/curl/curl/pull/7246 - - Closes https://github.com/curl/curl/pull/7257 - -Daniel Stenberg (20 Jun 2021) -- curl_endian: remove the unused Curl_write64_le function - - The last usage was removed in cca455a36 - - Closes #7280 - -- vtls: only store TIMER_APPCONNECT for non-proxy connect - - Introducing a 'isproxy' argument to the connect function so that it - knows wether to store the time stamp or not. - - Reported-by: Yongkang Huang - Fixes #7274 - Closes #7274 - -- gnutls: set the preferred TLS versions in correct order - - Regression since 781864bedbc57 (curl 7.77.0) - - Reported-by: civodul on github - Assisted-by: Nikos Mavrogiannopoulos - Fixes #7277 - Closes #7278 - -- [Gergely Nagy brought this change] - - configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove unused define HAVE_PERROR - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure: remove unused check for gai_strerror - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove unused define HAVE_FREEIFADDRS - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove unused define HAVE_FORK - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove unused define HAVE_FDOPEN - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove checks for unused sgtty.h - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove remaining checks for rsa.h - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove remaining checks for err.h - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove remaining checks for crypto.h - - Closes #7276 - -- [Gergely Nagy brought this change] - - configure/cmake: remove checks for unused getservbyport_r - - Closes #7276 - -- --socks4[a]: clarify where the host name is resolved - - Closes #7273 - -- libcurl-security.3: mention file descriptors and forks - - ... and move the security report section last. - - Reported-by: Harry Sintonen - Closes #7270 - -- [Alex Xu (Hello71) brought this change] - - configure.ac: make non-executable - - it needs to be processed by autoconf or autoreconf, and doesn't have a - suitable shebang to be directly executed. other projects normally set - configure.ac -x. - - Closes #7272 - -- configure: do not strip out debug flags - - To allow users to set them when invoking configure without using - --with-debug. - - Reported-by: Alex Xu - Fixes #7216 - Closes #7267 - -- libssh2: limit time a disconnect can take to 1 second - - Closes #7271 - -- TLS: prevent shutdown loops to get stuck - - ... by making sure the loops are only allowed to read the shutdown - traffic a limited number of times. - - Reported-by: Harry Sintonen - Closes #7271 - -- hyper: propagate errors back up from read callbacks - - Makes test 513 work with hyper - - Closes #7266 - -- KNOWN_BUGS: Negotiate on Windows fails - - Closes #5881 - -- KNOWN_BUGS: renames instead of locking for atomic operations - - Closes #6882 - Closes #6884 - -- zuul: add two missing CI jobs - - ... that were configured, just not run - - Closes #7261 - -Viktor Szakats (15 Jun 2021) -- idn: fix libidn2 with windows unicode builds - - Unicode Windows builds use UTF-8 strings internally in libcurl, - so make sure to call the UTF-8 flavour of the libidn2 API. Also - document that Windows builds with libidn2 and UNICODE do expect - CURLOPT_URL as an UTF-8 string. - - Reported-by: dEajL3kA on github - Assisted-by: Jay Satiro - Reviewed-by: Marcel Raad - Closes #7246 - Fixes #7228 - -Daniel Stenberg (15 Jun 2021) -- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE - - They were never officially allowed and slipped in only due to sloppy - parsing. Spaces (ascii 32) should be correctly encoded (to %20) before - being part of a URL. - - The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl - allow spaces. - - Updated test 1560 to verify. - - Closes #7073 - -- RELEASE-NOTES: synced - - ... and bump to version 7.78.0 for the next planned release. - -Jay Satiro (15 Jun 2021) -- docs: Remove outdated curl tool limitation - - - Document that HTTP/2 multiplexing is supported by the curl tool when - parallel transfers are used. - - Supported since 7.66.0 via --parallel, but the doc wasn't updated. - - Closes https://github.com/curl/curl/pull/7259 - -- http2: Clarify 'Using HTTP2' verbose message - - - Change phrasing from multi-use to multiplexing since the former may - not be as well understood. - - Before: * Using HTTP2, server supports multi-use - - After: * Using HTTP2, server supports multiplexing - - Bug: https://github.com/curl/curl/discussions/7255 - Reported-by: David Hu - - Closes https://github.com/curl/curl/pull/7258 - -Daniel Stenberg (14 Jun 2021) -- winbuild/README: VC should be set to 6 'or larger' - - Previously it listed all versions up to 15 (missing 16) but this new - phrasing is more open ended. - - Reported-by: Hugh Macdonald - Fixes #7253 - Closes #7254 - -- [Jacob Hoffman-Andrews brought this change] - - rustls: remove native_roots fallback - - For the commandline tool, we expect to be passed - SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of - trusted roots (like in other TLS backends). - - This also removes a dependency on Security.framework when building on - macOS. - - Closes #7250 - -- [Albin Vass brought this change] - - travis: remove jobs that have migrated to zuul - - Closes #7245 - -- [Mohammed Naser brought this change] - - CI: add jobs using Zuul - - It also includes a few changes to get the builds going: - - Added autoconf to common dependencies - - Added automake to common dependencies - - Added libtool to common dependencies - - Added libssl-dev to common dependencies - - Co-authored-by: Albin Vass - - Closes #7245 - -- netrc: skip 'macdef' definitions - - Add test 494 to verify - - Reported-by: Harry Sintonen - Fixes #7238 - Closes #7244 - -- multi: add scan-build-6 work-around in curl_multi_fdset - - scan-build-6 otherwise warns, saying: warning: The left operand of '>=' - is a garbage value otherwise, which is false. - - Later scan-builds don't claim this on the same code. - - Closes #7248 - -- asyn-ares: remove check for 'data' in Curl_resolver_cancel - - It implied it would survive a NULL in there which it won't. Instead do - an assert. - - Pointed out by scan-build. - - Closes #7248 - -- url.c: remove two variable assigns that are never read - - Pointed out by scan-build - - Closes #7248 - -- [Gealber Morales brought this change] - - mqtt: add support for username and password - - Minor-edits-by: Daniel Stenberg - Added test 2200 to 2205 - - Closes #7243 - -- travis: remove the arm job - - We do it on circle CI instead - -- CI: add .circleci/config.yml - - Assisted-by: Gabriel Simmer - - Closes #7239 - -- RELEASE-NOTES: synced - -- runtests: init $VERSION to avoid warnings when using -l - -- openssl: don't remove session id entry in disassociate - - When a connection is disassociated from a transfer, the Session ID entry - should remain. - - Regression since 7f4a9a9 (shipped in libcurl 7.77.0) - Reported-by: Gergely Nagy - Reported-by: Paul Groke - - Fixes #7222 - Closes #7230 - -- single_transfer: ignore blank --output-dir - - ... as otherwise it creates a rather unexpected target directory with a - leading slash. - - Reported-by: Harry Sintonen - Fixes #7218 - Closes #7233 - -- tests: update README about servers and port numbers - - Closes #7242 - -- conn_shutdown: if closed during CONNECT cleanup properly - - Reported-by: Alex Xu - Reported-by: Phil E. Taylor - - Fixes #7236 - Closes #7237 - -- [Christian Weisgerber brought this change] - - sws: malloc request struct instead of using stack - - ... 2MB requests is otherwise just too big for some systems. - - (The allocations are not freed properly.) - - Bug: https://curl.se/mail/lib-2021-06/0018.html - - Closes #7235 - -- [Mark Swaanenburg brought this change] - - lib: don't compare fd to FD_SETSIZE when using poll - - FD_SETSIZE is irrelevant when using poll. So ensuring that the file - descriptor is smaller than FD_SETSIZE in VALID_SOCK, can cause - multi_wait to ignore perfectly valid file descriptors and simply wait - for 1s to avoid hammering the CPU in a busy loop. - - Fixes #7240 - Closes #7241 - -- [zhangxiuhua brought this change] - - doh: fix wrong DEBUGASSERT for doh private_data - - Closes #7227 - -- [yb999 brought this change] - - tests: update README.md with a missing single quote - - Closes #7231 - -- GHA: run all tests for hyper too - - As it lists disabled ones in DISABLED now - - Closes #7209 - -- tests/data/DISABLED: add tests not working with hyper - - The goal is to remove them all from here over time. - - Closes #7209 - -- runtests: also find the last test in Makefile.inc - - Closes #7209 - -- test3010: work with hyper mode - - Closes #7209 - -- configure: disable RTSP when hyper is selected - - Makes test 1013 work - - Closes #7209 - -- test1594/1595/1596: fix to work in hyper mode - - Closes #7209 - -- test1438/1457: add HTTP keyword to make hyper mode work - - Closes #7209 - -- test1340/1341: adjusted for hyper mode - - Closes #7209 - -- test1218: adjusted for hyper mode - - Closes #7209 - -- test1216: adjusted for hyper mode - - Closes #7209 - -- test1230: adjust to work in hyper mode - - Closes #7209 - -- c-hyper: abort CONNECT response reading early on non 2xx responses - - Fixes test 493 - - Closes #7209 - -- test434: add HTTP keyword - - Closes #7209 - -- test599: adjusted to work in hyper mode - - Closes #7209 - -- c-hyper: fix the uploaded field in progress callbacks - - Makes test 578 work - - Closes #7209 - -- test566: adjust to work with hyper mode - - Closes #7209 - -- [Fawad Mirza brought this change] - - CURLOPT_WRITEFUNCTION.3: minor update of the example - - Safely avoid chunk.size garbage value if declared non globally. - - Closes #7219 - -- [Bastian Krause brought this change] - - configure: rename get-easy-option configure option to get-easy-options - - "get-easy-options" is the configure option advertised by the help text - anyway, so use that. - - Fixes #7211 - Closes #7213 - - Follow-up to ad691b191 ("configure: added --disable-get-easy-options") - Suggested-by: Daniel Stenberg <daniel@haxx.se> - Signed-off-by: Bastian Krause <bst@pengutronix.de> - -- runtests: skip disabled tests unless -f is used - - To make it easier to write ranges like '115 to 229' without that - explicitly enabling tests that are listed in DISABLED, this makes - runtests always skip disabled tests unless the -f command line option is - used. - - Previously the code attempted to not run such tests, but didn't do it - correctly. - - Closes #7212 - -- [Jun-ya Kato brought this change] - - ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS - - The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible - mode for middle box but it is enabled by default, which is unnecessary - for QUIC. - - Fixes #6896 - Closes #7202 - -- test644: remove as duplicate of test 587 - - Closes #7208 - -Daniel Gustafsson (8 Jun 2021) -- RELEASE-NOTES: synced - -- cookies: track expiration in jar to optimize removals - - Removing expired cookies needs to be a fast operation since we want to - be able to perform it often and speculatively. By tracking the timestamp - of the next known expiration we can exit early in case the timestamp is - in the future. - - Closes: #7172 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Daniel Stenberg (7 Jun 2021) -- GHA: add several libcurl tests to the hyper job - - 500 to 512 - -- test500: adjust to work with hyper mode - -- c-hyper: support CURLINFO_STARTTRANSFER_TIME - - Closes #7204 - -- c-hyper: support CURLOPT_HEADER - - When enabled, the headers are passed to the body write callback as well. - - Like in test 500 - - Closes #7204 - -- GHA: run the newly fixed tests with hyper - - Closes #7205 - -- test433: adjust for hyper mode - - Closes #7205 - -- test395: hyper cannot work around > 64 bit content-lengths like built-in - - Closes #7205 - -- test394: hyper returns a different error - - Closes #7205 - -- test393: make Content-Length fit within 64 bit for hyper - - Closes #7205 - -- test347: CRLFify to work in hyper mode - - Closes #7205 - -- test339: CRLFify better to work in hyper mode - - Closes #7205 - -- travis: remove the hyper build - -- GHA: add a linux-hyper job - - Closes #7206 - -- test328: avoid a header-looking body to make hyper mode work - - The test still works the same, just modified two bytes in the content. - - Closes #7203 - -- release-notes.pl: also spot common 'closes' typo - -- metalink: remove - - Warning: this will make existing curl command lines that use metalink to - stop working. - - Reasons for removal: - - 1. We've found several security problems and issues involving the - metalink support in curl. The issues are not detailed here. When - working on those, it become apparent to the team that several of the - problems are due to the system design, metalink library API and what - the metalink RFC says. They are very hard to fix on the curl side - only. - - 2. The metalink usage with curl was only very briefly documented and was - not following the "normal" curl usage pattern in several ways, making - it surprising and non-intuitive which could lead to further security - issues. - - 3. The metalink library was last updated 6 years ago and wasn't so - active the years before that either. An unmaintained library means - there's a security problem waiting to happen. This is probably reason - enough. - - 4. Metalink requires an XML parsing library, which is complex code (even - the smaller alternatives) and to this day often gets security - updates. - - 5. Metalink is not a widely used curl feature. In the 2020 curl user - survey, only 1.4% of the responders said that they'd are using it. In - 2021 that number was 1.2%. Searching the web also show very few - traces of it being used, even with other tools. - - 6. The torrent format and associated technology clearly won for - downloading large files from multiple sources in parallel. - - Cloes #7176 - -- docs/INSTALL: remove mentions of configure --with-darwin-ssl - - ... as it isn't supported since a while back. - - Make configure fail with a warning if used. - - Reported-by: Vadim Grinshpun - Bug: https://curl.se/mail/lib-2021-06/0008.html - Closes #7200 - -- RELEASE-NOTES: synced - -- [Gregor Jasny brought this change] - - cmake: Avoid leaking absolute paths into exported config - - The `find_libarary` command resolves the library or framework - into an absolute path. In case of system frameworks which are - located within an Xcode-provided SDK this results in the Xcode - path and SDK version being part of the library path. - - Because those library paths end up in the exported CMake config - importing curl will fail once the Xcode location or SDK version - changes: - - ```cmake - set_target_properties(CURL::libcurl PROPERTIES - INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include" - INTERFACE_LINK_LIBRARIES "lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB" - ) - ``` - - A work-around is to link against system-level frameworks with - `-framework XYZ`. In case of `SystemConfiguration` we might be able - to omit the lookup-check because we could assume the framework is - always present. - - Closes #7152 - -- [Shikha Sharma brought this change] - - http2_connisdead: handle trailing GOAWAY better - - When checking the connection the input processing returns error - immediately, we now consider that a dead connnection. - - Bug: https://curl.se/mail/lib-2021-06/0001.html - Closes #7192 - -- [Dmitry Karpov brought this change] - - ares: always store IPv6 addresses first - - Trying dual-stack on some embedded platform, I noticed that quite - frequently (20%) libCurl starts from IPv4 regardless the Happy Eyeballs - timeout value. After debugging this issue, I noticed that this happens - if c-ares resolver response for IPv6 family comes before IPv4 (which was - randomly happening in my tests). - - In such cases, because libCurl puts the last resolver response on top of - the address list, when IPv4 resolver response comes after IPv6 one - the - IPv4 family starts the connection phase instead of IPv6 family. - - The solution for this issue is to always put IPv6 addresses on top of - the address list, regardless the order of resolver responses. - - Bug: https://curl.se/mail/lib-2021-06/0003.html - - Closes #7188 - -- Revert "Revert "socketpair: fix potential hangs"" - - This reverts commit 3e70c3430a370a31eff2c1d8fea29edaca8f1127. - - Thus brings back the change from #7144 as was originally landed in - c769d1eab4de8b - - Closes #7144 (again) - -- [Ebe Janchivdorj brought this change] - - schannel: move code out of SChannel_connect_step1 - - Reviewed-by: Marc Hoersken - Closes #7168 - -- tests/data/Makefile.inc: error: trailing backslash on last line - - Follow-up to d8dcb399b8009d - -- TODO: Support rate-limiting for MQTT - -- [Dmitry Kostjuchenko brought this change] - - warnless: simplify type size handling - - By using sizeof(T), existing defines and relying on the compiler to - define the required signed/unsigned mask. - - Closes #7181 - -Gisle Vanem (4 Jun 2021) -- [Win32] Fix for USE_WATT32 - - My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()` - -Daniel Stenberg (4 Jun 2021) -- [Alexis Vachette brought this change] - - url: bad CURLOPT_CONNECT_TO syntax now returns error - - Added test 3020 to verify - - Closes #7183 - -- github: remove the cmake macOS gcc-8 jobs - - They're too similar to the gcc-9 ones to be useful (and seems to not - work anymore). - - Closes #7187 - -- test269: disable for hyper - - --ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work - with hyper. - - Closes #7184 - -- runtests: enable 'hyper mode' only for HTTP tests - - The 'hyper mode' makes line-ending checks work in the test suite for - when hyper is used. Now it also requires that HTTP or HTTPS are - mentioned as keywords to be enabled so that it doesn't wrongly adjusts - tests for other protocols. - - This makes test 271 (TFTP) work again in hyper enabled builds. - - Closes #7185 - -- [Alexis Vachette brought this change] - - hostip: bad CURLOPT_RESOLVE syntax now returns error - - Added test 3019 - Fixes #7170 - Closes #7174 - -Daniel Gustafsson (3 Jun 2021) -- cookies: fix typo and expand comment - - Fix a typo in the sorting comment, and while in there elaborate slightly - on why creationtime can be used as a tiebreaker. - -- cookies: remove unused header - - Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use - for the inet_pton.h headerfile, this removes the inclusion of the - header. - - Closes: #7182 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Daniel Stenberg (3 Jun 2021) -- Revert "socketpair: fix potential hangs" - - This reverts commit c769d1eab4de8b9f1bd84d992c63692fdc43c5be. - - See #7144 for details - -- [Paul Groke brought this change] - - socketpair: fix potential hangs - - Fixes potential hang in accept by using select + non-blocking accept. - - Fixes potential hang in peer check by replacing the send/recv check with - a getsockname/getpeername check. - - Adds length check for returned sockaddr data. - - Closes #7144 - -- runtests: parse data/Makefile.inc instead of using make - - The warning about missing entries in that file then doesn't require that - the Makefile has been regenerated which was confusing. - - The scan for the test num is a little more error prone than before - (since now it doesn't actually verify that it is legitimate Makefile - syntax), but I think it is good enough. - - Closes #7177 - -- [Harry Sintonen brought this change] - - filecheck: quietly remove test-place/*~ - - Closes #7179 - -- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax - - For options that pass in lists or strings that are subsequently parsed - and must be correct. This broadens the scope for the option previously - known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still - provided as a #define for existing applications. - - Closes #7175 - -- tests: fix Accept-Encoding strips to work with Hyper builds - - The previous strip also removed the CR which turned problematic. - - valgrind.supp: add zstd suppression using hyper - - Reported-and-analyzed-by: Kevin Burke - Fixes #7169 - Closes #7171 - -- github: timeout jobs on macOS after 90 minutes - - Assisted-by: Marc Hoersken - Closes #7173 - -- [Harry Sintonen brought this change] - - mqtt: detect illegal and too large file size - - Add test 3017 and 3018 to verify. - Closes #7166 - -- [Abhinav Singh brought this change] - - cmake: add CURL_DISABLE_NTLM option - - Closes #7028 - -- [Abhinav Singh brought this change] - - configure: add --disable-ntlm option - - Closes #7028 - -- [Abhinav Singh brought this change] - - define: re-add CURL_DISABLE_NTLM and corresponding ifdefs - - This flag will be further exposed by adding build options. - - Reverts #6809 - Closes #7028 - -- RELEASE-NOTES: synced - -Viktor Szakats (1 Jun 2021) -- travis: delete --enable-hsts option (it is the default now) [ci skip] - - Reviewed-by: Daniel Stenberg - Closes #7167 - -Daniel Stenberg (1 Jun 2021) -- hostip: fix 3 coverity complaints - - Follow-up to 1a0ebf6632f889eed - - - Check the return code to Curl_inet_pton() in two instances, even - though we know the input is valid so the functions won't fail. - - - Clear the 'struct sockaddr_in' struct before use so that the - 'sin_zero' field isn't left uninitialized. - - Detected by Coverity. - Assisted-by: Harry Sintonen - Closes #7163 - -- c-hyper: fix NTLM on closed connection tested with test159 - - Closes #7154 - -- conncache: lowercase the hash key for better match - - As host names are case insensitive, the use of case sensitive hashing - caused unnecesary cache misses and therefore lost performance. This - lowercases the hash key. - - Reported-by: Harry Sintonen - Fixes #7159 - Closes #7161 - -- mbedtls: make mbedtls_strerror always work - - If the function doesn't exist, provide a macro that just clears the - error message. Removes #ifdef uses from the code. - - Closes #7162 - -- vtls: exit addsessionid if no cache is inited - - Follow-up to b249592d29ae0 - - Avoids NULL pointer derefs. - - Closes #7165 - -- [Harry Sintonen brought this change] - - Curl_ntlm_core_mk_nt_hash: fix OOM in error path - - Closes #7164 - -Michael Kaufmann (1 Jun 2021) -- ssl: read pending close notify alert before closing the connection - - This avoids a TCP reset (RST) if the server initiates a connection - shutdown by sending an SSL close notify alert and then closes the TCP - connection. - - For SSL connections, usually the server announces that it will close the - connection with an SSL close notify alert. curl should read this alert. - If curl does not read this alert and just closes the connection, some - operating systems close the TCP connection with an RST flag. - - See RFC 1122, section 4.2.2.13 - - If curl reads the close notify alert, the TCP connection is closed - normally with a FIN flag. - - The new code is similar to existing code in the "SSL shutdown" function: - try to read an alert (non-blocking), and ignore any read errors. - - Closes #7095 - -Daniel Stenberg (1 Jun 2021) -- [Laurent Dufresne brought this change] - - setopt: fix incorrect comments - - Closes #7157 - -- [Laurent Dufresne brought this change] - - mbedtls: add support for cert and key blob options - - CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with - mbedtls backend, so the support was added. - - Closes #7157 - -- [Gregor Jasny brought this change] - - cmake: try well-known send/recv signature for Apple - - The CMake `try_compile` command is especially slow for - the Xcode generator. With this patch applied it first tests - for the currently used (and Open Group specified) send/recv - signature. In case this fails testing falls-back to the - permutations. - - speed-up: - - ``` - time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF - before: 11.64s user 11.09s system 55% cpu 40.754 total - after: 7.84s user 6.57s system 51% cpu 28.074 total - ``` - - ``` - time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF - before: 217.07s user 104.15s system 60% cpu 8:51.79 total - after: 108.76s user 51.80s system 58% cpu 4:32.58 total - ``` - - Closes #7158 - -- http2: init recvbuf struct for pushed streams - - Debug builds would warn that these structs were not initialized properly - for pushed streams. - - Ref: #7148 - Closes #7153 - -- Curl_ssl_getsessionid: fail if no session cache exists - - This function might get called for an easy handle for which the session - cache hasn't been setup. It now just returns a "miss" in that case. - - Reported-by: Christoph M. Becker - Fixes #7148 - Closes #7153 - -- GOVERNANCE: add 'user', 'committer' and 'contributor' - - As those are commonly used terms in the project. - - Closes #7151 - -- URL-SYNTAX.md: document the new 'localhost' treatment - -- hostip: make 'localhost' return fixed values - - Resolving the case insensitive host name 'localhost' now returns the - addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any - resolver. - - This removes the risk that users accidentally resolves 'localhost' to - something else. By making sure 'localhost' is always local, we can - assume a "secure context" for such transfers (for cookies etc). - - Closes #7039 - -Daniel Gustafsson (31 May 2021) -- docs: fix typos - -Daniel Stenberg (30 May 2021) -- hsts: ignore numberical IP address hosts - - Also, use a single function library-wide for detecting if a given hostname is - a numerical IP address. - - Reported-by: Harry Sintonen - Fixes #7146 - Closes #7149 - -- test178: adjust for hyper - - Hyper returns the same error for wrong HTTP version as for negative - content-length. Test 178 verifies that negative content-length is - rejected but the hyper backend will return a different error for it (and - without any helpful message telling why the message was bad). It will - also not return any headers at all for the response, not even the ones - that arrived before the error. - - Closes #7147 - -- HYPER: remove mentions of deprecated development branch - -- c-hyper: handle NULL from hyper_buf_copy() - - Closes #7143 - -- HSTS: not experimental anymore - -- [Douglas R. Reno brought this change] - - INSTALL: use correct extension for CURL-DISABLE.md - - In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of - CURL-DISABLE.md. This generates a 404 on the cURL website as well as - when viewing the docs through Github. - - Closes #7142 - -- travis: run tests 1 - 153 with hyper - -- c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL - - Makes test 129 work (HTTP/1.2 response). - - Closes #7141 - -- http_proxy: deal with non-200 CONNECT response with Hyper - - Makes test 94 and 95 work - - Closes #7141 - -- c-hyper: clear NTLM auth buffer when request is issued - - To prevent previous ones to get reused on subsequent requests. Matches - how the built-in HTTP code works. Makes test 90 to 93 work. - - Add test 90 to 93 in travis. - - Closes #7139 - -- [Joel Depooter brought this change] - - schannel: set ALPN length correctly for HTTP/2 - - In a3268eca792f1 this code was changed to use the ALPN_H2 constant - instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are - not the same. The nghttp2 constant included the length of the string, - like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need - to re-add the length of the string to the ALPN buffer. - - Closes #7138 - -- travis: run tests 1-89 in the hyper build - - Closes #7137 - -- Revert "c-hyper: handle body on HYPER_TASK_EMPTY" - - This reverts commit c3eefa95c31f55657f0af422e8268d738f689066. - - Reported-by: Kevin Burke - Fixes #7122 - Closes #7136 - -- [Jon Rumsey brought this change] - - ccsidcurl: fix the compile errors - - Looks like the declaration of cpp shoule be const char ** and return - null if convert_version_info_string fails. - - Fixes #7134 - Closes #7135 - -- [Viktor Szakats brought this change] - - docs: use --max-redirs instead of --max-redir - - For consistency. - - Closes #7130 - -- RELEASE-NOTES: synced - - ... and bump to 7.77.1 - -- [Michael Forney brought this change] - - travis: add bearssl build - - Closes #7133 - -- [Michael Forney brought this change] - - bearssl: explicitly initialize all fields of Curl_ssl - - Also, add comments like the other vtls backends. - - Closes #7133 - -- [Michael Forney brought this change] - - bearssl: remove incorrect const on variable that is modified - - hostname may be set to NULL later on in this function if it is an - IP address. - - Closes #7133 - -Version 7.77.0 (26 May 2021) - -Daniel Stenberg (26 May 2021) -- RELEASE-NOTES: synced - -- THANKS: added contributors from 7.77.0 cycle - -- copyright: update copyright year ranges to 2021 - -- [Radek Zajic brought this change] - - hostip: fix broken macOS/CMake/GCC builds - - Follow-up to 31f631a142d855f06 - - Fixes #7128 - Closes #7129 - -- TODO: netrc caching and sharing - - URL: https://curl.se/mail/archive-2021-05/0018.html - -- [Orgad Shaneh brought this change] - - setopt: streamline ssl option code - - Make it use the same style as the code next to it - - Closes #7123 - -- [Radek Zajic brought this change] - - lib/hostip6.c: make NAT64 address synthesis on macOS work - - Closes #7121 - -- [ejanchivdorj brought this change] - - sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer - - When the SecCertificateCopyCommonName function fails, it leaves - common_name in a invalid state so CFStringCompare uses the invalid - result, causing EXC_BAD_ACCESS. - - The fix is to check the return value of the function before using the - name. - - Closes #7126 - -- [Paweł Wegner brought this change] - - CMake: add CURL_ENABLE_EXPORT_TARGET option - - install(EXPORT ...) causes trouble when embedding curl dependencies - which don't provide install(EXPORT ...) targets (e.g libressl and - nghttp2) with cmake's add_subdirectory. - - Reviewed-by: Jakub Zakrzewski - Closes #7060 - -- [Alessandro Ghedini brought this change] - - quiche: update for network path aware API - - Latest version of quiche requires the application to pass the peer - address of received packets, and it provides the address for outgoing - packets back. - - Closes #7120 - -- [Jacob Hoffman-Andrews brought this change] - - rustls: switch read_tls and write_tls to callbacks - - And update to 0.6.0, including a rename from session to connection for - many fields. - - Closes #7071 - -- [Koichi Shiraishi brought this change] - - sectransp: fix 7f4a9a9b2a49 commit about missing comma - - Follow-up to 7f4a9a9b2a495 - - Closes #7119 - -- [Harry Sintonen brought this change] - - openssl: associate/detach the transfer from connection - - CVE-2021-22901 - - Bug: https://curl.se/docs/CVE-2021-22901.html - -- [Harry Sintonen brought this change] - - telnet: check sscanf() for correct number of matches - - CVE-2021-22898 - - Bug: https://curl.se/docs/CVE-2021-22898.html - -- schannel: don't use static to store selected ciphers - - CVE-2021-22897 - - Bug: https://curl.se/docs/CVE-2021-22897.html - -- docs/tests: remove freenode references - -- RELEASE-NOTES: synced - -- [Sergey Markelov brought this change] - - NSS: make colons, commas and spaces valid separators in cipher list - - Fixes #7110 - Closes #7115 - -- curl: include libmetalink version in --version output - - Closes #7112 - -Jay Satiro (21 May 2021) -- [Matias N. Goldberg brought this change] - - cmake: Use multithreaded compilation on VS 2008+ - - Multithreaded compilation has been supported since at least VS 2005 and - been robustly stable since at least VS 2008 - - Closes https://github.com/curl/curl/pull/7109 - -Daniel Stenberg (21 May 2021) -- [Matias N. Goldberg brought this change] - - cmake: fix two invokes result in different curl_config.h - - Fixes #7100 - Closes #7101 - - Reviewed-by: Jakub Zakrzewski - Signed-off-by: Matias N. Goldberg <dark_sylinc@yahoo.com.ar> - -- [Peng-Yu Chen brought this change] - - cmake: detect CURL_SA_FAMILY_T - - Fixes #7049 - Closes #7065 - -- [Lucas Clemente Vella brought this change] - - CURLOPT_IPRESOLVE: preventing wrong IP version from being used - - In some situations, it was possible that a transfer was setup to - use an specific IP version, but due do DNS caching or connection - reuse, it ended up using a different IP version from requested. - - This commit changes the effect of CURLOPT_IPRESOLVE from simply - restricting address resolution to preventing the wrong connection - type being used, when choosing a connection from the pool, and - to restricting what addresses could be used when establishing - a new connection. - - It is important that all addresses versions are resolved, even if - not used in that transfer in particular, because the result is - cached, and could be useful for a different transfer with a - different CURLOPT_IPRESOLVE setting. - - Closes #6853 - -- [Oliver Urbann brought this change] - - AmigaOS: add functions definitions for SHA256 - - AmiSSL replaces many functions with macros. Curl requires pointer - to some of these functions. Thus, we have to encapsulate these macros: - SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free. - - Bug: https://github.com/jens-maus/amissl/issues/15 - Co-authored-by: Daniel Stenberg <daniel@haxx.se> - - Closes #7099 - -- test2100: make it run with and require IPv6 - - Closes #7083 - -- tests/getpart: generate output URL encoded for better diffs - - Closes #7083 - -- [Ryan Beck-Buysse brought this change] - - docs/TheArtOfHttpScripting: fix markdown links - - extra parens cause the links to be incorrectly formatted - and inconsistent with the rest of the document. - - Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com> - Closes #7097 - -- RELEASE-NOTES: synced - -- [Emil Engler brought this change] - - docs: replace dots with dashes in markdown enums - - We use dashes instead of dots nearly everywhere except for those few - cases. This commit addresses this issues and brings more coherency into - it. - - Closes #7093 - -- [Emil Engler brought this change] - - docs: improve INTERNALS.md regarding getsock cb - - This adds the I/O prefix to indicate that those "actions" are kind-of - related to those found in select(2) or poll(2) (reading/writing). - - It also adds a note where the prototypes of those functions can be found - in the source code. - - Closes #7092 - -- [Emil Engler brought this change] - - docs: document attach in INTERNALS.md - - The new field in the Curl_handler struct still lacks documentation. This - adds it it from the information extracted from lib/urldata.h:797 - - Closes #7091 - -- [Marc Aldorasi brought this change] - - config: remove now-unused macros - - Closes #7094 - -- [Marc Aldorasi brought this change] - - hostip.h: remove declaration of unimplemented function - - Closes #7094 - -- h3: add 'attach' callback to protocol handlers - - Follow-up to 0c55fbab45be - - Reviewed-by: Emil Engler - Closes #7090 - -- wolfssl: remove SSLv3 support leftovers - - Closes #7088 - -- curl-wolfssl.m4: without custom include path, assume /usr/include - - ... so that we can point out the root of the OpenSSL emulation headers. - Previously this used the '$includedir' variable which is wrong since - that defaults to the dir where the current configure invoke will install - the built libcurl headers: /usr/local by default. - - Fixes #7085 - Reported-by: Joel Jakobsson - Closes #7087 - -- [Joel Depooter brought this change] - - data_pending: check only SECONDARY socket for FTP(S) transfers - - Check the FIRST for all other protocols. - - This fixes a timeout in an ftps download. The server sends a TLS - close_notify message in the same packet as the file data. The - close_notify seems to not be handled in the schannel_recv function, so - libcurl is not aware that the server has closed the connection. Thus - libcurl ends up waiting for action on the socket until a timeout is - reached. With the secondary socket check added to the data_pending - function, the close_notify is properly handled, and the ftps transfer - terminates as expected. - - Fixes #7068 - Closes #7069 - -- github: inhibit deprecated declarations for clang on macOS - - ... as they otherwise cause ldap build errors in the CI. - - Fixes #7081 - Closes #7082 - -- conn: add 'attach' to protocol handler, make libssh2 use it - - The libssh2 backend has SSH session associated with the connection but - the callback context is the easy handle, so when a connection gets - attached to a transfer, the protocol handler now allows for a custom - function to get used to set things up correctly. - - Reported-by: Michael O'Farrell - Fixes #6898 - Closes #7078 - -- http2: make sure pause is done on HTTP - - Since the function is called for any protocol, we can't assume that the - HTTP struct is there without first making sure it is HTTP. - - Reported-by: Denis Goleshchikhin - Fixes #7079 - Closes #7080 - -- docs: cookies from HTTP headers need domain set - - ... or the cookies won't get sent. Push users to using the "Netscape" - format instead, which curl uses when saving a cookie "jar". - - Reported-by: Martin Dorey - Reviewed-by: Daniel Gustafsson - Fixes #6723 - Closes #7077 - -- RELEASE-NOTES: synced - -- github: add a workflow with libssh2 on macOS using cmake - - Closes #7047 - -- sws: allow HTTP requests up to 2MB in size - - To allow tests with slightly larger payloads. Like #7071 ... - - Closes #7075 - -Marc Hoersken (16 May 2021) -- CI/azure: increase verbosity and fix outdated task names - - Closes #7063 - -- CI/cirrus: add shared and static Windows release builds - - Azure Pipelines is currently being used for debug builds, - let's also run some non-debug (release) Windows builds and - make use of previously underutilized Cirrus CI for that. - - Reviewed-by: Marcel Raad - - Closes #6991 - -Daniel Stenberg (16 May 2021) -- CURLOPT_CAPATH.3: defaults to a path, not NULL - - Reported-by: Andrew Barnert - - Closes #7062 - -- [Jacob Hoffman-Andrews brought this change] - - c-hyper: handle body on HYPER_TASK_EMPTY - - Some of the time, we get a HYPER_TASK_EMPTY response before the status - line, headers, and body have been read. Previously, that would cause us - to poll again, leading to a 1 second timeout. - - The HYPER_TASK_EMPTY docs say: - - The value of this task is null (does not imply an error). - - So, if we receive a HYPER_TASK_EMPTY, continue on with processing the - response. - - Reported-by: Kevin Burke - Fixes #7064 - Closes #7070 - -- [Ikko Ashimine brought this change] - - tool_getparam: fix comment typo in tool_getparam.c - - enfore -> enforce - - Closes #7074 - -- mem-include-scan.pl: require a non-word letter before memory funcs - - ... so that ldap_memfree() for example doesn't match the scan for free. - - Closes #7061 - -- version: free the openldap info correctly - - ... to avoid memory leaks. - - Follow-up to: bf0feae7768d9 - Closes #7061 - -- dupset: remove totally off comment - - Closes #7067 - -- configure: if asked for, fail if ldap is not found - - Reported-by: Jakub Zakrzewski - Fixes #7053 - Closes #7055 - -- version: add OpenLDAP version in the output - - Assisted-by: Howard Chu - Closes #7054 - -Jay Satiro (13 May 2021) -- [Joel Depooter brought this change] - - schannel: Ensure the security context request flags are always set - - As of commit 54e7475, these flags would only be set when using a new - credential handle. When re-using an existing credential handle, the - flags would not be set. - - Closes https://github.com/curl/curl/pull/7051 - -Dan Fandrich (12 May 2021) -- tests: Fix some tag matching issues in a number of tests - -Daniel Stenberg (12 May 2021) -- sasl: use 'unsigned short' to store mechanism - - ... saves a few bytes of struct size in memory and it only uses - 10 bits anyway. - - Closes #7045 - -- hostip: remove the debug code for LocalHost - - The Curl_resolv() had special code (when built in debug mode) for when - resolving the host name "LocalHost" (using that exact casing). It would - then get the host name from the --interface option instead. - - This development-only feature was not used by anything (anymore) and we - have the --resolve feature if we want to play similar tricks properly - going forward. - - Closes #7044 - -- progress: reset limit_size variables at transfer start - - Otherwise the old value would linger from a previous use and would mess - up the network speed cap logic. - - Reported-by: Ymir1711 on github - - Fixes #7042 - Closes #7043 - -- RELEASE-NOTES: synced - -- [Daniel Gustafsson brought this change] - - cookies: use CURLcode for cookie_output reporting - - Writing the cookie file has multiple error conditions, and was using an - int with magic numbers to report the different error (which in turn were - disregarded anyways). This moves reporting to use a CURLcode value. - - Lightly-touched-by: Daniel Stenberg - - Closes #7037 - Closes #6749 - -- [Daniel Gustafsson brought this change] - - cookies: make use of string duplication function - - strstore() is defined as a strdup which ensures to free the target - pointer before duping the source char * into it. Make use of it in - two more cases where it can simplify the code. - -- [Daniel Gustafsson brought this change] - - cookies: refactor comments - - Comments in the cookie code were a bit all over the place in terms of - style and wording. This takes a stab at cleaning them up by keeping to - a single style and overall shape. Some comments are moved a little and - some removed alltogether due to being redundant. No functional changes - have been made, - -- [Peng-Yu Chen brought this change] - - http2: skip immediate parsing of payload following protocol switch - - This is considered not harmful as a following http2_recv shall be - called very soon. - - This is considered helpful in the specific situation where some - servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately - following the return of HTTP status 101, other than waiting for - the client-side connection preface to arrive. - - Fixes #7036 - Closes #7040 - -- [Peng-Yu Chen brought this change] - - http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade - - Following the upstream deprecation of nghttp2_session_upgrade. - - Also provides further checks for requests with the HEAD method. - - Closes #7041 - -- progress/trspeed: use a local convenient pointer to beautify code - - The function becomes easier to read and understand with less repetition. - -- trspeed: use long double for transfer speed calculation - -- progress: move transfer speed calc into function - - This silences two scan-build-11 warnings: "The result of the '/' - expression is undefined" - - Bug: https://curl.se/mail/lib-2021-05/0022.html - Closes #7035 - -- [Cameron Cawley brought this change] - - openssl: remove unneeded cast for CertOpenSystemStore() - - Closes #7025 - -- travis: disable the libssh build - - It can't run on focal and causes warnings on bionic. Since the focal - failure started rather suddenly a while ago, we can suspect it might be - temporary. - - Added "bring back the build" to the TODO document. - - Fixes #7011 - Closes #7012 - -- [Peng-Yu Chen brought this change] - - http: use calculated offsets inst of integer literals for header parsing - - Assumed to be a minor coding style improvement with no behavior change. - - A modern compiler is expected to have the calculation optimized during - compilation. It may be deemed okay even if that's not the case, since - the added overhead is considered very low. - - Closes #7032 - -- [Peng-Yu Chen brought this change] - - GIT-INFO: suggest using autoreconf instead of buildconf - - Follow-up to 85868537d - - Closes #7033 - -- http: deal with partial CONNECT sends - - Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets, - which helped verifying this even more. - - Add test 363 to verify. - - Reported-by: ustcqidi on github - Fixes #6950 - Closes #7024 - -- HTTP3: make the ngtcp2 build use the quictls fork - - ... as ngtcp2 itself documents the build this way. - - Closes #7031 - -- http: limit the initial send amount to used upload buffer size - - Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes, - but for the situations where a larger upload buffer has been set, this - function can benefit from sending more bytes. With default size used, - this does the same as before. - - Also changed the storage of the size to an 'unsigned int' as it is not - allowed to be set larger than 2M. - - Also added cautions to the man pages about changing buffer sizes in - run-time. - - Closes #7022 - -- RELEASE-NOTES: synced - -- ngtcp2: fix the cb_acked_stream_data_offset proto - - The 'datalen' value should be 64 bit, not size_t! - - Reported-by: Dmitry Karpov - Bug: https://curl.se/mail/lib-2021-05/0019.html - Closes #7027 - -- progress: when possible, calculate transfer speeds with microseconds - - ... this improves precision, especially for transfers in the few or even - sub millisecond range. - - Reported-by: J. Bromley - Fixes #7017 - Closes #7020 - -- http: reset the header buffer when sending the request - - A reused transfer handle could otherwise reuse the previous leftover - buffer and havoc would ensue. - - Reported-by: sergio-nsk on github - Fixes #7018 - Closes #7021 - -- curl_mprintf.3: add description - - These functions have existed in the API since the dawn of time. It is - about time we describe how they work, even if we discourage users from - using them. - - Closes #7010 - -- [Timothy Gu brought this change] - - URL-SYNTAX: update IDNA section for WHATWG spec changes - - WHATWG URL has dictated the use of Nontransitional Processing (IDNA - 2008) for several years now. Chrome (and derivatives) still use - Transitional Processing, but Firefox and Safari have both switched. - - Also document the fact that winidn functions differently from libidn2 - here. - - Closes #7026 - -- [Calvin Buckley brought this change] - - INSTALL: add IBM i specific quirks - - Fixes #6830 - Closes #7013 - -- libcurl.3: mention the URL API - - To make it easier to find. Also a minor polish of libcurl-url.3 - - Closes #7009 - -- GnuTLS: don't allow TLS 1.3 for versions that don't support it - - Follow-up to 781864bedbc5 - - ... as they don't understand it and will return error at us! - - Closes #7014 - -Kamil Dudka (6 May 2021) -- tool_getparam: handle failure of curlx_convert_tchar_to_UTF8() - - Reported by GCC analyzer: - - Error: GCC_ANALYZER_WARNING (CWE-476): - src/tool_getparam.c: scope_hint: In function 'parse_args' - src/tool_getparam.c:2318:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'orig_opt' - lib/curlx.h:56: included_from: Included from here. - src/tool_getparam.c:28: included_from: Included from here. - lib/curl_multibyte.h:70:51: note: in definition of macro 'curlx_convert_tchar_to_UTF8' - src/tool_getparam.c:2316:16: note: in expansion of macro 'curlx_convert_tchar_to_UTF8' - - Reviewed-by: Marcel Raad - Reviewed-by: Daniel Stenberg - Closes #7023 - -Daniel Stenberg (6 May 2021) -- scripts/delta: also show total number of days - -Marc Hoersken (5 May 2021) -- sockfilt: fix invalid increment of handles index variable nfd - - Only increment the array index if we actually stored a handle. - - Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b - Closes #6992 - -- sockfilt: avoid getting stuck waiting for writable socket - - Reset FD_WRITE event using the same approach as in multi.c - - Follow up to b36442b24305f3cda7c13cc64b46838995a4985b - Closes #6992 - -Jay Satiro (5 May 2021) -- test678: Fix for Windows multibyte builds - - Follow-up to 77fc385 from yesterday. - - Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557 - Reported-by: Marc Hörsken - -- [Dmitry Kostjuchenko brought this change] - - build: fix compilation for Windows UWP platform - - - Include afunix.h which is necessary for sockaddr_un when - USE_UNIX_SOCKETS is defined on Windows. - - Closes https://github.com/curl/curl/pull/7006 - -Daniel Stenberg (5 May 2021) -- gnutls: make setting only the MAX TLS allowed version work - - Previously, settting only the max allowed TLS version, leaving the - minimum one at default, didn't actually set it and left it to default - (TLS 1.3) too! - - As a bonus, this change also removes the dead code handling of SSLv3 - since that version can't be set anymore (since eff614fb0242cb). - - Reported-by: Daniel Carpenter - Fixes #6998 - Closes #7000 - -- openldap: replace ldap_ prefix on private functions - - Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at - least) there's a symbol collision because of that. - - The private functions now use the 'oldap_' prefix where it previously - used 'ldap_'. - - Reported-by: 3eka on github - Fixes #7004 - Closes #7005 - -Jay Satiro (5 May 2021) -- http2: fix potentially uninitialized variable - - introduced several days ago in 3193170. caught by visual studio linker. - -- [Gilles Vollant brought this change] - - SSL: support in-memory CA certs for some backends - - - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to - specify in-memory PEM certificates for OpenSSL, Schannel (Windows) - and Secure Transport (Apple) SSL backends. - - Prior to this change PEM certificates could only be imported from a file - and not from memory. - - Co-authored-by: moparisthebest@users.noreply.github.com - - Ref: https://github.com/curl/curl/pull/4679 - Ref: https://github.com/curl/curl/pull/5677 - Ref: https://github.com/curl/curl/pull/6109 - - Closes https://github.com/curl/curl/pull/6662 - -Daniel Stenberg (4 May 2021) -- [David Cook brought this change] - - tests: ignore case of chunked hex numbers in tests - - When hyper is used, it emits uppercase hexadecimal numbers for chunked - encoding lengths. Without hyper, lowercase hexadecimal numbers are used. - This change adds preprocessor statements to tests where this is an - issue, and adapts the fixtures to match. - - Closes #6987 - -- cmake: check for getppid and utimes - - ... as they're checked for in the configure script and are used by - source code. - - Removed checks for perror, setvbuf and strlcat since those defines are - not checked for in source code. - - Bonus: removed HAVE_STRLCPY from a few config-*.h files since that - symbol is not used in source code. - - Closes #6997 - -- libtest: remove lib530.c - - Follow up from e50a877df when test 530 was removed. Since then this - source file has not been used/needed. - - Closes #6999 - -- FILEFORMAT: mention sectransp as a feature - - Been supported since at least 40259ca65 - - Closes #7001 - -- RELEASE-NOTES: synced - -- libssh2: ignore timeout during disconnect - - ... to avoid memory leaks! - - libssh2 is tricky as we have to deal with the non-blockiness even in - close and shutdown cases. In the cases when we shutdown after a timeout - already expired, it is crucial that curl doen't let the timeout abort - the shutdown process as that then leaks memory! - - Reported-by: Benjamin Riefenstahl - Fixes #6990 - -- KNOWN_BUGS: add two HTTP/2 bugs - -- KNOWN_BUGS: add three HTTP/3 issues - - ... and moved the HTTP/2 issues to its own section - - Closes #6606 - Closes #6510 - Closes #6494 - -- [ejanchivdorj brought this change] - - CURLcode: add CURLE_SSL_CLIENTCERT - - When a TLS server requests a client certificate during handshake and - none can be provided, libcurl now returns this new error code - CURLE_SSL_CLIENTCERT - - Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. - - Closes #6721 - -- [Tobias Gabriel brought this change] - - .github/FUNDING: add link to GitHub sponsors - - Closes #6985 - -- [Harry Sintonen brought this change] - - krb5/name_to_level: replace checkprefix with curl_strequal - - Closes #6993 - -- [Harry Sintonen brought this change] - - Curl_input_digest: require space after Digest - - Closes #6993 - -- [Harry Sintonen brought this change] - - Curl_http_header: check for colon when matching Persistent-Auth - - Closes #6993 - -- [Harry Sintonen brought this change] - - Curl_http_input_auth: require valid separator after negotiation type - - Closes #6993 - -- http: fix the check for 'Authorization' with Bearer - - The code would wrongly check for it using an additional colon. - - Reported-by: Blake Burkhart - Closes #6988 - -- [Kamil Dudka brought this change] - - http2: fix a resource leak in push_promise() - - ... detected by Coverity: - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle". - lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)". - lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url". - lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to. - - Closes #6986 - -- [Kamil Dudka brought this change] - - http2: fix resource leaks in set_transfer_url() - - ... detected by Coverity: - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Error: RESOURCE_LEAK (CWE-772): - lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()". - lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.] - lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to. - - Closes #6986 - -- [Jacob Hoffman-Andrews brought this change] - - rustls: use ALPN - - Update required rustls to 0.5.0 - - Closes #6960 - -- [Michał Antoniak brought this change] - - gskit: fix CURL_DISABLE_PROXY build - - Removed localfd and remotefd from ssl_backend_data (ued only with proxy - connection). Function pipe_ssloverssl return always 0, when proxy is not - used. - - Closes #6981 - -- [Michał Antoniak brought this change] - - gskit: fix undefined reference to 'conn' - - Closes #6980 - -- [Jacob Hoffman-Andrews brought this change] - - tls: add USE_HTTP2 define - - This abstracts across the two HTTP/2 backends: nghttp2 and Hyper. - - Add our own define for the "h2" ALPN protocol, so TLS backends can use - it without depending on a specific HTTP backend. - - Closes #6959 - -- [Jacob Hoffman-Andrews brought this change] - - lib: fix 0-length Curl_client_write calls - - Closes #6954 - -- [Jacob Hoffman-Andrews brought this change] - - lib: remove strlen call from Curl_client_write - - At all call sites with an explicit 0 len, pass an appropriate nonzero - len. - - Closes #6954 - -- [Ayushman Singh Chauhan brought this change] - - docs: camelcase it like GitHub everywhere - - Closes #6979 - -Jay Satiro (27 Apr 2021) -- [Lucas Servén Marín brought this change] - - docs: fix typo in fail-with-body doc - - This commit fixes a small typo in the documentation for the - --fail-with-body flag. - - Closes https://github.com/curl/curl/pull/6977 - -- lib: fix some misuse of curlx_convert_UTF8_to_tchar - - curlx_convert_UTF8_to_tchar must be freed by curlx_unicodefree, but - prior to this change some uses mistakenly called free. - - I've reviewed all other uses of curlx_convert_UTF8_to_tchar and - curlx_convert_tchar_to_UTF8. - - Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763 - Reported-by: sergio-nsk@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/6938 - -Daniel Stenberg (27 Apr 2021) -- ntlm: precaution against super huge type2 offsets - - ... which otherwise caused an integer overflow and circumvented the if() - conditional size check. - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720 - Assisted-by: Max Dymond - Closes #6975 - -- c-hyper: fix unused variable ‘wrote’ - -- libcurl-security.3: be careful of setuid - - Reported-by: Harry Sintonen - Closes #6970 - -- [Kevin Burke brought this change] - - c-hyper: don't write to set.writeheader if null - - Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a - CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to - the data->set.writeheader header buffer, even though it is null. This - led to NPE segfaults attempting to use libcurl+Hyper with Git, for - example. - - Instead, process the client write for the status line using the same - logic we use to process the client write for the later HTTP headers, - which contains the appropriate guard logic. As a side benefit, - data->set.writeheader is now only read in one file instead of two. - - Fixes #6619 - Fixes abetterinternet/crustls#49 - Fixes hyperium/hyper#2438 - Closes #6971 - -- wolfssl: handle SSL_write() returns 0 for error - - Reported-by: Timo Lange - - Closes #6967 - -- easy: ignore sigpipe in curl_easy_send - - Closes #6965 - -- sigpipe: ignore SIGPIPE when using wolfSSL as well - - Closes #6966 - -- libcurl-security.3: don't try to filter IPv4 hosts based on the URL - - Closes #6942 - -- [Harry Sintonen brought this change] - - nss_set_blocking: avoid static for sock_opt - - Reviewed-by: Kamil Dudka - Closes #6945 - -- RELEASE-NOTES: synced - -- [Yusuke Nakamura brought this change] - - docs/HTTP3.md: fix nghttp2's HTTP/3 server port - - Port 8443 does not work now. - Correct origin is in the quicwg's wiki. - https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2 - - Closes #6964 - -- krb5: don't use 'static' to store PBSZ size response - - ... because it makes the knowledge and usage cross-transfer in funny and - unexpected ways. - - Reported-by: Harry Sintonen - Closes #6963 - -- [Kevin Burke brought this change] - - m4: add security frameworks on Mac when compiling rustls - - Previously compiling rustls on Mac would only complete if you also - compiled the SecureTransport TLS backend, which curl would prefer to - the Rust backend. - - Appending these flags to LDFLAGS makes it possible to compile the - Rustls backend on Mac without the SecureTransport backend, which means - this patch will make it possible for Mac users to use the Rustls - backend for TLS. - - Reviewed-by: Jacob Hoffman-Andrews - - Fixes #6955 - Cloes #6956 - -- krb5: remove the unused 'overhead' function - - Closes #6947 - -- [Johann150 brought this change] - - curl_url_set.3: add memory management information - - wording taken from man page for CURLOPT_URL.3 - - As far as I can see, the URL part is either malloc'ed before due to - encoding or it is strdup'ed. - - Closes #6953 - -- [Jacob Hoffman-Andrews brought this change] - - c-hpyer: fix handling of zero-byte chunk from hyper - - Closes #6951 - -- CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data - - Ref: https://curl.se/mail/lib-2021-04/0085.html - Closes #6943 - -- [Ralph Langendam brought this change] - - cmake: make libcurl output filename configurable - - Reviewed-by: Jakub Zakrzewski - Closes #6933 - -- [Patrick Monnerat brought this change] - - vtls: reset ssl use flag upon negotiation failure - - Fixes the segfault in ldaps disconnect. - - Reported-by: Illarion Taev - Fixes #6934 - Closes #6937 - -- configure: fix typo in TLS error message - - Reported-by: Pontus Lundkvist - -- README: link to the commercial support option - -Jay Satiro (22 Apr 2021) -- [Martin Halle brought this change] - - version: add gsasl_version to curl_version_info_data - - - Add gsasl_version string and bump to CURLVERSION_TENTH. - - Ref: https://curl.se/mail/lib-2021-04/0003.html - - Closes https://github.com/curl/curl/pull/6843 - -- [Morten Minde Neergaard brought this change] - - schannel: Support strong crypto option - - - Support enabling strong crypto via optional user cipher list when - USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list. - - MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known - weak cryptographic algorithms, cipher suites, and SSL/TLS protocol - versions that may be otherwise enabled for better interoperability." - - Ref: https://curl.se/mail/lib-2021-02/0066.html - Ref: https://curl.se/docs/manpage.html#--ciphers - Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html - Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred - - Closes https://github.com/curl/curl/pull/6734 - -Daniel Stenberg (22 Apr 2021) -- RELEASE-NOTES: synced - -- ci: adapt to configure requiring an explicit TLS choice - -- configure: split out each TLS library detector into its own function - - ... and put those functions in separate m4 files per TLS library. diff --git a/libs/libcurl/docs/COPYING b/libs/libcurl/docs/COPYING index 48f144758e..90f05adf25 100644 --- a/libs/libcurl/docs/COPYING +++ b/libs/libcurl/docs/COPYING @@ -1,6 +1,6 @@ COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2021, Daniel Stenberg, <daniel@haxx.se>, and many +Copyright (c) 1996 - 2022, Daniel Stenberg, <daniel@haxx.se>, and many contributors, see the THANKS file. All rights reserved. diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index e29cbeedf6..e3a2ff5867 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -6,6 +6,7 @@ 0xee on github 0xflotus on github +1337vt on github 1ocalhost on github 3dyd on github 3eka on github @@ -28,6 +29,7 @@ Adam Langley Adam Light Adam Marcionek Adam Piggott +Adam Rosenfield Adam Sampson Adam Tkac Adnan Khan @@ -171,6 +173,7 @@ Andrew Moise Andrew Potter Andrew Robbins Andrew Wansink +Andrey Alifanov Andrey Gursky Andrey Labunets Andrii Moiseiev @@ -182,6 +185,7 @@ Andy Serpa Andy Tsouladze Angus Mackay anio on github +anon00000000 on github anshnd on github Antarpreet Singh Anthon Pang @@ -193,6 +197,7 @@ Anthony Ramine Anthony Shaw Antoine Aubert Antoine Calando +Antoine Pietri Anton Bychkov Anton Gerasimov Anton Kalmykov @@ -228,6 +233,7 @@ Augustus Saunders Austin Green Avery Fay awesomenode on github +Axel Chong Axel Morawietz Axel Tillequin Ayoub Boudhar @@ -237,6 +243,7 @@ Bachue Zhou Balaji Parasuram Balaji S Rao Balaji Salunke +Balakrishnan Balasubramanian Balazs Kovacsics Balint Szilakszi Barry Abrahamson @@ -311,6 +318,7 @@ bobmitchell1956 on github Bodo Bergmann Bogdan Nicula Boris Rasin +Boris Verkhovskiy Brad Burdick Brad Fitzpatrick Brad Harder @@ -359,6 +367,7 @@ Calvin Buckley Cameron Cawley Cameron Kaiser Cameron MacMinn +Cameron Will Camille Moncelier Cao ZhenXiang Caolan McNamara @@ -379,6 +388,7 @@ cclauss on github Cesar Eduardo Barros Chad Monroe Chandrakant Bagul +Charles Cazabon Charles Kerr Charles Romestant Chen Prog @@ -418,6 +428,7 @@ Christophe Demory Christophe Dervieux Christophe Legry Christopher Conroy +Christopher Degawa Christopher Head Christopher Palow Christopher R. Palmer @@ -444,10 +455,12 @@ coinhubs on github Colby Ranger Colin Blair Colin Hogben +Colin Leroy Colin O'Dell Colin Watson Colm Buckley Constantine Sapuntzakis +coralw on github Cory Benfield Cory Nelson Costya Shulyupin @@ -520,6 +533,7 @@ Daniel Silverstone Daniel Steinberg Daniel Stenberg Daniel Theron +Daniel Valenzuela Daniel Woelfel Daphne Luong Dario Nieuwenhuis @@ -578,6 +592,7 @@ David Walser David Woodhouse David Wright David Yan +Davide Cassioli davidedec on github dbrowndan on github dEajL3kA on github @@ -696,6 +711,7 @@ Elmira A Semenova elsamuko on github emanruse on github Emanuele Bovisio +Emanuele Torre Emil Engler Emil Lerner Emil Romanus @@ -753,10 +769,12 @@ Fabian Frank Fabian Hiernaux Fabian Keil Fabian Ruff +Fabian Yamaguchi Fabrice Fontaine Fabrizio Ammollo Fahim Chandurwala Faizur Rahman +Farzin on github Fawad Mirza fds242 on github Federico Bianchi @@ -770,10 +788,12 @@ Felix von Leitner Felix Yan Feng Tu Fernando Muñoz +Filip Lundgren Filip Salomonsson Firefox OS Flameborn on github Flavio Medeiros +Florian Kohnhäuser Florian Pritz Florian Schoppmann Florian Van Heghe @@ -782,6 +802,7 @@ Florin Petriuc Forrest Cahoon Francisco Moraes Francisco Munoz +Francisco Olarte Francisco Sedano Francois Petitjean Francois Rivard @@ -811,7 +832,9 @@ Gabriel Simmer Gabriel Sjoberg Gambit Communications Ganesh Kamath +gaoxingwang on github Garrett Holmstrom +Garrett Squire Gary Maxwell Gaurav Malhotra Gautam Kachroo @@ -909,6 +932,7 @@ Hao Wu Hardeep Singh Haris Okanovic Harold Stuart +Harry Sarson Harry Sintonen Harshal Pradhan Hauke Duden @@ -923,10 +947,12 @@ Helwing Lutz Hendrik Visage Henri Gomez Henrik Gaßmann +Henrik Holst Henrik Storner Henry Ludemann Henry Roeland Herve Amblard +HexTheDragon Hidemoto Nakada Himanshu Gupta Ho-chi Chen @@ -945,6 +971,7 @@ huzunhao on github hydra3333 on github Hzhijun iammrtau on github +Ian Blanes Ian D Allen Ian Fette Ian Ford @@ -966,6 +993,7 @@ Ikko Ashimine Ilguiz Latypov Ilja van Sprundel Illarion Taev +illusory-dream on github Ilya Kosarev imilli on github Immanuel Gregoire @@ -1029,7 +1057,9 @@ Jan Mazur Jan Schaumann Jan Schmidt Jan Van Boghout +Jan Venekamp Jan Verbeek +Jan-Piet Mens JanB on github Janne Johansson Jared Jennings @@ -1050,6 +1080,7 @@ Javier G. Sogo Javier Navarro Javier Sixto Jay Austin +Jay Dommaschk Jayesh A Shah Jaz Fresh Jean Fabrice @@ -1076,6 +1107,7 @@ Jeff Weber Jeffrey Tolar Jeffrey Walton jeffrson on github +Jenny Heino Jens Finkhaeuser Jens Rantil Jens Schleusener @@ -1103,7 +1135,9 @@ Jesse Chisholm Jesse Noller Jesse Tan jethrogb on github +jhoyla on github Jie He +Jim Beveridge Jim Drash Jim Freeman Jim Fuller @@ -1149,6 +1183,7 @@ John Dennis John Dunn John E. Malmberg John Gardiner Myers +John H. Ayad John Hascall John Janssen John Joseph Bachir @@ -1197,6 +1232,7 @@ Jonathan Nieder Jonathan Watt Jonathan Wernberg Jongki Suwandi +jonny112 on github Joombalaya on github Joonas Kuorilehto Jordan Brown @@ -1215,7 +1251,6 @@ Josip Medved Josue Andrade Gomes José Joaquín Atria Jozef Kralik -JP Mens Juan Barreto Juan F. Codagnone Juan Ignacio Hervás @@ -1239,6 +1274,7 @@ Jun-ya Kato jungle-boogie on github Junho Choi Jurij Smakov +jurisuk on github Juro Bystricky Justin Clift Justin Ehlert @@ -1264,6 +1300,7 @@ Kamil Dudka Kane York Kang Lin Kang-Jin Lee +Kantanat Wannapaka Kari Pahula Karl Chen Karl Moerder @@ -1286,6 +1323,7 @@ Kenny To Kent Boortz Kerem Kat Keshav Krity +Kevin Adler Kevin Baughman Kevin Burke Kevin Fisk @@ -1328,6 +1366,7 @@ Kristoffer Gleditsch Kunal Chandarana Kunal Ekawde Kurt Fankhauser +Kushal Das Kwon-Young Choi Kyle Abramowitz Kyle Edwards @@ -1360,6 +1399,8 @@ Laurie Clark-Michalek Lawrence Gripper Lawrence Matthews Lawrence Wagerfield +Leah Neukirchen +Leandro Coutinho Legoff Vincent Lehel Bernadt Leif W @@ -1377,6 +1418,8 @@ Leonardo Taccari Leszek Kubik Li Xinwei Liam Healy +Liam Warfield +LigH-de on github lijian996 on github Lijo Antony lilongyan-huawei on github @@ -1418,6 +1461,7 @@ Luke Amery Luke Call Luke Dashjr Luke Granger-Brown +luminixinc on github Luo Jinghua Luong Dinh Dung Luz Paz @@ -1538,6 +1582,7 @@ Matt McClure Matt Veenstra Matt Witherspoon Matt Wixson +Matteo Baccan Matteo Bignotti Matteo Bignottignotti Matteo Rocco @@ -1568,6 +1613,8 @@ Maxime Larocque Maxime Legros mbeifuss on github mccormickt12 on github +Median Median Stride +mehatzri on github Mehmet Bozkurt Mekonikum Melissa Mears @@ -1689,6 +1736,7 @@ Nathaniel R. Lewis Nathaniel Waisbrot Naveen Chandran Naveen Noel +Neal McBurnett Neal Poole nedres on github neex on github @@ -1698,6 +1746,7 @@ Neil Bowers Neil Dunbar Neil Kolban Neil Spring +neutric on github nevv on HackerOne/curl Niall O'Reilly niallor on github @@ -1705,6 +1754,8 @@ nian6324 on github nianxuejie on github Nic Roets Nicholas Maniscalco +Nick Banks +Nick Coghlan Nick Draffen Nick Gimbrone Nick Humfrey @@ -1720,6 +1771,7 @@ Nicolas Grekas Nicolas Guillier Nicolas Morey-Chaisemartin Nicolas Sterchele +Niels Martignène Niels van Tongeren Nikita Schmidt Nikitinskit Dmitriy @@ -1834,6 +1886,7 @@ Pavel Volgarev Pavol Markovic Pawel A. Gajda Pawel Kierski +Paweł Kowalski Paweł Wegner Pedro Larroy Pedro Monreal @@ -1884,6 +1937,7 @@ Phil Lisiecki Phil Pellouchoud Philip Craig Philip Gladstone +Philip H Philip Langdale Philip Prindeville Philipp Klaus Krause @@ -1908,6 +1962,7 @@ Poul T Lomholt Pramod Sharma Prash Dush Praveen Pvs +Prithvi MK Priyanka Shah Przemysław Tomaszewski pszemus on github @@ -1918,6 +1973,7 @@ Quagmire Quanah Gibson-Mount Quentin Balland Quinn Slack +r-a-sattarov on github R. Dennis Steed Radek Zajic Radoslav Georgiev @@ -1972,6 +2028,7 @@ Rene Bernhardt Rene Rebe Reuven Wachtfogel Reza Arbab +Rianov Viacheslav Ricardo Cadime Ricardo Gomes Ricardo Martins @@ -2016,6 +2073,7 @@ Rider Linden RiderALT on github Rikard Falkeborn rl1987 on github +Rob Boeckermann Rob Cotrone Rob Crittenden Rob Davies @@ -2025,6 +2083,8 @@ Rob Stanzel Rob Ward Robert A. Monat Robert B. Harris +Robert Brose +Robert Charles Muir Robert D. Young Robert Dunaj Robert Foreman @@ -2037,6 +2097,7 @@ Robert Ronto Robert Schumann Robert Weaver Robert Wruck +Robin A. Meade Robin Cornelius Robin Douine Robin Johnson @@ -2113,12 +2174,15 @@ Samuel Thibault Samuel Tranchet Sander Gates Sandor Feldi +Sandro Jaeckel Santhana Todatry Santino Keupp Saqib Ali Sara Golemon Saran Neti Sascha Swiercy +Sascha Zengler +Satadru Pramanik Saul good Saurav Babu sayrer on github @@ -2139,6 +2203,7 @@ Sebastian Haglund Sebastian Mundry Sebastian Pohlschmidt Sebastian Rasmussen +Sebastian Sterk Senthil Raja Velu Sergei Kuzmin Sergei Nikulov @@ -2174,6 +2239,7 @@ shithappens2016 on github Shlomi Fish Shmulik Regev Siddhartha Prakash Jain +siddharthchhabrap on github Sidney San Martín Siegfried Gyuricsko silveja1 on github @@ -2205,6 +2271,7 @@ Stan van de Burgt Stanislav Ivochkin Stanislav Zidek Stathis Kapnidis +Stav Nir steelman on github Stefan Agner Stefan Bühler @@ -2231,6 +2298,7 @@ Stephan Lagerholm Stephan Mühlstrasser Stephan Szabo Stephane Pellegrino +Stephen Boost Stephen Brokenshire Stephen Collyer Stephen Kick @@ -2254,6 +2322,7 @@ Steven Gu Steven M. Schweda Steven Parkes Steven Penny +Stewart Gebbie Stian Soiland-Reyes Stoned Elipot stootill on github @@ -2280,6 +2349,7 @@ Tae Hyoung Ahn Taiyu Len Taneli Vähäkangas Tanguy Fautre +Taras Kushnir tarek112 on github Tatsuhiro Tsujikawa tawmoto on github @@ -2416,6 +2486,7 @@ Ulf Samuelsson Ulrich Doehner Ulrich Telle Ulrich Zadow +updatede on github UrsusArctos on github User Sg ustcqidi on github @@ -2451,6 +2522,7 @@ Vincent Sanders Vincent Torri vitaha85 on github Vitaly Varyvdin +vl409 on github Vlad Grachov Vlad Ureche Vladimir Grishchenko @@ -2502,6 +2574,7 @@ XhmikosR on github XhstormR on github Xiang Xiao Xiangbin Li +Xiaoke Wang Xiaoyin Liu XmiliaH on github xnynx on github @@ -2562,3 +2635,4 @@ zzq1015 on github ウさん 不确定 加藤郁之 +梦终无痕 diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h index 7b69ce2d67..3a2c2ea561 100644 --- a/libs/libcurl/include/curl/curl.h +++ b/libs/libcurl/include/curl/curl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,8 +73,7 @@ defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ defined(__CYGWIN__) || defined(AMIGA) || defined(__NuttX__) || \ (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) || \ - (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) || \ - defined(__VXWORKS__) + (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) #include <sys/select.h> #endif @@ -82,14 +81,10 @@ #include <sys/socket.h> #endif -#if !defined(CURL_WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__) +#if !defined(CURL_WIN32) #include <sys/time.h> #endif -#ifdef __BEOS__ -#include <support/SupportDefs.h> -#endif - /* Compatibility for non-Clang compilers */ #ifndef __has_declspec_attribute # define __has_declspec_attribute(x) 0 @@ -529,10 +524,6 @@ typedef enum { CURLE_UPLOAD_FAILED, /* 25 - failed upload "command" */ CURLE_READ_ERROR, /* 26 - couldn't open/read from file */ CURLE_OUT_OF_MEMORY, /* 27 */ - /* Note: CURLE_OUT_OF_MEMORY may sometimes indicate a conversion error - instead of a memory allocation error if CURL_DOES_CONVERSIONS - is defined - */ CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was reached */ CURLE_OBSOLETE29, /* 29 - NOT USED */ CURLE_FTP_PORT_FAILED, /* 30 - FTP PORT operation failed */ @@ -569,7 +560,7 @@ typedef enum { CURLE_PEER_FAILED_VERIFICATION, /* 60 - peer's certificate or fingerprint wasn't verified fine */ CURLE_BAD_CONTENT_ENCODING, /* 61 - Unrecognized/bad encoding */ - CURLE_LDAP_INVALID_URL, /* 62 - Invalid LDAP URL */ + CURLE_OBSOLETE62, /* 62 - NOT IN USE since 7.82.0 */ CURLE_FILESIZE_EXCEEDED, /* 63 - Maximum file size exceeded */ CURLE_USE_SSL_FAILED, /* 64 - Requested FTP SSL level failed */ CURLE_SEND_FAIL_REWIND, /* 65 - Sending the data requires a rewind @@ -585,11 +576,7 @@ typedef enum { CURLE_REMOTE_FILE_EXISTS, /* 73 - File already exists */ CURLE_TFTP_NOSUCHUSER, /* 74 - No such user */ CURLE_CONV_FAILED, /* 75 - conversion failed */ - CURLE_CONV_REQD, /* 76 - caller must register conversion - callbacks using curl_easy_setopt options - CURLOPT_CONV_FROM_NETWORK_FUNCTION, - CURLOPT_CONV_TO_NETWORK_FUNCTION, and - CURLOPT_CONV_FROM_UTF8_FUNCTION */ + CURLE_OBSOLETE76, /* 76 - NOT IN USE since 7.82.0 */ CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing or wrong format */ CURLE_REMOTE_FILE_NOT_FOUND, /* 78 - remote file not found */ @@ -683,13 +670,13 @@ typedef enum { /* The following were added earlier */ #define CURLE_OPERATION_TIMEOUTED CURLE_OPERATION_TIMEDOUT - #define CURLE_HTTP_NOT_FOUND CURLE_HTTP_RETURNED_ERROR #define CURLE_HTTP_PORT_FAILED CURLE_INTERFACE_FAILED #define CURLE_FTP_COULDNT_STOR_FILE CURLE_UPLOAD_FAILED - #define CURLE_FTP_PARTIAL_FILE CURLE_PARTIAL_FILE #define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME +#define CURLE_LDAP_INVALID_URL CURLE_OBSOLETE62 +#define CURLE_CONV_REQD CURLE_OBSOLETE76 /* This was the error code 50 in 7.7.3 and a few earlier versions, this is no longer used by libcurl but is instead #defined here only to not @@ -2062,7 +2049,7 @@ typedef enum { * (in seconds) */ CURLOPT(CURLOPT_MAXAGE_CONN, CURLOPTTYPE_LONG, 288), - /* SASL authorisation identity */ + /* SASL authorization identity */ CURLOPT(CURLOPT_SASL_AUTHZID, CURLOPTTYPE_STRINGPOINT, 289), /* allow RCPT TO command to fail for some recipients */ @@ -2832,7 +2819,7 @@ typedef enum { CURLCLOSEPOLICY_LAST /* last, never use this */ } curl_closepolicy; -#define CURL_GLOBAL_SSL (1<<0) /* no purpose since since 7.57.0 */ +#define CURL_GLOBAL_SSL (1<<0) /* no purpose since 7.57.0 */ #define CURL_GLOBAL_WIN32 (1<<1) #define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32) #define CURL_GLOBAL_NOTHING 0 @@ -3082,6 +3069,7 @@ CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); #include "multi.h" #include "urlapi.h" #include "options.h" +#include "header.h" /* the typechecker doesn't work in C++ (yet) */ #if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h index 6d2f99b6da..fdd8e3f8f3 100644 --- a/libs/libcurl/include/curl/curlver.h +++ b/libs/libcurl/include/curl/curlver.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,17 +26,17 @@ a script at release-time. This was made its own header file in 7.11.2 */ /* This is the global package copyright */ -#define LIBCURL_COPYRIGHT "1996 - 2021 Daniel Stenberg, <daniel@haxx.se>." +#define LIBCURL_COPYRIGHT "1996 - 2022 Daniel Stenberg, <daniel@haxx.se>." /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.81.0" +#define LIBCURL_VERSION "7.83.1" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 81 -#define LIBCURL_VERSION_PATCH 0 +#define LIBCURL_VERSION_MINOR 83 +#define LIBCURL_VERSION_PATCH 1 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x075100 +#define LIBCURL_VERSION_NUM 0x075301 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2022-01-05" +#define LIBCURL_TIMESTAMP "2022-05-11" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/libs/libcurl/include/curl/header.h b/libs/libcurl/include/curl/header.h new file mode 100644 index 0000000000..7715b61e22 --- /dev/null +++ b/libs/libcurl/include/curl/header.h @@ -0,0 +1,64 @@ +#ifndef CURLINC_HEADER_H +#define CURLINC_HEADER_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +struct curl_header { + char *name; /* this might not use the same case */ + char *value; + size_t amount; /* number of headers using this name */ + size_t index; /* ... of this instance, 0 or higher */ + unsigned int origin; /* see bits below */ + void *anchor; /* handle privately used by libcurl */ +}; + +/* 'origin' bits */ +#define CURLH_HEADER (1<<0) /* plain server header */ +#define CURLH_TRAILER (1<<1) /* trailers */ +#define CURLH_CONNECT (1<<2) /* CONNECT headers */ +#define CURLH_1XX (1<<3) /* 1xx headers */ +#define CURLH_PSEUDO (1<<4) /* pseudo headers */ + +typedef enum { + CURLHE_OK, + CURLHE_BADINDEX, /* header exists but not with this index */ + CURLHE_MISSING, /* no such header exists */ + CURLHE_NOHEADERS, /* no headers at all exist (yet) */ + CURLHE_NOREQUEST, /* no request with this number was used */ + CURLHE_OUT_OF_MEMORY, /* out of memory while processing */ + CURLHE_BAD_ARGUMENT, /* a function argument was not okay */ + CURLHE_NOT_BUILT_IN /* if API was disabled in the build */ +} CURLHcode; + +CURL_EXTERN CURLHcode curl_easy_header(CURL *easy, + const char *name, + size_t index, + unsigned int origin, + int request, + struct curl_header **hout); + +CURL_EXTERN struct curl_header *curl_easy_nextheader(CURL *easy, + unsigned int origin, + int request, + struct curl_header *prev); + +#endif /* CURLINC_HEADER_H */ diff --git a/libs/libcurl/include/curl/options.h b/libs/libcurl/include/curl/options.h index 14373b551c..91360b3581 100644 --- a/libs/libcurl/include/curl/options.h +++ b/libs/libcurl/include/curl/options.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -57,7 +57,7 @@ CURL_EXTERN const struct curl_easyoption * curl_easy_option_by_name(const char *name); CURL_EXTERN const struct curl_easyoption * -curl_easy_option_by_id (CURLoption id); +curl_easy_option_by_id(CURLoption id); CURL_EXTERN const struct curl_easyoption * curl_easy_option_next(const struct curl_easyoption *prev); diff --git a/libs/libcurl/include/curl/system.h b/libs/libcurl/include/curl/system.h index faf8fcf84f..000fea6c75 100644 --- a/libs/libcurl/include/curl/system.h +++ b/libs/libcurl/include/curl/system.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -98,22 +98,6 @@ # define CURL_SUFFIX_CURL_OFF_TU UL # define CURL_TYPEOF_CURL_SOCKLEN_T int -#elif defined(__WATCOMC__) -# if defined(__386__) -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_SUFFIX_CURL_OFF_T i64 -# define CURL_SUFFIX_CURL_OFF_TU ui64 -# else -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T int - #elif defined(__POCC__) # if (__POCC__ < 280) # define CURL_TYPEOF_CURL_OFF_T long @@ -137,7 +121,7 @@ # define CURL_TYPEOF_CURL_SOCKLEN_T int #elif defined(__LCC__) -# if defined(__e2k__) /* MCST eLbrus C Compiler */ +# if defined(__MCST__) /* MCST eLbrus Compiler Collection */ # define CURL_TYPEOF_CURL_OFF_T long # define CURL_FORMAT_CURL_OFF_T "ld" # define CURL_FORMAT_CURL_OFF_TU "lu" diff --git a/libs/libcurl/libcurl.vcxproj b/libs/libcurl/libcurl.vcxproj index 49e6a66c28..ba9f10cde8 100644 --- a/libs/libcurl/libcurl.vcxproj +++ b/libs/libcurl/libcurl.vcxproj @@ -161,16 +161,19 @@ <ClCompile Include="src\gopher.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
+ <ClCompile Include="src\h2h3.c">
+ <PrecompiledHeader>NotUsing</PrecompiledHeader>
+ </ClCompile>
<ClCompile Include="src\hash.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\hmac.c">
+ <ClCompile Include="src\headers.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\hostasyn.c">
+ <ClCompile Include="src\hmac.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\hostcheck.c">
+ <ClCompile Include="src\hostasyn.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<ClCompile Include="src\hostip.c">
@@ -260,18 +263,9 @@ <ClCompile Include="src\netrc.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\non-ascii.c">
- <PrecompiledHeader>NotUsing</PrecompiledHeader>
- </ClCompile>
<ClCompile Include="src\nonblock.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\nwlib.c">
- <PrecompiledHeader>NotUsing</PrecompiledHeader>
- </ClCompile>
- <ClCompile Include="src\nwos.c">
- <PrecompiledHeader>NotUsing</PrecompiledHeader>
- </ClCompile>
<ClCompile Include="src\openldap.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
@@ -341,6 +335,9 @@ <ClCompile Include="src\splay.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
+ <ClCompile Include="src\timediff.c">
+ <PrecompiledHeader>NotUsing</PrecompiledHeader>
+ </ClCompile>
<ClCompile Include="src\version_win32.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
@@ -401,6 +398,9 @@ <ClCompile Include="src\vtls\gtls.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
+ <ClCompile Include="src\vtls\hostcheck.c">
+ <PrecompiledHeader>NotUsing</PrecompiledHeader>
+ </ClCompile>
<ClCompile Include="src\vtls\keylog.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
@@ -410,9 +410,6 @@ <ClCompile Include="src\vtls\mbedtls_threadlock.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\vtls\mesalink.c">
- <PrecompiledHeader>NotUsing</PrecompiledHeader>
- </ClCompile>
<ClCompile Include="src\vtls\nss.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
@@ -434,13 +431,13 @@ <ClCompile Include="src\vtls\wolfssl.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\warnless.c">
+ <ClCompile Include="src\vtls\x509asn1.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\wildcard.c">
+ <ClCompile Include="src\warnless.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
- <ClCompile Include="src\x509asn1.c">
+ <ClCompile Include="src\wildcard.c">
<PrecompiledHeader>NotUsing</PrecompiledHeader>
</ClCompile>
<ClInclude Include="src\altsvc.h" />
@@ -455,9 +452,6 @@ <ClInclude Include="src\config-os400.h" />
<ClInclude Include="src\config-plan9.h" />
<ClInclude Include="src\config-riscos.h" />
- <ClInclude Include="src\config-symbian.h" />
- <ClInclude Include="src\config-tpf.h" />
- <ClInclude Include="src\config-vxworks.h" />
<ClInclude Include="src\config-win32.h" />
<ClInclude Include="src\config-win32ce.h" />
<ClInclude Include="src\conncache.h" />
@@ -508,8 +502,9 @@ <ClInclude Include="src\ftplistparser.h" />
<ClInclude Include="src\getinfo.h" />
<ClInclude Include="src\gopher.h" />
+ <ClInclude Include="src\h2h3.h" />
<ClInclude Include="src\hash.h" />
- <ClInclude Include="src\hostcheck.h" />
+ <ClInclude Include="src\headers.h" />
<ClInclude Include="src\hostip.h" />
<ClInclude Include="src\hsts.h" />
<ClInclude Include="src\http_aws_sigv4.h" />
@@ -531,7 +526,6 @@ <ClInclude Include="src\multihandle.h" />
<ClInclude Include="src\multiif.h" />
<ClInclude Include="src\netrc.h" />
- <ClInclude Include="src\non-ascii.h" />
<ClInclude Include="src\nonblock.h" />
<ClInclude Include="src\parsedate.h" />
<ClInclude Include="src\pingpong.h" />
@@ -566,6 +560,7 @@ <ClInclude Include="src\system_win32.h" />
<ClInclude Include="src\telnet.h" />
<ClInclude Include="src\tftp.h" />
+ <ClInclude Include="src\timediff.h" />
<ClInclude Include="src\timeval.h" />
<ClInclude Include="src\transfer.h" />
<ClInclude Include="src\url.h" />
@@ -574,7 +569,6 @@ <ClInclude Include="src\version_win32.h" />
<ClInclude Include="src\warnless.h" />
<ClInclude Include="src\wildcard.h" />
- <ClInclude Include="src\x509asn1.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="src\strcase.c">
diff --git a/libs/libcurl/libcurl.vcxproj.filters b/libs/libcurl/libcurl.vcxproj.filters index 4ade79b333..786a8c8ca4 100644 --- a/libs/libcurl/libcurl.vcxproj.filters +++ b/libs/libcurl/libcurl.vcxproj.filters @@ -134,16 +134,19 @@ <ClCompile Include="src\gopher.c">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="src\h2h3.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
<ClCompile Include="src\hash.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\hmac.c">
+ <ClCompile Include="src\headers.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\hostasyn.c">
+ <ClCompile Include="src\hmac.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\hostcheck.c">
+ <ClCompile Include="src\hostasyn.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\hostip.c">
@@ -233,18 +236,9 @@ <ClCompile Include="src\netrc.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\non-ascii.c">
- <Filter>Source Files</Filter>
- </ClCompile>
<ClCompile Include="src\nonblock.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\nwlib.c">
- <Filter>Source Files</Filter>
- </ClCompile>
- <ClCompile Include="src\nwos.c">
- <Filter>Source Files</Filter>
- </ClCompile>
<ClCompile Include="src\openldap.c">
<Filter>Source Files</Filter>
</ClCompile>
@@ -314,6 +308,9 @@ <ClCompile Include="src\splay.c">
<Filter>Source Files</Filter>
</ClCompile>
+ <ClCompile Include="src\timediff.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
<ClCompile Include="src\version_win32.c">
<Filter>Source Files</Filter>
</ClCompile>
@@ -371,13 +368,13 @@ <ClCompile Include="src\vtls\gtls.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\vtls\mbedtls.c">
+ <ClCompile Include="src\vtls\hostcheck.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\vtls\mbedtls_threadlock.c">
+ <ClCompile Include="src\vtls\mbedtls.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\vtls\mesalink.c">
+ <ClCompile Include="src\vtls\mbedtls_threadlock.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\vtls\nss.c">
@@ -401,13 +398,13 @@ <ClCompile Include="src\vtls\wolfssl.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\warnless.c">
+ <ClCompile Include="src\vtls\x509asn1.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\wildcard.c">
+ <ClCompile Include="src\warnless.c">
<Filter>Source Files</Filter>
</ClCompile>
- <ClCompile Include="src\x509asn1.c">
+ <ClCompile Include="src\wildcard.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\strcase.c">
@@ -490,15 +487,6 @@ <ClInclude Include="src\config-riscos.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="src\config-symbian.h">
- <Filter>Header Files</Filter>
- </ClInclude>
- <ClInclude Include="src\config-tpf.h">
- <Filter>Header Files</Filter>
- </ClInclude>
- <ClInclude Include="src\config-vxworks.h">
- <Filter>Header Files</Filter>
- </ClInclude>
<ClInclude Include="src\config-win32.h">
<Filter>Header Files</Filter>
</ClInclude>
@@ -646,10 +634,13 @@ <ClInclude Include="src\gopher.h">
<Filter>Header Files</Filter>
</ClInclude>
+ <ClInclude Include="src\h2h3.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
<ClInclude Include="src\hash.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="src\hostcheck.h">
+ <ClInclude Include="src\headers.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\hostip.h">
@@ -715,9 +706,6 @@ <ClInclude Include="src\netrc.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="src\non-ascii.h">
- <Filter>Header Files</Filter>
- </ClInclude>
<ClInclude Include="src\nonblock.h">
<Filter>Header Files</Filter>
</ClInclude>
@@ -820,6 +808,9 @@ <ClInclude Include="src\tftp.h">
<Filter>Header Files</Filter>
</ClInclude>
+ <ClInclude Include="src\timediff.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
<ClInclude Include="src\timeval.h">
<Filter>Header Files</Filter>
</ClInclude>
@@ -844,9 +835,6 @@ <ClInclude Include="src\wildcard.h">
<Filter>Header Files</Filter>
</ClInclude>
- <ClInclude Include="src\x509asn1.h">
- <Filter>Header Files</Filter>
- </ClInclude>
<ClInclude Include="src\dynbuf.h">
<Filter>Header Files</Filter>
</ClInclude>
diff --git a/libs/libcurl/src/Makefile.am b/libs/libcurl/src/Makefile.am index 7693639415..ba5f016301 100644 --- a/libs/libcurl/src/Makefile.am +++ b/libs/libcurl/src/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -23,14 +23,10 @@ AUTOMAKE_OPTIONS = foreign nostdinc CMAKE_DIST = CMakeLists.txt curl_config.h.cmake -EXTRA_DIST = Makefile.m32 config-win32.h config-win32ce.h \ - config-plan9.h config-riscos.h config-mac.h curl_config.h.in \ - makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \ - makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ - config-os400.h setup-os400.h \ - config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ - firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ - setup-win32.h .checksrc +EXTRA_DIST = Makefile.m32 config-win32.h config-win32ce.h config-plan9.h \ + config-riscos.h config-mac.h curl_config.h.in makefile.dj config-dos.h \ + libcurl.plist libcurl.rc config-amigaos.h makefile.amiga config-win32ce.h \ + config-os400.h setup-os400.h $(CMAKE_DIST) setup-win32.h .checksrc lib_LTLIBRARIES = libcurl.la @@ -51,22 +47,15 @@ CFLAGS += @CURL_CFLAG_EXTRAS@ # $(top_srcdir)/include is for libcurl's external include files # $(top_builddir)/lib is for libcurl's generated lib/curl_config.h file # $(top_srcdir)/lib for libcurl's lib/curl_setup.h and other "private" files -# $(top_builddir)/ares is for in-tree c-ares's generated ares_build.h file -# $(top_srcdir)/ares is for in-tree c-ares's external include files AM_CPPFLAGS = -I$(top_srcdir)/include \ -I$(top_builddir)/lib \ -I$(top_srcdir)/lib -if USE_EMBEDDED_ARES -AM_CPPFLAGS += -I$(top_builddir)/ares \ - -I$(top_srcdir)/ares -endif - # Prevent LIBS from being used for all link targets LIBS = $(BLANK_AT_MAKETIME) -VERSIONINFO=-version-info 11:0:7 +VERSIONINFO=-version-info 12:0:8 # This flag accepts an argument of the form current[:revision[:age]]. So, # passing -version-info 3:12:1 sets current to 3, revision to 12, and age to # 1. @@ -138,8 +127,9 @@ CS_1 = CS_ = $(CS_0) checksrc: - $(CHECKSRC)(@PERL@ $(srcdir)/checksrc.pl -D$(srcdir) -W$(srcdir)/curl_config.h \ - $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] $(srcdir)/vtls/*.[ch] $(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch]) + $(CHECKSRC)(@PERL@ $(top_srcdir)/scripts/checksrc.pl -D$(srcdir) \ + -W$(srcdir)/curl_config.h $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] \ + $(srcdir)/vtls/*.[ch] $(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch]) if CURLDEBUG # for debug builds, we scan the sources on all regular make invokes diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in index 188b2c4c25..4308285306 100644 --- a/libs/libcurl/src/Makefile.in +++ b/libs/libcurl/src/Makefile.in @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -110,18 +110,15 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@USE_EMBEDDED_ARES_TRUE@am__append_1 = -I$(top_builddir)/ares \ -@USE_EMBEDDED_ARES_TRUE@ -I$(top_srcdir)/ares - -@CURL_LT_SHLIB_USE_VERSION_INFO_TRUE@am__append_2 = $(VERSIONINFO) -@CURL_LT_SHLIB_USE_NO_UNDEFINED_TRUE@am__append_3 = -no-undefined -@CURL_LT_SHLIB_USE_MIMPURE_TEXT_TRUE@am__append_4 = -mimpure-text -@CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_TRUE@am__append_5 = -Wl,--version-script=libcurl.vers +@CURL_LT_SHLIB_USE_VERSION_INFO_TRUE@am__append_1 = $(VERSIONINFO) +@CURL_LT_SHLIB_USE_NO_UNDEFINED_TRUE@am__append_2 = -no-undefined +@CURL_LT_SHLIB_USE_MIMPURE_TEXT_TRUE@am__append_3 = -mimpure-text +@CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_TRUE@am__append_4 = -Wl,--version-script=libcurl.vers # if symbol-hiding is enabled, hide them! -@CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_FALSE@@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_6 = -export-symbols-regex '^curl_.*' -@USE_CPPFLAG_CURL_STATICLIB_TRUE@am__append_7 = -DCURL_STATICLIB -@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_8 = -DCURL_HIDDEN_SYMBOLS -@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_9 = $(CFLAG_CURL_SYMBOL_HIDING) +@CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_FALSE@@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_5 = -export-symbols-regex '^curl_.*' +@USE_CPPFLAG_CURL_STATICLIB_TRUE@am__append_6 = -DCURL_STATICLIB +@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_7 = -DCURL_HIDDEN_SYMBOLS +@DOING_CURL_SYMBOL_HIDING_TRUE@am__append_8 = $(CFLAG_CURL_SYMBOL_HIDING) subdir = lib ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \ @@ -131,8 +128,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ $(top_srcdir)/m4/curl-functions.m4 \ $(top_srcdir)/m4/curl-gnutls.m4 \ - $(top_srcdir)/m4/curl-mbedtls.m4 \ - $(top_srcdir)/m4/curl-mesalink.m4 $(top_srcdir)/m4/curl-nss.m4 \ + $(top_srcdir)/m4/curl-mbedtls.m4 $(top_srcdir)/m4/curl-nss.m4 \ $(top_srcdir)/m4/curl-openssl.m4 \ $(top_srcdir)/m4/curl-override.m4 \ $(top_srcdir)/m4/curl-reentrant.m4 \ @@ -157,7 +153,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = curl_config.h -CONFIG_CLEAN_FILES = libcurl.vers +CONFIG_CLEAN_FILES = libcurl.vers libcurl.plist CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ @@ -210,9 +206,9 @@ am__objects_1 = libcurl_la-altsvc.lo libcurl_la-amigaos.lo \ libcurl_la-file.lo libcurl_la-fileinfo.lo \ libcurl_la-formdata.lo libcurl_la-ftp.lo \ libcurl_la-ftplistparser.lo libcurl_la-getenv.lo \ - libcurl_la-getinfo.lo libcurl_la-gopher.lo libcurl_la-hash.lo \ - libcurl_la-hmac.lo libcurl_la-hostasyn.lo \ - libcurl_la-hostcheck.lo libcurl_la-hostip.lo \ + libcurl_la-getinfo.lo libcurl_la-gopher.lo libcurl_la-h2h3.lo \ + libcurl_la-hash.lo libcurl_la-headers.lo libcurl_la-hmac.lo \ + libcurl_la-hostasyn.lo libcurl_la-hostip.lo \ libcurl_la-hostip4.lo libcurl_la-hostip6.lo \ libcurl_la-hostsyn.lo libcurl_la-hsts.lo libcurl_la-http.lo \ libcurl_la-http2.lo libcurl_la-http_chunks.lo \ @@ -224,24 +220,24 @@ am__objects_1 = libcurl_la-altsvc.lo libcurl_la-amigaos.lo \ libcurl_la-llist.lo libcurl_la-md4.lo libcurl_la-md5.lo \ libcurl_la-memdebug.lo libcurl_la-mime.lo \ libcurl_la-mprintf.lo libcurl_la-mqtt.lo libcurl_la-multi.lo \ - libcurl_la-netrc.lo libcurl_la-non-ascii.lo \ - libcurl_la-nonblock.lo libcurl_la-openldap.lo \ - libcurl_la-parsedate.lo libcurl_la-pingpong.lo \ - libcurl_la-pop3.lo libcurl_la-progress.lo libcurl_la-psl.lo \ - libcurl_la-rand.lo libcurl_la-rename.lo libcurl_la-rtsp.lo \ - libcurl_la-select.lo libcurl_la-sendf.lo libcurl_la-setopt.lo \ - libcurl_la-sha256.lo libcurl_la-share.lo libcurl_la-slist.lo \ - libcurl_la-smb.lo libcurl_la-smtp.lo libcurl_la-socketpair.lo \ + libcurl_la-netrc.lo libcurl_la-nonblock.lo \ + libcurl_la-openldap.lo libcurl_la-parsedate.lo \ + libcurl_la-pingpong.lo libcurl_la-pop3.lo \ + libcurl_la-progress.lo libcurl_la-psl.lo libcurl_la-rand.lo \ + libcurl_la-rename.lo libcurl_la-rtsp.lo libcurl_la-select.lo \ + libcurl_la-sendf.lo libcurl_la-setopt.lo libcurl_la-sha256.lo \ + libcurl_la-share.lo libcurl_la-slist.lo libcurl_la-smb.lo \ + libcurl_la-smtp.lo libcurl_la-socketpair.lo \ libcurl_la-socks.lo libcurl_la-socks_gssapi.lo \ libcurl_la-socks_sspi.lo libcurl_la-speedcheck.lo \ libcurl_la-splay.lo libcurl_la-strcase.lo libcurl_la-strdup.lo \ libcurl_la-strerror.lo libcurl_la-strtok.lo \ libcurl_la-strtoofft.lo libcurl_la-system_win32.lo \ - libcurl_la-telnet.lo libcurl_la-tftp.lo libcurl_la-timeval.lo \ - libcurl_la-transfer.lo libcurl_la-url.lo libcurl_la-urlapi.lo \ - libcurl_la-version.lo libcurl_la-version_win32.lo \ - libcurl_la-warnless.lo libcurl_la-wildcard.lo \ - libcurl_la-x509asn1.lo + libcurl_la-telnet.lo libcurl_la-tftp.lo libcurl_la-timediff.lo \ + libcurl_la-timeval.lo libcurl_la-transfer.lo libcurl_la-url.lo \ + libcurl_la-urlapi.lo libcurl_la-version.lo \ + libcurl_la-version_win32.lo libcurl_la-warnless.lo \ + libcurl_la-wildcard.lo am__dirstamp = $(am__leading_dot)dirstamp am__objects_2 = vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \ vauth/libcurl_la-digest.lo vauth/libcurl_la-digest_sspi.lo \ @@ -251,16 +247,15 @@ am__objects_2 = vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \ vauth/libcurl_la-spnego_gssapi.lo \ vauth/libcurl_la-spnego_sspi.lo vauth/libcurl_la-vauth.lo am__objects_3 = vtls/libcurl_la-bearssl.lo vtls/libcurl_la-gskit.lo \ - vtls/libcurl_la-gtls.lo vtls/libcurl_la-keylog.lo \ - vtls/libcurl_la-mbedtls.lo \ - vtls/libcurl_la-mbedtls_threadlock.lo \ - vtls/libcurl_la-mesalink.lo vtls/libcurl_la-nss.lo \ + vtls/libcurl_la-gtls.lo vtls/libcurl_la-hostcheck.lo \ + vtls/libcurl_la-keylog.lo vtls/libcurl_la-mbedtls.lo \ + vtls/libcurl_la-mbedtls_threadlock.lo vtls/libcurl_la-nss.lo \ vtls/libcurl_la-openssl.lo vtls/libcurl_la-rustls.lo \ vtls/libcurl_la-schannel.lo vtls/libcurl_la-schannel_verify.lo \ vtls/libcurl_la-sectransp.lo vtls/libcurl_la-vtls.lo \ - vtls/libcurl_la-wolfssl.lo -am__objects_4 = vquic/libcurl_la-ngtcp2.lo vquic/libcurl_la-quiche.lo \ - vquic/libcurl_la-vquic.lo + vtls/libcurl_la-wolfssl.lo vtls/libcurl_la-x509asn1.lo +am__objects_4 = vquic/libcurl_la-msh3.lo vquic/libcurl_la-ngtcp2.lo \ + vquic/libcurl_la-quiche.lo vquic/libcurl_la-vquic.lo am__objects_5 = vssh/libcurl_la-libssh.lo vssh/libcurl_la-libssh2.lo \ vssh/libcurl_la-wolfssh.lo am__objects_6 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \ @@ -300,8 +295,8 @@ am__objects_9 = libcurlu_la-altsvc.lo libcurlu_la-amigaos.lo \ libcurlu_la-formdata.lo libcurlu_la-ftp.lo \ libcurlu_la-ftplistparser.lo libcurlu_la-getenv.lo \ libcurlu_la-getinfo.lo libcurlu_la-gopher.lo \ - libcurlu_la-hash.lo libcurlu_la-hmac.lo \ - libcurlu_la-hostasyn.lo libcurlu_la-hostcheck.lo \ + libcurlu_la-h2h3.lo libcurlu_la-hash.lo libcurlu_la-headers.lo \ + libcurlu_la-hmac.lo libcurlu_la-hostasyn.lo \ libcurlu_la-hostip.lo libcurlu_la-hostip4.lo \ libcurlu_la-hostip6.lo libcurlu_la-hostsyn.lo \ libcurlu_la-hsts.lo libcurlu_la-http.lo libcurlu_la-http2.lo \ @@ -315,11 +310,10 @@ am__objects_9 = libcurlu_la-altsvc.lo libcurlu_la-amigaos.lo \ libcurlu_la-md5.lo libcurlu_la-memdebug.lo libcurlu_la-mime.lo \ libcurlu_la-mprintf.lo libcurlu_la-mqtt.lo \ libcurlu_la-multi.lo libcurlu_la-netrc.lo \ - libcurlu_la-non-ascii.lo libcurlu_la-nonblock.lo \ - libcurlu_la-openldap.lo libcurlu_la-parsedate.lo \ - libcurlu_la-pingpong.lo libcurlu_la-pop3.lo \ - libcurlu_la-progress.lo libcurlu_la-psl.lo libcurlu_la-rand.lo \ - libcurlu_la-rename.lo libcurlu_la-rtsp.lo \ + libcurlu_la-nonblock.lo libcurlu_la-openldap.lo \ + libcurlu_la-parsedate.lo libcurlu_la-pingpong.lo \ + libcurlu_la-pop3.lo libcurlu_la-progress.lo libcurlu_la-psl.lo \ + libcurlu_la-rand.lo libcurlu_la-rename.lo libcurlu_la-rtsp.lo \ libcurlu_la-select.lo libcurlu_la-sendf.lo \ libcurlu_la-setopt.lo libcurlu_la-sha256.lo \ libcurlu_la-share.lo libcurlu_la-slist.lo libcurlu_la-smb.lo \ @@ -330,11 +324,11 @@ am__objects_9 = libcurlu_la-altsvc.lo libcurlu_la-amigaos.lo \ libcurlu_la-strdup.lo libcurlu_la-strerror.lo \ libcurlu_la-strtok.lo libcurlu_la-strtoofft.lo \ libcurlu_la-system_win32.lo libcurlu_la-telnet.lo \ - libcurlu_la-tftp.lo libcurlu_la-timeval.lo \ - libcurlu_la-transfer.lo libcurlu_la-url.lo \ - libcurlu_la-urlapi.lo libcurlu_la-version.lo \ - libcurlu_la-version_win32.lo libcurlu_la-warnless.lo \ - libcurlu_la-wildcard.lo libcurlu_la-x509asn1.lo + libcurlu_la-tftp.lo libcurlu_la-timediff.lo \ + libcurlu_la-timeval.lo libcurlu_la-transfer.lo \ + libcurlu_la-url.lo libcurlu_la-urlapi.lo \ + libcurlu_la-version.lo libcurlu_la-version_win32.lo \ + libcurlu_la-warnless.lo libcurlu_la-wildcard.lo am__objects_10 = vauth/libcurlu_la-cleartext.lo \ vauth/libcurlu_la-cram.lo vauth/libcurlu_la-digest.lo \ vauth/libcurlu_la-digest_sspi.lo vauth/libcurlu_la-gsasl.lo \ @@ -344,16 +338,15 @@ am__objects_10 = vauth/libcurlu_la-cleartext.lo \ vauth/libcurlu_la-spnego_gssapi.lo \ vauth/libcurlu_la-spnego_sspi.lo vauth/libcurlu_la-vauth.lo am__objects_11 = vtls/libcurlu_la-bearssl.lo vtls/libcurlu_la-gskit.lo \ - vtls/libcurlu_la-gtls.lo vtls/libcurlu_la-keylog.lo \ - vtls/libcurlu_la-mbedtls.lo \ - vtls/libcurlu_la-mbedtls_threadlock.lo \ - vtls/libcurlu_la-mesalink.lo vtls/libcurlu_la-nss.lo \ + vtls/libcurlu_la-gtls.lo vtls/libcurlu_la-hostcheck.lo \ + vtls/libcurlu_la-keylog.lo vtls/libcurlu_la-mbedtls.lo \ + vtls/libcurlu_la-mbedtls_threadlock.lo vtls/libcurlu_la-nss.lo \ vtls/libcurlu_la-openssl.lo vtls/libcurlu_la-rustls.lo \ vtls/libcurlu_la-schannel.lo \ vtls/libcurlu_la-schannel_verify.lo \ vtls/libcurlu_la-sectransp.lo vtls/libcurlu_la-vtls.lo \ - vtls/libcurlu_la-wolfssl.lo -am__objects_12 = vquic/libcurlu_la-ngtcp2.lo \ + vtls/libcurlu_la-wolfssl.lo vtls/libcurlu_la-x509asn1.lo +am__objects_12 = vquic/libcurlu_la-msh3.lo vquic/libcurlu_la-ngtcp2.lo \ vquic/libcurlu_la-quiche.lo vquic/libcurlu_la-vquic.lo am__objects_13 = vssh/libcurlu_la-libssh.lo \ vssh/libcurlu_la-libssh2.lo vssh/libcurlu_la-wolfssh.lo @@ -424,10 +417,11 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurl_la-getenv.Plo \ ./$(DEPDIR)/libcurl_la-getinfo.Plo \ ./$(DEPDIR)/libcurl_la-gopher.Plo \ + ./$(DEPDIR)/libcurl_la-h2h3.Plo \ ./$(DEPDIR)/libcurl_la-hash.Plo \ + ./$(DEPDIR)/libcurl_la-headers.Plo \ ./$(DEPDIR)/libcurl_la-hmac.Plo \ ./$(DEPDIR)/libcurl_la-hostasyn.Plo \ - ./$(DEPDIR)/libcurl_la-hostcheck.Plo \ ./$(DEPDIR)/libcurl_la-hostip.Plo \ ./$(DEPDIR)/libcurl_la-hostip4.Plo \ ./$(DEPDIR)/libcurl_la-hostip6.Plo \ @@ -456,7 +450,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurl_la-mqtt.Plo \ ./$(DEPDIR)/libcurl_la-multi.Plo \ ./$(DEPDIR)/libcurl_la-netrc.Plo \ - ./$(DEPDIR)/libcurl_la-non-ascii.Plo \ ./$(DEPDIR)/libcurl_la-nonblock.Plo \ ./$(DEPDIR)/libcurl_la-openldap.Plo \ ./$(DEPDIR)/libcurl_la-parsedate.Plo \ @@ -487,6 +480,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurl_la-system_win32.Plo \ ./$(DEPDIR)/libcurl_la-telnet.Plo \ ./$(DEPDIR)/libcurl_la-tftp.Plo \ + ./$(DEPDIR)/libcurl_la-timediff.Plo \ ./$(DEPDIR)/libcurl_la-timeval.Plo \ ./$(DEPDIR)/libcurl_la-transfer.Plo \ ./$(DEPDIR)/libcurl_la-url.Plo \ @@ -495,7 +489,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurl_la-version_win32.Plo \ ./$(DEPDIR)/libcurl_la-warnless.Plo \ ./$(DEPDIR)/libcurl_la-wildcard.Plo \ - ./$(DEPDIR)/libcurl_la-x509asn1.Plo \ ./$(DEPDIR)/libcurlu_la-altsvc.Plo \ ./$(DEPDIR)/libcurlu_la-amigaos.Plo \ ./$(DEPDIR)/libcurlu_la-asyn-ares.Plo \ @@ -541,10 +534,11 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurlu_la-getenv.Plo \ ./$(DEPDIR)/libcurlu_la-getinfo.Plo \ ./$(DEPDIR)/libcurlu_la-gopher.Plo \ + ./$(DEPDIR)/libcurlu_la-h2h3.Plo \ ./$(DEPDIR)/libcurlu_la-hash.Plo \ + ./$(DEPDIR)/libcurlu_la-headers.Plo \ ./$(DEPDIR)/libcurlu_la-hmac.Plo \ ./$(DEPDIR)/libcurlu_la-hostasyn.Plo \ - ./$(DEPDIR)/libcurlu_la-hostcheck.Plo \ ./$(DEPDIR)/libcurlu_la-hostip.Plo \ ./$(DEPDIR)/libcurlu_la-hostip4.Plo \ ./$(DEPDIR)/libcurlu_la-hostip6.Plo \ @@ -574,7 +568,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurlu_la-mqtt.Plo \ ./$(DEPDIR)/libcurlu_la-multi.Plo \ ./$(DEPDIR)/libcurlu_la-netrc.Plo \ - ./$(DEPDIR)/libcurlu_la-non-ascii.Plo \ ./$(DEPDIR)/libcurlu_la-nonblock.Plo \ ./$(DEPDIR)/libcurlu_la-openldap.Plo \ ./$(DEPDIR)/libcurlu_la-parsedate.Plo \ @@ -607,6 +600,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurlu_la-system_win32.Plo \ ./$(DEPDIR)/libcurlu_la-telnet.Plo \ ./$(DEPDIR)/libcurlu_la-tftp.Plo \ + ./$(DEPDIR)/libcurlu_la-timediff.Plo \ ./$(DEPDIR)/libcurlu_la-timeval.Plo \ ./$(DEPDIR)/libcurlu_la-transfer.Plo \ ./$(DEPDIR)/libcurlu_la-url.Plo \ @@ -615,7 +609,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ ./$(DEPDIR)/libcurlu_la-version_win32.Plo \ ./$(DEPDIR)/libcurlu_la-warnless.Plo \ ./$(DEPDIR)/libcurlu_la-wildcard.Plo \ - ./$(DEPDIR)/libcurlu_la-x509asn1.Plo \ vauth/$(DEPDIR)/libcurl_la-cleartext.Plo \ vauth/$(DEPDIR)/libcurl_la-cram.Plo \ vauth/$(DEPDIR)/libcurl_la-digest.Plo \ @@ -642,9 +635,11 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Plo \ vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Plo \ vauth/$(DEPDIR)/libcurlu_la-vauth.Plo \ + vquic/$(DEPDIR)/libcurl_la-msh3.Plo \ vquic/$(DEPDIR)/libcurl_la-ngtcp2.Plo \ vquic/$(DEPDIR)/libcurl_la-quiche.Plo \ vquic/$(DEPDIR)/libcurl_la-vquic.Plo \ + vquic/$(DEPDIR)/libcurlu_la-msh3.Plo \ vquic/$(DEPDIR)/libcurlu_la-ngtcp2.Plo \ vquic/$(DEPDIR)/libcurlu_la-quiche.Plo \ vquic/$(DEPDIR)/libcurlu_la-vquic.Plo \ @@ -657,10 +652,10 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vtls/$(DEPDIR)/libcurl_la-bearssl.Plo \ vtls/$(DEPDIR)/libcurl_la-gskit.Plo \ vtls/$(DEPDIR)/libcurl_la-gtls.Plo \ + vtls/$(DEPDIR)/libcurl_la-hostcheck.Plo \ vtls/$(DEPDIR)/libcurl_la-keylog.Plo \ vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo \ vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo \ - vtls/$(DEPDIR)/libcurl_la-mesalink.Plo \ vtls/$(DEPDIR)/libcurl_la-nss.Plo \ vtls/$(DEPDIR)/libcurl_la-openssl.Plo \ vtls/$(DEPDIR)/libcurl_la-rustls.Plo \ @@ -669,13 +664,14 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vtls/$(DEPDIR)/libcurl_la-sectransp.Plo \ vtls/$(DEPDIR)/libcurl_la-vtls.Plo \ vtls/$(DEPDIR)/libcurl_la-wolfssl.Plo \ + vtls/$(DEPDIR)/libcurl_la-x509asn1.Plo \ vtls/$(DEPDIR)/libcurlu_la-bearssl.Plo \ vtls/$(DEPDIR)/libcurlu_la-gskit.Plo \ vtls/$(DEPDIR)/libcurlu_la-gtls.Plo \ + vtls/$(DEPDIR)/libcurlu_la-hostcheck.Plo \ vtls/$(DEPDIR)/libcurlu_la-keylog.Plo \ vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo \ vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo \ - vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo \ vtls/$(DEPDIR)/libcurlu_la-nss.Plo \ vtls/$(DEPDIR)/libcurlu_la-openssl.Plo \ vtls/$(DEPDIR)/libcurlu_la-rustls.Plo \ @@ -683,7 +679,8 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo \ vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo \ vtls/$(DEPDIR)/libcurlu_la-vtls.Plo \ - vtls/$(DEPDIR)/libcurlu_la-wolfssl.Plo + vtls/$(DEPDIR)/libcurlu_la-wolfssl.Plo \ + vtls/$(DEPDIR)/libcurlu_la-x509asn1.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -729,8 +726,8 @@ am__define_uniq_tagged_files = \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.inc \ - $(srcdir)/curl_config.h.in $(srcdir)/libcurl.vers.in \ - $(top_srcdir)/depcomp + $(srcdir)/curl_config.h.in $(srcdir)/libcurl.plist.in \ + $(srcdir)/libcurl.vers.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -777,6 +774,7 @@ CURL_DISABLE_TFTP = @CURL_DISABLE_TFTP@ CURL_LT_SHLIB_VERSIONED_FLAVOUR = @CURL_LT_SHLIB_VERSIONED_FLAVOUR@ CURL_NETWORK_AND_TIME_LIBS = @CURL_NETWORK_AND_TIME_LIBS@ CURL_NETWORK_LIBS = @CURL_NETWORK_LIBS@ +CURL_PLIST_VERSION = @CURL_PLIST_VERSION@ CURL_WITH_MULTI_SSL = @CURL_WITH_MULTI_SSL@ CYGPATH_W = @CYGPATH_W@ DEFAULT_SSL_BACKEND = @DEFAULT_SSL_BACKEND@ @@ -794,6 +792,7 @@ ENABLE_STATIC = @ENABLE_STATIC@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FISH_FUNCTIONS_DIR = @FISH_FUNCTIONS_DIR@ GCOV = @GCOV@ GREP = @GREP@ @@ -871,7 +870,7 @@ USE_LIBRTMP = @USE_LIBRTMP@ USE_LIBSSH = @USE_LIBSSH@ USE_LIBSSH2 = @USE_LIBSSH2@ USE_MBEDTLS = @USE_MBEDTLS@ -USE_MESALINK = @USE_MESALINK@ +USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ @@ -943,7 +942,6 @@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ -subdirs = @subdirs@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ @@ -957,7 +955,7 @@ top_srcdir = @top_srcdir@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -973,14 +971,10 @@ top_srcdir = @top_srcdir@ ########################################################################### AUTOMAKE_OPTIONS = foreign nostdinc CMAKE_DIST = CMakeLists.txt curl_config.h.cmake -EXTRA_DIST = Makefile.m32 config-win32.h config-win32ce.h \ - config-plan9.h config-riscos.h config-mac.h curl_config.h.in \ - makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h \ - makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h \ - config-os400.h setup-os400.h \ - config-tpf.h mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST) \ - firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl \ - setup-win32.h .checksrc +EXTRA_DIST = Makefile.m32 config-win32.h config-win32ce.h config-plan9.h \ + config-riscos.h config-mac.h curl_config.h.in makefile.dj config-dos.h \ + libcurl.plist libcurl.rc config-amigaos.h makefile.amiga config-win32ce.h \ + config-os400.h setup-os400.h $(CMAKE_DIST) setup-win32.h .checksrc lib_LTLIBRARIES = libcurl.la @BUILD_UNITTESTS_FALSE@noinst_LTLIBRARIES = @@ -994,8 +988,6 @@ lib_LTLIBRARIES = libcurl.la # $(top_srcdir)/include is for libcurl's external include files # $(top_builddir)/lib is for libcurl's generated lib/curl_config.h file # $(top_srcdir)/lib for libcurl's lib/curl_setup.h and other "private" files -# $(top_builddir)/ares is for in-tree c-ares's generated ares_build.h file -# $(top_srcdir)/ares is for in-tree c-ares's external include files # This flag accepts an argument of the form current[:revision[:age]]. So, # passing -version-info 3:12:1 sets current to 3, revision to 12, and age to # 1. @@ -1009,14 +1001,14 @@ lib_LTLIBRARIES = libcurl.la # # For the full guide on libcurl ABI rules, see docs/libcurl/ABI AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/lib \ - -I$(top_srcdir)/lib $(am__append_1) -DBUILDING_LIBCURL -VERSIONINFO = -version-info 11:0:7 + -I$(top_srcdir)/lib -DBUILDING_LIBCURL +VERSIONINFO = -version-info 12:0:8 AM_LDFLAGS = AM_CFLAGS = -libcurl_la_CPPFLAGS_EXTRA = $(am__append_7) $(am__append_8) -libcurl_la_LDFLAGS_EXTRA = $(am__append_2) $(am__append_3) \ - $(am__append_4) $(am__append_5) $(am__append_6) -libcurl_la_CFLAGS_EXTRA = $(am__append_9) +libcurl_la_CPPFLAGS_EXTRA = $(am__append_6) $(am__append_7) +libcurl_la_LDFLAGS_EXTRA = $(am__append_1) $(am__append_2) \ + $(am__append_3) $(am__append_4) $(am__append_5) +libcurl_la_CFLAGS_EXTRA = $(am__append_8) libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA) libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS) libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA) @@ -1047,10 +1039,10 @@ LIB_VTLS_CFILES = \ vtls/bearssl.c \ vtls/gskit.c \ vtls/gtls.c \ + vtls/hostcheck.c \ vtls/keylog.c \ vtls/mbedtls.c \ vtls/mbedtls_threadlock.c \ - vtls/mesalink.c \ vtls/nss.c \ vtls/openssl.c \ vtls/rustls.c \ @@ -1058,30 +1050,34 @@ LIB_VTLS_CFILES = \ vtls/schannel_verify.c \ vtls/sectransp.c \ vtls/vtls.c \ - vtls/wolfssl.c + vtls/wolfssl.c \ + vtls/x509asn1.c LIB_VTLS_HFILES = \ vtls/bearssl.h \ vtls/gskit.h \ vtls/gtls.h \ + vtls/hostcheck.h \ vtls/keylog.h \ vtls/mbedtls.h \ vtls/mbedtls_threadlock.h \ - vtls/mesalink.h \ vtls/nssg.h \ vtls/openssl.h \ vtls/rustls.h \ vtls/schannel.h \ vtls/sectransp.h \ vtls/vtls.h \ - vtls/wolfssl.h + vtls/wolfssl.h \ + vtls/x509asn1.h LIB_VQUIC_CFILES = \ + vquic/msh3.c \ vquic/ngtcp2.c \ vquic/quiche.c \ vquic/vquic.c LIB_VQUIC_HFILES = \ + vquic/msh3.h \ vquic/ngtcp2.h \ vquic/quiche.h \ vquic/vquic.h @@ -1140,10 +1136,11 @@ LIB_CFILES = \ getenv.c \ getinfo.c \ gopher.c \ + h2h3.c \ hash.c \ + headers.c \ hmac.c \ hostasyn.c \ - hostcheck.c \ hostip.c \ hostip4.c \ hostip6.c \ @@ -1173,7 +1170,6 @@ LIB_CFILES = \ mqtt.c \ multi.c \ netrc.c \ - non-ascii.c \ nonblock.c \ openldap.c \ parsedate.c \ @@ -1206,6 +1202,7 @@ LIB_CFILES = \ system_win32.c \ telnet.c \ tftp.c \ + timediff.c \ timeval.c \ transfer.c \ url.c \ @@ -1213,8 +1210,7 @@ LIB_CFILES = \ version.c \ version_win32.c \ warnless.c \ - wildcard.c \ - x509asn1.c + wildcard.c LIB_HFILES = \ altsvc.h \ @@ -1271,8 +1267,9 @@ LIB_HFILES = \ ftplistparser.h \ getinfo.h \ gopher.h \ + h2h3.h \ hash.h \ - hostcheck.h \ + headers.h \ hostip.h \ hsts.h \ http.h \ @@ -1294,7 +1291,6 @@ LIB_HFILES = \ multihandle.h \ multiif.h \ netrc.h \ - non-ascii.h \ nonblock.h \ parsedate.h \ pingpong.h \ @@ -1327,6 +1323,7 @@ LIB_HFILES = \ system_win32.h \ telnet.h \ tftp.h \ + timediff.h \ timeval.h \ transfer.h \ url.h \ @@ -1334,8 +1331,7 @@ LIB_HFILES = \ urldata.h \ version_win32.h \ warnless.h \ - wildcard.h \ - x509asn1.h + wildcard.h LIB_RCFILES = libcurl.rc CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES) \ @@ -1408,6 +1404,8 @@ distclean-hdr: -rm -f curl_config.h stamp-h1 libcurl.vers: $(top_builddir)/config.status $(srcdir)/libcurl.vers.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +libcurl.plist: $(top_builddir)/config.status $(srcdir)/libcurl.plist.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) @@ -1498,14 +1496,14 @@ vtls/libcurl_la-gskit.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-gtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurl_la-hostcheck.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-keylog.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-mbedtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-mbedtls_threadlock.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) -vtls/libcurl_la-mesalink.lo: vtls/$(am__dirstamp) \ - vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-nss.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-openssl.lo: vtls/$(am__dirstamp) \ @@ -1522,12 +1520,16 @@ vtls/libcurl_la-vtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-wolfssl.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurl_la-x509asn1.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) vquic/$(am__dirstamp): @$(MKDIR_P) vquic @: > vquic/$(am__dirstamp) vquic/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) vquic/$(DEPDIR) @: > vquic/$(DEPDIR)/$(am__dirstamp) +vquic/libcurl_la-msh3.lo: vquic/$(am__dirstamp) \ + vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurl_la-ngtcp2.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurl_la-quiche.lo: vquic/$(am__dirstamp) \ @@ -1581,14 +1583,14 @@ vtls/libcurlu_la-gskit.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-gtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurlu_la-hostcheck.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-keylog.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-mbedtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-mbedtls_threadlock.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) -vtls/libcurlu_la-mesalink.lo: vtls/$(am__dirstamp) \ - vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-nss.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-openssl.lo: vtls/$(am__dirstamp) \ @@ -1605,6 +1607,10 @@ vtls/libcurlu_la-vtls.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-wolfssl.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurlu_la-x509asn1.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) +vquic/libcurlu_la-msh3.lo: vquic/$(am__dirstamp) \ + vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurlu_la-ngtcp2.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurlu_la-quiche.lo: vquic/$(am__dirstamp) \ @@ -1680,10 +1686,11 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-getenv.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-getinfo.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-gopher.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-h2h3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hash.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-headers.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hmac.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostasyn.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostcheck.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostip.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostip4.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-hostip6.Plo@am__quote@ # am--include-marker @@ -1713,7 +1720,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-mqtt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-multi.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-netrc.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-non-ascii.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-nonblock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-openldap.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-parsedate.Plo@am__quote@ # am--include-marker @@ -1746,6 +1752,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-system_win32.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-telnet.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-tftp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-timediff.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-timeval.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-transfer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-url.Plo@am__quote@ # am--include-marker @@ -1754,7 +1761,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-version_win32.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-warnless.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-wildcard.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-x509asn1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-altsvc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-amigaos.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-asyn-ares.Plo@am__quote@ # am--include-marker @@ -1800,10 +1806,11 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-getenv.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-getinfo.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-gopher.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-h2h3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hash.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-headers.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hmac.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostasyn.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostcheck.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostip.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostip4.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-hostip6.Plo@am__quote@ # am--include-marker @@ -1833,7 +1840,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-mqtt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-multi.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-netrc.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-non-ascii.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-nonblock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-openldap.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-parsedate.Plo@am__quote@ # am--include-marker @@ -1866,6 +1872,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-system_win32.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-telnet.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-tftp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-timediff.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-timeval.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-transfer.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-url.Plo@am__quote@ # am--include-marker @@ -1874,7 +1881,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-version_win32.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-warnless.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-wildcard.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-x509asn1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-cleartext.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-cram.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurl_la-digest.Plo@am__quote@ # am--include-marker @@ -1901,9 +1907,11 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-vauth.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-msh3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-ngtcp2.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-quiche.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-vquic.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-msh3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-ngtcp2.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-quiche.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-vquic.Plo@am__quote@ # am--include-marker @@ -1916,10 +1924,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-bearssl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-gskit.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-gtls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-hostcheck.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-keylog.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mesalink.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-nss.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-openssl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-rustls.Plo@am__quote@ # am--include-marker @@ -1928,13 +1936,14 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-sectransp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-vtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-wolfssl.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-x509asn1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-bearssl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-gskit.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-gtls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-hostcheck.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-keylog.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-nss.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-openssl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-rustls.Plo@am__quote@ # am--include-marker @@ -1943,6 +1952,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-vtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-wolfssl.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-x509asn1.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -2289,6 +2299,13 @@ libcurl_la-gopher.lo: gopher.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-gopher.lo `test -f 'gopher.c' || echo '$(srcdir)/'`gopher.c +libcurl_la-h2h3.lo: h2h3.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-h2h3.lo -MD -MP -MF $(DEPDIR)/libcurl_la-h2h3.Tpo -c -o libcurl_la-h2h3.lo `test -f 'h2h3.c' || echo '$(srcdir)/'`h2h3.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-h2h3.Tpo $(DEPDIR)/libcurl_la-h2h3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='h2h3.c' object='libcurl_la-h2h3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-h2h3.lo `test -f 'h2h3.c' || echo '$(srcdir)/'`h2h3.c + libcurl_la-hash.lo: hash.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hash.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hash.Tpo -c -o libcurl_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hash.Tpo $(DEPDIR)/libcurl_la-hash.Plo @@ -2296,6 +2313,13 @@ libcurl_la-hash.lo: hash.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c +libcurl_la-headers.lo: headers.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-headers.lo -MD -MP -MF $(DEPDIR)/libcurl_la-headers.Tpo -c -o libcurl_la-headers.lo `test -f 'headers.c' || echo '$(srcdir)/'`headers.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-headers.Tpo $(DEPDIR)/libcurl_la-headers.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='headers.c' object='libcurl_la-headers.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-headers.lo `test -f 'headers.c' || echo '$(srcdir)/'`headers.c + libcurl_la-hmac.lo: hmac.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hmac.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hmac.Tpo -c -o libcurl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hmac.Tpo $(DEPDIR)/libcurl_la-hmac.Plo @@ -2310,13 +2334,6 @@ libcurl_la-hostasyn.lo: hostasyn.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostasyn.lo `test -f 'hostasyn.c' || echo '$(srcdir)/'`hostasyn.c -libcurl_la-hostcheck.lo: hostcheck.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostcheck.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostcheck.Tpo -c -o libcurl_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostcheck.Tpo $(DEPDIR)/libcurl_la-hostcheck.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostcheck.c' object='libcurl_la-hostcheck.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c - libcurl_la-hostip.lo: hostip.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-hostip.lo -MD -MP -MF $(DEPDIR)/libcurl_la-hostip.Tpo -c -o libcurl_la-hostip.lo `test -f 'hostip.c' || echo '$(srcdir)/'`hostip.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-hostip.Tpo $(DEPDIR)/libcurl_la-hostip.Plo @@ -2520,13 +2537,6 @@ libcurl_la-netrc.lo: netrc.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-netrc.lo `test -f 'netrc.c' || echo '$(srcdir)/'`netrc.c -libcurl_la-non-ascii.lo: non-ascii.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-non-ascii.lo -MD -MP -MF $(DEPDIR)/libcurl_la-non-ascii.Tpo -c -o libcurl_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-non-ascii.Tpo $(DEPDIR)/libcurl_la-non-ascii.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='non-ascii.c' object='libcurl_la-non-ascii.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c - libcurl_la-nonblock.lo: nonblock.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-nonblock.lo -MD -MP -MF $(DEPDIR)/libcurl_la-nonblock.Tpo -c -o libcurl_la-nonblock.lo `test -f 'nonblock.c' || echo '$(srcdir)/'`nonblock.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-nonblock.Tpo $(DEPDIR)/libcurl_la-nonblock.Plo @@ -2751,6 +2761,13 @@ libcurl_la-tftp.lo: tftp.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-tftp.lo `test -f 'tftp.c' || echo '$(srcdir)/'`tftp.c +libcurl_la-timediff.lo: timediff.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-timediff.lo -MD -MP -MF $(DEPDIR)/libcurl_la-timediff.Tpo -c -o libcurl_la-timediff.lo `test -f 'timediff.c' || echo '$(srcdir)/'`timediff.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-timediff.Tpo $(DEPDIR)/libcurl_la-timediff.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='timediff.c' object='libcurl_la-timediff.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-timediff.lo `test -f 'timediff.c' || echo '$(srcdir)/'`timediff.c + libcurl_la-timeval.lo: timeval.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-timeval.lo -MD -MP -MF $(DEPDIR)/libcurl_la-timeval.Tpo -c -o libcurl_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-timeval.Tpo $(DEPDIR)/libcurl_la-timeval.Plo @@ -2807,13 +2824,6 @@ libcurl_la-wildcard.lo: wildcard.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c -libcurl_la-x509asn1.lo: x509asn1.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-x509asn1.lo -MD -MP -MF $(DEPDIR)/libcurl_la-x509asn1.Tpo -c -o libcurl_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-x509asn1.Tpo $(DEPDIR)/libcurl_la-x509asn1.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509asn1.c' object='libcurl_la-x509asn1.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c - vauth/libcurl_la-cleartext.lo: vauth/cleartext.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vauth/libcurl_la-cleartext.lo -MD -MP -MF vauth/$(DEPDIR)/libcurl_la-cleartext.Tpo -c -o vauth/libcurl_la-cleartext.lo `test -f 'vauth/cleartext.c' || echo '$(srcdir)/'`vauth/cleartext.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurl_la-cleartext.Tpo vauth/$(DEPDIR)/libcurl_la-cleartext.Plo @@ -2926,6 +2936,13 @@ vtls/libcurl_la-gtls.lo: vtls/gtls.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-gtls.lo `test -f 'vtls/gtls.c' || echo '$(srcdir)/'`vtls/gtls.c +vtls/libcurl_la-hostcheck.lo: vtls/hostcheck.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-hostcheck.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-hostcheck.Tpo -c -o vtls/libcurl_la-hostcheck.lo `test -f 'vtls/hostcheck.c' || echo '$(srcdir)/'`vtls/hostcheck.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-hostcheck.Tpo vtls/$(DEPDIR)/libcurl_la-hostcheck.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/hostcheck.c' object='vtls/libcurl_la-hostcheck.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-hostcheck.lo `test -f 'vtls/hostcheck.c' || echo '$(srcdir)/'`vtls/hostcheck.c + vtls/libcurl_la-keylog.lo: vtls/keylog.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-keylog.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-keylog.Tpo -c -o vtls/libcurl_la-keylog.lo `test -f 'vtls/keylog.c' || echo '$(srcdir)/'`vtls/keylog.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-keylog.Tpo vtls/$(DEPDIR)/libcurl_la-keylog.Plo @@ -2947,13 +2964,6 @@ vtls/libcurl_la-mbedtls_threadlock.lo: vtls/mbedtls_threadlock.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-mbedtls_threadlock.lo `test -f 'vtls/mbedtls_threadlock.c' || echo '$(srcdir)/'`vtls/mbedtls_threadlock.c -vtls/libcurl_la-mesalink.lo: vtls/mesalink.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-mesalink.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-mesalink.Tpo -c -o vtls/libcurl_la-mesalink.lo `test -f 'vtls/mesalink.c' || echo '$(srcdir)/'`vtls/mesalink.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-mesalink.Tpo vtls/$(DEPDIR)/libcurl_la-mesalink.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/mesalink.c' object='vtls/libcurl_la-mesalink.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-mesalink.lo `test -f 'vtls/mesalink.c' || echo '$(srcdir)/'`vtls/mesalink.c - vtls/libcurl_la-nss.lo: vtls/nss.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-nss.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-nss.Tpo -c -o vtls/libcurl_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-nss.Tpo vtls/$(DEPDIR)/libcurl_la-nss.Plo @@ -3010,6 +3020,20 @@ vtls/libcurl_la-wolfssl.lo: vtls/wolfssl.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-wolfssl.lo `test -f 'vtls/wolfssl.c' || echo '$(srcdir)/'`vtls/wolfssl.c +vtls/libcurl_la-x509asn1.lo: vtls/x509asn1.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-x509asn1.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-x509asn1.Tpo -c -o vtls/libcurl_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-x509asn1.Tpo vtls/$(DEPDIR)/libcurl_la-x509asn1.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/x509asn1.c' object='vtls/libcurl_la-x509asn1.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c + +vquic/libcurl_la-msh3.lo: vquic/msh3.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vquic/libcurl_la-msh3.lo -MD -MP -MF vquic/$(DEPDIR)/libcurl_la-msh3.Tpo -c -o vquic/libcurl_la-msh3.lo `test -f 'vquic/msh3.c' || echo '$(srcdir)/'`vquic/msh3.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurl_la-msh3.Tpo vquic/$(DEPDIR)/libcurl_la-msh3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vquic/msh3.c' object='vquic/libcurl_la-msh3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurl_la-msh3.lo `test -f 'vquic/msh3.c' || echo '$(srcdir)/'`vquic/msh3.c + vquic/libcurl_la-ngtcp2.lo: vquic/ngtcp2.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vquic/libcurl_la-ngtcp2.lo -MD -MP -MF vquic/$(DEPDIR)/libcurl_la-ngtcp2.Tpo -c -o vquic/libcurl_la-ngtcp2.lo `test -f 'vquic/ngtcp2.c' || echo '$(srcdir)/'`vquic/ngtcp2.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurl_la-ngtcp2.Tpo vquic/$(DEPDIR)/libcurl_la-ngtcp2.Plo @@ -3367,6 +3391,13 @@ libcurlu_la-gopher.lo: gopher.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-gopher.lo `test -f 'gopher.c' || echo '$(srcdir)/'`gopher.c +libcurlu_la-h2h3.lo: h2h3.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-h2h3.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-h2h3.Tpo -c -o libcurlu_la-h2h3.lo `test -f 'h2h3.c' || echo '$(srcdir)/'`h2h3.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-h2h3.Tpo $(DEPDIR)/libcurlu_la-h2h3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='h2h3.c' object='libcurlu_la-h2h3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-h2h3.lo `test -f 'h2h3.c' || echo '$(srcdir)/'`h2h3.c + libcurlu_la-hash.lo: hash.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hash.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hash.Tpo -c -o libcurlu_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hash.Tpo $(DEPDIR)/libcurlu_la-hash.Plo @@ -3374,6 +3405,13 @@ libcurlu_la-hash.lo: hash.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hash.lo `test -f 'hash.c' || echo '$(srcdir)/'`hash.c +libcurlu_la-headers.lo: headers.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-headers.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-headers.Tpo -c -o libcurlu_la-headers.lo `test -f 'headers.c' || echo '$(srcdir)/'`headers.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-headers.Tpo $(DEPDIR)/libcurlu_la-headers.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='headers.c' object='libcurlu_la-headers.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-headers.lo `test -f 'headers.c' || echo '$(srcdir)/'`headers.c + libcurlu_la-hmac.lo: hmac.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hmac.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hmac.Tpo -c -o libcurlu_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hmac.Tpo $(DEPDIR)/libcurlu_la-hmac.Plo @@ -3388,13 +3426,6 @@ libcurlu_la-hostasyn.lo: hostasyn.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostasyn.lo `test -f 'hostasyn.c' || echo '$(srcdir)/'`hostasyn.c -libcurlu_la-hostcheck.lo: hostcheck.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostcheck.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostcheck.Tpo -c -o libcurlu_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostcheck.Tpo $(DEPDIR)/libcurlu_la-hostcheck.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hostcheck.c' object='libcurlu_la-hostcheck.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-hostcheck.lo `test -f 'hostcheck.c' || echo '$(srcdir)/'`hostcheck.c - libcurlu_la-hostip.lo: hostip.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-hostip.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-hostip.Tpo -c -o libcurlu_la-hostip.lo `test -f 'hostip.c' || echo '$(srcdir)/'`hostip.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-hostip.Tpo $(DEPDIR)/libcurlu_la-hostip.Plo @@ -3598,13 +3629,6 @@ libcurlu_la-netrc.lo: netrc.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-netrc.lo `test -f 'netrc.c' || echo '$(srcdir)/'`netrc.c -libcurlu_la-non-ascii.lo: non-ascii.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-non-ascii.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-non-ascii.Tpo -c -o libcurlu_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-non-ascii.Tpo $(DEPDIR)/libcurlu_la-non-ascii.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='non-ascii.c' object='libcurlu_la-non-ascii.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-non-ascii.lo `test -f 'non-ascii.c' || echo '$(srcdir)/'`non-ascii.c - libcurlu_la-nonblock.lo: nonblock.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-nonblock.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-nonblock.Tpo -c -o libcurlu_la-nonblock.lo `test -f 'nonblock.c' || echo '$(srcdir)/'`nonblock.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-nonblock.Tpo $(DEPDIR)/libcurlu_la-nonblock.Plo @@ -3829,6 +3853,13 @@ libcurlu_la-tftp.lo: tftp.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-tftp.lo `test -f 'tftp.c' || echo '$(srcdir)/'`tftp.c +libcurlu_la-timediff.lo: timediff.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-timediff.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-timediff.Tpo -c -o libcurlu_la-timediff.lo `test -f 'timediff.c' || echo '$(srcdir)/'`timediff.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-timediff.Tpo $(DEPDIR)/libcurlu_la-timediff.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='timediff.c' object='libcurlu_la-timediff.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-timediff.lo `test -f 'timediff.c' || echo '$(srcdir)/'`timediff.c + libcurlu_la-timeval.lo: timeval.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-timeval.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-timeval.Tpo -c -o libcurlu_la-timeval.lo `test -f 'timeval.c' || echo '$(srcdir)/'`timeval.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-timeval.Tpo $(DEPDIR)/libcurlu_la-timeval.Plo @@ -3885,13 +3916,6 @@ libcurlu_la-wildcard.lo: wildcard.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-wildcard.lo `test -f 'wildcard.c' || echo '$(srcdir)/'`wildcard.c -libcurlu_la-x509asn1.lo: x509asn1.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-x509asn1.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-x509asn1.Tpo -c -o libcurlu_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-x509asn1.Tpo $(DEPDIR)/libcurlu_la-x509asn1.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='x509asn1.c' object='libcurlu_la-x509asn1.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-x509asn1.lo `test -f 'x509asn1.c' || echo '$(srcdir)/'`x509asn1.c - vauth/libcurlu_la-cleartext.lo: vauth/cleartext.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vauth/libcurlu_la-cleartext.lo -MD -MP -MF vauth/$(DEPDIR)/libcurlu_la-cleartext.Tpo -c -o vauth/libcurlu_la-cleartext.lo `test -f 'vauth/cleartext.c' || echo '$(srcdir)/'`vauth/cleartext.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vauth/$(DEPDIR)/libcurlu_la-cleartext.Tpo vauth/$(DEPDIR)/libcurlu_la-cleartext.Plo @@ -4004,6 +4028,13 @@ vtls/libcurlu_la-gtls.lo: vtls/gtls.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-gtls.lo `test -f 'vtls/gtls.c' || echo '$(srcdir)/'`vtls/gtls.c +vtls/libcurlu_la-hostcheck.lo: vtls/hostcheck.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-hostcheck.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-hostcheck.Tpo -c -o vtls/libcurlu_la-hostcheck.lo `test -f 'vtls/hostcheck.c' || echo '$(srcdir)/'`vtls/hostcheck.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-hostcheck.Tpo vtls/$(DEPDIR)/libcurlu_la-hostcheck.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/hostcheck.c' object='vtls/libcurlu_la-hostcheck.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-hostcheck.lo `test -f 'vtls/hostcheck.c' || echo '$(srcdir)/'`vtls/hostcheck.c + vtls/libcurlu_la-keylog.lo: vtls/keylog.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-keylog.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-keylog.Tpo -c -o vtls/libcurlu_la-keylog.lo `test -f 'vtls/keylog.c' || echo '$(srcdir)/'`vtls/keylog.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-keylog.Tpo vtls/$(DEPDIR)/libcurlu_la-keylog.Plo @@ -4025,13 +4056,6 @@ vtls/libcurlu_la-mbedtls_threadlock.lo: vtls/mbedtls_threadlock.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-mbedtls_threadlock.lo `test -f 'vtls/mbedtls_threadlock.c' || echo '$(srcdir)/'`vtls/mbedtls_threadlock.c -vtls/libcurlu_la-mesalink.lo: vtls/mesalink.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-mesalink.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-mesalink.Tpo -c -o vtls/libcurlu_la-mesalink.lo `test -f 'vtls/mesalink.c' || echo '$(srcdir)/'`vtls/mesalink.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-mesalink.Tpo vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/mesalink.c' object='vtls/libcurlu_la-mesalink.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-mesalink.lo `test -f 'vtls/mesalink.c' || echo '$(srcdir)/'`vtls/mesalink.c - vtls/libcurlu_la-nss.lo: vtls/nss.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-nss.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-nss.Tpo -c -o vtls/libcurlu_la-nss.lo `test -f 'vtls/nss.c' || echo '$(srcdir)/'`vtls/nss.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-nss.Tpo vtls/$(DEPDIR)/libcurlu_la-nss.Plo @@ -4088,6 +4112,20 @@ vtls/libcurlu_la-wolfssl.lo: vtls/wolfssl.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-wolfssl.lo `test -f 'vtls/wolfssl.c' || echo '$(srcdir)/'`vtls/wolfssl.c +vtls/libcurlu_la-x509asn1.lo: vtls/x509asn1.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-x509asn1.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-x509asn1.Tpo -c -o vtls/libcurlu_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-x509asn1.Tpo vtls/$(DEPDIR)/libcurlu_la-x509asn1.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/x509asn1.c' object='vtls/libcurlu_la-x509asn1.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c + +vquic/libcurlu_la-msh3.lo: vquic/msh3.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vquic/libcurlu_la-msh3.lo -MD -MP -MF vquic/$(DEPDIR)/libcurlu_la-msh3.Tpo -c -o vquic/libcurlu_la-msh3.lo `test -f 'vquic/msh3.c' || echo '$(srcdir)/'`vquic/msh3.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurlu_la-msh3.Tpo vquic/$(DEPDIR)/libcurlu_la-msh3.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vquic/msh3.c' object='vquic/libcurlu_la-msh3.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurlu_la-msh3.lo `test -f 'vquic/msh3.c' || echo '$(srcdir)/'`vquic/msh3.c + vquic/libcurlu_la-ngtcp2.lo: vquic/ngtcp2.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vquic/libcurlu_la-ngtcp2.lo -MD -MP -MF vquic/$(DEPDIR)/libcurlu_la-ngtcp2.Tpo -c -o vquic/libcurlu_la-ngtcp2.lo `test -f 'vquic/ngtcp2.c' || echo '$(srcdir)/'`vquic/ngtcp2.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurlu_la-ngtcp2.Tpo vquic/$(DEPDIR)/libcurlu_la-ngtcp2.Plo @@ -4321,10 +4359,11 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurl_la-getenv.Plo -rm -f ./$(DEPDIR)/libcurl_la-getinfo.Plo -rm -f ./$(DEPDIR)/libcurl_la-gopher.Plo + -rm -f ./$(DEPDIR)/libcurl_la-h2h3.Plo -rm -f ./$(DEPDIR)/libcurl_la-hash.Plo + -rm -f ./$(DEPDIR)/libcurl_la-headers.Plo -rm -f ./$(DEPDIR)/libcurl_la-hmac.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostasyn.Plo - -rm -f ./$(DEPDIR)/libcurl_la-hostcheck.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostip.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostip4.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostip6.Plo @@ -4354,7 +4393,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurl_la-mqtt.Plo -rm -f ./$(DEPDIR)/libcurl_la-multi.Plo -rm -f ./$(DEPDIR)/libcurl_la-netrc.Plo - -rm -f ./$(DEPDIR)/libcurl_la-non-ascii.Plo -rm -f ./$(DEPDIR)/libcurl_la-nonblock.Plo -rm -f ./$(DEPDIR)/libcurl_la-openldap.Plo -rm -f ./$(DEPDIR)/libcurl_la-parsedate.Plo @@ -4387,6 +4425,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurl_la-system_win32.Plo -rm -f ./$(DEPDIR)/libcurl_la-telnet.Plo -rm -f ./$(DEPDIR)/libcurl_la-tftp.Plo + -rm -f ./$(DEPDIR)/libcurl_la-timediff.Plo -rm -f ./$(DEPDIR)/libcurl_la-timeval.Plo -rm -f ./$(DEPDIR)/libcurl_la-transfer.Plo -rm -f ./$(DEPDIR)/libcurl_la-url.Plo @@ -4395,7 +4434,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurl_la-version_win32.Plo -rm -f ./$(DEPDIR)/libcurl_la-warnless.Plo -rm -f ./$(DEPDIR)/libcurl_la-wildcard.Plo - -rm -f ./$(DEPDIR)/libcurl_la-x509asn1.Plo -rm -f ./$(DEPDIR)/libcurlu_la-altsvc.Plo -rm -f ./$(DEPDIR)/libcurlu_la-amigaos.Plo -rm -f ./$(DEPDIR)/libcurlu_la-asyn-ares.Plo @@ -4441,10 +4479,11 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurlu_la-getenv.Plo -rm -f ./$(DEPDIR)/libcurlu_la-getinfo.Plo -rm -f ./$(DEPDIR)/libcurlu_la-gopher.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-h2h3.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hash.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-headers.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hmac.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostasyn.Plo - -rm -f ./$(DEPDIR)/libcurlu_la-hostcheck.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostip.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostip4.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostip6.Plo @@ -4474,7 +4513,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurlu_la-mqtt.Plo -rm -f ./$(DEPDIR)/libcurlu_la-multi.Plo -rm -f ./$(DEPDIR)/libcurlu_la-netrc.Plo - -rm -f ./$(DEPDIR)/libcurlu_la-non-ascii.Plo -rm -f ./$(DEPDIR)/libcurlu_la-nonblock.Plo -rm -f ./$(DEPDIR)/libcurlu_la-openldap.Plo -rm -f ./$(DEPDIR)/libcurlu_la-parsedate.Plo @@ -4507,6 +4545,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurlu_la-system_win32.Plo -rm -f ./$(DEPDIR)/libcurlu_la-telnet.Plo -rm -f ./$(DEPDIR)/libcurlu_la-tftp.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-timediff.Plo -rm -f ./$(DEPDIR)/libcurlu_la-timeval.Plo -rm -f ./$(DEPDIR)/libcurlu_la-transfer.Plo -rm -f ./$(DEPDIR)/libcurlu_la-url.Plo @@ -4515,7 +4554,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libcurlu_la-version_win32.Plo -rm -f ./$(DEPDIR)/libcurlu_la-warnless.Plo -rm -f ./$(DEPDIR)/libcurlu_la-wildcard.Plo - -rm -f ./$(DEPDIR)/libcurlu_la-x509asn1.Plo -rm -f vauth/$(DEPDIR)/libcurl_la-cleartext.Plo -rm -f vauth/$(DEPDIR)/libcurl_la-cram.Plo -rm -f vauth/$(DEPDIR)/libcurl_la-digest.Plo @@ -4542,9 +4580,11 @@ distclean: distclean-am -rm -f vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Plo -rm -f vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Plo -rm -f vauth/$(DEPDIR)/libcurlu_la-vauth.Plo + -rm -f vquic/$(DEPDIR)/libcurl_la-msh3.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-ngtcp2.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-quiche.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-vquic.Plo + -rm -f vquic/$(DEPDIR)/libcurlu_la-msh3.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-ngtcp2.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-quiche.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-vquic.Plo @@ -4557,10 +4597,10 @@ distclean: distclean-am -rm -f vtls/$(DEPDIR)/libcurl_la-bearssl.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gtls.Plo + -rm -f vtls/$(DEPDIR)/libcurl_la-hostcheck.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-keylog.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo - -rm -f vtls/$(DEPDIR)/libcurl_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-openssl.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-rustls.Plo @@ -4569,13 +4609,14 @@ distclean: distclean-am -rm -f vtls/$(DEPDIR)/libcurl_la-sectransp.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-vtls.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-wolfssl.Plo + -rm -f vtls/$(DEPDIR)/libcurl_la-x509asn1.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-bearssl.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-gtls.Plo + -rm -f vtls/$(DEPDIR)/libcurlu_la-hostcheck.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-keylog.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo - -rm -f vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-openssl.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-rustls.Plo @@ -4584,6 +4625,7 @@ distclean: distclean-am -rm -f vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-vtls.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-wolfssl.Plo + -rm -f vtls/$(DEPDIR)/libcurlu_la-x509asn1.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-hdr distclean-tags @@ -4674,10 +4716,11 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurl_la-getenv.Plo -rm -f ./$(DEPDIR)/libcurl_la-getinfo.Plo -rm -f ./$(DEPDIR)/libcurl_la-gopher.Plo + -rm -f ./$(DEPDIR)/libcurl_la-h2h3.Plo -rm -f ./$(DEPDIR)/libcurl_la-hash.Plo + -rm -f ./$(DEPDIR)/libcurl_la-headers.Plo -rm -f ./$(DEPDIR)/libcurl_la-hmac.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostasyn.Plo - -rm -f ./$(DEPDIR)/libcurl_la-hostcheck.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostip.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostip4.Plo -rm -f ./$(DEPDIR)/libcurl_la-hostip6.Plo @@ -4707,7 +4750,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurl_la-mqtt.Plo -rm -f ./$(DEPDIR)/libcurl_la-multi.Plo -rm -f ./$(DEPDIR)/libcurl_la-netrc.Plo - -rm -f ./$(DEPDIR)/libcurl_la-non-ascii.Plo -rm -f ./$(DEPDIR)/libcurl_la-nonblock.Plo -rm -f ./$(DEPDIR)/libcurl_la-openldap.Plo -rm -f ./$(DEPDIR)/libcurl_la-parsedate.Plo @@ -4740,6 +4782,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurl_la-system_win32.Plo -rm -f ./$(DEPDIR)/libcurl_la-telnet.Plo -rm -f ./$(DEPDIR)/libcurl_la-tftp.Plo + -rm -f ./$(DEPDIR)/libcurl_la-timediff.Plo -rm -f ./$(DEPDIR)/libcurl_la-timeval.Plo -rm -f ./$(DEPDIR)/libcurl_la-transfer.Plo -rm -f ./$(DEPDIR)/libcurl_la-url.Plo @@ -4748,7 +4791,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurl_la-version_win32.Plo -rm -f ./$(DEPDIR)/libcurl_la-warnless.Plo -rm -f ./$(DEPDIR)/libcurl_la-wildcard.Plo - -rm -f ./$(DEPDIR)/libcurl_la-x509asn1.Plo -rm -f ./$(DEPDIR)/libcurlu_la-altsvc.Plo -rm -f ./$(DEPDIR)/libcurlu_la-amigaos.Plo -rm -f ./$(DEPDIR)/libcurlu_la-asyn-ares.Plo @@ -4794,10 +4836,11 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurlu_la-getenv.Plo -rm -f ./$(DEPDIR)/libcurlu_la-getinfo.Plo -rm -f ./$(DEPDIR)/libcurlu_la-gopher.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-h2h3.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hash.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-headers.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hmac.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostasyn.Plo - -rm -f ./$(DEPDIR)/libcurlu_la-hostcheck.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostip.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostip4.Plo -rm -f ./$(DEPDIR)/libcurlu_la-hostip6.Plo @@ -4827,7 +4870,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurlu_la-mqtt.Plo -rm -f ./$(DEPDIR)/libcurlu_la-multi.Plo -rm -f ./$(DEPDIR)/libcurlu_la-netrc.Plo - -rm -f ./$(DEPDIR)/libcurlu_la-non-ascii.Plo -rm -f ./$(DEPDIR)/libcurlu_la-nonblock.Plo -rm -f ./$(DEPDIR)/libcurlu_la-openldap.Plo -rm -f ./$(DEPDIR)/libcurlu_la-parsedate.Plo @@ -4860,6 +4902,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurlu_la-system_win32.Plo -rm -f ./$(DEPDIR)/libcurlu_la-telnet.Plo -rm -f ./$(DEPDIR)/libcurlu_la-tftp.Plo + -rm -f ./$(DEPDIR)/libcurlu_la-timediff.Plo -rm -f ./$(DEPDIR)/libcurlu_la-timeval.Plo -rm -f ./$(DEPDIR)/libcurlu_la-transfer.Plo -rm -f ./$(DEPDIR)/libcurlu_la-url.Plo @@ -4868,7 +4911,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libcurlu_la-version_win32.Plo -rm -f ./$(DEPDIR)/libcurlu_la-warnless.Plo -rm -f ./$(DEPDIR)/libcurlu_la-wildcard.Plo - -rm -f ./$(DEPDIR)/libcurlu_la-x509asn1.Plo -rm -f vauth/$(DEPDIR)/libcurl_la-cleartext.Plo -rm -f vauth/$(DEPDIR)/libcurl_la-cram.Plo -rm -f vauth/$(DEPDIR)/libcurl_la-digest.Plo @@ -4895,9 +4937,11 @@ maintainer-clean: maintainer-clean-am -rm -f vauth/$(DEPDIR)/libcurlu_la-spnego_gssapi.Plo -rm -f vauth/$(DEPDIR)/libcurlu_la-spnego_sspi.Plo -rm -f vauth/$(DEPDIR)/libcurlu_la-vauth.Plo + -rm -f vquic/$(DEPDIR)/libcurl_la-msh3.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-ngtcp2.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-quiche.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-vquic.Plo + -rm -f vquic/$(DEPDIR)/libcurlu_la-msh3.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-ngtcp2.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-quiche.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-vquic.Plo @@ -4910,10 +4954,10 @@ maintainer-clean: maintainer-clean-am -rm -f vtls/$(DEPDIR)/libcurl_la-bearssl.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-gtls.Plo + -rm -f vtls/$(DEPDIR)/libcurl_la-hostcheck.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-keylog.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo - -rm -f vtls/$(DEPDIR)/libcurl_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-openssl.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-rustls.Plo @@ -4922,13 +4966,14 @@ maintainer-clean: maintainer-clean-am -rm -f vtls/$(DEPDIR)/libcurl_la-sectransp.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-vtls.Plo -rm -f vtls/$(DEPDIR)/libcurl_la-wolfssl.Plo + -rm -f vtls/$(DEPDIR)/libcurl_la-x509asn1.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-bearssl.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-gskit.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-gtls.Plo + -rm -f vtls/$(DEPDIR)/libcurlu_la-hostcheck.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-keylog.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo - -rm -f vtls/$(DEPDIR)/libcurlu_la-mesalink.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-nss.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-openssl.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-rustls.Plo @@ -4937,6 +4982,7 @@ maintainer-clean: maintainer-clean-am -rm -f vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-vtls.Plo -rm -f vtls/$(DEPDIR)/libcurlu_la-wolfssl.Plo + -rm -f vtls/$(DEPDIR)/libcurlu_la-x509asn1.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -4977,8 +5023,9 @@ uninstall-am: uninstall-libLTLIBRARIES checksrc: - $(CHECKSRC)(@PERL@ $(srcdir)/checksrc.pl -D$(srcdir) -W$(srcdir)/curl_config.h \ - $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] $(srcdir)/vtls/*.[ch] $(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch]) + $(CHECKSRC)(@PERL@ $(top_srcdir)/scripts/checksrc.pl -D$(srcdir) \ + -W$(srcdir)/curl_config.h $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] \ + $(srcdir)/vtls/*.[ch] $(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch]) # for debug builds, we scan the sources on all regular make invokes @CURLDEBUG_TRUE@all-local: checksrc diff --git a/libs/libcurl/src/Makefile.inc b/libs/libcurl/src/Makefile.inc index 3e9ddec12c..1ab0078966 100644 --- a/libs/libcurl/src/Makefile.inc +++ b/libs/libcurl/src/Makefile.inc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -44,10 +44,10 @@ LIB_VTLS_CFILES = \ vtls/bearssl.c \ vtls/gskit.c \ vtls/gtls.c \ + vtls/hostcheck.c \ vtls/keylog.c \ vtls/mbedtls.c \ vtls/mbedtls_threadlock.c \ - vtls/mesalink.c \ vtls/nss.c \ vtls/openssl.c \ vtls/rustls.c \ @@ -55,30 +55,34 @@ LIB_VTLS_CFILES = \ vtls/schannel_verify.c \ vtls/sectransp.c \ vtls/vtls.c \ - vtls/wolfssl.c + vtls/wolfssl.c \ + vtls/x509asn1.c LIB_VTLS_HFILES = \ vtls/bearssl.h \ vtls/gskit.h \ vtls/gtls.h \ + vtls/hostcheck.h \ vtls/keylog.h \ vtls/mbedtls.h \ vtls/mbedtls_threadlock.h \ - vtls/mesalink.h \ vtls/nssg.h \ vtls/openssl.h \ vtls/rustls.h \ vtls/schannel.h \ vtls/sectransp.h \ vtls/vtls.h \ - vtls/wolfssl.h + vtls/wolfssl.h \ + vtls/x509asn1.h LIB_VQUIC_CFILES = \ + vquic/msh3.c \ vquic/ngtcp2.c \ vquic/quiche.c \ vquic/vquic.c LIB_VQUIC_HFILES = \ + vquic/msh3.h \ vquic/ngtcp2.h \ vquic/quiche.h \ vquic/vquic.h @@ -137,10 +141,11 @@ LIB_CFILES = \ getenv.c \ getinfo.c \ gopher.c \ + h2h3.c \ hash.c \ + headers.c \ hmac.c \ hostasyn.c \ - hostcheck.c \ hostip.c \ hostip4.c \ hostip6.c \ @@ -170,7 +175,6 @@ LIB_CFILES = \ mqtt.c \ multi.c \ netrc.c \ - non-ascii.c \ nonblock.c \ openldap.c \ parsedate.c \ @@ -203,6 +207,7 @@ LIB_CFILES = \ system_win32.c \ telnet.c \ tftp.c \ + timediff.c \ timeval.c \ transfer.c \ url.c \ @@ -210,8 +215,7 @@ LIB_CFILES = \ version.c \ version_win32.c \ warnless.c \ - wildcard.c \ - x509asn1.c + wildcard.c LIB_HFILES = \ altsvc.h \ @@ -268,8 +272,9 @@ LIB_HFILES = \ ftplistparser.h \ getinfo.h \ gopher.h \ + h2h3.h \ hash.h \ - hostcheck.h \ + headers.h \ hostip.h \ hsts.h \ http.h \ @@ -291,7 +296,6 @@ LIB_HFILES = \ multihandle.h \ multiif.h \ netrc.h \ - non-ascii.h \ nonblock.h \ parsedate.h \ pingpong.h \ @@ -324,6 +328,7 @@ LIB_HFILES = \ system_win32.h \ telnet.h \ tftp.h \ + timediff.h \ timeval.h \ transfer.h \ url.h \ @@ -331,8 +336,7 @@ LIB_HFILES = \ urldata.h \ version_win32.h \ warnless.h \ - wildcard.h \ - x509asn1.h + wildcard.h LIB_RCFILES = libcurl.rc diff --git a/libs/libcurl/src/Makefile.netware b/libs/libcurl/src/Makefile.netware deleted file mode 100644 index 92752128da..0000000000 --- a/libs/libcurl/src/Makefile.netware +++ /dev/null @@ -1,725 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 2004 - 2015, 2021, Guenter Knauf -# Copyright (C) 2001 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -#*************************************************************************** - -################################################################# -# -## Makefile for building libcurl.nlm (NetWare version - gnu make) -## -## Use: make -f Makefile.netware -# -################################################################# - -# Edit the path below to point to the base of your Novell NDK. -ifndef NDKBASE -NDKBASE = c:/novell -endif - -# Edit the path below to point to the base of your Zlib sources. -ifndef ZLIB_PATH -ZLIB_PATH = ../../zlib-1.2.8 -endif - -# Edit the path below to point to the base of your OpenSSL package. -ifndef OPENSSL_PATH -OPENSSL_PATH = ../../openssl-1.0.2a -endif - -# Edit the path below to point to the base of your LibSSH2 package. -ifndef LIBSSH2_PATH -LIBSSH2_PATH = ../../libssh2-1.5.0 -endif - -# Edit the path below to point to the base of your libidn package. -ifndef LIBIDN_PATH -LIBIDN_PATH = ../../libidn-1.18 -endif - -# Edit the path below to point to the base of your librtmp package. -ifndef LIBRTMP_PATH -LIBRTMP_PATH = ../../librtmp-2.3 -endif - -# Edit the path below to point to the base of your nghttp2 package. -ifndef NGHTTP2_PATH -NGHTTP2_PATH = ../../nghttp2-0.6.7 -endif - -# Edit the path below to point to the base of your fbopenssl package. -ifndef FBOPENSSL_PATH -FBOPENSSL_PATH = ../../fbopenssl-0.4 -endif - -# Edit the path below to point to the base of your c-ares package. -ifndef LIBCARES_PATH -LIBCARES_PATH = ../ares -endif - -ifndef INSTDIR -INSTDIR = ..$(DS)curl-$(LIBCURL_VERSION_STR)-bin-nw -endif - -# Edit the vars below to change NLM target settings. -TARGET = libcurl -VERSION = $(LIBCURL_VERSION) -COPYR = Copyright (C) $(LIBCURL_COPYRIGHT_STR) -DESCR = curl libcurl $(LIBCURL_VERSION_STR) ($(LIBARCH)) - https://curl.se -MTSAFE = YES -STACK = 64000 -SCREEN = none -EXPORTF = $(TARGET).imp -EXPORTS = @$(EXPORTF) - -# Uncomment the next line to enable linking with POSIX semantics. -# POSIXFL = 1 - -# Edit the var below to point to your lib architecture. -ifndef LIBARCH -LIBARCH = LIBC -endif - -# must be equal to NDEBUG or DEBUG, CURLDEBUG -ifndef DB -DB = NDEBUG -endif -# Optimization: -O<n> or debugging: -g -ifeq ($(DB),NDEBUG) - OPT = -O2 - OBJDIR = release -else - OPT = -g - OBJDIR = debug -endif - -# The following lines defines your compiler. -ifdef CWFolder - METROWERKS = $(CWFolder) -endif -ifdef METROWERKS - # MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support - MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support - CC = mwccnlm -else - CC = gcc -endif -PERL = perl -# Here you can find a native Win32 binary of the original awk: -# http://www.gknw.net/development/prgtools/awk-20100523.zip -AWK = awk -CP = cp -afv -MKDIR = mkdir -# RM = rm -f -# If you want to mark the target as MTSAFE you will need a tool for -# generating the xdc data for the linker; here's a minimal tool: -# http://www.gknw.net/development/prgtools/mkxdc.zip -MPKXDC = mkxdc - -# LIBARCH_U = $(shell $(AWK) 'BEGIN {print toupper(ARGV[1])}' $(LIBARCH)) -LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH)) - -# Include the version info retrieved from curlver.h --include $(OBJDIR)/version.inc - -# Global flags for all compilers -CFLAGS += $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc - -ifeq ($(CC),mwccnlm) - LD = mwldnlm - LDFLAGS = -nostdlib $(PRELUDE) $(OBJL) -o $@ -commandfile - AR = mwldnlm - ARFLAGS = -nostdlib -type library -o - LIBEXT = lib - #RANLIB = - CFLAGS += -msgstyle gcc -gccinc -inline off -opt nointrinsics -proc 586 - CFLAGS += -relax_pointers - #CFLAGS += -w on - ifeq ($(LIBARCH),LIBC) - ifeq ($(POSIXFL),1) - PRELUDE = $(NDK_LIBC)/imports/posixpre.o - else - PRELUDE = $(NDK_LIBC)/imports/libcpre.o - endif - CFLAGS += -align 4 - else - # PRELUDE = $(NDK_CLIB)/imports/clibpre.o - # to avoid the __init_* / __deinit_* woes don't use prelude from NDK - PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj" - # CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h" - CFLAGS += -align 1 - endif -else - LD = nlmconv - LDFLAGS = -T - AR = ar - ARFLAGS = -cq - LIBEXT = a - RANLIB = ranlib - CFLAGS += -m32 - CFLAGS += -fno-builtin -fno-strict-aliasing - ifeq ($(findstring gcc,$(CC)),gcc) - CFLAGS += -fpcc-struct-return - endif - CFLAGS += -Wall # -pedantic - ifeq ($(LIBARCH),LIBC) - ifeq ($(POSIXFL),1) - PRELUDE = $(NDK_LIBC)/imports/posixpre.gcc.o - else - PRELUDE = $(NDK_LIBC)/imports/libcpre.gcc.o - endif - else - PRELUDE = $(NDK_CLIB)/imports/clibpre.gcc.o - # to avoid the __init_* / __deinit_* woes don't use prelude from NDK - # http://www.gknw.net/development/mk_nlm/gcc_pre.zip - # PRELUDE = $(NDK_ROOT)/pre/prelude.o - CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h - endif -endif - -NDK_ROOT = $(NDKBASE)/ndk -ifndef NDK_CLIB -NDK_CLIB = $(NDK_ROOT)/nwsdk -endif -ifndef NDK_LIBC -NDK_LIBC = $(NDK_ROOT)/libc -endif -ifndef NDK_LDAP -NDK_LDAP = $(NDK_ROOT)/cldapsdk/netware -endif -CURL_INC = ../include -CURL_LIB = ../lib - -INCLUDES = -I$(CURL_INC) -I$(CURL_LIB) - -ifeq ($(findstring -static,$(CFG)),-static) -LINK_STATIC = 1 -endif -ifeq ($(findstring -ares,$(CFG)),-ares) -WITH_ARES = 1 -endif -ifeq ($(findstring -rtmp,$(CFG)),-rtmp) -WITH_RTMP = 1 -WITH_SSL = 1 -WITH_ZLIB = 1 -endif -ifeq ($(findstring -ssh2,$(CFG)),-ssh2) -WITH_SSH2 = 1 -WITH_SSL = 1 -WITH_ZLIB = 1 -endif -ifeq ($(findstring -ssl,$(CFG)),-ssl) -WITH_SSL = 1 -ifeq ($(findstring -srp,$(CFG)),-srp) -ifeq "$(wildcard $(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h)" "$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h" -WITH_SRP = 1 -endif -endif -endif -ifeq ($(findstring -zlib,$(CFG)),-zlib) -WITH_ZLIB = 1 -endif -ifeq ($(findstring -idn,$(CFG)),-idn) -WITH_IDN = 1 -endif -ifeq ($(findstring -nghttp2,$(CFG)),-nghttp2) -WITH_NGHTTP2 = 1 -endif -ifeq ($(findstring -ipv6,$(CFG)),-ipv6) -ENABLE_IPV6 = 1 -endif - -ifdef WITH_ARES - INCLUDES += -I$(LIBCARES_PATH) - LDLIBS += $(LIBCARES_PATH)/libcares.$(LIBEXT) -endif -ifdef WITH_SSH2 - INCLUDES += -I$(LIBSSH2_PATH)/include -ifdef LINK_STATIC - LDLIBS += $(LIBSSH2_PATH)/nw/libssh2.$(LIBEXT) -else - MODULES += libssh2.nlm - IMPORTS += @$(LIBSSH2_PATH)/nw/libssh2.imp -endif -endif -ifdef WITH_RTMP - INCLUDES += -I$(LIBRTMP_PATH) - LDLIBS += $(LIBRTMP_PATH)/librtmp/librtmp.$(LIBEXT) -endif -ifdef WITH_SSL - INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L) - LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT) - LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT) - IMPORTS += GetProcessSwitchCount RunningProcess - INSTDEP += ca-bundle.crt -else -endif -ifdef WITH_ZLIB - INCLUDES += -I$(ZLIB_PATH) - ifdef LINK_STATIC - LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT) - else - MODULES += libz.nlm - IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp - endif -endif -ifdef WITH_IDN - INCLUDES += -I$(LIBIDN_PATH)/include - LDLIBS += $(LIBIDN_PATH)/lib/libidn.$(LIBEXT) -endif -ifdef WITH_NGHTTP2 - INCLUDES += -I$(NGHTTP2_PATH)/include - LDLIBS += $(NGHTTP2_PATH)/lib/libnghttp2.$(LIBEXT) -endif - -ifeq ($(LIBARCH),LIBC) - INCLUDES += -I$(NDK_LIBC)/include - # INCLUDES += -I$(NDK_LIBC)/include/nks - # INCLUDES += -I$(NDK_LIBC)/include/winsock - CFLAGS += -D_POSIX_SOURCE -else - INCLUDES += -I$(NDK_CLIB)/include/nlm - # INCLUDES += -I$(NDK_CLIB)/include/nlm/obsolete - # INCLUDES += -I$(NDK_CLIB)/include -endif -ifndef DISABLE_LDAP - INCLUDES += -I$(NDK_LDAP)/$(LIBARCH_L)/inc -endif -CFLAGS += $(INCLUDES) - -ifeq ($(MTSAFE),YES) - XDCOPT = -n -endif -ifeq ($(MTSAFE),NO) - XDCOPT = -u -endif -ifdef XDCOPT - XDCDATA = $(OBJDIR)/$(TARGET).xdc -endif - -ifeq ($(findstring /sh,$(SHELL)),/sh) -DL = ' -DS = / -PCT = % -#-include $(NDKBASE)/nlmconv/ncpfs.inc -else -DS = \\ -PCT = %% -endif - -# Makefile.inc provides the CSOURCES and HHEADERS defines -include Makefile.inc - -OBJS := $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(notdir $(CSOURCES)))) $(OBJDIR)/nwos.o - -OBJL = $(OBJS) $(OBJDIR)/nwlib.o $(LDLIBS) - -vpath %.c . vauth vtls - -all: lib nlm - -nlm: prebuild $(TARGET).nlm - -lib: prebuild $(TARGET).$(LIBEXT) - -prebuild: $(OBJDIR) $(OBJDIR)/version.inc curl_config.h - -$(OBJDIR)/%.o: %.c -# @echo Compiling $< - $(CC) $(CFLAGS) -c $< -o $@ - -$(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR) - @echo Creating $@ - @$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@ - -install: $(INSTDIR) all $(INSTDEP) - @$(CP) $(TARGET).nlm $(INSTDIR) - @$(CP) $(TARGET).$(LIBEXT) $(INSTDIR) - @$(CP) ../CHANGES $(INSTDIR) - @$(CP) ../COPYING $(INSTDIR) - @$(CP) ../README $(INSTDIR) - @$(CP) ../RELEASE-NOTES $(INSTDIR) -ifdef WITH_SSL - @-$(CP) ca-bundle.crt $(INSTDIR)/ca-bundle.crt -endif - -clean: - -$(RM) curl_config.h - -$(RM) -r $(OBJDIR) - -distclean vclean: clean - -$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm $(TARGET).imp - -$(RM) certdata.txt ca-bundle.crt - -$(OBJDIR) $(INSTDIR): - @$(MKDIR) $@ - -$(TARGET).$(LIBEXT): $(OBJS) - @echo Creating $@ - @-$(RM) $@ - @$(AR) $(ARFLAGS) $@ $^ -ifdef RANLIB - @$(RANLIB) $@ -endif - -$(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(EXPORTF) $(XDCDATA) - @echo Linking $@ - @-$(RM) $@ - @$(LD) $(LDFLAGS) $< - -$(OBJDIR)/%.xdc: Makefile.netware - @echo Creating $@ - @$(MPKXDC) $(XDCOPT) $@ - -$(OBJDIR)/%.def: Makefile.netware - @echo $(DL)# DEF file for linking with $(LD)$(DL) > $@ - @echo $(DL)# Do not edit this file - it is created by make!$(DL) >> $@ - @echo $(DL)# All your changes will be lost!!$(DL) >> $@ - @echo $(DL)#$(DL) >> $@ - @echo $(DL)copyright "$(COPYR)"$(DL) >> $@ - @echo $(DL)description "$(DESCR)"$(DL) >> $@ - @echo $(DL)version $(VERSION)$(DL) >> $@ -ifdef NLMTYPE - @echo $(DL)type $(NLMTYPE)$(DL) >> $@ -endif -ifdef STACK - @echo $(DL)stack $(STACK)$(DL) >> $@ -endif -ifdef SCREEN - @echo $(DL)screenname "$(SCREEN)"$(DL) >> $@ -else - @echo $(DL)screenname "DEFAULT"$(DL) >> $@ -endif -ifneq ($(DB),NDEBUG) - @echo $(DL)debug$(DL) >> $@ -endif - @echo $(DL)threadname "$(TARGET)"$(DL) >> $@ -ifdef XDCDATA - @echo $(DL)xdcdata $(XDCDATA)$(DL) >> $@ -endif - @echo $(DL)flag_on 64$(DL) >> $@ -ifeq ($(LIBARCH),CLIB) - @echo $(DL)start _Prelude$(DL) >> $@ - @echo $(DL)exit _Stop$(DL) >> $@ - @echo $(DL)import @$(NDK_CLIB)/imports/clib.imp$(DL) >> $@ - @echo $(DL)import @$(NDK_CLIB)/imports/threads.imp$(DL) >> $@ - @echo $(DL)import @$(NDK_CLIB)/imports/nlmlib.imp$(DL) >> $@ - @echo $(DL)import @$(NDK_CLIB)/imports/socklib.imp$(DL) >> $@ - @echo $(DL)module clib$(DL) >> $@ -ifndef DISABLE_LDAP - @echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapsdk.imp$(DL) >> $@ - @echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapssl.imp$(DL) >> $@ -# @echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@ - @echo $(DL)module ldapsdk ldapssl$(DL) >> $@ -endif -else -ifeq ($(POSIXFL),1) - @echo $(DL)flag_on 4194304$(DL) >> $@ -endif - @echo $(DL)pseudopreemption$(DL) >> $@ -ifeq ($(findstring posixpre,$(PRELUDE)),posixpre) - @echo $(DL)start POSIX_Start$(DL) >> $@ - @echo $(DL)exit POSIX_Stop$(DL) >> $@ - @echo $(DL)check POSIX_CheckUnload$(DL) >> $@ -else - @echo $(DL)start _LibCPrelude$(DL) >> $@ - @echo $(DL)exit _LibCPostlude$(DL) >> $@ - @echo $(DL)check _LibCCheckUnload$(DL) >> $@ -endif - @echo $(DL)import @$(NDK_LIBC)/imports/libc.imp$(DL) >> $@ - @echo $(DL)import @$(NDK_LIBC)/imports/netware.imp$(DL) >> $@ - @echo $(DL)module libc$(DL) >> $@ -ifndef DISABLE_LDAP - @echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapsdk.imp$(DL) >> $@ - @echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapssl.imp$(DL) >> $@ -# @echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapx.imp$(DL) >> $@ - @echo $(DL)module lldapsdk lldapssl$(DL) >> $@ -endif -endif -ifdef MODULES - @echo $(DL)module $(MODULES)$(DL) >> $@ -endif -ifdef EXPORTS - @echo $(DL)export $(EXPORTS)$(DL) >> $@ -endif -ifdef IMPORTS - @echo $(DL)import $(IMPORTS)$(DL) >> $@ -endif -ifeq ($(findstring nlmconv,$(LD)),nlmconv) - @echo $(DL)input $(PRELUDE)$(DL) >> $@ - @echo $(DL)input $(OBJL)$(DL) >> $@ -#ifdef LDLIBS -# @echo $(DL)input $(LDLIBS)$(DL) >> $@ -#endif - @echo $(DL)output $(TARGET).nlm$(DL) >> $@ -endif - -curl_config.h: Makefile.netware - @echo Creating $@ - @echo $(DL)/* $@ for NetWare target.$(DL) > $@ - @echo $(DL)** Do not edit this file - it is created by make!$(DL) >> $@ - @echo $(DL)** All your changes will be lost!!$(DL) >> $@ - @echo $(DL)*/$(DL) >> $@ - @echo $(DL)#ifndef NETWARE$(DL) >> $@ - @echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@ - @echo $(DL)#endif$(DL) >> $@ - @echo $(DL)#define VERSION "$(LIBCURL_VERSION_STR)"$(DL) >> $@ - @echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.se/mail/"$(DL) >> $@ -ifeq ($(LIBARCH),CLIB) - @echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@ - @echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRICMP 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRNICMP 1$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG1 int$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG2 char$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG3 int$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG4 int$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG5 struct sockaddr$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG6 int$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_RETV int$(DL) >> $@ - @echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@ - @echo $(DL)#define SIZEOF_SIZE_T 4$(DL) >> $@ - @echo $(DL)#define pressanykey PressAnyKeyToContinue$(DL) >> $@ -else - @echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@ - @echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@ - @echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@ - @echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@ - @echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRTOLL 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@ - @echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG1 int$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG2 void$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG3 size_t$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG4 int$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG5 struct sockaddr$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG6 size_t$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_RETV ssize_t$(DL) >> $@ - @echo $(DL)#define RECVFROM_TYPE_ARG2_IS_VOID 1$(DL) >> $@ - @echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@ - @echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@ - @echo $(DL)#define SIZEOF_OFF_T 8$(DL) >> $@ - @echo $(DL)#define SIZEOF_SIZE_T 8$(DL) >> $@ - @echo $(DL)#define _LARGEFILE 1$(DL) >> $@ -ifdef ENABLE_IPV6 - @echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@ - @echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@ - @echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@ - @echo $(DL)#define HAVE_FREEADDRINFO 1$(DL) >> $@ - @echo $(DL)#define HAVE_GETADDRINFO 1$(DL) >> $@ - @echo $(DL)#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@ - @echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@ -endif -endif - @echo $(DL)#define USE_MANUAL 1$(DL) >> $@ - @echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_ERRNO_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_GETHOSTBYNAME 1$(DL) >> $@ - @echo $(DL)#define HAVE_GETPROTOBYNAME 1$(DL) >> $@ - @echo $(DL)#define HAVE_GMTIME_R 1$(DL) >> $@ - @echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@ - @echo $(DL)#define HAVE_IOCTL 1$(DL) >> $@ - @echo $(DL)#define HAVE_IOCTL_FIONBIO 1$(DL) >> $@ - @echo $(DL)#define HAVE_LL 1$(DL) >> $@ - @echo $(DL)#define HAVE_LOCALE_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_LOCALTIME_R 1$(DL) >> $@ - @echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_RECV 1$(DL) >> $@ - @echo $(DL)#define HAVE_RECVFROM 1$(DL) >> $@ - @echo $(DL)#define HAVE_SELECT 1$(DL) >> $@ - @echo $(DL)#define HAVE_SEND 1$(DL) >> $@ - @echo $(DL)#define HAVE_SETJMP_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_SETLOCALE 1$(DL) >> $@ - @echo $(DL)#define HAVE_SIGNAL 1$(DL) >> $@ - @echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@ - @echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@ - @echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_UNAME 1$(DL) >> $@ - @echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_UTIME 1$(DL) >> $@ - @echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_WRITEV 1$(DL) >> $@ - @echo $(DL)#define SIZEOF_INT 4$(DL) >> $@ - @echo $(DL)#define SIZEOF_SHORT 2$(DL) >> $@ - @echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@ - @echo $(DL)#define STDC_HEADERS 1$(DL) >> $@ - @echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@ -ifdef DISABLE_LDAP - @echo $(DL)#define CURL_DISABLE_LDAP 1$(DL) >> $@ -else - @echo $(DL)#define CURL_HAS_NOVELL_LDAPSDK 1$(DL) >> $@ -ifndef DISABLE_LDAPS - @echo $(DL)#define HAVE_LDAP_SSL 1$(DL) >> $@ -endif - @echo $(DL)#define HAVE_LDAP_SSL_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_LDAP_URL_PARSE 1$(DL) >> $@ -endif -ifdef NW_WINSOCK - @echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@ -else - @echo $(DL)#define USE_BSD_SOCKETS 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_TYPES_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_SOCKET_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_SYS_SOCKIO_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_NETDB_H 1$(DL) >> $@ -endif -ifdef WITH_ARES - @echo $(DL)#define USE_ARES 1$(DL) >> $@ -endif -ifdef WITH_ZLIB - @echo $(DL)#define HAVE_ZLIB_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_LIBZ 1$(DL) >> $@ -endif -ifdef WITH_SSL - @echo $(DL)#define USE_OPENSSL 1$(DL) >> $@ - @echo $(DL)#define HAVE_OPENSSL_X509_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_OPENSSL_SSL_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_OPENSSL_RSA_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_OPENSSL_PEM_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_OPENSSL_ERR_H 1$(DL) >> $@ - @echo $(DL)#define HAVE_OPENSSL_CRYPTO_H 1$(DL) >> $@ - @echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@ -ifdef WITH_SRP - @echo $(DL)#define USE_TLS_SRP 1$(DL) >> $@ -endif -ifdef WITH_SPNEGO - @echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@ -endif -else -endif -ifdef WITH_SSH2 - @echo $(DL)#define USE_LIBSSH2 1$(DL) >> $@ - @echo $(DL)#define HAVE_LIBSSH2_H 1$(DL) >> $@ -endif -ifdef WITH_IDN - @echo $(DL)#define HAVE_LIBIDN 1$(DL) >> $@ - @echo $(DL)#define HAVE_TLD_H 1$(DL) >> $@ -endif -ifdef WITH_RTMP - @echo $(DL)#define USE_LIBRTMP 1$(DL) >> $@ -endif -ifdef WITH_NGHTTP2 - @echo $(DL)#define USE_NGHTTP2 1$(DL) >> $@ -endif - @echo $(DL)#ifdef __GNUC__$(DL) >> $@ - @echo $(DL)#define HAVE_VARIADIC_MACROS_GCC 1$(DL) >> $@ - @echo $(DL)#else$(DL) >> $@ - @echo $(DL)#define HAVE_VARIADIC_MACROS_C99 1$(DL) >> $@ - @echo $(DL)#endif$(DL) >> $@ -ifdef CABUNDLE - @echo $(DL)#define CURL_CA_BUNDLE "$(CABUNDLE)"$(DL) >> $@ -endif - -$(EXPORTF): $(CURL_INC)/curl/curl.h $(CURL_INC)/curl/easy.h $(CURL_INC)/curl/multi.h $(CURL_INC)/curl/mprintf.h - @echo Creating $@ - @$(AWK) -f ../packages/NetWare/get_exp.awk $^ > $@ - -FORCE: ; - -info: $(OBJDIR)/version.inc - @echo Configured to build $(TARGET) with these options: - @echo libarchitecture: $(LIBARCH) - @echo curl version: $(LIBCURL_VERSION_STR) - @echo compiler/linker: $(CC) / $(LD) -ifdef CABUNDLE - @echo ca-bundle path: $(CABUNDLE) -endif -ifdef WITH_SSL - @echo SSL support: enabled (OpenSSL) -else - @echo SSL support: no -endif -ifdef WITH_SRP - @echo SRP support: enabled -else - @echo SRP support: no -endif -ifdef WITH_SSH2 - @echo SSH2 support: enabled (libssh2) -else - @echo SSH2 support: no -endif -ifdef WITH_ZLIB - @echo zlib support: enabled -else - @echo zlib support: no -endif -ifdef WITH_NGHTTP2 - @echo http2 support: enabled -else - @echo http2 support: no -endif -ifdef WITH_ARES - @echo c-ares support: enabled -else - @echo c-ares support: no -endif -ifdef ENABLE_IPV6 - @echo IPv6 support: enabled -else - @echo IPv6 support: no -endif - -$(LIBCARES_PATH)/libcares.$(LIBEXT): - $(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib - -ca-bundle.crt: mk-ca-bundle.pl - @echo Creating $@ - @-$(PERL) $< -b -n $@ diff --git a/libs/libcurl/src/Makefile.vxworks b/libs/libcurl/src/Makefile.vxworks deleted file mode 100644 index 91f9d61497..0000000000 --- a/libs/libcurl/src/Makefile.vxworks +++ /dev/null @@ -1,198 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -#***************************************************************************** -# -# -#Filename : Makefile.vxworks -#Description: makefile to be used in order to compile libcurl for VxWoorks 6.3. -# -#How to use: -# 1. Adjust environment variables at the file beginning -# 2. Open the Command Prompt window and change directory ('cd') -# into the 'lib' folder -# 3. Add <CYGWIN>/bin folder to the PATH environment variable -# For example type 'set PATH=C:/embedded/cygwin/bin;%PATH%' -# 4. Build the library by typing 'make -f ./Makefile.vxworks' -# As a result the libcurl.a should be created in the 'lib' folder. -# To clean package use 'make -f ./Makefile.vxworks clean' -#Requirements: -# 1. WinXP machine -# 2. Full CYGWIN installation (open source) with GNU make version -# v3.78 or higher -# 3. WindRiver Workbench with vxWorks 6.3 (commercial) -#***************************************************************************** - -# ---------------------------------------------------------------------- -# Environment -# ---------------------------------------------------------------------- - -export WIND_HOME := C:/embedded/Workbench2.5.0.1 -export WIND_BASE := $(WIND_HOME)/vxworks-6.3 -export WIND_HOST_TYPE := x86-win32 - -# BUILD_TYE:= <debug>|<release> (build with debugging info or optimized) -BUILD_TYPE := debug -USER_CFLAGS:= - -# directories where to seek for includes and libraries -OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8zc-vxWorks6.3/include -OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8zc-vxWorks6.3 -ZLIB_INC := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/zlib-1.2.8 -ZLIB_LIB := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib -ARES_INC := -ARES_LIB := - - -# ---------------------------------------------------------------------- -# Compiler -# ---------------------------------------------------------------------- - -CC := ccppc -AR := arppc -LINK := ccppc -CFLAGS := -D__GNUC__ -D__ppc__ -msoft-float -fno-builtin -mcpu=604 -mlongcall -DCPU=PPC604 -D_GNU_TOOL -Wall -W -Winline $(USER_CFLAGS) -LDFLAGS := -nostdlib -Wl,-i -Wl,-X -INCLUDE_FLAG := -I -C_DEBUGFLAG := -g -C_OPTFLAG := -O2 -COMPILE_ONLY_FLAG := -c -OBJ_EXTENSION := .o -CC_OBJ_OUTPUT = -o $@ -ARFLAGS := -rc -LIBS_FLAG := -l -LIBS_DIRFLAG:= -L -LD_DEBUGFLAG := $(C_DEBUGFLAG) -EXECUTE_EXTENSION := .out -TOOL_CHAIN_BIN := $(WIND_HOME)/gnu/3.4.4-vxworks-6.3/$(WIND_HOST_TYPE)/bin/ - -# ---------------------------------------------------------------------- - -# Add -DINET6 if the OS kernel image was built with IPv6 support -# CFLAGS += -DINET6 - -# Set up compiler and linker flags for debug or optimization -ifeq ($(BUILD_TYPE), debug) -CFLAGS += $(C_DEBUGFLAG) -LDFLAGS += $(LD_DEBUGFLAG) -else -CFLAGS += $(C_OPTFLAG) -endif - -# ---------------------------------------------------------------------- - -# Main Makefile and possible sub-make files -MAKEFILES := Makefile.vxworks - -# List of external include directories -#----- -# IMPORTANT: include OPENSSL directories before system -# in order to prevent WindRiver OpenSSL to be used. -#----- -INCLUDE_DIRS := ../include $(OPENSSL_INC) $(ZLIB_INC) $(ARES_INC) $(WIND_BASE)/target/h $(WIND_BASE)/target/h/wrn/coreip - -# List of external libraries and their directories -LIBS_LIST := . -LIB_DIRS := . -ifneq ($(OPENSSL_LIB), ) -LIBS_LIST += crypto ssl -LIB_DIRS += $(OPENSSL_LIB) -endif -ifneq ($(ZLIB_LIB), ) -LIBS_LIST += z -LIB_DIRS += $(ZLIB_LIB) -endif -ifneq ($(ARES_LIB), ) -LIBS_LIST += ares -LIB_DIRS += $(ARES_LIB) -endif - -# Add include and library directories and libraries -CFLAGS += $(INCLUDE_DIRS:%=$(INCLUDE_FLAG)%) -LDFLAGS += $(LIB_DIRS:%=$(LIBS_DIRFLAG)%) - -# List of targets to make for libs target -LIBS_TARGET_LIST := libcurl.a - -# List of execuatble applications to make in addition to libs for all target -EXE_TARGET_LIST := - -# Support for echoing rules -# If ECHORULES variable was set (for example, using 'make' command line) -# some shell commands in the rules will be echoed -ifneq ($(strip $(findstring $(ECHORULES), yes YES 1 true TRUE)),) -_@_ := -else -_@_ := @ -endif - -# Directory to hold compilation intermediate files -TMP_DIR := tmp - -# Get sources and headers to be compiled -include Makefile.inc - -# List of headers -INCLUDE_FILES := $(HHEADERS) -INCLUDE_FILES += $(shell find ../include -name \*.h) - -# List of sources -OBJLIST := $(CSOURCES:%.c=$(TMP_DIR)/%$(OBJ_EXTENSION)) - - -# ---------------------------------------------------------------------- - -#### default rule -# It should be first rule in this file -.PHONY: default -default: libcurl.a - -#### Compiling C files -$(TMP_DIR)/%$(OBJ_EXTENSION): %.c $(MAKEFILES) - @echo Compiling C file $< $(ECHO_STDOUT) - @[ -d $(@D) ] || mkdir -p $(@D) - $(_@_) $(TOOL_CHAIN_BIN)$(CC) $(COMPILE_ONLY_FLAG) $(CFLAGS) $< $(CC_OBJ_OUTPUT) - -#### Creating library -$(LIBS_TARGET_LIST): $(INCLUDE_FILES) $(MAKEFILES) $(OBJLIST) - @echo Creating library $@ $(ECHO_STDOUT) - $(_@_) [ -d $(@D) ] || mkdir -p $(@D) - $(_@_) rm -f $@ - $(_@_) $(TOOL_CHAIN_BIN)$(AR) $(ARFLAGS) $@ $(filter %$(OBJ_EXTENSION), $^) - -#### Creating application -$(EXE_TARGET_LIST): $(INCLUDE_FILES) $(MAKEFILES) $(LIBS_TARGET_LIST) - @echo Creating application $@ - @[ -d $(@D) ] || mkdir -p $(@D) - $(_@_) $(TOOL_CHAIN_BIN)$(LINK) $(CC_OBJ_OUTPUT) $($(@)_EXE_OBJ_LIST) $(LDFLAGS) $($(@)_EXE_LIBS_NEEDED:%=$(LIBS_FLAG)%) $(LIBS_LIST:%=$(LIBS_FLAG)%) $(USER_LIBS_LIST) $(USER_LIBS_LIST) - -#### Master Targets -libs: $(LIBS_TARGET_LIST) - @echo All libs made. - -all: $(LIBS_TARGET_LIST) $(EXE_TARGET_LIST) $(INCLUDE_TARGET_LIST) - @echo All targets made. - -# Clean up -.PHONY: clean -clean: - $(_@_) rm -rf $(TMP_DIR) - @echo libcurl was cleaned. diff --git a/libs/libcurl/src/altsvc.c b/libs/libcurl/src/altsvc.c index 36acc3a5ef..dd2d0ebed6 100644 --- a/libs/libcurl/src/altsvc.c +++ b/libs/libcurl/src/altsvc.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -21,7 +21,7 @@ ***************************************************************************/ /* * The Alt-Svc: header is defined in RFC 7838: - * https://tools.ietf.org/html/rfc7838 + * https://datatracker.ietf.org/doc/html/rfc7838 */ #include "curl_setup.h" @@ -54,6 +54,8 @@ #define H3VERSION "h3-29" #elif defined(USE_NGTCP2) && !defined(UNITTESTS) #define H3VERSION "h3-29" +#elif defined(USE_MSH3) && !defined(UNITTESTS) +#define H3VERSION "h3-29" #else #define H3VERSION "h3" #endif @@ -100,12 +102,17 @@ static struct altsvc *altsvc_createid(const char *srchost, unsigned int dstport) { struct altsvc *as = calloc(sizeof(struct altsvc), 1); + size_t hlen; if(!as) return NULL; - + hlen = strlen(srchost); + DEBUGASSERT(hlen); as->src.host = strdup(srchost); if(!as->src.host) goto error; + if(hlen && (srchost[hlen - 1] == '.')) + /* strip off trailing any dot */ + as->src.host[--hlen] = 0; as->dst.host = strdup(dsthost); if(!as->dst.host) goto error; @@ -264,7 +271,7 @@ struct altsvcinfo *Curl_altsvc_init(void) /* set default behavior */ asi->flags = CURLALTSVC_H1 -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 | CURLALTSVC_H2 #endif #ifdef ENABLE_QUIC @@ -396,6 +403,22 @@ static CURLcode getalnum(const char **ptr, char *alpnbuf, size_t buflen) return CURLE_OK; } +/* hostcompare() returns true if 'host' matches 'check'. The first host + * argument may have a trailing dot present that will be ignored. + */ +static bool hostcompare(const char *host, const char *check) +{ + size_t hlen = strlen(host); + size_t clen = strlen(check); + + if(hlen && (host[hlen - 1] == '.')) + hlen--; + if(hlen != clen) + /* they can't match if they have different lengths */ + return FALSE; + return strncasecompare(host, check, hlen); +} + /* altsvc_flush() removes all alternatives for this source origin from the list */ static void altsvc_flush(struct altsvcinfo *asi, enum alpnid srcalpnid, @@ -408,7 +431,7 @@ static void altsvc_flush(struct altsvcinfo *asi, enum alpnid srcalpnid, n = e->next; if((srcalpnid == as->src.alpnid) && (srcport == as->src.port) && - strcasecompare(srchost, as->src.host)) { + hostcompare(srchost, as->src.host)) { Curl_llist_remove(&asi->list, e, NULL); altsvc_free(as); } @@ -633,7 +656,7 @@ bool Curl_altsvc_lookup(struct altsvcinfo *asi, continue; } if((as->src.alpnid == srcalpnid) && - strcasecompare(as->src.host, srchost) && + hostcompare(srchost, as->src.host) && (as->src.port == srcport) && (versions & as->dst.alpnid)) { /* match */ diff --git a/libs/libcurl/src/asyn-ares.c b/libs/libcurl/src/asyn-ares.c index fd0bb6c96a..c885adef54 100644 --- a/libs/libcurl/src/asyn-ares.c +++ b/libs/libcurl/src/asyn-ares.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -65,6 +65,7 @@ #include "connect.h" #include "select.h" #include "progress.h" +#include "timediff.h" # if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \ defined(WIN32) @@ -290,7 +291,7 @@ int Curl_resolver_getsock(struct Curl_easy *data, timeout = ares_timeout((ares_channel)data->state.async.resolver, &maxtime, &timebuf); - milli = (timeout->tv_sec * 1000) + (timeout->tv_usec/1000); + milli = (long)curlx_tvtoms(timeout); if(milli == 0) milli += 10; Curl_expire(data, milli, EXPIRE_ASYNC_NAME); diff --git a/libs/libcurl/src/base64.c b/libs/libcurl/src/base64.c index be6f163dc4..960a1ca3ad 100644 --- a/libs/libcurl/src/base64.c +++ b/libs/libcurl/src/base64.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,7 +34,6 @@ #include "urldata.h" /* for the Curl_easy definition */ #include "warnless.h" #include "curl_base64.h" -#include "non-ascii.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -176,19 +175,15 @@ CURLcode Curl_base64_decode(const char *src, } static CURLcode base64_encode(const char *table64, - struct Curl_easy *data, const char *inputbuff, size_t insize, char **outptr, size_t *outlen) { - CURLcode result; unsigned char ibuf[3]; unsigned char obuf[4]; int i; int inputparts; char *output; char *base64data; - char *convbuf = NULL; - const char *indata = inputbuff; *outptr = NULL; @@ -206,20 +201,6 @@ static CURLcode base64_encode(const char *table64, if(!output) return CURLE_OUT_OF_MEMORY; - /* - * The base64 data needs to be created using the network encoding - * not the host encoding. And we can't change the actual input - * so we copy it to a buffer, translate it, and use that instead. - */ - result = Curl_convert_clone(data, indata, insize, &convbuf); - if(result) { - free(output); - return result; - } - - if(convbuf) - indata = (char *)convbuf; - while(insize > 0) { for(i = inputparts = 0; i < 3; i++) { if(insize > 0) { @@ -270,10 +251,8 @@ static CURLcode base64_encode(const char *table64, /* Return the pointer to the new data (allocated memory) */ *outptr = base64data; - free(convbuf); - /* Return the length of the new data */ - *outlen = strlen(base64data); + *outlen = output - base64data; return CURLE_OK; } @@ -295,11 +274,10 @@ static CURLcode base64_encode(const char *table64, * * @unittest: 1302 */ -CURLcode Curl_base64_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen) { - return base64_encode(base64, data, inputbuff, insize, outptr, outlen); + return base64_encode(base64, inputbuff, insize, outptr, outlen); } /* @@ -319,11 +297,10 @@ CURLcode Curl_base64_encode(struct Curl_easy *data, * * @unittest: 1302 */ -CURLcode Curl_base64url_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64url_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen) { - return base64_encode(base64url, data, inputbuff, insize, outptr, outlen); + return base64_encode(base64url, inputbuff, insize, outptr, outlen); } #endif /* no users so disabled */ diff --git a/libs/libcurl/src/c-hyper.c b/libs/libcurl/src/c-hyper.c index c253cd36ed..69082982cf 100644 --- a/libs/libcurl/src/c-hyper.c +++ b/libs/libcurl/src/c-hyper.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -142,7 +142,7 @@ static int hyper_each_header(void *userdata, return HYPER_ITER_BREAK; } else { - if(Curl_dyn_add(&data->state.headerb, "\r\n")) + if(Curl_dyn_addn(&data->state.headerb, STRCONST("\r\n"))) return HYPER_ITER_BREAK; } len = Curl_dyn_len(&data->state.headerb); @@ -293,10 +293,8 @@ static CURLcode status_line(struct Curl_easy *data, writetype |= CLIENTWRITE_BODY; result = Curl_client_write(data, writetype, Curl_dyn_ptr(&data->state.headerb), len); - if(result) { - data->state.hresult = CURLE_ABORTED_BY_CALLBACK; - return HYPER_ITER_BREAK; - } + if(result) + return result; } data->info.header_size += (long)len; data->req.headerbytecount += (long)len; @@ -416,7 +414,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, else if(h->endtask == task) { /* end of transfer */ *done = TRUE; - infof(data, "hyperstream is done!"); + infof(data, "hyperstream is done"); if(!k->bodywrites) { /* hyper doesn't always call the body write callback */ bool stilldone; @@ -441,6 +439,13 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, reasonp = hyper_response_reason_phrase(resp); reason_len = hyper_response_reason_phrase_len(resp); + if(http_status == 417 && data->state.expect100header) { + infof(data, "Got 417 while waiting for a 100"); + data->state.disableexpect = TRUE; + data->req.newurl = strdup(data->state.url); + Curl_done_sending(data, k); + } + result = status_line(data, conn, http_status, http_version, reasonp, reason_len); if(result) @@ -806,7 +811,7 @@ static void http1xx_cb(void *arg, struct hyper_response *resp) } if(data->state.hresult) - infof(data, "ERROR in 1xx, bail out!"); + infof(data, "ERROR in 1xx, bail out"); } /* @@ -906,6 +911,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) hyper_clientconn_options_http2(options, 1); h2 = TRUE; } + hyper_clientconn_options_set_preserve_header_case(options, 1); + hyper_clientconn_options_set_preserve_header_order(options, 1); hyper_clientconn_options_exec(options, h->exec); @@ -951,6 +958,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } } + else { + if(!h2 && !data->state.disableexpect) { + data->state.expect100header = TRUE; + } + } if(hyper_request_set_method(req, (uint8_t *)method, strlen(method))) { failf(data, "error setting method"); @@ -1022,7 +1034,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } - p_accept = Curl_checkheaders(data, "Accept")?NULL:"Accept: */*\r\n"; + p_accept = Curl_checkheaders(data, + STRCONST("Accept"))?NULL:"Accept: */*\r\n"; if(p_accept) { result = Curl_hyper_header(data, headers, p_accept); if(result) @@ -1036,8 +1049,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #ifndef CURL_DISABLE_PROXY if(conn->bits.httpproxy && !conn->bits.tunnel_proxy && - !Curl_checkheaders(data, "Proxy-Connection") && - !Curl_checkProxyheaders(data, conn, "Proxy-Connection")) { + !Curl_checkheaders(data, STRCONST("Proxy-Connection")) && + !Curl_checkProxyheaders(data, conn, STRCONST("Proxy-Connection"))) { result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"); if(result) goto error; @@ -1045,7 +1058,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #endif Curl_safefree(data->state.aptr.ref); - if(data->state.referer && !Curl_checkheaders(data, "Referer")) { + if(data->state.referer && !Curl_checkheaders(data, STRCONST("Referer"))) { data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer); if(!data->state.aptr.ref) result = CURLE_OUT_OF_MEMORY; @@ -1055,7 +1068,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } - if(!Curl_checkheaders(data, "Accept-Encoding") && + if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && data->set.str[STRING_ENCODING]) { Curl_safefree(data->state.aptr.accept_encoding); data->state.aptr.accept_encoding = diff --git a/libs/libcurl/src/checksrc.pl b/libs/libcurl/src/checksrc.pl deleted file mode 100644 index eea1126d1c..0000000000 --- a/libs/libcurl/src/checksrc.pl +++ /dev/null @@ -1,876 +0,0 @@ -#!/usr/bin/env perl -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### - -use strict; -use warnings; - -my $max_column = 79; -my $indent = 2; - -my $warnings = 0; -my $swarnings = 0; -my $errors = 0; -my $serrors = 0; -my $suppressed; # skipped problems -my $file; -my $dir="."; -my $wlist=""; -my @alist; -my $windows_os = $^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys'; -my $verbose; -my %skiplist; - -my %ignore; -my %ignore_set; -my %ignore_used; -my @ignore_line; - -my %warnings_extended = ( - 'COPYRIGHTYEAR' => 'copyright year incorrect', - 'STRERROR', => 'strerror() detected', - ); - -my %warnings = ( - 'LONGLINE' => "Line longer than $max_column", - 'TABS' => 'TAB characters not allowed', - 'TRAILINGSPACE' => 'Trailing whitespace on the line', - 'CPPCOMMENTS' => '// comment detected', - 'SPACEBEFOREPAREN' => 'space before an open parenthesis', - 'SPACEAFTERPAREN' => 'space after open parenthesis', - 'SPACEBEFORECLOSE' => 'space before a close parenthesis', - 'SPACEBEFORECOMMA' => 'space before a comma', - 'RETURNNOSPACE' => 'return without space', - 'COMMANOSPACE' => 'comma without following space', - 'BRACEELSE' => '} else on the same line', - 'PARENBRACE' => '){ without sufficient space', - 'SPACESEMICOLON' => 'space before semicolon', - 'BANNEDFUNC' => 'a banned function was used', - 'FOPENMODE' => 'fopen needs a macro for the mode string', - 'BRACEPOS' => 'wrong position for an open brace', - 'INDENTATION' => 'wrong start column for code', - 'COPYRIGHT' => 'file missing a copyright statement', - 'BADCOMMAND' => 'bad !checksrc! instruction', - 'UNUSEDIGNORE' => 'a warning ignore was not used', - 'OPENCOMMENT' => 'file ended with a /* comment still "open"', - 'ASTERISKSPACE' => 'pointer declared with space after asterisk', - 'ASTERISKNOSPACE' => 'pointer declared without space before asterisk', - 'ASSIGNWITHINCONDITION' => 'assignment within conditional expression', - 'EQUALSNOSPACE' => 'equals sign without following space', - 'NOSPACEEQUALS' => 'equals sign without preceding space', - 'SEMINOSPACE' => 'semicolon without following space', - 'MULTISPACE' => 'multiple spaces used when not suitable', - 'SIZEOFNOPAREN' => 'use of sizeof without parentheses', - 'SNPRINTF' => 'use of snprintf', - 'ONELINECONDITION' => 'conditional block on the same line as the if()', - 'TYPEDEFSTRUCT' => 'typedefed struct', - 'DOBRACE' => 'A single space between do and open brace', - 'BRACEWHILE' => 'A single space between open brace and while', - 'EXCLAMATIONSPACE' => 'Whitespace after exclamation mark in expression', - 'EMPTYLINEBRACE' => 'Empty line before the open brace', - 'EQUALSNULL' => 'if/while comparison with == NULL', - 'NOTEQUALSZERO', => 'if/while comparison with != 0', - ); - -sub readskiplist { - open(W, "<$dir/checksrc.skip") or return; - my @all=<W>; - for(@all) { - $windows_os ? $_ =~ s/\r?\n$// : chomp; - $skiplist{$_}=1; - } - close(W); -} - -# Reads the .checksrc in $dir for any extended warnings to enable locally. -# Currently there is no support for disabling warnings from the standard set, -# and since that's already handled via !checksrc! commands there is probably -# little use to add it. -sub readlocalfile { - my $i = 0; - - open(my $rcfile, "<", "$dir/.checksrc") or return; - - while(<$rcfile>) { - $i++; - - # Lines starting with '#' are considered comments - if (/^\s*(#.*)/) { - next; - } - elsif (/^\s*enable ([A-Z]+)$/) { - if(!defined($warnings_extended{$1})) { - print STDERR "invalid warning specified in .checksrc: \"$1\"\n"; - next; - } - $warnings{$1} = $warnings_extended{$1}; - } - elsif (/^\s*disable ([A-Z]+)$/) { - if(!defined($warnings{$1})) { - print STDERR "invalid warning specified in .checksrc: \"$1\"\n"; - next; - } - # Accept-list - push @alist, $1; - } - else { - die "Invalid format in $dir/.checksrc on line $i\n"; - } - } - close($rcfile); -} - -sub checkwarn { - my ($name, $num, $col, $file, $line, $msg, $error) = @_; - - my $w=$error?"error":"warning"; - my $nowarn=0; - - #if(!$warnings{$name}) { - # print STDERR "Dev! there's no description for $name!\n"; - #} - - # checksrc.skip - if($skiplist{$line}) { - $nowarn = 1; - } - # !checksrc! controlled - elsif($ignore{$name}) { - $ignore{$name}--; - $ignore_used{$name}++; - $nowarn = 1; - if(!$ignore{$name}) { - # reached zero, enable again - enable_warn($name, $num, $file, $line); - } - } - - if($nowarn) { - $suppressed++; - if($w) { - $swarnings++; - } - else { - $serrors++; - } - return; - } - - if($w) { - $warnings++; - } - else { - $errors++; - } - - $col++; - print "$file:$num:$col: $w: $msg ($name)\n"; - print " $line\n"; - - if($col < 80) { - my $pref = (' ' x $col); - print "${pref}^\n"; - } -} - -$file = shift @ARGV; - -while(defined $file) { - - if($file =~ /-D(.*)/) { - $dir = $1; - $file = shift @ARGV; - next; - } - elsif($file =~ /-W(.*)/) { - $wlist .= " $1 "; - $file = shift @ARGV; - next; - } - elsif($file =~ /-A(.+)/) { - push @alist, $1; - $file = shift @ARGV; - next; - } - elsif($file =~ /-i([1-9])/) { - $indent = $1 + 0; - $file = shift @ARGV; - next; - } - elsif($file =~ /-m([0-9]+)/) { - $max_column = $1 + 0; - $file = shift @ARGV; - next; - } - elsif($file =~ /^(-h|--help)/) { - undef $file; - last; - } - - last; -} - -if(!$file) { - print "checksrc.pl [option] <file1> [file2] ...\n"; - print " Options:\n"; - print " -A[rule] Accept this violation, can be used multiple times\n"; - print " -D[DIR] Directory to prepend file names\n"; - print " -h Show help output\n"; - print " -W[file] Skip the given file - ignore all its flaws\n"; - print " -i<n> Indent spaces. Default: 2\n"; - print " -m<n> Maximum line length. Default: 79\n"; - print "\nDetects and warns for these problems:\n"; - my @allw = keys %warnings; - push @allw, keys %warnings_extended; - for my $w (sort @allw) { - if($warnings{$w}) { - printf (" %-18s: %s\n", $w, $warnings{$w}); - } - else { - printf (" %-18s: %s[*]\n", $w, $warnings_extended{$w}); - } - } - print " [*] = disabled by default\n"; - exit; -} - -readskiplist(); -readlocalfile(); - -do { - if("$wlist" !~ / $file /) { - my $fullname = $file; - $fullname = "$dir/$file" if ($fullname !~ '^\.?\.?/'); - scanfile($fullname); - } - $file = shift @ARGV; - -} while($file); - -sub accept_violations { - for my $r (@alist) { - if(!$warnings{$r}) { - print "'$r' is not a warning to accept!\n"; - exit; - } - $ignore{$r}=999999; - $ignore_used{$r}=0; - } -} - -sub checksrc_clear { - undef %ignore; - undef %ignore_set; - undef @ignore_line; -} - -sub checksrc_endoffile { - my ($file) = @_; - for(keys %ignore_set) { - if($ignore_set{$_} && !$ignore_used{$_}) { - checkwarn("UNUSEDIGNORE", $ignore_set{$_}, - length($_)+11, $file, - $ignore_line[$ignore_set{$_}], - "Unused ignore: $_"); - } - } -} - -sub enable_warn { - my ($what, $line, $file, $l) = @_; - - # switch it back on, but warn if not triggered! - if(!$ignore_used{$what}) { - checkwarn("UNUSEDIGNORE", - $line, length($what) + 11, $file, $l, - "No warning was inhibited!"); - } - $ignore_set{$what}=0; - $ignore_used{$what}=0; - $ignore{$what}=0; -} -sub checksrc { - my ($cmd, $line, $file, $l) = @_; - if($cmd =~ / *([^ ]*) *(.*)/) { - my ($enable, $what) = ($1, $2); - $what =~ s: *\*/$::; # cut off end of C comment - # print "ENABLE $enable WHAT $what\n"; - if($enable eq "disable") { - my ($warn, $scope)=($1, $2); - if($what =~ /([^ ]*) +(.*)/) { - ($warn, $scope)=($1, $2); - } - else { - $warn = $what; - $scope = 1; - } - # print "IGNORE $warn for SCOPE $scope\n"; - if($scope eq "all") { - $scope=999999; - } - - # Comparing for a literal zero rather than the scalar value zero - # covers the case where $scope contains the ending '*' from the - # comment. If we use a scalar comparison (==) we induce warnings - # on non-scalar contents. - if($scope eq "0") { - checkwarn("BADCOMMAND", - $line, 0, $file, $l, - "Disable zero not supported, did you mean to enable?"); - } - elsif($ignore_set{$warn}) { - checkwarn("BADCOMMAND", - $line, 0, $file, $l, - "$warn already disabled from line $ignore_set{$warn}"); - } - else { - $ignore{$warn}=$scope; - $ignore_set{$warn}=$line; - $ignore_line[$line]=$l; - } - } - elsif($enable eq "enable") { - enable_warn($what, $line, $file, $l); - } - else { - checkwarn("BADCOMMAND", - $line, 0, $file, $l, - "Illegal !checksrc! command"); - } - } -} - -sub nostrings { - my ($str) = @_; - $str =~ s/\".*\"//g; - return $str; -} - -sub scanfile { - my ($file) = @_; - - my $line = 1; - my $prevl=""; - my $prevpl=""; - my $l = ""; - my $prep = 0; - my $prevp = 0; - open(R, "<$file") || die "failed to open $file"; - - my $incomment=0; - my @copyright=(); - checksrc_clear(); # for file based ignores - accept_violations(); - - while(<R>) { - $windows_os ? $_ =~ s/\r?\n$// : chomp; - my $l = $_; - my $ol = $l; # keep the unmodified line for error reporting - my $column = 0; - - # check for !checksrc! commands - if($l =~ /\!checksrc\! (.*)/) { - my $cmd = $1; - checksrc($cmd, $line, $file, $l) - } - - # check for a copyright statement and save the years - if($l =~ /\* +copyright .* \d\d\d\d/i) { - while($l =~ /([\d]{4})/g) { - push @copyright, { - year => $1, - line => $line, - col => index($l, $1), - code => $l - }; - } - } - - # detect long lines - if(length($l) > $max_column) { - checkwarn("LONGLINE", $line, length($l), $file, $l, - "Longer than $max_column columns"); - } - # detect TAB characters - if($l =~ /^(.*)\t/) { - checkwarn("TABS", - $line, length($1), $file, $l, "Contains TAB character", 1); - } - # detect trailing whitespace - if($l =~ /^(.*)[ \t]+\z/) { - checkwarn("TRAILINGSPACE", - $line, length($1), $file, $l, "Trailing whitespace"); - } - - # ------------------------------------------------------------ - # Above this marker, the checks were done on lines *including* - # comments - # ------------------------------------------------------------ - - # strip off C89 comments - - comment: - if(!$incomment) { - if($l =~ s/\/\*.*\*\// /g) { - # full /* comments */ were removed! - } - if($l =~ s/\/\*.*//) { - # start of /* comment was removed - $incomment = 1; - } - } - else { - if($l =~ s/.*\*\///) { - # end of comment */ was removed - $incomment = 0; - goto comment; - } - else { - # still within a comment - $l=""; - } - } - - # ------------------------------------------------------------ - # Below this marker, the checks were done on lines *without* - # comments - # ------------------------------------------------------------ - - # prev line was a preprocessor **and** ended with a backslash - if($prep && ($prevpl =~ /\\ *\z/)) { - # this is still a preprocessor line - $prep = 1; - goto preproc; - } - $prep = 0; - - # crude attempt to detect // comments without too many false - # positives - if($l =~ /^(([^"\*]*)[^:"]|)\/\//) { - checkwarn("CPPCOMMENTS", - $line, length($1), $file, $l, "\/\/ comment"); - } - - # detect and strip preprocessor directives - if($l =~ /^[ \t]*\#/) { - # preprocessor line - $prep = 1; - goto preproc; - } - - my $nostr = nostrings($l); - # check spaces after for/if/while/function call - if($nostr =~ /^(.*)(for|if|while| ([a-zA-Z0-9_]+)) \((.)/) { - if($1 =~ / *\#/) { - # this is a #if, treat it differently - } - elsif(defined $3 && $3 eq "return") { - # return must have a space - } - elsif(defined $3 && $3 eq "case") { - # case must have a space - } - elsif($4 eq "*") { - # (* beginning makes the space OK! - } - elsif($1 =~ / *typedef/) { - # typedefs can use space-paren - } - else { - checkwarn("SPACEBEFOREPAREN", $line, length($1)+length($2), $file, $l, - "$2 with space"); - } - } - # check for '== NULL' in if/while conditions but not if the thing on - # the left of it is a function call - if($nostr =~ /^(.*)(if|while)(\(.*?)([!=]= NULL|NULL [!=]=)/) { - checkwarn("EQUALSNULL", $line, - length($1) + length($2) + length($3), - $file, $l, "we prefer !variable instead of \"== NULL\" comparisons"); - } - - # check for '!= 0' in if/while conditions but not if the thing on - # the left of it is a function call - if($nostr =~ /^(.*)(if|while)(\(.*[^)]) != 0[^x]/) { - checkwarn("NOTEQUALSZERO", $line, - length($1) + length($2) + length($3), - $file, $l, "we prefer if(rc) instead of \"rc != 0\" comparisons"); - } - - # check spaces in 'do {' - if($nostr =~ /^( *)do( *)\{/ && length($2) != 1) { - checkwarn("DOBRACE", $line, length($1) + 2, $file, $l, "one space after do before brace"); - } - # check spaces in 'do {' - elsif($nostr =~ /^( *)\}( *)while/ && length($2) != 1) { - checkwarn("BRACEWHILE", $line, length($1) + 2, $file, $l, "one space between brace and while"); - } - if($nostr =~ /^((.*\s)(if) *\()(.*)\)(.*)/) { - my $pos = length($1); - my $postparen = $5; - my $cond = $4; - if($cond =~ / = /) { - checkwarn("ASSIGNWITHINCONDITION", - $line, $pos+1, $file, $l, - "assignment within conditional expression"); - } - my $temp = $cond; - $temp =~ s/\(//g; # remove open parens - my $openc = length($cond) - length($temp); - - $temp = $cond; - $temp =~ s/\)//g; # remove close parens - my $closec = length($cond) - length($temp); - my $even = $openc == $closec; - - if($l =~ / *\#/) { - # this is a #if, treat it differently - } - elsif($even && $postparen && - ($postparen !~ /^ *$/) && ($postparen !~ /^ *[,{&|\\]+/)) { - checkwarn("ONELINECONDITION", - $line, length($l)-length($postparen), $file, $l, - "conditional block on the same line"); - } - } - # check spaces after open parentheses - if($l =~ /^(.*[a-z])\( /i) { - checkwarn("SPACEAFTERPAREN", - $line, length($1)+1, $file, $l, - "space after open parenthesis"); - } - - # check spaces before close parentheses, unless it was a space or a - # close parenthesis! - if($l =~ /(.*[^\) ]) \)/) { - checkwarn("SPACEBEFORECLOSE", - $line, length($1)+1, $file, $l, - "space before close parenthesis"); - } - - # check spaces before comma! - if($l =~ /(.*[^ ]) ,/) { - checkwarn("SPACEBEFORECOMMA", - $line, length($1)+1, $file, $l, - "space before comma"); - } - - # check for "return(" without space - if($l =~ /^(.*)return\(/) { - if($1 =~ / *\#/) { - # this is a #if, treat it differently - } - else { - checkwarn("RETURNNOSPACE", $line, length($1)+6, $file, $l, - "return without space before paren"); - } - } - - # check for "sizeof" without parenthesis - if(($l =~ /^(.*)sizeof *([ (])/) && ($2 ne "(")) { - if($1 =~ / *\#/) { - # this is a #if, treat it differently - } - else { - checkwarn("SIZEOFNOPAREN", $line, length($1)+6, $file, $l, - "sizeof without parenthesis"); - } - } - - # check for comma without space - if($l =~ /^(.*),[^ \n]/) { - my $pref=$1; - my $ign=0; - if($pref =~ / *\#/) { - # this is a #if, treat it differently - $ign=1; - } - elsif($pref =~ /\/\*/) { - # this is a comment - $ign=1; - } - elsif($pref =~ /[\"\']/) { - $ign = 1; - # There is a quote here, figure out whether the comma is - # within a string or '' or not. - if($pref =~ /\"/) { - # within a string - } - elsif($pref =~ /\'$/) { - # a single letter - } - else { - $ign = 0; - } - } - if(!$ign) { - checkwarn("COMMANOSPACE", $line, length($pref)+1, $file, $l, - "comma without following space"); - } - } - - # check for "} else" - if($l =~ /^(.*)\} *else/) { - checkwarn("BRACEELSE", - $line, length($1), $file, $l, "else after closing brace on same line"); - } - # check for "){" - if($l =~ /^(.*)\)\{/) { - checkwarn("PARENBRACE", - $line, length($1)+1, $file, $l, "missing space after close paren"); - } - # check for "^{" with an empty line before it - if(($l =~ /^\{/) && ($prevl =~ /^[ \t]*\z/)) { - checkwarn("EMPTYLINEBRACE", - $line, 0, $file, $l, "empty line before open brace"); - } - - # check for space before the semicolon last in a line - if($l =~ /^(.*[^ ].*) ;$/) { - checkwarn("SPACESEMICOLON", - $line, length($1), $file, $ol, "no space before semicolon"); - } - - # scan for use of banned functions - if($l =~ /^(.*\W) - (gmtime|localtime| - gets| - strtok| - v?sprintf| - (str|_mbs|_tcs|_wcs)n?cat| - LoadLibrary(Ex)?(A|W)?) - \s*\( - /x) { - checkwarn("BANNEDFUNC", - $line, length($1), $file, $ol, - "use of $2 is banned"); - } - if($warnings{"STRERROR"}) { - # scan for use of banned strerror. This is not a BANNEDFUNC to - # allow for individual enable/disable of this warning. - if($l =~ /^(.*\W)(strerror)\s*\(/x) { - if($1 !~ /^ *\#/) { - # skip preprocessor lines - checkwarn("STRERROR", - $line, length($1), $file, $ol, - "use of $2 is banned"); - } - } - } - # scan for use of snprintf for curl-internals reasons - if($l =~ /^(.*\W)(v?snprintf)\s*\(/x) { - checkwarn("SNPRINTF", - $line, length($1), $file, $ol, - "use of $2 is banned"); - } - - # scan for use of non-binary fopen without the macro - if($l =~ /^(.*\W)fopen\s*\([^,]*, *\"([^"]*)/) { - my $mode = $2; - if($mode !~ /b/) { - checkwarn("FOPENMODE", - $line, length($1), $file, $ol, - "use of non-binary fopen without FOPEN_* macro: $mode"); - } - } - - # check for open brace first on line but not first column only alert - # if previous line ended with a close paren and it wasn't a cpp line - if(($prevl =~ /\)\z/) && ($l =~ /^( +)\{/) && !$prevp) { - checkwarn("BRACEPOS", - $line, length($1), $file, $ol, "badly placed open brace"); - } - - # if the previous line starts with if/while/for AND ends with an open - # brace, or an else statement, check that this line is indented $indent - # more steps, if not a cpp line - if(!$prevp && ($prevl =~ /^( *)((if|while|for)\(.*\{|else)\z/)) { - my $first = length($1); - # this line has some character besides spaces - if($l =~ /^( *)[^ ]/) { - my $second = length($1); - my $expect = $first+$indent; - if($expect != $second) { - my $diff = $second - $first; - checkwarn("INDENTATION", $line, length($1), $file, $ol, - "not indented $indent steps (uses $diff)"); - - } - } - } - - # check for 'char * name' - if(($l =~ /(^.*(char|int|long|void|CURL|CURLM|CURLMsg|[cC]url_[A-Za-z_]+|struct [a-zA-Z_]+) *(\*+)) (\w+)/) && ($4 !~ /^(const|volatile)$/)) { - checkwarn("ASTERISKSPACE", - $line, length($1), $file, $ol, - "space after declarative asterisk"); - } - # check for 'char*' - if(($l =~ /(^.*(char|int|long|void|curl_slist|CURL|CURLM|CURLMsg|curl_httppost|sockaddr_in|FILE)\*)/)) { - checkwarn("ASTERISKNOSPACE", - $line, length($1)-1, $file, $ol, - "no space before asterisk"); - } - - # check for 'void func() {', but avoid false positives by requiring - # both an open and closed parentheses before the open brace - if($l =~ /^((\w).*)\{\z/) { - my $k = $1; - $k =~ s/const *//; - $k =~ s/static *//; - if($k =~ /\(.*\)/) { - checkwarn("BRACEPOS", - $line, length($l)-1, $file, $ol, - "wrongly placed open brace"); - } - } - - # check for equals sign without spaces next to it - if($nostr =~ /(.*)\=[a-z0-9]/i) { - checkwarn("EQUALSNOSPACE", - $line, length($1)+1, $file, $ol, - "no space after equals sign"); - } - # check for equals sign without spaces before it - elsif($nostr =~ /(.*)[a-z0-9]\=/i) { - checkwarn("NOSPACEEQUALS", - $line, length($1)+1, $file, $ol, - "no space before equals sign"); - } - - # check for plus signs without spaces next to it - if($nostr =~ /(.*)[^+]\+[a-z0-9]/i) { - checkwarn("PLUSNOSPACE", - $line, length($1)+1, $file, $ol, - "no space after plus sign"); - } - # check for plus sign without spaces before it - elsif($nostr =~ /(.*)[a-z0-9]\+[^+]/i) { - checkwarn("NOSPACEPLUS", - $line, length($1)+1, $file, $ol, - "no space before plus sign"); - } - - # check for semicolons without space next to it - if($nostr =~ /(.*)\;[a-z0-9]/i) { - checkwarn("SEMINOSPACE", - $line, length($1)+1, $file, $ol, - "no space after semicolon"); - } - - # typedef struct ... { - if($nostr =~ /^(.*)typedef struct.*{/) { - checkwarn("TYPEDEFSTRUCT", - $line, length($1)+1, $file, $ol, - "typedef'ed struct"); - } - - if($nostr =~ /(.*)! +(\w|\()/) { - checkwarn("EXCLAMATIONSPACE", - $line, length($1)+1, $file, $ol, - "space after exclamation mark"); - } - - # check for more than one consecutive space before open brace or - # question mark. Skip lines containing strings since they make it hard - # due to artificially getting multiple spaces - if(($l eq $nostr) && - $nostr =~ /^(.*(\S)) + [{?]/i) { - checkwarn("MULTISPACE", - $line, length($1)+1, $file, $ol, - "multiple spaces"); - } - preproc: - $line++; - $prevp = $prep; - $prevl = $ol if(!$prep); - $prevpl = $ol if($prep); - } - - if(!scalar(@copyright)) { - checkwarn("COPYRIGHT", 1, 0, $file, "", "Missing copyright statement", 1); - } - - # COPYRIGHTYEAR is a extended warning so we must first see if it has been - # enabled in .checksrc - if(defined($warnings{"COPYRIGHTYEAR"})) { - # The check for updated copyrightyear is overly complicated in order to - # not punish current hacking for past sins. The copyright years are - # right now a bit behind, so enforcing copyright year checking on all - # files would cause hundreds of errors. Instead we only look at files - # which are tracked in the Git repo and edited in the workdir, or - # committed locally on the branch without being in upstream master. - # - # The simple and naive test is to simply check for the current year, - # but updating the year even without an edit is against project policy - # (and it would fail every file on January 1st). - # - # A rather more interesting, and correct, check would be to not test - # only locally committed files but inspect all files wrt the year of - # their last commit. Removing the `git rev-list origin/master..HEAD` - # condition below will enfore copyright year checks against the year - # the file was last committed (and thus edited to some degree). - my $commityear = undef; - @copyright = sort {$$b{year} cmp $$a{year}} @copyright; - - # if the file is modified, assume commit year this year - if(`git status -s -- $file` =~ /^ [MARCU]/) { - $commityear = (localtime(time))[5] + 1900; - } - else { - # min-parents=1 to ignore wrong initial commit in truncated repos - my $grl = `git rev-list --max-count=1 --min-parents=1 --timestamp HEAD -- $file`; - if($grl) { - chomp $grl; - $commityear = (localtime((split(/ /, $grl))[0]))[5] + 1900; - } - } - - if(defined($commityear) && scalar(@copyright) && - $copyright[0]{year} != $commityear) { - checkwarn("COPYRIGHTYEAR", $copyright[0]{line}, $copyright[0]{col}, - $file, $copyright[0]{code}, - "Copyright year out of date, should be $commityear, " . - "is $copyright[0]{year}", 1); - } - } - - if($incomment) { - checkwarn("OPENCOMMENT", 1, 0, $file, "", "Missing closing comment", 1); - } - - checksrc_endoffile($file); - - close(R); - -} - - -if($errors || $warnings || $verbose) { - printf "checksrc: %d errors and %d warnings\n", $errors, $warnings; - if($suppressed) { - printf "checksrc: %d errors and %d warnings suppressed\n", - $serrors, - $swarnings; - } - exit 5; # return failure -} diff --git a/libs/libcurl/src/config-dos.h b/libs/libcurl/src/config-dos.h index 6859208ab3..b8e7dbd3fb 100644 --- a/libs/libcurl/src/config-dos.h +++ b/libs/libcurl/src/config-dos.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,8 +31,6 @@ #define OS "MSDOS/djgpp" #elif defined(__HIGHC__) #define OS "MSDOS/HighC" -#elif defined(__WATCOMC__) - #define OS "MSDOS/Watcom" #else #define OS "MSDOS/?" #endif @@ -154,9 +152,6 @@ #define HAVE_TERMIOS_H 1 #define HAVE_VARIADIC_MACROS_GCC 1 -#elif defined(__WATCOMC__) - #define HAVE_STRCASECMP 1 - #elif defined(__HIGHC__) #define HAVE_SYS_TIME_H 1 #define strerror(e) strerror_s_((e)) diff --git a/libs/libcurl/src/config-os400.h b/libs/libcurl/src/config-os400.h index d68cb4b18e..dc9e206605 100644 --- a/libs/libcurl/src/config-os400.h +++ b/libs/libcurl/src/config-os400.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -371,7 +371,8 @@ /* Define if you can safely include both <sys/time.h> and <time.h>. */ #define TIME_WITH_SYS_TIME -/* Define to enable HTTP3 support (experimental, requires NGTCP2 or QUICHE) */ +/* Define to enable HTTP3 support (experimental, requires NGTCP2, QUICHE or + MSH3) */ #undef ENABLE_QUIC /* Version number of package */ diff --git a/libs/libcurl/src/config-tpf.h b/libs/libcurl/src/config-tpf.h deleted file mode 100644 index cce06cedd8..0000000000 --- a/libs/libcurl/src/config-tpf.h +++ /dev/null @@ -1,680 +0,0 @@ -#ifndef HEADER_CURL_CONFIG_TPF_H -#define HEADER_CURL_CONFIG_TPF_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* ================================================================ */ -/* Hand crafted config file for TPF */ -/* ================================================================ */ - -/* ---------------------------------------------------------------- */ -/* FEATURES, FUNCTIONS, and DEFINITIONS */ -/* ---------------------------------------------------------------- */ - -/* NOTE: Refer also to the .mak file for some of the flags below */ - -/* to disable cookies support */ -/* #undef CURL_DISABLE_COOKIES */ - -/* to disable cryptographic authentication */ -/* #undef CURL_DISABLE_CRYPTO_AUTH */ - -/* to disable DICT */ -/* #undef CURL_DISABLE_DICT */ - -/* to disable FILE */ -/* #undef CURL_DISABLE_FILE */ - -/* to disable FTP */ -/* #undef CURL_DISABLE_FTP */ - -/* to disable HTTP */ -/* #undef CURL_DISABLE_HTTP */ - -/* to disable LDAP */ -/* #undef CURL_DISABLE_LDAP */ - -/* to disable TELNET */ -/* #undef CURL_DISABLE_TELNET */ - -/* to disable TFTP */ -/* #undef CURL_DISABLE_TFTP */ - -/* to disable verbose strings */ -/* #undef CURL_DISABLE_VERBOSE_STRINGS */ - -/* lber dynamic library file */ -/* #undef DL_LBER_FILE */ - -/* ldap dynamic library file */ -/* #undef DL_LDAP_FILE */ - -/* your Entropy Gathering Daemon socket pathname */ -/* #undef EGD_SOCKET */ - -/* Define if you want to enable IPv6 support */ -/* #undef ENABLE_IPV6 */ - -/* Define if struct sockaddr_in6 has the sin6_scope_id member */ -/* #undef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID */ - -/* Define to 1 if you have the alarm function. */ -#define HAVE_ALARM 1 - -/* Define to 1 if you have the <arpa/inet.h> header file. */ -#define HAVE_ARPA_INET_H 1 - -/* Define to 1 if you have the <arpa/tftp.h> header file. */ -/* #undef HAVE_ARPA_TFTP_H */ - -/* Define to 1 if you have the <assert.h> header file. */ -#define HAVE_ASSERT_H 1 - -/* Define to 1 if you have the `basename' function. */ -#define HAVE_BASENAME 1 - -/* Define to 1 if you have the `closesocket' function. */ -/* #undef HAVE_CLOSESOCKET */ - -/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ -/* #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA */ -#define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1 - -/* Define to 1 if you have the <errno.h> header file. */ -#define HAVE_ERRNO_H 1 - -/* Define to 1 if you have the <fcntl.h> header file. */ -#define HAVE_FCNTL_H 1 - -/* Define to 1 if you have the fcntl function. */ -#define HAVE_FCNTL 1 - -/* Define to 1 if you have a working fcntl O_NONBLOCK function. */ -#define HAVE_FCNTL_O_NONBLOCK 1 - -/* Define to 1 if you have the `ftruncate' function. */ -#define HAVE_FTRUNCATE 1 - -/* Define if getaddrinfo exists and works */ -/* #undef HAVE_GETADDRINFO */ - -/* Define to 1 if you have the `geteuid' function. */ -#define HAVE_GETEUID 1 - -/* If you have gethostbyname */ -#define HAVE_GETHOSTBYNAME 1 - -/* Define to 1 if you have the `gethostbyname_r' function. */ -/* #undef HAVE_GETHOSTBYNAME_R */ - -/* gethostbyname_r() takes 3 args */ -/* #undef HAVE_GETHOSTBYNAME_R_3 */ - -/* gethostbyname_r() takes 5 args */ -/* #undef HAVE_GETHOSTBYNAME_R_5 */ - -/* gethostbyname_r() takes 6 args */ -/* #undef HAVE_GETHOSTBYNAME_R_6 1 */ - -/* Define to 1 if you have the `getpass_r' function. */ -/* #undef HAVE_GETPASS_R */ - -/* Define to 1 if you have the `getprotobyname' function. */ -/* #undef HAVE_GETPROTOBYNAME */ - -/* Define to 1 if you have the `getpwuid' function. */ -#define HAVE_GETPWUID 1 - -/* Define to 1 if you have the `getrlimit' function. */ -/* #undef HAVE_GETRLIMIT */ - -/* Define to 1 if you have the `gettimeofday' function. */ -#define HAVE_GETTIMEOFDAY 1 - -/* we have a glibc-style strerror_r() */ -/* #undef HAVE_GLIBC_STRERROR_R */ -#define HAVE_GLIBC_STRERROR_R 1 - -/* Define to 1 if you have the `gmtime_r' function. */ -#define HAVE_GMTIME_R 1 - -/* if you have the gssapi libraries */ -/* #undef HAVE_GSSAPI */ - -/* if you have the GNU gssapi libraries */ -/* #undef HAVE_GSSGNU */ - -/* if you have the Heimdal gssapi libraries */ -/* #undef HAVE_GSSHEIMDAL */ - -/* if you have the MIT gssapi libraries */ -/* #undef HAVE_GSSMIT */ - -/* Define to 1 if you have the `iconv' functions. */ -#define HAVE_ICONV 1 - -/* Define to 1 if you have the `idna_strerror' function. */ -/* #undef HAVE_IDNA_STRERROR */ - -/* Define to 1 if you have the `idn_free' function. */ -/* #undef HAVE_IDN_FREE */ - -/* Define to 1 if you have the <idn-free.h> header file. */ -/* #undef HAVE_IDN_FREE_H */ - -/* Define to 1 if you have the `inet_addr' function. */ -#define HAVE_INET_ADDR 1 - -/* Define to 1 if you have a IPv6 capable working inet_ntop function. */ -/* #undef HAVE_INET_NTOP */ - -/* Define to 1 if you have a IPv6 capable working inet_pton function. */ -/* #undef HAVE_INET_PTON */ - -/* Define to 1 if you have the <inttypes.h> header file. */ -#define HAVE_INTTYPES_H 1 - -/* Define to 1 if you have the ioctl function. */ -#define HAVE_IOCTL 1 - -/* Define to 1 if you have a working ioctl FIONBIO function. */ -#define HAVE_IOCTL_FIONBIO 1 - -/* Define to 1 if you have the ioctlsocket function. */ -/* #undef HAVE_IOCTLSOCKET */ - -/* Define to 1 if you have a working ioctlsocket FIONBIO function. */ -/* #undef HAVE_IOCTLSOCKET_FIONBIO */ - -/* Define to 1 if you have the IoctlSocket camel case function. */ -/* #undef HAVE_IOCTLSOCKET_CAMEL */ - -/* Define to 1 if you have a working IoctlSocket camel case FIONBIO - function. */ -/* #undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO */ - -/* Define to 1 if you have the <io.h> header file. */ -/* #undef HAVE_IO_H */ - -/* if you have the Kerberos4 libraries (including -ldes) */ -/* #undef HAVE_KRB4 */ - -/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */ -/* #undef HAVE_KRB_GET_OUR_IP_FOR_REALM */ - -/* Define to 1 if you have the <krb.h> header file. */ -/* #undef HAVE_KRB_H */ - -/* Define to 1 if you have the <libgen.h> header file. */ -/* #undef HAVE_LIBGEN_H 1 */ - -/* Define to 1 if you have the `idn' library (-lidn). */ -/* #undef HAVE_LIBIDN */ - -/* Define to 1 if you have the `resolv' library (-lresolv). */ -/* #undef HAVE_LIBRESOLV */ - -/* Define to 1 if you have the `resolve' library (-lresolve). */ -/* #undef HAVE_LIBRESOLVE */ - -/* Define to 1 if you have the `socket' library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ - -/* if zlib is available */ -/* #undef HAVE_LIBZ */ - -/* if your compiler supports LL */ -#define HAVE_LL 1 - -/* Define to 1 if you have the <locale.h> header file. */ -#define HAVE_LOCALE_H 1 - -/* Define to 1 if you have the `localtime_r' function. */ -#define HAVE_LOCALTIME_R 1 - -/* Define to 1 if the compiler supports the 'long long' data type. */ -#define HAVE_LONGLONG 1 - -/* Define to 1 if you need the malloc.h header file even with stdlib.h */ -/* #undef NEED_MALLOC_H */ - -/* Define to 1 if you have the <memory.h> header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the <netdb.h> header file. */ -#define HAVE_NETDB_H 1 - -/* Define to 1 if you have the <netinet/in.h> header file. */ -#define HAVE_NETINET_IN_H 1 - -/* Define to 1 if you have the <netinet/tcp.h> header file. */ -/* undef HAVE_NETINET_TCP_H */ - -/* Define to 1 if you have the <net/if.h> header file. */ -#define HAVE_NET_IF_H 1 - -/* Define if NI_WITHSCOPEID exists and works */ -/* #undef HAVE_NI_WITHSCOPEID */ - -/* we have no strerror_r() proto */ -/* #undef HAVE_NO_STRERROR_R_DECL */ - -/* Define to 1 if you have the <openssl/crypto.h> header file. */ -/* #undef HAVE_OPENSSL_CRYPTO_H */ -#define HAVE_OPENSSL_CRYPTO_H 1 - -/* Define to 1 if you have the <openssl/err.h> header file. */ -/* #undef HAVE_OPENSSL_ERR_H */ -#define HAVE_OPENSSL_ERR_H 1 - -/* Define to 1 if you have the <openssl/pem.h> header file. */ -/* #undef HAVE_OPENSSL_PEM_H */ -#define HAVE_OPENSSL_PEM_H 1 - -/* Define to 1 if you have the <openssl/pkcs12.h> header file. */ -/* #undef HAVE_OPENSSL_PKCS12_H */ -#define HAVE_OPENSSL_PKCS12_H 1 - -/* Define to 1 if you have the <openssl/rsa.h> header file. */ -/* #undef HAVE_OPENSSL_RSA_H */ -#define HAVE_OPENSSL_RSA_H 1 - -/* Define to 1 if you have the <openssl/ssl.h> header file. */ -/* #undef HAVE_OPENSSL_SSL_H */ -#define HAVE_OPENSSL_SSL_H 1 - -/* Define to 1 if you have the <openssl/x509.h> header file. */ -/* #undef HAVE_OPENSSL_X509_H */ -#define HAVE_OPENSSL_X509_H 1 - -/* Define to 1 if you have the <pem.h> header file. */ -/* #undef HAVE_PEM_H */ -#define HAVE_PEM_H 1 - -/* Define to 1 if you have the `pipe' function. */ -#define HAVE_PIPE 1 - -/* Define to 1 if you have the `poll' function. */ -/* #undef HAVE_POLL */ - -/* If you have a fine poll */ -/* #undef HAVE_POLL_FINE */ - -/* we have a POSIX-style strerror_r() */ -/* #undef HAVE_POSIX_STRERROR_R */ - -/* Define to 1 if you have the <pwd.h> header file. */ -#define HAVE_PWD_H 1 - -/* Define to 1 if you have the `RAND_egd' function. */ -/* #undef HAVE_RAND_EGD */ -#define HAVE_RAND_EGD 1 - -/* Define to 1 if you have the `RAND_screen' function. */ -/* #undef HAVE_RAND_SCREEN */ - -/* Define to 1 if you have the `RAND_status' function. */ -/* #undef HAVE_RAND_STATUS */ -#define HAVE_RAND_STATUS 1 - -/* Define to 1 if you have the `select' function. */ -#define HAVE_SELECT 1 - -/* Define to 1 if you have the <setjmp.h> header file. */ -#define HAVE_SETJMP_H 1 - -/* Define to 1 if you have the `setlocale' function. */ -#define HAVE_SETLOCALE 1 - -/* Define to 1 if you have the `setrlimit' function. */ -#define HAVE_SETRLIMIT 1 - -/* Define to 1 if you have the setsockopt function. */ -/* #undef HAVE_SETSOCKOPT */ - -/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */ -/* #undef HAVE_SETSOCKOPT_SO_NONBLOCK */ - -/* Define to 1 if you have the `sigaction' function. */ -#define HAVE_SIGACTION 1 - -/* Define to 1 if you have the `siginterrupt' function. */ -/* #undef HAVE_SIGINTERRUPT */ - -/* Define to 1 if you have the `signal' function. */ -#define HAVE_SIGNAL 1 - -/* Define to 1 if you have the <signal.h> header file. */ -#define HAVE_SIGNAL_H 1 - -/* If you have sigsetjmp */ -/* #undef HAVE_SIGSETJMP */ - -/* Define to 1 if you have the `socket' function. */ -#define HAVE_SOCKET 1 - -/* Define to 1 if you have the <ssl.h> header file. */ -/* #undef HAVE_SSL_H */ -#define HAVE_SSL_H 1 - -/* Define to 1 if you have the <stdint.h> header file. */ -#define HAVE_STDINT_H 1 - -/* Define to 1 if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the `strcasecmp' function. */ -#define HAVE_STRCASECMP 1 - -/* Define to 1 if you have the `strcmpi' function. */ -/* #undef HAVE_STRCMPI */ - -/* Define to 1 if you have the `strdup' function. */ -#define HAVE_STRDUP 1 - -/* Define to 1 if you have the `strerror_r' function. */ -#define HAVE_STRERROR_R 1 - -/* Define to 1 if you have the `stricmp' function. */ -/* #undef HAVE_STRICMP */ -#define HAVE_STRICMP 1 - -/* Define to 1 if you have the <strings.h> header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the <string.h> header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the `strstr' function. */ -#define HAVE_STRSTR 1 - -/* Define to 1 if you have the `strtok_r' function. */ -#define HAVE_STRTOK_R 1 - -/* Define to 1 if you have the `strtoll' function. */ -#define HAVE_STRTOLL 1 - -/* if struct sockaddr_storage is defined */ -/* #undef HAVE_STRUCT_SOCKADDR_STORAGE */ - -/* Define this if you have struct timeval */ -#define HAVE_STRUCT_TIMEVAL 1 - -/* Define to 1 if you have the <sys/filio.h> header file. */ -#define HAVE_SYS_FILIO_H 1 - -/* Define to 1 if you have the <sys/ioctl.h> header file. */ -#define HAVE_SYS_IOCTL_H 1 - -/* Define to 1 if you have the <sys/param.h> header file. */ -#define HAVE_SYS_PARAM_H 1 - -/* Define to 1 if you have the <sys/poll.h> header file. */ -/* #undef HAVE_SYS_POLL_H */ - -/* Define to 1 if you have the <sys/resource.h> header file. */ -#define HAVE_SYS_RESOURCE_H 1 - -/* Define to 1 if you have the <sys/select.h> header file. */ -#define HAVE_SYS_SELECT_H 1 - -/* Define to 1 if you have the <sys/socket.h> header file. */ -#define HAVE_SYS_SOCKET_H 1 - -/* Define to 1 if you have the <sys/sockio.h> header file. */ -/* #undef HAVE_SYS_SOCKIO_H */ -#define HAVE_SYS_SOCKIO_H 1 - -/* Define to 1 if you have the <sys/stat.h> header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the <sys/time.h> header file. */ -#define HAVE_SYS_TIME_H 1 - -/* Define to 1 if you have the <sys/types.h> header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the <sys/utime.h> header file. */ -/* #undef HAVE_SYS_UTIME_H */ - -/* Define to 1 if you have the <termios.h> header file. */ -/* #undef HAVE_TERMIOS_H */ - -/* Define to 1 if you have the <termio.h> header file. */ -/* #undef HAVE_TERMIO_H */ - -/* Define to 1 if you have the <time.h> header file. */ -#define HAVE_TIME_H 1 - -/* Define to 1 if you have the <tld.h> header file. */ -/* #undef HAVE_TLD_H */ - -/* Define to 1 if you have the `tld_strerror' function. */ -/* #undef HAVE_TLD_STRERROR */ - -/* Define to 1 if you have the <unistd.h> header file. */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the `utime' function. */ -#define HAVE_UTIME 1 - -/* Define to 1 if you have the <utime.h> header file. */ -#define HAVE_UTIME_H 1 - -/* Define to 1 if you have the <winsock2.h> header file. */ -/* #undef HAVE_WINSOCK2_H */ - -/* Define this symbol if your OS supports changing the contents of argv */ -/* #undef HAVE_WRITABLE_ARGV */ - -/* Define to 1 if you have the ws2tcpip.h header file. */ -/* #undef HAVE_WS2TCPIP_H */ - -/* Define to 1 if you have the <x509.h> header file. */ -/* #undef HAVE_X509_H */ - -/* if you have the zlib.h header file */ -/* #undef HAVE_ZLIB_H */ - -/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */ -/* #undef NEED_REENTRANT */ - -/* Define to 1 if _THREAD_SAFE preprocessor symbol must be defined. */ -/* #undef NEED_THREAD_SAFE */ - -/* cpu-machine-OS */ -#define OS "s390x-ibm-tpf" - -/* Name of package */ -#define PACKAGE "curl" - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT \ - "a suitable curl mailing list => https://curl.se/mail/" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "curl" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "curl -" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "curl" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "-" - -/* a suitable file to read random data from */ -/* #undef RANDOM_FILE */ - -/* Define to the type of arg 1 for `select'. */ -#define SELECT_TYPE_ARG1 int - -/* Define to the type of args 2, 3 and 4 for `select'. */ -#define SELECT_TYPE_ARG234 (fd_set *) - -/* Define to the type of arg 5 for `select'. */ -#define SELECT_TYPE_ARG5 (struct timeval *) - -/* The size of `int', as computed by sizeof. */ -#define SIZEOF_INT 4 - -/* The size of `off_t', as computed by sizeof. */ -#define SIZEOF_OFF_T 8 - -/* The size of `short', as computed by sizeof. */ -#define SIZEOF_SHORT 2 - -/* Define to the size of `long', as computed by sizeof. */ -#define SIZEOF_LONG 8 - -/* The size of `size_t', as computed by sizeof. */ -#define SIZEOF_SIZE_T 8 - -/* The size of `time_t', as computed by sizeof. */ -#define SIZEOF_TIME_T 8 - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ -#define TIME_WITH_SYS_TIME 1 - -/* Define if you want to enable ares support */ -/* #undef USE_ARES */ - -/* if GnuTLS is enabled */ -/* #undef USE_GNUTLS */ - -/* If you want to build curl with the built-in manual */ -/* #undef USE_MANUAL */ - -/* if OpenSSL is in use */ -/* #undef USE_OPENSSL */ - -/* if SSL is enabled */ -/* #undef USE_OPENSSL */ - -/* to enable SSPI support */ -/* #undef USE_WINDOWS_SSPI */ - -/* Version number of package */ -#define VERSION "not-used" - -/* Define to avoid automatic inclusion of winsock.h */ -/* #undef WIN32_LEAN_AND_MEAN */ - -/* Define to 1 if on AIX 3. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _ALL_SOURCE -/* # undef _ALL_SOURCE */ -#endif - -/* Number of bits in a file offset, on hosts where this is settable. */ -/* #undef _FILE_OFFSET_BITS */ - -/* Define for large files, on AIX-style hosts. */ -/* #undef _LARGE_FILES */ - -/* Define to empty if `const' does not conform to ANSI C. */ -/* #undef const */ - -/* type to use in place of in_addr_t if not defined */ -/* #undef in_addr_t */ - -/* Define to `unsigned' if <sys/types.h> does not define. */ -/* #undef size_t */ - -/* the signed version of size_t */ -/* #undef ssize_t */ - -/* Define to 1 if you have the recv function. */ -#define HAVE_RECV 1 - -/* Define to the type of arg 1 for recv. */ -#define RECV_TYPE_ARG1 int - -/* Define to the type of arg 2 for recv. */ -#define RECV_TYPE_ARG2 char * - -/* Define to the type of arg 3 for recv. */ -#define RECV_TYPE_ARG3 int - -/* Define to the type of arg 4 for recv. */ -#define RECV_TYPE_ARG4 int - -/* Define to the function return type for recv. */ -#define RECV_TYPE_RETV int - -/* Define to 1 if you have the recvfrom function. */ -#define HAVE_RECVFROM 1 - -/* Define to the type of arg 1 for recvfrom. */ -#define RECVFROM_TYPE_ARG1 int - -/* Define to the type pointed by arg 2 for recvfrom. */ -#define RECVFROM_TYPE_ARG2 char - -/* Define to the type of arg 3 for recvfrom. */ -#define RECVFROM_TYPE_ARG3 int - -/* Define to the type of arg 4 for recvfrom. */ -#define RECVFROM_TYPE_ARG4 int - -/* Define to the type pointed by arg 5 for recvfrom. */ -#define RECVFROM_TYPE_ARG5 struct sockaddr - -/* Define to the type pointed by arg 6 for recvfrom. */ -#define RECVFROM_TYPE_ARG6 int - -/* Define to the function return type for recvfrom. */ -#define RECVFROM_TYPE_RETV int - -/* Define to 1 if you have the send function. */ -#define HAVE_SEND 1 - -/* Define to the type of arg 1 for send. */ -#define SEND_TYPE_ARG1 int - -/* Define to the type qualifier of arg 2 for send. */ -#define SEND_QUAL_ARG2 const - -/* Define to the type of arg 2 for send. */ -#define SEND_TYPE_ARG2 char * - -/* Define to the type of arg 3 for send. */ -#define SEND_TYPE_ARG3 int - -/* Define to the type of arg 4 for send. */ -#define SEND_TYPE_ARG4 int - -/* Define to the function return type for send. */ -#define SEND_TYPE_RETV int - -#define CURL_DOES_CONVERSIONS -#ifndef CURL_ICONV_CODESET_OF_HOST -#define CURL_ICONV_CODESET_OF_HOST "IBM-1047" -#endif - - -#endif /* HEADER_CURL_CONFIG_TPF_H */ diff --git a/libs/libcurl/src/config-vxworks.h b/libs/libcurl/src/config-vxworks.h deleted file mode 100644 index af1d87345c..0000000000 --- a/libs/libcurl/src/config-vxworks.h +++ /dev/null @@ -1,811 +0,0 @@ -#ifndef HEADER_CURL_CONFIG_VXWORKS_H -#define HEADER_CURL_CONFIG_VXWORKS_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* =============================================================== */ -/* Hand crafted config file for VxWorks */ -/* =============================================================== */ - -/* Location of default ca bundle */ -/* #undef CURL_CA_BUNDLE */ - -/* Location of default ca path */ -/* #undef CURL_CA_PATH */ - -/* to disable cookies support */ -/* #undef CURL_DISABLE_COOKIES */ - -/* to disable cryptographic authentication */ -/* #undef CURL_DISABLE_CRYPTO_AUTH */ - -/* to disable DICT */ -/* #undef CURL_DISABLE_DICT */ - -/* to disable FILE */ -/* #undef CURL_DISABLE_FILE */ - -/* to disable FTP */ -#define CURL_DISABLE_FTP 1 - -/* to disable HTTP */ -/* #undef CURL_DISABLE_HTTP */ - -/* to disable LDAP */ -#define CURL_DISABLE_LDAP 1 - -/* to disable LDAPS */ -#define CURL_DISABLE_LDAPS 1 - -/* to disable NTLM authentication */ -#define CURL_DISABLE_NTLM 1 - -/* to disable proxies */ -/* #undef CURL_DISABLE_PROXY */ - -/* to disable TELNET */ -#define CURL_DISABLE_TELNET 1 - -/* to disable TFTP */ -#define CURL_DISABLE_TFTP 1 - -/* to disable verbose strings */ -/* #undef CURL_DISABLE_VERBOSE_STRINGS */ - -/* Definition to make a library symbol externally visible. */ -/* #undef CURL_EXTERN_SYMBOL */ - -/* Use Windows LDAP implementation */ -/* #undef USE_WIN32_LDAP */ - -/* your Entropy Gathering Daemon socket pathname */ -/* #undef EGD_SOCKET */ - -/* Define if you want to enable IPv6 support */ -#define ENABLE_IPV6 1 - -/* Define to 1 if you have the alarm function. */ -#define HAVE_ALARM 1 - -/* Define to 1 if you have the <alloca.h> header file. */ -#define HAVE_ALLOCA_H 1 - -/* Define to 1 if you have the <arpa/inet.h> header file. */ -#define HAVE_ARPA_INET_H 1 - -/* Define to 1 if you have the <arpa/tftp.h> header file. */ -/* #undef HAVE_ARPA_TFTP_H */ - -/* Define to 1 if you have the <assert.h> header file. */ -#define HAVE_ASSERT_H 1 - -/* Define to 1 if you have the `basename' function. */ -/* #undef HAVE_BASENAME */ - -/* Define to 1 if bool is an available type. */ -#define HAVE_BOOL_T 1 - -/* Define to 1 if you have the clock_gettime function and monotonic timer. */ -/* #undef HAVE_CLOCK_GETTIME_MONOTONIC */ - -/* Define to 1 if you have the `closesocket' function. */ -/* #undef HAVE_CLOSESOCKET */ - -/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ -#define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1 - -/* Define to 1 if you have the <dlfcn.h> header file. */ -#define HAVE_DLFCN_H 1 - -/* Define to 1 if you have the <errno.h> header file. */ -#define HAVE_ERRNO_H 1 - -/* Define to 1 if you have the fcntl function. */ -#define HAVE_FCNTL 1 - -/* Define to 1 if you have the <fcntl.h> header file. */ -#define HAVE_FCNTL_H 1 - -/* Define to 1 if you have a working fcntl O_NONBLOCK function. */ -#define HAVE_FCNTL_O_NONBLOCK 1 - -/* Define to 1 if you have the freeaddrinfo function. */ -#define HAVE_FREEADDRINFO 1 - -/* Define to 1 if you have the ftruncate function. */ -#define HAVE_FTRUNCATE 1 - -/* Define to 1 if you have a working getaddrinfo function. */ -#define HAVE_GETADDRINFO 1 - -/* Define to 1 if you have the `geteuid' function. */ -/* #undef HAVE_GETEUID */ - -/* Define to 1 if you have the gethostbyname function. */ -#define HAVE_GETHOSTBYNAME 1 - -/* Define to 1 if you have the gethostbyname_r function. */ -/* #undef HAVE_GETHOSTBYNAME_R */ - -/* gethostbyname_r() takes 3 args */ -/* #undef HAVE_GETHOSTBYNAME_R_3 */ - -/* gethostbyname_r() takes 5 args */ -/* #undef HAVE_GETHOSTBYNAME_R_5 */ - -/* gethostbyname_r() takes 6 args */ -/* #undef HAVE_GETHOSTBYNAME_R_6 */ - -/* Define to 1 if you have the gethostname function. */ -#define HAVE_GETHOSTNAME 1 - -/* Define to 1 if you have a working getifaddrs function. */ -/* #undef HAVE_GETIFADDRS */ - -/* Define to 1 if you have the `getpass_r' function. */ -/* #undef HAVE_GETPASS_R */ - -/* Define to 1 if you have the `getppid' function. */ -#define HAVE_GETPPID 1 - -/* Define to 1 if you have the `getprotobyname' function. */ -#define HAVE_GETPROTOBYNAME 1 - -/* Define to 1 if you have the `getpwuid' function. */ -/* #undef HAVE_GETPWUID */ - -/* Define to 1 if you have the `getrlimit' function. */ -#define HAVE_GETRLIMIT 1 - -/* Define to 1 if you have the `gettimeofday' function. */ -/* #undef HAVE_GETTIMEOFDAY */ - -/* Define to 1 if you have a working glibc-style strerror_r function. */ -/* #undef HAVE_GLIBC_STRERROR_R */ - -/* Define to 1 if you have a working gmtime_r function. */ -#define HAVE_GMTIME_R 1 - -/* if you have the gssapi libraries */ -/* #undef HAVE_GSSAPI */ - -/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */ -/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */ - -/* Define to 1 if you have the <gssapi/gssapi.h> header file. */ -/* #undef HAVE_GSSAPI_GSSAPI_H */ - -/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ -/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */ - -/* if you have the GNU gssapi libraries */ -/* #undef HAVE_GSSGNU */ - -/* if you have the Heimdal gssapi libraries */ -/* #undef HAVE_GSSHEIMDAL */ - -/* if you have the MIT gssapi libraries */ -/* #undef HAVE_GSSMIT */ - -/* Define to 1 if you have the `idna_strerror' function. */ -/* #undef HAVE_IDNA_STRERROR */ - -/* Define to 1 if you have the `idn_free' function. */ -/* #undef HAVE_IDN_FREE */ - -/* Define to 1 if you have the <idn-free.h> header file. */ -/* #undef HAVE_IDN_FREE_H */ - -/* Define to 1 if you have the <ifaddrs.h> header file. */ -/* #undef HAVE_IFADDRS_H */ - -/* Define to 1 if you have the `inet_addr' function. */ -#define HAVE_INET_ADDR 1 - -/* Define to 1 if you have a IPv6 capable working inet_ntop function. */ -/* #undef HAVE_INET_NTOP */ - -/* Define to 1 if you have a IPv6 capable working inet_pton function. */ -/* #undef HAVE_INET_PTON */ - -/* Define to 1 if you have the <inttypes.h> header file. */ -#define HAVE_INTTYPES_H 1 - -/* Define to 1 if you have the ioctl function. */ -#define HAVE_IOCTL 1 - -/* Define to 1 if you have the ioctlsocket function. */ -/* #undef HAVE_IOCTLSOCKET */ - -/* Define to 1 if you have the IoctlSocket camel case function. */ -/* #undef HAVE_IOCTLSOCKET_CAMEL */ - -/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function. - */ -/* #undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO */ - -/* Define to 1 if you have a working ioctlsocket FIONBIO function. */ -/* #undef HAVE_IOCTLSOCKET_FIONBIO */ - -/* Define to 1 if you have a working ioctl FIONBIO function. */ -#define HAVE_IOCTL_FIONBIO 1 - -/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */ -#define HAVE_IOCTL_SIOCGIFADDR 1 - -/* Define to 1 if you have the <io.h> header file. */ -#define HAVE_IO_H 1 - -/* if you have the Kerberos4 libraries (including -ldes) */ -/* #undef HAVE_KRB4 */ - -/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */ -/* #undef HAVE_KRB_GET_OUR_IP_FOR_REALM */ - -/* Define to 1 if you have the <krb.h> header file. */ -/* #undef HAVE_KRB_H */ - -/* Define to 1 if you have the lber.h header file. */ -/* #undef HAVE_LBER_H */ - -/* Define to 1 if you have the ldapssl.h header file. */ -/* #undef HAVE_LDAPSSL_H */ - -/* Define to 1 if you have the ldap.h header file. */ -/* #undef HAVE_LDAP_H */ - -/* Use LDAPS implementation */ -/* #undef HAVE_LDAP_SSL */ - -/* Define to 1 if you have the ldap_ssl.h header file. */ -/* #undef HAVE_LDAP_SSL_H */ - -/* Define to 1 if you have the `ldap_url_parse' function. */ -/* #undef HAVE_LDAP_URL_PARSE */ - -/* Define to 1 if you have the <libgen.h> header file. */ -/* #undef HAVE_LIBGEN_H */ - -/* Define to 1 if you have the `idn' library (-lidn). */ -/* #undef HAVE_LIBIDN */ - -/* Define to 1 if you have the `resolv' library (-lresolv). */ -/* #undef HAVE_LIBRESOLV */ - -/* Define to 1 if you have the `resolve' library (-lresolve). */ -/* #undef HAVE_LIBRESOLVE */ - -/* Define to 1 if you have the `socket' library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ - -/* Define to 1 if you have the `ssh2' library (-lssh2). */ -/* #undef HAVE_LIBSSH2 */ - -/* Define to 1 if you have the <libssh2.h> header file. */ -/* #undef HAVE_LIBSSH2_H */ - -/* Define to 1 if you have the `libssh2_version' function. */ -/* #undef HAVE_LIBSSH2_VERSION */ - -/* if zlib is available */ -#define HAVE_LIBZ 1 - -/* if your compiler supports LL */ -#define HAVE_LL 1 - -/* Define to 1 if you have the <locale.h> header file. */ -#define HAVE_LOCALE_H 1 - -/* Define to 1 if you have a working localtime_r function. */ -#define HAVE_LOCALTIME_R 1 - -/* Define to 1 if the compiler supports the 'long long' data type. */ -#define HAVE_LONGLONG 1 - -/* Define to 1 if you have the malloc.h header file. */ -#define HAVE_MALLOC_H 1 - -/* Define to 1 if you have the memory.h header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the MSG_NOSIGNAL flag. */ -/* #undef HAVE_MSG_NOSIGNAL */ - -/* Define to 1 if you have the <netdb.h> header file. */ -#define HAVE_NETDB_H 1 - -/* Define to 1 if you have the <netinet/in.h> header file. */ -#define HAVE_NETINET_IN_H 1 - -/* Define to 1 if you have the <netinet/tcp.h> header file. */ -#define HAVE_NETINET_TCP_H 1 - -/* Define to 1 if you have the <net/if.h> header file. */ -#define HAVE_NET_IF_H 1 - -/* Define to 1 if NI_WITHSCOPEID exists and works. */ -/* #undef HAVE_NI_WITHSCOPEID */ - -/* if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE - */ -/* #undef HAVE_OLD_GSSMIT */ - -/* Define to 1 if you have the <openssl/crypto.h> header file. */ -#define HAVE_OPENSSL_CRYPTO_H 1 - -/* Define to 1 if you have the <openssl/err.h> header file. */ -#define HAVE_OPENSSL_ERR_H 1 - -/* Define to 1 if you have the <openssl/pem.h> header file. */ -#define HAVE_OPENSSL_PEM_H 1 - -/* Define to 1 if you have the <openssl/pkcs12.h> header file. */ -#define HAVE_OPENSSL_PKCS12_H 1 - -/* Define to 1 if you have the <openssl/rsa.h> header file. */ -#define HAVE_OPENSSL_RSA_H 1 - -/* Define to 1 if you have the <openssl/ssl.h> header file. */ -#define HAVE_OPENSSL_SSL_H 1 - -/* Define to 1 if you have the <openssl/x509.h> header file. */ -#define HAVE_OPENSSL_X509_H 1 - -/* Define to 1 if you have the <pem.h> header file. */ -/* #undef HAVE_PEM_H */ - -/* Define to 1 if you have the `pipe' function. */ -#define HAVE_PIPE 1 - -/* Define to 1 if you have a working poll function. */ -/* #undef HAVE_POLL */ - -/* If you have a fine poll */ -/* #undef HAVE_POLL_FINE */ - -/* Define to 1 if you have the <poll.h> header file. */ -/* #undef HAVE_POLL_H */ - -/* Define to 1 if you have a working POSIX-style strerror_r function. */ -/* #undef HAVE_POSIX_STRERROR_R */ - -/* Define to 1 if you have the <pwd.h> header file. */ -/* #undef HAVE_PWD_H */ - -/* Define to 1 if you have the `RAND_egd' function. */ -#define HAVE_RAND_EGD 1 - -/* Define to 1 if you have the `RAND_screen' function. */ -/* #undef HAVE_RAND_SCREEN */ - -/* Define to 1 if you have the `RAND_status' function. */ -#define HAVE_RAND_STATUS 1 - -/* Define to 1 if you have the recv function. */ -#define HAVE_RECV 1 - -/* Define to 1 if you have the recvfrom function. */ -#define HAVE_RECVFROM 1 - -/* Define to 1 if you have the select function. */ -#define HAVE_SELECT 1 - -/* Define to 1 if you have the send function. */ -#define HAVE_SEND 1 - -/* Define to 1 if you have the <setjmp.h> header file. */ -#define HAVE_SETJMP_H 1 - -/* Define to 1 if you have the `setlocale' function. */ -#define HAVE_SETLOCALE 1 - -/* Define to 1 if you have the `setmode' function. */ -#define HAVE_SETMODE 1 - -/* Define to 1 if you have the `setrlimit' function. */ -#define HAVE_SETRLIMIT 1 - -/* Define to 1 if you have the setsockopt function. */ -#define HAVE_SETSOCKOPT 1 - -/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */ -/* #undef HAVE_SETSOCKOPT_SO_NONBLOCK */ - -/* Define to 1 if you have the sigaction function. */ -#define HAVE_SIGACTION 1 - -/* Define to 1 if you have the siginterrupt function. */ -#define HAVE_SIGINTERRUPT 1 - -/* Define to 1 if you have the signal function. */ -#define HAVE_SIGNAL 1 - -/* Define to 1 if you have the <signal.h> header file. */ -#define HAVE_SIGNAL_H 1 - -/* Define to 1 if you have the sigsetjmp function or macro. */ -/* #undef HAVE_SIGSETJMP */ - -/* Define to 1 if struct sockaddr_in6 has the sin6_scope_id member */ -#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1 - -/* Define to 1 if you have the `socket' function. */ -#define HAVE_SOCKET 1 - -/* Define to 1 if you have the <ssl.h> header file. */ -/* #undef HAVE_SSL_H */ - -/* Define to 1 if you have the <stdbool.h> header file. */ -#define HAVE_STDBOOL_H 1 - -/* Define to 1 if you have the <stdint.h> header file. */ -/* #undef HAVE_STDINT_H */ - -/* Define to 1 if you have the <stdio.h> header file. */ -#define HAVE_STDIO_H 1 - -/* Define to 1 if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the strcasecmp function. */ -#define HAVE_STRCASECMP 1 - -/* Define to 1 if you have the strcmpi function. */ -/* #undef HAVE_STRCMPI */ - -/* Define to 1 if you have the strdup function. */ -#define HAVE_STRDUP 1 - -/* Define to 1 if you have the strerror_r function. */ -#define HAVE_STRERROR_R 1 - -/* Define to 1 if you have the stricmp function. */ -/* #undef HAVE_STRICMP */ - -/* Define to 1 if you have the <strings.h> header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the <string.h> header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the strncmpi function. */ -/* #undef HAVE_STRNCMPI */ - -/* Define to 1 if you have the strnicmp function. */ -/* #undef HAVE_STRNICMP */ - -/* Define to 1 if you have the <stropts.h> header file. */ -/* #undef HAVE_STROPTS_H */ - -/* Define to 1 if you have the strstr function. */ -#define HAVE_STRSTR 1 - -/* Define to 1 if you have the strtok_r function. */ -#define HAVE_STRTOK_R 1 - -/* Define to 1 if you have the strtoll function. */ -/* #undef HAVE_STRTOLL */ - -/* if struct sockaddr_storage is defined */ -#define HAVE_STRUCT_SOCKADDR_STORAGE 1 - -/* Define to 1 if you have the timeval struct. */ -#define HAVE_STRUCT_TIMEVAL 1 - -/* Define to 1 if you have the <sys/filio.h> header file. */ -/* #undef HAVE_SYS_FILIO_H */ - -/* Define to 1 if you have the <sys/ioctl.h> header file. */ -#define HAVE_SYS_IOCTL_H 1 - -/* Define to 1 if you have the <sys/param.h> header file. */ -/* #undef HAVE_SYS_PARAM_H */ - -/* Define to 1 if you have the <sys/poll.h> header file. */ -/* #undef HAVE_SYS_POLL_H */ - -/* Define to 1 if you have the <sys/resource.h> header file. */ -#define HAVE_SYS_RESOURCE_H 1 - -/* Define to 1 if you have the <sys/select.h> header file. */ -/* #undef HAVE_SYS_SELECT_H */ - -/* Define to 1 if you have the <sys/socket.h> header file. */ -#define HAVE_SYS_SOCKET_H 1 - -/* Define to 1 if you have the <sys/sockio.h> header file. */ -/* #undef HAVE_SYS_SOCKIO_H */ - -/* Define to 1 if you have the <sys/stat.h> header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the <sys/time.h> header file. */ -/* #undef HAVE_SYS_TIME_H */ - -/* Define to 1 if you have the <sys/types.h> header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the <sys/uio.h> header file. */ -#define HAVE_SYS_UIO_H 1 - -/* Define to 1 if you have the <sys/un.h> header file. */ -#define HAVE_SYS_UN_H 1 - -/* Define to 1 if you have the <sys/utime.h> header file. */ -#define HAVE_SYS_UTIME_H 1 - -/* Define to 1 if you have the <termios.h> header file. */ -#define HAVE_TERMIOS_H 1 - -/* Define to 1 if you have the <termio.h> header file. */ -#define HAVE_TERMIO_H 1 - -/* Define to 1 if you have the <time.h> header file. */ -#define HAVE_TIME_H 1 - -/* Define to 1 if you have the <tld.h> header file. */ -/* #undef HAVE_TLD_H */ - -/* Define to 1 if you have the `tld_strerror' function. */ -/* #undef HAVE_TLD_STRERROR */ - -/* Define to 1 if you have the `uname' function. */ -#define HAVE_UNAME 1 - -/* Define to 1 if you have the <unistd.h> header file. */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the `utime' function. */ -#define HAVE_UTIME 1 - -/* Define to 1 if you have the <utime.h> header file. */ -#define HAVE_UTIME_H 1 - -/* Define to 1 if compiler supports C99 variadic macro style. */ -#define HAVE_VARIADIC_MACROS_C99 1 - -/* Define to 1 if compiler supports old gcc variadic macro style. */ -#define HAVE_VARIADIC_MACROS_GCC 1 - -/* Define to 1 if you have a working vxworks-style strerror_r function. */ -#define HAVE_VXWORKS_STRERROR_R 1 - -/* Define to 1 if you have the winber.h header file. */ -/* #undef HAVE_WINBER_H */ - -/* Define to 1 if you have the windows.h header file. */ -/* #undef HAVE_WINDOWS_H */ - -/* Define to 1 if you have the winldap.h header file. */ -/* #undef HAVE_WINLDAP_H */ - -/* Define to 1 if you have the winsock2.h header file. */ -/* #undef HAVE_WINSOCK2_H */ - -/* Define this symbol if your OS supports changing the contents of argv */ -#define HAVE_WRITABLE_ARGV 1 - -/* Define to 1 if you have the writev function. */ -#define HAVE_WRITEV 1 - -/* Define to 1 if you have the ws2tcpip.h header file. */ -/* #undef HAVE_WS2TCPIP_H */ - -/* Define to 1 if you have the <x509.h> header file. */ -/* #undef HAVE_X509_H */ - -/* if you have the zlib.h header file */ -#define HAVE_ZLIB_H 1 - -/* Define to 1 if you need the lber.h header file even with ldap.h */ -/* #undef NEED_LBER_H */ - -/* Define to 1 if you need the malloc.h header file even with stdlib.h */ -/* #undef NEED_MALLOC_H */ - -/* Define to 1 if you need the memory.h header file even with stdlib.h */ -/* #undef NEED_MEMORY_H */ - -/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */ -/* #undef NEED_REENTRANT */ - -/* Define to 1 if _THREAD_SAFE preprocessor symbol must be defined. */ -/* #undef NEED_THREAD_SAFE */ - -/* Define to 1 if the open function requires three arguments. */ -#define OPEN_NEEDS_ARG3 1 - -/* cpu-machine-OS */ -#define OS "unknown-unknown-vxworks" - -/* Name of package */ -#define PACKAGE "curl" - -/* a suitable file to read random data from */ -#define RANDOM_FILE "/dev/urandom" - -/* Define to the type of arg 1 for recvfrom. */ -#define RECVFROM_TYPE_ARG1 int - -/* Define to the type pointed by arg 2 for recvfrom. */ -#define RECVFROM_TYPE_ARG2 void - -/* Define to 1 if the type pointed by arg 2 for recvfrom is void. */ -#define RECVFROM_TYPE_ARG2_IS_VOID 1 - -/* Define to the type of arg 3 for recvfrom. */ -#define RECVFROM_TYPE_ARG3 size_t - -/* Define to the type of arg 4 for recvfrom. */ -#define RECVFROM_TYPE_ARG4 int - -/* Define to the type pointed by arg 5 for recvfrom. */ -#define RECVFROM_TYPE_ARG5 struct sockaddr - -/* Define to 1 if the type pointed by arg 5 for recvfrom is void. */ -/* #undef RECVFROM_TYPE_ARG5_IS_VOID */ - -/* Define to the type pointed by arg 6 for recvfrom. */ -#define RECVFROM_TYPE_ARG6 socklen_t - -/* Define to 1 if the type pointed by arg 6 for recvfrom is void. */ -/* #undef RECVFROM_TYPE_ARG6_IS_VOID */ - -/* Define to the function return type for recvfrom. */ -#define RECVFROM_TYPE_RETV int - -/* Define to the type of arg 1 for recv. */ -#define RECV_TYPE_ARG1 int - -/* Define to the type of arg 2 for recv. */ -#define RECV_TYPE_ARG2 void * - -/* Define to the type of arg 3 for recv. */ -#define RECV_TYPE_ARG3 size_t - -/* Define to the type of arg 4 for recv. */ -#define RECV_TYPE_ARG4 int - -/* Define to the function return type for recv. */ -#define RECV_TYPE_RETV int - -/* Define to the type qualifier of arg 5 for select. */ -#define SELECT_QUAL_ARG5 - -/* Define to the type of arg 1 for select. */ -#define SELECT_TYPE_ARG1 int - -/* Define to the type of args 2, 3 and 4 for select. */ -#define SELECT_TYPE_ARG234 fd_set * - -/* Define to the type of arg 5 for select. */ -#define SELECT_TYPE_ARG5 struct timeval * - -/* Define to the function return type for select. */ -#define SELECT_TYPE_RETV int - -/* Define to the type qualifier of arg 2 for send. */ -#define SEND_QUAL_ARG2 const - -/* Define to the type of arg 1 for send. */ -#define SEND_TYPE_ARG1 int - -/* Define to the type of arg 2 for send. */ -#define SEND_TYPE_ARG2 void * - -/* Define to the type of arg 3 for send. */ -#define SEND_TYPE_ARG3 size_t - -/* Define to the type of arg 4 for send. */ -#define SEND_TYPE_ARG4 int - -/* Define to the function return type for send. */ -#define SEND_TYPE_RETV int - -/* The size of `int', as computed by sizeof. */ -#define SIZEOF_INT 4 - -/* The size of `long', as computed by sizeof. */ -#define SIZEOF_LONG 4 - -/* The size of `off_t', as computed by sizeof. */ -#define SIZEOF_OFF_T 8 - -/* The size of `short', as computed by sizeof. */ -#define SIZEOF_SHORT 2 - -/* The size of `size_t', as computed by sizeof. */ -#define SIZEOF_SIZE_T 4 - -/* The size of `time_t', as computed by sizeof. */ -#define SIZEOF_TIME_T 4 - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define to the type of arg 3 for strerror_r. */ -/* #undef STRERROR_R_TYPE_ARG3 */ - -/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ -/* #undef TIME_WITH_SYS_TIME */ - -/* Define if you want to enable c-ares support */ -/* #undef USE_ARES */ - -/* if GnuTLS is enabled */ -/* #undef USE_GNUTLS */ - -/* if libSSH2 is in use */ -/* #undef USE_LIBSSH2 */ - -/* If you want to build curl with the built-in manual */ -#define USE_MANUAL 1 - -/* if NSS is enabled */ -/* #undef USE_NSS */ - -/* if OpenSSL is in use */ -#define USE_OPENSSL 1 - -/* Define to 1 if you are building a Windows target without large file - support. */ -/* #undef USE_WIN32_LARGE_FILES */ - -/* to enable SSPI support */ -/* #undef USE_WINDOWS_SSPI */ - -/* Define to 1 if using yaSSL in OpenSSL compatibility mode. */ -/* #undef USE_YASSLEMUL */ - -/* Define to avoid automatic inclusion of winsock.h */ -/* #undef WIN32_LEAN_AND_MEAN */ - -/* Define to 1 if OS is AIX. */ -#ifndef _ALL_SOURCE -/* # undef _ALL_SOURCE */ -#endif - -/* Number of bits in a file offset, on hosts where this is settable. */ -/* #undef _FILE_OFFSET_BITS */ - -/* Define for large files, on AIX-style hosts. */ -/* #undef _LARGE_FILES */ - -/* Define to empty if `const' does not conform to ANSI C. */ -/* #undef const */ - -/* Type to use in place of in_addr_t when system does not provide it. */ -/* #undef in_addr_t */ - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -/* #undef inline */ -#endif - -/* Define to `unsigned int' if <sys/types.h> does not define. */ -/* #undef size_t */ - -/* the signed version of size_t */ -/* #undef ssize_t */ - -#endif /* HEADER_CURL_CONFIG_VXWORKS_H */ diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h index ef98f6cbdf..712437009b 100644 --- a/libs/libcurl/src/config-win32.h +++ b/libs/libcurl/src/config-win32.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -124,8 +124,7 @@ #define HAVE_TIME_H 1 /* Define if you have the <unistd.h> header file. */ -#if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__LCC__) || \ - defined(__POCC__) +#if defined(__MINGW32__) || defined(__LCC__) || defined(__POCC__) #define HAVE_UNISTD_H 1 #endif @@ -225,10 +224,6 @@ /* Define if you have the socket function. */ #define HAVE_SOCKET 1 -/* Define if libSSH2 is in use */ -#define USE_LIBSSH2 1 -#define HAVE_LIBSSH2_H 1 - /* Define if you have the strcasecmp function. */ #ifdef __MINGW32__ #define HAVE_STRCASECMP 1 @@ -250,7 +245,7 @@ #define HAVE_STRSTR 1 /* Define if you have the strtoll function. */ -#if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__POCC__) || \ +#if defined(__MINGW32__) || defined(__POCC__) || \ (defined(_MSC_VER) && (_MSC_VER >= 1800)) #define HAVE_STRTOLL 1 #endif @@ -332,9 +327,7 @@ /* Define if ssize_t is not an available 'typedefed' type. */ #ifndef _SSIZE_T_DEFINED -# if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || \ - defined(__POCC__) || \ - defined(__MINGW32__) +# if defined(__POCC__) || defined(__MINGW32__) # elif defined(_WIN64) # define _SSIZE_T_DEFINED # define ssize_t __int64 @@ -444,7 +437,7 @@ #endif /* Define if the compiler supports the 'long long' data type. */ -#if defined(__MINGW32__) || defined(__WATCOMC__) || \ +#if defined(__MINGW32__) || \ (defined(_MSC_VER) && (_MSC_VER >= 1310)) || \ (defined(__BORLANDC__) && (__BORLANDC__ >= 0x561)) #define HAVE_LONGLONG 1 @@ -608,10 +601,6 @@ Vista # define USE_WIN32_LARGE_FILES #endif -#if defined(__WATCOMC__) && !defined(USE_WIN32_LARGE_FILES) -# define USE_WIN32_LARGE_FILES -#endif - #if defined(__POCC__) # undef USE_WIN32_LARGE_FILES #endif @@ -658,20 +647,10 @@ Vista #define USE_WIN32_LDAP 1 #endif -#if defined(__WATCOMC__) && defined(USE_WIN32_LDAP) -#if __WATCOMC__ < 1280 -#define WINBERAPI __declspec(cdecl) -#define WINLDAPAPI __declspec(cdecl) -#endif -#endif - #if defined(__POCC__) && defined(USE_WIN32_LDAP) # define CURL_DISABLE_LDAP 1 #endif -/* if SSL is enabled */ -#define USE_OPENSSL 1 - /* Define to use the Windows crypto library. */ #if !defined(CURL_WINDOWS_APP) #define USE_WIN32_CRYPTO diff --git a/libs/libcurl/src/config-win32ce.h b/libs/libcurl/src/config-win32ce.h index 889028b269..ca197d69bc 100644 --- a/libs/libcurl/src/config-win32ce.h +++ b/libs/libcurl/src/config-win32ce.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -103,7 +103,7 @@ #define HAVE_TIME_H 1 /* Define if you have the <unistd.h> header file. */ -#if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__LCC__) +#if defined(__MINGW32__) || defined(__LCC__) #define HAVE_UNISTD_H 1 #endif @@ -191,7 +191,7 @@ #define HAVE_STRSTR 1 /* Define if you have the strtoll function. */ -#if defined(__MINGW32__) || defined(__WATCOMC__) +#if defined(__MINGW32__) #define HAVE_STRTOLL 1 #endif @@ -269,7 +269,7 @@ #define in_addr_t unsigned long /* Define ssize_t if it is not an available 'typedefed' type */ -#if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || defined(__POCC__) +#if defined(__POCC__) #elif defined(_WIN64) #define ssize_t __int64 #else diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c index fec1937f0b..aa29620fa3 100644 --- a/libs/libcurl/src/conncache.c +++ b/libs/libcurl/src/conncache.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se> - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -132,13 +132,11 @@ void Curl_conncache_destroy(struct conncache *connc) } /* creates a key to find a bundle for this connection */ -static void hashkey(struct connectdata *conn, char *buf, - size_t len, /* something like 128 is fine */ - const char **hostp) +static void hashkey(struct connectdata *conn, char *buf, size_t len) { const char *hostname; long port = conn->remote_port; - + DEBUGASSERT(len >= HASHKEY_SIZE); #ifndef CURL_DISABLE_PROXY if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { hostname = conn->http_proxy.host.name; @@ -151,12 +149,12 @@ static void hashkey(struct connectdata *conn, char *buf, else hostname = conn->host.name; - if(hostp) - /* report back which name we used */ - *hostp = hostname; - - /* put the number first so that the hostname gets cut off if too long */ - msnprintf(buf, len, "%ld%s", port, hostname); + /* put the numbers first so that the hostname gets cut off if too long */ +#ifdef ENABLE_IPV6 + msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname); +#else + msnprintf(buf, len, "%ld/%s", port, hostname); +#endif Curl_strntolower(buf, buf, len); } @@ -179,27 +177,24 @@ size_t Curl_conncache_size(struct Curl_easy *data) struct connectbundle * Curl_conncache_find_bundle(struct Curl_easy *data, struct connectdata *conn, - struct conncache *connc, - const char **hostp) + struct conncache *connc) { struct connectbundle *bundle = NULL; CONNCACHE_LOCK(data); if(connc) { char key[HASHKEY_SIZE]; - hashkey(conn, key, sizeof(key), hostp); + hashkey(conn, key, sizeof(key)); bundle = Curl_hash_pick(&connc->hash, key, strlen(key)); } return bundle; } -static bool conncache_add_bundle(struct conncache *connc, - char *key, - struct connectbundle *bundle) +static void *conncache_add_bundle(struct conncache *connc, + char *key, + struct connectbundle *bundle) { - void *p = Curl_hash_add(&connc->hash, key, strlen(key), bundle); - - return p?TRUE:FALSE; + return Curl_hash_add(&connc->hash, key, strlen(key), bundle); } static void conncache_remove_bundle(struct conncache *connc, @@ -235,10 +230,8 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data) DEBUGASSERT(conn); /* *find_bundle() locks the connection cache */ - bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache, - NULL); + bundle = Curl_conncache_find_bundle(data, conn, data->state.conn_cache); if(!bundle) { - int rc; char key[HASHKEY_SIZE]; result = bundle_create(&bundle); @@ -246,10 +239,9 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data) goto unlock; } - hashkey(conn, key, sizeof(key), NULL); - rc = conncache_add_bundle(data->state.conn_cache, key, bundle); + hashkey(conn, key, sizeof(key)); - if(!rc) { + if(!conncache_add_bundle(data->state.conn_cache, key, bundle)) { bundle_destroy(bundle); result = CURLE_OUT_OF_MEMORY; goto unlock; @@ -410,7 +402,7 @@ bool Curl_conncache_return_conn(struct Curl_easy *data, conn_candidate = Curl_conncache_extract_oldest(data); if(conn_candidate) { /* the winner gets the honour of being disconnected */ - (void)Curl_disconnect(data, conn_candidate, /* dead_connection */ FALSE); + Curl_disconnect(data, conn_candidate, /* dead_connection */ FALSE); } } @@ -535,6 +527,7 @@ void Curl_conncache_close_all_connections(struct conncache *connc) { struct connectdata *conn; char buffer[READBUFFER_MIN + 1]; + SIGPIPE_VARIABLE(pipe_st); if(!connc->closure_handle) return; connc->closure_handle->state.buffer = buffer; @@ -542,27 +535,23 @@ void Curl_conncache_close_all_connections(struct conncache *connc) conn = conncache_find_first_connection(connc); while(conn) { - SIGPIPE_VARIABLE(pipe_st); sigpipe_ignore(connc->closure_handle, &pipe_st); /* This will remove the connection from the cache */ connclose(conn, "kill all"); Curl_conncache_remove_conn(connc->closure_handle, conn, TRUE); - (void)Curl_disconnect(connc->closure_handle, conn, FALSE); + Curl_disconnect(connc->closure_handle, conn, FALSE); sigpipe_restore(&pipe_st); conn = conncache_find_first_connection(connc); } connc->closure_handle->state.buffer = NULL; - if(connc->closure_handle) { - SIGPIPE_VARIABLE(pipe_st); - sigpipe_ignore(connc->closure_handle, &pipe_st); + sigpipe_ignore(connc->closure_handle, &pipe_st); - Curl_hostcache_clean(connc->closure_handle, - connc->closure_handle->dns.hostcache); - Curl_close(&connc->closure_handle); - sigpipe_restore(&pipe_st); - } + Curl_hostcache_clean(connc->closure_handle, + connc->closure_handle->dns.hostcache); + Curl_close(&connc->closure_handle); + sigpipe_restore(&pipe_st); } #if 0 diff --git a/libs/libcurl/src/conncache.h b/libs/libcurl/src/conncache.h index e9c1e32f87..ef11dcfd29 100644 --- a/libs/libcurl/src/conncache.h +++ b/libs/libcurl/src/conncache.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2015 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se> * * This software is licensed as described in the file COPYING, which @@ -87,8 +87,7 @@ void Curl_conncache_destroy(struct conncache *connc); /* return the correct bundle, to a host or a proxy */ struct connectbundle *Curl_conncache_find_bundle(struct Curl_easy *data, struct connectdata *conn, - struct conncache *connc, - const char **hostp); + struct conncache *connc); /* returns number of connections currently held in the connection cache */ size_t Curl_conncache_size(struct Curl_easy *data); diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c index 5252f9714d..9bcf525ebb 100644 --- a/libs/libcurl/src/connect.c +++ b/libs/libcurl/src/connect.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -74,6 +74,7 @@ #include "warnless.h" #include "conncache.h" #include "multihandle.h" +#include "share.h" #include "version_win32.h" #include "quic.h" #include "socks.h" @@ -137,6 +138,14 @@ tcpkeepalive(struct Curl_easy *data, (void *)&optval, sizeof(optval)) < 0) { infof(data, "Failed to set TCP_KEEPIDLE on fd %d", sockfd); } +#elif defined(TCP_KEEPALIVE) + /* Mac OS X style */ + optval = curlx_sltosi(data->set.tcp_keepidle); + KEEPALIVE_FACTOR(optval); + if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE, + (void *)&optval, sizeof(optval)) < 0) { + infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd); + } #endif #ifdef TCP_KEEPINTVL optval = curlx_sltosi(data->set.tcp_keepintvl); @@ -146,15 +155,6 @@ tcpkeepalive(struct Curl_easy *data, infof(data, "Failed to set TCP_KEEPINTVL on fd %d", sockfd); } #endif -#ifdef TCP_KEEPALIVE - /* Mac OS X style */ - optval = curlx_sltosi(data->set.tcp_keepidle); - KEEPALIVE_FACTOR(optval); - if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE, - (void *)&optval, sizeof(optval)) < 0) { - infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd); - } -#endif #endif } } @@ -257,6 +257,9 @@ static CURLcode bindlocal(struct Curl_easy *data, #ifdef IP_BIND_ADDRESS_NO_PORT int on = 1; #endif +#ifndef ENABLE_IPV6 + (void)scope; +#endif /************************************************************* * Select device to bind socket to @@ -314,8 +317,11 @@ static CURLcode bindlocal(struct Curl_easy *data, } #endif - switch(Curl_if2ip(af, scope, conn->scope_id, dev, - myhost, sizeof(myhost))) { + switch(Curl_if2ip(af, +#ifdef ENABLE_IPV6 + scope, conn->scope_id, +#endif + dev, myhost, sizeof(myhost))) { case IF2IP_NOT_FOUND: if(is_interface) { /* Do not fall back to treating it as a host name */ @@ -617,6 +623,7 @@ void Curl_persistconninfo(struct Curl_easy *data, struct connectdata *conn, data->info.conn_scheme = conn->handler->scheme; data->info.conn_protocol = conn->handler->protocol; data->info.conn_primary_port = conn->port; + data->info.conn_remote_port = conn->remote_port; data->info.conn_local_port = local_port; } @@ -1481,7 +1488,11 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, find.id_tofind = data->state.lastconnect_id; find.found = NULL; - Curl_conncache_foreach(data, data->multi_easy? + Curl_conncache_foreach(data, + data->share && (data->share->specifier + & (1<< CURL_LOCK_DATA_CONNECT))? + &data->share->conn_cache: + data->multi_easy? &data->multi_easy->conn_cache: &data->multi->conn_cache, &find, conn_is_conn); diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c index d418efa33d..0c2d49b478 100644 --- a/libs/libcurl/src/cookie.c +++ b/libs/libcurl/src/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -427,7 +427,15 @@ static void remove_expired(struct CookieInfo *cookies) /* Make sure domain contains a dot or is localhost. */ static bool bad_domain(const char *domain) { - return !strchr(domain, '.') && !strcasecompare(domain, "localhost"); + if(strcasecompare(domain, "localhost")) + return FALSE; + else { + /* there must be a dot present, but that dot must not be a trailing dot */ + char *dot = strchr(domain, '.'); + if(dot) + return dot[1] ? FALSE : TRUE; + } + return TRUE; } /* @@ -1188,12 +1196,15 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, fp = stdin; fromfile = FALSE; } - else if(file && !*file) { - /* points to a "" string */ + else if(!file || !*file) { + /* points to an empty string or NULL */ fp = NULL; } - else - fp = file?fopen(file, FOPEN_READTEXT):NULL; + else { + fp = fopen(file, FOPEN_READTEXT); + if(!fp) + infof(data, "WARNING: failed to open cookie file \"%s\"", file); + } c->newsession = newsession; /* new session? */ @@ -1227,7 +1238,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, */ remove_expired(c); - if(fromfile) + if(fromfile && fp) fclose(fp); } diff --git a/libs/libcurl/src/curl_base64.h b/libs/libcurl/src/curl_base64.h index d48edc4241..4cb9d73537 100644 --- a/libs/libcurl/src/curl_base64.h +++ b/libs/libcurl/src/curl_base64.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,13 +22,10 @@ * ***************************************************************************/ -CURLcode Curl_base64_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen); -CURLcode Curl_base64url_encode(struct Curl_easy *data, - const char *inputbuff, size_t insize, +CURLcode Curl_base64url_encode(const char *inputbuff, size_t insize, char **outptr, size_t *outlen); - CURLcode Curl_base64_decode(const char *src, unsigned char **outptr, size_t *outlen); diff --git a/libs/libcurl/src/curl_config.h.cmake b/libs/libcurl/src/curl_config.h.cmake index d2a0f438cc..6b55a3c551 100644 --- a/libs/libcurl/src/curl_config.h.cmake +++ b/libs/libcurl/src/curl_config.h.cmake @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -949,6 +949,9 @@ ${SIZEOF_TIME_T_CODE} /* Define to 1 if you have the quiche_conn_set_qlog_fd function. */ #cmakedefine HAVE_QUICHE_CONN_SET_QLOG_FD 1 +/* to enable msh3 */ +#cmakedefine USE_MSH3 1 + /* if Unix domain sockets are enabled */ #cmakedefine USE_UNIX_SOCKETS diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in index 2bce4ecc48..40176f9325 100644 --- a/libs/libcurl/src/curl_config.h.in +++ b/libs/libcurl/src/curl_config.h.in @@ -446,6 +446,9 @@ /* Define to 1 if you have the MSG_NOSIGNAL flag. */ #undef HAVE_MSG_NOSIGNAL +/* Define to 1 if you have the <msh3.h> header file. */ +#undef HAVE_MSH3_H + /* Define to 1 if you have the <netdb.h> header file. */ #undef HAVE_NETDB_H @@ -492,7 +495,8 @@ /* Define to 1 if you have the <openssl/rsa.h> header file. */ #undef HAVE_OPENSSL_RSA_H -/* if you have the function SRP_Calc_client_key */ +/* if you have the functions SSL_CTX_set_srp_username and + SSL_CTX_set_srp_password */ #undef HAVE_OPENSSL_SRP /* Define to 1 if you have the <openssl/ssl.h> header file. */ @@ -938,6 +942,9 @@ /* GSASL support enabled */ #undef USE_GSASL +/* enable headers-api */ +#undef USE_HEADERS_API + /* if hyper is in use */ #undef USE_HYPER @@ -959,8 +966,8 @@ /* if mbedTLS is enabled */ #undef USE_MBEDTLS -/* if MesaLink is enabled */ -#undef USE_MESALINK +/* if msh3 is in use */ +#undef USE_MSH3 /* if nghttp2 is in use */ #undef USE_NGHTTP2 diff --git a/libs/libcurl/src/curl_ctype.c b/libs/libcurl/src/curl_ctype.c index d6cd08a077..233a69e76f 100644 --- a/libs/libcurl/src/curl_ctype.c +++ b/libs/libcurl/src/curl_ctype.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,8 +22,6 @@ #include "curl_setup.h" -#ifndef CURL_DOES_CONVERSIONS - #undef _U #define _U (1<<0) /* upper case */ #undef _L @@ -130,4 +128,3 @@ int Curl_iscntrl(int c) return (ascii[c] & (_C)); } -#endif /* !CURL_DOES_CONVERSIONS */ diff --git a/libs/libcurl/src/curl_ctype.h b/libs/libcurl/src/curl_ctype.h index 17dfaa0942..2fa749dca9 100644 --- a/libs/libcurl/src/curl_ctype.h +++ b/libs/libcurl/src/curl_ctype.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,32 +24,6 @@ #include "curl_setup.h" -#ifdef CURL_DOES_CONVERSIONS - -/* - * Uppercase macro versions of ANSI/ISO is*() functions/macros which - * avoid negative number inputs with argument byte codes > 127. - * - * For non-ASCII platforms the C library character classification routines - * are used despite being locale-dependent, because this is better than - * not to work at all. - */ -#include <ctype.h> - -#define ISSPACE(x) (isspace((int) ((unsigned char)x))) -#define ISDIGIT(x) (isdigit((int) ((unsigned char)x))) -#define ISALNUM(x) (isalnum((int) ((unsigned char)x))) -#define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x))) -#define ISGRAPH(x) (isgraph((int) ((unsigned char)x))) -#define ISALPHA(x) (isalpha((int) ((unsigned char)x))) -#define ISPRINT(x) (isprint((int) ((unsigned char)x))) -#define ISUPPER(x) (isupper((int) ((unsigned char)x))) -#define ISLOWER(x) (islower((int) ((unsigned char)x))) -#define ISCNTRL(x) (iscntrl((int) ((unsigned char)x))) -#define ISASCII(x) (isascii((int) ((unsigned char)x))) - -#else - int Curl_isspace(int c); int Curl_isdigit(int c); int Curl_isalnum(int c); @@ -73,8 +47,6 @@ int Curl_iscntrl(int c); #define ISCNTRL(x) (Curl_iscntrl((int) ((unsigned char)x))) #define ISASCII(x) (((x) >= 0) && ((x) <= 0x80)) -#endif - #define ISBLANK(x) (int)((((unsigned char)x) == ' ') || \ (((unsigned char)x) == '\t')) diff --git a/libs/libcurl/src/curl_des.c b/libs/libcurl/src/curl_des.c index 76185cbf21..5f28ef4f33 100644 --- a/libs/libcurl/src/curl_des.c +++ b/libs/libcurl/src/curl_des.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,7 +22,12 @@ #include "curl_setup.h" -#if defined(USE_NTLM) && !defined(USE_OPENSSL) && !defined(USE_WOLFSSL) +#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ + (defined(USE_GNUTLS) || \ + defined(USE_NSS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ + defined(USE_WIN32_CRYPTO)) #include "curl_des.h" @@ -60,4 +65,4 @@ void Curl_des_set_odd_parity(unsigned char *bytes, size_t len) } } -#endif /* USE_NTLM && !USE_OPENSSL */ +#endif diff --git a/libs/libcurl/src/curl_des.h b/libs/libcurl/src/curl_des.h index 438706a0d2..3d0fd92600 100644 --- a/libs/libcurl/src/curl_des.h +++ b/libs/libcurl/src/curl_des.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2020, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,11 +24,16 @@ #include "curl_setup.h" -#if defined(USE_NTLM) && !defined(USE_OPENSSL) +#if defined(USE_CURL_NTLM_CORE) && !defined(USE_WOLFSSL) && \ + (defined(USE_GNUTLS) || \ + defined(USE_NSS) || \ + defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || \ + defined(USE_WIN32_CRYPTO)) /* Applies odd parity to the given byte array */ void Curl_des_set_odd_parity(unsigned char *bytes, size_t length); -#endif /* USE_NTLM && !USE_OPENSSL */ +#endif #endif /* HEADER_CURL_DES_H */ diff --git a/libs/libcurl/src/curl_gssapi.c b/libs/libcurl/src/curl_gssapi.c index 8f340562bc..1543a0ff46 100644 --- a/libs/libcurl/src/curl_gssapi.c +++ b/libs/libcurl/src/curl_gssapi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -60,7 +60,7 @@ OM_uint32 Curl_gss_init_sec_context( #ifdef GSS_C_DELEG_POLICY_FLAG req_flags |= GSS_C_DELEG_POLICY_FLAG; #else - infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not " + infof(data, "WARNING: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not " "compiled in"); #endif } diff --git a/libs/libcurl/src/curl_multibyte.c b/libs/libcurl/src/curl_multibyte.c index e9d2a8cb88..32c03a5b71 100644 --- a/libs/libcurl/src/curl_multibyte.c +++ b/libs/libcurl/src/curl_multibyte.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -104,7 +104,7 @@ int curlx_win32_open(const char *filename, int oflag, ...) #ifdef _UNICODE if(filename_w) { result = _wopen(filename_w, oflag, pmode); - free(filename_w); + curlx_unicodefree(filename_w); } else errno = EINVAL; @@ -124,8 +124,8 @@ FILE *curlx_win32_fopen(const char *filename, const char *mode) result = _wfopen(filename_w, mode_w); else errno = EINVAL; - free(filename_w); - free(mode_w); + curlx_unicodefree(filename_w); + curlx_unicodefree(mode_w); return result; #else return (fopen)(filename, mode); @@ -143,7 +143,7 @@ int curlx_win32_stat(const char *path, struct_stat *buffer) #else result = _wstati64(path_w, buffer); #endif - free(path_w); + curlx_unicodefree(path_w); } else errno = EINVAL; @@ -164,7 +164,7 @@ int curlx_win32_access(const char *path, int mode) wchar_t *path_w = curlx_convert_UTF8_to_wchar(path); if(path_w) { result = _waccess(path_w, mode); - free(path_w); + curlx_unicodefree(path_w); } else errno = EINVAL; diff --git a/libs/libcurl/src/curl_ntlm_core.c b/libs/libcurl/src/curl_ntlm_core.c index ed123d0c1c..f3b8b130f1 100644 --- a/libs/libcurl/src/curl_ntlm_core.c +++ b/libs/libcurl/src/curl_ntlm_core.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -108,7 +108,6 @@ #endif #include "urldata.h" -#include "non-ascii.h" #include "strcase.h" #include "curl_ntlm_core.h" #include "curl_md5.h" @@ -402,11 +401,9 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, /* * Set up lanmanager hashed password */ -CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, unsigned char *lmbuffer /* 21 bytes */) { - CURLcode result; unsigned char pw[14]; static const unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */ @@ -416,14 +413,6 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, Curl_strntoupper((char *)pw, password, len); memset(&pw[len], 0, 14 - len); - /* - * The LanManager hashed password needs to be created using the - * password in the network encoding not the host encoding. - */ - result = Curl_convert_to_network(data, (char *)pw, 14); - if(result) - return result; - { /* Create LanManager hashed password. */ @@ -455,7 +444,6 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, return CURLE_OK; } -#ifdef USE_NTRESPONSES static void ascii_to_unicode_le(unsigned char *dest, const char *src, size_t srclen) { @@ -466,7 +454,7 @@ static void ascii_to_unicode_le(unsigned char *dest, const char *src, } } -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) static void ascii_uppercase_to_unicode_le(unsigned char *dest, const char *src, size_t srclen) @@ -478,19 +466,17 @@ static void ascii_uppercase_to_unicode_le(unsigned char *dest, } } -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ +#endif /* !USE_WINDOWS_SSPI */ /* * Set up nt hashed passwords * @unittest: 1600 */ -CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_nt_hash(const char *password, unsigned char *ntbuffer /* 21 bytes */) { size_t len = strlen(password); unsigned char *pw; - CURLcode result; if(len > SIZE_T_MAX/2) /* avoid integer overflow */ return CURLE_OUT_OF_MEMORY; pw = len ? malloc(len * 2) : (unsigned char *)strdup(""); @@ -499,22 +485,16 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, ascii_to_unicode_le(pw, password, len); - /* - * The NT hashed password needs to be created using the password in the - * network encoding not the host encoding. - */ - result = Curl_convert_to_network(data, (char *)pw, len * 2); - if(!result) { - /* Create NT hashed password. */ - Curl_md4it(ntbuffer, pw, 2 * len); - memset(ntbuffer + 16, 0, 21 - 16); - } + /* Create NT hashed password. */ + Curl_md4it(ntbuffer, pw, 2 * len); + memset(ntbuffer + 16, 0, 21 - 16); + free(pw); - return result; + return CURLE_OK; } -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) /* Timestamp in tenths of a microsecond since January 1, 1601 00:00:00 UTC. */ struct ms_filetime { @@ -730,8 +710,6 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, return result; } -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ - -#endif /* USE_NTRESPONSES */ +#endif /* !USE_WINDOWS_SSPI */ #endif /* USE_CURL_NTLM_CORE */ diff --git a/libs/libcurl/src/curl_ntlm_core.h b/libs/libcurl/src/curl_ntlm_core.h index 02b39d4858..5e52bb26de 100644 --- a/libs/libcurl/src/curl_ntlm_core.h +++ b/libs/libcurl/src/curl_ntlm_core.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -42,22 +42,6 @@ # include <openssl/ssl.h> #endif -/* Define USE_NTRESPONSES in order to make the type-3 message include - * the NT response message. */ -#define USE_NTRESPONSES - -/* Define USE_NTLM2SESSION in order to make the type-3 message include the - NTLM2Session response message, requires USE_NTRESPONSES defined to 1 */ -#if defined(USE_NTRESPONSES) -#define USE_NTLM2SESSION -#endif - -/* Define USE_NTLM_V2 in order to allow the type-3 message to include the - LMv2 and NTLMv2 response messages, requires USE_NTRESPONSES defined to 1 */ -#if defined(USE_NTRESPONSES) -#define USE_NTLM_V2 -#endif - /* Helpers to generate function byte arguments in little endian order */ #define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)) #define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \ @@ -67,16 +51,13 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, const unsigned char *plaintext, unsigned char *results); -CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, unsigned char *lmbuffer /* 21 bytes */); -#ifdef USE_NTRESPONSES -CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data, - const char *password, +CURLcode Curl_ntlm_core_mk_nt_hash(const char *password, unsigned char *ntbuffer /* 21 bytes */); -#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI) +#if !defined(USE_WINDOWS_SSPI) CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen, const unsigned char *data, unsigned int datalen, @@ -98,9 +79,7 @@ CURLcode Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash, unsigned char *challenge_server, unsigned char *lmresp); -#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */ - -#endif /* USE_NTRESPONSES */ +#endif /* !USE_WINDOWS_SSPI */ #endif /* USE_CURL_NTLM_CORE */ diff --git a/libs/libcurl/src/curl_path.c b/libs/libcurl/src/curl_path.c index 65106188c7..a1669d12f7 100644 --- a/libs/libcurl/src/curl_path.c +++ b/libs/libcurl/src/curl_path.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,7 @@ CURLcode Curl_getworkingpath(struct Curl_easy *data, char *working_path; size_t working_path_len; CURLcode result = - Curl_urldecode(data, data->state.up.path, 0, &working_path, + Curl_urldecode(data->state.up.path, 0, &working_path, &working_path_len, REJECT_ZERO); if(result) return result; diff --git a/libs/libcurl/src/curl_sasl.c b/libs/libcurl/src/curl_sasl.c index 8d39e4f81b..48d6625ba4 100644 --- a/libs/libcurl/src/curl_sasl.c +++ b/libs/libcurl/src/curl_sasl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -48,7 +48,6 @@ #include "warnless.h" #include "strtok.h" #include "sendf.h" -#include "non-ascii.h" /* included for Curl_convert_... prototypes */ /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -283,8 +282,7 @@ static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data, } /* Encode the outgoing SASL message. */ -static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data, - struct bufref *msg) +static CURLcode build_message(struct SASL *sasl, struct bufref *msg) { CURLcode result = CURLE_OK; @@ -297,7 +295,7 @@ static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data, char *base64; size_t base64len; - result = Curl_base64_encode(data, (const char *) Curl_bufref_ptr(msg), + result = Curl_base64_encode((const char *) Curl_bufref_ptr(msg), Curl_bufref_len(msg), &base64, &base64len); if(!result) Curl_bufref_set(msg, base64, base64len, curl_free); @@ -312,10 +310,10 @@ static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data, * * Check if we have enough auth data and capabilities to authenticate. */ -bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn) +bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data) { /* Have credentials been provided? */ - if(conn->bits.user_passwd) + if(data->state.aptr.user) return TRUE; /* EXTERNAL can authenticate without a user name and/or password */ @@ -367,7 +365,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, if(force_ir || data->set.sasl_ir) result = Curl_auth_create_external_message(conn->user, &resp); } - else if(conn->bits.user_passwd) { + else if(data->state.aptr.user) { #if defined(USE_KERBEROS5) if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported() && Curl_auth_user_contains_domain(conn->user)) { @@ -494,7 +492,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, if(!result && mech) { sasl->curmech = mech; if(Curl_bufref_ptr(&resp)) - result = build_message(sasl, data, &resp); + result = build_message(sasl, &resp); if(sasl->params->maxirlen && strlen(mech) + Curl_bufref_len(&resp) > sasl->params->maxirlen) @@ -672,7 +670,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, #endif case SASL_OAUTH2: - /* Create the authorisation message */ + /* Create the authorization message */ if(sasl->authused == SASL_MECH_OAUTHBEARER) { result = Curl_auth_create_oauth_bearer_message(conn->user, hostname, @@ -729,7 +727,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, newstate = SASL_CANCEL; break; case CURLE_OK: - result = build_message(sasl, data, &resp); + result = build_message(sasl, &resp); if(!result) result = sasl->params->contauth(data, sasl->curmech, &resp); break; diff --git a/libs/libcurl/src/curl_sasl.h b/libs/libcurl/src/curl_sasl.h index 91458c74a0..d377ae7bc8 100644 --- a/libs/libcurl/src/curl_sasl.h +++ b/libs/libcurl/src/curl_sasl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -150,7 +150,7 @@ void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, const struct SASLproto *params); /* Check if we have enough auth data and capabilities to authenticate */ -bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn); +bool Curl_sasl_can_authenticate(struct SASL *sasl, struct Curl_easy *data); /* Calculate the required login details for SASL authentication */ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h index 61384cdff6..0babb032ca 100644 --- a/libs/libcurl/src/curl_setup.h +++ b/libs/libcurl/src/curl_setup.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -101,14 +101,6 @@ # include "config-os400.h" #endif -#ifdef TPF -# include "config-tpf.h" -#endif - -#ifdef __VXWORKS__ -# include "config-vxworks.h" -#endif - #ifdef __PLAN9__ # include "config-plan9.h" #endif @@ -274,22 +266,6 @@ # include <extra/strdup.h> #endif -#ifdef TPF -# include <strings.h> /* for bzero, strcasecmp, and strncasecmp */ -# include <string.h> /* for strcpy and strlen */ -# include <stdlib.h> /* for rand and srand */ -# include <sys/socket.h> /* for select and ioctl*/ -# include <netdb.h> /* for in_addr_t definition */ -# include <tpf/sysapi.h> /* for tpf_process_signals */ - /* change which select is used for libcurl */ -# define select(a,b,c,d,e) tpf_select_libcurl(a,b,c,d,e) -#endif - -#ifdef __VXWORKS__ -# include <sockLib.h> /* for generic BSD socket functions */ -# include <ioLib.h> /* for basic I/O interface functions */ -#endif - #ifdef __AMIGA__ # include <exec/types.h> # include <exec/execbase.h> @@ -619,14 +595,6 @@ # endif #endif -#ifdef NETWARE -int netware_init(void); -#ifndef __NOVELL_LIBC__ -#include <sys/bsdskt.h> -#include <sys/timeval.h> -#endif -#endif - #if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H) && !defined(USE_WIN32_IDN) /* The lib and header are present */ #define USE_LIBIDN2 @@ -641,7 +609,7 @@ int netware_init(void); #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \ defined(USE_MBEDTLS) || \ defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || \ - defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK) || \ + defined(USE_SECTRANSP) || defined(USE_GSKIT) || \ defined(USE_BEARSSL) || defined(USE_RUSTLS) #define USE_SSL /* SSL support has been enabled */ #endif @@ -804,6 +772,11 @@ endings either CRLF or LF so 't' is appropriate. #define CURLMAX(x,y) ((x)>(y)?(x):(y)) #define CURLMIN(x,y) ((x)<(y)?(x):(y)) +/* A convenience macro to provide both the string literal and the length of + the string literal in one go, useful for functions that take "string,len" + as their argument */ +#define STRCONST(x) x,sizeof(x)-1 + /* Some versions of the Android SDK is missing the declaration */ #if defined(HAVE_GETPWUID_R) && defined(HAVE_DECL_GETPWUID_R_MISSING) struct passwd; @@ -821,7 +794,7 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, #define USE_HTTP2 #endif -#if defined(USE_NGTCP2) || defined(USE_QUICHE) +#if defined(USE_NGTCP2) || defined(USE_QUICHE) || defined(USE_MSH3) #define ENABLE_QUIC #endif diff --git a/libs/libcurl/src/curl_sha256.h b/libs/libcurl/src/curl_sha256.h index 55dc30ad74..2b7890a039 100644 --- a/libs/libcurl/src/curl_sha256.h +++ b/libs/libcurl/src/curl_sha256.h @@ -8,7 +8,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,7 @@ extern const struct HMAC_params Curl_HMAC_SHA256[1]; /* SHA256_DIGEST_LENGTH is an enum value in wolfSSL. Need to import it from * sha.h*/ #include <wolfssl/options.h> -#include <openssl/sha.h> +#include <wolfssl/openssl/sha.h> #else #define SHA256_DIGEST_LENGTH 32 #endif diff --git a/libs/libcurl/src/dict.c b/libs/libcurl/src/dict.c index 5d53b8f1ff..e23e661912 100644 --- a/libs/libcurl/src/dict.c +++ b/libs/libcurl/src/dict.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -96,13 +96,13 @@ const struct Curl_handler Curl_handler_dict = { PROTOPT_NONE | PROTOPT_NOURLQUERY /* flags */ }; -static char *unescape_word(struct Curl_easy *data, const char *inputbuff) +static char *unescape_word(const char *inputbuff) { char *newp = NULL; char *dictp; size_t len; - CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, + CURLcode result = Curl_urldecode(inputbuff, 0, &newp, &len, REJECT_NADA); if(!newp || result) return NULL; @@ -190,10 +190,6 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) *done = TRUE; /* unconditionally */ - if(conn->bits.user_passwd) { - /* AUTH is missing */ - } - if(strncasecompare(path, DICT_MATCH, sizeof(DICT_MATCH)-1) || strncasecompare(path, DICT_MATCH2, sizeof(DICT_MATCH2)-1) || strncasecompare(path, DICT_MATCH3, sizeof(DICT_MATCH3)-1)) { @@ -226,7 +222,7 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) strategy = (char *)"."; } - eword = unescape_word(data, word); + eword = unescape_word(word); if(!eword) return CURLE_OUT_OF_MEMORY; @@ -274,7 +270,7 @@ static CURLcode dict_do(struct Curl_easy *data, bool *done) database = (char *)"!"; } - eword = unescape_word(data, word); + eword = unescape_word(word); if(!eword) return CURLE_OUT_OF_MEMORY; diff --git a/libs/libcurl/src/doh.c b/libs/libcurl/src/doh.c index d6a2167701..4aef8b266a 100644 --- a/libs/libcurl/src/doh.c +++ b/libs/libcurl/src/doh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -252,7 +252,7 @@ static CURLcode dohprobe(struct Curl_easy *data, ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen); ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); #endif #ifndef CURLDEBUG @@ -530,7 +530,7 @@ static DOHcode store_cname(const unsigned char *doh, if(length) { if(Curl_dyn_len(c)) { - if(Curl_dyn_add(c, ".")) + if(Curl_dyn_addn(c, STRCONST("."))) return DOH_OUT_OF_MEM; } if((index + length) > dohlen) @@ -911,7 +911,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, if(!dohp->probe[DOH_PROBE_SLOT_IPADDR_V4].easy && !dohp->probe[DOH_PROBE_SLOT_IPADDR_V6].easy) { failf(data, "Could not DoH-resolve: %s", data->state.async.hostname); - return data->conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY: + return CONN_IS_PROXIED(data->conn)?CURLE_COULDNT_RESOLVE_PROXY: CURLE_COULDNT_RESOLVE_HOST; } else if(!dohp->pending) { diff --git a/libs/libcurl/src/dotdot.c b/libs/libcurl/src/dotdot.c index 3a1435f8ec..73ef2fa729 100644 --- a/libs/libcurl/src/dotdot.c +++ b/libs/libcurl/src/dotdot.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,7 @@ /* * "Remove Dot Segments" - * https://tools.ietf.org/html/rfc3986#section-5.2.4 + * https://datatracker.ietf.org/doc/html/rfc3986#section-5.2.4 */ /* diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c index 20293a710b..bd9d695bb5 100644 --- a/libs/libcurl/src/easy.c +++ b/libs/libcurl/src/easy.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -68,7 +68,6 @@ #include "slist.h" #include "mime.h" #include "amigaos.h" -#include "non-ascii.h" #include "warnless.h" #include "multiif.h" #include "sigpipe.h" @@ -168,12 +167,6 @@ static CURLcode global_init(long flags, bool memoryfuncs) } #endif -#ifdef NETWARE - if(netware_init()) { - DEBUGF(fprintf(stderr, "Warning: LONG namespace not available\n")); - } -#endif - if(Curl_resolver_global_init()) { DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n")); goto fail; @@ -933,8 +926,6 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) } #endif /* USE_ARES */ - Curl_convert_setup(outcurl); - Curl_initinfo(outcurl); outcurl->magic = CURLEASY_MAGIC_NUMBER; @@ -1111,7 +1102,7 @@ static CURLcode easy_connection(struct Curl_easy *data, /* only allow these to be called on handles with CURLOPT_CONNECT_ONLY */ if(!data->set.connect_only) { - failf(data, "CONNECT_ONLY is required!"); + failf(data, "CONNECT_ONLY is required"); return CURLE_UNSUPPORTED_PROTOCOL; } @@ -1148,7 +1139,7 @@ CURLcode curl_easy_recv(struct Curl_easy *data, void *buffer, size_t buflen, if(!data->conn) /* on first invoke, the transfer has been detached from the connection and needs to be reattached */ - Curl_attach_connnection(data, c); + Curl_attach_connection(data, c); *n = 0; result = Curl_read(data, sfd, buffer, buflen, &n1); @@ -1184,7 +1175,7 @@ CURLcode curl_easy_send(struct Curl_easy *data, const void *buffer, if(!data->conn) /* on first invoke, the transfer has been detached from the connection and needs to be reattached */ - Curl_attach_connnection(data, c); + Curl_attach_connection(data, c); *n = 0; sigpipe_ignore(data, &pipe_st); @@ -1218,12 +1209,12 @@ static int conn_upkeep(struct Curl_easy *data, if(conn->handler->connection_check) { /* briefly attach the connection to this transfer for the purpose of checking it */ - Curl_attach_connnection(data, conn); + Curl_attach_connection(data, conn); /* Do a protocol-specific keepalive check on the connection. */ conn->handler->connection_check(data, conn, CONNCHECK_KEEPALIVE); /* detach the connection again */ - Curl_detach_connnection(data); + Curl_detach_connection(data); } return 0; /* continue iteration */ diff --git a/libs/libcurl/src/escape.c b/libs/libcurl/src/escape.c index 683b6fc4a6..ff5887508e 100644 --- a/libs/libcurl/src/escape.c +++ b/libs/libcurl/src/escape.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -29,7 +29,6 @@ #include "urldata.h" #include "warnless.h" -#include "non-ascii.h" #include "escape.h" #include "strdup.h" /* The last 3 #include files should be in this order */ @@ -39,7 +38,7 @@ /* Portable character check (remember EBCDIC). Do not use isalnum() because its behavior is altered by the current locale. - See https://tools.ietf.org/html/rfc3986#section-2.3 + See https://datatracker.ietf.org/doc/html/rfc3986#section-2.3 */ bool Curl_isunreserved(unsigned char in) { @@ -80,8 +79,8 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, int inlength) { size_t length; - CURLcode result; struct dynbuf d; + (void)data; if(inlength < 0) return NULL; @@ -102,16 +101,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, } else { /* encode it */ - char encoded[4]; - result = Curl_convert_to_network(data, (char *)&in, 1); - if(result) { - /* Curl_convert_to_network calls failf if unsuccessful */ - Curl_dyn_free(&d); - return NULL; - } - - msnprintf(encoded, sizeof(encoded), "%%%02X", in); - if(Curl_dyn_add(&d, encoded)) + if(Curl_dyn_addf(&d, "%%%02X", in)) return NULL; } string++; @@ -126,8 +116,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, * Returns a pointer to a malloced string in *ostring with length given in * *olen. If length == 0, the length is assumed to be strlen(string). * - * 'data' can be set to NULL but then this function can't convert network - * data to host for non-ascii. + * 'data' can be set to NULL * * ctrl options: * - REJECT_NADA: accept everything @@ -139,8 +128,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string, * invokes that used TRUE/FALSE (0 and 1). */ -CURLcode Curl_urldecode(struct Curl_easy *data, - const char *string, size_t length, +CURLcode Curl_urldecode(const char *string, size_t length, char **ostring, size_t *olen, enum urlreject ctrl) { @@ -148,7 +136,6 @@ CURLcode Curl_urldecode(struct Curl_easy *data, char *ns; size_t strindex = 0; unsigned long hex; - CURLcode result = CURLE_OK; DEBUGASSERT(string); DEBUGASSERT(ctrl >= REJECT_NADA); /* crash on TRUE/FALSE */ @@ -174,15 +161,6 @@ CURLcode Curl_urldecode(struct Curl_easy *data, in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */ - if(data) { - result = Curl_convert_from_network(data, (char *)&in, 1); - if(result) { - /* Curl_convert_from_network calls failf if unsuccessful */ - free(ns); - return result; - } - } - string += 2; alloc -= 2; } @@ -218,10 +196,11 @@ char *curl_easy_unescape(struct Curl_easy *data, const char *string, int length, int *olen) { char *str = NULL; + (void)data; if(length >= 0) { size_t inputlen = length; size_t outputlen; - CURLcode res = Curl_urldecode(data, string, inputlen, &str, &outputlen, + CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen, REJECT_NADA); if(res) return NULL; diff --git a/libs/libcurl/src/escape.h b/libs/libcurl/src/escape.h index 46cb59039a..02668835cc 100644 --- a/libs/libcurl/src/escape.h +++ b/libs/libcurl/src/escape.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,8 +32,7 @@ enum urlreject { REJECT_ZERO }; -CURLcode Curl_urldecode(struct Curl_easy *data, - const char *string, size_t length, +CURLcode Curl_urldecode(const char *string, size_t length, char **ostring, size_t *olen, enum urlreject ctrl); diff --git a/libs/libcurl/src/file.c b/libs/libcurl/src/file.c index 0420db3454..3da79a2c1b 100644 --- a/libs/libcurl/src/file.c +++ b/libs/libcurl/src/file.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -147,7 +147,7 @@ static CURLcode file_connect(struct Curl_easy *data, bool *done) #endif size_t real_path_len; - CURLcode result = Curl_urldecode(data, data->state.up.path, 0, &real_path, + CURLcode result = Curl_urldecode(data->state.up.path, 0, &real_path, &real_path_len, REJECT_ZERO); if(result) return result; diff --git a/libs/libcurl/src/firefox-db2pem.sh b/libs/libcurl/src/firefox-db2pem.sh deleted file mode 100644 index 629a2e8d64..0000000000 --- a/libs/libcurl/src/firefox-db2pem.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# *************************************************************************** -# * _ _ ____ _ -# * Project ___| | | | _ \| | -# * / __| | | | |_) | | -# * | (__| |_| | _ <| |___ -# * \___|\___/|_| \_\_____| -# * -# * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. -# * -# * This software is licensed as described in the file COPYING, which -# * you should have received as part of this distribution. The terms -# * are also available at https://curl.se/docs/copyright.html. -# * -# * You may opt to use, copy, modify, merge, publish, distribute and/or sell -# * copies of the Software, and permit persons to whom the Software is -# * furnished to do so, under the terms of the COPYING file. -# * -# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# * KIND, either express or implied. -# * -# *************************************************************************** -# This shell script creates a fresh ca-bundle.crt file for use with libcurl. -# It extracts all ca certs it finds in the local Firefox database and converts -# them all into PEM format. -# -db=`ls -1d $HOME/.mozilla/firefox/*default*` -out=$1 - -if test -z "$out"; then - out="ca-bundle.crt" # use a sensible default -fi - -currentdate=`date` - -cat >$out <<EOF -## -## Bundle of CA Root Certificates -## -## Converted at: ${currentdate} -## These were converted from the local Firefox directory by the db2pem script. -## -EOF - - -certutil -L -h 'Builtin Object Token' -d $db | \ -grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \ -sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' -e 's/\(.*\)/"\1"/' | \ -sort | \ -while read nickname; \ - do echo $nickname | sed -e "s/Builtin Object Token://g"; \ -eval certutil -d $db -L -n "$nickname" -a ; \ -done >> $out diff --git a/libs/libcurl/src/formdata.c b/libs/libcurl/src/formdata.c index ac7a0009cd..5fefd7a6ef 100644 --- a/libs/libcurl/src/formdata.c +++ b/libs/libcurl/src/formdata.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -33,7 +33,6 @@ #include "urldata.h" /* for struct Curl_easy */ #include "mime.h" -#include "non-ascii.h" #include "vtls/vtls.h" #include "strcase.h" #include "sendf.h" @@ -77,10 +76,15 @@ AddHttpPost(char *name, size_t namelength, struct curl_httppost **last_post) { struct curl_httppost *post; + if(!namelength && name) + namelength = strlen(name); + if((bufferlength > LONG_MAX) || (namelength > LONG_MAX)) + /* avoid overflow in typecasts below */ + return NULL; post = calloc(1, sizeof(struct curl_httppost)); if(post) { post->name = name; - post->namelength = (long)(name?(namelength?namelength:strlen(name)):0); + post->namelength = (long)namelength; post->contents = value; post->contentlen = contentslength; post->buffer = buffer; @@ -269,14 +273,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, * Set the Name property. */ case CURLFORM_PTRNAME: -#ifdef CURL_DOES_CONVERSIONS - /* Treat CURLFORM_PTR like CURLFORM_COPYNAME so that libcurl will copy - * the data in all cases so that we'll have safe memory for the eventual - * conversion. - */ -#else current_form->flags |= HTTPPOST_PTRNAME; /* fall through */ -#endif + /* FALLTHROUGH */ case CURLFORM_COPYNAME: if(current_form->name) @@ -901,11 +899,6 @@ CURLcode Curl_getformdata(struct Curl_easy *data, else uclen = (size_t)clen; result = curl_mime_data(part, post->contents, uclen); -#ifdef CURL_DOES_CONVERSIONS - /* Convert textual contents now. */ - if(!result && data && part->datasize) - result = Curl_convert_to_network(data, part->data, part->datasize); -#endif } } diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c index f6921e4262..128cdc2f2d 100644 --- a/libs/libcurl/src/ftp.c +++ b/libs/libcurl/src/ftp.c @@ -76,7 +76,6 @@ #include "speedcheck.h" #include "warnless.h" #include "http_proxy.h" -#include "non-ascii.h" #include "socks.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -592,7 +591,7 @@ static CURLcode ftp_readresp(struct Curl_easy *data, * This response code can come at any point so having it treated * generically is a good idea. */ - infof(data, "We got a 421 - timeout!"); + infof(data, "We got a 421 - timeout"); state(data, FTP_STOP); return CURLE_OPERATION_TIMEDOUT; } @@ -1030,8 +1029,11 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, if(*addr != '\0') { /* attempt to get the address of the given interface name */ switch(Curl_if2ip(conn->ip_addr->ai_family, +#ifdef ENABLE_IPV6 Curl_ipv6_scope(conn->ip_addr->ai_addr), - conn->scope_id, addr, hbuf, sizeof(hbuf))) { + conn->scope_id, +#endif + addr, hbuf, sizeof(hbuf))) { case IF2IP_NOT_FOUND: /* not an interface, use the given string as host name instead */ host = addr; @@ -1163,7 +1165,7 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, /* maybe all ports were in use already*/ if(port > port_max) { - failf(data, "bind() failed, we ran out of ports!"); + failf(data, "bind() failed, we ran out of ports"); Curl_closesocket(data, conn, portsock); return CURLE_FTP_PORT_FAILED; } @@ -1460,7 +1462,7 @@ static CURLcode ftp_state_list(struct Curl_easy *data) /* url-decode before evaluation: e.g. paths starting/ending with %2f */ const char *slashPos = NULL; char *rawPath = NULL; - result = Curl_urldecode(data, ftp->path, 0, &rawPath, NULL, REJECT_CTRL); + result = Curl_urldecode(ftp->path, 0, &rawPath, NULL, REJECT_CTRL); if(result) return result; @@ -2700,7 +2702,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]); if(Curl_sec_login(data, conn)) - infof(data, "Logging in with password in cleartext!"); + infof(data, "Logging in with password in cleartext"); else infof(data, "Authentication successful"); } @@ -3247,7 +3249,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, if(!result) /* get the url-decoded "raw" path */ - result = Curl_urldecode(data, ftp->path, 0, &rawPath, &pathLen, + result = Curl_urldecode(ftp->path, 0, &rawPath, &pathLen, REJECT_CTRL); if(result) { /* We can limp along anyway (and should try to since we may already be in @@ -3379,7 +3381,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, (ftp->transfer == PPTRANSFER_BODY)) { failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T " out of %" CURL_FORMAT_CURL_OFF_T " bytes)", - data->req.bytecount, data->state.infilesize); + data->req.writebytecount, data->state.infilesize); result = CURLE_PARTIAL_FILE; } } @@ -3402,7 +3404,7 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, else if(!ftpc->dont_check && !data->req.bytecount && (data->req.size>0)) { - failf(data, "No data was received!"); + failf(data, "No data was received"); result = CURLE_FTP_COULDNT_RETR_FILE; } } @@ -4131,9 +4133,11 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) ftpc->cwdfail = FALSE; /* url-decode ftp path before further evaluation */ - result = Curl_urldecode(data, ftp->path, 0, &rawPath, &pathLen, REJECT_CTRL); - if(result) + result = Curl_urldecode(ftp->path, 0, &rawPath, &pathLen, REJECT_CTRL); + if(result) { + failf(data, "path contains control characters"); return result; + } switch(data->set.ftp_filemethod) { case FTPFILE_NOCWD: /* fastest, but less standard-compliant */ @@ -4231,7 +4235,7 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) if(data->set.upload && !ftpc->file && (ftp->transfer == PPTRANSFER_BODY)) { /* We need a file name when uploading. Return error! */ - failf(data, "Uploading to a URL without a file name!"); + failf(data, "Uploading to a URL without a file name"); free(rawPath); return CURLE_URL_MALFORMAT; } diff --git a/libs/libcurl/src/gopher.c b/libs/libcurl/src/gopher.c index f61232ff56..0a3ba8fb56 100644 --- a/libs/libcurl/src/gopher.c +++ b/libs/libcurl/src/gopher.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -165,7 +165,7 @@ static CURLcode gopher_do(struct Curl_easy *data, bool *done) newp += 2; /* ... and finally unescape */ - result = Curl_urldecode(data, newp, 0, &sel, &len, REJECT_ZERO); + result = Curl_urldecode(newp, 0, &sel, &len, REJECT_ZERO); free(gopherpath); if(result) return result; diff --git a/libs/libcurl/src/h2h3.c b/libs/libcurl/src/h2h3.c new file mode 100644 index 0000000000..c0ed58d37a --- /dev/null +++ b/libs/libcurl/src/h2h3.c @@ -0,0 +1,310 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" +#include "urldata.h" +#include "h2h3.h" +#include "transfer.h" +#include "sendf.h" +#include "strcase.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +/* + * Curl_pseudo_headers() creates the array with pseudo headers to be + * used in a HTTP/2 or HTTP/3 request. + */ + +#if defined(USE_NGHTTP2) || defined(ENABLE_QUIC) + +/* Index where :authority header field will appear in request header + field list. */ +#define AUTHORITY_DST_IDX 3 + +/* USHRT_MAX is 65535 == 0xffff */ +#define HEADER_OVERFLOW(x) \ + (x.namelen > 0xffff || x.valuelen > 0xffff - x.namelen) + +/* + * Check header memory for the token "trailers". + * Parse the tokens as separated by comma and surrounded by whitespace. + * Returns TRUE if found or FALSE if not. + */ +static bool contains_trailers(const char *p, size_t len) +{ + const char *end = p + len; + for(;;) { + for(; p != end && (*p == ' ' || *p == '\t'); ++p) + ; + if(p == end || (size_t)(end - p) < sizeof("trailers") - 1) + return FALSE; + if(strncasecompare("trailers", p, sizeof("trailers") - 1)) { + p += sizeof("trailers") - 1; + for(; p != end && (*p == ' ' || *p == '\t'); ++p) + ; + if(p == end || *p == ',') + return TRUE; + } + /* skip to next token */ + for(; p != end && *p != ','; ++p) + ; + if(p == end) + return FALSE; + ++p; + } +} + +typedef enum { + /* Send header to server */ + HEADERINST_FORWARD, + /* Don't send header to server */ + HEADERINST_IGNORE, + /* Discard header, and replace it with "te: trailers" */ + HEADERINST_TE_TRAILERS +} header_instruction; + +/* Decides how to treat given header field. */ +static header_instruction inspect_header(const char *name, size_t namelen, + const char *value, size_t valuelen) { + switch(namelen) { + case 2: + if(!strncasecompare("te", name, namelen)) + return HEADERINST_FORWARD; + + return contains_trailers(value, valuelen) ? + HEADERINST_TE_TRAILERS : HEADERINST_IGNORE; + case 7: + return strncasecompare("upgrade", name, namelen) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + case 10: + return (strncasecompare("connection", name, namelen) || + strncasecompare("keep-alive", name, namelen)) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + case 16: + return strncasecompare("proxy-connection", name, namelen) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + case 17: + return strncasecompare("transfer-encoding", name, namelen) ? + HEADERINST_IGNORE : HEADERINST_FORWARD; + default: + return HEADERINST_FORWARD; + } +} + +CURLcode Curl_pseudo_headers(struct Curl_easy *data, + const char *mem, /* the request */ + const size_t len /* size of request */, + struct h2h3req **hp) +{ + struct connectdata *conn = data->conn; + size_t nheader = 0; + size_t i; + size_t authority_idx; + char *hdbuf = (char *)mem; + char *end, *line_end; + struct h2h3pseudo *nva = NULL; + struct h2h3req *hreq = NULL; + char *vptr; + + /* Calculate number of headers contained in [mem, mem + len). Assumes a + correctly generated HTTP header field block. */ + for(i = 1; i < len; ++i) { + if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { + ++nheader; + ++i; + } + } + if(nheader < 2) { + goto fail; + } + /* We counted additional 2 \r\n in the first and last line. We need 3 + new headers: :method, :path and :scheme. Therefore we need one + more space. */ + nheader += 1; + hreq = malloc(sizeof(struct h2h3req) + + sizeof(struct h2h3pseudo) * (nheader - 1)); + if(!hreq) { + goto fail; + } + + nva = &hreq->header[0]; + + /* Extract :method, :path from request line + We do line endings with CRLF so checking for CR is enough */ + line_end = memchr(hdbuf, '\r', len); + if(!line_end) { + goto fail; + } + + /* Method does not contain spaces */ + end = memchr(hdbuf, ' ', line_end - hdbuf); + if(!end || end == hdbuf) + goto fail; + nva[0].name = H2H3_PSEUDO_METHOD; + nva[0].namelen = sizeof(H2H3_PSEUDO_METHOD) - 1; + nva[0].value = hdbuf; + nva[0].valuelen = (size_t)(end - hdbuf); + + hdbuf = end + 1; + + /* Path may contain spaces so scan backwards */ + end = NULL; + for(i = (size_t)(line_end - hdbuf); i; --i) { + if(hdbuf[i - 1] == ' ') { + end = &hdbuf[i - 1]; + break; + } + } + if(!end || end == hdbuf) + goto fail; + nva[1].name = H2H3_PSEUDO_PATH; + nva[1].namelen = sizeof(H2H3_PSEUDO_PATH) - 1; + nva[1].value = hdbuf; + nva[1].valuelen = (end - hdbuf); + + nva[2].name = H2H3_PSEUDO_SCHEME; + nva[2].namelen = sizeof(H2H3_PSEUDO_SCHEME) - 1; + vptr = Curl_checkheaders(data, STRCONST(H2H3_PSEUDO_SCHEME)); + if(vptr) { + vptr += sizeof(H2H3_PSEUDO_SCHEME); + while(*vptr && ISSPACE(*vptr)) + vptr++; + nva[2].value = vptr; + infof(data, "set pseudo header %s to %s", H2H3_PSEUDO_SCHEME, vptr); + } + else { + if(conn->handler->flags & PROTOPT_SSL) + nva[2].value = "https"; + else + nva[2].value = "http"; + } + nva[2].valuelen = strlen((char *)nva[2].value); + + authority_idx = 0; + i = 3; + while(i < nheader) { + size_t hlen; + + hdbuf = line_end + 2; + + /* check for next CR, but only within the piece of data left in the given + buffer */ + line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); + if(!line_end || (line_end == hdbuf)) + goto fail; + + /* header continuation lines are not supported */ + if(*hdbuf == ' ' || *hdbuf == '\t') + goto fail; + + for(end = hdbuf; end < line_end && *end != ':'; ++end) + ; + if(end == hdbuf || end == line_end) + goto fail; + hlen = end - hdbuf; + + if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { + authority_idx = i; + nva[i].name = H2H3_PSEUDO_AUTHORITY; + nva[i].namelen = sizeof(H2H3_PSEUDO_AUTHORITY) - 1; + } + else { + nva[i].namelen = (size_t)(end - hdbuf); + /* Lower case the header name for HTTP/3 */ + Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); + nva[i].name = hdbuf; + } + hdbuf = end + 1; + while(*hdbuf == ' ' || *hdbuf == '\t') + ++hdbuf; + end = line_end; + + switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, + end - hdbuf)) { + case HEADERINST_IGNORE: + /* skip header fields prohibited by HTTP/2 specification. */ + --nheader; + continue; + case HEADERINST_TE_TRAILERS: + nva[i].value = "trailers"; + nva[i].valuelen = sizeof("trailers") - 1; + break; + default: + nva[i].value = hdbuf; + nva[i].valuelen = (end - hdbuf); + } + + nva[i].value = hdbuf; + nva[i].valuelen = (end - hdbuf); + + ++i; + } + + /* :authority must come before non-pseudo header fields */ + if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { + struct h2h3pseudo authority = nva[authority_idx]; + for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { + nva[i] = nva[i - 1]; + } + nva[i] = authority; + } + + /* Warn stream may be rejected if cumulative length of headers is too + large. */ +#define MAX_ACC 60000 /* <64KB to account for some overhead */ + { + size_t acc = 0; + + for(i = 0; i < nheader; ++i) { + acc += nva[i].namelen + nva[i].valuelen; + + infof(data, "h2h3 [%.*s: %.*s]", + (int)nva[i].namelen, nva[i].name, + (int)nva[i].valuelen, nva[i].value); + } + + if(acc > MAX_ACC) { + infof(data, "http_request: Warning: The cumulative length of all " + "headers exceeds %d bytes and that could cause the " + "stream to be rejected.", MAX_ACC); + } + } + + hreq->entries = nheader; + *hp = hreq; + + return CURLE_OK; + + fail: + free(hreq); + return CURLE_OUT_OF_MEMORY; +} + +void Curl_pseudo_free(struct h2h3req *hp) +{ + free(hp); +} + +#endif /* USE_NGHTTP2 or HTTP/3 enabled */ diff --git a/libs/libcurl/src/h2h3.h b/libs/libcurl/src/h2h3.h new file mode 100644 index 0000000000..22256841c6 --- /dev/null +++ b/libs/libcurl/src/h2h3.h @@ -0,0 +1,59 @@ +#ifndef HEADER_CURL_H2H3_H +#define HEADER_CURL_H2H3_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#define H2H3_PSEUDO_METHOD ":method" +#define H2H3_PSEUDO_SCHEME ":scheme" +#define H2H3_PSEUDO_AUTHORITY ":authority" +#define H2H3_PSEUDO_PATH ":path" +#define H2H3_PSEUDO_STATUS ":status" + +struct h2h3pseudo { + const char *name; + size_t namelen; + const char *value; + size_t valuelen; +}; + +struct h2h3req { + size_t entries; + struct h2h3pseudo header[1]; /* the array is allocated to contain entries */ +}; + +/* + * Curl_pseudo_headers() creates the array with pseudo headers to be + * used in a HTTP/2 or HTTP/3 request. Returns an allocated struct. + * Free it with Curl_pseudo_free(). + */ +CURLcode Curl_pseudo_headers(struct Curl_easy *data, + const char *request, + const size_t len, + struct h2h3req **hp); + +/* + * Curl_pseudo_free() frees a h2h3req struct. + */ +void Curl_pseudo_free(struct h2h3req *hp); + +#endif /* HEADER_CURL_H2H3_H */ diff --git a/libs/libcurl/src/headers.c b/libs/libcurl/src/headers.c new file mode 100644 index 0000000000..226c696be6 --- /dev/null +++ b/libs/libcurl/src/headers.c @@ -0,0 +1,324 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#include "urldata.h" +#include "strdup.h" +#include "strcase.h" +#include "headers.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +#if !defined(CURL_DISABLE_HTTP) && defined(USE_HEADERS_API) + +/* Generate the curl_header struct for the user. This function MUST assign all + struct fields in the output struct. */ +static void copy_header_external(struct Curl_easy *data, + struct Curl_header_store *hs, + size_t index, + size_t amount, + struct Curl_llist_element *e, + struct curl_header **hout) +{ + struct curl_header *h = *hout = &data->state.headerout; + h->name = hs->name; + h->value = hs->value; + h->amount = amount; + h->index = index; + /* this will randomly OR a reserved bit for the sole purpose of making it + impossible for applications to do == comparisons, as that would otherwise + be very tempting and then lead to the reserved bits not being reserved + anymore. */ + h->origin = hs->type | (1<<27); + h->anchor = e; +} + +/* public API */ +CURLHcode curl_easy_header(CURL *easy, + const char *name, + size_t nameindex, + unsigned int type, + int request, + struct curl_header **hout) +{ + struct Curl_llist_element *e; + struct Curl_llist_element *e_pick = NULL; + struct Curl_easy *data = easy; + size_t match = 0; + size_t amount = 0; + struct Curl_header_store *hs = NULL; + struct Curl_header_store *pick = NULL; + if(!name || !hout || !data || + (type > (CURLH_HEADER|CURLH_TRAILER|CURLH_CONNECT|CURLH_1XX)) || + !type || (request < -1)) + return CURLHE_BAD_ARGUMENT; + if(!Curl_llist_count(&data->state.httphdrs)) + return CURLHE_NOHEADERS; /* no headers available */ + if(request > data->state.requests) + return CURLHE_NOREQUEST; + if(request == -1) + request = data->state.requests; + + /* we need a first round to count amount of this header */ + for(e = data->state.httphdrs.head; e; e = e->next) { + hs = e->ptr; + if(strcasecompare(hs->name, name) && + (hs->type & type) && + (hs->request == request)) { + amount++; + pick = hs; + e_pick = e; + } + } + if(!amount) + return CURLHE_MISSING; + else if(nameindex >= amount) + return CURLHE_BADINDEX; + + if(nameindex == amount - 1) + /* if the last or only occurrence is what's asked for, then we know it */ + hs = pick; + else { + for(e = data->state.httphdrs.head; e; e = e->next) { + hs = e->ptr; + if(strcasecompare(hs->name, name) && + (hs->type & type) && + (hs->request == request) && + (match++ == nameindex)) { + e_pick = e; + break; + } + } + if(!e) /* this shouldn't happen */ + return CURLHE_MISSING; + } + /* this is the name we want */ + copy_header_external(data, hs, nameindex, amount, e_pick, hout); + return CURLHE_OK; +} + +/* public API */ +struct curl_header *curl_easy_nextheader(CURL *easy, + unsigned int type, + int request, + struct curl_header *prev) +{ + struct Curl_easy *data = easy; + struct Curl_llist_element *pick; + struct Curl_llist_element *e; + struct Curl_header_store *hs; + struct curl_header *hout; + size_t amount = 0; + size_t index = 0; + + if(request > data->state.requests) + return NULL; + if(request == -1) + request = data->state.requests; + + if(prev) { + pick = prev->anchor; + if(!pick) + /* something is wrong */ + return NULL; + pick = pick->next; + } + else + pick = data->state.httphdrs.head; + + if(pick) { + /* make sure it is the next header of the desired type */ + do { + hs = pick->ptr; + if((hs->type & type) && (hs->request == request)) + break; + pick = pick->next; + } while(pick); + } + + if(!pick) + /* no more headers available */ + return NULL; + + hs = pick->ptr; + + /* count number of occurrences of this name within the mask and figure out + the index for the currently selected entry */ + for(e = data->state.httphdrs.head; e; e = e->next) { + struct Curl_header_store *check = e->ptr; + if(strcasecompare(hs->name, check->name) && + (check->request == request) && + (check->type & type)) + amount++; + if(e == pick) + index = amount - 1; + } + + copy_header_external(data, hs, index, amount, pick, &hout); + return hout; +} + +static CURLcode namevalue(char *header, size_t hlen, unsigned int type, + char **name, char **value) +{ + char *end = header + hlen - 1; /* point to the last byte */ + DEBUGASSERT(hlen); + *name = header; + + if(type == CURLH_PSEUDO) { + if(*header != ':') + return CURLE_BAD_FUNCTION_ARGUMENT; + header++; + } + + /* Find the end of the header name */ + while(*header && (*header != ':')) + ++header; + + if(*header) + /* Skip over colon, null it */ + *header++ = 0; + else + return CURLE_BAD_FUNCTION_ARGUMENT; + + /* skip all leading space letters */ + while(*header && ISSPACE(*header)) + header++; + + *value = header; + + /* skip all trailing space letters */ + while((end > header) && ISSPACE(*end)) + *end-- = 0; /* nul terminate */ + return CURLE_OK; +} + +/* + * Curl_headers_push() gets passed a full HTTP header to store. It gets called + * immediately before the header callback. The header is CRLF terminated. + */ +CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, + unsigned char type) +{ + char *value = NULL; + char *name = NULL; + char *end; + size_t hlen; /* length of the incoming header */ + struct Curl_header_store *hs; + CURLcode result = CURLE_OUT_OF_MEMORY; + + if((header[0] == '\r') || (header[0] == '\n')) + /* ignore the body separator */ + return CURLE_OK; + + end = strchr(header, '\r'); + if(!end) { + end = strchr(header, '\n'); + if(!end) + return CURLE_BAD_FUNCTION_ARGUMENT; + } + hlen = end - header + 1; + + hs = calloc(1, sizeof(*hs) + hlen); + if(!hs) + return CURLE_OUT_OF_MEMORY; + memcpy(hs->buffer, header, hlen); + hs->buffer[hlen] = 0; /* nul terminate */ + + result = namevalue(hs->buffer, hlen, type, &name, &value); + if(result) + goto fail; + + hs->name = name; + hs->value = value; + hs->type = type; + hs->request = data->state.requests; + + /* insert this node into the list of headers */ + Curl_llist_insert_next(&data->state.httphdrs, data->state.httphdrs.tail, + hs, &hs->node); + + return CURLE_OK; + fail: + free(hs); + return result; +} + +/* + * Curl_headers_init(). Init the headers subsystem. + */ +static void headers_init(struct Curl_easy *data) +{ + Curl_llist_init(&data->state.httphdrs, NULL); +} + +/* + * Curl_headers_cleanup(). Free all stored headers and associated memory. + */ +CURLcode Curl_headers_cleanup(struct Curl_easy *data) +{ + struct Curl_llist_element *e; + struct Curl_llist_element *n; + + for(e = data->state.httphdrs.head; e; e = n) { + struct Curl_header_store *hs = e->ptr; + n = e->next; + free(hs); + } + headers_init(data); + return CURLE_OK; +} + +#else /* HTTP-disabled builds below */ + +CURLHcode curl_easy_header(CURL *easy, + const char *name, + size_t index, + unsigned int origin, + int request, + struct curl_header **hout) +{ + (void)easy; + (void)name; + (void)index; + (void)origin; + (void)request; + (void)hout; + return CURLHE_NOT_BUILT_IN; +} + +struct curl_header *curl_easy_nextheader(CURL *easy, + unsigned int type, + int request, + struct curl_header *prev) +{ + (void)easy; + (void)type; + (void)request; + (void)prev; + return NULL; +} +#endif diff --git a/libs/libcurl/src/headers.h b/libs/libcurl/src/headers.h new file mode 100644 index 0000000000..48c013b04d --- /dev/null +++ b/libs/libcurl/src/headers.h @@ -0,0 +1,53 @@ +#ifndef HEADER_CURL_HEADER_H +#define HEADER_CURL_HEADER_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#if !defined(CURL_DISABLE_HTTP) && defined(USE_HEADERS_API) + +struct Curl_header_store { + struct Curl_llist_element node; + char *name; /* points into 'buffer' */ + char *value; /* points into 'buffer */ + int request; /* 0 is the first request, then 1.. 2.. */ + unsigned char type; /* CURLH_* defines */ + char buffer[1]; /* this is the raw header blob */ +}; + +/* + * Curl_headers_push() gets passed a full header to store. + */ +CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, + unsigned char type); + +/* + * Curl_headers_cleanup(). Free all stored headers and associated memory. + */ +CURLcode Curl_headers_cleanup(struct Curl_easy *data); + +#else +#define Curl_headers_push(x,y,z) CURLE_OK +#define Curl_headers_cleanup(x) Curl_nop_stmt +#endif + +#endif /* HEADER_CURL_HEADER_H */ diff --git a/libs/libcurl/src/hmac.c b/libs/libcurl/src/hmac.c index 590abe6d2e..85b175d45f 100644 --- a/libs/libcurl/src/hmac.c +++ b/libs/libcurl/src/hmac.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -39,8 +39,8 @@ * Generic HMAC algorithm. * * This module computes HMAC digests based on any hash function. Parameters - * and computing procedures are set-up dynamically at HMAC computation - * context initialisation. + * and computing procedures are set-up dynamically at HMAC computation context + * initialization. */ static const unsigned char hmac_ipad = 0x36; diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c index 911d5ed6d3..7000b85501 100644 --- a/libs/libcurl/src/hostip.c +++ b/libs/libcurl/src/hostip.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -945,7 +945,7 @@ clean_up: less than 1! */ alarm(1); rc = CURLRESOLV_TIMEDOUT; - failf(data, "Previous alarm fired off!"); + failf(data, "Previous alarm fired off"); } else alarm((unsigned int)alarm_set); @@ -1131,7 +1131,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) ai = Curl_str2addr(address, port); if(!ai) { - infof(data, "Resolve address '%s' found illegal!", address); + infof(data, "Resolve address '%s' found illegal", address); goto err; } @@ -1150,7 +1150,7 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) error = false; err: if(error) { - failf(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'!", + failf(data, "Couldn't parse CURLOPT_RESOLVE entry '%s'", hostp->data); Curl_freeaddrinfo(head); return CURLE_SETOPT_OPTION_SYNTAX; @@ -1167,8 +1167,8 @@ CURLcode Curl_loadhostpairs(struct Curl_easy *data) dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len + 1); if(dns) { - infof(data, "RESOLVE %s:%d is - old addresses discarded!", - hostname, port); + infof(data, "RESOLVE %s:%d is - old addresses discarded", + hostname, port); /* delete old entry, there are two reasons for this 1. old entry may have different addresses. 2. even if entry with correct addresses is already in the cache, @@ -1220,6 +1220,7 @@ CURLcode Curl_resolv_check(struct Curl_easy *data, struct Curl_dns_entry **dns) { #if defined(CURL_DISABLE_DOH) && !defined(CURLRES_ASYNCH) + (void)data; (void)dns; #endif #ifndef CURL_DISABLE_DOH @@ -1267,7 +1268,7 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done) result = Curl_setup_conn(data, protocol_done); if(result) { - Curl_detach_connnection(data); + Curl_detach_connection(data); Curl_conncache_remove_conn(data, conn, TRUE); Curl_disconnect(data, conn, TRUE); } diff --git a/libs/libcurl/src/hsts.c b/libs/libcurl/src/hsts.c index 052dc11571..b9fa6f7af5 100644 --- a/libs/libcurl/src/hsts.c +++ b/libs/libcurl/src/hsts.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -21,7 +21,7 @@ ***************************************************************************/ /* * The Strict-Transport-Security header is defined in RFC 6797: - * https://tools.ietf.org/html/rfc6797 + * https://datatracker.ietf.org/doc/html/rfc6797 */ #include "curl_setup.h" @@ -114,16 +114,25 @@ static CURLcode hsts_create(struct hsts *h, curl_off_t expires) { struct stsentry *sts = hsts_entry(); + char *duphost; + size_t hlen; if(!sts) return CURLE_OUT_OF_MEMORY; - sts->expires = expires; - sts->includeSubDomains = subdomains; - sts->host = strdup(hostname); - if(!sts->host) { + duphost = strdup(hostname); + if(!duphost) { free(sts); return CURLE_OUT_OF_MEMORY; } + + hlen = strlen(duphost); + if(duphost[hlen - 1] == '.') + /* strip off trailing any dot */ + duphost[--hlen] = 0; + + sts->host = duphost; + sts->expires = expires; + sts->includeSubDomains = subdomains; Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node); return CURLE_OK; } @@ -238,10 +247,21 @@ struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, bool subdomain) { if(h) { + char buffer[MAX_HSTS_HOSTLEN + 1]; time_t now = time(NULL); size_t hlen = strlen(hostname); struct Curl_llist_element *e; struct Curl_llist_element *n; + + if((hlen > MAX_HSTS_HOSTLEN) || !hlen) + return NULL; + memcpy(buffer, hostname, hlen); + if(hostname[hlen-1] == '.') + /* remove the trailing dot */ + --hlen; + buffer[hlen] = 0; + hostname = buffer; + for(e = h->list.head; e; e = n) { struct stsentry *sts = e->ptr; n = e->next; @@ -440,7 +460,7 @@ static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h) CURLSTScode sc; DEBUGASSERT(h); do { - char buffer[257]; + char buffer[MAX_HSTS_HOSTLEN + 1]; struct curl_hstsentry e; e.name = buffer; e.namelen = sizeof(buffer)-1; diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c index f08a343e3b..b215307dca 100644 --- a/libs/libcurl/src/http.c +++ b/libs/libcurl/src/http.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -77,7 +77,6 @@ #include "content_encoding.h" #include "http_proxy.h" #include "warnless.h" -#include "non-ascii.h" #include "http2.h" #include "connect.h" #include "strdup.h" @@ -216,10 +215,10 @@ static CURLcode http_setup_conn(struct Curl_easy *data, */ char *Curl_checkProxyheaders(struct Curl_easy *data, const struct connectdata *conn, - const char *thisheader) + const char *thisheader, + const size_t thislen) { struct curl_slist *head; - size_t thislen = strlen(thisheader); for(head = (conn->bits.proxy && data->set.sep_headers) ? data->set.proxyheaders : data->set.headers; @@ -233,7 +232,7 @@ char *Curl_checkProxyheaders(struct Curl_easy *data, } #else /* disabled */ -#define Curl_checkProxyheaders(x,y,z) NULL +#define Curl_checkProxyheaders(x,y,z,a) NULL #endif /* @@ -327,7 +326,7 @@ static CURLcode http_output_basic(struct Curl_easy *data, bool proxy) if(!out) return CURLE_OUT_OF_MEMORY; - result = Curl_base64_encode(data, out, strlen(out), &authorization, &size); + result = Curl_base64_encode(out, strlen(out), &authorization, &size); if(result) goto fail; @@ -588,7 +587,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) if(data->state.authproblem) return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK; - if((conn->bits.user_passwd || data->set.str[STRING_BEARER]) && + if((data->state.aptr.user || data->set.str[STRING_BEARER]) && ((data->req.httpcode == 401) || (conn->bits.authneg && data->req.httpcode < 300))) { pickhost = pickoneauth(&data->state.authhost, authmask); @@ -652,6 +651,21 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) return result; } +/* + * Curl_allow_auth_to_host() tells if authentication, cookies or other + * "sensitive data" can (still) be sent to this host. + */ +bool Curl_allow_auth_to_host(struct Curl_easy *data) +{ + struct connectdata *conn = data->conn; + return (!data->state.this_is_a_follow || + data->set.allow_auth_to_other_hosts || + (data->state.first_host && + strcasecompare(data->state.first_host, conn->host.name) && + (data->state.first_remote_port == conn->remote_port) && + (data->state.first_remote_protocol == conn->handler->protocol))); +} + #ifndef CURL_DISABLE_HTTP_AUTH /* * Output the correct authentication header depending on the auth type @@ -667,6 +681,7 @@ output_auth_headers(struct Curl_easy *data, { const char *auth = NULL; CURLcode result = CURLE_OK; + (void)conn; #ifdef CURL_DISABLE_CRYPTO_AUTH (void)request; @@ -725,10 +740,10 @@ output_auth_headers(struct Curl_easy *data, if( #ifndef CURL_DISABLE_PROXY (proxy && conn->bits.proxy_user_passwd && - !Curl_checkProxyheaders(data, conn, "Proxy-authorization")) || + !Curl_checkProxyheaders(data, conn, STRCONST("Proxy-authorization"))) || #endif - (!proxy && conn->bits.user_passwd && - !Curl_checkheaders(data, "Authorization"))) { + (!proxy && data->state.aptr.user && + !Curl_checkheaders(data, STRCONST("Authorization")))) { auth = "Basic"; result = http_output_basic(data, proxy); if(result) @@ -742,7 +757,7 @@ output_auth_headers(struct Curl_easy *data, if(authstatus->picked == CURLAUTH_BEARER) { /* Bearer */ if((!proxy && data->set.str[STRING_BEARER] && - !Curl_checkheaders(data, "Authorization"))) { + !Curl_checkheaders(data, STRCONST("Authorization")))) { auth = "Bearer"; result = http_output_bearer(data); if(result) @@ -811,7 +826,7 @@ Curl_http_output_auth(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY (conn->bits.httpproxy && conn->bits.proxy_user_passwd) || #endif - conn->bits.user_passwd || data->set.str[STRING_BEARER]) + data->state.aptr.user || data->set.str[STRING_BEARER]) /* continue please */; else { authhost->done = TRUE; @@ -847,17 +862,14 @@ Curl_http_output_auth(struct Curl_easy *data, with it */ authproxy->done = TRUE; - /* To prevent the user+password to get sent to other than the original - host due to a location-follow, we do some weirdo checks here */ - if(!data->state.this_is_a_follow || + /* To prevent the user+password to get sent to other than the original host + due to a location-follow */ + if(Curl_allow_auth_to_host(data) #ifndef CURL_DISABLE_NETRC - conn->bits.netrc || + || conn->bits.netrc #endif - !data->state.first_host || - data->set.allow_auth_to_other_hosts || - strcasecompare(data->state.first_host, conn->host.name)) { + ) result = output_auth_headers(data, conn, authhost, request, path, FALSE); - } else authhost->done = TRUE; @@ -1143,7 +1155,7 @@ static bool http_should_fail(struct Curl_easy *data) ** Either we're not authenticating, or we're supposed to ** be authenticating something else. This is an error. */ - if((httpcode == 401) && !data->conn->bits.user_passwd) + if((httpcode == 401) && !data->state.aptr.user) return TRUE; #ifndef CURL_DISABLE_PROXY if((httpcode == 407) && !data->conn->bits.proxy_user_passwd) @@ -1251,14 +1263,6 @@ CURLcode Curl_buffer_send(struct dynbuf *in, DEBUGASSERT(size > (size_t)included_body_bytes); - result = Curl_convert_to_network(data, ptr, headersize); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) { - /* conversion failed, free memory and return to the caller */ - Curl_dyn_free(in); - return result; - } - if((conn->handler->flags & PROTOPT_SSL #ifndef CURL_DISABLE_PROXY || conn->http_proxy.proxytype == CURLPROXY_HTTPS @@ -1425,18 +1429,22 @@ CURLcode Curl_buffer_send(struct dynbuf *in, bool Curl_compareheader(const char *headerline, /* line to check */ const char *header, /* header keyword _with_ colon */ - const char *content) /* content string to find */ + const size_t hlen, /* len of the keyword in bytes */ + const char *content, /* content string to find */ + const size_t clen) /* len of the content in bytes */ { /* RFC2616, section 4.2 says: "Each header field consists of a name followed * by a colon (":") and the field value. Field names are case-insensitive. * The field value MAY be preceded by any amount of LWS, though a single SP * is preferred." */ - size_t hlen = strlen(header); - size_t clen; size_t len; const char *start; const char *end; + DEBUGASSERT(hlen); + DEBUGASSERT(clen); + DEBUGASSERT(header); + DEBUGASSERT(content); if(!strncasecompare(headerline, header, hlen)) return FALSE; /* doesn't start with header */ @@ -1460,7 +1468,6 @@ Curl_compareheader(const char *headerline, /* line to check */ } len = end-start; /* length of the content part of the input line */ - clen = strlen(content); /* length of the word to find */ /* find the content string in the rest of the line */ for(; len >= clen; len--, start++) { @@ -1546,7 +1553,7 @@ static CURLcode add_haproxy_protocol_header(struct Curl_easy *data) #ifdef USE_UNIX_SOCKETS if(data->conn->unix_domain_socket) /* the buffer is large enough to hold this! */ - result = Curl_dyn_add(&req, "PROXY UNKNOWN\r\n"); + result = Curl_dyn_addn(&req, STRCONST("PROXY UNKNOWN\r\n")); else { #endif /* Emit the correct prefix for IPv6 */ @@ -1713,13 +1720,13 @@ static CURLcode expect100(struct Curl_easy *data, /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an Expect: 100-continue to the headers which actually speeds up post operations (as there is one packet coming back from the web server) */ - const char *ptr = Curl_checkheaders(data, "Expect"); + const char *ptr = Curl_checkheaders(data, STRCONST("Expect")); if(ptr) { data->state.expect100header = - Curl_compareheader(ptr, "Expect:", "100-continue"); + Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); } else { - result = Curl_dyn_add(req, "Expect: 100-continue\r\n"); + result = Curl_dyn_addn(req, STRCONST("Expect: 100-continue\r\n")); if(!result) data->state.expect100header = TRUE; } @@ -1772,7 +1779,7 @@ CURLcode Curl_http_compile_trailers(struct curl_slist *trailers, return result; } else - infof(handle, "Malformatted trailing header ! Skipping trailer."); + infof(handle, "Malformatted trailing header, skipping trailer"); trailers = trailers->next; } result = Curl_dyn_add(b, endofline_network); @@ -1867,7 +1874,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, ptr = optr; } } - if(ptr) { + if(ptr && (ptr != headers->data)) { /* we require a colon for this to be a true header */ ptr++; /* pass the colon */ @@ -1910,10 +1917,7 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, checkprefix("Cookie:", compare)) && /* be careful of sending this potentially sensitive header to other hosts */ - (data->state.this_is_a_follow && - data->state.first_host && - !data->set.allow_auth_to_other_hosts && - !strcasecompare(data->state.first_host, conn->host.name))) + !Curl_allow_auth_to_host(data)) ; else { #ifdef USE_HYPER @@ -1949,6 +1953,7 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, CURLcode result; char datestr[80]; const char *condp; + size_t len; if(data->set.timecondition == CURL_TIMECOND_NONE) /* no condition was asked for */ @@ -1967,16 +1972,19 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, case CURL_TIMECOND_IFMODSINCE: condp = "If-Modified-Since"; + len = 17; break; case CURL_TIMECOND_IFUNMODSINCE: condp = "If-Unmodified-Since"; + len = 19; break; case CURL_TIMECOND_LASTMOD: condp = "Last-Modified"; + len = 13; break; } - if(Curl_checkheaders(data, condp)) { + if(Curl_checkheaders(data, condp, len)) { /* A custom header was specified; it will be sent instead. */ return CURLE_OK; } @@ -2065,7 +2073,7 @@ CURLcode Curl_http_useragent(struct Curl_easy *data) it might have been used in the proxy connect, but if we have got a header with the user-agent string specified, we erase the previously made string here. */ - if(Curl_checkheaders(data, "User-Agent")) { + if(Curl_checkheaders(data, STRCONST("User-Agent"))) { free(data->state.aptr.uagent); data->state.aptr.uagent = NULL; } @@ -2085,10 +2093,11 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) return CURLE_OUT_OF_MEMORY; data->state.first_remote_port = conn->remote_port; + data->state.first_remote_protocol = conn->handler->protocol; } Curl_safefree(data->state.aptr.host); - ptr = Curl_checkheaders(data, "Host"); + ptr = Curl_checkheaders(data, STRCONST("Host")); if(ptr && (!data->state.this_is_a_follow || strcasecompare(data->state.first_host, conn->host.name))) { #if !defined(CURL_DISABLE_COOKIES) @@ -2305,7 +2314,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, #ifndef CURL_DISABLE_MIME if(http->sendit) { - const char *cthdr = Curl_checkheaders(data, "Content-Type"); + const char *cthdr = Curl_checkheaders(data, STRCONST("Content-Type")); /* Read and seek body only. */ http->sendit->flags |= MIME_BODY_ONLY; @@ -2330,11 +2339,12 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, } #endif - ptr = Curl_checkheaders(data, "Transfer-Encoding"); + ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); if(ptr) { /* Some kind of TE is requested, check if 'chunked' is chosen */ data->req.upload_chunky = - Curl_compareheader(ptr, "Transfer-Encoding:", "chunked"); + Curl_compareheader(ptr, + STRCONST("Transfer-Encoding:"), STRCONST("chunked")); } else { if((conn->handler->protocol & PROTO_FAMILY_HTTP) && @@ -2394,7 +2404,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, http->postsize = data->state.infilesize; if((http->postsize != -1) && !data->req.upload_chunky && - (conn->bits.authneg || !Curl_checkheaders(data, "Content-Length"))) { + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* only add Content-Length if not uploading chunked */ result = Curl_dyn_addf(r, "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", http->postsize); @@ -2409,7 +2420,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, } /* end of headers */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2434,7 +2445,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, /* This is form posting using mime data. */ if(conn->bits.authneg) { /* nothing to post! */ - result = Curl_dyn_add(r, "Content-Length: 0\r\n\r\n"); + result = Curl_dyn_addn(r, STRCONST("Content-Length: 0\r\n\r\n")); if(result) return result; @@ -2454,7 +2465,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, we don't upload data chunked, as RFC2616 forbids us to set both kinds of headers (Transfer-Encoding: chunked and Content-Length) */ if(http->postsize != -1 && !data->req.upload_chunky && - (conn->bits.authneg || !Curl_checkheaders(data, "Content-Length"))) { + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* we allow replacing this header if not during auth negotiation, although it isn't very wise to actually set your own */ result = Curl_dyn_addf(r, @@ -2481,10 +2493,10 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, the somewhat bigger ones we allow the app to disable it. Just make sure that the expect100header is always set to the preferred value here. */ - ptr = Curl_checkheaders(data, "Expect"); + ptr = Curl_checkheaders(data, STRCONST("Expect")); if(ptr) { data->state.expect100header = - Curl_compareheader(ptr, "Expect:", "100-continue"); + Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); } else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) { result = expect100(data, conn, r); @@ -2495,7 +2507,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, data->state.expect100header = FALSE; /* make the request end in a true CRLF */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2534,7 +2546,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, we don't upload data chunked, as RFC2616 forbids us to set both kinds of headers (Transfer-Encoding: chunked and Content-Length) */ if((http->postsize != -1) && !data->req.upload_chunky && - (conn->bits.authneg || !Curl_checkheaders(data, "Content-Length"))) { + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { /* we allow replacing this header if not during auth negotiation, although it isn't very wise to actually set your own */ result = Curl_dyn_addf(r, "Content-Length: %" CURL_FORMAT_CURL_OFF_T @@ -2543,9 +2556,9 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, return result; } - if(!Curl_checkheaders(data, "Content-Type")) { - result = Curl_dyn_add(r, "Content-Type: application/" - "x-www-form-urlencoded\r\n"); + if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { + result = Curl_dyn_addn(r, STRCONST("Content-Type: application/" + "x-www-form-urlencoded\r\n")); if(result) return result; } @@ -2554,10 +2567,10 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, the somewhat bigger ones we allow the app to disable it. Just make sure that the expect100header is always set to the preferred value here. */ - ptr = Curl_checkheaders(data, "Expect"); + ptr = Curl_checkheaders(data, STRCONST("Expect")); if(ptr) { data->state.expect100header = - Curl_compareheader(ptr, "Expect:", "100-continue"); + Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); } else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) { result = expect100(data, conn, r); @@ -2584,7 +2597,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, get the data duplicated with malloc() and family. */ /* end of headers! */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2606,12 +2619,12 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, result = Curl_dyn_addn(r, data->set.postfields, (size_t)http->postsize); if(!result) - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); included_body += 2; } } if(!result) { - result = Curl_dyn_add(r, "\x30\x0d\x0a\x0d\x0a"); + result = Curl_dyn_addn(r, STRCONST("\x30\x0d\x0a\x0d\x0a")); /* 0 CR LF CR LF */ included_body += 5; } @@ -2634,7 +2647,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, Curl_pgrsSetUploadSize(data, http->postsize); /* end of headers! */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; } @@ -2643,14 +2656,14 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, #endif { /* end of headers! */ - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; if(data->req.upload_chunky && conn->bits.authneg) { /* Chunky upload is selected and we're negotiating auth still, send end-of-data only */ - result = Curl_dyn_add(r, (char *)"\x30\x0d\x0a\x0d\x0a"); + result = Curl_dyn_addn(r, (char *)STRCONST("\x30\x0d\x0a\x0d\x0a")); /* 0 CR LF CR LF */ if(result) return result; @@ -2678,7 +2691,7 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, break; default: - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2702,7 +2715,8 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, { CURLcode result = CURLE_OK; char *addcookies = NULL; - if(data->set.str[STRING_COOKIE] && !Curl_checkheaders(data, "Cookie")) + if(data->set.str[STRING_COOKIE] && + !Curl_checkheaders(data, STRCONST("Cookie"))) addcookies = data->set.str[STRING_COOKIE]; if(data->cookies || addcookies) { @@ -2728,7 +2742,7 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, while(co) { if(co->value) { if(0 == count) { - result = Curl_dyn_add(r, "Cookie: "); + result = Curl_dyn_addn(r, STRCONST("Cookie: ")); if(result) break; } @@ -2744,14 +2758,14 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, } if(addcookies && !result) { if(!count) - result = Curl_dyn_add(r, "Cookie: "); + result = Curl_dyn_addn(r, STRCONST("Cookie: ")); if(!result) { result = Curl_dyn_addf(r, "%s%s", count?"; ":"", addcookies); count++; } } if(count && !result) - result = Curl_dyn_add(r, "\r\n"); + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) return result; @@ -2770,14 +2784,14 @@ CURLcode Curl_http_range(struct Curl_easy *data, * ones if any such are specified. */ if(((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) && - !Curl_checkheaders(data, "Range")) { + !Curl_checkheaders(data, STRCONST("Range"))) { /* if a line like this was already allocated, free the previous one */ free(data->state.aptr.rangeline); data->state.aptr.rangeline = aprintf("Range: bytes=%s\r\n", data->state.range); } else if((httpreq == HTTPREQ_POST || httpreq == HTTPREQ_PUT) && - !Curl_checkheaders(data, "Content-Range")) { + !Curl_checkheaders(data, STRCONST("Content-Range"))) { /* if a line like this was already allocated, free the previous one */ free(data->state.aptr.rangeline); @@ -2923,7 +2937,7 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, /* The resume point is at the end of file, consider this fine even if it doesn't allow resume from here. */ infof(data, "The entire document is already downloaded"); - connclose(conn, "already downloaded"); + streamclose(conn, "already downloaded"); /* Abort download */ k->keepon &= ~KEEP_RECV; *done = TRUE; @@ -2948,10 +2962,10 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, /* We're simulating a http 304 from server so we return what should have been returned from the server */ data->info.httpcode = 304; - infof(data, "Simulate a HTTP 304 response!"); + infof(data, "Simulate a HTTP 304 response"); /* we abort the transfer before it is completed == we ruin the re-use ability. Close the connection */ - connclose(conn, "Simulated 304 handling"); + streamclose(conn, "Simulated 304 handling"); return CURLE_OK; } } /* we have a time condition */ @@ -2962,14 +2976,14 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, #ifdef HAVE_LIBZ CURLcode Curl_transferencode(struct Curl_easy *data) { - if(!Curl_checkheaders(data, "TE") && + if(!Curl_checkheaders(data, STRCONST("TE")) && data->set.http_transfer_encoding) { /* When we are to insert a TE: header in the request, we must also insert TE in a Connection: header, so we need to merge the custom provided Connection: header and prevent the original to get sent. Note that if the user has inserted his/her own TE: header we don't do this magic but then assume that the user will handle it all! */ - char *cptr = Curl_checkheaders(data, "Connection"); + char *cptr = Curl_checkheaders(data, STRCONST("Connection")); #define TE_HEADER "TE: gzip\r\n" Curl_safefree(data->state.aptr.te); @@ -3089,13 +3103,13 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } Curl_safefree(data->state.aptr.ref); - if(data->state.referer && !Curl_checkheaders(data, "Referer")) { + if(data->state.referer && !Curl_checkheaders(data, STRCONST("Referer"))) { data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer); if(!data->state.aptr.ref) return CURLE_OUT_OF_MEMORY; } - if(!Curl_checkheaders(data, "Accept-Encoding") && + if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && data->set.str[STRING_ENCODING]) { Curl_safefree(data->state.aptr.accept_encoding); data->state.aptr.accept_encoding = @@ -3117,7 +3131,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(result) return result; - p_accept = Curl_checkheaders(data, "Accept")?NULL:"Accept: */*\r\n"; + p_accept = Curl_checkheaders(data, + STRCONST("Accept"))?NULL:"Accept: */*\r\n"; result = Curl_http_resume(data, conn, httpreq); if(result) @@ -3147,7 +3162,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } #ifndef CURL_DISABLE_ALTSVC - if(conn->bits.altused && !Curl_checkheaders(data, "Alt-Used")) { + if(conn->bits.altused && !Curl_checkheaders(data, STRCONST("Alt-Used"))) { altused = aprintf("Alt-Used: %s:%d\r\n", conn->conn_to_host.name, conn->conn_to_port); if(!altused) { @@ -3194,8 +3209,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) #ifndef CURL_DISABLE_PROXY (conn->bits.httpproxy && !conn->bits.tunnel_proxy && - !Curl_checkheaders(data, "Proxy-Connection") && - !Curl_checkProxyheaders(data, conn, "Proxy-Connection"))? + !Curl_checkheaders(data, STRCONST("Proxy-Connection")) && + !Curl_checkProxyheaders(data, + conn, + STRCONST("Proxy-Connection")))? "Proxy-Connection: Keep-Alive\r\n":"", #else "", @@ -3308,20 +3325,6 @@ checkhttpprefix(struct Curl_easy *data, struct curl_slist *head = data->set.http200aliases; statusline rc = STATUS_BAD; statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN; -#ifdef CURL_DOES_CONVERSIONS - /* convert from the network encoding using a scratch area */ - char *scratch = strdup(s); - if(!scratch) { - failf(data, "Failed to allocate memory for conversion!"); - return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */ - } - if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) { - /* Curl_convert_from_network calls failf if unsuccessful */ - free(scratch); - return FALSE; /* can't return CURLE_foobar so return FALSE */ - } - s = scratch; -#endif /* CURL_DOES_CONVERSIONS */ while(head) { if(checkprefixmax(head->data, s, len)) { @@ -3334,9 +3337,6 @@ checkhttpprefix(struct Curl_easy *data, if((rc != STATUS_DONE) && (checkprefixmax("HTTP/", s, len))) rc = onmatch; -#ifdef CURL_DOES_CONVERSIONS - free(scratch); -#endif /* CURL_DOES_CONVERSIONS */ return rc; } @@ -3347,26 +3347,9 @@ checkrtspprefix(struct Curl_easy *data, { statusline result = STATUS_BAD; statusline onmatch = len >= 5? STATUS_DONE : STATUS_UNKNOWN; - -#ifdef CURL_DOES_CONVERSIONS - /* convert from the network encoding using a scratch area */ - char *scratch = strdup(s); - if(!scratch) { - failf(data, "Failed to allocate memory for conversion!"); - return FALSE; /* can't return CURLE_OUT_OF_MEMORY so return FALSE */ - } - if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) { - /* Curl_convert_from_network calls failf if unsuccessful */ - result = FALSE; /* can't return CURLE_foobar so return FALSE */ - } - else if(checkprefixmax("RTSP/", scratch, len)) - result = onmatch; - free(scratch); -#else (void)data; /* unused */ if(checkprefixmax("RTSP/", s, len)) result = onmatch; -#endif /* CURL_DOES_CONVERSIONS */ return result; } @@ -3412,7 +3395,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, return CURLE_FILESIZE_EXCEEDED; } streamclose(conn, "overflow content-length"); - infof(data, "Overflow Content-Length: value!"); + infof(data, "Overflow Content-Length: value"); } else { /* negative or just rubbish - bad HTTP */ @@ -3436,7 +3419,9 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, #ifndef CURL_DISABLE_PROXY else if((conn->httpversion == 10) && conn->bits.httpproxy && - Curl_compareheader(headp, "Proxy-Connection:", "keep-alive")) { + Curl_compareheader(headp, + STRCONST("Proxy-Connection:"), + STRCONST("keep-alive"))) { /* * When a HTTP/1.0 reply comes when using a proxy, the * 'Proxy-Connection: keep-alive' line tells us the @@ -3444,21 +3429,25 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, * Default action for 1.0 is to close. */ connkeep(conn, "Proxy-Connection keep-alive"); /* don't close */ - infof(data, "HTTP/1.0 proxy connection set to keep alive!"); + infof(data, "HTTP/1.0 proxy connection set to keep alive"); } else if((conn->httpversion == 11) && conn->bits.httpproxy && - Curl_compareheader(headp, "Proxy-Connection:", "close")) { + Curl_compareheader(headp, + STRCONST("Proxy-Connection:"), + STRCONST("close"))) { /* * We get a HTTP/1.1 response from a proxy and it says it'll * close down after this transfer. */ connclose(conn, "Proxy-Connection: asked to close after done"); - infof(data, "HTTP/1.1 proxy connection set close!"); + infof(data, "HTTP/1.1 proxy connection set close"); } #endif else if((conn->httpversion == 10) && - Curl_compareheader(headp, "Connection:", "keep-alive")) { + Curl_compareheader(headp, + STRCONST("Connection:"), + STRCONST("keep-alive"))) { /* * A HTTP/1.0 reply with the 'Connection: keep-alive' line * tells us the connection will be kept alive for our @@ -3466,9 +3455,10 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, * * [RFC2068, section 19.7.1] */ connkeep(conn, "Connection keep-alive"); - infof(data, "HTTP/1.0 connection set to keep alive!"); + infof(data, "HTTP/1.0 connection set to keep alive"); } - else if(Curl_compareheader(headp, "Connection:", "close")) { + else if(Curl_compareheader(headp, + STRCONST("Connection:"), STRCONST("close"))) { /* * [RFC 2616, section 8.1.2.1] * "Connection: close" is HTTP/1.1 language and means that @@ -3795,6 +3785,29 @@ CURLcode Curl_http_size(struct Curl_easy *data) return CURLE_OK; } +static CURLcode verify_header(struct Curl_easy *data) +{ + struct SingleRequest *k = &data->req; + const char *header = Curl_dyn_ptr(&data->state.headerb); + size_t hlen = Curl_dyn_len(&data->state.headerb); + char *ptr = memchr(header, 0x00, hlen); + if(ptr) { + /* this is bad, bail out */ + failf(data, "Nul byte in header"); + return CURLE_WEIRD_SERVER_REPLY; + } + if(k->headerline < 2) + /* the first "header" is the status-line and it has no colon */ + return CURLE_OK; + ptr = memchr(header, ':', hlen); + if(!ptr) { + /* this is bad, bail out */ + failf(data, "Header without colon"); + return CURLE_WEIRD_SERVER_REPLY; + } + return CURLE_OK; +} + /* * Read any HTTP header lines from the server and pass them to the client app. */ @@ -3903,21 +3916,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, size_t headerlen; /* Zero-length header line means end of headers! */ -#ifdef CURL_DOES_CONVERSIONS - if(0x0d == *headp) { - *headp = '\r'; /* replace with CR in host encoding */ - headp++; /* pass the CR byte */ - } - if(0x0a == *headp) { - *headp = '\n'; /* replace with LF in host encoding */ - headp++; /* pass the LF byte */ - } -#else if('\r' == *headp) headp++; /* pass the \r byte */ if('\n' == *headp) headp++; /* pass the \n byte */ -#endif /* CURL_DOES_CONVERSIONS */ if(100 <= k->httpcode && 199 >= k->httpcode) { /* "A user agent MAY ignore unexpected 1xx status responses." */ @@ -4028,9 +4030,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, /* now, only output this if the header AND body are requested: */ - writetype = CLIENTWRITE_HEADER; - if(data->set.include_header) - writetype |= CLIENTWRITE_BODY; + writetype = CLIENTWRITE_HEADER | + (data->set.include_header ? CLIENTWRITE_BODY : 0) | + ((k->httpcode/100 == 1) ? CLIENTWRITE_1XX : 0); headerlen = Curl_dyn_len(&data->state.headerb); result = Curl_client_write(data, writetype, @@ -4127,7 +4129,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(conn->bits.rewindaftersend) { /* We rewind after a complete send, so thus we continue sending now */ - infof(data, "Keep sending data to get tossed away!"); + infof(data, "Keep sending data to get tossed away"); k->keepon |= KEEP_SEND; } } @@ -4183,36 +4185,18 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, * Checks for special headers coming up. */ + writetype = CLIENTWRITE_HEADER; if(!k->headerline++) { /* This is the first header, it MUST be the error code line or else we consider this to be the body right away! */ int httpversion_major; int rtspversion_major; int nc = 0; -#ifdef CURL_DOES_CONVERSIONS -#define HEADER1 scratch -#define SCRATCHSIZE 21 - CURLcode res; - char scratch[SCRATCHSIZE + 1]; /* "HTTP/major.minor 123" */ - /* We can't really convert this yet because we don't know if it's the - 1st header line or the body. So we do a partial conversion into a - scratch area, leaving the data at 'headp' as-is. - */ - strncpy(&scratch[0], headp, SCRATCHSIZE); - scratch[SCRATCHSIZE] = 0; /* null terminate */ - res = Curl_convert_from_network(data, - &scratch[0], - SCRATCHSIZE); - if(res) - /* Curl_convert_from_network calls failf if unsuccessful */ - return res; -#else #define HEADER1 headp /* no conversion needed, just use headp */ -#endif /* CURL_DOES_CONVERSIONS */ if(conn->handler->protocol & PROTO_FAMILY_HTTP) { /* - * https://tools.ietf.org/html/rfc7230#section-3.1.2 + * https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2 * * The response code is always a three-digit number in HTTP as the spec * says. We allow any three-digit number here, but we cannot make @@ -4254,10 +4238,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, switch(httpversion) { case 10: case 11: -#if defined(USE_NGHTTP2) || defined(USE_HYPER) +#ifdef USE_HTTP2 case 20: #endif -#if defined(ENABLE_QUIC) +#ifdef ENABLE_QUIC case 30: #endif conn->httpversion = (unsigned char)httpversion; @@ -4326,6 +4310,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, result = Curl_http_statusline(data, conn); if(result) return result; + writetype |= CLIENTWRITE_STATUS; } else { k->header = FALSE; /* this is not a header line */ @@ -4333,8 +4318,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, } } - result = Curl_convert_from_network(data, headp, strlen(headp)); - /* Curl_convert_from_network calls failf if unsuccessful */ + result = verify_header(data); if(result) return result; @@ -4345,10 +4329,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, /* * End of header-checks. Write them to the client. */ - - writetype = CLIENTWRITE_HEADER; if(data->set.include_header) writetype |= CLIENTWRITE_BODY; + if(k->httpcode/100 == 1) + writetype |= CLIENTWRITE_1XX; Curl_debug(data, CURLINFO_HEADER_IN, headp, Curl_dyn_len(&data->state.headerb)); diff --git a/libs/libcurl/src/http.h b/libs/libcurl/src/http.h index b4aaba2a26..c4ab3c22de 100644 --- a/libs/libcurl/src/http.h +++ b/libs/libcurl/src/http.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -38,6 +38,10 @@ typedef enum { #include <nghttp2/nghttp2.h> #endif +#if defined(_WIN32) && defined(ENABLE_QUIC) +#include <stdint.h> +#endif + extern const struct Curl_handler Curl_handler_http; #ifdef USE_SSL @@ -47,13 +51,16 @@ extern const struct Curl_handler Curl_handler_https; /* Header specific functions */ bool Curl_compareheader(const char *headerline, /* line to check */ const char *header, /* header keyword _with_ colon */ - const char *content); /* content string to find */ + const size_t hlen, /* len of the keyword in bytes */ + const char *content, /* content string to find */ + const size_t clen); /* len of the content in bytes */ char *Curl_copy_header_value(const char *header); char *Curl_checkProxyheaders(struct Curl_easy *data, const struct connectdata *conn, - const char *thisheader); + const char *thisheader, + const size_t thislen); CURLcode Curl_buffer_send(struct dynbuf *in, struct Curl_easy *data, curl_off_t *bytes_written, @@ -160,6 +167,29 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data); struct h3out; /* see ngtcp2 */ #endif +#ifdef USE_MSH3 +#ifdef _WIN32 +#define msh3_lock CRITICAL_SECTION +#define msh3_lock_initialize(lock) InitializeCriticalSection(lock) +#define msh3_lock_uninitialize(lock) DeleteCriticalSection(lock) +#define msh3_lock_acquire(lock) EnterCriticalSection(lock) +#define msh3_lock_release(lock) LeaveCriticalSection(lock) +#else /* !_WIN32 */ +#include <pthread.h> +#define msh3_lock pthread_mutex_t +#define msh3_lock_initialize(lock) { \ + pthread_mutexattr_t attr; \ + pthread_mutexattr_init(&attr); \ + pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); \ + pthread_mutex_init(lock, &attr); \ + pthread_mutexattr_destroy(&attr); \ +} +#define msh3_lock_uninitialize(lock) pthread_mutex_destroy(lock) +#define msh3_lock_acquire(lock) pthread_mutex_lock(lock) +#define msh3_lock_release(lock) pthread_mutex_unlock(lock) +#endif /* _WIN32 */ +#endif /* USE_MSH3 */ + /**************************************************************************** * HTTP unique setup ***************************************************************************/ @@ -225,11 +255,13 @@ struct HTTP { #endif #ifdef ENABLE_QUIC +#ifndef USE_MSH3 /*********** for HTTP/3 we store stream-local data here *************/ int64_t stream3_id; /* stream we are interested in */ bool firstheader; /* FALSE until headers arrive */ bool firstbody; /* FALSE until body arrives */ bool h3req; /* FALSE until request is issued */ +#endif bool upload_done; #endif #ifdef USE_NGHTTP3 @@ -237,6 +269,21 @@ struct HTTP { struct h3out *h3out; /* per-stream buffers for upload */ struct dynbuf overflow; /* excess data received during a single Curl_read */ #endif +#ifdef USE_MSH3 + struct MSH3_REQUEST *req; + msh3_lock recv_lock; + /* Receive Buffer (Headers and Data) */ + uint8_t* recv_buf; + size_t recv_buf_alloc; + /* Receive Headers */ + size_t recv_header_len; + bool recv_header_complete; + /* Receive Data */ + size_t recv_data_len; + bool recv_data_complete; + /* General Receive Error */ + CURLcode recv_error; +#endif }; #ifdef USE_NGHTTP2 @@ -317,4 +364,10 @@ Curl_http_output_auth(struct Curl_easy *data, bool proxytunnel); /* TRUE if this is the request setting up the proxy tunnel */ +/* + * Curl_allow_auth_to_host() tells if authentication, cookies or other + * "sensitive data" can (still) be sent to this host. + */ +bool Curl_allow_auth_to_host(struct Curl_easy *data); + #endif /* HEADER_CURL_HTTP_H */ diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c index e74400a4ca..0120b86311 100644 --- a/libs/libcurl/src/http2.c +++ b/libs/libcurl/src/http2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -36,7 +36,10 @@ #include "connect.h" #include "strtoofft.h" #include "strdup.h" +#include "transfer.h" #include "dynbuf.h" +#include "h2h3.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -64,7 +67,6 @@ #define H2BUGF(x) do { } while(0) #endif - static ssize_t http2_recv(struct Curl_easy *data, int sockindex, char *mem, size_t len, CURLcode *err); static bool http2_connisdead(struct Curl_easy *data, @@ -200,9 +202,9 @@ static bool http2_connisdead(struct Curl_easy *data, struct connectdata *conn) nread = ((Curl_recv *)httpc->recv_underlying)( data, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result); if(nread != -1) { - infof(data, - "%d bytes stray data read before trying h2 connection", - (int)nread); + H2BUGF(infof(data, + "%d bytes stray data read before trying h2 connection", + (int)nread)); httpc->nread_inbuf = 0; httpc->inbuflen = nread; if(h2_process_pending_input(data, httpc, &result) < 0) @@ -513,7 +515,7 @@ static int set_transfer_url(struct Curl_easy *data, if(!u) return 5; - v = curl_pushheader_byname(hp, ":scheme"); + v = curl_pushheader_byname(hp, H2H3_PSEUDO_SCHEME); if(v) { uc = curl_url_set(u, CURLUPART_SCHEME, v, 0); if(uc) { @@ -522,7 +524,7 @@ static int set_transfer_url(struct Curl_easy *data, } } - v = curl_pushheader_byname(hp, ":authority"); + v = curl_pushheader_byname(hp, H2H3_PSEUDO_AUTHORITY); if(v) { uc = curl_url_set(u, CURLUPART_HOST, v, 0); if(uc) { @@ -531,7 +533,7 @@ static int set_transfer_url(struct Curl_easy *data, } } - v = curl_pushheader_byname(hp, ":path"); + v = curl_pushheader_byname(hp, H2H3_PSEUDO_PATH); if(v) { uc = curl_url_set(u, CURLUPART_PATH, v, 0); if(uc) { @@ -560,7 +562,7 @@ static int push_promise(struct Curl_easy *data, const nghttp2_push_promise *frame) { int rv; /* one of the CURL_PUSH_* defines */ - H2BUGF(infof(data, "PUSH_PROMISE received, stream %u!", + H2BUGF(infof(data, "PUSH_PROMISE received, stream %u", frame->promised_stream_id)); if(data->multi->push_cb) { struct HTTP *stream; @@ -580,11 +582,11 @@ static int push_promise(struct Curl_easy *data, heads.data = data; heads.frame = frame; /* ask the application */ - H2BUGF(infof(data, "Got PUSH_PROMISE, ask application!")); + H2BUGF(infof(data, "Got PUSH_PROMISE, ask application")); stream = data->req.p.http; if(!stream) { - failf(data, "Internal NULL stream!"); + failf(data, "Internal NULL stream"); (void)Curl_close(&newhandle); rv = CURL_PUSH_DENY; goto fail; @@ -651,7 +653,7 @@ static int push_promise(struct Curl_easy *data, Curl_dyn_init(&newstream->trailer_recvbuf, DYN_H2_TRAILERS); } else { - H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it!")); + H2BUGF(infof(data, "Got PUSH_PROMISE, ignore it")); rv = CURL_PUSH_DENY; } fail: @@ -757,7 +759,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, stream->status_code = -1; } - result = Curl_dyn_add(&stream->header_recvbuf, "\r\n"); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("\r\n")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; @@ -800,7 +802,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, } break; default: - H2BUGF(infof(data_s, "Got frame type %x for stream %u!", + H2BUGF(infof(data_s, "Got frame type %x for stream %u", frame->hd.type, stream_id)); break; } @@ -823,10 +825,14 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags, /* get the stream from the hash based on Stream ID */ data_s = nghttp2_session_get_stream_user_data(session, stream_id); - if(!data_s) - /* Receiving a Stream ID not in the hash should not happen, this is an - internal error more than anything else! */ - return NGHTTP2_ERR_CALLBACK_FAILURE; + if(!data_s) { + /* Receiving a Stream ID not in the hash should not happen - unless + we have aborted a transfer artificially and there were more data + in the pipeline. Silently ignore. */ + H2BUGF(fprintf(stderr, "Data for stream %u but it doesn't exist\n", + stream_id)); + return 0; + } stream = data_s->req.p.http; if(!stream) @@ -907,15 +913,15 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, /* remove the entry from the hash as the stream is now gone */ rv = nghttp2_session_set_stream_user_data(session, stream_id, 0); if(rv) { - infof(data_s, "http/2: failed to clear user_data for stream %d!", + infof(data_s, "http/2: failed to clear user_data for stream %d", stream_id); DEBUGASSERT(0); } if(stream_id == httpc->pause_stream_id) { - H2BUGF(infof(data_s, "Stopped the pause stream!")); + H2BUGF(infof(data_s, "Stopped the pause stream")); httpc->pause_stream_id = 0; } - H2BUGF(infof(data_s, "Removed stream %u hash!", stream_id)); + H2BUGF(infof(data_s, "Removed stream %u hash", stream_id)); stream->stream_id = 0; /* cleared */ } return 0; @@ -1000,7 +1006,7 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, stream = data_s->req.p.http; if(!stream) { - failf(data_s, "Internal NULL stream!"); + failf(data_s, "Internal NULL stream"); return NGHTTP2_ERR_CALLBACK_FAILURE; } @@ -1009,7 +1015,7 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, if(frame->hd.type == NGHTTP2_PUSH_PROMISE) { char *h; - if(!strcmp(":authority", (const char *)name)) { + if(!strcmp(H2H3_PSEUDO_AUTHORITY, (const char *)name)) { /* pseudo headers are lower case */ int rc = 0; char *check = aprintf("%s:%d", conn->host.name, conn->remote_port); @@ -1072,22 +1078,27 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, return 0; } - if(namelen == sizeof(":status") - 1 && - memcmp(":status", name, namelen) == 0) { + if(namelen == sizeof(H2H3_PSEUDO_STATUS) - 1 && + memcmp(H2H3_PSEUDO_STATUS, name, namelen) == 0) { /* nghttp2 guarantees :status is received first and only once, and value is 3 digits status code, and decode_status_code always succeeds. */ + char buffer[32]; stream->status_code = decode_status_code(value, valuelen); DEBUGASSERT(stream->status_code != -1); - - result = Curl_dyn_add(&stream->header_recvbuf, "HTTP/2 "); + msnprintf(buffer, sizeof(buffer), H2H3_PSEUDO_STATUS ":%u\r", + stream->status_code); + result = Curl_headers_push(data_s, buffer, CURLH_PSEUDO); + if(result) + return NGHTTP2_ERR_CALLBACK_FAILURE; + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("HTTP/2 ")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; result = Curl_dyn_addn(&stream->header_recvbuf, value, valuelen); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; /* the space character after the status code is mandatory */ - result = Curl_dyn_add(&stream->header_recvbuf, " \r\n"); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST(" \r\n")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; /* if we receive data for another handle, wake that up */ @@ -1105,13 +1116,13 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, result = Curl_dyn_addn(&stream->header_recvbuf, name, namelen); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; - result = Curl_dyn_add(&stream->header_recvbuf, ": "); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST(": ")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; result = Curl_dyn_addn(&stream->header_recvbuf, value, valuelen); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; - result = Curl_dyn_add(&stream->header_recvbuf, "\r\n"); + result = Curl_dyn_addn(&stream->header_recvbuf, STRCONST("\r\n")); if(result) return NGHTTP2_ERR_CALLBACK_FAILURE; /* if we receive data for another handle, wake that up */ @@ -1227,17 +1238,18 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) !httpc->h2) /* not HTTP/2 ? */ return; - if(premature) { + /* do this before the reset handling, as that might clear ->stream_id */ + if(http->stream_id == httpc->pause_stream_id) { + H2BUGF(infof(data, "DONE the pause stream (%x)", http->stream_id)); + httpc->pause_stream_id = 0; + } + if(premature || (!http->closed && http->stream_id)) { /* RST_STREAM */ set_transfer(httpc, data); /* set the transfer */ + H2BUGF(infof(data, "RST stream %x", http->stream_id)); if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE, http->stream_id, NGHTTP2_STREAM_CLOSED)) (void)nghttp2_session_send(httpc->h2); - - if(http->stream_id == httpc->pause_stream_id) { - infof(data, "stopped the pause stream!"); - httpc->pause_stream_id = 0; - } } if(data->state.drain) @@ -1248,7 +1260,7 @@ void Curl_http2_done(struct Curl_easy *data, bool premature) int rv = nghttp2_session_set_stream_user_data(httpc->h2, http->stream_id, 0); if(rv) { - infof(data, "http/2: failed to clear user_data for stream %d!", + infof(data, "http/2: failed to clear user_data for stream %d", http->stream_id); DEBUGASSERT(0); } @@ -1273,7 +1285,7 @@ static CURLcode http2_init(struct Curl_easy *data, struct connectdata *conn) rc = nghttp2_session_callbacks_new(&callbacks); if(rc) { - failf(data, "Couldn't initialize nghttp2 callbacks!"); + failf(data, "Couldn't initialize nghttp2 callbacks"); return CURLE_OUT_OF_MEMORY; /* most likely at least */ } @@ -1302,7 +1314,7 @@ static CURLcode http2_init(struct Curl_easy *data, struct connectdata *conn) nghttp2_session_callbacks_del(callbacks); if(rc) { - failf(data, "Couldn't initialize nghttp2!"); + failf(data, "Couldn't initialize nghttp2"); return CURLE_OUT_OF_MEMORY; /* most likely at least */ } } @@ -1337,7 +1349,7 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req, } conn->proto.httpc.binlen = binlen; - result = Curl_base64url_encode(data, (const char *)binsettings, binlen, + result = Curl_base64url_encode((const char *)binsettings, binlen, &base64, &blen); if(result) { Curl_dyn_free(req); @@ -1507,7 +1519,7 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn, /* Reset to FALSE to prevent infinite loop in readwrite_data function. */ stream->closed = FALSE; if(stream->error == NGHTTP2_REFUSED_STREAM) { - H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection!", + H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection", stream->stream_id)); connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */ data->state.refused_stream = TRUE; @@ -1666,7 +1678,7 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex, )); if((data->state.drain) && stream->memlen) { - H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u!! (%p => %p)", + H2BUGF(infof(data, "http2_recv: DRAIN %zu bytes stream %u (%p => %p)", stream->memlen, stream->stream_id, stream->mem, mem)); if(mem != stream->mem) { @@ -1816,80 +1828,6 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex, return -1; } -/* Index where :authority header field will appear in request header - field list. */ -#define AUTHORITY_DST_IDX 3 - -/* USHRT_MAX is 65535 == 0xffff */ -#define HEADER_OVERFLOW(x) \ - (x.namelen > 0xffff || x.valuelen > 0xffff - x.namelen) - -/* - * Check header memory for the token "trailers". - * Parse the tokens as separated by comma and surrounded by whitespace. - * Returns TRUE if found or FALSE if not. - */ -static bool contains_trailers(const char *p, size_t len) -{ - const char *end = p + len; - for(;;) { - for(; p != end && (*p == ' ' || *p == '\t'); ++p) - ; - if(p == end || (size_t)(end - p) < sizeof("trailers") - 1) - return FALSE; - if(strncasecompare("trailers", p, sizeof("trailers") - 1)) { - p += sizeof("trailers") - 1; - for(; p != end && (*p == ' ' || *p == '\t'); ++p) - ; - if(p == end || *p == ',') - return TRUE; - } - /* skip to next token */ - for(; p != end && *p != ','; ++p) - ; - if(p == end) - return FALSE; - ++p; - } -} - -typedef enum { - /* Send header to server */ - HEADERINST_FORWARD, - /* Don't send header to server */ - HEADERINST_IGNORE, - /* Discard header, and replace it with "te: trailers" */ - HEADERINST_TE_TRAILERS -} header_instruction; - -/* Decides how to treat given header field. */ -static header_instruction inspect_header(const char *name, size_t namelen, - const char *value, size_t valuelen) { - switch(namelen) { - case 2: - if(!strncasecompare("te", name, namelen)) - return HEADERINST_FORWARD; - - return contains_trailers(value, valuelen) ? - HEADERINST_TE_TRAILERS : HEADERINST_IGNORE; - case 7: - return strncasecompare("upgrade", name, namelen) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - case 10: - return (strncasecompare("connection", name, namelen) || - strncasecompare("keep-alive", name, namelen)) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - case 16: - return strncasecompare("proxy-connection", name, namelen) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - case 17: - return strncasecompare("transfer-encoding", name, namelen) ? - HEADERINST_IGNORE : HEADERINST_FORWARD; - default: - return HEADERINST_FORWARD; - } -} - static ssize_t http2_send(struct Curl_easy *data, int sockindex, const void *mem, size_t len, CURLcode *err) { @@ -1904,14 +1842,12 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, struct HTTP *stream = data->req.p.http; nghttp2_nv *nva = NULL; size_t nheader; - size_t i; - size_t authority_idx; - char *hdbuf = (char *)mem; - char *end, *line_end; nghttp2_data_provider data_prd; int32_t stream_id; nghttp2_session *h2 = httpc->h2; nghttp2_priority_spec pri_spec; + CURLcode result; + struct h2h3req *hreq; (void)sockindex; @@ -1977,174 +1913,29 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, return len; } - /* Calculate number of headers contained in [mem, mem + len) */ - /* Here, we assume the curl http code generate *correct* HTTP header - field block */ - nheader = 0; - for(i = 1; i < len; ++i) { - if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { - ++nheader; - ++i; - } + result = Curl_pseudo_headers(data, mem, len, &hreq); + if(result) { + *err = result; + return -1; } - if(nheader < 2) - goto fail; + nheader = hreq->entries; - /* We counted additional 2 \r\n in the first and last line. We need 3 - new headers: :method, :path and :scheme. Therefore we need one - more space. */ - nheader += 1; nva = malloc(sizeof(nghttp2_nv) * nheader); if(!nva) { + Curl_pseudo_free(hreq); *err = CURLE_OUT_OF_MEMORY; return -1; } - - /* Extract :method, :path from request line - We do line endings with CRLF so checking for CR is enough */ - line_end = memchr(hdbuf, '\r', len); - if(!line_end) - goto fail; - - /* Method does not contain spaces */ - end = memchr(hdbuf, ' ', line_end - hdbuf); - if(!end || end == hdbuf) - goto fail; - nva[0].name = (unsigned char *)":method"; - nva[0].namelen = strlen((char *)nva[0].name); - nva[0].value = (unsigned char *)hdbuf; - nva[0].valuelen = (size_t)(end - hdbuf); - nva[0].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[0])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - - hdbuf = end + 1; - - /* Path may contain spaces so scan backwards */ - end = NULL; - for(i = (size_t)(line_end - hdbuf); i; --i) { - if(hdbuf[i - 1] == ' ') { - end = &hdbuf[i - 1]; - break; - } - } - if(!end || end == hdbuf) - goto fail; - nva[1].name = (unsigned char *)":path"; - nva[1].namelen = strlen((char *)nva[1].name); - nva[1].value = (unsigned char *)hdbuf; - nva[1].valuelen = (size_t)(end - hdbuf); - nva[1].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[1])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - - nva[2].name = (unsigned char *)":scheme"; - nva[2].namelen = strlen((char *)nva[2].name); - if(conn->handler->flags & PROTOPT_SSL) - nva[2].value = (unsigned char *)"https"; - else - nva[2].value = (unsigned char *)"http"; - nva[2].valuelen = strlen((char *)nva[2].value); - nva[2].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[2])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - - authority_idx = 0; - i = 3; - while(i < nheader) { - size_t hlen; - - hdbuf = line_end + 2; - - /* check for next CR, but only within the piece of data left in the given - buffer */ - line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); - if(!line_end || (line_end == hdbuf)) - goto fail; - - /* header continuation lines are not supported */ - if(*hdbuf == ' ' || *hdbuf == '\t') - goto fail; - - for(end = hdbuf; end < line_end && *end != ':'; ++end) - ; - if(end == hdbuf || end == line_end) - goto fail; - hlen = end - hdbuf; - - if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { - authority_idx = i; - nva[i].name = (unsigned char *)":authority"; - nva[i].namelen = strlen((char *)nva[i].name); - } - else { - nva[i].namelen = (size_t)(end - hdbuf); - /* Lower case the header name for HTTP/2 */ - Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); - nva[i].name = (unsigned char *)hdbuf; - } - hdbuf = end + 1; - while(*hdbuf == ' ' || *hdbuf == '\t') - ++hdbuf; - end = line_end; - - switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, - end - hdbuf)) { - case HEADERINST_IGNORE: - /* skip header fields prohibited by HTTP/2 specification. */ - --nheader; - continue; - case HEADERINST_TE_TRAILERS: - nva[i].value = (uint8_t*)"trailers"; - nva[i].valuelen = sizeof("trailers") - 1; - break; - default: - nva[i].value = (unsigned char *)hdbuf; - nva[i].valuelen = (size_t)(end - hdbuf); - } - - nva[i].flags = NGHTTP2_NV_FLAG_NONE; - if(HEADER_OVERFLOW(nva[i])) { - failf(data, "Failed sending HTTP request: Header overflow"); - goto fail; - } - ++i; - } - - /* :authority must come before non-pseudo header fields */ - if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { - nghttp2_nv authority = nva[authority_idx]; - for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { - nva[i] = nva[i - 1]; - } - nva[i] = authority; - } - - /* Warn stream may be rejected if cumulative length of headers is too large. - It appears nghttp2 will not send a header frame larger than 64KB. */ -#define MAX_ACC 60000 /* <64KB to account for some overhead */ - { - size_t acc = 0; - - for(i = 0; i < nheader; ++i) { - acc += nva[i].namelen + nva[i].valuelen; - - H2BUGF(infof(data, "h2 header: %.*s:%.*s", - nva[i].namelen, nva[i].name, - nva[i].valuelen, nva[i].value)); - } - - if(acc > MAX_ACC) { - infof(data, "http2_send: Warning: The cumulative length of all " - "headers exceeds %d bytes and that could cause the " - "stream to be rejected.", MAX_ACC); + else { + unsigned int i; + for(i = 0; i < nheader; i++) { + nva[i].name = (unsigned char *)hreq->header[i].name; + nva[i].namelen = hreq->header[i].namelen; + nva[i].value = (unsigned char *)hreq->header[i].value; + nva[i].valuelen = hreq->header[i].valuelen; + nva[i].flags = NGHTTP2_NV_FLAG_NONE; } + Curl_pseudo_free(hreq); } h2_pri_spec(data, &pri_spec); @@ -2213,11 +2004,6 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, nghttp2_session_resume_data(h2, stream->stream_id); return len; - -fail: - free(nva); - *err = CURLE_SEND_ERROR; - return -1; } CURLcode Curl_http2_setup(struct Curl_easy *data, @@ -2271,8 +2057,6 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, httpc->pause_stream_id = 0; httpc->drain_total = 0; - infof(data, "Connection state changed (HTTP/2 confirmed)"); - return CURLE_OK; } @@ -2310,7 +2094,7 @@ CURLcode Curl_http2_switched(struct Curl_easy *data, stream->stream_id, data); if(rv) { - infof(data, "http/2: failed to set user_data for stream %d!", + infof(data, "http/2: failed to set user_data for stream %d", stream->stream_id); DEBUGASSERT(0); } diff --git a/libs/libcurl/src/http_aws_sigv4.c b/libs/libcurl/src/http_aws_sigv4.c index 751e5af5f9..210c3dbe56 100644 --- a/libs/libcurl/src/http_aws_sigv4.c +++ b/libs/libcurl/src/http_aws_sigv4.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -87,7 +87,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) struct tm tm; char timestamp[17]; char date[9]; - const char *content_type = Curl_checkheaders(data, "Content-Type"); + const char *content_type = Curl_checkheaders(data, STRCONST("Content-Type")); char *canonical_headers = NULL; char *signed_headers = NULL; Curl_HttpReq httpreq; @@ -110,7 +110,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) DEBUGASSERT(!proxy); (void)proxy; - if(Curl_checkheaders(data, "Authorization")) { + if(Curl_checkheaders(data, STRCONST("Authorization"))) { /* Authorization already present, Bailing out */ return CURLE_OK; } diff --git a/libs/libcurl/src/http_chunks.c b/libs/libcurl/src/http_chunks.c index beb9695884..6bafcd9777 100644 --- a/libs/libcurl/src/http_chunks.c +++ b/libs/libcurl/src/http_chunks.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -29,7 +29,6 @@ #include "dynbuf.h" #include "content_encoding.h" #include "http.h" -#include "non-ascii.h" /* for Curl_convert_to_network prototype */ #include "strtoofft.h" #include "warnless.h" @@ -74,18 +73,7 @@ */ -#ifdef CURL_DOES_CONVERSIONS -/* Check for an ASCII hex digit. - We avoid the use of ISXDIGIT to accommodate non-ASCII hosts. */ -static bool isxdigit_ascii(char digit) -{ - return (digit >= 0x30 && digit <= 0x39) /* 0-9 */ - || (digit >= 0x41 && digit <= 0x46) /* A-F */ - || (digit >= 0x61 && digit <= 0x66); /* a-f */ -} -#else #define isxdigit_ascii(x) Curl_isxdigit(x) -#endif void Curl_httpchunk_init(struct Curl_easy *data) { @@ -157,14 +145,6 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, /* length and datap are unmodified */ ch->hexbuffer[ch->hexindex] = 0; - /* convert to host encoding before calling strtoul */ - result = Curl_convert_from_network(data, ch->hexbuffer, ch->hexindex); - if(result) { - /* Curl_convert_from_network calls failf if unsuccessful */ - /* Treat it as a bad hex character */ - return CHUNKE_ILLEGAL_HEX; - } - if(curlx_strtoofft(ch->hexbuffer, &endptr, 16, &ch->datasize)) return CHUNKE_ILLEGAL_HEX; ch->state = CHUNK_LF; /* now wait for the CRLF */ @@ -234,21 +214,16 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, if(tr) { size_t trlen; - result = Curl_dyn_add(&conn->trailer, (char *)"\x0d\x0a"); + result = Curl_dyn_addn(&conn->trailer, (char *)STRCONST("\x0d\x0a")); if(result) return CHUNKE_OUT_OF_MEMORY; tr = Curl_dyn_ptr(&conn->trailer); trlen = Curl_dyn_len(&conn->trailer); - /* Convert to host encoding before calling Curl_client_write */ - result = Curl_convert_from_network(data, tr, trlen); - if(result) - /* Curl_convert_from_network calls failf if unsuccessful */ - /* Treat it as a bad chunk */ - return CHUNKE_BAD_CHUNK; - if(!data->set.http_te_skip) { - result = Curl_client_write(data, CLIENTWRITE_HEADER, tr, trlen); + result = Curl_client_write(data, + CLIENTWRITE_HEADER|CLIENTWRITE_TRAILER, + tr, trlen); if(result) { *extrap = result; return CHUNKE_PASSTHRU_ERROR; diff --git a/libs/libcurl/src/http_negotiate.c b/libs/libcurl/src/http_negotiate.c index 5f764dc136..888d3b24a2 100644 --- a/libs/libcurl/src/http_negotiate.c +++ b/libs/libcurl/src/http_negotiate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -161,7 +161,7 @@ CURLcode Curl_output_negotiate(struct Curl_easy *data, return result; } - result = Curl_auth_create_spnego_message(data, neg_ctx, &base64, &len); + result = Curl_auth_create_spnego_message(neg_ctx, &base64, &len); if(result) return result; diff --git a/libs/libcurl/src/http_ntlm.c b/libs/libcurl/src/http_ntlm.c index a6526db9f7..bb7e5360f9 100644 --- a/libs/libcurl/src/http_ntlm.c +++ b/libs/libcurl/src/http_ntlm.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -213,8 +213,7 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) ntlm, &ntlmmsg); if(!result) { DEBUGASSERT(Curl_bufref_len(&ntlmmsg) != 0); - result = Curl_base64_encode(data, - (const char *) Curl_bufref_ptr(&ntlmmsg), + result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), Curl_bufref_len(&ntlmmsg), &base64, &len); if(!result) { free(*allocuserpwd); @@ -233,8 +232,7 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) result = Curl_auth_create_ntlm_type3_message(data, userp, passwdp, ntlm, &ntlmmsg); if(!result && Curl_bufref_len(&ntlmmsg)) { - result = Curl_base64_encode(data, - (const char *) Curl_bufref_ptr(&ntlmmsg), + result = Curl_base64_encode((const char *) Curl_bufref_ptr(&ntlmmsg), Curl_bufref_len(&ntlmmsg), &base64, &len); if(!result) { free(*allocuserpwd); diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c index e13f485a73..ed08193e1e 100644 --- a/libs/libcurl/src/http_proxy.c +++ b/libs/libcurl/src/http_proxy.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,7 +35,6 @@ #include "url.h" #include "select.h" #include "progress.h" -#include "non-ascii.h" #include "connect.h" #include "curlx.h" #include "vtls/vtls.h" @@ -173,7 +172,7 @@ static CURLcode connect_init(struct Curl_easy *data, bool reinit) s = calloc(1, sizeof(struct http_connect_state)); if(!s) return CURLE_OUT_OF_MEMORY; - infof(data, "allocate connect buffer!"); + infof(data, "allocate connect buffer"); conn->connect_state = s; Curl_dyn_init(&s->rcvbuf, DYN_PROXY_CONNECT_HEADERS); @@ -221,7 +220,7 @@ void Curl_connect_done(struct Curl_easy *data) #ifdef USE_HYPER data->state.hconnect = FALSE; #endif - infof(data, "CONNECT phase completed!"); + infof(data, "CONNECT phase completed"); } } @@ -245,7 +244,7 @@ static CURLcode CONNECT_host(struct Curl_easy *data, if(!hostheader) return CURLE_OUT_OF_MEMORY; - if(!Curl_checkProxyheaders(data, conn, "Host")) { + if(!Curl_checkProxyheaders(data, conn, STRCONST("Host"))) { host = aprintf("Host: %s\r\n", hostheader); if(!host) { free(hostheader); @@ -324,25 +323,29 @@ static CURLcode CONNECT(struct Curl_easy *data, data->state.aptr.proxyuserpwd? data->state.aptr.proxyuserpwd:""); - if(!result && !Curl_checkProxyheaders(data, conn, "User-Agent") && + if(!result && !Curl_checkProxyheaders(data, + conn, STRCONST("User-Agent")) && data->set.str[STRING_USERAGENT]) result = Curl_dyn_addf(req, "User-Agent: %s\r\n", data->set.str[STRING_USERAGENT]); - if(!result && !Curl_checkProxyheaders(data, conn, "Proxy-Connection")) - result = Curl_dyn_add(req, "Proxy-Connection: Keep-Alive\r\n"); + if(!result && !Curl_checkProxyheaders(data, conn, + STRCONST("Proxy-Connection"))) + result = Curl_dyn_addn(req, + STRCONST("Proxy-Connection: Keep-Alive\r\n")); if(!result) result = Curl_add_custom_headers(data, TRUE, req); if(!result) /* CRLF terminate the request */ - result = Curl_dyn_add(req, "\r\n"); + result = Curl_dyn_addn(req, STRCONST("\r\n")); if(!result) { /* Send the connect request to the proxy */ result = Curl_buffer_send(req, data, &data->info.request_size, 0, sockindex); + s->headerlines = 0; } if(result) failf(data, "Failed sending CONNECT to proxy"); @@ -470,7 +473,7 @@ static CURLcode CONNECT(struct Curl_easy *data, } if(Curl_dyn_addn(&s->rcvbuf, &byte, 1)) { - failf(data, "CONNECT response too large!"); + failf(data, "CONNECT response too large"); return CURLE_RECV_ERROR; } @@ -478,23 +481,18 @@ static CURLcode CONNECT(struct Curl_easy *data, if(byte != 0x0a) continue; + s->headerlines++; linep = Curl_dyn_ptr(&s->rcvbuf); perline = Curl_dyn_len(&s->rcvbuf); /* amount of bytes in this line */ - /* convert from the network encoding */ - result = Curl_convert_from_network(data, linep, perline); - /* Curl_convert_from_network calls failf if unsuccessful */ - if(result) - return result; - /* output debug if that is requested */ Curl_debug(data, CURLINFO_HEADER_IN, linep, perline); if(!data->set.suppress_connect_headers) { /* send the header to the callback */ - int writetype = CLIENTWRITE_HEADER; - if(data->set.include_header) - writetype |= CLIENTWRITE_BODY; + int writetype = CLIENTWRITE_HEADER | CLIENTWRITE_CONNECT | + (data->set.include_header ? CLIENTWRITE_BODY : 0) | + (s->headerlines == 1 ? CLIENTWRITE_STATUS : 0); result = Curl_client_write(data, writetype, linep, perline); if(result) @@ -596,7 +594,8 @@ static CURLcode CONNECT(struct Curl_easy *data, strlen("Content-Length:"), NULL, 10, &s->cl); } } - else if(Curl_compareheader(linep, "Connection:", "close")) + else if(Curl_compareheader(linep, + STRCONST("Connection:"), STRCONST("close"))) s->close_connection = TRUE; else if(checkprefix("Transfer-Encoding:", linep)) { if(k->httpcode/100 == 2) { @@ -607,14 +606,17 @@ static CURLcode CONNECT(struct Curl_easy *data, "CONNECT %03d response", k->httpcode); } else if(Curl_compareheader(linep, - "Transfer-Encoding:", "chunked")) { + STRCONST("Transfer-Encoding:"), + STRCONST("chunked"))) { infof(data, "CONNECT responded chunked"); s->chunked_encoding = TRUE; /* init our chunky engine */ Curl_httpchunk_init(data); } } - else if(Curl_compareheader(linep, "Proxy-Connection:", "close")) + else if(Curl_compareheader(linep, + STRCONST("Proxy-Connection:"), + STRCONST("close"))) s->close_connection = TRUE; else if(2 == sscanf(linep, "HTTP/1.%d %d", &subversion, @@ -765,6 +767,9 @@ static CURLcode CONNECT(struct Curl_easy *data, } options = hyper_clientconn_options_new(); + hyper_clientconn_options_set_preserve_header_case(options, 1); + hyper_clientconn_options_set_preserve_header_order(options, 1); + if(!options) { failf(data, "Couldn't create hyper client options"); result = CURLE_OUT_OF_MEMORY; @@ -877,7 +882,7 @@ static CURLcode CONNECT(struct Curl_easy *data, goto error; } - if(!Curl_checkProxyheaders(data, conn, "User-Agent") && + if(!Curl_checkProxyheaders(data, conn, STRCONST("User-Agent")) && data->set.str[STRING_USERAGENT]) { struct dynbuf ua; Curl_dyn_init(&ua, DYN_HTTP_REQUEST); @@ -891,7 +896,7 @@ static CURLcode CONNECT(struct Curl_easy *data, Curl_dyn_free(&ua); } - if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection")) { + if(!Curl_checkProxyheaders(data, conn, STRCONST("Proxy-Connection"))) { result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"); if(result) @@ -962,6 +967,13 @@ static CURLcode CONNECT(struct Curl_easy *data, break; } + if(conn->bits.close && data->req.newurl) { + /* Connection closed by server. Don't use it anymore */ + Curl_closesocket(data, conn, conn->sock[sockindex]); + conn->sock[sockindex] = CURL_SOCKET_BAD; + break; + } + /* If we are supposed to continue and request a new URL, which basically * means the HTTP authentication is still going on so if the tunnel * is complete we start over in INIT state */ diff --git a/libs/libcurl/src/http_proxy.h b/libs/libcurl/src/http_proxy.h index 2820e11841..67543b589b 100644 --- a/libs/libcurl/src/http_proxy.h +++ b/libs/libcurl/src/http_proxy.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,6 +59,7 @@ struct http_connect_state { struct dynbuf rcvbuf; struct dynbuf req; size_t nsend; + size_t headerlines; enum keeponval { KEEPON_DONE, KEEPON_CONNECT, diff --git a/libs/libcurl/src/idn_win32.c b/libs/libcurl/src/idn_win32.c index 1d475a4eff..0914e1f25a 100644 --- a/libs/libcurl/src/idn_win32.c +++ b/libs/libcurl/src/idn_win32.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -76,11 +76,15 @@ bool curl_win32_idn_to_ascii(const char *in, char **out) if(in_w) { wchar_t punycode[IDN_MAX_LENGTH]; int chars = IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH); - free(in_w); + curlx_unicodefree(in_w); if(chars) { - *out = curlx_convert_wchar_to_UTF8(punycode); - if(*out) - success = TRUE; + char *mstr = curlx_convert_wchar_to_UTF8(punycode); + if(mstr) { + *out = strdup(mstr); + curlx_unicodefree(mstr); + if(*out) + success = TRUE; + } } } @@ -97,11 +101,15 @@ bool curl_win32_ascii_to_idn(const char *in, char **out) wchar_t unicode[IDN_MAX_LENGTH]; int chars = IdnToUnicode(0, in_w, curlx_uztosi(in_len), unicode, IDN_MAX_LENGTH); - free(in_w); + curlx_unicodefree(in_w); if(chars) { - *out = curlx_convert_wchar_to_UTF8(unicode); - if(*out) - success = TRUE; + char *mstr = curlx_convert_wchar_to_UTF8(unicode); + if(mstr) { + *out = strdup(mstr); + curlx_unicodefree(mstr); + if(*out) + success = TRUE; + } } } diff --git a/libs/libcurl/src/if2ip.c b/libs/libcurl/src/if2ip.c index 132b3eeeea..1d34531932 100644 --- a/libs/libcurl/src/if2ip.c +++ b/libs/libcurl/src/if2ip.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -60,12 +60,10 @@ /* ------------------------------------------------------------------ */ +#ifdef ENABLE_IPV6 /* Return the scope of the given address. */ unsigned int Curl_ipv6_scope(const struct sockaddr *sa) { -#ifndef ENABLE_IPV6 - (void) sa; -#else if(sa->sa_family == AF_INET6) { const struct sockaddr_in6 * sa6 = (const struct sockaddr_in6 *)(void *) sa; const unsigned char *b = sa6->sin6_addr.s6_addr; @@ -88,27 +86,25 @@ unsigned int Curl_ipv6_scope(const struct sockaddr *sa) break; } } -#endif - return IPV6_SCOPE_GLOBAL; } - +#endif #if defined(HAVE_GETIFADDRS) -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size) { struct ifaddrs *iface, *head; if2ip_result_t res = IF2IP_NOT_FOUND; -#ifndef ENABLE_IPV6 - (void) remote_scope; -#endif - -#if !defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) || \ - !defined(ENABLE_IPV6) +#if defined(ENABLE_IPV6) && \ + !defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) (void) local_scope_id; #endif @@ -181,8 +177,12 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, #elif defined(HAVE_IOCTL_SIOCGIFADDR) -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size) { struct ifreq req; @@ -192,8 +192,10 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, size_t len; const char *r; +#ifdef ENABLE_IPV6 (void)remote_scope; (void)local_scope_id; +#endif if(!interf || (af != AF_INET)) return IF2IP_NOT_FOUND; @@ -230,13 +232,19 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, #else -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size) { (void) af; +#ifdef ENABLE_IPV6 (void) remote_scope; (void) local_scope_id; +#endif (void) interf; (void) buf; (void) buf_size; diff --git a/libs/libcurl/src/if2ip.h b/libs/libcurl/src/if2ip.h index e074e476dc..a360d4a0e4 100644 --- a/libs/libcurl/src/if2ip.h +++ b/libs/libcurl/src/if2ip.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2020, 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -30,7 +30,11 @@ #define IPV6_SCOPE_UNIQUELOCAL 3 /* Unique local */ #define IPV6_SCOPE_NODELOCAL 4 /* Loopback. */ +#ifdef ENABLE_IPV6 unsigned int Curl_ipv6_scope(const struct sockaddr *sa); +#else +#define Curl_ipv6_scope(x) 0 +#endif typedef enum { IF2IP_NOT_FOUND = 0, /* Interface not found */ @@ -38,8 +42,12 @@ typedef enum { IF2IP_FOUND = 2 /* The address has been stored in "buf" */ } if2ip_result_t; -if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope, - unsigned int local_scope_id, const char *interf, +if2ip_result_t Curl_if2ip(int af, +#ifdef ENABLE_IPV6 + unsigned int remote_scope, + unsigned int local_scope_id, +#endif + const char *interf, char *buf, int buf_size); #ifdef __INTERIX diff --git a/libs/libcurl/src/imap.c b/libs/libcurl/src/imap.c index 958ad1456c..817513becf 100644 --- a/libs/libcurl/src/imap.c +++ b/libs/libcurl/src/imap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -507,7 +507,7 @@ static CURLcode imap_perform_login(struct Curl_easy *data, /* Check we have a username and password to authenticate with and end the connect phase if we don't */ - if(!conn->bits.user_passwd) { + if(!data->state.aptr.user) { state(data, IMAP_STOP); return result; @@ -608,7 +608,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data, /* Check if already authenticated OR if there is enough data to authenticate with and end the connect phase if we don't */ if(imapc->preauth || - !Curl_sasl_can_authenticate(&imapc->sasl, conn)) { + !Curl_sasl_can_authenticate(&imapc->sasl, data)) { state(data, IMAP_STOP); return result; } @@ -624,7 +624,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data, result = imap_perform_login(data, conn); else { /* Other mechanisms not supported */ - infof(data, "No known authentication mechanisms supported!"); + infof(data, "No known authentication mechanisms supported"); result = CURLE_LOGIN_DENIED; } } @@ -777,7 +777,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data) NULL, MIMESTRATEGY_MAIL); if(!result) - if(!Curl_checkheaders(data, "Mime-Version")) + if(!Curl_checkheaders(data, STRCONST("Mime-Version"))) result = Curl_mime_add_header(&data->set.mimepost.curlheaders, "Mime-Version: 1.0"); @@ -874,7 +874,7 @@ static CURLcode imap_state_servergreet_resp(struct Curl_easy *data, /* PREAUTH */ struct imap_conn *imapc = &conn->proto.imapc; imapc->preauth = TRUE; - infof(data, "PREAUTH connection, already authenticated!"); + infof(data, "PREAUTH connection, already authenticated"); } else if(imapcode != IMAP_RESP_OK) { failf(data, "Got unexpected imap-server response"); @@ -1986,7 +1986,7 @@ static CURLcode imap_parse_url_path(struct Curl_easy *data) if(end > begin && end[-1] == '/') end--; - result = Curl_urldecode(data, begin, end - begin, &imap->mailbox, NULL, + result = Curl_urldecode(begin, end - begin, &imap->mailbox, NULL, REJECT_CTRL); if(result) return result; @@ -2009,7 +2009,7 @@ static CURLcode imap_parse_url_path(struct Curl_easy *data) return CURLE_URL_MALFORMAT; /* Decode the name parameter */ - result = Curl_urldecode(data, begin, ptr - begin, &name, NULL, + result = Curl_urldecode(begin, ptr - begin, &name, NULL, REJECT_CTRL); if(result) return result; @@ -2020,7 +2020,7 @@ static CURLcode imap_parse_url_path(struct Curl_easy *data) ptr++; /* Decode the value parameter */ - result = Curl_urldecode(data, begin, ptr - begin, &value, &valuelen, + result = Curl_urldecode(begin, ptr - begin, &value, &valuelen, REJECT_CTRL); if(result) { free(name); @@ -2108,7 +2108,7 @@ static CURLcode imap_parse_custom_request(struct Curl_easy *data) if(custom) { /* URL decode the custom request */ - result = Curl_urldecode(data, custom, 0, &imap->custom, NULL, REJECT_CTRL); + result = Curl_urldecode(custom, 0, &imap->custom, NULL, REJECT_CTRL); /* Extract the parameters if specified */ if(!result) { diff --git a/libs/libcurl/src/krb5.c b/libs/libcurl/src/krb5.c index 5edd34cbdf..787137c192 100644 --- a/libs/libcurl/src/krb5.c +++ b/libs/libcurl/src/krb5.c @@ -2,7 +2,7 @@ * * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2021 Daniel Stenberg + * Copyright (c) 2004 - 2022 Daniel Stenberg * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -47,7 +47,6 @@ #include "sendf.h" #include "curl_krb5.h" #include "warnless.h" -#include "non-ascii.h" #include "strcase.h" #include "strdup.h" @@ -81,11 +80,6 @@ static CURLcode ftpsend(struct Curl_easy *data, struct connectdata *conn, write_len += 2; bytes_written = 0; - result = Curl_convert_to_network(data, s, write_len); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - for(;;) { #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; @@ -298,7 +292,7 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) if(output_buffer.length) { char *cmd; - result = Curl_base64_encode(data, (char *)output_buffer.value, + result = Curl_base64_encode((char *)output_buffer.value, output_buffer.length, &p, &base64_sz); if(result) { infof(data, "base64-encoding: %s", curl_easy_strerror(result)); @@ -612,7 +606,7 @@ static void do_sec_send(struct Curl_easy *data, struct connectdata *conn, return; /* error */ if(iscmd) { - error = Curl_base64_encode(data, buffer, curlx_sitouz(bytes), + error = Curl_base64_encode(buffer, curlx_sitouz(bytes), &cmd_buffer, &cmd_size); if(error) { free(buffer); diff --git a/libs/libcurl/src/ldap.c b/libs/libcurl/src/ldap.c index 3154db5cf0..03ea14e1f1 100644 --- a/libs/libcurl/src/ldap.c +++ b/libs/libcurl/src/ldap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -306,8 +306,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) rc = _ldap_url_parse(data, conn, &ludp); #endif if(rc) { - failf(data, "LDAP local: %s", ldap_err2string(rc)); - result = CURLE_LDAP_INVALID_URL; + failf(data, "Bad LDAP URL: %s", ldap_err2string(rc)); + result = CURLE_URL_MALFORMAT; goto quit; } @@ -328,7 +328,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) host = conn->host.name; #endif - if(conn->bits.user_passwd) { + if(data->state.aptr.user) { user = conn->user; passwd = conn->passwd; } @@ -361,7 +361,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) (strcasecompare(data->set.ssl.cert_type, "DER"))) cert_type = LDAPSSL_CERT_FILETYPE_DER; if(!ldap_ca) { - failf(data, "LDAP local: ERROR %s CA cert not set!", + failf(data, "LDAP local: ERROR %s CA cert not set", (cert_type == LDAPSSL_CERT_FILETYPE_DER ? "DER" : "PEM")); result = CURLE_SSL_CERTPROBLEM; goto quit; @@ -400,12 +400,12 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) /* OpenLDAP SDK supports BASE64 files. */ if((data->set.ssl.cert_type) && (!strcasecompare(data->set.ssl.cert_type, "PEM"))) { - failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!"); + failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type"); result = CURLE_SSL_CERTPROBLEM; goto quit; } if(!ldap_ca) { - failf(data, "LDAP local: ERROR PEM CA cert not set!"); + failf(data, "LDAP local: ERROR PEM CA cert not set"); result = CURLE_SSL_CERTPROBLEM; goto quit; } @@ -636,11 +636,8 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) if((attr_len > 7) && (strcmp(";binary", (char *) attr + (attr_len - 7)) == 0)) { /* Binary attribute, encode to base64. */ - result = Curl_base64_encode(data, - vals[i]->bv_val, - vals[i]->bv_len, - &val_b64, - &val_b64_sz); + result = Curl_base64_encode(vals[i]->bv_val, vals[i]->bv_len, + &val_b64, &val_b64_sz); if(result) { ldap_value_free_len(vals); FREE_ON_WINLDAP(attr); @@ -870,7 +867,7 @@ static int _ldap_url_parse2(struct Curl_easy *data, LDAP_TRACE(("DN '%s'\n", dn)); /* Unescape the DN */ - result = Curl_urldecode(data, dn, 0, &unescaped, NULL, REJECT_ZERO); + result = Curl_urldecode(dn, 0, &unescaped, NULL, REJECT_ZERO); if(result) { rc = LDAP_NO_MEMORY; @@ -935,7 +932,7 @@ static int _ldap_url_parse2(struct Curl_easy *data, LDAP_TRACE(("attr[%zu] '%s'\n", i, attributes[i])); /* Unescape the attribute */ - result = Curl_urldecode(data, attributes[i], 0, &unescaped, NULL, + result = Curl_urldecode(attributes[i], 0, &unescaped, NULL, REJECT_ZERO); if(result) { free(attributes); @@ -1005,7 +1002,7 @@ static int _ldap_url_parse2(struct Curl_easy *data, LDAP_TRACE(("filter '%s'\n", filter)); /* Unescape the filter */ - result = Curl_urldecode(data, filter, 0, &unescaped, NULL, REJECT_ZERO); + result = Curl_urldecode(filter, 0, &unescaped, NULL, REJECT_ZERO); if(result) { rc = LDAP_NO_MEMORY; diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist index 0e5311b5a4..f6708bce82 100644 --- a/libs/libcurl/src/libcurl.plist +++ b/libs/libcurl/src/libcurl.plist @@ -15,7 +15,7 @@ <string>se.curl.libcurl</string> <key>CFBundleVersion</key> - <string>7.81.0</string> + <string>7.83.1-DEV</string> <key>CFBundleName</key> <string>libcurl</string> @@ -27,9 +27,9 @@ <string>????</string> <key>CFBundleShortVersionString</key> - <string>libcurl 7.81.0</string> + <string>libcurl 7.83.1-DEV</string> <key>CFBundleGetInfoString</key> - <string>libcurl.plist 7.81.0</string> + <string>libcurl.plist 7.83.1-DEV</string> </dict> </plist> diff --git a/libs/libcurl/src/libcurl.plist.in b/libs/libcurl/src/libcurl.plist.in new file mode 100644 index 0000000000..d2e6492f69 --- /dev/null +++ b/libs/libcurl/src/libcurl.plist.in @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist SYSTEM "file://localhost/System/Library/DTDs/PropertyList.dtd"> +<plist version="0.9"> +<dict> + <key>CFBundleInfoDictionaryVersion</key> + <string>6.0</string> + + <key>CFBundleDevelopmentRegion</key> + <string>English</string> + + <key>CFBundleExecutable</key> + <string>curl</string> + + <key>CFBundleIdentifier</key> + <string>se.curl.libcurl</string> + + <key>CFBundleVersion</key> + <string>@CURL_PLIST_VERSION@</string> + + <key>CFBundleName</key> + <string>libcurl</string> + + <key>CFBundlePackageType</key> + <string>FMWK</string> + + <key>CFBundleSignature</key> + <string>????</string> + + <key>CFBundleShortVersionString</key> + <string>libcurl @CURL_PLIST_VERSION@</string> + + <key>CFBundleGetInfoString</key> + <string>libcurl.plist @CURL_PLIST_VERSION@</string> +</dict> +</plist> diff --git a/libs/libcurl/src/md5.c b/libs/libcurl/src/md5.c index c6923e036b..d2ca240fcd 100644 --- a/libs/libcurl/src/md5.c +++ b/libs/libcurl/src/md5.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -60,22 +60,22 @@ /* The last #include file should be: */ #include "memdebug.h" -typedef struct md5_ctx MD5_CTX; +typedef struct md5_ctx my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { md5_init(ctx); return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *input, - unsigned int inputLen) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int inputLen) { md5_update(ctx, inputLen, input); } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { md5_digest(ctx, 16, digest); } @@ -83,11 +83,38 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) #elif defined(USE_OPENSSL_MD5) || defined(USE_WOLFSSL_MD5) /* When OpenSSL or wolfSSL is available, we use their MD5 functions. */ +#if defined(USE_OPENSSL_MD5) #include <openssl/md5.h> +#elif defined(USE_WOLFSSL_MD5) +#include <wolfssl/openssl/md5.h> +#endif + #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" +typedef MD5_CTX my_md5_ctx; + +static CURLcode my_md5_init(my_md5_ctx *ctx) +{ + if(!MD5_Init(ctx)) + return CURLE_OUT_OF_MEMORY; + + return CURLE_OK; +} + +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int len) +{ + (void)MD5_Update(ctx, input, len); +} + +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) +{ + (void)MD5_Final(digest, ctx); +} + #elif defined(USE_MBEDTLS) #include <mbedtls/md5.h> @@ -97,21 +124,25 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) /* The last #include file should be: */ #include "memdebug.h" -typedef mbedtls_md5_context MD5_CTX; +typedef mbedtls_md5_context my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { -#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) - (void) mbedtls_md5_starts(ctx); +#if (MBEDTLS_VERSION_NUMBER >= 0x03000000) + if(mbedtls_md5_starts(ctx)) + return CURLE_OUT_OF_MEMORY; +#elif defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + if(mbedtls_md5_starts_ret(ctx)) + return CURLE_OUT_OF_MEMORY; #else - (void) mbedtls_md5_starts_ret(ctx); + (void)mbedtls_md5_starts(ctx); #endif return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *data, + unsigned int length) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_md5_update(ctx, data, length); @@ -120,7 +151,7 @@ static void MD5_Update(MD5_CTX *ctx, #endif } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_md5_finish(ctx, digest); @@ -143,25 +174,27 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) Declaring the functions as static like this seems to be a bit more reliable than defining COMMON_DIGEST_FOR_OPENSSL on older cats. */ # include <CommonCrypto/CommonDigest.h> -# define MD5_CTX CC_MD5_CTX +# define my_md5_ctx CC_MD5_CTX #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { - CC_MD5_Init(ctx); + if(!CC_MD5_Init(ctx)) + return CURLE_OUT_OF_MEMORY; + return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *input, - unsigned int inputLen) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int inputLen) { CC_MD5_Update(ctx, input, inputLen); } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { CC_MD5_Final(digest, ctx); } @@ -177,25 +210,30 @@ struct md5_ctx { HCRYPTPROV hCryptProv; HCRYPTHASH hHash; }; -typedef struct md5_ctx MD5_CTX; +typedef struct md5_ctx my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { - if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { - CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash); + if(!CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) + return CURLE_OUT_OF_MEMORY; + + if(!CryptCreateHash(ctx->hCryptProv, CALG_MD5, 0, 0, &ctx->hHash)) { + CryptReleaseContext(ctx->hCryptProv, 0); + return CURLE_OUT_OF_MEMORY; } + return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, - const unsigned char *input, - unsigned int inputLen) +static void my_md5_update(my_md5_ctx *ctx, + const unsigned char *input, + unsigned int inputLen) { CryptHashData(ctx->hHash, (unsigned char *)input, inputLen, 0); } -static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) +static void my_md5_final(unsigned char *digest, my_md5_ctx *ctx) { unsigned long length = 0; CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0); @@ -263,11 +301,12 @@ struct md5_ctx { unsigned char buffer[64]; MD5_u32plus block[16]; }; -typedef struct md5_ctx MD5_CTX; +typedef struct md5_ctx my_md5_ctx; -static CURLcode MD5_Init(MD5_CTX *ctx); -static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size); -static void MD5_Final(unsigned char *result, MD5_CTX *ctx); +static CURLcode my_md5_init(my_md5_ctx *ctx); +static void my_md5_update(my_md5_ctx *ctx, const void *data, + unsigned long size); +static void my_md5_final(unsigned char *result, my_md5_ctx *ctx); /* * The basic MD5 functions. @@ -318,7 +357,7 @@ static void MD5_Final(unsigned char *result, MD5_CTX *ctx); * This processes one or more 64-byte data blocks, but does NOT update * the bit counters. There are no alignment requirements. */ -static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) +static const void *body(my_md5_ctx *ctx, const void *data, unsigned long size) { const unsigned char *ptr; MD5_u32plus a, b, c, d; @@ -426,7 +465,7 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size) return ptr; } -static CURLcode MD5_Init(MD5_CTX *ctx) +static CURLcode my_md5_init(my_md5_ctx *ctx) { ctx->a = 0x67452301; ctx->b = 0xefcdab89; @@ -439,7 +478,8 @@ static CURLcode MD5_Init(MD5_CTX *ctx) return CURLE_OK; } -static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) +static void my_md5_update(my_md5_ctx *ctx, const void *data, + unsigned long size) { MD5_u32plus saved_lo; unsigned long used; @@ -474,7 +514,7 @@ static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size) memcpy(ctx->buffer, data, size); } -static void MD5_Final(unsigned char *result, MD5_CTX *ctx) +static void my_md5_final(unsigned char *result, my_md5_ctx *ctx) { unsigned long used, available; @@ -530,13 +570,13 @@ static void MD5_Final(unsigned char *result, MD5_CTX *ctx) const struct HMAC_params Curl_HMAC_MD5[] = { { /* Hash initialization function. */ - CURLX_FUNCTION_CAST(HMAC_hinit_func, MD5_Init), + CURLX_FUNCTION_CAST(HMAC_hinit_func, my_md5_init), /* Hash update function. */ - CURLX_FUNCTION_CAST(HMAC_hupdate_func, MD5_Update), + CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_md5_update), /* Hash computation end function. */ - CURLX_FUNCTION_CAST(HMAC_hfinal_func, MD5_Final), + CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_md5_final), /* Size of hash context structure. */ - sizeof(MD5_CTX), + sizeof(my_md5_ctx), /* Maximum key length. */ 64, /* Result size. */ @@ -547,13 +587,13 @@ const struct HMAC_params Curl_HMAC_MD5[] = { const struct MD5_params Curl_DIGEST_MD5[] = { { /* Digest initialization function */ - CURLX_FUNCTION_CAST(Curl_MD5_init_func, MD5_Init), + CURLX_FUNCTION_CAST(Curl_MD5_init_func, my_md5_init), /* Digest update function */ - CURLX_FUNCTION_CAST(Curl_MD5_update_func, MD5_Update), + CURLX_FUNCTION_CAST(Curl_MD5_update_func, my_md5_update), /* Digest computation end function */ - CURLX_FUNCTION_CAST(Curl_MD5_final_func, MD5_Final), + CURLX_FUNCTION_CAST(Curl_MD5_final_func, my_md5_final), /* Size of digest context struct */ - sizeof(MD5_CTX), + sizeof(my_md5_ctx), /* Result size */ 16 } @@ -564,15 +604,17 @@ const struct MD5_params Curl_DIGEST_MD5[] = { * Returns CURLE_OK on success. */ CURLcode Curl_md5it(unsigned char *outbuffer, const unsigned char *input, - const size_t len) + const size_t len) { - MD5_CTX ctx; + CURLcode result; + my_md5_ctx ctx; - MD5_Init(&ctx); - MD5_Update(&ctx, input, curlx_uztoui(len)); - MD5_Final(outbuffer, &ctx); - - return CURLE_OK; + result = my_md5_init(&ctx); + if(!result) { + my_md5_update(&ctx, input, curlx_uztoui(len)); + my_md5_final(outbuffer, &ctx); + } + return result; } struct MD5_context *Curl_MD5_init(const struct MD5_params *md5params) @@ -594,7 +636,11 @@ struct MD5_context *Curl_MD5_init(const struct MD5_params *md5params) ctxt->md5_hash = md5params; - (*md5params->md5_init_func)(ctxt->md5_hashctx); + if((*md5params->md5_init_func)(ctxt->md5_hashctx)) { + free(ctxt->md5_hashctx); + free(ctxt); + return NULL; + } return ctxt; } diff --git a/libs/libcurl/src/mime.c b/libs/libcurl/src/mime.c index 7783b8990a..d6985d39c1 100644 --- a/libs/libcurl/src/mime.c +++ b/libs/libcurl/src/mime.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,7 +25,6 @@ #include <curl/curl.h> #include "mime.h" -#include "non-ascii.h" #include "warnless.h" #include "urldata.h" #include "sendf.h" @@ -315,7 +314,7 @@ static char *escape_string(struct Curl_easy *data, Curl_dyn_init(&db, CURL_MAX_INPUT_LENGTH); - for(result = Curl_dyn_add(&db, ""); !result && *src; src++) { + for(result = Curl_dyn_addn(&db, STRCONST("")); !result && *src; src++) { for(p = table; *p && **p != *src; p++) ; @@ -340,9 +339,9 @@ static char *match_header(struct curl_slist *hdr, const char *lbl, size_t len) } /* Get a header from an slist. */ -static char *search_header(struct curl_slist *hdrlist, const char *hdr) +static char *search_header(struct curl_slist *hdrlist, + const char *hdr, size_t len) { - size_t len = strlen(hdr); char *value = NULL; for(; !value && hdrlist; hdrlist = hdrlist->next) @@ -506,15 +505,6 @@ static size_t encoder_base64_read(char *buffer, size_t size, bool ateof, } } -#ifdef CURL_DOES_CONVERSIONS - /* This is now textual data, Convert character codes. */ - if(part->easy && cursize) { - CURLcode result = Curl_convert_to_network(part->easy, buffer, cursize); - if(result) - return READ_ERROR; - } -#endif - return cursize; } @@ -768,7 +758,7 @@ static void mime_file_free(void *ptr) static size_t readback_bytes(struct mime_state *state, char *buffer, size_t bufsize, const char *bytes, size_t numbytes, - const char *trail) + const char *trail, size_t traillen) { size_t sz; size_t offset = curlx_sotouz(state->offset); @@ -778,13 +768,11 @@ static size_t readback_bytes(struct mime_state *state, bytes += offset; } else { - size_t tsz = strlen(trail); - sz = offset - numbytes; - if(sz >= tsz) + if(sz >= traillen) return 0; bytes = trail + sz; - sz = tsz - sz; + sz = traillen - sz; } if(sz > bufsize) @@ -925,9 +913,6 @@ static size_t readback_part(curl_mimepart *part, char *buffer, size_t bufsize, bool *hasread) { size_t cursize = 0; -#ifdef CURL_DOES_CONVERSIONS - char *convbuf = buffer; -#endif /* Readback from part. */ @@ -956,26 +941,18 @@ static size_t readback_part(curl_mimepart *part, mimesetstate(&part->state, MIMESTATE_USERHEADERS, part->userheaders); else { sz = readback_bytes(&part->state, buffer, bufsize, - hdr->data, strlen(hdr->data), "\r\n"); + hdr->data, strlen(hdr->data), STRCONST("\r\n")); if(!sz) mimesetstate(&part->state, part->state.state, hdr->next); } break; case MIMESTATE_EOH: - sz = readback_bytes(&part->state, buffer, bufsize, "\r\n", 2, ""); + sz = readback_bytes(&part->state, buffer, bufsize, STRCONST("\r\n"), + STRCONST("")); if(!sz) mimesetstate(&part->state, MIMESTATE_BODY, NULL); break; case MIMESTATE_BODY: -#ifdef CURL_DOES_CONVERSIONS - if(part->easy && convbuf < buffer) { - CURLcode result = Curl_convert_to_network(part->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - convbuf = buffer; - } -#endif cleanup_encoder_state(&part->encstate); mimesetstate(&part->state, MIMESTATE_CONTENT, NULL); break; @@ -1012,16 +989,6 @@ static size_t readback_part(curl_mimepart *part, bufsize -= sz; } -#ifdef CURL_DOES_CONVERSIONS - if(part->easy && convbuf < buffer && - part->state.state < MIMESTATE_BODY) { - CURLcode result = Curl_convert_to_network(part->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - } -#endif - return cursize; } @@ -1031,10 +998,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, { curl_mime *mime = (curl_mime *) instream; size_t cursize = 0; -#ifdef CURL_DOES_CONVERSIONS - char *convbuf = buffer; -#endif - (void) size; /* Always 1. */ while(nitems) { @@ -1043,9 +1006,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, switch(mime->state.state) { case MIMESTATE_BEGIN: case MIMESTATE_BODY: -#ifdef CURL_DOES_CONVERSIONS - convbuf = buffer; -#endif mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, mime->firstpart); /* The first boundary always follows the header termination empty line, so is always preceded by a CRLF. We can then spare 2 characters @@ -1053,23 +1013,19 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, mime->state.offset += 2; break; case MIMESTATE_BOUNDARY1: - sz = readback_bytes(&mime->state, buffer, nitems, "\r\n--", 4, ""); + sz = readback_bytes(&mime->state, buffer, nitems, STRCONST("\r\n--"), + STRCONST("")); if(!sz) mimesetstate(&mime->state, MIMESTATE_BOUNDARY2, part); break; case MIMESTATE_BOUNDARY2: - sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary, - strlen(mime->boundary), part? "\r\n": "--\r\n"); + if(part) + sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary, + MIME_BOUNDARY_LEN, STRCONST("\r\n")); + else + sz = readback_bytes(&mime->state, buffer, nitems, mime->boundary, + MIME_BOUNDARY_LEN, STRCONST("--\r\n")); if(!sz) { -#ifdef CURL_DOES_CONVERSIONS - if(mime->easy && convbuf < buffer) { - CURLcode result = Curl_convert_to_network(mime->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - convbuf = buffer; - } -#endif mimesetstate(&mime->state, MIMESTATE_CONTENT, part); } break; @@ -1086,9 +1042,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, case STOP_FILLING: return cursize? cursize: sz; case 0: -#ifdef CURL_DOES_CONVERSIONS - convbuf = buffer; -#endif mimesetstate(&mime->state, MIMESTATE_BOUNDARY1, part->nextpart); break; } @@ -1105,16 +1058,6 @@ static size_t mime_subparts_read(char *buffer, size_t size, size_t nitems, nitems -= sz; } -#ifdef CURL_DOES_CONVERSIONS - if(mime->easy && convbuf < buffer && - mime->state.state <= MIMESTATE_CONTENT) { - CURLcode result = Curl_convert_to_network(mime->easy, convbuf, - buffer - convbuf); - if(result) - return READ_ERROR; - } -#endif - return cursize; } @@ -1341,8 +1284,9 @@ curl_mime *curl_mime_init(struct Curl_easy *easy) mime->firstpart = NULL; mime->lastpart = NULL; - memset(mime->boundary, '-', 24); - if(Curl_rand_hex(easy, (unsigned char *) &mime->boundary[24], + memset(mime->boundary, '-', MIME_BOUNDARY_DASHES); + if(Curl_rand_hex(easy, + (unsigned char *) &mime->boundary[MIME_BOUNDARY_DASHES], MIME_RAND_BOUNDARY_CHARS + 1)) { /* failed to get random separator, bail out */ free(mime); @@ -1619,7 +1563,7 @@ CURLcode Curl_mime_set_subparts(curl_mimepart *part, root = root->parent->parent; if(subparts == root) { if(part->easy) - failf(part->easy, "Can't add itself as a subpart!"); + failf(part->easy, "Can't add itself as a subpart"); return CURLE_BAD_FUNCTION_ARGUMENT; } } @@ -1675,10 +1619,9 @@ CURLcode Curl_mime_rewind(curl_mimepart *part) /* Compute header list size. */ static size_t slist_size(struct curl_slist *s, - size_t overhead, const char *skip) + size_t overhead, const char *skip, size_t skiplen) { size_t size = 0; - size_t skiplen = skip? strlen(skip): 0; for(; s; s = s->next) if(!skip || !match_header(s, skip, skiplen)) @@ -1696,7 +1639,7 @@ static curl_off_t multipart_size(curl_mime *mime) if(!mime) return 0; /* Not present -> empty. */ - boundarysize = 4 + strlen(mime->boundary) + 2; + boundarysize = 4 + MIME_BOUNDARY_LEN + 2; size = boundarysize; /* Final boundary - CRLF after headers. */ for(part = mime->firstpart; part; part = part->nextpart) { @@ -1727,8 +1670,8 @@ curl_off_t Curl_mime_size(curl_mimepart *part) if(size >= 0 && !(part->flags & MIME_BODY_ONLY)) { /* Compute total part size. */ - size += slist_size(part->curlheaders, 2, NULL); - size += slist_size(part->userheaders, 2, "Content-Type"); + size += slist_size(part->curlheaders, 2, NULL, 0); + size += slist_size(part->userheaders, 2, STRCONST("Content-Type")); size += 2; /* CRLF after headers. */ } return size; @@ -1804,10 +1747,9 @@ const char *Curl_mime_contenttype(const char *filename) return NULL; } -static bool content_type_match(const char *contenttype, const char *target) +static bool content_type_match(const char *contenttype, + const char *target, size_t len) { - size_t len = strlen(target); - if(contenttype && strncasecompare(contenttype, target, len)) switch(contenttype[len]) { case '\0': @@ -1843,7 +1785,7 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, /* Check if content type is specified. */ customct = part->mimetype; if(!customct) - customct = search_header(part->userheaders, "Content-Type"); + customct = search_header(part->userheaders, STRCONST("Content-Type")); if(customct) contenttype = customct; @@ -1872,12 +1814,12 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, boundary = mime->boundary; } else if(contenttype && !customct && - content_type_match(contenttype, "text/plain")) + content_type_match(contenttype, STRCONST("text/plain"))) if(strategy == MIMESTRATEGY_MAIL || !part->filename) contenttype = NULL; /* Issue content-disposition header only if not already set by caller. */ - if(!search_header(part->userheaders, "Content-Disposition")) { + if(!search_header(part->userheaders, STRCONST("Content-Disposition"))) { if(!disposition) if(part->filename || part->name || (contenttype && !strncasecompare(contenttype, "multipart/", 10))) @@ -1924,7 +1866,8 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, } /* Content-Transfer-Encoding header. */ - if(!search_header(part->userheaders, "Content-Transfer-Encoding")) { + if(!search_header(part->userheaders, + STRCONST("Content-Transfer-Encoding"))) { if(part->encoder) cte = part->encoder->name; else if(contenttype && strategy == MIMESTRATEGY_MAIL && @@ -1948,7 +1891,7 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part, curl_mimepart *subpart; disposition = NULL; - if(content_type_match(contenttype, "multipart/form-data")) + if(content_type_match(contenttype, STRCONST("multipart/form-data"))) disposition = "form-data"; for(subpart = mime->firstpart; subpart; subpart = subpart->nextpart) { ret = Curl_mime_prepare_headers(subpart, NULL, disposition, strategy); diff --git a/libs/libcurl/src/mime.h b/libs/libcurl/src/mime.h index 56642ae661..f2fc434c58 100644 --- a/libs/libcurl/src/mime.h +++ b/libs/libcurl/src/mime.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,6 +24,7 @@ #include "curl_setup.h" +#define MIME_BOUNDARY_DASHES 24 /* leading boundary dashes */ #define MIME_RAND_BOUNDARY_CHARS 16 /* Nb. of random boundary chars. */ #define MAX_ENCODED_LINE_LENGTH 76 /* Maximum encoded line length. */ #define ENCODING_BUFFER_SIZE 256 /* Encoding temp buffers size. */ @@ -91,8 +92,8 @@ struct mime_state { curl_off_t offset; /* State-dependent offset. */ }; -/* minimum buffer size for the boundary string */ -#define MIME_BOUNDARY_LEN (24 + MIME_RAND_BOUNDARY_CHARS + 1) +/* Boundary string length. */ +#define MIME_BOUNDARY_LEN (MIME_BOUNDARY_DASHES + MIME_RAND_BOUNDARY_CHARS) /* A mime multipart. */ struct curl_mime { @@ -100,7 +101,7 @@ struct curl_mime { curl_mimepart *parent; /* Parent part. */ curl_mimepart *firstpart; /* First part. */ curl_mimepart *lastpart; /* Last part. */ - char boundary[MIME_BOUNDARY_LEN]; /* The part boundary. */ + char boundary[MIME_BOUNDARY_LEN + 1]; /* The part boundary. */ struct mime_state state; /* Current readback state. */ }; diff --git a/libs/libcurl/src/mk-ca-bundle.pl b/libs/libcurl/src/mk-ca-bundle.pl deleted file mode 100644 index e5a7420c0e..0000000000 --- a/libs/libcurl/src/mk-ca-bundle.pl +++ /dev/null @@ -1,625 +0,0 @@ -#!/usr/bin/env perl -# *************************************************************************** -# * _ _ ____ _ -# * Project ___| | | | _ \| | -# * / __| | | | |_) | | -# * | (__| |_| | _ <| |___ -# * \___|\___/|_| \_\_____| -# * -# * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. -# * -# * This software is licensed as described in the file COPYING, which -# * you should have received as part of this distribution. The terms -# * are also available at https://curl.se/docs/copyright.html. -# * -# * You may opt to use, copy, modify, merge, publish, distribute and/or sell -# * copies of the Software, and permit persons to whom the Software is -# * furnished to do so, under the terms of the COPYING file. -# * -# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# * KIND, either express or implied. -# * -# *************************************************************************** -# This Perl script creates a fresh ca-bundle.crt file for use with libcurl. -# It downloads certdata.txt from Mozilla's source tree (see URL below), -# then parses certdata.txt and extracts CA Root Certificates into PEM format. -# These are then processed with the OpenSSL commandline tool to produce the -# final ca-bundle.crt file. -# The script is based on the parse-certs script written by Roland Krikava. -# This Perl script works on almost any platform since its only external -# dependency is the OpenSSL commandline tool for optional text listing. -# Hacked by Guenter Knauf. -# -use Encode; -use Getopt::Std; -use MIME::Base64; -use strict; -use warnings; -use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_k $opt_l $opt_m $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w); -use List::Util; -use Text::Wrap; -use Time::Local; -my $MOD_SHA = "Digest::SHA"; -eval "require $MOD_SHA"; -if ($@) { - $MOD_SHA = "Digest::SHA::PurePerl"; - eval "require $MOD_SHA"; -} -eval "require LWP::UserAgent"; - -my %urls = ( - 'nss' => - 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt', - 'central' => - 'https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', - 'beta' => - 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', - 'release' => - 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', -); - -$opt_d = 'release'; - -# If the OpenSSL commandline is not in search path you can configure it here! -my $openssl = 'openssl'; - -my $version = '1.28'; - -$opt_w = 76; # default base64 encoded lines length - -# default cert types to include in the output (default is to include CAs which may issue SSL server certs) -my $default_mozilla_trust_purposes = "SERVER_AUTH"; -my $default_mozilla_trust_levels = "TRUSTED_DELEGATOR"; -$opt_p = $default_mozilla_trust_purposes . ":" . $default_mozilla_trust_levels; - -my @valid_mozilla_trust_purposes = ( - "DIGITAL_SIGNATURE", - "NON_REPUDIATION", - "KEY_ENCIPHERMENT", - "DATA_ENCIPHERMENT", - "KEY_AGREEMENT", - "KEY_CERT_SIGN", - "CRL_SIGN", - "SERVER_AUTH", - "CLIENT_AUTH", - "CODE_SIGNING", - "EMAIL_PROTECTION", - "IPSEC_END_SYSTEM", - "IPSEC_TUNNEL", - "IPSEC_USER", - "TIME_STAMPING", - "STEP_UP_APPROVED" -); - -my @valid_mozilla_trust_levels = ( - "TRUSTED_DELEGATOR", # CAs - "NOT_TRUSTED", # Don't trust these certs. - "MUST_VERIFY_TRUST", # This explicitly tells us that it ISN'T a CA but is otherwise ok. In other words, this should tell the app to ignore any other sources that claim this is a CA. - "TRUSTED" # This cert is trusted, but only for itself and not for delegates (i.e. it is not a CA). -); - -my $default_signature_algorithms = $opt_s = "MD5"; - -my @valid_signature_algorithms = ( - "MD5", - "SHA1", - "SHA256", - "SHA384", - "SHA512" -); - -$0 =~ s@.*(/|\\)@@; -$Getopt::Std::STANDARD_HELP_VERSION = 1; -getopts('bd:fhiklmnp:qs:tuvw:'); - -if(!defined($opt_d)) { - # to make plain "-d" use not cause warnings, and actually still work - $opt_d = 'release'; -} - -# Use predefined URL or else custom URL specified on command line. -my $url; -if(defined($urls{$opt_d})) { - $url = $urls{$opt_d}; - if(!$opt_k && $url !~ /^https:\/\//i) { - die "The URL for '$opt_d' is not HTTPS. Use -k to override (insecure).\n"; - } -} -else { - $url = $opt_d; -} - -my $curl = `curl -V`; - -if ($opt_i) { - print ("=" x 78 . "\n"); - print "Script Version : $version\n"; - print "Perl Version : $]\n"; - print "Operating System Name : $^O\n"; - print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n"; - print "Encode::Encoding.pm Version : ${Encode::Encoding::VERSION}\n"; - print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n"; - print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n" if($LWP::UserAgent::VERSION); - print "LWP.pm Version : ${LWP::VERSION}\n" if($LWP::VERSION); - print "Digest::SHA.pm Version : ${Digest::SHA::VERSION}\n" if ($Digest::SHA::VERSION); - print "Digest::SHA::PurePerl.pm Version : ${Digest::SHA::PurePerl::VERSION}\n" if ($Digest::SHA::PurePerl::VERSION); - print ("=" x 78 . "\n"); -} - -sub warning_message() { - if ( $opt_d =~ m/^risk$/i ) { # Long Form Warning and Exit - print "Warning: Use of this script may pose some risk:\n"; - print "\n"; - print " 1) If you use HTTP URLs they are subject to a man in the middle attack\n"; - print " 2) Default to 'release', but more recent updates may be found in other trees\n"; - print " 3) certdata.txt file format may change, lag time to update this script\n"; - print " 4) Generally unwise to blindly trust CAs without manual review & verification\n"; - print " 5) Mozilla apps use additional security checks aren't represented in certdata\n"; - print " 6) Use of this script will make a security engineer grind his teeth and\n"; - print " swear at you. ;)\n"; - exit; - } else { # Short Form Warning - print "Warning: Use of this script may pose some risk, -d risk for more details.\n"; - } -} - -sub HELP_MESSAGE() { - print "Usage:\t${0} [-b] [-d<certdata>] [-f] [-i] [-k] [-l] [-n] [-p<purposes:levels>] [-q] [-s<algorithms>] [-t] [-u] [-v] [-w<l>] [<outputfile>]\n"; - print "\t-b\tbackup an existing version of ca-bundle.crt\n"; - print "\t-d\tspecify Mozilla tree to pull certdata.txt or custom URL\n"; - print "\t\t Valid names are:\n"; - print "\t\t ", join( ", ", map { ( $_ =~ m/$opt_d/ ) ? "$_ (default)" : "$_" } sort keys %urls ), "\n"; - print "\t-f\tforce rebuild even if certdata.txt is current\n"; - print "\t-i\tprint version info about used modules\n"; - print "\t-k\tallow URLs other than HTTPS, enable HTTP fallback (insecure)\n"; - print "\t-l\tprint license info about certdata.txt\n"; - print "\t-m\tinclude meta data in output\n"; - print "\t-n\tno download of certdata.txt (to use existing)\n"; - print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n"; - print "\t\t Valid purposes are:\n"; - print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_purposes ) ), "\n"; - print "\t\t Valid levels are:\n"; - print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_levels ) ), "\n"; - print "\t-q\tbe really quiet (no progress output at all)\n"; - print wrap("\t","\t\t", "-s\tcomma separated list of certificate signatures/hashes to output in plain text mode. (default: $default_signature_algorithms)\n"); - print "\t\t Valid signature algorithms are:\n"; - print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_signature_algorithms ) ), "\n"; - print "\t-t\tinclude plain text listing of certificates\n"; - print "\t-u\tunlink (remove) certdata.txt after processing\n"; - print "\t-v\tbe verbose and print out processed CAs\n"; - print "\t-w <l>\twrap base64 output lines after <l> chars (default: ${opt_w})\n"; - exit; -} - -sub VERSION_MESSAGE() { - print "${0} version ${version} running Perl ${]} on ${^O}\n"; -} - -warning_message() unless ($opt_q || $url =~ m/^(ht|f)tps:/i ); -HELP_MESSAGE() if ($opt_h); - -sub report($@) { - my $output = shift; - - print STDERR $output . "\n" unless $opt_q; -} - -sub is_in_list($@) { - my $target = shift; - - return defined(List::Util::first { $target eq $_ } @_); -} - -# Parses $param_string as a case insensitive comma separated list with optional whitespace -# validates that only allowed parameters are supplied -sub parse_csv_param($$@) { - my $description = shift; - my $param_string = shift; - my @valid_values = @_; - - my @values = map { - s/^\s+//; # strip leading spaces - s/\s+$//; # strip trailing spaces - uc $_ # return the modified string as upper case - } split( ',', $param_string ); - - # Find all values which are not in the list of valid values or "ALL" - my @invalid = grep { !is_in_list($_,"ALL",@valid_values) } @values; - - if ( scalar(@invalid) > 0 ) { - # Tell the user which parameters were invalid and print the standard help message which will exit - print "Error: Invalid ", $description, scalar(@invalid) == 1 ? ": " : "s: ", join( ", ", map { "\"$_\"" } @invalid ), "\n"; - HELP_MESSAGE(); - } - - @values = @valid_values if ( is_in_list("ALL",@values) ); - - return @values; -} - -sub sha256 { - my $result; - if ($Digest::SHA::VERSION || $Digest::SHA::PurePerl::VERSION) { - open(FILE, $_[0]) or die "Can't open '$_[0]': $!"; - binmode(FILE); - $result = $MOD_SHA->new(256)->addfile(*FILE)->hexdigest; - close(FILE); - } else { - # Use OpenSSL command if Perl Digest::SHA modules not available - $result = `"$openssl" dgst -r -sha256 "$_[0]"`; - $result =~ s/^([0-9a-f]{64}) .+/$1/is; - } - return $result; -} - - -sub oldhash { - my $hash = ""; - open(C, "<$_[0]") || return 0; - while(<C>) { - chomp; - if($_ =~ /^\#\# SHA256: (.*)/) { - $hash = $1; - last; - } - } - close(C); - return $hash; -} - -if ( $opt_p !~ m/:/ ) { - print "Error: Mozilla trust identifier list must include both purposes and levels\n"; - HELP_MESSAGE(); -} - -(my $included_mozilla_trust_purposes_string, my $included_mozilla_trust_levels_string) = split( ':', $opt_p ); -my @included_mozilla_trust_purposes = parse_csv_param( "trust purpose", $included_mozilla_trust_purposes_string, @valid_mozilla_trust_purposes ); -my @included_mozilla_trust_levels = parse_csv_param( "trust level", $included_mozilla_trust_levels_string, @valid_mozilla_trust_levels ); - -my @included_signature_algorithms = parse_csv_param( "signature algorithm", $opt_s, @valid_signature_algorithms ); - -sub should_output_cert(%) { - my %trust_purposes_by_level = @_; - - foreach my $level (@included_mozilla_trust_levels) { - # for each level we want to output, see if any of our desired purposes are included - return 1 if ( defined( List::Util::first { is_in_list( $_, @included_mozilla_trust_purposes ) } @{$trust_purposes_by_level{$level}} ) ); - } - - return 0; -} - -my $crt = $ARGV[0] || 'ca-bundle.crt'; -(my $txt = $url) =~ s@(.*/|\?.*)@@g; - -my $stdout = $crt eq '-'; -my $resp; -my $fetched; - -my $oldhash = oldhash($crt); - -report "SHA256 of old file: $oldhash"; - -if(!$opt_n) { - report "Downloading $txt ..."; - - # If we have an HTTPS URL then use curl - if($url =~ /^https:\/\//i) { - if($curl) { - if($curl =~ /^Protocols:.* https( |$)/m) { - report "Get certdata with curl!"; - my $proto = !$opt_k ? "--proto =https" : ""; - my $quiet = $opt_q ? "-s" : ""; - my @out = `curl -w %{response_code} $proto $quiet -o "$txt" "$url"`; - if(!$? && @out && $out[0] == 200) { - $fetched = 1; - report "Downloaded $txt"; - } - else { - report "Failed downloading via HTTPS with curl"; - if(-e $txt && !unlink($txt)) { - report "Failed to remove '$txt': $!"; - } - } - } - else { - report "curl lacks https support"; - } - } - else { - report "curl not found"; - } - } - - # If nothing was fetched then use LWP - if(!$fetched) { - if($url =~ /^https:\/\//i) { - report "Falling back to HTTP"; - $url =~ s/^https:\/\//http:\/\//i; - } - if(!$opt_k) { - report "URLs other than HTTPS are disabled by default, to enable use -k"; - exit 1; - } - report "Get certdata with LWP!"; - if(!defined(${LWP::UserAgent::VERSION})) { - report "LWP is not available (LWP::UserAgent not found)"; - exit 1; - } - my $ua = new LWP::UserAgent(agent => "$0/$version"); - $ua->env_proxy(); - $resp = $ua->mirror($url, $txt); - if($resp && $resp->code eq '304') { - report "Not modified"; - exit 0 if -e $crt && !$opt_f; - } - else { - $fetched = 1; - report "Downloaded $txt"; - } - if(!$resp || $resp->code !~ /^(?:200|304)$/) { - report "Unable to download latest data: " - . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed"); - exit 1 if -e $crt || ! -r $txt; - } - } -} - -my $filedate = $resp ? $resp->last_modified : (stat($txt))[9]; -my $datesrc = "as of"; -if(!$filedate) { - # mxr.mozilla.org gave us a time, hg.mozilla.org does not! - $filedate = time(); - $datesrc="downloaded on"; -} - -# get the hash from the download file -my $newhash= sha256($txt); - -if(!$opt_f && $oldhash eq $newhash) { - report "Downloaded file identical to previous run\'s source file. Exiting"; - if($opt_u && -e $txt && !unlink($txt)) { - report "Failed to remove $txt: $!\n"; - } - exit; -} - -report "SHA256 of new file: $newhash"; - -my $currentdate = scalar gmtime($filedate); - -my $format = $opt_t ? "plain text and " : ""; -if( $stdout ) { - open(CRT, '> -') or die "Couldn't open STDOUT: $!\n"; -} else { - open(CRT,">$crt.~") or die "Couldn't open $crt.~: $!\n"; -} -print CRT <<EOT; -## -## Bundle of CA Root Certificates -## -## Certificate data from Mozilla ${datesrc}: ${currentdate} GMT -## -## This is a bundle of X.509 certificates of public Certificate Authorities -## (CA). These were automatically extracted from Mozilla's root certificates -## file (certdata.txt). This file can be found in the mozilla source tree: -## ${url} -## -## It contains the certificates in ${format}PEM format and therefore -## can be directly used with curl / libcurl / php_curl, or with -## an Apache+mod_ssl webserver for SSL client authentication. -## Just configure this file as the SSLCACertificateFile. -## -## Conversion done with mk-ca-bundle.pl version $version. -## SHA256: $newhash -## - -EOT - -report "Processing '$txt' ..."; -my $caname; -my $certnum = 0; -my $skipnum = 0; -my $start_of_cert = 0; -my @precert; -my $cka_value; -my $valid = 1; - -open(TXT,"$txt") or die "Couldn't open $txt: $!\n"; -while (<TXT>) { - if (/\*\*\*\*\* BEGIN LICENSE BLOCK \*\*\*\*\*/) { - print CRT; - print if ($opt_l); - while (<TXT>) { - print CRT; - print if ($opt_l); - last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/); - } - } -# Not Valid After : Thu Sep 30 14:01:15 2021 - elsif(/^# Not Valid After : (.*)/) { - my $stamp = $1; - use Time::Piece; - my $t = Time::Piece->strptime - ($stamp, "%a %b %d %H:%M:%S %Y"); - my $delta = ($t->epoch - time()); # negative means no longer valid - if($delta < 0) { - $skipnum++; - report "Skipping: $caname is not valid anymore" if ($opt_v); - $valid = 0; - } - else { - $valid = 1; - } - next; - } - elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) { - push @precert, $_; - next; - } - elsif(/^#|^\s*$/) { - undef @precert; - next; - } - chomp; - - # Example: - # CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL - # \062\060\060\066\061\067\060\060\060\060\060\060\132 - # END - - if (/^CKA_NSS_SERVER_DISTRUST_AFTER (CK_BBOOL CK_FALSE|MULTILINE_OCTAL)/) { - if($1 eq "MULTILINE_OCTAL") { - my @timestamp; - while (<TXT>) { - last if (/^END/); - chomp; - my @octets = split(/\\/); - shift @octets; - for (@octets) { - push @timestamp, chr(oct); - } - } - # A trailing Z in the timestamp signifies UTC - if($timestamp[12] ne "Z") { - report "distrust date stamp is not using UTC"; - } - # Example date: 200617000000Z - # Means 2020-06-17 00:00:00 UTC - my $distrustat = - timegm($timestamp[10] . $timestamp[11], # second - $timestamp[8] . $timestamp[9], # minute - $timestamp[6] . $timestamp[7], # hour - $timestamp[4] . $timestamp[5], # day - ($timestamp[2] . $timestamp[3]) - 1, # month - "20" . $timestamp[0] . $timestamp[1]); # year - if(time >= $distrustat) { - # not trusted anymore - $skipnum++; - report "Skipping: $caname is not trusted anymore" if ($opt_v); - $valid = 0; - } - else { - # still trusted - } - } - next; - } - - # this is a match for the start of a certificate - if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) { - $start_of_cert = 1 - } - if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) { - $caname = $1; - } - my %trust_purposes_by_level; - if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) { - $cka_value=""; - while (<TXT>) { - last if (/^END/); - chomp; - my @octets = split(/\\/); - shift @octets; - for (@octets) { - $cka_value .= chr(oct); - } - } - } - if(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/ && $valid) { - # now scan the trust part to determine how we should trust this cert - while (<TXT>) { - last if (/^#/); - if (/^CKA_TRUST_([A-Z_]+)\s+CK_TRUST\s+CKT_NSS_([A-Z_]+)\s*$/) { - if ( !is_in_list($1,@valid_mozilla_trust_purposes) ) { - report "Warning: Unrecognized trust purpose for cert: $caname. Trust purpose: $1. Trust Level: $2"; - } elsif ( !is_in_list($2,@valid_mozilla_trust_levels) ) { - report "Warning: Unrecognized trust level for cert: $caname. Trust purpose: $1. Trust Level: $2"; - } else { - push @{$trust_purposes_by_level{$2}}, $1; - } - } - } - - if ( !should_output_cert(%trust_purposes_by_level) ) { - $skipnum ++; - report "Skipping: $caname" if ($opt_v); - } else { - my $data = $cka_value; - $cka_value = ""; - - if(!length($data)) { - # if empty, skip - next; - } - my $encoded = MIME::Base64::encode_base64($data, ''); - $encoded =~ s/(.{1,${opt_w}})/$1\n/g; - my $pem = "-----BEGIN CERTIFICATE-----\n" - . $encoded - . "-----END CERTIFICATE-----\n"; - print CRT "\n$caname\n"; - print CRT @precert if($opt_m); - my $maxStringLength = length(decode('UTF-8', $caname, Encode::FB_CROAK | Encode::LEAVE_SRC)); - if ($opt_t) { - foreach my $key (sort keys %trust_purposes_by_level) { - my $string = $key . ": " . join(", ", @{$trust_purposes_by_level{$key}}); - $maxStringLength = List::Util::max( length($string), $maxStringLength ); - print CRT $string . "\n"; - } - } - print CRT ("=" x $maxStringLength . "\n"); - if (!$opt_t) { - print CRT $pem; - } else { - my $pipe = ""; - foreach my $hash (@included_signature_algorithms) { - $pipe = "|$openssl x509 -" . $hash . " -fingerprint -noout -inform PEM"; - if (!$stdout) { - $pipe .= " >> $crt.~"; - close(CRT) or die "Couldn't close $crt.~: $!"; - } - open(TMP, $pipe) or die "Couldn't open openssl pipe: $!"; - print TMP $pem; - close(TMP) or die "Couldn't close openssl pipe: $!"; - if (!$stdout) { - open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!"; - } - } - $pipe = "|$openssl x509 -text -inform PEM"; - if (!$stdout) { - $pipe .= " >> $crt.~"; - close(CRT) or die "Couldn't close $crt.~: $!"; - } - open(TMP, $pipe) or die "Couldn't open openssl pipe: $!"; - print TMP $pem; - close(TMP) or die "Couldn't close openssl pipe: $!"; - if (!$stdout) { - open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!"; - } - } - report "Parsing: $caname" if ($opt_v); - $certnum ++; - $start_of_cert = 0; - } - undef @precert; - } - -} -close(TXT) or die "Couldn't close $txt: $!\n"; -close(CRT) or die "Couldn't close $crt.~: $!\n"; -unless( $stdout ) { - if ($opt_b && -e $crt) { - my $bk = 1; - while (-e "$crt.~${bk}~") { - $bk++; - } - rename $crt, "$crt.~${bk}~" or die "Failed to create backup $crt.~$bk}~: $!\n"; - } elsif( -e $crt ) { - unlink( $crt ) or die "Failed to remove $crt: $!\n"; - } - rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n"; -} -if($opt_u && -e $txt && !unlink($txt)) { - report "Failed to remove $txt: $!\n"; -} -report "Done ($certnum CA certs processed, $skipnum skipped)."; diff --git a/libs/libcurl/src/mk-ca-bundle.vbs b/libs/libcurl/src/mk-ca-bundle.vbs deleted file mode 100644 index c6e6f4ffe1..0000000000 --- a/libs/libcurl/src/mk-ca-bundle.vbs +++ /dev/null @@ -1,431 +0,0 @@ -'*************************************************************************** -'* _ _ ____ _ -'* Project ___| | | | _ \| | -'* / __| | | | |_) | | -'* | (__| |_| | _ <| |___ -'* \___|\___/|_| \_\_____| -'* -'* Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. -'* -'* This software is licensed as described in the file COPYING, which -'* you should have received as part of this distribution. The terms -'* are also available at https://curl.se/docs/copyright.html. -'* -'* You may opt to use, copy, modify, merge, publish, distribute and/or sell -'* copies of the Software, and permit persons to whom the Software is -'* furnished to do so, under the terms of the COPYING file. -'* -'* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -'* KIND, either express or implied. -'* -'*************************************************************************** -'* Script to fetch certdata.txt from Mozilla.org site and create a -'* ca-bundle.crt for use with OpenSSL / libcurl / libcurl bindings -'* Requires WinHttp.WinHttpRequest.5.1 and ADODB.Stream which are part of -'* W2000 SP3 or later, WXP SP1 or later, W2003 Server SP1 or later. -'* Hacked by Guenter Knauf -'*************************************************************************** -Option Explicit -Const myVersion = "0.4.0" - -Const myUrl = "https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt" - -Const myOpenSSL = "openssl.exe" -Dim myUseOpenSSL -myUseOpenSSL = TRUE ' Flag: TRUE to use OpenSSL. If TRUE and is not - ' found then a warning is shown before continuing. - -Const myCdSavF = TRUE ' Flag: save downloaded data to file certdata.txt -Const myCaBakF = TRUE ' Flag: backup existing ca-bundle certificate -Const myAskLiF = TRUE ' Flag: display certdata.txt license agreement -Const myWrapLe = 76 ' Default length of base64 output lines - -' cert info code doesn't work properly with any recent openssl, leave disabled. -' Also: we want our certificate output by default to be as similar as possible -' to mk-ca-bundle.pl and setting this TRUE changes the base64 width to -' OpenSSL's built-in default width, which is not the same as mk-ca-bundle.pl. -Const myAskTiF = FALSE ' Flag: ask to include certificate text info - -' -'******************* Nothing to configure below! ******************* -' -Const adTypeBinary = 1 -Const adTypeText = 2 -Const adSaveCreateNotExist = 1 -Const adSaveCreateOverWrite = 2 -Dim objShell, objNetwork, objFSO, objHttp -Dim myBase, mySelf, myStream, myTmpFh, myCdData, myCdFile -Dim myCaFile, myTmpName, myBakNum, myOptTxt, i -Set objNetwork = WScript.CreateObject("WScript.Network") -Set objShell = WScript.CreateObject("WScript.Shell") -Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") -Set objHttp = WScript.CreateObject("WinHttp.WinHttpRequest.5.1") -If objHttp Is Nothing Then Set objHttp = WScript.CreateObject("WinHttp.WinHttpRequest") -myBase = Left(WScript.ScriptFullName, InstrRev(WScript.ScriptFullName, "\")) -mySelf = Left(WScript.ScriptName, InstrRev(WScript.ScriptName, ".") - 1) & " " & myVersion - -myCdFile = Mid(myUrl, InstrRev(myUrl, "/") + 1) -myCaFile = "ca-bundle.crt" -myTmpName = InputBox("It will take a minute to download and parse the " & _ - "certificate data." & _ - vbLf & vbLf & _ - "Please enter the output filename:", mySelf, myCaFile) -If (myTmpName = "") Then - WScript.Quit 1 -End If -myCaFile = myTmpName -If (myCdFile = "") Then - MsgBox("URL does not contain filename!"), vbCritical, mySelf - WScript.Quit 1 -End If - -' Don't use OpenSSL if it's not present. -If (myUseOpenSSL = TRUE) Then - Dim errnum - - On Error Resume Next - Call objShell.Run("""" & myOpenSSL & """ version", 0, TRUE) - errnum = Err.Number - On Error GoTo 0 - - If Not (errnum = 0) Then - myUseOpenSSL = FALSE - MsgBox("OpenSSL was not found so the certificate bundle will not " & _ - "include the SHA256 hash of the raw certificate data file " & _ - "that was used to generate the certificates in the bundle. " & _ - vbLf & vbLf & _ - "This does not have any effect on the certificate output, " & _ - "so this script will continue." & _ - vbLf & vbLf & _ - "If you want to set a custom location for OpenSSL or disable " & _ - "this message then edit the variables at the start of the " & _ - "script."), vbInformation, mySelf - End If -End If - -If (myAskTiF = TRUE) And (myUseOpenSSL = TRUE) Then - If (6 = objShell.PopUp("Do you want to include text information about " & _ - "each certificate?" & vbLf & _ - "(Requires OpenSSL.exe in the current directory " & _ - "or search path)",, _ - mySelf, vbQuestion + vbYesNo + vbDefaultButton2)) Then - myOptTxt = TRUE - Else - myOptTxt = FALSE - End If -End If - -' Uncomment the line below to ignore SSL invalid cert errors -' objHttp.Option(4) = 256 + 512 + 4096 + 8192 -objHttp.SetTimeouts 0, 5000, 10000, 10000 -objHttp.Open "GET", myUrl, FALSE -objHttp.setRequestHeader "User-Agent", WScript.ScriptName & "/" & myVersion -objHttp.Send "" -If Not (objHttp.Status = 200) Then - MsgBox("Failed to download '" & myCdFile & "': " & objHttp.Status & " - " & objHttp.StatusText), vbCritical, mySelf - WScript.Quit 1 -End If -' Write received data to file if enabled -If (myCdSavF = TRUE) Then - Call SaveBinaryData(myCdFile, objHttp.ResponseBody) -End If -' Convert data from ResponseBody instead of using ResponseText because of UTF-8 -myCdData = ConvertBinaryToUTF8(objHttp.ResponseBody) -Set objHttp = Nothing -' Backup exitsing ca-bundle certificate file -If (myCaBakF = TRUE) Then - If objFSO.FileExists(myCaFile) Then - Dim myBakFile, b - b = 1 - myBakFile = myCaFile & ".~" & b & "~" - While objFSO.FileExists(myBakFile) - b = b + 1 - myBakFile = myCaFile & ".~" & b & "~" - Wend - Set myTmpFh = objFSO.GetFile(myCaFile) - myTmpFh.Move myBakFile - End If -End If - -' Process the received data -Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts, myNumSkipped -Dim myLabel, myOctets, myData, myPem, myRev, myUntrusted, j -myNumSkipped = 0 -myNumCerts = 0 -myData = "" -myLines = Split(myCdData, vbLf, -1) -Set myStream = CreateObject("ADODB.Stream") -myStream.Open -myStream.Type = adTypeText -myStream.Charset = "utf-8" -myStream.WriteText "##" & vbLf & _ - "## Bundle of CA Root Certificates" & vbLf & _ - "##" & vbLf & _ - "## Certificate data from Mozilla as of: " & _ - ConvertDateToString(LocalDateToUTC(Now)) & " GMT" & vbLf & _ - "##" & vbLf & _ - "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf & _ - "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf & _ - "## file (certdata.txt). This file can be found in the mozilla source tree:" & vbLf & _ - "## " & myUrl & vbLf & _ - "##" & vbLf & _ - "## It contains the certificates in PEM format and therefore" & vbLf & _ - "## can be directly used with curl / libcurl / php_curl, or with" & vbLf & _ - "## an Apache+mod_ssl webserver for SSL client authentication." & vbLf & _ - "## Just configure this file as the SSLCACertificateFile." & vbLf & _ - "##" & vbLf & _ - "## Conversion done with mk-ca-bundle.vbs version " & myVersion & "." & vbLf -If (myCdSavF = TRUE) And (myUseOpenSSL = TRUE) Then - myStream.WriteText "## SHA256: " & FileSHA256(myCdFile) & vbLf -End If -myStream.WriteText "##" & vbLf & vbLf - -myStream.WriteText vbLf -For i = 0 To UBound(myLines) - If InstrRev(myLines(i), "CKA_LABEL ") Then - myPattern = "^CKA_LABEL\s+[A-Z0-9]+\s+""(.+?)""" - myLabel = RegExprFirst(myPattern, myLines(i)) - End If - If (myInsideCert = TRUE) Then - If InstrRev(myLines(i), "END") Then - myInsideCert = FALSE - While (i < UBound(myLines)) And Not (myLines(i) = "#") - i = i + 1 - If InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR") Then - myUntrusted = FALSE - End If - Wend - If (myUntrusted = TRUE) Then - myNumSkipped = myNumSkipped + 1 - Else - myStream.WriteText myLabel & vbLf - myStream.WriteText String(Len(myLabel), "=") & vbLf - myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _ - Base64Encode(myData) & vbLf & _ - "-----END CERTIFICATE-----" & vbLf - If (myOptTxt = FALSE) Then - myStream.WriteText myPem & vbLf - Else - Dim myCmd, myRval, myTmpIn, myTmpOut - myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName - myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName - Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE) - myTmpFh.Write myPem - myTmpFh.Close - myCmd = """" & myOpenSSL & """ x509 -md5 -fingerprint -text " & _ - "-inform PEM -in " & myTmpIn & " -out " & myTmpOut - myRval = objShell.Run (myCmd, 0, TRUE) - objFSO.DeleteFile myTmpIn, TRUE - If Not (myRval = 0) Then - MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf - objFSO.DeleteFile myTmpOut, TRUE - WScript.Quit 3 - End If - Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1) - myStream.WriteText myTmpFh.ReadAll & vbLf - myTmpFh.Close - objFSO.DeleteFile myTmpOut, TRUE - End If - myNumCerts = myNumCerts + 1 - End If - Else - myOctets = Split(myLines(i), "\") - For j = 1 To UBound(myOctets) - myData = myData & Chr(CByte("&o" & myOctets(j))) - Next - End If - End If - If InstrRev(myLines(i), "CVS_ID ") Then - myPattern = "^CVS_ID\s+""(.+?)""" - myRev = RegExprFirst(myPattern, myLines(i)) - myStream.WriteText "# " & myRev & vbLf & vbLf - End If - If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then - myInsideCert = TRUE - myUntrusted = TRUE - myData = "" - End If - If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then - myInsideLicense = TRUE - End If - If (myInsideLicense = TRUE) Then - myStream.WriteText myLines(i) & vbLf - myLicenseText = myLicenseText & Mid(myLines(i), 2) & vbLf - End If - If InstrRev(myLines(i), "***** END LICENSE BLOCK *****") Then - myInsideLicense = FALSE - If (myAskLiF = TRUE) Then - If Not (6 = objShell.PopUp(myLicenseText & vbLf & _ - "Do you agree to the license shown above (required to proceed) ?",, _ - mySelf, vbQuestion + vbYesNo + vbDefaultButton1)) Then - myStream.Close - objFSO.DeleteFile myCaFile, TRUE - WScript.Quit 2 - End If - End If - End If -Next - -' To stop the UTF-8 BOM from being written the stream has to be copied and -' then saved as binary. -Dim myCopy -Set myCopy = CreateObject("ADODB.Stream") -myCopy.Type = adTypeBinary -myCopy.Open -myStream.Position = 3 ' Skip UTF-8 BOM -myStream.CopyTo myCopy -myCopy.SaveToFile myCaFile, adSaveCreateOverWrite -myCopy.Close -myStream.Close -Set myCopy = Nothing -Set myStream = Nothing - -' Done -objShell.PopUp "Done (" & myNumCerts & " CA certs processed, " & myNumSkipped & _ - " untrusted skipped).", 20, mySelf, vbInformation -WScript.Quit 0 - -Function ConvertBinaryToUTF8(arrBytes) - Dim objStream - Set objStream = CreateObject("ADODB.Stream") - objStream.Open - objStream.Type = adTypeBinary - objStream.Write arrBytes - objStream.Position = 0 - objStream.Type = adTypeText - objStream.Charset = "utf-8" - ConvertBinaryToUTF8 = objStream.ReadText - Set objStream = Nothing -End Function - -Function SaveBinaryData(filename, data) - Dim objStream - Set objStream = CreateObject("ADODB.Stream") - objStream.Type = adTypeBinary - objStream.Open - objStream.Write data - objStream.SaveToFile filename, adSaveCreateOverWrite - objStream.Close - Set objStream = Nothing -End Function - -Function RegExprFirst(SearchPattern, TheString) - Dim objRegExp, Matches ' create variables. - Set objRegExp = New RegExp ' create a regular expression. - objRegExp.Pattern = SearchPattern ' sets the search pattern. - objRegExp.IgnoreCase = TRUE ' set to ignores case. - objRegExp.Global = TRUE ' set to global search. - Set Matches = objRegExp.Execute(TheString) ' do the search. - If (Matches.Count) Then - RegExprFirst = Matches(0).SubMatches(0) ' return first match. - Else - RegExprFirst = "" - End If - Set objRegExp = Nothing -End Function - -Function Base64Encode(inData) - Const Base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" - Dim cOut, sOut, lWrap, I - lWrap = Int(myWrapLe * 3 / 4) - - 'For each group of 3 bytes - For I = 1 To Len(inData) Step 3 - Dim nGroup, pOut, sGroup - - 'Create one long from this 3 bytes. - nGroup = &H10000 * Asc(Mid(inData, I, 1)) + _ - &H100 * MyASC(Mid(inData, I + 1, 1)) + _ - MyASC(Mid(inData, I + 2, 1)) - - 'Oct splits the long To 8 groups with 3 bits - nGroup = Oct(nGroup) - - 'Add leading zeros - nGroup = String(8 - Len(nGroup), "0") & nGroup - - 'Convert To base64 - pOut = Mid(Base64, CLng("&o" & Mid(nGroup, 1, 2)) + 1, 1) & _ - Mid(Base64, CLng("&o" & Mid(nGroup, 3, 2)) + 1, 1) & _ - Mid(Base64, CLng("&o" & Mid(nGroup, 5, 2)) + 1, 1) & _ - Mid(Base64, CLng("&o" & Mid(nGroup, 7, 2)) + 1, 1) - - 'Add the part To OutPut string - sOut = sOut + pOut - - 'Add a new line For Each myWrapLe chars In dest - If (I < Len(inData) - 2) Then - If (I + 2) Mod lWrap = 0 Then sOut = sOut & vbLf - End If - Next - Select Case Len(inData) Mod 3 - Case 1: '8 bit final - sOut = Left(sOut, Len(sOut) - 2) & "==" - Case 2: '16 bit final - sOut = Left(sOut, Len(sOut) - 1) & "=" - End Select - Base64Encode = sOut -End Function - -Function MyASC(OneChar) - If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar) -End Function - -' Return the date in the same format as perl to match mk-ca-bundle.pl output: -' Wed Sep 7 03:12:05 2016 -Function ConvertDateToString(input) - Dim output - output = WeekDayName(WeekDay(input), TRUE) & " " & _ - MonthName(Month(input), TRUE) & " " - If (Len(Day(input)) = 1) Then - output = output & " " - End If - output = output & _ - Day(input) & " " & _ - FormatDateTime(input, vbShortTime) & ":" - If (Len(Second(input)) = 1) Then - output = output & "0" - End If - output = output & _ - Second(input) & " " & _ - Year(input) - ConvertDateToString = output -End Function - -' Convert local Date to UTC. Microsoft says: -' Use Win32_ComputerSystem CurrentTimeZone property, because it automatically -' adjusts the Time Zone bias for daylight saving time; Win32_Time Zone Bias -' property does not. -' https://msdn.microsoft.com/en-us/library/windows/desktop/ms696015.aspx -Function LocalDateToUTC(localdate) - Dim item, offset - For Each item In GetObject("winmgmts:").InstancesOf("Win32_ComputerSystem") - offset = item.CurrentTimeZone ' the offset in minutes - Next - If (offset < 0) Then - LocalDateToUTC = DateAdd("n", ABS(offset), localdate) - Else - LocalDateToUTC = DateAdd("n", -ABS(offset), localdate) - End If - 'objShell.PopUp LocalDateToUTC -End Function - -Function FileSHA256(filename) - Dim cmd, rval, tmpOut, tmpFh - if (myUseOpenSSL = TRUE) Then - tmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName - cmd = """" & myOpenSSL & """ dgst -r -sha256 -out """ & tmpOut & """ """ & filename & """" - rval = objShell.Run(cmd, 0, TRUE) - If Not (rval = 0) Then - MsgBox("Failed to get sha256 of """ & filename & """ with OpenSSL commandline!"), vbCritical, mySelf - objFSO.DeleteFile tmpOut, TRUE - WScript.Quit 3 - End If - Set tmpFh = objFSO.OpenTextFile(tmpOut, 1) - FileSHA256 = RegExprFirst("^([0-9a-f]{64}) .+", tmpFh.ReadAll) - tmpFh.Close - objFSO.DeleteFile tmpOut, TRUE - Else - FileSHA256 = "" - End If -End Function diff --git a/libs/libcurl/src/mprintf.c b/libs/libcurl/src/mprintf.c index 0fd3afc8ae..13812010b3 100644 --- a/libs/libcurl/src/mprintf.c +++ b/libs/libcurl/src/mprintf.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1999 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1999 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -65,7 +65,6 @@ */ #if (defined(__BORLANDC__) && (__BORLANDC__ >= 0x520)) || \ - (defined(__WATCOMC__) && defined(__386__)) || \ (defined(__POCC__) && defined(_MSC_VER)) || \ (defined(_WIN32_WCE)) || \ (defined(__MINGW32__)) || \ @@ -830,6 +829,8 @@ static int dprintf_formatf( } else if(prec != -1) len = (size_t)prec; + else if(*str == '\0') + len = 0; else len = strlen(str); diff --git a/libs/libcurl/src/mqtt.c b/libs/libcurl/src/mqtt.c index fcd40b41e6..9bcbaa1950 100644 --- a/libs/libcurl/src/mqtt.c +++ b/libs/libcurl/src/mqtt.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2019, Björn Stenberg, <bjorn@haxx.se> * * This software is licensed as described in the file COPYING, which @@ -60,6 +60,8 @@ */ static CURLcode mqtt_do(struct Curl_easy *data, bool *done); +static CURLcode mqtt_done(struct Curl_easy *data, + CURLcode status, bool premature); static CURLcode mqtt_doing(struct Curl_easy *data, bool *done); static int mqtt_getsock(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *sock); @@ -74,7 +76,7 @@ const struct Curl_handler Curl_handler_mqtt = { "MQTT", /* scheme */ mqtt_setup_conn, /* setup_connection */ mqtt_do, /* do_it */ - ZERO_NULL, /* done */ + mqtt_done, /* done */ ZERO_NULL, /* do_more */ ZERO_NULL, /* connect_it */ ZERO_NULL, /* connecting */ @@ -344,7 +346,9 @@ end: static CURLcode mqtt_disconnect(struct Curl_easy *data) { CURLcode result = CURLE_OK; + struct MQTT *mq = data->req.p.mqtt; result = mqtt_send(data, (char *)"\xe0\x00", 2); + Curl_safefree(mq->sendleftovers); return result; } @@ -384,8 +388,7 @@ static CURLcode mqtt_get_topic(struct Curl_easy *data, { char *path = data->state.up.path; if(strlen(path) > 1) - return Curl_urldecode(data, path + 1, 0, topic, topiclen, - REJECT_NADA); + return Curl_urldecode(path + 1, 0, topic, topiclen, REJECT_NADA); failf(data, "No MQTT topic found. Forgot to URL encode it?"); return CURLE_URL_MALFORMAT; } @@ -692,6 +695,16 @@ static CURLcode mqtt_do(struct Curl_easy *data, bool *done) return CURLE_OK; } +static CURLcode mqtt_done(struct Curl_easy *data, + CURLcode status, bool premature) +{ + struct MQTT *mq = data->req.p.mqtt; + (void)status; + (void)premature; + Curl_safefree(mq->sendleftovers); + return CURLE_OK; +} + static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) { CURLcode result = CURLE_OK; @@ -719,8 +732,14 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) case MQTT_FIRST: /* Read the initial byte only */ result = Curl_read(data, sockfd, (char *)&mq->firstbyte, 1, &nread); - if(!nread) + if(result) break; + else if(!nread) { + failf(data, "Connection disconnected"); + *done = TRUE; + result = CURLE_RECV_ERROR; + break; + } Curl_debug(data, CURLINFO_HEADER_IN, (char *)&mq->firstbyte, 1); /* remember the first byte */ mq->npacket = 0; diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c index f8dcc63b47..8e58d785a9 100644 --- a/libs/libcurl/src/multi.c +++ b/libs/libcurl/src/multi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -118,7 +118,7 @@ static void init_completed(struct Curl_easy *data) /* Important: reset the conn pointer so that we don't point to memory that could be freed anytime */ - Curl_detach_connnection(data); + Curl_detach_connection(data); Curl_expire_clear(data); /* stop all timers */ } @@ -635,7 +635,7 @@ static CURLcode multi_done(struct Curl_easy *data, process_pending_handles(data->multi); /* connection / multiplex */ CONNCACHE_LOCK(data); - Curl_detach_connnection(data); + Curl_detach_connection(data); if(CONN_INUSE(conn)) { /* Stop if still used. */ CONNCACHE_UNLOCK(data); @@ -687,16 +687,10 @@ static CURLcode multi_done(struct Curl_easy *data, #endif ) || conn->bits.close || (premature && !(conn->handler->flags & PROTOPT_STREAM))) { - CURLcode res2; connclose(conn, "disconnecting"); Curl_conncache_remove_conn(data, conn, FALSE); CONNCACHE_UNLOCK(data); - res2 = Curl_disconnect(data, conn, premature); - - /* If we had an error already, make sure we return that one. But - if we got a new error, return that. */ - if(!result && res2) - result = res2; + Curl_disconnect(data, conn, premature); } else { char buffer[256]; @@ -709,14 +703,15 @@ static CURLcode multi_done(struct Curl_easy *data, conn->bits.conn_to_host ? conn->conn_to_host.dispname : conn->host.dispname; /* create string before returning the connection */ + long connection_id = conn->connection_id; msnprintf(buffer, sizeof(buffer), "Connection #%ld to host %s left intact", - conn->connection_id, host); + connection_id, host); /* the connection is no longer in use by this transfer */ CONNCACHE_UNLOCK(data); if(Curl_conncache_return_conn(data, conn)) { /* remember the most recently used connection */ - data->state.lastconnect_id = conn->connection_id; + data->state.lastconnect_id = connection_id; infof(data, "%s", buffer); } else @@ -724,7 +719,6 @@ static CURLcode multi_done(struct Curl_easy *data, } Curl_safefree(data->state.buffer); - Curl_free_request_state(data); return result; } @@ -830,7 +824,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, that vanish with this handle */ /* Remove the association between the connection and the handle */ - Curl_detach_connnection(data); + Curl_detach_connection(data); if(data->state.lastconnect_id != -1) { /* Mark any connect-only connection for closure */ @@ -905,12 +899,12 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi) } /* - * Curl_detach_connnection() removes the given transfer from the connection. + * Curl_detach_connection() removes the given transfer from the connection. * * This is the only function that should clear data->conn. This will * occasionally be called with the data->conn pointer already cleared. */ -void Curl_detach_connnection(struct Curl_easy *data) +void Curl_detach_connection(struct Curl_easy *data) { struct connectdata *conn = data->conn; if(conn) { @@ -922,11 +916,11 @@ void Curl_detach_connnection(struct Curl_easy *data) } /* - * Curl_attach_connnection() attaches this transfer to this connection. + * Curl_attach_connection() attaches this transfer to this connection. * * This is the only function that should assign data->conn */ -void Curl_attach_connnection(struct Curl_easy *data, +void Curl_attach_connection(struct Curl_easy *data, struct connectdata *conn) { DEBUGASSERT(!data->conn); @@ -1546,7 +1540,7 @@ CURLMcode Curl_multi_add_perform(struct Curl_multi *multi, /* take this handle to the perform state right away */ multistate(data, MSTATE_PERFORMING); - Curl_attach_connnection(data, conn); + Curl_attach_connection(data, conn); k->keepon |= KEEP_RECV; /* setup to receive! */ } return rc; @@ -1759,6 +1753,10 @@ CURLcode Curl_preconnect(struct Curl_easy *data) return CURLE_OK; } +static void set_in_callback(struct Curl_multi *multi, bool value) +{ + multi->in_callback = value; +} static CURLMcode multi_runsingle(struct Curl_multi *multi, struct curltime *nowp, @@ -1795,7 +1793,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, rc = CURLM_OK; if(multi_ischanged(multi, TRUE)) { - DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!")); + DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue")); process_pending_handles(multi); /* multiplexed */ } @@ -2169,8 +2167,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, Curl_posttransfer(data); drc = multi_done(data, result, FALSE); - /* When set to retry the connection, we must to go back to - * the CONNECT state */ + /* When set to retry the connection, we must go back to the CONNECT + * state */ if(newurl) { if(!drc || (drc == CURLE_SEND_ERROR)) { follow = FOLLOW_RETRY; @@ -2382,7 +2380,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, CURLcode ret = Curl_retry_request(data, &newurl); if(!ret) { - infof(data, "Downgrades to HTTP/1.1!"); + infof(data, "Downgrades to HTTP/1.1"); streamclose(data->conn, "Disconnect HTTP/2 for HTTP/1"); data->state.httpwant = CURL_HTTP_VERSION_1_1; /* clear the error message bit too as we ignore the one we got */ @@ -2560,7 +2558,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, /* This is where we make sure that the conn pointer is reset. We don't have to do this in every case block above where a failure is detected */ - Curl_detach_connnection(data); + Curl_detach_connection(data); /* remove connection from cache */ Curl_conncache_remove_conn(data, conn, TRUE); @@ -2872,8 +2870,10 @@ static CURLMcode singlesocket(struct Curl_multi *multi, continue; if(multi->socket_cb) { + set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, comboaction, multi->socket_userp, entry->socketp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -2914,8 +2914,10 @@ static CURLMcode singlesocket(struct Curl_multi *multi, entry->readers--; if(!entry->users) { if(multi->socket_cb) { + set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -2969,9 +2971,12 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s) if(entry) { int rc = 0; - if(multi->socket_cb) + if(multi->socket_cb) { + set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); + set_in_callback(multi, FALSE); + } /* now remove it from the socket hash */ sh_delentry(entry, &multi->sockhash, s); @@ -3343,7 +3348,9 @@ CURLMcode Curl_update_timer(struct Curl_multi *multi) multi->timer_lastcall = none; /* there's no timeout now but there was one previously, tell the app to disable it */ + set_in_callback(multi, TRUE); rc = multi->timer_cb(multi, -1, multi->timer_userp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -3362,7 +3369,9 @@ CURLMcode Curl_update_timer(struct Curl_multi *multi) multi->timer_lastcall = multi->timetree->key; + set_in_callback(multi, TRUE); rc = multi->timer_cb(multi, timeout_ms, multi->timer_userp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; return CURLM_ABORTED_BY_CALLBACK; @@ -3561,9 +3570,6 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, { struct Curl_sh_entry *there = NULL; - if(multi->in_callback) - return CURLM_RECURSIVE_API_CALL; - there = sh_getentry(&multi->sockhash, s); if(!there) diff --git a/libs/libcurl/src/multiif.h b/libs/libcurl/src/multiif.h index f4d0ada8e8..5a8c358bc4 100644 --- a/libs/libcurl/src/multiif.h +++ b/libs/libcurl/src/multiif.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,9 +31,9 @@ void Curl_expire(struct Curl_easy *data, timediff_t milli, expire_id); void Curl_expire_clear(struct Curl_easy *data); void Curl_expire_done(struct Curl_easy *data, expire_id id); CURLMcode Curl_update_timer(struct Curl_multi *multi) WARN_UNUSED_RESULT; -void Curl_attach_connnection(struct Curl_easy *data, +void Curl_attach_connection(struct Curl_easy *data, struct connectdata *conn); -void Curl_detach_connnection(struct Curl_easy *data); +void Curl_detach_connection(struct Curl_easy *data); bool Curl_multiplex_wanted(const struct Curl_multi *multi); void Curl_set_in_callback(struct Curl_easy *data, bool value); bool Curl_is_in_callback(struct Curl_easy *easy); diff --git a/libs/libcurl/src/non-ascii.c b/libs/libcurl/src/non-ascii.c deleted file mode 100644 index 3b77ae98d5..0000000000 --- a/libs/libcurl/src/non-ascii.c +++ /dev/null @@ -1,336 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#ifdef CURL_DOES_CONVERSIONS - -#include <curl/curl.h> - -#include "non-ascii.h" -#include "formdata.h" -#include "sendf.h" -#include "urldata.h" -#include "multiif.h" -#include "strerror.h" - -#include "curl_memory.h" -/* The last #include file should be: */ -#include "memdebug.h" - -#ifdef HAVE_ICONV -#include <iconv.h> -/* set default codesets for iconv */ -#ifndef CURL_ICONV_CODESET_OF_NETWORK -#define CURL_ICONV_CODESET_OF_NETWORK "ISO8859-1" -#endif -#ifndef CURL_ICONV_CODESET_FOR_UTF8 -#define CURL_ICONV_CODESET_FOR_UTF8 "UTF-8" -#endif -#define ICONV_ERROR (size_t)-1 -#endif /* HAVE_ICONV */ - -/* - * Curl_convert_clone() returns a malloced copy of the source string (if - * returning CURLE_OK), with the data converted to network format. - */ -CURLcode Curl_convert_clone(struct Curl_easy *data, - const char *indata, - size_t insize, - char **outbuf) -{ - char *convbuf; - CURLcode result; - - convbuf = malloc(insize); - if(!convbuf) - return CURLE_OUT_OF_MEMORY; - - memcpy(convbuf, indata, insize); - result = Curl_convert_to_network(data, convbuf, insize); - if(result) { - free(convbuf); - return result; - } - - *outbuf = convbuf; /* return the converted buffer */ - - return CURLE_OK; -} - -/* - * Curl_convert_to_network() is an internal function for performing ASCII - * conversions on non-ASCII platforms. It converts the buffer _in place_. - */ -CURLcode Curl_convert_to_network(struct Curl_easy *data, - char *buffer, size_t length) -{ - if(data && data->set.convtonetwork) { - /* use translation callback */ - CURLcode result; - Curl_set_in_callback(data, true); - result = data->set.convtonetwork(buffer, length); - Curl_set_in_callback(data, false); - if(result) { - failf(data, - "CURLOPT_CONV_TO_NETWORK_FUNCTION callback returned %d: %s", - (int)result, curl_easy_strerror(result)); - } - - return result; - } - else { -#ifdef HAVE_ICONV - /* do the translation ourselves */ - iconv_t tmpcd = (iconv_t) -1; - iconv_t *cd = &tmpcd; - char *input_ptr, *output_ptr; - size_t in_bytes, out_bytes, rc; - char ebuffer[STRERROR_LEN]; - - /* open an iconv conversion descriptor if necessary */ - if(data) - cd = &data->outbound_cd; - if(*cd == (iconv_t)-1) { - *cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK, - CURL_ICONV_CODESET_OF_HOST); - if(*cd == (iconv_t)-1) { - failf(data, - "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", - CURL_ICONV_CODESET_OF_NETWORK, - CURL_ICONV_CODESET_OF_HOST, - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - } - /* call iconv */ - input_ptr = output_ptr = buffer; - in_bytes = out_bytes = length; - rc = iconv(*cd, &input_ptr, &in_bytes, - &output_ptr, &out_bytes); - if(!data) - iconv_close(tmpcd); - if((rc == ICONV_ERROR) || (in_bytes)) { - failf(data, - "The Curl_convert_to_network iconv call failed with errno %i: %s", - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } -#else - failf(data, "CURLOPT_CONV_TO_NETWORK_FUNCTION callback required"); - return CURLE_CONV_REQD; -#endif /* HAVE_ICONV */ - } - - return CURLE_OK; -} - -/* - * Curl_convert_from_network() is an internal function for performing ASCII - * conversions on non-ASCII platforms. It converts the buffer _in place_. - */ -CURLcode Curl_convert_from_network(struct Curl_easy *data, - char *buffer, size_t length) -{ - if(data && data->set.convfromnetwork) { - /* use translation callback */ - CURLcode result; - Curl_set_in_callback(data, true); - result = data->set.convfromnetwork(buffer, length); - Curl_set_in_callback(data, false); - if(result) { - failf(data, - "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback returned %d: %s", - (int)result, curl_easy_strerror(result)); - } - - return result; - } - else { -#ifdef HAVE_ICONV - /* do the translation ourselves */ - iconv_t tmpcd = (iconv_t) -1; - iconv_t *cd = &tmpcd; - char *input_ptr, *output_ptr; - size_t in_bytes, out_bytes, rc; - char ebuffer[STRERROR_LEN]; - - /* open an iconv conversion descriptor if necessary */ - if(data) - cd = &data->inbound_cd; - if(*cd == (iconv_t)-1) { - *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_OF_NETWORK); - if(*cd == (iconv_t)-1) { - failf(data, - "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", - CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_OF_NETWORK, - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - } - /* call iconv */ - input_ptr = output_ptr = buffer; - in_bytes = out_bytes = length; - rc = iconv(*cd, &input_ptr, &in_bytes, - &output_ptr, &out_bytes); - if(!data) - iconv_close(tmpcd); - if((rc == ICONV_ERROR) || (in_bytes)) { - failf(data, - "Curl_convert_from_network iconv call failed with errno %i: %s", - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } -#else - failf(data, "CURLOPT_CONV_FROM_NETWORK_FUNCTION callback required"); - return CURLE_CONV_REQD; -#endif /* HAVE_ICONV */ - } - - return CURLE_OK; -} - -/* - * Curl_convert_from_utf8() is an internal function for performing UTF-8 - * conversions on non-ASCII platforms. - */ -CURLcode Curl_convert_from_utf8(struct Curl_easy *data, - char *buffer, size_t length) -{ - if(data && data->set.convfromutf8) { - /* use translation callback */ - CURLcode result; - Curl_set_in_callback(data, true); - result = data->set.convfromutf8(buffer, length); - Curl_set_in_callback(data, false); - if(result) { - failf(data, - "CURLOPT_CONV_FROM_UTF8_FUNCTION callback returned %d: %s", - (int)result, curl_easy_strerror(result)); - } - - return result; - } - else { -#ifdef HAVE_ICONV - /* do the translation ourselves */ - iconv_t tmpcd = (iconv_t) -1; - iconv_t *cd = &tmpcd; - char *input_ptr; - char *output_ptr; - size_t in_bytes, out_bytes, rc; - char ebuffer[STRERROR_LEN]; - - /* open an iconv conversion descriptor if necessary */ - if(data) - cd = &data->utf8_cd; - if(*cd == (iconv_t)-1) { - *cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_FOR_UTF8); - if(*cd == (iconv_t)-1) { - failf(data, - "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", - CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_FOR_UTF8, - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - } - /* call iconv */ - input_ptr = output_ptr = buffer; - in_bytes = out_bytes = length; - rc = iconv(*cd, &input_ptr, &in_bytes, - &output_ptr, &out_bytes); - if(!data) - iconv_close(tmpcd); - if((rc == ICONV_ERROR) || (in_bytes)) { - failf(data, - "The Curl_convert_from_utf8 iconv call failed with errno %i: %s", - errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); - return CURLE_CONV_FAILED; - } - if(output_ptr < input_ptr) { - /* null terminate the now shorter output string */ - *output_ptr = 0x00; - } -#else - failf(data, "CURLOPT_CONV_FROM_UTF8_FUNCTION callback required"); - return CURLE_CONV_REQD; -#endif /* HAVE_ICONV */ - } - - return CURLE_OK; -} - -/* - * Init conversion stuff for a Curl_easy - */ -void Curl_convert_init(struct Curl_easy *data) -{ -#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) - /* conversion descriptors for iconv calls */ - data->outbound_cd = (iconv_t)-1; - data->inbound_cd = (iconv_t)-1; - data->utf8_cd = (iconv_t)-1; -#else - (void)data; -#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */ -} - -/* - * Setup conversion stuff for a Curl_easy - */ -void Curl_convert_setup(struct Curl_easy *data) -{ - data->inbound_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_OF_NETWORK); - data->outbound_cd = iconv_open(CURL_ICONV_CODESET_OF_NETWORK, - CURL_ICONV_CODESET_OF_HOST); - data->utf8_cd = iconv_open(CURL_ICONV_CODESET_OF_HOST, - CURL_ICONV_CODESET_FOR_UTF8); -} - -/* - * Close conversion stuff for a Curl_easy - */ - -void Curl_convert_close(struct Curl_easy *data) -{ -#ifdef HAVE_ICONV - /* close iconv conversion descriptors */ - if(data->inbound_cd != (iconv_t)-1) { - iconv_close(data->inbound_cd); - } - if(data->outbound_cd != (iconv_t)-1) { - iconv_close(data->outbound_cd); - } - if(data->utf8_cd != (iconv_t)-1) { - iconv_close(data->utf8_cd); - } -#else - (void)data; -#endif /* HAVE_ICONV */ -} - -#endif /* CURL_DOES_CONVERSIONS */ diff --git a/libs/libcurl/src/non-ascii.h b/libs/libcurl/src/non-ascii.h deleted file mode 100644 index 458e8ef091..0000000000 --- a/libs/libcurl/src/non-ascii.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef HEADER_CURL_NON_ASCII_H -#define HEADER_CURL_NON_ASCII_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -#include "curl_setup.h" - -#ifdef CURL_DOES_CONVERSIONS - -#include "urldata.h" - -/* - * Curl_convert_clone() returns a malloced copy of the source string (if - * returning CURLE_OK), with the data converted to network format. - * - * If no conversion was needed *outbuf may be NULL. - */ -CURLcode Curl_convert_clone(struct Curl_easy *data, - const char *indata, - size_t insize, - char **outbuf); - -void Curl_convert_init(struct Curl_easy *data); -void Curl_convert_setup(struct Curl_easy *data); -void Curl_convert_close(struct Curl_easy *data); - -CURLcode Curl_convert_to_network(struct Curl_easy *data, - char *buffer, size_t length); -CURLcode Curl_convert_from_network(struct Curl_easy *data, - char *buffer, size_t length); -CURLcode Curl_convert_from_utf8(struct Curl_easy *data, - char *buffer, size_t length); -#else -#define Curl_convert_clone(a,b,c,d) ((void)a, CURLE_OK) -#define Curl_convert_init(x) Curl_nop_stmt -#define Curl_convert_setup(x) Curl_nop_stmt -#define Curl_convert_close(x) Curl_nop_stmt -#define Curl_convert_to_network(a,b,c) ((void)a, CURLE_OK) -#define Curl_convert_from_network(a,b,c) ((void)a, CURLE_OK) -#define Curl_convert_from_utf8(a,b,c) ((void)a, CURLE_OK) -#endif - -#endif /* HEADER_CURL_NON_ASCII_H */ diff --git a/libs/libcurl/src/nonblock.c b/libs/libcurl/src/nonblock.c index fda2e9ad79..28f6e75881 100644 --- a/libs/libcurl/src/nonblock.c +++ b/libs/libcurl/src/nonblock.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -75,7 +75,7 @@ int curlx_nonblock(curl_socket_t sockfd, /* operate on this */ #elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK) - /* BeOS */ + /* Orbis OS */ long b = nonblock ? 1L : 0L; return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); diff --git a/libs/libcurl/src/nwlib.c b/libs/libcurl/src/nwlib.c deleted file mode 100644 index 769326892a..0000000000 --- a/libs/libcurl/src/nwlib.c +++ /dev/null @@ -1,327 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#ifdef NETWARE /* Novell NetWare */ - -#ifdef __NOVELL_LIBC__ -/* For native LibC-based NLM we need to register as a real lib. */ -#include <library.h> -#include <netware.h> -#include <screen.h> -#include <nks/thread.h> -#include <nks/synch.h> - -#include "curl_memory.h" -/* The last #include file should be: */ -#include "memdebug.h" - -struct libthreaddata { - int _errno; - void *twentybytes; -}; - -struct libdata { - int x; - int y; - int z; - void *tenbytes; - NXKey_t perthreadkey; /* if -1, no key obtained... */ - NXMutex_t *lock; -}; - -int gLibId = -1; -void *gLibHandle = (void *) NULL; -rtag_t gAllocTag = (rtag_t) NULL; -NXMutex_t *gLibLock = (NXMutex_t *) NULL; - -/* internal library function prototypes... */ -int DisposeLibraryData(void *); -void DisposeThreadData(void *); -int GetOrSetUpData(int id, struct libdata **data, - struct libthreaddata **threaddata); - - -int _NonAppStart(void *NLMHandle, - void *errorScreen, - const char *cmdLine, - const char *loadDirPath, - size_t uninitializedDataLength, - void *NLMFileHandle, - int (*readRoutineP)(int conn, - void *fileHandle, size_t offset, - size_t nbytes, - size_t *bytesRead, - void *buffer), - size_t customDataOffset, - size_t customDataSize, - int messageCount, - const char **messages) -{ - NX_LOCK_INFO_ALLOC(liblock, "Per-Application Data Lock", 0); - -#ifndef __GNUC__ -#pragma unused(cmdLine) -#pragma unused(loadDirPath) -#pragma unused(uninitializedDataLength) -#pragma unused(NLMFileHandle) -#pragma unused(readRoutineP) -#pragma unused(customDataOffset) -#pragma unused(customDataSize) -#pragma unused(messageCount) -#pragma unused(messages) -#endif - - /* - * Here we process our command line, post errors (to the error screen), - * perform initializations and anything else we need to do before being able - * to accept calls into us. If we succeed, we return non-zero and the NetWare - * Loader will leave us up, otherwise we fail to load and get dumped. - */ - gAllocTag = AllocateResourceTag(NLMHandle, - "<library-name> memory allocations", - AllocSignature); - - if(!gAllocTag) { - OutputToScreen(errorScreen, "Unable to allocate resource tag for " - "library memory allocations.\n"); - return -1; - } - - gLibId = register_library(DisposeLibraryData); - - if(gLibId < -1) { - OutputToScreen(errorScreen, "Unable to register library with kernel.\n"); - return -1; - } - - gLibHandle = NLMHandle; - - gLibLock = NXMutexAlloc(0, 0, &liblock); - - if(!gLibLock) { - OutputToScreen(errorScreen, "Unable to allocate library data lock.\n"); - return -1; - } - - return 0; -} - -/* - * Here we clean up any resources we allocated. Resource tags is a big part - * of what we created, but NetWare doesn't ask us to free those. - */ -void _NonAppStop(void) -{ - (void) unregister_library(gLibId); - NXMutexFree(gLibLock); -} - -/* - * This function cannot be the first in the file for if the file is linked - * first, then the check-unload function's offset will be nlmname.nlm+0 - * which is how to tell that there isn't one. When the check function is - * first in the linked objects, it is ambiguous. For this reason, we will - * put it inside this file after the stop function. - * - * Here we check to see if it's alright to ourselves to be unloaded. If not, - * we return a non-zero value. Right now, there isn't any reason not to allow - * it. - */ -int _NonAppCheckUnload(void) -{ - return 0; -} - -int GetOrSetUpData(int id, struct libdata **appData, - struct libthreaddata **threadData) -{ - int err; - struct libdata *app_data; - struct libthreaddata *thread_data; - NXKey_t key; - NX_LOCK_INFO_ALLOC(liblock, "Application Data Lock", 0); - - err = 0; - thread_data = (struct libthreaddata_t *) NULL; - - /* - * Attempt to get our data for the application calling us. This is where we - * store whatever application-specific information we need to carry in - * support of calling applications. - */ - app_data = (struct libdata *) get_app_data(id); - - if(!app_data) { - /* - * This application hasn't called us before; set up application AND - * per-thread data. Of course, just in case a thread from this same - * application is calling us simultaneously, we better lock our application - * data-creation mutex. We also need to recheck for data after we acquire - * the lock because WE might be that other thread that was too late to - * create the data and the first thread in will have created it. - */ - NXLock(gLibLock); - - app_data = (struct libdata *) get_app_data(id); - if(!app_data) { - app_data = calloc(1, sizeof(struct libdata)); - - if(app_data) { - app_data->tenbytes = malloc(10); - app_data->lock = NXMutexAlloc(0, 0, &liblock); - - if(!app_data->tenbytes || !app_data->lock) { - if(app_data->lock) - NXMutexFree(app_data->lock); - free(app_data->tenbytes); - free(app_data); - app_data = (libdata_t *) NULL; - err = ENOMEM; - } - - if(app_data) { - /* - * Here we burn in the application data that we were trying to get - * by calling get_app_data(). Next time we call the first function, - * we'll get this data we're just now setting. We also go on here to - * establish the per-thread data for the calling thread, something - * we'll have to do on each application thread the first time - * it calls us. - */ - err = set_app_data(gLibId, app_data); - - if(err) { - if(app_data->lock) - NXMutexFree(app_data->lock); - free(app_data->tenbytes); - free(app_data); - app_data = (libdata_t *) NULL; - err = ENOMEM; - } - else { - /* create key for thread-specific data... */ - err = NXKeyCreate(DisposeThreadData, (void *) NULL, &key); - - if(err) /* (no more keys left?) */ - key = -1; - - app_data->perthreadkey = key; - } - } - } - } - - NXUnlock(gLibLock); - } - - if(app_data) { - key = app_data->perthreadkey; - - if(key != -1 /* couldn't create a key? no thread data */ - && !(err = NXKeyGetValue(key, (void **) &thread_data)) - && !thread_data) { - /* - * Allocate the per-thread data for the calling thread. Regardless of - * whether there was already application data or not, this may be the - * first call by a new thread. The fact that we allocation 20 bytes on - * a pointer is not very important, this just helps to demonstrate that - * we can have arbitrarily complex per-thread data. - */ - thread_data = malloc(sizeof(struct libthreaddata)); - - if(thread_data) { - thread_data->_errno = 0; - thread_data->twentybytes = malloc(20); - - if(!thread_data->twentybytes) { - free(thread_data); - thread_data = (struct libthreaddata *) NULL; - err = ENOMEM; - } - - err = NXKeySetValue(key, thread_data); - if(err) { - free(thread_data->twentybytes); - free(thread_data); - thread_data = (struct libthreaddata *) NULL; - } - } - } - } - - if(appData) - *appData = app_data; - - if(threadData) - *threadData = thread_data; - - return err; -} - -int DisposeLibraryData(void *data) -{ - if(data) { - void *tenbytes = ((libdata_t *) data)->tenbytes; - - free(tenbytes); - free(data); - } - - return 0; -} - -void DisposeThreadData(void *data) -{ - if(data) { - void *twentybytes = ((struct libthreaddata *) data)->twentybytes; - - free(twentybytes); - free(data); - } -} - -#else /* __NOVELL_LIBC__ */ -/* For native CLib-based NLM seems we can do a bit more simple. */ -#include <nwthread.h> - -int main(void) -{ - /* initialize any globals here... */ - - /* do this if any global initializing was done - SynchronizeStart(); - */ - ExitThread(TSR_THREAD, 0); - return 0; -} - -#endif /* __NOVELL_LIBC__ */ - -#else /* NETWARE */ - -#ifdef __POCC__ -# pragma warn(disable:2024) /* Disable warning #2024: Empty input file */ -#endif - -#endif /* NETWARE */ diff --git a/libs/libcurl/src/nwos.c b/libs/libcurl/src/nwos.c deleted file mode 100644 index 889403132c..0000000000 --- a/libs/libcurl/src/nwos.c +++ /dev/null @@ -1,88 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include "curl_setup.h" - -#ifdef NETWARE /* Novell NetWare */ - -#ifdef __NOVELL_LIBC__ -/* For native LibC-based NLM we need to do nothing. */ -int netware_init(void) -{ - return 0; -} - -#else /* __NOVELL_LIBC__ */ - -/* For native CLib-based NLM we need to initialize the LONG namespace. */ -#include <nwnspace.h> -#include <nwthread.h> -#include <nwadv.h> -/* Make the CLIB Ctx stuff link */ -#include <netdb.h> -NETDB_DEFINE_CONTEXT -/* Make the CLIB Inet stuff link */ -#include <netinet/in.h> -#include <arpa/inet.h> -NETINET_DEFINE_CONTEXT - -int netware_init(void) -{ - int rc = 0; - unsigned int myHandle = GetNLMHandle(); - /* import UnAugmentAsterisk dynamically for NW4.x compatibility */ - void (*pUnAugmentAsterisk)(int) = (void(*)(int)) - ImportSymbol(myHandle, "UnAugmentAsterisk"); - /* import UseAccurateCaseForPaths dynamically for NW3.x compatibility */ - void (*pUseAccurateCaseForPaths)(int) = (void(*)(int)) - ImportSymbol(myHandle, "UseAccurateCaseForPaths"); - if(pUnAugmentAsterisk) - pUnAugmentAsterisk(1); - if(pUseAccurateCaseForPaths) - pUseAccurateCaseForPaths(1); - UnimportSymbol(myHandle, "UnAugmentAsterisk"); - UnimportSymbol(myHandle, "UseAccurateCaseForPaths"); - /* set long name space */ - if((SetCurrentNameSpace(4) == 255)) { - rc = 1; - } - if((SetTargetNameSpace(4) == 255)) { - rc = rc + 2; - } - return rc; -} - -/* dummy function to satisfy newer prelude */ -int __init_environment(void) -{ - return 0; -} - -/* dummy function to satisfy newer prelude */ -int __deinit_environment(void) -{ - return 0; -} - -#endif /* __NOVELL_LIBC__ */ - -#endif /* NETWARE */ diff --git a/libs/libcurl/src/openldap.c b/libs/libcurl/src/openldap.c index 0ffb6a36a2..4e92567706 100644 --- a/libs/libcurl/src/openldap.c +++ b/libs/libcurl/src/openldap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2011 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010, Howard Chu, <hyc@openldap.org> * * This software is licensed as described in the file COPYING, which @@ -46,6 +46,8 @@ #include "curl_ldap.h" #include "curl_base64.h" #include "connect.h" +#include "curl_sasl.h" +#include "strcase.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -76,6 +78,8 @@ typedef enum { OLDAP_SSL, /* Performing SSL handshake. */ OLDAP_STARTTLS, /* STARTTLS request sent. */ OLDAP_TLS, /* Performing TLS handshake. */ + OLDAP_MECHS, /* Get SASL authentication mechanisms. */ + OLDAP_SASL, /* SASL binding reply. */ OLDAP_BIND, /* Simple bind reply. */ OLDAP_BINDV2, /* Simple bind reply in protocol version 2. */ OLDAP_LAST /* Never used */ @@ -96,6 +100,13 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done); static CURLcode oldap_disconnect(struct Curl_easy *data, struct connectdata *conn, bool dead); +static CURLcode oldap_perform_auth(struct Curl_easy *data, const char *mech, + const struct bufref *initresp); +static CURLcode oldap_continue_auth(struct Curl_easy *data, const char *mech, + const struct bufref *resp); +static CURLcode oldap_cancel_auth(struct Curl_easy *data, const char *mech); +static CURLcode oldap_get_message(struct Curl_easy *data, struct bufref *out); + static Curl_recv oldap_recv; /* @@ -154,10 +165,26 @@ const struct Curl_handler Curl_handler_ldaps = { }; #endif +/* SASL parameters for the ldap protocol */ +static const struct SASLproto saslldap = { + "ldap", /* The service name */ + oldap_perform_auth, /* Send authentication command */ + oldap_continue_auth, /* Send authentication continuation */ + oldap_cancel_auth, /* Send authentication cancellation */ + oldap_get_message, /* Get SASL response message */ + 0, /* Maximum initial response length (no max) */ + LDAP_SASL_BIND_IN_PROGRESS, /* Code received when continuation is expected */ + LDAP_SUCCESS, /* Code to receive upon authentication success */ + SASL_AUTH_NONE, /* Default mechanisms */ + 0 /* Configuration flags */ +}; + struct ldapconninfo { + struct SASL sasl; /* SASL-related parameters */ LDAP *ld; /* Openldap connection handle. */ Curl_recv *recv; /* For stacking SSL handler */ Curl_send *send; + struct berval *servercred; /* SASL data from server. */ ldapstate state; /* Current machine state. */ int proto; /* LDAP_PROTO_TCP/LDAP_PROTO_UDP/LDAP_PROTO_IPC */ int msgid; /* Current message id. */ @@ -184,6 +211,8 @@ static void state(struct Curl_easy *data, ldapstate newstate) "SSL", "STARTTLS", "TLS", + "MECHS", + "SASL", "BIND", "BINDV2", /* LAST */ @@ -251,6 +280,37 @@ static CURLcode oldap_url_parse(struct Curl_easy *data, LDAPURLDesc **ludp) return result; } +/* Parse the login options. */ +static CURLcode oldap_parse_login_options(struct connectdata *conn) +{ + CURLcode result = CURLE_OK; + struct ldapconninfo *li = conn->proto.ldapc; + const char *ptr = conn->options; + + while(!result && ptr && *ptr) { + const char *key = ptr; + const char *value; + + while(*ptr && *ptr != '=') + ptr++; + + value = ptr + 1; + + while(*ptr && *ptr != ';') + ptr++; + + if(checkprefix("AUTH=", key)) + result = Curl_sasl_parse_url_auth_option(&li->sasl, value, ptr - value); + else + result = CURLE_SETOPT_OPTION_SYNTAX; + + if(*ptr == ';') + ptr++; + } + + return result == CURLE_URL_MALFORMAT? CURLE_SETOPT_OPTION_SYNTAX: result; +} + static CURLcode oldap_setup_connection(struct Curl_easy *data, struct connectdata *conn) { @@ -271,14 +331,94 @@ static CURLcode oldap_setup_connection(struct Curl_easy *data, conn->proto.ldapc = li; connkeep(conn, "OpenLDAP default"); + /* Initialize the SASL storage */ + Curl_sasl_init(&li->sasl, data, &saslldap); + /* Clear the TLS upgraded flag */ conn->bits.tls_upgraded = FALSE; + + result = oldap_parse_login_options(conn); } } return result; } +/* + * Get the SASL authentication challenge from the server credential buffer. + */ +static CURLcode oldap_get_message(struct Curl_easy *data, struct bufref *out) +{ + struct berval *servercred = data->conn->proto.ldapc->servercred; + + if(!servercred || !servercred->bv_val) + return CURLE_WEIRD_SERVER_REPLY; + Curl_bufref_set(out, servercred->bv_val, servercred->bv_len, NULL); + return CURLE_OK; +} + +/* + * Sends an initial SASL bind request to the server. + */ +static CURLcode oldap_perform_auth(struct Curl_easy *data, const char *mech, + const struct bufref *initresp) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + CURLcode result = CURLE_OK; + struct berval cred; + struct berval *pcred = &cred; + int rc; + + cred.bv_val = (char *) Curl_bufref_ptr(initresp); + cred.bv_len = Curl_bufref_len(initresp); + if(!cred.bv_val) + pcred = NULL; + rc = ldap_sasl_bind(li->ld, NULL, mech, pcred, NULL, NULL, &li->msgid); + if(rc != LDAP_SUCCESS) + result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return result; +} + +/* + * Sends SASL continuation. + */ +static CURLcode oldap_continue_auth(struct Curl_easy *data, const char *mech, + const struct bufref *resp) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + CURLcode result = CURLE_OK; + struct berval cred; + struct berval *pcred = &cred; + int rc; + + cred.bv_val = (char *) Curl_bufref_ptr(resp); + cred.bv_len = Curl_bufref_len(resp); + if(!cred.bv_val) + pcred = NULL; + rc = ldap_sasl_bind(li->ld, NULL, mech, pcred, NULL, NULL, &li->msgid); + if(rc != LDAP_SUCCESS) + result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return result; +} + +/* + * Sends SASL bind cancellation. + */ +static CURLcode oldap_cancel_auth(struct Curl_easy *data, const char *mech) +{ + struct ldapconninfo *li = data->conn->proto.ldapc; + CURLcode result = CURLE_OK; + int rc = ldap_sasl_bind(li->ld, NULL, LDAP_SASL_NULL, NULL, NULL, NULL, + &li->msgid); + + (void)mech; + if(rc != LDAP_SUCCESS) + result = oldap_map_error(rc, CURLE_LDAP_CANNOT_BIND); + return result; +} + /* Starts LDAP simple bind. */ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) { @@ -292,7 +432,7 @@ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) passwd.bv_val = NULL; passwd.bv_len = 0; - if(conn->bits.user_passwd) { + if(data->state.aptr.user) { binddn = conn->user; passwd.bv_val = conn->passwd; passwd.bv_len = strlen(passwd.bv_val); @@ -304,11 +444,45 @@ static CURLcode oldap_perform_bind(struct Curl_easy *data, ldapstate newstate) state(data, newstate); else result = oldap_map_error(rc, - conn->bits.user_passwd? + data->state.aptr.user? CURLE_LOGIN_DENIED: CURLE_LDAP_CANNOT_BIND); return result; } +/* Query the supported SASL authentication mechanisms. */ +static CURLcode oldap_perform_mechs(struct Curl_easy *data) +{ + CURLcode result = CURLE_OK; + struct ldapconninfo *li = data->conn->proto.ldapc; + int rc; + static const char * const supportedSASLMechanisms[] = { + "supportedSASLMechanisms", + NULL + }; + + rc = ldap_search_ext(li->ld, "", LDAP_SCOPE_BASE, "(objectclass=*)", + (char **) supportedSASLMechanisms, 0, + NULL, NULL, NULL, 0, &li->msgid); + if(rc == LDAP_SUCCESS) + state(data, OLDAP_MECHS); + else + result = oldap_map_error(rc, CURLE_LOGIN_DENIED); + return result; +} + +/* Starts SASL bind. */ +static CURLcode oldap_perform_sasl(struct Curl_easy *data) +{ + saslprogress progress = SASL_IDLE; + struct ldapconninfo *li = data->conn->proto.ldapc; + CURLcode result = Curl_sasl_start(&li->sasl, data, TRUE, &progress); + + state(data, OLDAP_SASL); + if(!result && progress != SASL_INPROGRESS) + result = CURLE_LOGIN_DENIED; + return result; +} + #ifdef USE_SSL static Sockbuf_IO ldapsb_tls; @@ -414,11 +588,106 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) } #endif + if(li->sasl.prefmech != SASL_AUTH_NONE) + return oldap_perform_mechs(data); + /* Force bind even if anonymous bind is not needed in protocol version 3 to detect missing version 3 support. */ return oldap_perform_bind(data, OLDAP_BIND); } +/* Handle the supported SASL mechanisms query response */ +static CURLcode oldap_state_mechs_resp(struct Curl_easy *data, + LDAPMessage *msg, int code) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + int rc; + BerElement *ber = NULL; + CURLcode result = CURLE_OK; + struct berval bv, *bvals; + + switch(ldap_msgtype(msg)) { + case LDAP_RES_SEARCH_ENTRY: + /* Got a list of supported SASL mechanisms. */ + if(code != LDAP_SUCCESS && code != LDAP_NO_RESULTS_RETURNED) + return CURLE_LOGIN_DENIED; + + rc = ldap_get_dn_ber(li->ld, msg, &ber, &bv); + if(rc < 0) + return oldap_map_error(rc, CURLE_BAD_CONTENT_ENCODING); + for(rc = ldap_get_attribute_ber(li->ld, msg, ber, &bv, &bvals); + rc == LDAP_SUCCESS; + rc = ldap_get_attribute_ber(li->ld, msg, ber, &bv, &bvals)) { + int i; + + if(!bv.bv_val) + break; + + if(bvals) { + for(i = 0; bvals[i].bv_val; i++) { + size_t llen; + unsigned short mech = Curl_sasl_decode_mech((char *) bvals[i].bv_val, + bvals[i].bv_len, &llen); + if(bvals[i].bv_len == llen) + li->sasl.authmechs |= mech; + } + ber_memfree(bvals); + } + } + ber_free(ber, 0); + break; + + case LDAP_RES_SEARCH_RESULT: + switch(code) { + case LDAP_SIZELIMIT_EXCEEDED: + infof(data, "Too many authentication mechanisms\n"); + /* FALLTHROUGH */ + case LDAP_SUCCESS: + case LDAP_NO_RESULTS_RETURNED: + if(Curl_sasl_can_authenticate(&li->sasl, data)) + result = oldap_perform_sasl(data); + else + result = CURLE_LOGIN_DENIED; + break; + default: + result = oldap_map_error(code, CURLE_LOGIN_DENIED); + break; + } + break; + default: + break; + } + return result; +} + +/* Handle a SASL bind response. */ +static CURLcode oldap_state_sasl_resp(struct Curl_easy *data, + LDAPMessage *msg, int code) +{ + struct connectdata *conn = data->conn; + struct ldapconninfo *li = conn->proto.ldapc; + CURLcode result = CURLE_OK; + saslprogress progress; + int rc; + + li->servercred = NULL; + rc = ldap_parse_sasl_bind_result(li->ld, msg, &li->servercred, 0); + if(rc != LDAP_SUCCESS) { + failf(data, "LDAP local: sasl ldap_parse_result %s", ldap_err2string(rc)); + result = oldap_map_error(rc, CURLE_LOGIN_DENIED); + } + else { + result = Curl_sasl_continue(&li->sasl, data, code, &progress); + if(!result && progress != SASL_INPROGRESS) + state(data, OLDAP_STOP); + } + + if(li->servercred) + ber_bvfree(li->servercred); + return result; +} + /* Handle a simple bind response. */ static CURLcode oldap_state_bind_resp(struct Curl_easy *data, LDAPMessage *msg, int code) @@ -459,12 +728,20 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) if(li->state != OLDAP_SSL && li->state != OLDAP_TLS) { /* Get response to last command. */ rc = ldap_result(li->ld, li->msgid, LDAP_MSG_ONE, &tv, &msg); - if(!rc) - return CURLE_OK; /* Timed out. */ - if(rc < 0) { - failf(data, "LDAP local: connecting ldap_result %s", - ldap_err2string(rc)); - return oldap_map_error(rc, CURLE_COULDNT_CONNECT); + switch(rc) { + case 0: /* Timed out. */ + return CURLE_OK; + case LDAP_RES_SEARCH_ENTRY: + case LDAP_RES_SEARCH_REFERENCE: + break; + default: + li->msgid = 0; /* Nothing to abandon upon error. */ + if(rc < 0) { + failf(data, "LDAP local: connecting ldap_result %s", + ldap_err2string(rc)); + return oldap_map_error(rc, CURLE_COULDNT_CONNECT); + } + break; } /* Get error code from message. */ @@ -477,11 +754,11 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) } /* If protocol version 3 is not supported, fallback to version 2. */ - if(code == LDAP_PROTOCOL_ERROR && li->state != OLDAP_BINDV2 + if(code == LDAP_PROTOCOL_ERROR && li->state != OLDAP_BINDV2 && #ifdef USE_SSL - && (ssl_installed(conn) || data->set.use_ssl <= CURLUSESSL_TRY) + (ssl_installed(conn) || data->set.use_ssl <= CURLUSESSL_TRY) && #endif - ) { + li->sasl.prefmech == SASL_AUTH_NONE) { static const int version = LDAP_VERSION2; ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &version); @@ -496,13 +773,19 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) #ifdef USE_SSL case OLDAP_SSL: result = oldap_ssl_connect(data, OLDAP_SSL); - if(!result && ssl_installed(conn)) - result = oldap_perform_bind(data, OLDAP_BIND); + if(!result && ssl_installed(conn)) { + if(li->sasl.prefmech != SASL_AUTH_NONE) + result = oldap_perform_mechs(data); + else + result = oldap_perform_bind(data, OLDAP_BIND); + } break; case OLDAP_STARTTLS: if(code != LDAP_SUCCESS) { if(data->set.use_ssl != CURLUSESSL_TRY) result = oldap_map_error(code, CURLE_USE_SSL_FAILED); + else if(li->sasl.prefmech != SASL_AUTH_NONE) + result = oldap_perform_mechs(data); else result = oldap_perform_bind(data, OLDAP_BIND); break; @@ -514,7 +797,9 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) result = oldap_map_error(code, CURLE_USE_SSL_FAILED); else if(ssl_installed(conn)) { conn->bits.tls_upgraded = TRUE; - if(conn->bits.user_passwd) + if(li->sasl.prefmech != SASL_AUTH_NONE) + result = oldap_perform_mechs(data); + else if(data->state.aptr.user) result = oldap_perform_bind(data, OLDAP_BIND); else { state(data, OLDAP_STOP); /* Version 3 supported: no bind required */ @@ -524,6 +809,12 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) break; #endif + case OLDAP_MECHS: + result = oldap_state_mechs_resp(data, msg, code); + break; + case OLDAP_SASL: + result = oldap_state_sasl_resp(data, msg, code); + break; case OLDAP_BIND: case OLDAP_BINDV2: result = oldap_state_bind_resp(data, msg, code); @@ -540,6 +831,10 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) if(*done) conn->recv[FIRSTSOCKET] = oldap_recv; + if(result && li->msgid) { + ldap_abandon_ext(li->ld, li->msgid, NULL, NULL); + li->msgid = 0; + } return result; } @@ -549,6 +844,9 @@ static CURLcode oldap_disconnect(struct Curl_easy *data, { struct ldapconninfo *li = conn->proto.ldapc; (void) dead_connection; +#ifndef USE_SSL + (void)data; +#endif if(li) { if(li->ld) { @@ -562,6 +860,7 @@ static CURLcode oldap_disconnect(struct Curl_easy *data, ldap_unbind_ext(li->ld, NULL, NULL); li->ld = NULL; } + Curl_sasl_cleanup(conn, li->sasl.authused); conn->proto.ldapc = NULL; free(li); } @@ -632,21 +931,21 @@ static CURLcode oldap_done(struct Curl_easy *data, CURLcode res, return CURLE_OK; } -static CURLcode client_write(struct Curl_easy *data, const char *prefix, - const char *value, size_t len, const char *suffix) +static CURLcode client_write(struct Curl_easy *data, + const char *prefix, size_t plen, + const char *value, size_t len, + const char *suffix, size_t slen) { CURLcode result = CURLE_OK; - size_t l; if(prefix) { - l = strlen(prefix); /* If we have a zero-length value and the prefix ends with a space separator, drop the latter. */ - if(!len && l && prefix[l - 1] == ' ') - l--; - result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) prefix, l); + if(!len && plen && prefix[plen - 1] == ' ') + plen--; + result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) prefix, plen); if(!result) - data->req.bytecount += l; + data->req.bytecount += plen; } if(!result && value) { result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) value, len); @@ -654,10 +953,9 @@ static CURLcode client_write(struct Curl_easy *data, const char *prefix, data->req.bytecount += len; } if(!result && suffix) { - l = strlen(suffix); - result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) suffix, l); + result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) suffix, slen); if(!result) - data->req.bytecount += l; + data->req.bytecount += slen; } return result; } @@ -734,7 +1032,8 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, break; } - result = client_write(data, "DN: ", bv.bv_val, bv.bv_len, "\n"); + result = client_write(data, STRCONST("DN: "), bv.bv_val, bv.bv_len, + STRCONST("\n")); if(result) break; @@ -747,7 +1046,8 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, break; if(!bvals) { - result = client_write(data, "\t", bv.bv_val, bv.bv_len, ":\n"); + result = client_write(data, STRCONST("\t"), bv.bv_val, bv.bv_len, + STRCONST(":\n")); if(result) break; continue; @@ -759,7 +1059,8 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, for(i = 0; bvals[i].bv_val != NULL; i++) { int binval = 0; - result = client_write(data, "\t", bv.bv_val, bv.bv_len, ":"); + result = client_write(data, STRCONST("\t"), bv.bv_val, bv.bv_len, + STRCONST(":")); if(result) break; @@ -784,15 +1085,17 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, /* Binary value, encode to base64. */ if(bvals[i].bv_len) - result = Curl_base64_encode(data, bvals[i].bv_val, bvals[i].bv_len, + result = Curl_base64_encode(bvals[i].bv_val, bvals[i].bv_len, &val_b64, &val_b64_sz); if(!result) - result = client_write(data, ": ", val_b64, val_b64_sz, "\n"); + result = client_write(data, STRCONST(": "), val_b64, val_b64_sz, + STRCONST("\n")); free(val_b64); } else - result = client_write(data, " ", - bvals[i].bv_val, bvals[i].bv_len, "\n"); + result = client_write(data, STRCONST(" "), + bvals[i].bv_val, bvals[i].bv_len, + STRCONST("\n")); if(result) break; } @@ -800,7 +1103,7 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, ber_memfree(bvals); bvals = NULL; if(!result) - result = client_write(data, "\n", NULL, 0, NULL); + result = client_write(data, STRCONST("\n"), NULL, 0, NULL, 0); if(result) break; } @@ -808,7 +1111,7 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, ber_free(ber, 0); if(!result) - result = client_write(data, "\n", NULL, 0, NULL); + result = client_write(data, STRCONST("\n"), NULL, 0, NULL, 0); if(!result) result = CURLE_AGAIN; break; diff --git a/libs/libcurl/src/pingpong.c b/libs/libcurl/src/pingpong.c index 84c7f51de5..e08c1d8663 100644 --- a/libs/libcurl/src/pingpong.c +++ b/libs/libcurl/src/pingpong.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -32,7 +32,6 @@ #include "speedcheck.h" #include "pingpong.h" #include "multiif.h" -#include "non-ascii.h" #include "vtls/vtls.h" /* The last 3 #include files should be in this order */ @@ -199,11 +198,6 @@ CURLcode Curl_pp_vsendf(struct Curl_easy *data, s = Curl_dyn_ptr(&pp->sendbuf); Curl_pp_init(data, pp); - result = Curl_convert_to_network(data, s, write_len); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; #endif @@ -299,7 +293,7 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, */ if((ptr + pp->cache_size) > (buf + data->set.buffer_size + 1)) { failf(data, "cached response data too big to handle"); - return CURLE_RECV_ERROR; + return CURLE_WEIRD_SERVER_REPLY; } memcpy(ptr, pp->cache, pp->cache_size); gotbytes = (ssize_t)pp->cache_size; @@ -324,11 +318,6 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, if(result == CURLE_AGAIN) return CURLE_OK; /* return */ - if(!result && (gotbytes > 0)) - /* convert from the network encoding */ - result = Curl_convert_from_network(data, ptr, gotbytes); - /* Curl_convert_from_network calls failf if unsuccessful */ - if(result) /* Set outer result variable to this error. */ keepon = FALSE; diff --git a/libs/libcurl/src/pop3.c b/libs/libcurl/src/pop3.c index d4ca67877d..2c1b06c07f 100644 --- a/libs/libcurl/src/pop3.c +++ b/libs/libcurl/src/pop3.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -401,7 +401,7 @@ static CURLcode pop3_perform_user(struct Curl_easy *data, /* Check we have a username and password to authenticate with and end the connect phase if we don't */ - if(!conn->bits.user_passwd) { + if(!data->state.aptr.user) { state(data, POP3_STOP); return result; @@ -435,7 +435,7 @@ static CURLcode pop3_perform_apop(struct Curl_easy *data, /* Check we have a username and password to authenticate with and end the connect phase if we don't */ - if(!conn->bits.user_passwd) { + if(!data->state.aptr.user) { state(data, POP3_STOP); return result; @@ -545,7 +545,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data, /* Check we have enough data to authenticate with and end the connect phase if we don't */ - if(!Curl_sasl_can_authenticate(&pop3c->sasl, conn)) { + if(!Curl_sasl_can_authenticate(&pop3c->sasl, data)) { state(data, POP3_STOP); return result; } @@ -571,7 +571,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data, result = pop3_perform_user(data, conn); else { /* Other mechanisms not supported */ - infof(data, "No known authentication mechanisms supported!"); + infof(data, "No known authentication mechanisms supported"); result = CURLE_LOGIN_DENIED; } } @@ -924,7 +924,7 @@ static CURLcode pop3_state_command_resp(struct Curl_easy *data, if(pop3code != '+') { state(data, POP3_STOP); - return CURLE_RECV_ERROR; + return CURLE_WEIRD_SERVER_REPLY; } /* This 'OK' line ends with a CR LF pair which is the two first bytes of the @@ -1423,7 +1423,7 @@ static CURLcode pop3_parse_url_path(struct Curl_easy *data) const char *path = &data->state.up.path[1]; /* skip leading path */ /* URL decode the path for the message ID */ - return Curl_urldecode(data, path, 0, &pop3->id, NULL, REJECT_CTRL); + return Curl_urldecode(path, 0, &pop3->id, NULL, REJECT_CTRL); } /*********************************************************************** @@ -1440,7 +1440,7 @@ static CURLcode pop3_parse_custom_request(struct Curl_easy *data) /* URL decode the custom request */ if(custom) - result = Curl_urldecode(data, custom, 0, &pop3->custom, NULL, REJECT_CTRL); + result = Curl_urldecode(custom, 0, &pop3->custom, NULL, REJECT_CTRL); return result; } diff --git a/libs/libcurl/src/quic.h b/libs/libcurl/src/quic.h index b030359ddd..f92720f5d6 100644 --- a/libs/libcurl/src/quic.h +++ b/libs/libcurl/src/quic.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,6 +31,9 @@ #ifdef USE_QUICHE #include "vquic/quiche.h" #endif +#ifdef USE_MSH3 +#include "vquic/msh3.h" +#endif #include "urldata.h" diff --git a/libs/libcurl/src/rand.c b/libs/libcurl/src/rand.c index 8f2c1ba29e..8da1e8d968 100644 --- a/libs/libcurl/src/rand.c +++ b/libs/libcurl/src/rand.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -87,7 +87,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) if(!seeded) { struct curltime now = Curl_now(); - infof(data, "WARNING: Using weak random seed"); + infof(data, "WARNING: using weak random seed"); randseed += (unsigned int)now.tv_usec + (unsigned int)now.tv_sec; randseed = randseed * 1103515245 + 12345; randseed = randseed * 1103515245 + 12345; diff --git a/libs/libcurl/src/rtsp.c b/libs/libcurl/src/rtsp.c index 30fefb9b82..726bfb9ae1 100644 --- a/libs/libcurl/src/rtsp.c +++ b/libs/libcurl/src/rtsp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -219,7 +219,7 @@ static CURLcode rtsp_done(struct Curl_easy *data, httpStatus = Curl_http_done(data, status, premature); - if(rtsp) { + if(rtsp && !status && !httpStatus) { /* Check the sequence numbers */ long CSeq_sent = rtsp->CSeq_sent; long CSeq_recv = rtsp->CSeq_recv; @@ -340,7 +340,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) } /* Transport Header for SETUP requests */ - p_transport = Curl_checkheaders(data, "Transport"); + p_transport = Curl_checkheaders(data, STRCONST("Transport")); if(rtspreq == RTSPREQ_SETUP && !p_transport) { /* New Transport: setting? */ if(data->set.str[STRING_RTSP_TRANSPORT]) { @@ -364,11 +364,11 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* Accept Headers for DESCRIBE requests */ if(rtspreq == RTSPREQ_DESCRIBE) { /* Accept Header */ - p_accept = Curl_checkheaders(data, "Accept")? + p_accept = Curl_checkheaders(data, STRCONST("Accept"))? NULL:"Accept: application/sdp\r\n"; /* Accept-Encoding header */ - if(!Curl_checkheaders(data, "Accept-Encoding") && + if(!Curl_checkheaders(data, STRCONST("Accept-Encoding")) && data->set.str[STRING_ENCODING]) { Curl_safefree(data->state.aptr.accept_encoding); data->state.aptr.accept_encoding = @@ -385,11 +385,12 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) it might have been used in the proxy connect, but if we have got a header with the user-agent string specified, we erase the previously made string here. */ - if(Curl_checkheaders(data, "User-Agent") && data->state.aptr.uagent) { + if(Curl_checkheaders(data, STRCONST("User-Agent")) && + data->state.aptr.uagent) { Curl_safefree(data->state.aptr.uagent); data->state.aptr.uagent = NULL; } - else if(!Curl_checkheaders(data, "User-Agent") && + else if(!Curl_checkheaders(data, STRCONST("User-Agent")) && data->set.str[STRING_USERAGENT]) { p_uagent = data->state.aptr.uagent; } @@ -405,7 +406,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* Referrer */ Curl_safefree(data->state.aptr.ref); - if(data->state.referer && !Curl_checkheaders(data, "Referer")) + if(data->state.referer && !Curl_checkheaders(data, STRCONST("Referer"))) data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer); else data->state.aptr.ref = NULL; @@ -422,7 +423,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) (rtspreq & (RTSPREQ_PLAY | RTSPREQ_PAUSE | RTSPREQ_RECORD))) { /* Check to see if there is a range set in the custom headers */ - if(!Curl_checkheaders(data, "Range") && data->state.range) { + if(!Curl_checkheaders(data, STRCONST("Range")) && data->state.range) { Curl_safefree(data->state.aptr.rangeline); data->state.aptr.rangeline = aprintf("Range: %s\r\n", data->state.range); p_range = data->state.aptr.rangeline; @@ -432,11 +433,11 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* * Sanity check the custom headers */ - if(Curl_checkheaders(data, "CSeq")) { + if(Curl_checkheaders(data, STRCONST("CSeq"))) { failf(data, "CSeq cannot be set as a custom header."); return CURLE_RTSP_CSEQ_ERROR; } - if(Curl_checkheaders(data, "Session")) { + if(Curl_checkheaders(data, STRCONST("Session"))) { failf(data, "Session ID cannot be set as a custom header."); return CURLE_BAD_FUNCTION_ARGUMENT; } @@ -523,7 +524,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) if(putsize > 0 || postsize > 0) { /* As stated in the http comments, it is probably not wise to * actually set a custom Content-Length in the headers */ - if(!Curl_checkheaders(data, "Content-Length")) { + if(!Curl_checkheaders(data, STRCONST("Content-Length"))) { result = Curl_dyn_addf(&req_buffer, "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n", @@ -534,18 +535,20 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) if(rtspreq == RTSPREQ_SET_PARAMETER || rtspreq == RTSPREQ_GET_PARAMETER) { - if(!Curl_checkheaders(data, "Content-Type")) { - result = Curl_dyn_addf(&req_buffer, - "Content-Type: text/parameters\r\n"); + if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { + result = Curl_dyn_addn(&req_buffer, + STRCONST("Content-Type: " + "text/parameters\r\n")); if(result) return result; } } if(rtspreq == RTSPREQ_ANNOUNCE) { - if(!Curl_checkheaders(data, "Content-Type")) { - result = Curl_dyn_addf(&req_buffer, - "Content-Type: application/sdp\r\n"); + if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { + result = Curl_dyn_addn(&req_buffer, + STRCONST("Content-Type: " + "application/sdp\r\n")); if(result) return result; } @@ -563,7 +566,7 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) /* RTSP never allows chunked transfer */ data->req.forbidchunk = TRUE; /* Finish the request buffer */ - result = Curl_dyn_add(&req_buffer, "\r\n"); + result = Curl_dyn_addn(&req_buffer, STRCONST("\r\n")); if(result) return result; diff --git a/libs/libcurl/src/select.c b/libs/libcurl/src/select.c index 70d7ee5c26..a48da82bac 100644 --- a/libs/libcurl/src/select.c +++ b/libs/libcurl/src/select.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,25 +34,16 @@ #error "We can't compile without select() or poll() support." #endif -#if defined(__BEOS__) && !defined(__HAIKU__) -/* BeOS has FD_SET defined in socket.h */ -#include <socket.h> -#endif - #ifdef MSDOS #include <dos.h> /* delay() */ #endif -#ifdef __VXWORKS__ -#include <strings.h> /* bzero() in FD_SET */ -#endif - #include <curl/curl.h> #include "urldata.h" #include "connect.h" #include "select.h" -#include "timeval.h" +#include "timediff.h" #include "warnless.h" /* @@ -102,26 +93,7 @@ int Curl_wait_ms(timediff_t timeout_ms) #else { struct timeval pending_tv; - timediff_t tv_sec = timeout_ms / 1000; - timediff_t tv_usec = (timeout_ms % 1000) * 1000; /* max=999999 */ -#ifdef HAVE_SUSECONDS_T -#if TIMEDIFF_T_MAX > TIME_T_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > TIME_T_MAX) - tv_sec = TIME_T_MAX; -#endif - pending_tv.tv_sec = (time_t)tv_sec; - pending_tv.tv_usec = (suseconds_t)tv_usec; -#else -#if TIMEDIFF_T_MAX > INT_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > INT_MAX) - tv_sec = INT_MAX; -#endif - pending_tv.tv_sec = (int)tv_sec; - pending_tv.tv_usec = (int)tv_usec; -#endif - r = select(0, NULL, NULL, NULL, &pending_tv); + r = select(0, NULL, NULL, NULL, curlx_mstotv(&pending_tv, timeout_ms)); } #endif /* HAVE_POLL_FINE */ #endif /* USE_WINSOCK */ @@ -161,43 +133,7 @@ static int our_select(curl_socket_t maxfd, /* highest socket number */ } #endif - ptimeout = &pending_tv; - if(timeout_ms < 0) { - ptimeout = NULL; - } - else if(timeout_ms > 0) { - timediff_t tv_sec = timeout_ms / 1000; - timediff_t tv_usec = (timeout_ms % 1000) * 1000; /* max=999999 */ -#ifdef HAVE_SUSECONDS_T -#if TIMEDIFF_T_MAX > TIME_T_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > TIME_T_MAX) - tv_sec = TIME_T_MAX; -#endif - pending_tv.tv_sec = (time_t)tv_sec; - pending_tv.tv_usec = (suseconds_t)tv_usec; -#elif defined(WIN32) /* maybe also others in the future */ -#if TIMEDIFF_T_MAX > LONG_MAX - /* tv_sec overflow check on Windows there we know it is long */ - if(tv_sec > LONG_MAX) - tv_sec = LONG_MAX; -#endif - pending_tv.tv_sec = (long)tv_sec; - pending_tv.tv_usec = (long)tv_usec; -#else -#if TIMEDIFF_T_MAX > INT_MAX - /* tv_sec overflow check in case time_t is signed */ - if(tv_sec > INT_MAX) - tv_sec = INT_MAX; -#endif - pending_tv.tv_sec = (int)tv_sec; - pending_tv.tv_usec = (int)tv_usec; -#endif - } - else { - pending_tv.tv_sec = 0; - pending_tv.tv_usec = 0; - } + ptimeout = curlx_mstotv(&pending_tv, timeout_ms); #ifdef USE_WINSOCK /* WinSock select() must not be called with an fd_set that contains zero @@ -450,23 +386,3 @@ int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms) return r; } - -#ifdef TPF -/* - * This is a replacement for select() on the TPF platform. - * It is used whenever libcurl calls select(). - * The call below to tpf_process_signals() is required because - * TPF's select calls are not signal interruptible. - * - * Return values are the same as select's. - */ -int tpf_select_libcurl(int maxfds, fd_set *reads, fd_set *writes, - fd_set *excepts, struct timeval *tv) -{ - int rc; - - rc = tpf_select_bsd(maxfds, reads, writes, excepts, tv); - tpf_process_signals(); - return rc; -} -#endif /* TPF */ diff --git a/libs/libcurl/src/select.h b/libs/libcurl/src/select.h index 59a571dbbd..f4bcba30fb 100644 --- a/libs/libcurl/src/select.h +++ b/libs/libcurl/src/select.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -83,22 +83,11 @@ int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2, int Curl_poll(struct pollfd ufds[], unsigned int nfds, timediff_t timeout_ms); int Curl_wait_ms(timediff_t timeout_ms); -#ifdef TPF -int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes, - fd_set* excepts, struct timeval *tv); -#endif - -/* TPF sockets are not in range [0..FD_SETSIZE-1], which - unfortunately makes it impossible for us to easily check if they're valid - +/* With Winsock the valid range is [0..INVALID_SOCKET-1] according to https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2 */ -#if defined(TPF) -#define VALID_SOCK(x) 1 -#define VERIFY_SOCK(x) Curl_nop_stmt -#define FDSET_SOCK(x) 1 -#elif defined(USE_WINSOCK) +#ifdef USE_WINSOCK #define VALID_SOCK(s) ((s) < INVALID_SOCKET) #define FDSET_SOCK(x) 1 #define VERIFY_SOCK(x) do { \ diff --git a/libs/libcurl/src/sendf.c b/libs/libcurl/src/sendf.c index bcfa27a501..d7d4d8abd4 100644 --- a/libs/libcurl/src/sendf.c +++ b/libs/libcurl/src/sendf.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -41,11 +41,11 @@ #include "vssh/ssh.h" #include "easyif.h" #include "multiif.h" -#include "non-ascii.h" #include "strerror.h" #include "select.h" #include "strdup.h" #include "http2.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -566,7 +566,7 @@ static CURLcode chop_write(struct Curl_easy *data, /* Protocols that work without network cannot be paused. This is actually only FILE:// just now, and it can't pause since the transfer isn't done using the "normal" procedure. */ - failf(data, "Write callback asked for PAUSE when not supported!"); + failf(data, "Write callback asked for PAUSE when not supported"); return CURLE_WRITE_ERROR; } return pausewrite(data, type, ptr, len); @@ -581,21 +581,33 @@ static CURLcode chop_write(struct Curl_easy *data, len -= chunklen; } + /* HTTP header, but not status-line */ + if((conn->handler->protocol & PROTO_FAMILY_HTTP) && + (type & CLIENTWRITE_HEADER) && !(type & CLIENTWRITE_STATUS) ) { + CURLcode result = + Curl_headers_push(data, optr, + type & CLIENTWRITE_CONNECT ? CURLH_CONNECT : + (type & CLIENTWRITE_1XX ? CURLH_1XX : + (type & CLIENTWRITE_TRAILER ? CURLH_TRAILER : + CURLH_HEADER))); + if(result) + return result; + } + if(writeheader) { size_t wrote; - ptr = optr; - len = olen; + Curl_set_in_callback(data, true); - wrote = writeheader(ptr, 1, len, data->set.writeheader); + wrote = writeheader(optr, 1, olen, data->set.writeheader); Curl_set_in_callback(data, false); if(CURL_WRITEFUNC_PAUSE == wrote) /* here we pass in the HEADER bit only since if this was body as well then it was passed already and clearly that didn't trigger the pause, so this is saved for later with the HEADER bit only */ - return pausewrite(data, CLIENTWRITE_HEADER, ptr, len); + return pausewrite(data, CLIENTWRITE_HEADER, optr, olen); - if(wrote != len) { + if(wrote != olen) { failf(data, "Failed writing header"); return CURLE_WRITE_ERROR; } @@ -621,26 +633,19 @@ CURLcode Curl_client_write(struct Curl_easy *data, { struct connectdata *conn = data->conn; - DEBUGASSERT(!(type & ~CLIENTWRITE_BOTH)); - if(!len) return CURLE_OK; /* FTP data may need conversion. */ if((type & CLIENTWRITE_BODY) && - (conn->handler->protocol & PROTO_FAMILY_FTP) && - conn->proto.ftpc.transfertype == 'A') { - /* convert from the network encoding */ - CURLcode result = Curl_convert_from_network(data, ptr, len); - /* Curl_convert_from_network calls failf if unsuccessful */ - if(result) - return result; + (conn->handler->protocol & PROTO_FAMILY_FTP) && + conn->proto.ftpc.transfertype == 'A') { #ifdef CURL_DO_LINEEND_CONV /* convert end-of-line markers */ len = convert_lineends(data, ptr, len); #endif /* CURL_DO_LINEEND_CONV */ - } + } return chop_write(data, type, ptr, len); } @@ -716,44 +721,6 @@ int Curl_debug(struct Curl_easy *data, curl_infotype type, if(data->set.verbose) { static const char s_infotype[CURLINFO_END][3] = { "* ", "< ", "> ", "{ ", "} ", "{ ", "} " }; - -#ifdef CURL_DOES_CONVERSIONS - char *buf = NULL; - size_t conv_size = 0; - - switch(type) { - case CURLINFO_HEADER_OUT: - buf = Curl_memdup(ptr, size); - if(!buf) - return 1; - conv_size = size; - - /* Special processing is needed for this block if it - * contains both headers and data (separated by CRLFCRLF). - * We want to convert just the headers, leaving the data as-is. - */ - if(size > 4) { - size_t i; - for(i = 0; i < size-4; i++) { - if(memcmp(&buf[i], "\x0d\x0a\x0d\x0a", 4) == 0) { - /* convert everything through this CRLFCRLF but no further */ - conv_size = i + 4; - break; - } - } - } - - Curl_convert_from_network(data, buf, conv_size); - /* Curl_convert_from_network calls failf if unsuccessful */ - /* we might as well continue even if it fails... */ - ptr = buf; /* switch pointer to use my buffer instead */ - break; - default: - /* leave everything else as-is */ - break; - } -#endif /* CURL_DOES_CONVERSIONS */ - if(data->set.fdebug) { Curl_set_in_callback(data, true); rc = (*data->set.fdebug)(data, type, ptr, size, data->set.debugdata); @@ -766,20 +733,11 @@ int Curl_debug(struct Curl_easy *data, curl_infotype type, case CURLINFO_HEADER_IN: fwrite(s_infotype[type], 2, 1, data->set.err); fwrite(ptr, size, 1, data->set.err); -#ifdef CURL_DOES_CONVERSIONS - if(size != conv_size) { - /* we had untranslated data so we need an explicit newline */ - fwrite("\n", 1, 1, data->set.err); - } -#endif break; default: /* nada */ break; } } -#ifdef CURL_DOES_CONVERSIONS - free(buf); -#endif } return rc; } diff --git a/libs/libcurl/src/sendf.h b/libs/libcurl/src/sendf.h index 108a5e934a..6676003a91 100644 --- a/libs/libcurl/src/sendf.h +++ b/libs/libcurl/src/sendf.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -45,8 +45,12 @@ void Curl_failf(struct Curl_easy *, const char *fmt, ...); #define failf Curl_failf -#define CLIENTWRITE_BODY (1<<0) -#define CLIENTWRITE_HEADER (1<<1) +#define CLIENTWRITE_BODY (1<<0) +#define CLIENTWRITE_HEADER (1<<1) +#define CLIENTWRITE_STATUS (1<<2) /* the first "header" is the status line */ +#define CLIENTWRITE_CONNECT (1<<3) /* a CONNECT response */ +#define CLIENTWRITE_1XX (1<<4) /* a 1xx response */ +#define CLIENTWRITE_TRAILER (1<<5) /* a trailer header */ #define CLIENTWRITE_BOTH (CLIENTWRITE_BODY|CLIENTWRITE_HEADER) CURLcode Curl_client_write(struct Curl_easy *data, int type, char *ptr, diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c index 599ed5d994..05e1a544df 100644 --- a/libs/libcurl/src/setopt.c +++ b/libs/libcurl/src/setopt.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -62,19 +62,12 @@ CURLcode Curl_setstropt(char **charp, const char *s) Curl_safefree(*charp); if(s) { - char *str = strdup(s); + if(strlen(s) > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; - if(str) { - size_t len = strlen(str); - if(len > CURL_MAX_INPUT_LENGTH) { - free(str); - return CURLE_BAD_FUNCTION_ARGUMENT; - } - } - if(!str) + *charp = strdup(s); + if(!*charp) return CURLE_OUT_OF_MEMORY; - - *charp = str; } return CURLE_OK; @@ -162,7 +155,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) char *argptr; CURLcode result = CURLE_OK; long arg; +#ifdef ENABLE_IPV6 unsigned long uarg; +#endif curl_off_t bigsize; switch(option) { @@ -895,7 +890,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) ; else #endif -#if !defined(USE_NGHTTP2) && !defined(USE_HYPER) +#ifndef USE_HTTP2 if(arg >= CURL_HTTP_VERSION_2) return CURLE_UNSUPPORTED_PROTOCOL; #else @@ -1650,24 +1645,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ data->set.seek_client = va_arg(param, void *); break; - case CURLOPT_CONV_FROM_NETWORK_FUNCTION: - /* - * "Convert from network encoding" callback - */ - data->set.convfromnetwork = va_arg(param, curl_conv_callback); - break; - case CURLOPT_CONV_TO_NETWORK_FUNCTION: - /* - * "Convert to network encoding" callback - */ - data->set.convtonetwork = va_arg(param, curl_conv_callback); - break; - case CURLOPT_CONV_FROM_UTF8_FUNCTION: - /* - * "Convert from UTF-8 encoding" callback - */ - data->set.convfromutf8 = va_arg(param, curl_conv_callback); - break; case CURLOPT_IOCTLFUNCTION: /* * I/O control callback. Might be NULL. @@ -2317,6 +2294,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_SSL_OPTIONS: arg = va_arg(param, long); + data->set.ssl.primary.ssl_options = (unsigned char)(arg & 0xff); data->set.ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); @@ -2330,6 +2308,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_SSL_OPTIONS: arg = va_arg(param, long); + data->set.proxy_ssl.primary.ssl_options = (unsigned char)(arg & 0xff); data->set.proxy_ssl.enable_beast = !!(arg & CURLSSLOPT_ALLOW_BEAST); data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE); data->set.proxy_ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); @@ -2558,6 +2537,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; #endif +#ifdef ENABLE_IPV6 case CURLOPT_ADDRESS_SCOPE: /* * Use this scope id when using IPv6 @@ -2571,6 +2551,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif data->set.scope_id = (unsigned int)uarg; break; +#endif case CURLOPT_PROTOCOLS: /* set the bitmask for the protocols that are allowed to be used for the @@ -2623,7 +2604,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif case CURLOPT_SASL_AUTHZID: - /* Authorisation identity (identity to act as) */ + /* Authorization identity (identity to act as) */ result = Curl_setstropt(&data->set.str[STRING_SASL_AUTHZID], va_arg(param, char *)); break; @@ -2766,49 +2747,52 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME], va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) - data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ + if(data->set.str[STRING_TLSAUTH_USERNAME] && + !data->set.ssl.primary.authtype) + data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ break; +#ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_USERNAME: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_PROXY], va_arg(param, char *)); -#ifndef CURL_DISABLE_PROXY if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && - !data->set.proxy_ssl.authtype) - data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ -#endif + !data->set.proxy_ssl.primary.authtype) + data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default to + SRP */ break; +#endif case CURLOPT_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD], va_arg(param, char *)); - if(data->set.str[STRING_TLSAUTH_USERNAME] && !data->set.ssl.authtype) - data->set.ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ + if(data->set.str[STRING_TLSAUTH_USERNAME] && + !data->set.ssl.primary.authtype) + data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ break; +#ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_PASSWORD: result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_PASSWORD_PROXY], va_arg(param, char *)); -#ifndef CURL_DISABLE_PROXY if(data->set.str[STRING_TLSAUTH_USERNAME_PROXY] && - !data->set.proxy_ssl.authtype) - data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; /* default to SRP */ -#endif + !data->set.proxy_ssl.primary.authtype) + data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; /* default */ break; +#endif case CURLOPT_TLSAUTH_TYPE: argptr = va_arg(param, char *); if(!argptr || strncasecompare(argptr, "SRP", strlen("SRP"))) - data->set.ssl.authtype = CURL_TLSAUTH_SRP; + data->set.ssl.primary.authtype = CURL_TLSAUTH_SRP; else - data->set.ssl.authtype = CURL_TLSAUTH_NONE; + data->set.ssl.primary.authtype = CURL_TLSAUTH_NONE; break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_TLSAUTH_TYPE: argptr = va_arg(param, char *); if(!argptr || strncasecompare(argptr, "SRP", strlen("SRP"))) - data->set.proxy_ssl.authtype = CURL_TLSAUTH_SRP; + data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_SRP; else - data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE; + data->set.proxy_ssl.primary.authtype = CURL_TLSAUTH_NONE; break; #endif #endif diff --git a/libs/libcurl/src/sha256.c b/libs/libcurl/src/sha256.c index cf7ea4f543..1e879f60f6 100644 --- a/libs/libcurl/src/sha256.c +++ b/libs/libcurl/src/sha256.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,7 @@ #include <openssl/opensslv.h> -#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) +#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) #define USE_OPENSSL_SHA256 #endif @@ -69,8 +69,14 @@ #if defined(USE_OPENSSL_SHA256) -/* When OpenSSL is available we use the SHA256-function from OpenSSL */ +/* When OpenSSL or wolfSSL is available is available we use their + * SHA256-functions. + */ +#if defined(USE_OPENSSL) #include <openssl/evp.h> +#elif defined(USE_WOLFSSL) +#include <wolfssl/openssl/evp.h> +#endif #include "curl_memory.h" diff --git a/libs/libcurl/src/smb.c b/libs/libcurl/src/smb.c index fd49cf6aaf..8f44704a2c 100644 --- a/libs/libcurl/src/smb.c +++ b/libs/libcurl/src/smb.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2016 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2014, Bill Nagel <wnagel@tycoint.com>, Exacq Technologies * * This software is licensed as described in the file COPYING, which @@ -262,7 +262,7 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done) (void) done; /* Check we have a username and password to authenticate with */ - if(!conn->bits.user_passwd) + if(!data->state.aptr.user) return CURLE_LOGIN_DENIED; /* Initialize the connection state */ @@ -299,6 +299,7 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done) static CURLcode smb_recv_message(struct Curl_easy *data, void **msg) { struct connectdata *conn = data->conn; + curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct smb_conn *smbc = &conn->proto.smbc; char *buf = smbc->recv_buf; ssize_t bytes_read; @@ -307,7 +308,7 @@ static CURLcode smb_recv_message(struct Curl_easy *data, void **msg) size_t len = MAX_MESSAGE_SIZE - smbc->got; CURLcode result; - result = Curl_read(data, FIRSTSOCKET, buf + smbc->got, len, &bytes_read); + result = Curl_read(data, sockfd, buf + smbc->got, len, &bytes_read); if(result) return result; @@ -377,11 +378,12 @@ static CURLcode smb_send(struct Curl_easy *data, ssize_t len, size_t upload_size) { struct connectdata *conn = data->conn; + curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct smb_conn *smbc = &conn->proto.smbc; ssize_t bytes_written; CURLcode result; - result = Curl_write(data, FIRSTSOCKET, data->state.ulbuf, + result = Curl_write(data, sockfd, data->state.ulbuf, len, &bytes_written); if(result) return result; @@ -399,6 +401,7 @@ static CURLcode smb_send(struct Curl_easy *data, ssize_t len, static CURLcode smb_flush(struct Curl_easy *data) { struct connectdata *conn = data->conn; + curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct smb_conn *smbc = &conn->proto.smbc; ssize_t bytes_written; ssize_t len = smbc->send_size - smbc->sent; @@ -407,7 +410,7 @@ static CURLcode smb_flush(struct Curl_easy *data) if(!smbc->send_size) return CURLE_OK; - result = Curl_write(data, FIRSTSOCKET, + result = Curl_write(data, sockfd, data->state.ulbuf + smbc->sent, len, &bytes_written); if(result) @@ -459,14 +462,10 @@ static CURLcode smb_send_setup(struct Curl_easy *data) if(byte_count > sizeof(msg.bytes)) return CURLE_FILESIZE_EXCEEDED; - Curl_ntlm_core_mk_lm_hash(data, conn->passwd, lm_hash); + Curl_ntlm_core_mk_lm_hash(conn->passwd, lm_hash); Curl_ntlm_core_lm_resp(lm_hash, smbc->challenge, lm); -#ifdef USE_NTRESPONSES - Curl_ntlm_core_mk_nt_hash(data, conn->passwd, nt_hash); + Curl_ntlm_core_mk_nt_hash(conn->passwd, nt_hash); Curl_ntlm_core_lm_resp(nt_hash, smbc->challenge, nt); -#else - memset(nt, 0, sizeof(nt)); -#endif memset(&msg, 0, sizeof(msg)); msg.word_count = SMB_WC_SETUP_ANDX; @@ -989,7 +988,7 @@ static CURLcode smb_parse_url_path(struct Curl_easy *data, char *slash; /* URL decode the path */ - CURLcode result = Curl_urldecode(data, data->state.up.path, 0, &path, NULL, + CURLcode result = Curl_urldecode(data->state.up.path, 0, &path, NULL, REJECT_CTRL); if(result) return result; diff --git a/libs/libcurl/src/smtp.c b/libs/libcurl/src/smtp.c index 6c08293783..c736cfae19 100644 --- a/libs/libcurl/src/smtp.c +++ b/libs/libcurl/src/smtp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -492,7 +492,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data) /* Check we have enough data to authenticate with, and the server supports authentication, and end the connect phase if not */ if(!smtpc->auth_supported || - !Curl_sasl_can_authenticate(&smtpc->sasl, conn)) { + !Curl_sasl_can_authenticate(&smtpc->sasl, data)) { state(data, SMTP_STOP); return result; } @@ -505,7 +505,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data) state(data, SMTP_AUTH); else { /* Other mechanisms not supported */ - infof(data, "No known authentication mechanisms supported!"); + infof(data, "No known authentication mechanisms supported"); result = CURLE_LOGIN_DENIED; } } @@ -698,7 +698,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) NULL, MIMESTRATEGY_MAIL); if(!result) - if(!Curl_checkheaders(data, "Mime-Version")) + if(!Curl_checkheaders(data, STRCONST("Mime-Version"))) result = Curl_mime_add_header(&data->set.mimepost.curlheaders, "Mime-Version: 1.0"); @@ -1037,7 +1037,7 @@ static CURLcode smtp_state_command_resp(struct Curl_easy *data, int smtpcode, if((smtp->rcpt && smtpcode/100 != 2 && smtpcode != 553 && smtpcode != 1) || (!smtp->rcpt && smtpcode/100 != 2 && smtpcode != 1)) { failf(data, "Command failed: %d", smtpcode); - result = CURLE_RECV_ERROR; + result = CURLE_WEIRD_SERVER_REPLY; } else { /* Temporarily add the LF character back and send as body to the client */ @@ -1182,7 +1182,7 @@ static CURLcode smtp_state_postdata_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ if(smtpcode != 250) - result = CURLE_RECV_ERROR; + result = CURLE_WEIRD_SERVER_REPLY; /* End of DONE phase */ state(data, SMTP_STOP); @@ -1724,8 +1724,7 @@ static CURLcode smtp_parse_url_path(struct Curl_easy *data) } /* URL decode the path and use it as the domain in our EHLO */ - return Curl_urldecode(data, path, 0, &smtpc->domain, NULL, - REJECT_CTRL); + return Curl_urldecode(path, 0, &smtpc->domain, NULL, REJECT_CTRL); } /*********************************************************************** @@ -1742,7 +1741,7 @@ static CURLcode smtp_parse_custom_request(struct Curl_easy *data) /* URL decode the custom request */ if(custom) - result = Curl_urldecode(data, custom, 0, &smtp->custom, NULL, REJECT_CTRL); + result = Curl_urldecode(custom, 0, &smtp->custom, NULL, REJECT_CTRL); return result; } @@ -1841,7 +1840,7 @@ CURLcode Curl_smtp_escape_eob(struct Curl_easy *data, const ssize_t nread) scratch = newscratch = malloc(2 * data->set.upload_buffer_size); if(!newscratch) { - failf(data, "Failed to alloc scratch buffer!"); + failf(data, "Failed to alloc scratch buffer"); return CURLE_OUT_OF_MEMORY; } diff --git a/libs/libcurl/src/socks.c b/libs/libcurl/src/socks.c index a014aa6684..d614ae59c6 100644 --- a/libs/libcurl/src/socks.c +++ b/libs/libcurl/src/socks.c @@ -326,7 +326,7 @@ CURLproxycode Curl_SOCKS4(const char *proxy_user, if(proxy_user) { size_t plen = strlen(proxy_user); if(plen >= (size_t)data->set.buffer_size - 8) { - failf(data, "Too long SOCKS proxy user name, can't use!"); + failf(data, "Too long SOCKS proxy user name, can't use"); return CURLPX_LONG_USER; } /* copy the proxy name WITH trailing zero */ diff --git a/libs/libcurl/src/socks.h b/libs/libcurl/src/socks.h index b0c7f9b26b..f30c610a86 100644 --- a/libs/libcurl/src/socks.h +++ b/libs/libcurl/src/socks.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -69,7 +69,7 @@ CURLproxycode Curl_SOCKS5(const char *proxy_name, #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* - * This function handles the SOCKS5 GSS-API negotiation and initialisation + * This function handles the SOCKS5 GSS-API negotiation and initialization */ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, struct Curl_easy *data); diff --git a/libs/libcurl/src/strcase.c b/libs/libcurl/src/strcase.c index 955e3c79ea..692a3f14ae 100644 --- a/libs/libcurl/src/strcase.c +++ b/libs/libcurl/src/strcase.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,142 +28,25 @@ static char raw_tolower(char in); -/* Portable, consistent toupper (remember EBCDIC). Do not use toupper() because - its behavior is altered by the current locale. */ +/* Portable, consistent toupper. Do not use toupper() because its behavior is + altered by the current locale. */ char Curl_raw_toupper(char in) { -#if !defined(CURL_DOES_CONVERSIONS) if(in >= 'a' && in <= 'z') return (char)('A' + in - 'a'); -#else - switch(in) { - case 'a': - return 'A'; - case 'b': - return 'B'; - case 'c': - return 'C'; - case 'd': - return 'D'; - case 'e': - return 'E'; - case 'f': - return 'F'; - case 'g': - return 'G'; - case 'h': - return 'H'; - case 'i': - return 'I'; - case 'j': - return 'J'; - case 'k': - return 'K'; - case 'l': - return 'L'; - case 'm': - return 'M'; - case 'n': - return 'N'; - case 'o': - return 'O'; - case 'p': - return 'P'; - case 'q': - return 'Q'; - case 'r': - return 'R'; - case 's': - return 'S'; - case 't': - return 'T'; - case 'u': - return 'U'; - case 'v': - return 'V'; - case 'w': - return 'W'; - case 'x': - return 'X'; - case 'y': - return 'Y'; - case 'z': - return 'Z'; - } -#endif - return in; } -/* Portable, consistent tolower (remember EBCDIC). Do not use tolower() because - its behavior is altered by the current locale. */ +/* Portable, consistent tolower. Do not use tolower() because its behavior is + altered by the current locale. */ static char raw_tolower(char in) { -#if !defined(CURL_DOES_CONVERSIONS) if(in >= 'A' && in <= 'Z') return (char)('a' + in - 'A'); -#else - switch(in) { - case 'A': - return 'a'; - case 'B': - return 'b'; - case 'C': - return 'c'; - case 'D': - return 'd'; - case 'E': - return 'e'; - case 'F': - return 'f'; - case 'G': - return 'g'; - case 'H': - return 'h'; - case 'I': - return 'i'; - case 'J': - return 'j'; - case 'K': - return 'k'; - case 'L': - return 'l'; - case 'M': - return 'm'; - case 'N': - return 'n'; - case 'O': - return 'o'; - case 'P': - return 'p'; - case 'Q': - return 'q'; - case 'R': - return 'r'; - case 'S': - return 's'; - case 'T': - return 't'; - case 'U': - return 'u'; - case 'V': - return 'v'; - case 'W': - return 'w'; - case 'X': - return 'x'; - case 'Y': - return 'y'; - case 'Z': - return 'z'; - } -#endif - return in; } - /* * Curl_strcasecompare() is for doing "raw" case insensitive strings. This is * meant to be locale independent and only compare strings we know are safe @@ -171,9 +54,6 @@ static char raw_tolower(char in) * https://daniel.haxx.se/blog/2008/10/15/strcasecmp-in-turkish/ for some * further explanation to why this function is necessary. * - * The function is capable of comparing a-z case insensitively even for - * non-ascii. - * * @unittest: 1301 */ @@ -251,6 +131,16 @@ void Curl_strntolower(char *dest, const char *src, size_t n) } while(*src++ && --n); } +/* Compare case-sensitive NUL-terminated strings, taking care of possible + * null pointers. Return true if arguments match. + */ +bool Curl_safecmp(char *a, char *b) +{ + if(a && b) + return !strcmp(a, b); + return !a && !b; +} + /* --- public functions --- */ int curl_strequal(const char *first, const char *second) diff --git a/libs/libcurl/src/strcase.h b/libs/libcurl/src/strcase.h index 10dc698817..2635f5117e 100644 --- a/libs/libcurl/src/strcase.h +++ b/libs/libcurl/src/strcase.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,8 +28,9 @@ * Only "raw" case insensitive strings. This is meant to be locale independent * and only compare strings we know are safe for this. * - * The function is capable of comparing a-z case insensitively even for - * non-ascii. + * The function is capable of comparing a-z case insensitively. + * + * Result is 1 if text matches and 0 if not. */ #define strcasecompare(a,b) Curl_strcasecompare(a,b) @@ -42,10 +43,12 @@ int Curl_strncasecompare(const char *first, const char *second, size_t max); char Curl_raw_toupper(char in); /* checkprefix() is a shorter version of the above, used when the first - argument is zero-byte terminated */ -#define checkprefix(a,b) curl_strnequal(a,b,strlen(a)) + argument is the string literal */ +#define checkprefix(a,b) curl_strnequal(b, STRCONST(a)) void Curl_strntoupper(char *dest, const char *src, size_t n); void Curl_strntolower(char *dest, const char *src, size_t n); +bool Curl_safecmp(char *a, char *b); + #endif /* HEADER_CURL_STRCASE_H */ diff --git a/libs/libcurl/src/strerror.c b/libs/libcurl/src/strerror.c index 07d73a74b7..781e26b69f 100644 --- a/libs/libcurl/src/strerror.c +++ b/libs/libcurl/src/strerror.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2004 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2004 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,12 +24,9 @@ #ifdef HAVE_STRERROR_R # if (!defined(HAVE_POSIX_STRERROR_R) && \ - !defined(HAVE_GLIBC_STRERROR_R) && \ - !defined(HAVE_VXWORKS_STRERROR_R)) || \ - (defined(HAVE_POSIX_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)) || \ - (defined(HAVE_GLIBC_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R)) || \ + !defined(HAVE_GLIBC_STRERROR_R)) || \ (defined(HAVE_POSIX_STRERROR_R) && defined(HAVE_GLIBC_STRERROR_R)) -# error "strerror_r MUST be either POSIX, glibc or vxworks-style" +# error "strerror_r MUST be either POSIX, glibc style" # endif #endif @@ -224,9 +221,6 @@ curl_easy_strerror(CURLcode error) case CURLE_BAD_CONTENT_ENCODING: return "Unrecognized or bad HTTP Content or Transfer-Encoding"; - case CURLE_LDAP_INVALID_URL: - return "Invalid LDAP URL"; - case CURLE_FILESIZE_EXCEEDED: return "Maximum file size exceeded"; @@ -272,9 +266,6 @@ curl_easy_strerror(CURLcode error) case CURLE_CONV_FAILED: return "Conversion failed"; - case CURLE_CONV_REQD: - return "Caller must register CURLOPT_CONV_ callback options"; - case CURLE_REMOTE_FILE_NOT_FOUND: return "Remote file not found"; @@ -337,6 +328,8 @@ curl_easy_strerror(CURLcode error) case CURLE_OBSOLETE50: case CURLE_OBSOLETE51: case CURLE_OBSOLETE57: + case CURLE_OBSOLETE62: + case CURLE_OBSOLETE76: case CURL_LAST: break; } @@ -883,18 +876,6 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) else msnprintf(buf, max, "Unknown error %d", err); } -#elif defined(HAVE_STRERROR_R) && defined(HAVE_VXWORKS_STRERROR_R) - /* - * The vxworks-style strerror_r() does use the buffer we pass to the function. - * The buffer size should be at least NAME_MAX (256) - */ - { - char buffer[256]; - if(OK == strerror_r(err, buffer)) - strncpy(buf, buffer, max); - else - msnprintf(buf, max, "Unknown error %d", err); - } #else { /* !checksrc! disable STRERROR 1 */ diff --git a/libs/libcurl/src/telnet.c b/libs/libcurl/src/telnet.c index a81bb81c36..2abfcd952a 100644 --- a/libs/libcurl/src/telnet.c +++ b/libs/libcurl/src/telnet.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -687,7 +687,7 @@ static void printsub(struct Curl_easy *data, infof(data, "%s", CURL_TELCMD(j)); else infof(data, "%d", j); - infof(data, ", not IAC SE!) "); + infof(data, ", not IAC SE) "); } } length -= 2; @@ -781,7 +781,7 @@ static CURLcode check_telnet_options(struct Curl_easy *data) /* Add the user name as an environment variable if it was given on the command line */ - if(conn->bits.user_passwd) { + if(data->state.aptr.user) { msnprintf(option_arg, sizeof(option_arg), "USER,%s", conn->user); beg = curl_slist_append(tn->telnet_vars, option_arg); if(!beg) { diff --git a/libs/libcurl/src/tftp.c b/libs/libcurl/src/tftp.c index f8c68441ca..7f2c88b71e 100644 --- a/libs/libcurl/src/tftp.c +++ b/libs/libcurl/src/tftp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -327,7 +327,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, infof(data, "got option=(%s) value=(%s)", option, value); - if(checkprefix(option, TFTP_OPTION_BLKSIZE)) { + if(checkprefix(TFTP_OPTION_BLKSIZE, option)) { long blksize; blksize = strtol(value, NULL, 10); @@ -359,7 +359,7 @@ static CURLcode tftp_parse_option_ack(struct tftp_state_data *state, infof(data, "%s (%d) %s (%d)", "blksize parsed from OACK", state->blksize, "requested", state->requested_blksize); } - else if(checkprefix(option, TFTP_OPTION_TSIZE)) { + else if(checkprefix(TFTP_OPTION_TSIZE, option)) { long tsize = 0; tsize = strtol(value, NULL, 10); @@ -463,7 +463,7 @@ static CURLcode tftp_send_first(struct tftp_state_data *state, /* As RFC3617 describes the separator slash is not actually part of the file name so we skip the always-present first letter of the path string. */ - result = Curl_urldecode(data, &state->data->state.up.path[1], 0, + result = Curl_urldecode(&state->data->state.up.path[1], 0, &filename, NULL, REJECT_ZERO); if(result) return result; diff --git a/libs/libcurl/src/timediff.c b/libs/libcurl/src/timediff.c new file mode 100644 index 0000000000..003477c63c --- /dev/null +++ b/libs/libcurl/src/timediff.c @@ -0,0 +1,84 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "timediff.h" + +/* + * Converts number of milliseconds into a timeval structure. + * + * Return values: + * NULL IF tv is NULL or ms < 0 (eg. no timeout -> blocking select) + * tv with 0 in both fields IF ms == 0 (eg. 0ms timeout -> polling select) + * tv with converted fields IF ms > 0 (eg. >0ms timeout -> waiting select) + */ +struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms) +{ + if(!tv) + return NULL; + + if(ms < 0) + return NULL; + + if(ms > 0) { + timediff_t tv_sec = ms / 1000; + timediff_t tv_usec = (ms % 1000) * 1000; /* max=999999 */ +#ifdef HAVE_SUSECONDS_T +#if TIMEDIFF_T_MAX > TIME_T_MAX + /* tv_sec overflow check in case time_t is signed */ + if(tv_sec > TIME_T_MAX) + tv_sec = TIME_T_MAX; +#endif + tv->tv_sec = (time_t)tv_sec; + tv->tv_usec = (suseconds_t)tv_usec; +#elif defined(WIN32) /* maybe also others in the future */ +#if TIMEDIFF_T_MAX > LONG_MAX + /* tv_sec overflow check on Windows there we know it is long */ + if(tv_sec > LONG_MAX) + tv_sec = LONG_MAX; +#endif + tv->tv_sec = (long)tv_sec; + tv->tv_usec = (long)tv_usec; +#else +#if TIMEDIFF_T_MAX > INT_MAX + /* tv_sec overflow check in case time_t is signed */ + if(tv_sec > INT_MAX) + tv_sec = INT_MAX; +#endif + tv->tv_sec = (int)tv_sec; + tv->tv_usec = (int)tv_usec; +#endif + } + else { + tv->tv_sec = 0; + tv->tv_usec = 0; + } + + return tv; +} + +/* + * Converts a timeval structure into number of milliseconds. + */ +timediff_t curlx_tvtoms(struct timeval *tv) +{ + return (tv->tv_sec*1000) + (timediff_t)(((double)tv->tv_usec)/1000.0); +} diff --git a/libs/libcurl/src/timediff.h b/libs/libcurl/src/timediff.h new file mode 100644 index 0000000000..fcd5f05636 --- /dev/null +++ b/libs/libcurl/src/timediff.h @@ -0,0 +1,50 @@ +#ifndef HEADER_CURL_TIMEDIFF_H +#define HEADER_CURL_TIMEDIFF_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +/* Use a larger type even for 32 bit time_t systems so that we can keep + microsecond accuracy in it */ +typedef curl_off_t timediff_t; +#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T + +#define TIMEDIFF_T_MAX CURL_OFF_T_MAX +#define TIMEDIFF_T_MIN CURL_OFF_T_MIN + +/* + * Converts number of milliseconds into a timeval structure. + * + * Return values: + * NULL IF tv is NULL or ms < 0 (eg. no timeout -> blocking select) + * tv with 0 in both fields IF ms == 0 (eg. 0ms timeout -> polling select) + * tv with converted fields IF ms > 0 (eg. >0ms timeout -> waiting select) + */ +struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms); + +/* + * Converts a timeval structure into number of milliseconds. + */ +timediff_t curlx_tvtoms(struct timeval *tv); + +#endif /* HEADER_CURL_TIMEDIFF_H */ diff --git a/libs/libcurl/src/timeval.h b/libs/libcurl/src/timeval.h index 685e72961d..dce32f4cde 100644 --- a/libs/libcurl/src/timeval.h +++ b/libs/libcurl/src/timeval.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,13 +24,7 @@ #include "curl_setup.h" -/* Use a larger type even for 32 bit time_t systems so that we can keep - microsecond accuracy in it */ -typedef curl_off_t timediff_t; -#define CURL_FORMAT_TIMEDIFF_T CURL_FORMAT_CURL_OFF_T - -#define TIMEDIFF_T_MAX CURL_OFF_T_MAX -#define TIMEDIFF_T_MIN CURL_OFF_T_MIN +#include "timediff.h" struct curltime { time_t tv_sec; /* seconds */ diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c index 22704fa158..315da876c4 100644 --- a/libs/libcurl/src/transfer.c +++ b/libs/libcurl/src/transfer.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -73,13 +73,13 @@ #include "select.h" #include "multiif.h" #include "connect.h" -#include "non-ascii.h" #include "http2.h" #include "mime.h" #include "strcase.h" #include "urlapi-int.h" #include "hsts.h" #include "setopt.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -95,10 +95,10 @@ * Returns a pointer to the first matching header or NULL if none matched. */ char *Curl_checkheaders(const struct Curl_easy *data, - const char *thisheader) + const char *thisheader, + const size_t thislen) { struct curl_slist *head; - size_t thislen = strlen(thisheader); DEBUGASSERT(thislen); DEBUGASSERT(thisheader[thislen-1] != ':'); @@ -165,20 +165,6 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, curl_read_callback readfunc = NULL; void *extra_data = NULL; -#ifdef CURL_DOES_CONVERSIONS - bool sending_http_headers = FALSE; - struct connectdata *conn = data->conn; - - if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) { - const struct HTTP *http = data->req.p.http; - - if(http->sending == HTTPSEND_REQUEST) - /* We're sending the HTTP request headers, not the data. - Remember that so we don't re-translate them into garbage. */ - sending_http_headers = TRUE; - } -#endif - #ifndef CURL_DISABLE_HTTP if(data->state.trailers_state == TRAILERS_INITIALIZED) { struct curl_slist *trailers = NULL; @@ -260,7 +246,7 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, /* protocols that work without network cannot be paused. This is actually only FILE:// just now, and it can't pause since the transfer isn't done using the "normal" procedure. */ - failf(data, "Read callback asked for PAUSE when not supported!"); + failf(data, "Read callback asked for PAUSE when not supported"); return CURLE_READ_ERROR; } @@ -347,26 +333,6 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, } } -#ifdef CURL_DOES_CONVERSIONS - { - CURLcode result; - size_t length; - if(data->state.prefer_ascii) - /* translate the protocol and data */ - length = nread; - else - /* just translate the protocol portion */ - length = hexlen; - if(length) { - result = Curl_convert_to_network(data, data->req.upload_fromhere, - length); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - } - } -#endif /* CURL_DOES_CONVERSIONS */ - #ifndef CURL_DISABLE_HTTP if(data->state.trailers_state == TRAILERS_SENDING && !trailers_left(data)) { @@ -391,15 +357,6 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, if(added_crlf) nread += strlen(endofline_network); /* for the added end of line */ } -#ifdef CURL_DOES_CONVERSIONS - else if((data->state.prefer_ascii) && (!sending_http_headers)) { - CURLcode result; - result = Curl_convert_to_network(data, data->req.upload_fromhere, nread); - /* Curl_convert_to_network calls failf if unsuccessful */ - if(result) - return result; - } -#endif /* CURL_DOES_CONVERSIONS */ *nreadp = nread; @@ -503,7 +460,7 @@ static int data_pending(const struct Curl_easy *data) /* in the case of libssh2, we can never be really sure that we have emptied its internal buffers so we MUST always try until we get EAGAIN back */ return conn->handler->protocol&(CURLPROTO_SCP|CURLPROTO_SFTP) || -#if defined(USE_NGHTTP2) +#ifdef USE_NGHTTP2 /* For HTTP/2, we may read up everything including response body with header fields in Curl_http_readwrite_headers. If no content-length is provided, curl waits for the connection @@ -586,15 +543,14 @@ static CURLcode readwrite_data(struct Curl_easy *data, if( #ifdef USE_NGHTTP2 - /* For HTTP/2, read data without caring about the content - length. This is safe because body in HTTP/2 is always - segmented thanks to its framing layer. Meanwhile, we have to - call Curl_read to ensure that http2_handle_stream_close is - called when we read all incoming bytes for a particular - stream. */ - !is_http2 && + /* For HTTP/2, read data without caring about the content length. This + is safe because body in HTTP/2 is always segmented thanks to its + framing layer. Meanwhile, we have to call Curl_read to ensure that + http2_handle_stream_close is called when we read all incoming bytes + for a particular stream. */ + !is_http2 && #endif - k->size != -1 && !k->header) { + k->size != -1 && !k->header) { /* make sure we don't read too much */ curl_off_t totalleft = k->size - k->bytecount; if(totalleft < (curl_off_t)bytestoread) @@ -615,7 +571,7 @@ static CURLcode readwrite_data(struct Curl_easy *data, else { /* read nothing but since we wanted nothing we consider this an OK situation to proceed from */ - DEBUGF(infof(data, "readwrite_data: we're done!")); + DEBUGF(infof(data, "readwrite_data: we're done")); nread = 0; } @@ -1039,7 +995,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data, if(!data->state.scratch) { data->state.scratch = malloc(2 * data->set.upload_buffer_size); if(!data->state.scratch) { - failf(data, "Failed to alloc scratch buffer!"); + failf(data, "Failed to alloc scratch buffer"); return CURLE_OUT_OF_MEMORY; } @@ -1404,7 +1360,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) if(!data->state.url && !data->set.uh) { /* we can't do anything without URL */ - failf(data, "No URL set!"); + failf(data, "No URL set"); return CURLE_URL_MALFORMAT; } @@ -1421,7 +1377,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) uc = curl_url_get(data->set.uh, CURLUPART_URL, &data->set.str[STRING_SET_URL], 0); if(uc) { - failf(data, "No URL set!"); + failf(data, "No URL set"); return CURLE_URL_MALFORMAT; } } @@ -1533,6 +1489,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) data->set.str[STRING_PROXYPASSWORD]); data->req.headerbytecount = 0; + Curl_headers_cleanup(data); return result; } @@ -1577,6 +1534,8 @@ CURLcode Curl_follow(struct Curl_easy *data, DEBUGASSERT(type != FOLLOW_NONE); + if(type != FOLLOW_FAKE) + data->state.requests++; /* count all real follows */ if(type == FOLLOW_REDIR) { if((data->set.maxredirs != -1) && (data->state.followlocation >= data->set.maxredirs)) { @@ -1652,10 +1611,57 @@ CURLcode Curl_follow(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } else { - uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0); if(uc) return Curl_uc_to_curlcode(uc); + + /* Clear auth if this redirects to a different port number or protocol, + unless permitted */ + if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) { + char *portnum; + int port; + bool clear = FALSE; + + if(data->set.use_port && data->state.allow_port) + /* a custom port is used */ + port = (int)data->set.use_port; + else { + uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum, + CURLU_DEFAULT_PORT); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + port = atoi(portnum); + free(portnum); + } + if(port != data->info.conn_remote_port) { + infof(data, "Clear auth, redirects to port from %u to %u", + data->info.conn_remote_port, port); + clear = TRUE; + } + else { + char *scheme; + const struct Curl_handler *p; + uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0); + if(uc) { + free(newurl); + return Curl_uc_to_curlcode(uc); + } + + p = Curl_builtin_scheme(scheme); + if(p && (p->protocol != data->info.conn_protocol)) { + infof(data, "Clear auth, redirects scheme from %s to %s", + data->info.conn_scheme, scheme); + clear = TRUE; + } + free(scheme); + } + if(clear) { + Curl_safefree(data->state.aptr.user); + Curl_safefree(data->state.aptr.passwd); + } + } } if(type == FOLLOW_FAKE) { diff --git a/libs/libcurl/src/transfer.h b/libs/libcurl/src/transfer.h index 0fa3d55e82..56d2fd1ee3 100644 --- a/libs/libcurl/src/transfer.h +++ b/libs/libcurl/src/transfer.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,7 +24,8 @@ #define Curl_headersep(x) ((((x)==':') || ((x)==';'))) char *Curl_checkheaders(const struct Curl_easy *data, - const char *thisheader); + const char *thisheader, + const size_t thislen); void Curl_init_CONNECT(struct Curl_easy *data); diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c index 9f1013554f..6b31d4b131 100644 --- a/libs/libcurl/src/url.c +++ b/libs/libcurl/src/url.c @@ -99,7 +99,6 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "easyif.h" #include "speedcheck.h" #include "warnless.h" -#include "non-ascii.h" #include "getinfo.h" #include "urlapi-int.h" #include "system_win32.h" @@ -131,21 +130,13 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "setopt.h" #include "altsvc.h" #include "dynbuf.h" +#include "headers.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" -/* Count of the backend ssl objects to allocate */ -#ifdef USE_SSL -# ifndef CURL_DISABLE_PROXY -# define SSL_BACKEND_CNT 4 -# else -# define SSL_BACKEND_CNT 2 -# endif -#endif - static void conn_free(struct connectdata *conn); /* Some parts of the code (e.g. chunked encoding) assume this buffer has at @@ -381,7 +372,7 @@ CURLcode Curl_close(struct Curl_easy **datap) /* Detach connection if any is left. This should not be normal, but can be the case for example with CONNECT_ONLY + recv/send (test 556) */ - Curl_detach_connnection(data); + Curl_detach_connection(data); m = data->multi; if(m) /* This handle is still part of a multi handle, take care of this first @@ -445,7 +436,6 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_resolver_cleanup(data->state.async.resolver); Curl_http2_cleanup_dependencies(data); - Curl_convert_close(data); /* No longer a dirty share, if it exists */ if(data->share) { @@ -481,6 +471,7 @@ CURLcode Curl_close(struct Curl_easy **datap) /* destruct wildcard structures if it is needed */ Curl_wildcard_dtor(&data->wildcard); Curl_freeset(data); + Curl_headers_cleanup(data); free(data); return CURLE_OK; } @@ -509,11 +500,6 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->seek_func = ZERO_NULL; set->seek_client = ZERO_NULL; - /* conversion callbacks for non-ASCII hosts */ - set->convfromnetwork = ZERO_NULL; - set->convtonetwork = ZERO_NULL; - set->convfromutf8 = ZERO_NULL; - set->filesize = -1; /* we don't know the size */ set->postfieldsize = -1; /* unknown size */ set->maxredirs = -1; /* allow any amount by default */ @@ -556,7 +542,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->ssl.primary.verifypeer = TRUE; set->ssl.primary.verifyhost = TRUE; #ifdef USE_TLS_SRP - set->ssl.authtype = CURL_TLSAUTH_NONE; + set->ssl.primary.authtype = CURL_TLSAUTH_NONE; #endif set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth type */ @@ -634,7 +620,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->maxlifetime_conn = 0; set->http09_allowed = FALSE; set->httpwant = -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 CURL_HTTP_VERSION_2TLS #else CURL_HTTP_VERSION_1_1 @@ -677,7 +663,6 @@ CURLcode Curl_open(struct Curl_easy **curl) result = Curl_init_userdefined(data); if(!result) { Curl_dyn_init(&data->state.headerb, CURL_MAX_HTTP_HEADER); - Curl_convert_init(data); Curl_initinfo(data); /* most recent connection is not yet defined */ @@ -760,7 +745,9 @@ static void conn_shutdown(struct Curl_easy *data, struct connectdata *conn) /* close the SSL stuff before we close any sockets since they will/may write to the sockets */ Curl_ssl_close(data, conn, FIRSTSOCKET); +#ifndef CURL_DISABLE_FTP Curl_ssl_close(data, conn, SECONDARYSOCKET); +#endif /* close possibly still open sockets */ if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) @@ -794,6 +781,7 @@ static void conn_free(struct connectdata *conn) Curl_safefree(conn->passwd); Curl_safefree(conn->sasl_authzid); Curl_safefree(conn->options); + Curl_safefree(conn->oauth_bearer); Curl_dyn_free(&conn->trailer); Curl_safefree(conn->host.rawalloc); /* host name buffer */ Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */ @@ -830,8 +818,8 @@ static void conn_free(struct connectdata *conn) * */ -CURLcode Curl_disconnect(struct Curl_easy *data, - struct connectdata *conn, bool dead_connection) +void Curl_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead_connection) { /* there must be a connection to close */ DEBUGASSERT(conn); @@ -851,7 +839,7 @@ CURLcode Curl_disconnect(struct Curl_easy *data, */ if(CONN_INUSE(conn) && !dead_connection) { DEBUGF(infof(data, "Curl_disconnect when inuse: %zu", CONN_INUSE(conn))); - return CURLE_OK; + return; } if(conn->dns_entry) { @@ -871,7 +859,7 @@ CURLcode Curl_disconnect(struct Curl_easy *data, /* temporarily attach the connection to this transfer handle for the disconnect and shutdown */ - Curl_attach_connnection(data, conn); + Curl_attach_connection(data, conn); if(conn->handler->disconnect) /* This is set if protocol-specific cleanups should be made */ @@ -880,10 +868,9 @@ CURLcode Curl_disconnect(struct Curl_easy *data, conn_shutdown(data, conn); /* detach it again */ - Curl_detach_connnection(data); + Curl_detach_connection(data); conn_free(conn); - return CURLE_OK; } /* @@ -949,7 +936,7 @@ socks_proxy_info_matches(const struct proxy_info *data, /* the user information is case-sensitive or at least it is not defined as case-insensitive - see https://tools.ietf.org/html/rfc3986#section-3.2.1 */ + see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */ if(!data->user != !needle->user) return FALSE; /* curl_strequal does a case insentive comparison, so do not use it here! */ @@ -1033,12 +1020,12 @@ static bool extract_if_dead(struct connectdata *conn, /* briefly attach the connection to this transfer for the purpose of checking it */ - Curl_attach_connnection(data, conn); + Curl_attach_connection(data, conn); state = conn->handler->connection_check(data, conn, CONNCHECK_ISDEAD); dead = (state & CONNRESULT_DEAD); /* detach the connection again */ - Curl_detach_connnection(data); + Curl_detach_connection(data); } else { @@ -1047,7 +1034,7 @@ static bool extract_if_dead(struct connectdata *conn, } if(dead) { - infof(data, "Connection %ld seems to be dead!", conn->connection_id); + infof(data, "Connection %ld seems to be dead", conn->connection_id); Curl_conncache_remove_conn(data, conn, FALSE); return TRUE; } @@ -1105,7 +1092,7 @@ static void prune_dead_connections(struct Curl_easy *data) Curl_conncache_remove_conn(data, prune.extracted, TRUE); /* disconnect it */ - (void)Curl_disconnect(data, prune.extracted, TRUE); + Curl_disconnect(data, prune.extracted, TRUE); } CONNCACHE_LOCK(data); data->state.conn_cache->last_cleanup = now; @@ -1113,6 +1100,12 @@ static void prune_dead_connections(struct Curl_easy *data) } } +static bool ssh_config_matches(struct connectdata *one, + struct connectdata *two) +{ + return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) && + Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub)); +} /* * Given one filled in connection struct (named needle), this function should * detect if there already is one that has all the significant details @@ -1136,7 +1129,6 @@ ConnectionExists(struct Curl_easy *data, bool foundPendingCandidate = FALSE; bool canmultiplex = IsMultiplexingPossible(data, needle); struct connectbundle *bundle; - const char *hostbundle; #ifdef USE_NTLM bool wantNTLMhttp = ((data->state.authhost.want & @@ -1157,15 +1149,14 @@ ConnectionExists(struct Curl_easy *data, /* Look up the bundle with all the connections to this particular host. Locks the connection cache, beware of early returns! */ - bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache, - &hostbundle); + bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache); if(bundle) { /* Max pipe length is zero (unlimited) for multiplexed connections */ struct Curl_llist_element *curr; - infof(data, "Found bundle for host %s: %p [%s]", - hostbundle, (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? - "can multiplex" : "serially")); + infof(data, "Found bundle for host: %p [%s]", + (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? + "can multiplex" : "serially")); /* We can't multiplex if we don't know anything about the server */ if(canmultiplex) { @@ -1182,11 +1173,11 @@ ConnectionExists(struct Curl_easy *data, } if((bundle->multiuse == BUNDLE_MULTIPLEX) && !Curl_multiplex_wanted(data->multi)) { - infof(data, "Could multiplex, but not asked to!"); + infof(data, "Could multiplex, but not asked to"); canmultiplex = FALSE; } if(bundle->multiuse == BUNDLE_NO_MULTIUSE) { - infof(data, "Can not multiplex, even if we wanted to!"); + infof(data, "Can not multiplex, even if we wanted to"); canmultiplex = FALSE; } } @@ -1209,7 +1200,7 @@ ConnectionExists(struct Curl_easy *data, if(extract_if_dead(check, data)) { /* disconnect it */ - (void)Curl_disconnect(data, check, TRUE); + Curl_disconnect(data, check, TRUE); continue; } @@ -1356,7 +1347,9 @@ ConnectionExists(struct Curl_easy *data, /* This protocol requires credentials per connection, so verify that we're using the same name and password as well */ if(strcmp(needle->user, check->user) || - strcmp(needle->passwd, check->passwd)) { + strcmp(needle->passwd, check->passwd) || + !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) || + !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) { /* one of them was different */ continue; } @@ -1369,6 +1362,11 @@ ConnectionExists(struct Curl_easy *data, (data->state.httpwant < CURL_HTTP_VERSION_2_0)) continue; + if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { + if(!ssh_config_matches(needle, check)) + continue; + } + if((needle->handler->flags&PROTOPT_SSL) #ifndef CURL_DISABLE_PROXY || !needle->bits.httpproxy || needle->bits.tunnel_proxy @@ -1507,7 +1505,7 @@ ConnectionExists(struct Curl_easy *data, #endif /* When not multiplexed, we have a match here! */ chosen = check; - infof(data, "Multiplexed connection found!"); + infof(data, "Multiplexed connection found"); break; } else { @@ -1521,7 +1519,7 @@ ConnectionExists(struct Curl_easy *data, if(chosen) { /* mark it as used before releasing the lock */ - Curl_attach_connnection(data, chosen); + Curl_attach_connection(data, chosen); CONNCACHE_UNLOCK(data); *usethis = chosen; return TRUE; /* yes, we found one to use! */ @@ -1575,20 +1573,6 @@ bool Curl_is_ASCII_name(const char *hostname) } /* - * Strip single trailing dot in the hostname, - * primarily for SNI and http host header. - */ -static void strip_trailing_dot(struct hostname *host) -{ - size_t len; - if(!host || !host->name) - return; - len = strlen(host->name); - if(len && (host->name[len-1] == '.')) - host->name[len-1] = 0; -} - -/* * Perform any necessary IDN conversion of hostname */ CURLcode Curl_idnconvert_hostname(struct Curl_easy *data, @@ -1690,18 +1674,35 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) Note that these backend pointers can be swapped by vtls (eg ssl backend data becomes proxy backend data). */ { - size_t sslsize = Curl_ssl->sizeof_ssl_backend_data; - char *ssl = calloc(SSL_BACKEND_CNT, sslsize); + size_t onesize = Curl_ssl->sizeof_ssl_backend_data; + size_t totalsize = onesize; + char *ssl; + +#ifndef CURL_DISABLE_FTP + totalsize *= 2; +#endif +#ifndef CURL_DISABLE_PROXY + totalsize *= 2; +#endif + + ssl = calloc(1, totalsize); if(!ssl) { free(conn); return NULL; } conn->ssl_extra = ssl; - conn->ssl[0].backend = (void *)ssl; - conn->ssl[1].backend = (void *)(ssl + sslsize); + conn->ssl[FIRSTSOCKET].backend = (void *)ssl; +#ifndef CURL_DISABLE_FTP + ssl += onesize; + conn->ssl[SECONDARYSOCKET].backend = (void *)ssl; +#endif #ifndef CURL_DISABLE_PROXY - conn->proxy_ssl[0].backend = (void *)(ssl + 2 * sslsize); - conn->proxy_ssl[1].backend = (void *)(ssl + 3 * sslsize); + ssl += onesize; + conn->proxy_ssl[FIRSTSOCKET].backend = (void *)ssl; +#ifndef CURL_DISABLE_FTP + ssl += onesize; + conn->proxy_ssl[SECONDARYSOCKET].backend = (void *)ssl; +#endif #endif } #endif @@ -1761,7 +1762,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy; #endif /* CURL_DISABLE_PROXY */ - conn->bits.user_passwd = (data->state.aptr.user) ? TRUE : FALSE; #ifndef CURL_DISABLE_FTP conn->bits.ftp_use_epsv = data->set.ftp_use_epsv; conn->bits.ftp_use_eprt = data->set.ftp_use_eprt; @@ -1769,11 +1769,17 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus; conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; + conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options; +#ifdef USE_TLS_SRP +#endif #ifndef CURL_DISABLE_PROXY conn->proxy_ssl_config.verifystatus = data->set.proxy_ssl.primary.verifystatus; conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; + conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options; +#ifdef USE_TLS_SRP +#endif #endif conn->ip_version = data->set.ipver; conn->bits.connect_only = data->set.connect_only; @@ -1882,6 +1888,7 @@ CURLcode Curl_uc_to_curlcode(CURLUcode uc) } } +#ifdef ENABLE_IPV6 /* * If the URL was set with an IPv6 numerical address with a zone id part, set * the scope_id based on that! @@ -1931,6 +1938,9 @@ static void zonefrom_url(CURLU *uh, struct Curl_easy *data, free(zoneid); } } +#else +#define zonefrom_url(a,b,c) Curl_nop_stmt +#endif /* * Parse URL and fill in the relevant members of the connection struct. @@ -2038,45 +2048,47 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, * User name and password set with their own options override the * credentials possibly set in the URL. */ - if(!data->state.aptr.user) { - /* we don't use the URL API's URL decoder option here since it rejects - control codes and we want to allow them for some schemes in the user - and password fields */ - uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, 0); + if(!data->state.aptr.passwd) { + uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0); if(!uc) { char *decoded; - result = Curl_urldecode(NULL, data->state.up.user, 0, &decoded, NULL, + result = Curl_urldecode(data->state.up.password, 0, &decoded, NULL, conn->handler->flags&PROTOPT_USERPWDCTRL ? REJECT_ZERO : REJECT_CTRL); if(result) return result; - conn->user = decoded; - conn->bits.user_passwd = TRUE; - result = Curl_setstropt(&data->state.aptr.user, decoded); + conn->passwd = decoded; + result = Curl_setstropt(&data->state.aptr.passwd, decoded); if(result) return result; } - else if(uc != CURLUE_NO_USER) + else if(uc != CURLUE_NO_PASSWORD) return Curl_uc_to_curlcode(uc); } - if(!data->state.aptr.passwd) { - uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, 0); + if(!data->state.aptr.user) { + /* we don't use the URL API's URL decoder option here since it rejects + control codes and we want to allow them for some schemes in the user + and password fields */ + uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, 0); if(!uc) { char *decoded; - result = Curl_urldecode(NULL, data->state.up.password, 0, &decoded, NULL, + result = Curl_urldecode(data->state.up.user, 0, &decoded, NULL, conn->handler->flags&PROTOPT_USERPWDCTRL ? REJECT_ZERO : REJECT_CTRL); if(result) return result; - conn->passwd = decoded; - conn->bits.user_passwd = TRUE; - result = Curl_setstropt(&data->state.aptr.passwd, decoded); - if(result) - return result; + conn->user = decoded; + result = Curl_setstropt(&data->state.aptr.user, decoded); } - else if(uc != CURLUE_NO_PASSWORD) + else if(uc != CURLUE_NO_USER) return Curl_uc_to_curlcode(uc); + else if(data->state.aptr.passwd) { + /* no user was set but a password, set a blank user */ + result = Curl_setstropt(&data->state.aptr.user, ""); + } + if(result) + return result; } uc = curl_url_get(uh, CURLUPART_OPTIONS, &data->state.up.options, @@ -2128,9 +2140,11 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; conn->host.name = conn->host.rawalloc; +#ifdef ENABLE_IPV6 if(data->set.scope_id) /* Override any scope that was set above. */ conn->scope_id = data->set.scope_id; +#endif return CURLE_OK; } @@ -2560,14 +2574,14 @@ static CURLcode parse_proxy_auth(struct Curl_easy *data, CURLcode result = CURLE_OK; if(proxyuser) { - result = Curl_urldecode(data, proxyuser, 0, &conn->http_proxy.user, NULL, + result = Curl_urldecode(proxyuser, 0, &conn->http_proxy.user, NULL, REJECT_ZERO); if(!result) result = Curl_setstropt(&data->state.aptr.proxyuser, conn->http_proxy.user); } if(!result && proxypasswd) { - result = Curl_urldecode(data, proxypasswd, 0, &conn->http_proxy.passwd, + result = Curl_urldecode(proxypasswd, 0, &conn->http_proxy.passwd, NULL, REJECT_ZERO); if(!result) result = Curl_setstropt(&data->state.aptr.proxypasswd, @@ -2922,10 +2936,10 @@ static CURLcode override_login(struct Curl_easy *data, char **optionsp = &conn->options; #ifndef CURL_DISABLE_NETRC - if(data->set.use_netrc == CURL_NETRC_REQUIRED && conn->bits.user_passwd) { + if(data->set.use_netrc == CURL_NETRC_REQUIRED && data->state.aptr.user) { Curl_safefree(*userp); Curl_safefree(*passwdp); - conn->bits.user_passwd = FALSE; /* disable user+password */ + Curl_safefree(data->state.aptr.user); /* disable user+password */ } #endif @@ -2942,6 +2956,13 @@ static CURLcode override_login(struct Curl_easy *data, bool netrc_user_changed = FALSE; bool netrc_passwd_changed = FALSE; int ret; + bool url_provided = FALSE; + + if(data->state.up.user) { + /* there was a user name in the URL */ + userp = &data->state.up.user; + url_provided = TRUE; + } ret = Curl_parsenetrc(conn->host.name, userp, passwdp, @@ -2959,29 +2980,37 @@ static CURLcode override_login(struct Curl_easy *data, file, so that it is safe to use even if we followed a Location: to a different host or similar. */ conn->bits.netrc = TRUE; - conn->bits.user_passwd = TRUE; /* enable user+password */ + } + if(url_provided) { + Curl_safefree(conn->user); + conn->user = strdup(*userp); + if(!conn->user) + return CURLE_OUT_OF_MEMORY; + /* don't update the user name below */ + userp = NULL; } } #endif /* for updated strings, we update them in the URL */ - if(*userp) { - CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp); - if(result) - return result; - } - if(data->state.aptr.user) { - uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user, - CURLU_URLENCODE); - if(uc) - return Curl_uc_to_curlcode(uc); - if(!*userp) { - *userp = strdup(data->state.aptr.user); - if(!*userp) - return CURLE_OUT_OF_MEMORY; + if(userp) { + if(*userp) { + CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp); + if(result) + return result; + } + if(data->state.aptr.user) { + uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user, + CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + if(!*userp) { + *userp = strdup(data->state.aptr.user); + if(!*userp) + return CURLE_OUT_OF_MEMORY; + } } } - if(*passwdp) { CURLcode result = Curl_setstropt(&data->state.aptr.passwd, *passwdp); if(result) @@ -3005,14 +3034,15 @@ static CURLcode override_login(struct Curl_easy *data, /* * Set the login details so they're available in the connection */ -static CURLcode set_login(struct connectdata *conn) +static CURLcode set_login(struct Curl_easy *data, + struct connectdata *conn) { CURLcode result = CURLE_OK; const char *setuser = CURL_DEFAULT_USER; const char *setpasswd = CURL_DEFAULT_PASSWORD; /* If our protocol needs a password and we have none, use the defaults */ - if((conn->handler->flags & PROTOPT_NEEDSPWD) && !conn->bits.user_passwd) + if((conn->handler->flags & PROTOPT_NEEDSPWD) && !data->state.aptr.user) ; else { setuser = ""; @@ -3098,7 +3128,7 @@ static CURLcode parse_connect_to_host_port(struct Curl_easy *data, * name nor a numeric can legally start with a bracket. */ #else - failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in!"); + failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in"); result = CURLE_NOT_BUILT_IN; goto error; #endif @@ -3269,16 +3299,16 @@ static CURLcode parse_connect_to_slist(struct Curl_easy *data, bool hit; struct altsvc *as; const int allowed_versions = ( ALPN_h1 -#ifdef USE_NGHTTP2 - | ALPN_h2 +#ifdef USE_HTTP2 + | ALPN_h2 #endif #ifdef ENABLE_QUIC - | ALPN_h3 + | ALPN_h3 #endif ) & data->asi->flags; host = conn->host.rawalloc; -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 /* with h2 support, check that first */ srcalpnid = ALPN_h2; hit = Curl_altsvc_lookup(data->asi, @@ -3389,7 +3419,7 @@ static CURLcode resolve_server(struct Curl_easy *data, else #endif - if(!conn->bits.proxy) { + if(!CONN_IS_PROXIED(conn)) { struct hostname *connhost; if(conn->bits.conn_to_host) connhost = &conn->conn_to_host; @@ -3486,8 +3516,7 @@ static void reuse_conn(struct Curl_easy *data, /* get the user+password information from the old_conn struct since it may * be new for this request even when we re-use an existing connection */ - conn->bits.user_passwd = old_conn->bits.user_passwd; - if(conn->bits.user_passwd) { + if(old_conn->user) { /* use the new user name and password though */ Curl_safefree(conn->user); Curl_safefree(conn->passwd); @@ -3626,6 +3655,14 @@ static CURLcode create_conn(struct Curl_easy *data, } } + if(data->set.str[STRING_BEARER]) { + conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]); + if(!conn->oauth_bearer) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + } + #ifdef USE_UNIX_SOCKETS if(data->set.str[STRING_UNIX_SOCKET_PATH]) { conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]); @@ -3665,7 +3702,7 @@ static CURLcode create_conn(struct Curl_easy *data, if(result) goto out; - result = set_login(conn); /* default credentials */ + result = set_login(data, conn); /* default credentials */ if(result) goto out; @@ -3759,7 +3796,7 @@ static CURLcode create_conn(struct Curl_easy *data, if(!result) { conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; /* we are "connected */ - Curl_attach_connnection(data, conn); + Curl_attach_connection(data, conn); result = Curl_conncache_add_conn(data); if(result) goto out; @@ -3828,7 +3865,8 @@ static CURLcode create_conn(struct Curl_easy *data, data->set.str[STRING_SSL_ISSUERCERT_PROXY]; data->set.proxy_ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; - data->set.proxy_ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE_PROXY]; + data->set.proxy_ssl.primary.CRLfile = + data->set.str[STRING_SSL_CRLFILE_PROXY]; data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; @@ -3836,18 +3874,20 @@ static CURLcode create_conn(struct Curl_easy *data, data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY]; data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; #endif - data->set.ssl.CRLfile = data->set.str[STRING_SSL_CRLFILE]; + data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE]; data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; data->set.ssl.key = data->set.str[STRING_KEY]; data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD]; data->set.ssl.primary.clientcert = data->set.str[STRING_CERT]; #ifdef USE_TLS_SRP - data->set.ssl.username = data->set.str[STRING_TLSAUTH_USERNAME]; - data->set.ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD]; + data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME]; + data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD]; #ifndef CURL_DISABLE_PROXY - data->set.proxy_ssl.username = data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; - data->set.proxy_ssl.password = data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; + data->set.proxy_ssl.primary.username = + data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; + data->set.proxy_ssl.primary.password = + data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; #endif #endif data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; @@ -3902,14 +3942,14 @@ static CURLcode create_conn(struct Curl_easy *data, *in_connect = conn; #ifndef CURL_DISABLE_PROXY - infof(data, "Re-using existing connection! (#%ld) with %s %s", + infof(data, "Re-using existing connection #%ld with %s %s", conn->connection_id, conn->bits.proxy?"proxy":"host", conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname : conn->http_proxy.host.name ? conn->http_proxy.host.dispname : conn->host.dispname); #else - infof(data, "Re-using existing connection! (#%ld) with host %s", + infof(data, "Re-using existing connection #%ld with host %s", conn->connection_id, conn->host.dispname); #endif } @@ -3933,10 +3973,8 @@ static CURLcode create_conn(struct Curl_easy *data, connections_available = FALSE; else { /* this gets a lock on the conncache */ - const char *bundlehost; struct connectbundle *bundle = - Curl_conncache_find_bundle(data, conn, data->state.conn_cache, - &bundlehost); + Curl_conncache_find_bundle(data, conn, data->state.conn_cache); if(max_host_connections > 0 && bundle && (bundle->num_connections >= max_host_connections)) { @@ -3947,10 +3985,10 @@ static CURLcode create_conn(struct Curl_easy *data, CONNCACHE_UNLOCK(data); if(conn_candidate) - (void)Curl_disconnect(data, conn_candidate, FALSE); + Curl_disconnect(data, conn_candidate, FALSE); else { - infof(data, "No more connections allowed to host %s: %zu", - bundlehost, max_host_connections); + infof(data, "No more connections allowed to host: %zu", + max_host_connections); connections_available = FALSE; } } @@ -3967,7 +4005,7 @@ static CURLcode create_conn(struct Curl_easy *data, /* The cache is full. Let's see if we can kill a connection. */ conn_candidate = Curl_conncache_extract_oldest(data); if(conn_candidate) - (void)Curl_disconnect(data, conn_candidate, FALSE); + Curl_disconnect(data, conn_candidate, FALSE); else { infof(data, "No connections available in cache"); connections_available = FALSE; @@ -3988,7 +4026,7 @@ static CURLcode create_conn(struct Curl_easy *data, * This is a brand new connection, so let's store it in the connection * cache of ours! */ - Curl_attach_connnection(data, conn); + Curl_attach_connection(data, conn); result = Curl_conncache_add_conn(data); if(result) goto out; @@ -4000,14 +4038,14 @@ static CURLcode create_conn(struct Curl_easy *data, connection based. */ if((data->state.authhost.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && data->state.authhost.done) { - infof(data, "NTLM picked AND auth done set, clear picked!"); + infof(data, "NTLM picked AND auth done set, clear picked"); data->state.authhost.picked = CURLAUTH_NONE; data->state.authhost.done = FALSE; } if((data->state.authproxy.picked & (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && data->state.authproxy.done) { - infof(data, "NTLM-proxy picked AND auth done set, clear picked!"); + infof(data, "NTLM-proxy picked AND auth done set, clear picked"); data->state.authproxy.picked = CURLAUTH_NONE; data->state.authproxy.done = FALSE; } @@ -4038,17 +4076,6 @@ static CURLcode create_conn(struct Curl_easy *data, *************************************************************/ result = resolve_server(data, conn, async); - /* Strip trailing dots. resolve_server copied the name. */ - strip_trailing_dot(&conn->host); -#ifndef CURL_DISABLE_PROXY - if(conn->bits.httpproxy) - strip_trailing_dot(&conn->http_proxy.host); - if(conn->bits.socksproxy) - strip_trailing_dot(&conn->socks_proxy.host); -#endif - if(conn->bits.conn_to_host) - strip_trailing_dot(&conn->conn_to_host); - out: return result; } @@ -4146,7 +4173,7 @@ CURLcode Curl_connect(struct Curl_easy *data, else if(result && conn) { /* We're not allowed to return failure with memory left allocated in the connectdata struct, free those here */ - Curl_detach_connnection(data); + Curl_detach_connection(data); Curl_conncache_remove_conn(data, conn, TRUE); Curl_disconnect(data, conn, TRUE); } diff --git a/libs/libcurl/src/url.h b/libs/libcurl/src/url.h index 929fc60f26..59a1c24919 100644 --- a/libs/libcurl/src/url.h +++ b/libs/libcurl/src/url.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,8 +35,8 @@ void Curl_freeset(struct Curl_easy *data); CURLcode Curl_uc_to_curlcode(CURLUcode uc); CURLcode Curl_close(struct Curl_easy **datap); /* opposite of curl_open() */ CURLcode Curl_connect(struct Curl_easy *, bool *async, bool *protocol_connect); -CURLcode Curl_disconnect(struct Curl_easy *data, - struct connectdata *, bool dead_connection); +void Curl_disconnect(struct Curl_easy *data, + struct connectdata *, bool dead_connection); CURLcode Curl_setup_conn(struct Curl_easy *data, bool *protocol_done); void Curl_free_request_state(struct Curl_easy *data); diff --git a/libs/libcurl/src/urlapi.c b/libs/libcurl/src/urlapi.c index d29aeb238f..2a36de6a58 100644 --- a/libs/libcurl/src/urlapi.c +++ b/libs/libcurl/src/urlapi.c @@ -90,16 +90,6 @@ static void free_urlhandle(struct Curl_URL *u) free(u->temppath); } -/* move the full contents of one handle onto another and - free the original */ -static void mv_urlhandle(struct Curl_URL *from, - struct Curl_URL *to) -{ - free_urlhandle(to); - *to = *from; - free(from); -} - /* * Find the separator at the end of the host name, or the '?' in cases like * http://www.url.com?id=2380 @@ -238,7 +228,7 @@ static void strcpy_url(char *output, const char *url, bool relative) */ bool Curl_is_absolute_url(const char *url, char *buf, size_t buflen) { - size_t i; + int i; DEBUGASSERT(!buf || (buflen > MAX_SCHEME_LEN)); (void)buflen; /* only used in debug-builds */ if(buf) @@ -688,8 +678,8 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname) #endif } else { - /* letters from the second string is not ok */ - len = strcspn(hostname, " \r\n"); + /* letters from the second string are not ok */ + len = strcspn(hostname, " \r\n\t/:#?!@"); if(hlen != len) /* hostname with bad content */ return CURLUE_BAD_HOSTNAME; @@ -804,8 +794,7 @@ static CURLUcode decode_host(char *hostname, char **outp) else { /* might be encoded */ size_t dlen; - CURLcode result = Curl_urldecode(NULL, hostname, 0, - outp, &dlen, REJECT_CTRL); + CURLcode result = Curl_urldecode(hostname, 0, outp, &dlen, REJECT_CTRL); if(result) return CURLUE_BAD_HOSTNAME; } @@ -1005,9 +994,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) return CURLUE_NO_HOST; } - len = strlen(p); - memcpy(path, p, len); - path[len] = 0; + strcpy(path, p); if(schemep) { u->scheme = strdup(schemep); @@ -1157,6 +1144,25 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) } /* + * Parse the URL and, if successful, replace everything in the Curl_URL struct. + */ +static CURLUcode parseurl_and_replace(const char *url, CURLU *u, + unsigned int flags) +{ + CURLUcode result; + CURLU tmpurl; + memset(&tmpurl, 0, sizeof(tmpurl)); + result = parseurl(url, &tmpurl, flags); + if(!result) { + free_urlhandle(u); + *u = tmpurl; + } + else + free_urlhandle(&tmpurl); + return result; +} + +/* */ CURLU *curl_url(void) { @@ -1422,8 +1428,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what, size_t dlen; /* this unconditional rejection of control bytes is documented API behavior */ - CURLcode res = Curl_urldecode(NULL, *part, 0, &decoded, &dlen, - REJECT_CTRL); + CURLcode res = Curl_urldecode(*part, 0, &decoded, &dlen, REJECT_CTRL); free(*part); if(res) { *part = NULL; @@ -1564,52 +1569,24 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, CURLUcode result; char *oldurl; char *redired_url; - CURLU *handle2; - if(Curl_is_absolute_url(part, NULL, 0)) { - handle2 = curl_url(); - if(!handle2) - return CURLUE_OUT_OF_MEMORY; - result = parseurl(part, handle2, flags); - if(!result) - mv_urlhandle(handle2, u); - else - curl_url_cleanup(handle2); - return result; - } - /* extract the full "old" URL to do the redirect on */ - result = curl_url_get(u, CURLUPART_URL, &oldurl, flags); - if(result) { - /* couldn't get the old URL, just use the new! */ - handle2 = curl_url(); - if(!handle2) - return CURLUE_OUT_OF_MEMORY; - result = parseurl(part, handle2, flags); - if(!result) - mv_urlhandle(handle2, u); - else - curl_url_cleanup(handle2); - return result; + /* if the new thing is absolute or the old one is not + * (we could not get an absolute url in 'oldurl'), + * then replace the existing with the new. */ + if(Curl_is_absolute_url(part, NULL, 0) + || curl_url_get(u, CURLUPART_URL, &oldurl, flags)) { + return parseurl_and_replace(part, u, flags); } - /* apply the relative part to create a new URL */ + /* apply the relative part to create a new URL + * and replace the existing one with it. */ redired_url = concat_url(oldurl, part); free(oldurl); if(!redired_url) return CURLUE_OUT_OF_MEMORY; - /* now parse the new URL */ - handle2 = curl_url(); - if(!handle2) { - free(redired_url); - return CURLUE_OUT_OF_MEMORY; - } - result = parseurl(redired_url, handle2, flags); + result = parseurl_and_replace(redired_url, u, flags); free(redired_url); - if(!result) - mv_urlhandle(handle2, u); - else - curl_url_cleanup(handle2); return result; } default: diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h index cc9c888709..584434d774 100644 --- a/libs/libcurl/src/urldata.h +++ b/libs/libcurl/src/urldata.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -253,10 +253,17 @@ struct ssl_primary_config { char *cipher_list; /* list of ciphers to use */ char *cipher_list13; /* list of TLS 1.3 cipher suites to use */ char *pinned_key; + char *CRLfile; /* CRL to check certificate revocation */ struct curl_blob *cert_blob; struct curl_blob *ca_info_blob; struct curl_blob *issuercert_blob; +#ifdef USE_TLS_SRP + char *username; /* TLS username (for, e.g., SRP) */ + char *password; /* TLS password (for, e.g., SRP) */ + enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */ +#endif char *curves; /* list of curves to use */ + unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */ BIT(verifypeer); /* set TRUE if this is desired */ BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */ BIT(verifystatus); /* set TRUE if certificate status must be checked */ @@ -266,7 +273,6 @@ struct ssl_primary_config { struct ssl_config_data { struct ssl_primary_config primary; long certverifyresult; /* result from the certificate verification */ - char *CRLfile; /* CRL to check certificate revocation */ curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */ void *fsslctxp; /* parameter for call back */ char *cert_type; /* format for certificate (default: PEM)*/ @@ -274,11 +280,6 @@ struct ssl_config_data { struct curl_blob *key_blob; char *key_type; /* format for private key (default: PEM) */ char *key_passwd; /* plain text private key password */ -#ifdef USE_TLS_SRP - char *username; /* TLS username (for, e.g., SRP) */ - char *password; /* TLS password (for, e.g., SRP) */ - enum CURL_TLSAUTH authtype; /* TLS authentication type (default SRP) */ -#endif BIT(certinfo); /* gather lots of certificate info */ BIT(falsestart); BIT(enable_beast); /* allow this flaw for interoperability's sake*/ @@ -352,10 +353,6 @@ typedef enum { GSS_AUTHSUCC } curlnegotiate; -#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) -#include <iconv.h> -#endif - /* Struct used for GSSAPI (Kerberos V5) authentication */ #if defined(USE_KERBEROS5) struct kerberos5data { @@ -450,6 +447,11 @@ struct negotiatedata { }; #endif +#ifdef CURL_DISABLE_PROXY +#define CONN_IS_PROXIED(x) 0 +#else +#define CONN_IS_PROXIED(x) x->bits.proxy +#endif /* * Boolean values that concerns this connection. @@ -470,6 +472,7 @@ struct ConnectBits { BIT(proxy_connect_closed); /* TRUE if a proxy disconnected the connection in a CONNECT request with auth, so that libcurl should reconnect and continue. */ + BIT(proxy); /* if set, this transfer is done through a proxy - any type */ #endif /* always modify bits.close with the connclose() and connkeep() macros! */ BIT(close); /* if set, we close the connection after this request */ @@ -479,8 +482,6 @@ struct ConnectBits { that overrides the host in the URL */ BIT(conn_to_port); /* if set, this connection has a "connect to port" that overrides the port in the URL (remote port) */ - BIT(proxy); /* if set, this transfer is done through a proxy - any type */ - BIT(user_passwd); /* do we use user+password for this connection? */ BIT(ipv6_ip); /* we communicate with a remote site specified with pure IPv6 IP address */ BIT(ipv6); /* we communicate with a site using an IPv6 address */ @@ -939,8 +940,9 @@ struct connectdata { cache entry remains locked. It gets unlocked in multi_done() */ struct Curl_addrinfo *ip_addr; struct Curl_addrinfo *tempaddr[2]; /* for happy eyeballs */ - +#ifdef ENABLE_IPV6 unsigned int scope_id; /* Scope id for IPv6 */ +#endif enum { TRNSPRT_TCP = 3, @@ -982,7 +984,8 @@ struct connectdata { char *user; /* user name string, allocated */ char *passwd; /* password string, allocated */ char *options; /* options string, allocated */ - char *sasl_authzid; /* authorisation identity string, allocated */ + char *sasl_authzid; /* authorization identity string, allocated */ + char *oauth_bearer; /* OAUTH2 bearer, allocated */ unsigned char httpversion; /* the HTTP version*10 reported by the server */ struct curltime now; /* "current" time */ struct curltime created; /* creation time */ @@ -1158,7 +1161,11 @@ struct PureInfo { reused, in the connection cache. */ char conn_primary_ip[MAX_IPADR_LEN]; - int conn_primary_port; + int conn_primary_port; /* this is the destination port to the connection, + which might have been a proxy */ + int conn_remote_port; /* this is the "remote port", which is the port + number of the used URL, independent of proxy or + not */ char conn_local_ip[MAX_IPADR_LEN]; int conn_local_port; const char *conn_scheme; @@ -1327,14 +1334,16 @@ struct UrlState { char *ulbuf; /* allocated upload buffer or NULL */ curl_off_t current_speed; /* the ProgressShow() function sets this, bytes / second */ - char *first_host; /* host name of the first (not followed) request. - if set, this should be the host name that we will - sent authorization to, no else. Used to make Location: - following not keep sending user+password... This is - strdup() data. - */ + + /* host name, port number and protocol of the first (not followed) request. + if set, this should be the host name that we will sent authorization to, + no else. Used to make Location: following not keep sending user+password. + This is strdup()ed data. */ + char *first_host; + int first_remote_port; + unsigned int first_remote_protocol; + int retrycount; /* number of retries on a new connection */ - int first_remote_port; /* remote port of the first (not followed) request */ struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */ long sessionage; /* number of the most recent session */ struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */ @@ -1342,6 +1351,7 @@ struct UrlState { int os_errno; /* filled in with errno whenever an error occurs */ char *scratch; /* huge buffer[set.buffer_size*2] for upload CRLF replacing */ long followlocation; /* redirect counter */ + int requests; /* request counter: redirects + authentication retakes */ #ifdef HAVE_SIGNAL /* storage for the previous bag^H^H^HSIGPIPE signal handler :-) */ void (*prev_signal)(int sig); @@ -1413,6 +1423,8 @@ struct UrlState { size_t trailers_bytes_sent; struct dynbuf trailers_buf; /* a buffer containing the compiled trailing headers */ + struct Curl_llist httphdrs; /* received headers */ + struct curl_header headerout; /* for external purposes */ #endif trailers_state trailers_state; /* whether we are sending trailers and what stage are we at */ @@ -1659,13 +1671,6 @@ struct UserDefined { void *prereq_userp; /* pre-initial request user data */ void *seek_client; /* pointer to pass to the seek callback */ - /* the 3 curl_conv_callback functions below are used on non-ASCII hosts */ - /* function to convert from the network encoding: */ - curl_conv_callback convfromnetwork; - /* function to convert to the network encoding: */ - curl_conv_callback convtonetwork; - /* function to convert from UTF-8 encoding: */ - curl_conv_callback convfromutf8; #ifndef CURL_DISABLE_HSTS curl_hstsread_callback hsts_read; void *hsts_read_userp; @@ -1749,7 +1754,9 @@ struct UserDefined { long ssh_auth_types; /* allowed SSH auth types */ char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */ struct curl_blob *blobs[BLOB_LAST]; +#ifdef ENABLE_IPV6 unsigned int scope_id; /* Scope id for IPv6 */ +#endif long allowed_protocols; long redir_protocols; long mime_options; /* Mime option flags. */ @@ -1949,11 +1956,6 @@ struct Curl_easy { struct PureInfo info; /* stats, reports and info data */ struct curl_tlssessioninfo tsi; /* Information about the TLS session, only valid after a client has asked for it */ -#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV) - iconv_t outbound_cd; /* for translating to the network encoding */ - iconv_t inbound_cd; /* for translating from the network encoding */ - iconv_t utf8_cd; /* for translating to UTF8 */ -#endif /* CURL_DOES_CONVERSIONS && HAVE_ICONV */ #ifdef USE_HYPER struct hyptransfer hyp; #endif diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c index d8aac66bda..d4616095da 100644 --- a/libs/libcurl/src/vauth/digest.c +++ b/libs/libcurl/src/vauth/digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -40,7 +40,6 @@ #include "warnless.h" #include "strtok.h" #include "strcase.h" -#include "non-ascii.h" /* included for Curl_convert_... prototypes */ #include "curl_printf.h" #include "rand.h" @@ -56,20 +55,7 @@ #define DIGEST_QOP_VALUE_STRING_AUTH "auth" #define DIGEST_QOP_VALUE_STRING_AUTH_INT "auth-int" #define DIGEST_QOP_VALUE_STRING_AUTH_CONF "auth-conf" - -/* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines. - It converts digest text to ASCII so the MD5 will be correct for - what ultimately goes over the network. -*/ -#define CURL_OUTPUT_DIGEST_CONV(a, b) \ - do { \ - result = Curl_convert_to_network(a, b, strlen(b)); \ - if(result) { \ - free(b); \ - return result; \ - } \ - } while(0) -#endif /* !USE_WINDOWS_SSPI */ +#endif bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, const char **endptr) @@ -692,7 +678,7 @@ static CURLcode auth_create_digest_http_message( if(result) return result; - result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf), + result = Curl_base64_encode(cnoncebuf, strlen(cnoncebuf), &cnonce, &cnonce_sz); if(result) return result; @@ -705,7 +691,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, (unsigned char *)userh); @@ -726,7 +711,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, ha1); @@ -739,7 +723,6 @@ static CURLcode auth_create_digest_http_message( if(!tmp) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, tmp); /* Convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) tmp, strlen(tmp)); free(tmp); convert_to_ascii(hashbuf, ha1); @@ -778,7 +761,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, ha2); @@ -794,7 +776,6 @@ static CURLcode auth_create_digest_http_message( if(!hashthis) return CURLE_OUT_OF_MEMORY; - CURL_OUTPUT_DIGEST_CONV(data, hashthis); /* convert on non-ASCII machines */ hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis)); free(hashthis); convert_to_ascii(hashbuf, request_digest); diff --git a/libs/libcurl/src/vauth/ntlm.c b/libs/libcurl/src/vauth/ntlm.c index 04f6590acf..115f70b0e1 100644 --- a/libs/libcurl/src/vauth/ntlm.c +++ b/libs/libcurl/src/vauth/ntlm.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,7 +34,6 @@ #define DEBUG_ME 0 #include "urldata.h" -#include "non-ascii.h" #include "sendf.h" #include "curl_ntlm_core.h" #include "curl_gethostname.h" @@ -383,12 +382,6 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, /* Clean up any former leftovers and initialise to defaults */ Curl_auth_cleanup_ntlm(ntlm); -#if defined(USE_NTRESPONSES) && \ - (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2)) -#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY -#else -#define NTLM2FLAG 0 -#endif ntlmbuf = aprintf(NTLMSSP_SIGNATURE "%c" "\x01%c%c%c" /* 32-bit type = 1 */ "%c%c%c%c" /* 32-bit NTLM flag field */ @@ -408,7 +401,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN), SHORTPAIR(domlen), SHORTPAIR(domlen), @@ -433,18 +426,18 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data, LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN), NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN); ntlm_print_flags(stderr, NTLMFLAG_NEGOTIATE_OEM | NTLMFLAG_REQUEST_TARGET | NTLMFLAG_NEGOTIATE_NTLM_KEY | - NTLM2FLAG | + NTLMFLAG_NEGOTIATE_NTLM2_KEY | NTLMFLAG_NEGOTIATE_ALWAYS_SIGN); fprintf(stderr, "\n****\n"); }); @@ -498,13 +491,11 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, unsigned char ntlmbuf[NTLM_BUFSIZE]; int lmrespoff; unsigned char lmresp[24]; /* fixed-size */ -#ifdef USE_NTRESPONSES int ntrespoff; unsigned int ntresplen = 24; unsigned char ntresp[24]; /* fixed-size */ unsigned char *ptr_ntresp = &ntresp[0]; unsigned char *ntlmv2resp = NULL; -#endif bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE; char host[HOSTNAME_MAX + 1] = ""; const char *user; @@ -533,19 +524,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, /* Get the machine's un-qualified host name as NTLM doesn't like the fully qualified domain name */ if(Curl_gethostname(host, sizeof(host))) { - infof(data, "gethostname() failed, continuing without!"); + infof(data, "gethostname() failed, continuing without"); hostlen = 0; } else { hostlen = strlen(host); } -#if defined(USE_NTRESPONSES) && \ - (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2)) - /* We don't support NTLM2 or extended security if we don't have - USE_NTRESPONSES */ if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) { -# if defined(USE_NTLM_V2) unsigned char ntbuffer[0x18]; unsigned char entropy[8]; unsigned char ntlmv2hash[0x18]; @@ -558,7 +544,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, if(result) return result; - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); + result = Curl_ntlm_core_mk_nt_hash(passwdp, ntbuffer); if(result) return result; @@ -580,67 +566,21 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, return result; ptr_ntresp = ntlmv2resp; -# else /* defined(USE_NTLM_V2) */ - unsigned char ntbuffer[0x18]; - unsigned char tmp[0x18]; - unsigned char md5sum[MD5_DIGEST_LEN]; - unsigned char entropy[8]; - - /* NTLM version 1 with extended security. */ - - /* Need to create 8 bytes random data */ - result = Curl_rand(data, entropy, 8); - if(result) - return result; - - /* 8 bytes random data as challenge in lmresp */ - memcpy(lmresp, entropy, 8); - - /* Pad with zeros */ - memset(lmresp + 8, 0, 0x10); - - /* Fill tmp with challenge(nonce?) + entropy */ - memcpy(tmp, &ntlm->nonce[0], 8); - memcpy(tmp + 8, entropy, 8); - - result = Curl_md5it(md5sum, tmp, 16); - if(result) - return result; - - /* We shall only use the first 8 bytes of md5sum, but the des code in - Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); - if(result) - return result; - - Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp); - - /* End of NTLM2 Session code */ - /* NTLM v2 session security is a misnomer because it is not NTLM v2. - It is NTLM v1 using the extended session security that is also - in NTLM v2 */ -# endif /* defined(USE_NTLM_V2) */ } - else -#endif - { + else { -#ifdef USE_NTRESPONSES unsigned char ntbuffer[0x18]; -#endif unsigned char lmbuffer[0x18]; /* NTLM version 1 */ -#ifdef USE_NTRESPONSES - result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer); + result = Curl_ntlm_core_mk_nt_hash(passwdp, ntbuffer); if(result) return result; Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp); -#endif - result = Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer); + result = Curl_ntlm_core_mk_lm_hash(passwdp, lmbuffer); if(result) return result; @@ -659,12 +599,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, } lmrespoff = 64; /* size of the message header */ -#ifdef USE_NTRESPONSES ntrespoff = lmrespoff + 0x18; domoff = ntrespoff + ntresplen; -#else - domoff = lmrespoff + 0x18; -#endif useroff = domoff + domlen; hostoff = useroff + userlen; @@ -719,17 +655,11 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, SHORTPAIR(lmrespoff), 0x0, 0x0, -#ifdef USE_NTRESPONSES SHORTPAIR(ntresplen), /* NT-response length, twice */ SHORTPAIR(ntresplen), SHORTPAIR(ntrespoff), 0x0, 0x0, -#else - 0x0, 0x0, - 0x0, 0x0, - 0x0, 0x0, - 0x0, 0x0, -#endif + SHORTPAIR(domlen), SHORTPAIR(domlen), SHORTPAIR(domoff), @@ -766,7 +696,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18); }); -#ifdef USE_NTRESPONSES /* ntresplen + size should not be risking an integer overflow here */ if(ntresplen + size > sizeof(ntlmbuf)) { failf(data, "incoming NTLM message too big"); @@ -783,8 +712,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, free(ntlmv2resp);/* Free the dynamic buffer allocated for NTLMv2 */ -#endif - DEBUG_OUT({ fprintf(stderr, "\n flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ", LONGQUARTET(ntlm->flags), ntlm->flags); @@ -823,12 +750,6 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, size += hostlen; - /* Convert domain, user, and host to ASCII but leave the rest as-is */ - result = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff], - size - domoff); - if(result) - return CURLE_CONV_FAILED; - /* Return the binary blob. */ result = Curl_bufref_memdup(out, ntlmbuf, size); diff --git a/libs/libcurl/src/vauth/spnego_gssapi.c b/libs/libcurl/src/vauth/spnego_gssapi.c index 8e8932bd03..8c1a3edd04 100644 --- a/libs/libcurl/src/vauth/spnego_gssapi.c +++ b/libs/libcurl/src/vauth/spnego_gssapi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -204,16 +204,14 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, * * Returns CURLE_OK on success. */ -CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data, - struct negotiatedata *nego, +CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, char **outptr, size_t *outlen) { CURLcode result; OM_uint32 minor_status; /* Base64 encode the already generated response */ - result = Curl_base64_encode(data, - nego->output_token.value, + result = Curl_base64_encode(nego->output_token.value, nego->output_token.length, outptr, outlen); diff --git a/libs/libcurl/src/vauth/spnego_sspi.c b/libs/libcurl/src/vauth/spnego_sspi.c index 68bb17da59..d219d8bb24 100644 --- a/libs/libcurl/src/vauth/spnego_sspi.c +++ b/libs/libcurl/src/vauth/spnego_sspi.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -301,27 +301,19 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, * * Returns CURLE_OK on success. */ -CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data, - struct negotiatedata *nego, +CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, char **outptr, size_t *outlen) { - CURLcode result; - /* Base64 encode the already generated response */ - result = Curl_base64_encode(data, - (const char *) nego->output_token, - nego->output_token_length, - outptr, outlen); - - if(result) - return result; - - if(!*outptr || !*outlen) { + CURLcode result = Curl_base64_encode((const char *) nego->output_token, + nego->output_token_length, outptr, + outlen); + if(!result && (!*outptr || !*outlen)) { free(*outptr); - return CURLE_REMOTE_ACCESS_DENIED; + result = CURLE_REMOTE_ACCESS_DENIED; } - return CURLE_OK; + return result; } /* diff --git a/libs/libcurl/src/vauth/vauth.h b/libs/libcurl/src/vauth/vauth.h index 47a7c0bc81..6e1237834a 100644 --- a/libs/libcurl/src/vauth/vauth.h +++ b/libs/libcurl/src/vauth/vauth.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2014 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2014 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -219,8 +219,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data, /* This is used to generate a base64 encoded SPNEGO (Negotiate) response message */ -CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data, - struct negotiatedata *nego, +CURLcode Curl_auth_create_spnego_message(struct negotiatedata *nego, char **outptr, size_t *outlen); /* This is used to clean up the SPNEGO specifiec data */ diff --git a/libs/libcurl/src/version.c b/libs/libcurl/src/version.c index c84ef85fb3..e37253df2a 100644 --- a/libs/libcurl/src/version.c +++ b/libs/libcurl/src/version.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -46,10 +46,6 @@ #include <libpsl.h> #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) -#include <iconv.h> -#endif - #ifdef USE_LIBRTMP #include <librtmp/rtmp.h> #endif @@ -106,7 +102,7 @@ static void zstd_version(char *buf, size_t bufsz) * zeros in the data. */ -#define VERSION_PARTS 17 /* number of substrings we can concatenate */ +#define VERSION_PARTS 16 /* number of substrings we can concatenate */ char *curl_version(void) { @@ -135,9 +131,6 @@ char *curl_version(void) #ifdef USE_LIBPSL char psl_version[40]; #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) - char iconv_version[40]="iconv"; -#endif #ifdef USE_SSH char ssh_version[40]; #endif @@ -206,15 +199,7 @@ char *curl_version(void) msnprintf(psl_version, sizeof(psl_version), "libpsl/%s", psl_get_version()); src[i++] = psl_version; #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) -#ifdef _LIBICONV_VERSION - msnprintf(iconv_version, sizeof(iconv_version), "iconv/%d.%d", - _LIBICONV_VERSION >> 8, _LIBICONV_VERSION & 255); -#else - /* version unknown, let the default stand */ -#endif /* _LIBICONV_VERSION */ - src[i++] = iconv_version; -#endif + #ifdef USE_SSH Curl_ssh_version(ssh_version, sizeof(ssh_version)); src[i++] = ssh_version; @@ -433,9 +418,6 @@ static curl_version_info_data version_info = { #if defined(WIN32) && defined(UNICODE) && defined(_UNICODE) | CURL_VERSION_UNICODE #endif -#if defined(CURL_DOES_CONVERSIONS) - | CURL_VERSION_CONV -#endif #if defined(USE_TLS_SRP) | CURL_VERSION_TLSAUTH_SRP #endif @@ -551,15 +533,6 @@ curl_version_info_data *curl_version_info(CURLversion stamp) version_info.features |= CURL_VERSION_IDN; #endif -#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS) -#ifdef _LIBICONV_VERSION - version_info.iconv_ver_num = _LIBICONV_VERSION; -#else - /* version unknown */ - version_info.iconv_ver_num = -1; -#endif /* _LIBICONV_VERSION */ -#endif - #if defined(USE_SSH) Curl_ssh_version(ssh_buffer, sizeof(ssh_buffer)); version_info.libssh_version = ssh_buffer; diff --git a/libs/libcurl/src/version_win32.c b/libs/libcurl/src/version_win32.c index 79a2aa6ab4..afdb1d6a72 100644 --- a/libs/libcurl/src/version_win32.c +++ b/libs/libcurl/src/version_win32.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016 - 2021, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2016 - 2022, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -76,6 +76,8 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, bool matched = FALSE; #if defined(CURL_WINDOWS_APP) + (void)buildVersion; + /* We have no way to determine the Windows version from Windows apps, so let's assume we're running on the target Windows version. */ const WORD fullVersion = MAKEWORD(minorVersion, majorVersion); diff --git a/libs/libcurl/src/vquic/msh3.c b/libs/libcurl/src/vquic/msh3.c new file mode 100644 index 0000000000..f7bd315be1 --- /dev/null +++ b/libs/libcurl/src/vquic/msh3.c @@ -0,0 +1,503 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#ifdef USE_MSH3 + +#include "urldata.h" +#include "curl_printf.h" +#include "timeval.h" +#include "multiif.h" +#include "sendf.h" +#include "connect.h" +#include "h2h3.h" +#include "msh3.h" + +/* #define DEBUG_HTTP3 1 */ +#ifdef DEBUG_HTTP3 +#define H3BUGF(x) x +#else +#define H3BUGF(x) do { } while(0) +#endif + +#define MSH3_REQ_INIT_BUF_LEN 8192 + +static CURLcode msh3_do_it(struct Curl_easy *data, bool *done); +static int msh3_getsock(struct Curl_easy *data, + struct connectdata *conn, curl_socket_t *socks); +static CURLcode msh3_disconnect(struct Curl_easy *data, + struct connectdata *conn, + bool dead_connection); +static unsigned int msh3_conncheck(struct Curl_easy *data, + struct connectdata *conn, + unsigned int checks_to_perform); +static Curl_recv msh3_stream_recv; +static Curl_send msh3_stream_send; +static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request, + void *IfContext, + const MSH3_HEADER *Header); +static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request, + void *IfContext, uint32_t Length, + const uint8_t *Data); +static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, + bool Aborted, uint64_t AbortError); +static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext); + +static const struct Curl_handler msh3_curl_handler_http3 = { + "HTTPS", /* scheme */ + ZERO_NULL, /* setup_connection */ + msh3_do_it, /* do_it */ + Curl_http_done, /* done */ + ZERO_NULL, /* do_more */ + ZERO_NULL, /* connect_it */ + ZERO_NULL, /* connecting */ + ZERO_NULL, /* doing */ + msh3_getsock, /* proto_getsock */ + msh3_getsock, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + msh3_getsock, /* perform_getsock */ + msh3_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + msh3_conncheck, /* connection_check */ + ZERO_NULL, /* attach connection */ + PORT_HTTP, /* defport */ + CURLPROTO_HTTPS, /* protocol */ + CURLPROTO_HTTP, /* family */ + PROTOPT_SSL | PROTOPT_STREAM /* flags */ +}; + +static const MSH3_REQUEST_IF msh3_request_if = { + msh3_header_received, + msh3_data_received, + msh3_complete, + msh3_shutdown +}; + +void Curl_quic_ver(char *p, size_t len) +{ + uint32_t v[4]; + MsH3Version(v); + (void)msnprintf(p, len, "msh3/%d.%d.%d.%d", v[0], v[1], v[2], v[3]); +} + +CURLcode Curl_quic_connect(struct Curl_easy *data, + struct connectdata *conn, + curl_socket_t sockfd, + int sockindex, + const struct sockaddr *addr, + socklen_t addrlen) +{ + struct quicsocket *qs = &conn->hequic[sockindex]; + bool unsecure = !conn->ssl_config.verifypeer; + memset(qs, 0, sizeof(*qs)); + + (void)sockfd; + (void)addr; /* TODO - Pass address along */ + (void)addrlen; + + H3BUGF(infof(data, "creating new api/connection")); + + qs->api = MsH3ApiOpen(); + if(!qs->api) { + failf(data, "can't create msh3 api"); + return CURLE_FAILED_INIT; + } + + qs->conn = MsH3ConnectionOpen(qs->api, + conn->host.name, + (uint16_t)conn->remote_port, + unsecure); + if(!qs->conn) { + failf(data, "can't create msh3 connection"); + if(qs->api) { + MsH3ApiClose(qs->api); + } + return CURLE_FAILED_INIT; + } + + return CURLE_OK; +} + +CURLcode Curl_quic_is_connected(struct Curl_easy *data, + struct connectdata *conn, + int sockindex, + bool *connected) +{ + struct quicsocket *qs = &conn->hequic[sockindex]; + MSH3_CONNECTION_STATE state; + + state = MsH3ConnectionGetState(qs->conn, false); + if(state == MSH3_CONN_HANDSHAKE_FAILED || state == MSH3_CONN_DISCONNECTED) { + failf(data, "failed to connect, state=%u", (uint32_t)state); + return CURLE_COULDNT_CONNECT; + } + + if(state == MSH3_CONN_CONNECTED) { + H3BUGF(infof(data, "connection connected")); + *connected = true; + conn->quic = qs; + conn->recv[sockindex] = msh3_stream_recv; + conn->send[sockindex] = msh3_stream_send; + conn->handler = &msh3_curl_handler_http3; + conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ + conn->httpversion = 30; + conn->bundle->multiuse = BUNDLE_MULTIPLEX; + /* TODO - Clean up other happy-eyeballs connection(s)? */ + } + + return CURLE_OK; +} + +static int msh3_getsock(struct Curl_easy *data, + struct connectdata *conn, curl_socket_t *socks) +{ + struct HTTP *stream = data->req.p.http; + int bitmap = GETSOCK_BLANK; + + socks[0] = conn->sock[FIRSTSOCKET]; + + if(stream->recv_error) { + bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); + data->state.drain++; + } + else if(stream->recv_header_len || stream->recv_data_len) { + bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); + data->state.drain++; + } + + H3BUGF(infof(data, "msh3_getsock %u", (uint32_t)data->state.drain)); + + return bitmap; +} + +static CURLcode msh3_do_it(struct Curl_easy *data, bool *done) +{ + struct HTTP *stream = data->req.p.http; + H3BUGF(infof(data, "msh3_do_it")); + stream->recv_buf = malloc(MSH3_REQ_INIT_BUF_LEN); + if(!stream->recv_buf) { + return CURLE_OUT_OF_MEMORY; + } + stream->req = ZERO_NULL; + msh3_lock_initialize(&stream->recv_lock); + stream->recv_buf_alloc = MSH3_REQ_INIT_BUF_LEN; + stream->recv_header_len = 0; + stream->recv_header_complete = false; + stream->recv_data_len = 0; + stream->recv_data_complete = false; + stream->recv_error = CURLE_OK; + return Curl_http(data, done); +} + +static unsigned int msh3_conncheck(struct Curl_easy *data, + struct connectdata *conn, + unsigned int checks_to_perform) +{ + (void)data; + (void)conn; + (void)checks_to_perform; + H3BUGF(infof(data, "msh3_conncheck")); + return CONNRESULT_NONE; +} + +static void msh3_cleanup(struct quicsocket *qs, struct HTTP *stream) +{ + if(stream && stream->recv_buf) { + free(stream->recv_buf); + stream->recv_buf = ZERO_NULL; + msh3_lock_uninitialize(&stream->recv_lock); + } + if(qs->conn) { + MsH3ConnectionClose(qs->conn); + qs->conn = ZERO_NULL; + } + if(qs->api) { + MsH3ApiClose(qs->api); + qs->api = ZERO_NULL; + } +} + +static CURLcode msh3_disconnect(struct Curl_easy *data, + struct connectdata *conn, bool dead_connection) +{ + (void)dead_connection; + H3BUGF(infof(data, "disconnecting (msh3)")); + msh3_cleanup(conn->quic, data->req.p.http); + return CURLE_OK; +} + +void Curl_quic_disconnect(struct Curl_easy *data, struct connectdata *conn, + int tempindex) +{ + if(conn->transport == TRNSPRT_QUIC) { + H3BUGF(infof(data, "disconnecting (curl)")); + msh3_cleanup(&conn->hequic[tempindex], data->req.p.http); + } +} + +/* Requires stream->recv_lock to be held */ +static bool msh3request_ensure_room(struct HTTP *stream, size_t len) +{ + uint8_t *new_recv_buf; + const size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len; + if(cur_recv_len + len > stream->recv_buf_alloc) { + size_t new_recv_buf_alloc_len = stream->recv_buf_alloc; + do { + new_recv_buf_alloc_len <<= 1; /* TODO - handle overflow */ + } while(cur_recv_len + len > new_recv_buf_alloc_len); + new_recv_buf = malloc(new_recv_buf_alloc_len); + if(!new_recv_buf) { + return false; + } + if(cur_recv_len) { + memcpy(new_recv_buf, stream->recv_buf, cur_recv_len); + } + stream->recv_buf_alloc = new_recv_buf_alloc_len; + free(stream->recv_buf); + stream->recv_buf = new_recv_buf; + } + return true; +} + +static void MSH3_CALL msh3_header_received(MSH3_REQUEST *Request, + void *IfContext, + const MSH3_HEADER *Header) +{ + struct HTTP *stream = IfContext; + size_t total_len; + (void)Request; + H3BUGF(printf("* msh3_header_received\n")); + + if(stream->recv_header_complete) { + H3BUGF(printf("* ignoring header after data\n")); + return; + } + + msh3_lock_acquire(&stream->recv_lock); + + if((Header->NameLength == 7) && + !strncmp(H2H3_PSEUDO_STATUS, (char *)Header->Name, 7)) { + total_len = 9 + Header->ValueLength; + if(!msh3request_ensure_room(stream, total_len)) { + /* TODO - handle error */ + goto release_lock; + } + msnprintf((char *)stream->recv_buf + stream->recv_header_len, + stream->recv_buf_alloc - stream->recv_header_len, + "HTTP/3 %.*s\n", (int)Header->ValueLength, Header->Value); + } + else { + total_len = Header->NameLength + 4 + Header->ValueLength; + if(!msh3request_ensure_room(stream, total_len)) { + /* TODO - handle error */ + goto release_lock; + } + msnprintf((char *)stream->recv_buf + stream->recv_header_len, + stream->recv_buf_alloc - stream->recv_header_len, + "%.*s: %.*s\n", + (int)Header->NameLength, Header->Name, + (int)Header->ValueLength, Header->Value); + } + + stream->recv_header_len += total_len - 1; /* don't include null-terminator */ + +release_lock: + msh3_lock_release(&stream->recv_lock); +} + +static void MSH3_CALL msh3_data_received(MSH3_REQUEST *Request, + void *IfContext, uint32_t Length, + const uint8_t *Data) +{ + struct HTTP *stream = IfContext; + size_t cur_recv_len = stream->recv_header_len + stream->recv_data_len; + (void)Request; + H3BUGF(printf("* msh3_data_received %u. %zu buffered, %zu allocated\n", + Length, cur_recv_len, stream->recv_buf_alloc)); + msh3_lock_acquire(&stream->recv_lock); + if(!stream->recv_header_complete) { + H3BUGF(printf("* Headers complete!\n")); + if(!msh3request_ensure_room(stream, 2)) { + /* TODO - handle error */ + goto release_lock; + } + stream->recv_buf[stream->recv_header_len++] = '\r'; + stream->recv_buf[stream->recv_header_len++] = '\n'; + stream->recv_header_complete = true; + cur_recv_len += 2; + } + if(!msh3request_ensure_room(stream, Length)) { + /* TODO - handle error */ + goto release_lock; + } + memcpy(stream->recv_buf + cur_recv_len, Data, Length); + stream->recv_data_len += (size_t)Length; +release_lock: + msh3_lock_release(&stream->recv_lock); +} + +static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, + bool Aborted, uint64_t AbortError) +{ + struct HTTP *stream = IfContext; + (void)Request; + (void)AbortError; + H3BUGF(printf("* msh3_complete, aborted=%s\n", Aborted ? "true" : "false")); + msh3_lock_acquire(&stream->recv_lock); + if(Aborted) { + stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */ + } + stream->recv_header_complete = true; + stream->recv_data_complete = true; + msh3_lock_release(&stream->recv_lock); +} + +static void MSH3_CALL msh3_shutdown(MSH3_REQUEST *Request, void *IfContext) +{ + struct HTTP *stream = IfContext; + (void)Request; + (void)stream; +} + +static_assert(sizeof(MSH3_HEADER) == sizeof(struct h2h3pseudo), + "Sizes must match for cast below to work"); + +static ssize_t msh3_stream_send(struct Curl_easy *data, + int sockindex, + const void *mem, + size_t len, + CURLcode *curlcode) +{ + struct connectdata *conn = data->conn; + struct HTTP *stream = data->req.p.http; + struct quicsocket *qs = conn->quic; + struct h2h3req *hreq; + + (void)sockindex; + H3BUGF(infof(data, "msh3_stream_send %zu", len)); + + if(!stream->req) { + *curlcode = Curl_pseudo_headers(data, mem, len, &hreq); + if(*curlcode) { + failf(data, "Curl_pseudo_headers failed"); + return -1; + } + H3BUGF(infof(data, "starting request with %zu headers", hreq->entries)); + stream->req = MsH3RequestOpen(qs->conn, &msh3_request_if, stream, + (MSH3_HEADER*)hreq->header, hreq->entries); + Curl_pseudo_free(hreq); + if(!stream->req) { + failf(data, "request open failed"); + *curlcode = CURLE_SEND_ERROR; + return -1; + } + *curlcode = CURLE_OK; + return len; + } + H3BUGF(infof(data, "send %zd body bytes on request %p", len, + (void *)stream->req)); + *curlcode = CURLE_SEND_ERROR; + return -1; +} + +static ssize_t msh3_stream_recv(struct Curl_easy *data, + int sockindex, + char *buf, + size_t buffersize, + CURLcode *curlcode) +{ + struct HTTP *stream = data->req.p.http; + size_t outsize = 0; + (void)sockindex; + H3BUGF(infof(data, "msh3_stream_recv %zu", buffersize)); + + if(stream->recv_error) { + failf(data, "request aborted"); + *curlcode = stream->recv_error; + return -1; + } + + msh3_lock_acquire(&stream->recv_lock); + + if(stream->recv_header_len) { + outsize = buffersize; + if(stream->recv_header_len < outsize) { + outsize = stream->recv_header_len; + } + memcpy(buf, stream->recv_buf, outsize); + if(outsize < stream->recv_header_len + stream->recv_data_len) { + memmove(stream->recv_buf, stream->recv_buf + outsize, + stream->recv_header_len + stream->recv_data_len - outsize); + } + stream->recv_header_len -= outsize; + H3BUGF(infof(data, "returned %zu bytes of headers", outsize)); + } + else if(stream->recv_data_len) { + outsize = buffersize; + if(stream->recv_data_len < outsize) { + outsize = stream->recv_data_len; + } + memcpy(buf, stream->recv_buf, outsize); + if(outsize < stream->recv_data_len) { + memmove(stream->recv_buf, stream->recv_buf + outsize, + stream->recv_data_len - outsize); + } + stream->recv_data_len -= outsize; + H3BUGF(infof(data, "returned %zu bytes of data", outsize)); + } + else if(stream->recv_data_complete) { + H3BUGF(infof(data, "receive complete")); + } + + msh3_lock_release(&stream->recv_lock); + + return (ssize_t)outsize; +} + +CURLcode Curl_quic_done_sending(struct Curl_easy *data) +{ + struct connectdata *conn = data->conn; + H3BUGF(infof(data, "Curl_quic_done_sending")); + if(conn->handler == &msh3_curl_handler_http3) { + struct HTTP *stream = data->req.p.http; + stream->upload_done = TRUE; + } + + return CURLE_OK; +} + +void Curl_quic_done(struct Curl_easy *data, bool premature) +{ + (void)data; + (void)premature; + H3BUGF(infof(data, "Curl_quic_done")); +} + +bool Curl_quic_data_pending(const struct Curl_easy *data) +{ + struct HTTP *stream = data->req.p.http; + H3BUGF(infof((struct Curl_easy *)data, "Curl_quic_data_pending")); + return stream->recv_header_len || stream->recv_data_len; +} + +#endif /* USE_MSH3 */ diff --git a/libs/libcurl/src/vtls/mesalink.h b/libs/libcurl/src/vquic/msh3.h index 03f520c1dc..bacdcb1321 100644 --- a/libs/libcurl/src/vtls/mesalink.h +++ b/libs/libcurl/src/vquic/msh3.h @@ -1,5 +1,5 @@ -#ifndef HEADER_CURL_MESALINK_H -#define HEADER_CURL_MESALINK_H +#ifndef HEADER_CURL_VQUIC_MSH3_H +#define HEADER_CURL_VQUIC_MSH3_H /*************************************************************************** * _ _ ____ _ * Project ___| | | | _ \| | @@ -7,8 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017 - 2018, Yiming Jing, <jingyiming@baidu.com> - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,11 +21,18 @@ * KIND, either express or implied. * ***************************************************************************/ + #include "curl_setup.h" -#ifdef USE_MESALINK +#ifdef USE_MSH3 + +#include <msh3.h> + +struct quicsocket { + MSH3_API* api; + MSH3_CONNECTION* conn; +}; -extern const struct Curl_ssl Curl_ssl_mesalink; +#endif /* USE_MSQUIC */ -#endif /* USE_MESALINK */ -#endif /* HEADER_CURL_MESALINK_H */ +#endif /* HEADER_CURL_VQUIC_MSH3_H */ diff --git a/libs/libcurl/src/vquic/ngtcp2.c b/libs/libcurl/src/vquic/ngtcp2.c index 1596049b77..f1a64eea85 100644 --- a/libs/libcurl/src/vquic/ngtcp2.c +++ b/libs/libcurl/src/vquic/ngtcp2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -45,7 +45,9 @@ #include "strerror.h" #include "dynbuf.h" #include "vquic.h" +#include "h2h3.h" #include "vtls/keylog.h" +#include "vtls/vtls.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -71,7 +73,7 @@ * the far end, then start over at index 0 again. */ -#define H3_SEND_SIZE (20*1024) +#define H3_SEND_SIZE (256*1024) struct h3out { uint8_t buf[H3_SEND_SIZE]; size_t used; /* number of bytes used in the buffer */ @@ -81,7 +83,7 @@ struct h3out { #define QUIC_MAX_STREAMS (256*1024) #define QUIC_MAX_DATA (1*1024*1024) -#define QUIC_IDLE_TIMEOUT 60000 /* milliseconds */ +#define QUIC_IDLE_TIMEOUT (60*NGTCP2_SECONDS) #ifdef USE_OPENSSL #define QUIC_CIPHERS \ @@ -262,6 +264,7 @@ static SSL_QUIC_METHOD quic_method = {quic_set_encryption_secrets, static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) { + struct connectdata *conn = data->conn; SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method()); SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); @@ -289,12 +292,11 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); } - { - struct connectdata *conn = data->conn; + if(conn->ssl_config.verifypeer) { const char * const ssl_cafile = conn->ssl_config.CAfile; const char * const ssl_capath = conn->ssl_config.CApath; - if(conn->ssl_config.verifypeer) { + if(ssl_cafile || ssl_capath) { SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); /* tell OpenSSL where to find CA certificates that are used to verify the server's certificate. */ @@ -309,10 +311,36 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); } +#ifdef CURL_CA_FALLBACK + else { + /* verifying the peer without any CA certificates won't work so + use openssl's built-in default as fallback */ + SSL_CTX_set_default_verify_paths(ssl_ctx); + } +#endif } return ssl_ctx; } +static CURLcode quic_set_client_cert(struct Curl_easy *data, + struct quicsocket *qs) +{ + struct connectdata *conn = data->conn; + SSL_CTX *ssl_ctx = qs->sslctx; + char *const ssl_cert = SSL_SET_OPTION(primary.clientcert); + const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); + const char *const ssl_cert_type = SSL_SET_OPTION(cert_type); + + if(ssl_cert || ssl_cert_blob || ssl_cert_type) { + return Curl_ossl_set_client_cert( + data, ssl_ctx, ssl_cert, ssl_cert_blob, ssl_cert_type, + SSL_SET_OPTION(key), SSL_SET_OPTION(key_blob), + SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd)); + } + + return CURLE_OK; +} + /** SSL callbacks ***/ static int quic_init_ssl(struct quicsocket *qs) @@ -743,7 +771,8 @@ static ngtcp2_callbacks ng_callbacks = { NULL, /* ack_datagram */ NULL, /* lost_datagram */ ngtcp2_crypto_get_path_challenge_data_cb, - cb_stream_stop_sending + cb_stream_stop_sending, + NULL, /* version_negotiation */ }; /* @@ -785,6 +814,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, qs->sslctx = quic_ssl_ctx(data); if(!qs->sslctx) return CURLE_QUIC_CONNECT_ERROR; + + result = quic_set_client_cert(data, qs); + if(result) + return result; #endif if(quic_init_ssl(qs)) @@ -841,6 +874,8 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn, { struct SingleRequest *k = &data->req; int bitmap = GETSOCK_BLANK; + struct HTTP *stream = data->req.p.http; + struct quicsocket *qs = conn->quic; socks[0] = conn->sock[FIRSTSOCKET]; @@ -849,7 +884,11 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn, bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); /* we're still uploading or the HTTP/2 layer wants to send data */ - if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) + if((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND && + (!stream->h3out || stream->h3out->used < H3_SEND_SIZE) && + ngtcp2_conn_get_cwnd_left(qs->qconn) && + ngtcp2_conn_get_max_data_left(qs->qconn) && + nghttp3_conn_is_stream_writable(qs->h3conn, stream->stream3_id)) bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); return bitmap; @@ -857,8 +896,26 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn, static void qs_disconnect(struct quicsocket *qs) { + char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE]; + ngtcp2_tstamp ts; + ngtcp2_ssize rc; + ngtcp2_connection_close_error errorcode; + if(!qs->conn) /* already closed */ return; + ngtcp2_connection_close_error_set_application_error(&errorcode, + NGHTTP3_H3_NO_ERROR, + NULL, 0); + ts = timestamp(); + rc = ngtcp2_conn_write_connection_close(qs->qconn, NULL, /* path */ + NULL, /* pkt_info */ + (uint8_t *)buffer, sizeof(buffer), + &errorcode, ts); + if(rc > 0) { + while((send(qs->conn->sock[FIRSTSOCKET], buffer, rc, 0) == -1) && + SOCKERRNO == EINTR); + } + qs->conn = NULL; if(qs->qlogfd != -1) { close(qs->qlogfd); @@ -1043,7 +1100,7 @@ static int decode_status_code(const uint8_t *value, size_t len) } static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, - void *user_data, void *stream_user_data) + int fin, void *user_data, void *stream_user_data) { struct Curl_easy *data = stream_user_data; struct HTTP *stream = data->req.p.http; @@ -1051,6 +1108,7 @@ static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, (void)conn; (void)stream_id; (void)user_data; + (void)fin; /* add a CRLF only if we've received some headers */ if(stream->firstheader) { @@ -1078,8 +1136,7 @@ static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, (void)flags; (void)user_data; - if(h3name.len == sizeof(":status") - 1 && - !memcmp(":status", h3name.base, h3name.len)) { + if(token == NGHTTP3_QPACK_TOKEN__STATUS) { char line[14]; /* status line is always 13 characters long */ size_t ncopy; int status = decode_status_code(h3val.base, h3val.len); @@ -1218,6 +1275,8 @@ static size_t drain_overflow_buffer(struct HTTP *stream) if(ncopy != overlen) /* make the buffer only keep the tail */ (void)Curl_dyn_tail(&stream->overflow, overlen - ncopy); + else + Curl_dyn_reset(&stream->overflow); } return ncopy; } @@ -1329,6 +1388,10 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id, return 1; } + if(stream->upload_len && H3_SEND_SIZE <= stream->h3out->used) { + return NGHTTP3_ERR_WOULDBLOCK; + } + nread = CURLMIN(stream->upload_len, H3_SEND_SIZE - stream->h3out->used); if(nread > 0) { /* nghttp3 wants us to hold on to the data until it tells us it is okay to @@ -1363,7 +1426,7 @@ static ssize_t cb_h3_readfunction(nghttp3_conn *conn, int64_t stream_id, } if(stream->upload_done && !stream->upload_len && (stream->upload_left <= 0)) { - H3BUGF(infof(data, "!!!!!!!!! cb_h3_readfunction sets EOF")); + H3BUGF(infof(data, "cb_h3_readfunction sets EOF")); *pflags = NGHTTP3_DATA_FLAG_EOF; return nread ? 1 : 0; } @@ -1383,16 +1446,13 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, struct connectdata *conn = data->conn; struct HTTP *stream = data->req.p.http; size_t nheader; - size_t i; - size_t authority_idx; - char *hdbuf = (char *)mem; - char *end, *line_end; struct quicsocket *qs = conn->quic; CURLcode result = CURLE_OK; nghttp3_nv *nva = NULL; int64_t stream3_id; int rc; struct h3out *h3out = NULL; + struct h2h3req *hreq = NULL; rc = ngtcp2_conn_open_bidi_stream(qs->qconn, &stream3_id, NULL); if(rc) { @@ -1405,158 +1465,23 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, stream->h3req = TRUE; /* senf off! */ Curl_dyn_init(&stream->overflow, CURL_MAX_READ_SIZE); - /* Calculate number of headers contained in [mem, mem + len). Assumes a - correctly generated HTTP header field block. */ - nheader = 0; - for(i = 1; i < len; ++i) { - if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { - ++nheader; - ++i; - } - } - if(nheader < 2) + result = Curl_pseudo_headers(data, mem, len, &hreq); + if(result) goto fail; + nheader = hreq->entries; - /* We counted additional 2 \r\n in the first and last line. We need 3 - new headers: :method, :path and :scheme. Therefore we need one - more space. */ - nheader += 1; nva = malloc(sizeof(nghttp3_nv) * nheader); if(!nva) { result = CURLE_OUT_OF_MEMORY; goto fail; } - - /* Extract :method, :path from request line - We do line endings with CRLF so checking for CR is enough */ - line_end = memchr(hdbuf, '\r', len); - if(!line_end) { - result = CURLE_BAD_FUNCTION_ARGUMENT; /* internal error */ - goto fail; - } - - /* Method does not contain spaces */ - end = memchr(hdbuf, ' ', line_end - hdbuf); - if(!end || end == hdbuf) - goto fail; - nva[0].name = (unsigned char *)":method"; - nva[0].namelen = strlen((char *)nva[0].name); - nva[0].value = (unsigned char *)hdbuf; - nva[0].valuelen = (size_t)(end - hdbuf); - nva[0].flags = NGHTTP3_NV_FLAG_NONE; - - hdbuf = end + 1; - - /* Path may contain spaces so scan backwards */ - end = NULL; - for(i = (size_t)(line_end - hdbuf); i; --i) { - if(hdbuf[i - 1] == ' ') { - end = &hdbuf[i - 1]; - break; - } - } - if(!end || end == hdbuf) - goto fail; - nva[1].name = (unsigned char *)":path"; - nva[1].namelen = strlen((char *)nva[1].name); - nva[1].value = (unsigned char *)hdbuf; - nva[1].valuelen = (size_t)(end - hdbuf); - nva[1].flags = NGHTTP3_NV_FLAG_NONE; - - nva[2].name = (unsigned char *)":scheme"; - nva[2].namelen = strlen((char *)nva[2].name); - if(conn->handler->flags & PROTOPT_SSL) - nva[2].value = (unsigned char *)"https"; - else - nva[2].value = (unsigned char *)"http"; - nva[2].valuelen = strlen((char *)nva[2].value); - nva[2].flags = NGHTTP3_NV_FLAG_NONE; - - - authority_idx = 0; - i = 3; - while(i < nheader) { - size_t hlen; - - hdbuf = line_end + 2; - - /* check for next CR, but only within the piece of data left in the given - buffer */ - line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); - if(!line_end || (line_end == hdbuf)) - goto fail; - - /* header continuation lines are not supported */ - if(*hdbuf == ' ' || *hdbuf == '\t') - goto fail; - - for(end = hdbuf; end < line_end && *end != ':'; ++end) - ; - if(end == hdbuf || end == line_end) - goto fail; - hlen = end - hdbuf; - - if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { - authority_idx = i; - nva[i].name = (unsigned char *)":authority"; - nva[i].namelen = strlen((char *)nva[i].name); - } - else { - nva[i].namelen = (size_t)(end - hdbuf); - /* Lower case the header name for HTTP/3 */ - Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen); - nva[i].name = (unsigned char *)hdbuf; - } - nva[i].flags = NGHTTP3_NV_FLAG_NONE; - hdbuf = end + 1; - while(*hdbuf == ' ' || *hdbuf == '\t') - ++hdbuf; - end = line_end; - -#if 0 /* This should probably go in more or less like this */ - switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, - end - hdbuf)) { - case HEADERINST_IGNORE: - /* skip header fields prohibited by HTTP/2 specification. */ - --nheader; - continue; - case HEADERINST_TE_TRAILERS: - nva[i].value = (uint8_t*)"trailers"; - nva[i].value_len = sizeof("trailers") - 1; - break; - default: - nva[i].value = (unsigned char *)hdbuf; - nva[i].value_len = (size_t)(end - hdbuf); - } -#endif - nva[i].value = (unsigned char *)hdbuf; - nva[i].valuelen = (size_t)(end - hdbuf); - nva[i].flags = NGHTTP3_NV_FLAG_NONE; - - ++i; - } - - /* :authority must come before non-pseudo header fields */ - if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { - nghttp3_nv authority = nva[authority_idx]; - for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { - nva[i] = nva[i - 1]; - } - nva[i] = authority; - } - - /* Warn stream may be rejected if cumulative length of headers is too - large. */ -#define MAX_ACC 60000 /* <64KB to account for some overhead */ - { - size_t acc = 0; - for(i = 0; i < nheader; ++i) - acc += nva[i].namelen + nva[i].valuelen; - - if(acc > MAX_ACC) { - infof(data, "http_request: Warning: The cumulative length of all " - "headers exceeds %d bytes and that could cause the " - "stream to be rejected.", MAX_ACC); + else { + unsigned int i; + for(i = 0; i < nheader; i++) { + nva[i].name = (unsigned char *)hreq->header[i].name; + nva[i].namelen = hreq->header[i].namelen; + nva[i].value = (unsigned char *)hreq->header[i].value; + nva[i].valuelen = hreq->header[i].valuelen; } } @@ -1605,10 +1530,12 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, infof(data, "Using HTTP/3 Stream ID: %x (easy handle %p)", stream3_id, (void *)data); + Curl_pseudo_free(hreq); return CURLE_OK; fail: free(nva); + Curl_pseudo_free(hreq); return result; } static ssize_t ngh3_stream_send(struct Curl_easy *data, @@ -1617,7 +1544,7 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, size_t len, CURLcode *curlcode) { - ssize_t sent; + ssize_t sent = 0; struct connectdata *conn = data->conn; struct quicsocket *qs = conn->quic; curl_socket_t sockfd = conn->sock[sockindex]; @@ -1629,6 +1556,9 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, *curlcode = CURLE_SEND_ERROR; return -1; } + /* Assume that mem of length len only includes HTTP/1.1 style + header fields. In other words, it does not contain request + body. */ sent = len; } else { @@ -1638,7 +1568,6 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, stream->upload_mem = mem; stream->upload_len = len; (void)nghttp3_conn_resume_stream(qs->h3conn, stream->stream3_id); - sent = len; } else { *curlcode = CURLE_AGAIN; @@ -1653,8 +1582,20 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, /* Reset post upload buffer after resumed. */ if(stream->upload_mem) { + if(data->set.postfields) { + sent = len; + } + else { + sent = len - stream->upload_len; + } + stream->upload_mem = NULL; stream->upload_len = 0; + + if(sent == 0) { + *curlcode = CURLE_AGAIN; + return -1; + } } *curlcode = CURLE_OK; @@ -1676,7 +1617,6 @@ static CURLcode ng_has_connected(struct Curl_easy *data, if(conn->ssl_config.verifyhost) { #ifdef USE_OPENSSL X509 *server_cert; - CURLcode result; server_cert = SSL_get_peer_certificate(conn->quic->ssl); if(!server_cert) { return CURLE_PEER_FAILED_VERIFICATION; @@ -1786,7 +1726,6 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, uint8_t out[NGTCP2_MAX_UDP_PAYLOAD_SIZE]; ngtcp2_path_storage ps; ngtcp2_tstamp ts = timestamp(); - struct sockaddr_storage remote_addr; ngtcp2_tstamp expiry; ngtcp2_duration timeout; int64_t stream_id; @@ -1875,7 +1814,6 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, } } - memcpy(&remote_addr, ps.path.remote.addr, ps.path.remote.addrlen); while((sent = send(sockfd, (const char *)out, outlen, 0)) == -1 && SOCKERRNO == EINTR) ; @@ -1896,10 +1834,13 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, expiry = ngtcp2_conn_get_expiry(qs->qconn); if(expiry != UINT64_MAX) { if(expiry <= ts) { - timeout = NGTCP2_MILLISECONDS; + timeout = 0; } else { timeout = expiry - ts; + if(timeout % NGTCP2_MILLISECONDS) { + timeout += NGTCP2_MILLISECONDS; + } } Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC); } @@ -1935,6 +1876,7 @@ void Curl_quic_done(struct Curl_easy *data, bool premature) /* only for HTTP/3 transfers */ struct HTTP *stream = data->req.p.http; Curl_dyn_free(&stream->overflow); + free(stream->h3out); } } diff --git a/libs/libcurl/src/vquic/quiche.c b/libs/libcurl/src/vquic/quiche.c index f7577605c0..bfdc966a85 100644 --- a/libs/libcurl/src/vquic/quiche.c +++ b/libs/libcurl/src/vquic/quiche.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,6 +25,7 @@ #ifdef USE_QUICHE #include <quiche.h> #include <openssl/err.h> +#include <openssl/ssl.h> #include "urldata.h" #include "sendf.h" #include "strdup.h" @@ -35,6 +36,10 @@ #include "connect.h" #include "strerror.h" #include "vquic.h" +#include "transfer.h" +#include "h2h3.h" +#include "vtls/openssl.h" +#include "vtls/keylog.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -172,6 +177,68 @@ static void quiche_debug_log(const char *line, void *argp) } #endif +static void keylog_callback(const SSL *ssl, const char *line) +{ + (void)ssl; + Curl_tls_keylog_write_line(line); +} + +static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) +{ + SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method()); + + SSL_CTX_set_alpn_protos(ssl_ctx, + (const uint8_t *)QUICHE_H3_APPLICATION_PROTOCOL, + sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1); + + SSL_CTX_set_default_verify_paths(ssl_ctx); + + /* Open the file if a TLS or QUIC backend has not done this before. */ + Curl_tls_keylog_open(); + if(Curl_tls_keylog_enabled()) { + SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); + } + + { + struct connectdata *conn = data->conn; + const char * const ssl_cafile = conn->ssl_config.CAfile; + const char * const ssl_capath = conn->ssl_config.CApath; + + if(conn->ssl_config.verifypeer) { + SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); + /* tell OpenSSL where to find CA certificates that are used to verify + the server's certificate. */ + if(!SSL_CTX_load_verify_locations(ssl_ctx, ssl_cafile, ssl_capath)) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", + ssl_cafile ? ssl_cafile : "none", + ssl_capath ? ssl_capath : "none"); + return NULL; + } + infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); + infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); + } + } + return ssl_ctx; +} + +static int quic_init_ssl(struct quicsocket *qs, struct connectdata *conn) +{ + /* this will need some attention when HTTPS proxy over QUIC get fixed */ + const char * const hostname = conn->host.name; + + DEBUGASSERT(!qs->ssl); + qs->ssl = SSL_new(qs->sslctx); + + SSL_set_app_data(qs->ssl, qs); + + /* set SNI */ + SSL_set_tlsext_host_name(qs->ssl, hostname); + return 0; +} + + CURLcode Curl_quic_connect(struct Curl_easy *data, struct connectdata *conn, curl_socket_t sockfd, int sockindex, @@ -179,7 +246,6 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, { CURLcode result; struct quicsocket *qs = &conn->hequic[sockindex]; - char *keylog_file = NULL; char ipbuf[40]; int port; @@ -216,25 +282,25 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1); + qs->sslctx = quic_ssl_ctx(data); + if(!qs->sslctx) + return CURLE_QUIC_CONNECT_ERROR; + + if(quic_init_ssl(qs, conn)) + return CURLE_QUIC_CONNECT_ERROR; + result = Curl_rand(data, qs->scid, sizeof(qs->scid)); if(result) return result; - keylog_file = getenv("SSLKEYLOGFILE"); - - if(keylog_file) - quiche_config_log_keys(qs->cfg); - - qs->conn = quiche_connect(conn->host.name, (const uint8_t *) qs->scid, - sizeof(qs->scid), addr, addrlen, qs->cfg); + qs->conn = quiche_conn_new_with_tls((const uint8_t *) qs->scid, + sizeof(qs->scid), NULL, 0, addr, addrlen, + qs->cfg, qs->ssl, false); if(!qs->conn) { failf(data, "can't create quiche connection"); return CURLE_OUT_OF_MEMORY; } - if(keylog_file) - quiche_conn_set_keylog_path(qs->conn, keylog_file); - /* Known to not work on Windows */ #if !defined(WIN32) && defined(HAVE_QUICHE_CONN_SET_QLOG_FD) { @@ -284,7 +350,8 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, return CURLE_OK; } -static CURLcode quiche_has_connected(struct connectdata *conn, +static CURLcode quiche_has_connected(struct Curl_easy *data, + struct connectdata *conn, int sockindex, int tempindex) { @@ -298,6 +365,21 @@ static CURLcode quiche_has_connected(struct connectdata *conn, conn->httpversion = 30; conn->bundle->multiuse = BUNDLE_MULTIPLEX; + if(conn->ssl_config.verifyhost) { + X509 *server_cert; + server_cert = SSL_get_peer_certificate(qs->ssl); + if(!server_cert) { + return CURLE_PEER_FAILED_VERIFICATION; + } + result = Curl_ossl_verifyhost(data, conn, server_cert); + X509_free(server_cert); + if(result) + return result; + infof(data, "Verified certificate just fine"); + } + else + infof(data, "Skipped certificate verification"); + qs->h3config = quiche_h3_config_new(); if(!qs->h3config) return CURLE_OUT_OF_MEMORY; @@ -344,8 +426,8 @@ CURLcode Curl_quic_is_connected(struct Curl_easy *data, if(quiche_conn_is_established(qs->conn)) { *done = TRUE; - result = quiche_has_connected(conn, 0, sockindex); - DEBUGF(infof(data, "quiche established connection!")); + result = quiche_has_connected(data, conn, 0, sockindex); + DEBUGF(infof(data, "quiche established connection")); } return result; @@ -392,7 +474,18 @@ static CURLcode process_ingress(struct Curl_easy *data, int sockfd, break; if(recvd < 0) { + if(QUICHE_ERR_TLS_FAIL == recvd) { + long verify_ok = SSL_get_verify_result(qs->ssl); + if(verify_ok != X509_V_OK) { + failf(data, "SSL certificate problem: %s", + X509_verify_cert_error_string(verify_ok)); + + return CURLE_PEER_FAILED_VERIFICATION; + } + } + failf(data, "quiche_conn_recv() == %zd", recvd); + return CURLE_RECV_ERROR; } } while(1); @@ -451,7 +544,7 @@ static int cb_each_header(uint8_t *name, size_t name_len, struct h3h1header *headers = (struct h3h1header *)argp; size_t olen = 0; - if((name_len == 7) && !strncmp(":status", (char *)name, 7)) { + if((name_len == 7) && !strncmp(H2H3_PSEUDO_STATUS, (char *)name, 7)) { msnprintf(headers->dest, headers->destlen, "HTTP/3 %.*s\n", (int) value_len, value); @@ -496,6 +589,19 @@ static ssize_t h3_stream_recv(struct Curl_easy *data, return -1; } + if(qs->h3_recving) { + /* body receiving state */ + rcode = quiche_h3_recv_body(qs->h3c, qs->conn, stream->stream3_id, + (unsigned char *)buf, buffersize); + if(rcode <= 0) { + recvd = -1; + qs->h3_recving = FALSE; + /* fall through into the while loop below */ + } + else + recvd = rcode; + } + while(recvd < 0) { int64_t s = quiche_h3_conn_poll(qs->h3c, qs->conn, &ev); if(s < 0) @@ -537,9 +643,15 @@ static ssize_t h3_stream_recv(struct Curl_easy *data, recvd = -1; break; } + qs->h3_recving = TRUE; recvd += rcode; break; + case QUICHE_H3_EVENT_RESET: + streamclose(conn, "Stream reset"); + *curlcode = CURLE_PARTIAL_FILE; + return -1; + case QUICHE_H3_EVENT_FINISHED: streamclose(conn, "End of stream"); recvd = 0; /* end of stream */ @@ -585,10 +697,12 @@ static ssize_t h3_stream_send(struct Curl_easy *data, sent = len; } else { - H3BUGF(infof(data, "Pass on %zd body bytes to quiche", len)); sent = quiche_h3_send_body(qs->h3c, qs->conn, stream->stream3_id, (uint8_t *)mem, len, FALSE); - if(sent < 0) { + if(sent == QUICHE_H3_ERR_DONE) { + sent = 0; + } + else if(sent < 0) { *curlcode = CURLE_SEND_ERROR; return -1; } @@ -618,175 +732,34 @@ void Curl_quic_ver(char *p, size_t len) static CURLcode http_request(struct Curl_easy *data, const void *mem, size_t len) { - /* - */ struct connectdata *conn = data->conn; struct HTTP *stream = data->req.p.http; size_t nheader; - size_t i; - size_t authority_idx; - char *hdbuf = (char *)mem; - char *end, *line_end; int64_t stream3_id; quiche_h3_header *nva = NULL; struct quicsocket *qs = conn->quic; CURLcode result = CURLE_OK; + struct h2h3req *hreq = NULL; stream->h3req = TRUE; /* senf off! */ - /* Calculate number of headers contained in [mem, mem + len). Assumes a - correctly generated HTTP header field block. */ - nheader = 0; - for(i = 1; i < len; ++i) { - if(hdbuf[i] == '\n' && hdbuf[i - 1] == '\r') { - ++nheader; - ++i; - } - } - if(nheader < 2) + result = Curl_pseudo_headers(data, mem, len, &hreq); + if(result) goto fail; + nheader = hreq->entries; - /* We counted additional 2 \r\n in the first and last line. We need 3 - new headers: :method, :path and :scheme. Therefore we need one - more space. */ - nheader += 1; nva = malloc(sizeof(quiche_h3_header) * nheader); if(!nva) { result = CURLE_OUT_OF_MEMORY; goto fail; } - - /* Extract :method, :path from request line - We do line endings with CRLF so checking for CR is enough */ - line_end = memchr(hdbuf, '\r', len); - if(!line_end) { - result = CURLE_BAD_FUNCTION_ARGUMENT; /* internal error */ - goto fail; - } - - /* Method does not contain spaces */ - end = memchr(hdbuf, ' ', line_end - hdbuf); - if(!end || end == hdbuf) - goto fail; - nva[0].name = (unsigned char *)":method"; - nva[0].name_len = strlen((char *)nva[0].name); - nva[0].value = (unsigned char *)hdbuf; - nva[0].value_len = (size_t)(end - hdbuf); - - hdbuf = end + 1; - - /* Path may contain spaces so scan backwards */ - end = NULL; - for(i = (size_t)(line_end - hdbuf); i; --i) { - if(hdbuf[i - 1] == ' ') { - end = &hdbuf[i - 1]; - break; - } - } - if(!end || end == hdbuf) - goto fail; - nva[1].name = (unsigned char *)":path"; - nva[1].name_len = strlen((char *)nva[1].name); - nva[1].value = (unsigned char *)hdbuf; - nva[1].value_len = (size_t)(end - hdbuf); - - nva[2].name = (unsigned char *)":scheme"; - nva[2].name_len = strlen((char *)nva[2].name); - if(conn->handler->flags & PROTOPT_SSL) - nva[2].value = (unsigned char *)"https"; - else - nva[2].value = (unsigned char *)"http"; - nva[2].value_len = strlen((char *)nva[2].value); - - - authority_idx = 0; - i = 3; - while(i < nheader) { - size_t hlen; - - hdbuf = line_end + 2; - - /* check for next CR, but only within the piece of data left in the given - buffer */ - line_end = memchr(hdbuf, '\r', len - (hdbuf - (char *)mem)); - if(!line_end || (line_end == hdbuf)) - goto fail; - - /* header continuation lines are not supported */ - if(*hdbuf == ' ' || *hdbuf == '\t') - goto fail; - - for(end = hdbuf; end < line_end && *end != ':'; ++end) - ; - if(end == hdbuf || end == line_end) - goto fail; - hlen = end - hdbuf; - - if(hlen == 4 && strncasecompare("host", hdbuf, 4)) { - authority_idx = i; - nva[i].name = (unsigned char *)":authority"; - nva[i].name_len = strlen((char *)nva[i].name); - } - else { - nva[i].name_len = (size_t)(end - hdbuf); - /* Lower case the header name for HTTP/3 */ - Curl_strntolower((char *)hdbuf, hdbuf, nva[i].name_len); - nva[i].name = (unsigned char *)hdbuf; - } - hdbuf = end + 1; - while(*hdbuf == ' ' || *hdbuf == '\t') - ++hdbuf; - end = line_end; - -#if 0 /* This should probably go in more or less like this */ - switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf, - end - hdbuf)) { - case HEADERINST_IGNORE: - /* skip header fields prohibited by HTTP/2 specification. */ - --nheader; - continue; - case HEADERINST_TE_TRAILERS: - nva[i].value = (uint8_t*)"trailers"; - nva[i].value_len = sizeof("trailers") - 1; - break; - default: - nva[i].value = (unsigned char *)hdbuf; - nva[i].value_len = (size_t)(end - hdbuf); - } -#endif - nva[i].value = (unsigned char *)hdbuf; - nva[i].value_len = (size_t)(end - hdbuf); - - ++i; - } - - /* :authority must come before non-pseudo header fields */ - if(authority_idx && authority_idx != AUTHORITY_DST_IDX) { - quiche_h3_header authority = nva[authority_idx]; - for(i = authority_idx; i > AUTHORITY_DST_IDX; --i) { - nva[i] = nva[i - 1]; - } - nva[i] = authority; - } - - /* Warn stream may be rejected if cumulative length of headers is too - large. */ -#define MAX_ACC 60000 /* <64KB to account for some overhead */ - { - size_t acc = 0; - - for(i = 0; i < nheader; ++i) { - acc += nva[i].name_len + nva[i].value_len; - - H3BUGF(infof(data, "h3 [%.*s: %.*s]", - nva[i].name_len, nva[i].name, - nva[i].value_len, nva[i].value)); - } - - if(acc > MAX_ACC) { - infof(data, "http_request: Warning: The cumulative length of all " - "headers exceeds %d bytes and that could cause the " - "stream to be rejected.", MAX_ACC); + else { + unsigned int i; + for(i = 0; i < nheader; i++) { + nva[i].name = (unsigned char *)hreq->header[i].name; + nva[i].name_len = hreq->header[i].namelen; + nva[i].value = (unsigned char *)hreq->header[i].value; + nva[i].value_len = hreq->header[i].valuelen; } } @@ -808,7 +781,7 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, (uint8_t *)data->set.postfields, stream->upload_left, TRUE); if(sent <= 0) { - failf(data, "quiche_h3_send_body failed!"); + failf(data, "quiche_h3_send_body failed"); result = CURLE_SEND_ERROR; } stream->upload_left = 0; /* nothing left to send */ @@ -833,10 +806,12 @@ static CURLcode http_request(struct Curl_easy *data, const void *mem, stream3_id, (void *)data); stream->stream3_id = stream3_id; + Curl_pseudo_free(hreq); return CURLE_OK; fail: free(nva); + Curl_pseudo_free(hreq); return result; } diff --git a/libs/libcurl/src/vquic/quiche.h b/libs/libcurl/src/vquic/quiche.h index d311e99887..759a20bbac 100644 --- a/libs/libcurl/src/vquic/quiche.h +++ b/libs/libcurl/src/vquic/quiche.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -27,6 +27,7 @@ #ifdef USE_QUICHE #include <quiche.h> +#include <openssl/ssl.h> struct quic_handshake { char *buf; /* pointer to the buffer */ @@ -43,6 +44,9 @@ struct quicsocket { uint8_t scid[QUICHE_MAX_CONN_ID_LEN]; curl_socket_t sockfd; uint32_t version; + SSL_CTX *sslctx; + SSL *ssl; + bool h3_recving; /* TRUE when in h3-body-reading state */ }; #endif diff --git a/libs/libcurl/src/vquic/vquic.c b/libs/libcurl/src/vquic/vquic.c index 7c0cc6df2a..be2a65f454 100644 --- a/libs/libcurl/src/vquic/vquic.c +++ b/libs/libcurl/src/vquic/vquic.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -67,7 +67,7 @@ CURLcode Curl_qlogdir(struct Curl_easy *data, result = Curl_dyn_add(&fname, hex); } if(!result) - result = Curl_dyn_add(&fname, ".qlog"); + result = Curl_dyn_add(&fname, ".sqlog"); if(!result) { int qlogfd = open(Curl_dyn_ptr(&fname), QLOGMODE, diff --git a/libs/libcurl/src/vquic/vquic.h b/libs/libcurl/src/vquic/vquic.h index eb8a893d92..3df138f10e 100644 --- a/libs/libcurl/src/vquic/vquic.h +++ b/libs/libcurl/src/vquic/vquic.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms diff --git a/libs/libcurl/src/vssh/libssh.c b/libs/libcurl/src/vssh/libssh.c index 3e317e87c9..7bf2b04176 100644 --- a/libs/libcurl/src/vssh/libssh.c +++ b/libs/libcurl/src/vssh/libssh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2017 - 2021 Red Hat, Inc. + * Copyright (C) 2017 - 2022 Red Hat, Inc. * * Authors: Nikos Mavrogiannopoulos, Tomas Mraz, Stanislav Zidek, * Robert Kolcun, Andreas Schneider @@ -32,10 +32,6 @@ #include <libssh/libssh.h> #include <libssh/sftp.h> -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif - #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> #endif @@ -81,18 +77,22 @@ #include "multiif.h" #include "select.h" #include "warnless.h" +#include "curl_path.h" -/* for permission and open flags */ -#include <sys/types.h> +#ifdef HAVE_SYS_STAT_H #include <sys/stat.h> +#endif +#ifdef HAVE_UNISTD_H #include <unistd.h> +#endif +#ifdef HAVE_FCNTL_H #include <fcntl.h> +#endif /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" -#include "curl_path.h" /* A recent macro provided by libssh. Or make our own. */ #ifndef SSH_STRING_FREE_CHAR @@ -105,6 +105,14 @@ } while(0) #endif +/* These stat values may not be the same as the user's S_IFMT / S_IFLNK */ +#ifndef SSH_S_IFMT +#define SSH_S_IFMT 00170000 +#endif +#ifndef SSH_S_IFLNK +#define SSH_S_IFLNK 0120000 +#endif + /* Local functions: */ static CURLcode myssh_connect(struct Curl_easy *data, bool *done); static CURLcode myssh_multi_statemach(struct Curl_easy *data, @@ -1468,8 +1476,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) memcpy(sshc->readdir_line, sshc->readdir_longentry, sshc->readdir_currLen); if((sshc->readdir_attrs->flags & SSH_FILEXFER_ATTR_PERMISSIONS) && - ((sshc->readdir_attrs->permissions & S_IFMT) == - S_IFLNK)) { + ((sshc->readdir_attrs->permissions & SSH_S_IFMT) == + SSH_S_IFLNK)) { sshc->readdir_linkPath = aprintf("%s%s", protop->path, sshc->readdir_filename); @@ -1962,6 +1970,10 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) } ssh_disconnect(sshc->ssh_session); + /* conn->sock[FIRSTSOCKET] is closed by ssh_disconnect behind our back, + explicitly mark it as closed with the memdebug macro: */ + fake_sclose(conn->sock[FIRSTSOCKET]); + conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD; SSH_STRING_FREE_CHAR(sshc->homedir); data->state.most_recent_ftp_entrypath = NULL; @@ -2055,6 +2067,9 @@ static int myssh_getsock(struct Curl_easy *data, if(conn->waitfor & KEEP_SEND) bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); + if(!conn->waitfor) + bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); + return bitmap; } @@ -2687,7 +2702,7 @@ static void sftp_quote(struct Curl_easy *data) */ cp = strchr(cmd, ' '); if(!cp) { - failf(data, "Syntax error in SFTP command. Supply parameter(s)!"); + failf(data, "Syntax error in SFTP command. Supply parameter(s)"); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; sshc->actualcode = CURLE_QUOTE_ERROR; diff --git a/libs/libcurl/src/vssh/libssh2.c b/libs/libcurl/src/vssh/libssh2.c index 581bc1be82..d269263864 100644 --- a/libs/libcurl/src/vssh/libssh2.c +++ b/libs/libcurl/src/vssh/libssh2.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -433,7 +433,9 @@ static int sshkeycallback(struct Curl_easy *easy, * libssh2 1.2.8 fixed the problem with 32bit ints used for sockets on win64. */ #ifdef HAVE_LIBSSH2_SESSION_HANDSHAKE -#define libssh2_session_startup(x,y) libssh2_session_handshake(x,y) +#define session_startup(x,y) libssh2_session_handshake(x, y) +#else +#define session_startup(x,y) libssh2_session_startup(x, (int)y) #endif static CURLcode ssh_knownhost(struct Curl_easy *data) @@ -495,7 +497,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) break; #endif default: - infof(data, "unsupported key type, can't check knownhosts!"); + infof(data, "unsupported key type, can't check knownhosts"); keybit = 0; break; } @@ -590,7 +592,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) LIBSSH2_KNOWNHOST_KEYENC_RAW| keybit, NULL); if(addrc) - infof(data, "Warning adding the known host %s failed!", + infof(data, "WARNING: adding the known host %s failed", conn->host.name); else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE || rc == CURLKHSTAT_FINE_REPLACE) { @@ -601,7 +603,7 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) data->set.str[STRING_SSH_KNOWNHOSTS], LIBSSH2_KNOWNHOST_FILE_OPENSSH); if(wrc) { - infof(data, "Warning, writing %s failed!", + infof(data, "WARNING: writing %s failed", data->set.str[STRING_SSH_KNOWNHOSTS]); } } @@ -661,7 +663,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) /* The length of fingerprint is 32 bytes for SHA256. * See libssh2_hostkey_hash documentation. */ - if(Curl_base64_encode(data, fingerprint, 32, &fingerprint_b64, + if(Curl_base64_encode(fingerprint, 32, &fingerprint_b64, &fingerprint_b64_len) != CURLE_OK) { state(data, SSH_SESSION_FREE); sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; @@ -692,12 +694,12 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) * against a known fingerprint, if available. */ if((pub_pos != b64_pos) || - Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) { + strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) { free(fingerprint_b64); failf(data, - "Denied establishing ssh session: mismatch sha256 fingerprint. " - "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); + "Denied establishing ssh session: mismatch sha256 fingerprint. " + "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); state(data, SSH_SESSION_FREE); sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; return sshc->actualcode; @@ -705,7 +707,7 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) free(fingerprint_b64); - infof(data, "SHA256 checksum match!"); + infof(data, "SHA256 checksum match"); } if(pubkey_md5) { @@ -725,27 +727,24 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) infof(data, "SSH MD5 fingerprint: %s", md5buffer); } - /* Before we authenticate we check the hostkey's MD5 fingerprint - * against a known fingerprint, if available. - */ - if(pubkey_md5 && strlen(pubkey_md5) == 32) { - if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) { - if(fingerprint) { - failf(data, + /* This does NOT verify the length of 'pubkey_md5' separately, which will + make the comparison below fail unless it is exactly 32 characters */ + if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) { + if(fingerprint) { + failf(data, "Denied establishing ssh session: mismatch md5 fingerprint. " "Remote %s is not equal to %s", md5buffer, pubkey_md5); - } - else { - failf(data, + } + else { + failf(data, "Denied establishing ssh session: md5 fingerprint " "not available"); - } - state(data, SSH_SESSION_FREE); - sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; - return sshc->actualcode; } - infof(data, "MD5 checksum match!"); + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; } + infof(data, "MD5 checksum match"); } if(!pubkey_md5 && !pubkey_sha256) { @@ -932,7 +931,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* FALLTHROUGH */ case SSH_S_STARTUP: - rc = libssh2_session_startup(sshc->ssh_session, (int)sock); + rc = session_startup(sshc->ssh_session, sock); if(rc == LIBSSH2_ERROR_EAGAIN) { break; } @@ -1468,7 +1467,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) */ cp = strchr(cmd, ' '); if(!cp) { - failf(data, "Syntax error command '%s'. Missing parameter!", + failf(data, "Syntax error command '%s', missing parameter", cmd); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; @@ -3227,7 +3226,7 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done) sshrecv.recvptr = ssh_tls_recv; sshsend.sendptr = ssh_tls_send; - infof(data, "Uses HTTPS proxy!"); + infof(data, "Uses HTTPS proxy"); /* Setup libssh2 callbacks to make it read/write TLS from the socket. diff --git a/libs/libcurl/src/vssh/ssh.h b/libs/libcurl/src/vssh/ssh.h index 7972081ec6..30d82e5764 100644 --- a/libs/libcurl/src/vssh/ssh.h +++ b/libs/libcurl/src/vssh/ssh.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -131,8 +131,8 @@ struct ssh_conn { /* common */ const char *passphrase; /* pass-phrase to use */ - char *rsa_pub; /* path name */ - char *rsa; /* path name */ + char *rsa_pub; /* strdup'ed public key file */ + char *rsa; /* strdup'ed private key file */ bool authed; /* the connection has been authenticated fine */ bool acceptfail; /* used by the SFTP_QUOTE (continue if quote command fails) */ diff --git a/libs/libcurl/src/vssh/wolfssh.c b/libs/libcurl/src/vssh/wolfssh.c index 5b4cde91b0..85f2941966 100644 --- a/libs/libcurl/src/vssh/wolfssh.c +++ b/libs/libcurl/src/vssh/wolfssh.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2019 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -469,7 +469,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_STOP); return CURLE_SSH; } - infof(data, "wolfssh connected!"); + infof(data, "wolfssh connected"); state(data, SSH_STOP); break; case SSH_STOP: @@ -490,7 +490,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh SFTP connected!"); + infof(data, "wolfssh SFTP connected"); state(data, SSH_SFTP_REALPATH); } else { @@ -519,7 +519,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) else { memcpy(sshc->homedir, name->fName, name->fSz); sshc->homedir[name->fSz] = 0; - infof(data, "wolfssh SFTP realpath succeeded!"); + infof(data, "wolfssh SFTP realpath succeeded"); } wolfSSH_SFTPNAME_list_free(name); state(data, SSH_STOP); @@ -617,7 +617,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh SFTP open succeeded!"); + infof(data, "wolfssh SFTP open succeeded"); } else { failf(data, "wolfssh SFTP upload open failed: %d", rc); @@ -728,7 +728,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh SFTP open succeeded!"); + infof(data, "wolfssh SFTP open succeeded"); state(data, SSH_SFTP_DOWNLOAD_STAT); return CURLE_OK; } @@ -754,7 +754,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(rc == WS_SUCCESS) { - infof(data, "wolfssh STAT succeeded!"); + infof(data, "wolfssh STAT succeeded"); } else { failf(data, "wolfssh SFTP open failed: %d", rc); diff --git a/libs/libcurl/src/vtls/bearssl.c b/libs/libcurl/src/vtls/bearssl.c index 9b772d064d..91f4416e8f 100644 --- a/libs/libcurl/src/vtls/bearssl.c +++ b/libs/libcurl/src/vtls/bearssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2019 - 2021, Michael Forney, <mforney@mforney.org> + * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org> * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -35,12 +35,15 @@ #include "multiif.h" #include "curl_printf.h" #include "curl_memory.h" +#include "strcase.h" struct x509_context { const br_x509_class *vtable; br_x509_minimal_context minimal; + br_x509_decoder_context decoder; bool verifyhost; bool verifypeer; + int cert_num; }; struct ssl_backend_data { @@ -159,6 +162,18 @@ static CURLcode load_cafile(struct cafile_source *source, if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE")) break; br_x509_decoder_init(&ca.xc, append_dn, &ca); + ca.in_cert = TRUE; + ca.dn_len = 0; + break; + case BR_PEM_END_OBJ: + if(!ca.in_cert) + break; + ca.in_cert = FALSE; + if(br_x509_decoder_last_error(&ca.xc)) { + ca.err = CURLE_SSL_CACERT_BADFILE; + goto fail; + } + /* add trust anchor */ if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) { ca.err = CURLE_OUT_OF_MEMORY; goto fail; @@ -172,19 +187,8 @@ static CURLcode load_cafile(struct cafile_source *source, } ca.anchors = new_anchors; ca.anchors_len = new_anchors_len; - ca.in_cert = TRUE; - ca.dn_len = 0; ta = &ca.anchors[ca.anchors_len - 1]; ta->dn.data = NULL; - break; - case BR_PEM_END_OBJ: - if(!ca.in_cert) - break; - ca.in_cert = FALSE; - if(br_x509_decoder_last_error(&ca.xc)) { - ca.err = CURLE_SSL_CACERT_BADFILE; - goto fail; - } ta->flags = 0; if(br_x509_decoder_isCA(&ca.xc)) ta->flags |= BR_X509_TA_CA; @@ -238,6 +242,8 @@ static CURLcode load_cafile(struct cafile_source *source, } while(source->type != CAFILE_SOURCE_BLOB); if(fp && ferror(fp)) ca.err = CURLE_READ_ERROR; + else if(ca.in_cert) + ca.err = CURLE_SSL_CACERT_BADFILE; fail: if(fp) @@ -260,6 +266,11 @@ static void x509_start_chain(const br_x509_class **ctx, { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + x509->cert_num = 0; + return; + } + if(!x509->verifyhost) server_name = NULL; x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name); @@ -269,6 +280,13 @@ static void x509_start_cert(const br_x509_class **ctx, uint32_t length) { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + /* Only decode the first cert in the chain to obtain the public key */ + if(x509->cert_num == 0) + br_x509_decoder_init(&x509->decoder, NULL, NULL); + return; + } + x509->minimal.vtable->start_cert(&x509->minimal.vtable, length); } @@ -277,6 +295,12 @@ static void x509_append(const br_x509_class **ctx, const unsigned char *buf, { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + if(x509->cert_num == 0) + br_x509_decoder_push(&x509->decoder, buf, len); + return; + } + x509->minimal.vtable->append(&x509->minimal.vtable, buf, len); } @@ -284,21 +308,23 @@ static void x509_end_cert(const br_x509_class **ctx) { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + x509->cert_num++; + return; + } + x509->minimal.vtable->end_cert(&x509->minimal.vtable); } static unsigned x509_end_chain(const br_x509_class **ctx) { struct x509_context *x509 = (struct x509_context *)ctx; - unsigned err; - err = x509->minimal.vtable->end_chain(&x509->minimal.vtable); - if(err && !x509->verifypeer) { - /* ignore any X.509 errors */ - err = BR_ERR_OK; + if(!x509->verifypeer) { + return br_x509_decoder_last_error(&x509->decoder); } - return err; + return x509->minimal.vtable->end_chain(&x509->minimal.vtable); } static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx, @@ -306,6 +332,15 @@ static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx, { struct x509_context *x509 = (struct x509_context *)ctx; + if(!x509->verifypeer) { + /* Nothing in the chain is verified, just return the public key of the + first certificate and allow its usage for both TLS_RSA_* and + TLS_ECDHE_* */ + if(usages) + *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN; + return br_x509_decoder_get_pkey(&x509->decoder); + } + return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages); } @@ -319,6 +354,216 @@ static const br_x509_class x509_vtable = { x509_get_pkey }; +struct st_cipher { + const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */ + const char *alias_name; /* Alias name is the same as OpenSSL cipher name */ + uint16_t num; /* BearSSL cipher suite */ +}; + +/* Macro to initialize st_cipher data structure */ +#define CIPHER_DEF(num, alias) { #num, alias, BR_##num } + +static const struct st_cipher ciphertable[] = { + /* RFC 2246 TLS 1.0 */ + CIPHER_DEF(TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ + "DES-CBC3-SHA"), + + /* RFC 3268 TLS 1.0 AES */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */ + "AES128-SHA"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */ + "AES256-SHA"), + + /* RFC 5246 TLS 1.2 */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */ + "AES128-SHA256"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */ + "AES256-SHA256"), + + /* RFC 5288 TLS 1.2 AES GCM */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */ + "AES128-GCM-SHA256"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */ + "AES256-GCM-SHA384"), + + /* RFC 4492 TLS 1.0 ECC */ + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */ + "ECDH-ECDSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */ + "ECDH-ECDSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */ + "ECDH-ECDSA-AES256-SHA"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */ + "ECDHE-ECDSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */ + "ECDHE-ECDSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */ + "ECDHE-ECDSA-AES256-SHA"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */ + "ECDH-RSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */ + "ECDH-RSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */ + "ECDH-RSA-AES256-SHA"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */ + "ECDHE-RSA-DES-CBC3-SHA"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */ + "ECDHE-RSA-AES128-SHA"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */ + "ECDHE-RSA-AES256-SHA"), + + /* RFC 5289 TLS 1.2 ECC HMAC SHA256/384 */ + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */ + "ECDHE-ECDSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */ + "ECDHE-ECDSA-AES256-SHA384"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */ + "ECDH-ECDSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */ + "ECDH-ECDSA-AES256-SHA384"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */ + "ECDHE-RSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */ + "ECDHE-RSA-AES256-SHA384"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */ + "ECDH-RSA-AES128-SHA256"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */ + "ECDH-RSA-AES256-SHA384"), + + /* RFC 5289 TLS 1.2 GCM */ + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */ + "ECDHE-ECDSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */ + "ECDHE-ECDSA-AES256-GCM-SHA384"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */ + "ECDH-ECDSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */ + "ECDH-ECDSA-AES256-GCM-SHA384"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */ + "ECDHE-RSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */ + "ECDHE-RSA-AES256-GCM-SHA384"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */ + "ECDH-RSA-AES128-GCM-SHA256"), + CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */ + "ECDH-RSA-AES256-GCM-SHA384"), +#ifdef BR_TLS_RSA_WITH_AES_128_CCM + + /* RFC 6655 TLS 1.2 CCM + Supported since BearSSL 0.6 */ + CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM, /* 0xC09C */ + "AES128-CCM"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM, /* 0xC09D */ + "AES256-CCM"), + CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM_8, /* 0xC0A0 */ + "AES128-CCM8"), + CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM_8, /* 0xC0A1 */ + "AES256-CCM8"), + + /* RFC 7251 TLS 1.2 ECC CCM + Supported since BearSSL 0.6 */ + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM, /* 0xC0AC */ + "ECDHE-ECDSA-AES128-CCM"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM, /* 0xC0AD */ + "ECDHE-ECDSA-AES256-CCM"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, /* 0xC0AE */ + "ECDHE-ECDSA-AES128-CCM8"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, /* 0xC0AF */ + "ECDHE-ECDSA-AES256-CCM8"), +#endif + + /* RFC 7905 TLS 1.2 ChaCha20-Poly1305 + Supported since BearSSL 0.2 */ + CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ + "ECDHE-RSA-CHACHA20-POLY1305"), + CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ + "ECDHE-ECDSA-CHACHA20-POLY1305"), +}; + +#define NUM_OF_CIPHERS (sizeof(ciphertable) / sizeof(ciphertable[0])) +#define CIPHER_NAME_BUF_LEN 64 + +static bool is_separator(char c) +{ + /* Return whether character is a cipher list separator. */ + switch(c) { + case ' ': + case '\t': + case ':': + case ',': + case ';': + return true; + } + return false; +} + +static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data, + br_ssl_engine_context *ssl_eng, + const char *ciphers) +{ + uint16_t selected_ciphers[NUM_OF_CIPHERS]; + size_t selected_count = 0; + char cipher_name[CIPHER_NAME_BUF_LEN]; + const char *cipher_start = ciphers; + const char *cipher_end; + size_t i, j; + + if(!cipher_start) + return CURLE_SSL_CIPHER; + + while(true) { + /* Extract the next cipher name from the ciphers string */ + while(is_separator(*cipher_start)) + ++cipher_start; + if(*cipher_start == '\0') + break; + cipher_end = cipher_start; + while(*cipher_end != '\0' && !is_separator(*cipher_end)) + ++cipher_end; + j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ? + cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1; + strncpy(cipher_name, cipher_start, j); + cipher_name[j] = '\0'; + cipher_start = cipher_end; + + /* Lookup the cipher name in the table of available ciphers. If the cipher + name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try + to match cipher name by an (OpenSSL) alias. */ + if(strncasecompare(cipher_name, "TLS_", 4)) { + for(i = 0; i < NUM_OF_CIPHERS && + !strcasecompare(cipher_name, ciphertable[i].name); ++i); + } + else { + for(i = 0; i < NUM_OF_CIPHERS && + !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i); + } + if(i == NUM_OF_CIPHERS) { + infof(data, "BearSSL: unknown cipher in list: %s", cipher_name); + continue; + } + + /* No duplicates allowed */ + for(j = 0; j < selected_count && + selected_ciphers[j] != ciphertable[i].num; j++); + if(j < selected_count) { + infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name); + continue; + } + + DEBUGASSERT(selected_count < NUM_OF_CIPHERS); + selected_ciphers[selected_count] = ciphertable[i].num; + ++selected_count; + } + + if(selected_count == 0) { + failf(data, "BearSSL: no supported cipher in list"); + return CURLE_SSL_CIPHER; + } + + br_ssl_engine_set_suites(ssl_eng, selected_ciphers, selected_count); + return CURLE_OK; +} + static CURLcode bearssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, int sockindex) { @@ -339,6 +584,8 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, struct in_addr addr; #endif + DEBUGASSERT(backend); + switch(SSL_CONN_CONFIG(version)) { case CURL_SSLVERSION_SSLv2: failf(data, "BearSSL does not support SSLv2"); @@ -410,6 +657,15 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf, sizeof(backend->buf), 1); + if(SSL_CONN_CONFIG(cipher_list)) { + /* Override the ciphers as specified. For the default cipher list see the + BearSSL source code of br_ssl_client_init_full() */ + ret = bearssl_set_selected_ciphers(data, &backend->ctx.eng, + SSL_CONN_CONFIG(cipher_list)); + if(ret) + return ret; + } + /* initialize X.509 context */ backend->x509.vtable = &x509_vtable; backend->x509.verifypeer = verifypeer; @@ -442,12 +698,12 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, #endif ) { backend->protocols[cur++] = ALPN_H2; - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif backend->protocols[cur++] = ALPN_HTTP_1_1; - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); br_ssl_engine_set_protocol_names(&backend->ctx.eng, backend->protocols, cur); @@ -465,8 +721,28 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, } hostname = NULL; } + else { + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + hostname = snihost; + } - if(!br_ssl_client_reset(&backend->ctx, hostname, 0)) + /* give application a chance to interfere with SSL set up. */ + if(data->set.ssl.fsslctx) { + Curl_set_in_callback(data, true); + ret = (*data->set.ssl.fsslctx)(data, &backend->ctx, + data->set.ssl.fsslctxp); + Curl_set_in_callback(data, false); + if(ret) { + failf(data, "BearSSL: error signaled by ssl ctx callback"); + return ret; + } + } + + if(!br_ssl_client_reset(&backend->ctx, hostname, 1)) return CURLE_FAILED_INIT; backend->active = TRUE; @@ -488,6 +764,8 @@ static CURLcode bearssl_run_until(struct Curl_easy *data, ssize_t ret; int err; + DEBUGASSERT(backend); + for(;;) { state = br_ssl_engine_current_state(&backend->ctx.eng); if(state & BR_SSL_CLOSED) { @@ -560,6 +838,8 @@ static CURLcode bearssl_connect_step2(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; CURLcode ret; + DEBUGASSERT(backend); + ret = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP); if(ret == CURLE_AGAIN) @@ -582,13 +862,14 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data, CURLcode ret; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); if(conn->bits.tls_enable_alpn) { const char *protocol; protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng); if(protocol) { - infof(data, "ALPN, server accepted to use %s", protocol); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, protocol); #ifdef USE_HTTP2 if(!strcmp(protocol, ALPN_H2)) @@ -603,7 +884,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data, BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); } if(SSL_SET_OPTION(primary.sessionid)) { @@ -647,6 +928,8 @@ static ssize_t bearssl_send(struct Curl_easy *data, int sockindex, unsigned char *app; size_t applen; + DEBUGASSERT(backend); + for(;;) { *err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP); if (*err != CURLE_OK) @@ -680,6 +963,8 @@ static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex, unsigned char *app; size_t applen; + DEBUGASSERT(backend); + *err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP); if(*err != CURLE_OK) return -1; @@ -805,6 +1090,7 @@ static bool bearssl_data_pending(const struct connectdata *conn, { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP; } @@ -854,6 +1140,7 @@ static void *bearssl_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return &backend->ctx; } @@ -864,6 +1151,8 @@ static void bearssl_close(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; size_t i; + DEBUGASSERT(backend); + if(backend->active) { br_ssl_engine_close(&backend->ctx.eng); (void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED); @@ -893,7 +1182,7 @@ static CURLcode bearssl_sha256sum(const unsigned char *input, const struct Curl_ssl Curl_ssl_bearssl = { { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */ - SSLSUPP_CAINFO_BLOB, + SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX, sizeof(struct ssl_backend_data), Curl_none_init, /* init */ diff --git a/libs/libcurl/src/vtls/gskit.c b/libs/libcurl/src/vtls/gskit.c index e451f6aebe..7a65f92f20 100644 --- a/libs/libcurl/src/vtls/gskit.c +++ b/libs/libcurl/src/vtls/gskit.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,6 +28,7 @@ #include <qsoasync.h> #undef HAVE_SOCKETPAIR /* because the native one isn't good enough */ #include "socketpair.h" +#include "strerror.h" /* Some symbols are undefined/unsupported on OS400 versions < V7R1. */ #ifndef GSK_SSL_EXTN_SERVERNAME_REQUEST @@ -73,6 +74,7 @@ #include "connect.h" /* for the connect timeout */ #include "select.h" #include "strcase.h" +#include "timediff.h" #include "x509asn1.h" #include "curl_printf.h" @@ -247,10 +249,10 @@ static CURLcode set_enum(struct Curl_easy *data, gsk_handle h, static CURLcode set_buffer(struct Curl_easy *data, gsk_handle h, - GSK_BUF_ID id, const char *buffer, bool unsupported_ok) + GSK_BUF_ID id, const char *buf, bool unsupported_ok) { char buffer[STRERROR_LEN]; - int rc = gsk_attribute_set_buffer(h, id, buffer, 0); + int rc = gsk_attribute_set_buffer(h, id, buf, 0); switch(rc) { case GSK_OK: @@ -291,27 +293,6 @@ static CURLcode set_numeric(struct Curl_easy *data, } -static CURLcode set_callback(struct Curl_easy *data, - gsk_handle h, GSK_CALLBACK_ID id, void *info) -{ - char buffer[STRERROR_LEN]; - int rc = gsk_attribute_set_callback(h, id, info); - - switch(rc) { - case GSK_OK: - return CURLE_OK; - case GSK_ERROR_IO: - failf(data, "gsk_attribute_set_callback() I/O error: %s", - Curl_strerror(errno, buffer, sizeof(buffer))); - break; - default: - failf(data, "gsk_attribute_set_callback(): %s", gsk_strerror(rc)); - break; - } - return CURLE_SSL_CONNECT_ERROR; -} - - static CURLcode set_ciphers(struct Curl_easy *data, gsk_handle h, unsigned int *protoflags) { @@ -448,8 +429,7 @@ static CURLcode set_ciphers(struct Curl_easy *data, static int gskit_init(void) { - /* No initialisation needed. */ - + /* No initialization needed. */ return 1; } @@ -513,6 +493,8 @@ static void cancel_async_handshake(struct connectdata *conn, int sockindex) struct ssl_connect_data *connssl = &conn->ssl[sockindex]; Qso_OverlappedIO_t cstat; + DEBUGASSERT(BACKEND); + if(QsoCancelOperation(conn->sock[sockindex], 0) > 0) QsoWaitForIOCompletion(BACKEND->iocport, &cstat, (struct timeval *) NULL); } @@ -520,6 +502,7 @@ static void cancel_async_handshake(struct connectdata *conn, int sockindex) static void close_async_handshake(struct ssl_connect_data *connssl) { + DEBUGASSERT(BACKEND); QsoDestroyIOCompletionPort(BACKEND->iocport); BACKEND->iocport = -1; } @@ -530,36 +513,36 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, #ifndef CURL_DISABLE_PROXY struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connproxyssl = &conn->proxy_ssl[sockindex]; - fd_set fds_read; - fd_set fds_write; + struct pollfd fds[2]; int n; int m; int i; int ret = 0; char buf[CURL_MAX_WRITE_SIZE]; + DEBUGASSERT(BACKEND); + DEBUGASSERT(connproxyssl->backend); + if(!connssl->use || !connproxyssl->use) return 0; /* No SSL over SSL: OK. */ - FD_ZERO(&fds_read); - FD_ZERO(&fds_write); - n = -1; + n = 1; + fds[0].fd = BACKEND->remotefd; + fds[1].fd = conn->sock[sockindex]; + if(directions & SOS_READ) { - FD_SET(BACKEND->remotefd, &fds_write); - n = BACKEND->remotefd; + fds[0].events |= POLLOUT; } if(directions & SOS_WRITE) { - FD_SET(BACKEND->remotefd, &fds_read); - n = BACKEND->remotefd; - FD_SET(conn->sock[sockindex], &fds_write); - if(n < conn->sock[sockindex]) - n = conn->sock[sockindex]; + n = 2; + fds[0].events |= POLLIN; + fds[1].events |= POLLOUT; } - i = Curl_select(n + 1, &fds_read, &fds_write, NULL, 0); + i = Curl_poll(fds, n, 0); if(i < 0) return -1; /* Select error. */ - if(FD_ISSET(BACKEND->remotefd, &fds_write)) { + if(fds[0].revents & POLLOUT) { /* Try getting data from HTTPS proxy and pipe it upstream. */ n = 0; i = gsk_secure_soc_read(connproxyssl->backend->handle, @@ -581,8 +564,7 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, } } - if(FD_ISSET(BACKEND->remotefd, &fds_read) && - FD_ISSET(conn->sock[sockindex], &fds_write)) { + if((fds[0].revents & POLLIN) && (fds[1].revents & POLLOUT)) { /* Pipe data to HTTPS proxy. */ n = read(BACKEND->remotefd, buf, sizeof(buf)); if(n < 0) @@ -605,6 +587,7 @@ static int pipe_ssloverssl(struct connectdata *conn, int sockindex, static void close_one(struct ssl_connect_data *connssl, struct Curl_easy *data, struct connectdata *conn, int sockindex) { + DEBUGASSERT(BACKEND); if(BACKEND->handle) { gskit_status(data, gsk_secure_soc_close(&BACKEND->handle), "gsk_secure_soc_close()", 0); @@ -636,6 +619,8 @@ static ssize_t gskit_send(struct Curl_easy *data, int sockindex, CURLcode cc = CURLE_SEND_ERROR; int written; + DEBUGASSERT(BACKEND); + if(pipe_ssloverssl(conn, sockindex, SOS_WRITE) >= 0) { cc = gskit_status(data, gsk_secure_soc_write(BACKEND->handle, @@ -661,6 +646,8 @@ static ssize_t gskit_recv(struct Curl_easy *data, int num, char *buf, int nread; CURLcode cc = CURLE_RECV_ERROR; + DEBUGASSERT(BACKEND); + if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) { int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize; cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle, @@ -734,6 +721,7 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data, #endif /* Create SSL environment, start (preferably asynchronous) handshake. */ + DEBUGASSERT(BACKEND); BACKEND->handle = (gsk_handle) NULL; BACKEND->iocport = -1; @@ -787,13 +775,13 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data, BACKEND->localfd = sockpair[0]; BACKEND->remotefd = sockpair[1]; setsockopt(BACKEND->localfd, SOL_SOCKET, SO_RCVBUF, - (void *) sobufsize, sizeof(sobufsize)); + (void *) &sobufsize, sizeof(sobufsize)); setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_RCVBUF, - (void *) sobufsize, sizeof(sobufsize)); + (void *) &sobufsize, sizeof(sobufsize)); setsockopt(BACKEND->localfd, SOL_SOCKET, SO_SNDBUF, - (void *) sobufsize, sizeof(sobufsize)); + (void *) &sobufsize, sizeof(sobufsize)); setsockopt(BACKEND->remotefd, SOL_SOCKET, SO_SNDBUF, - (void *) sobufsize, sizeof(sobufsize)); + (void *) &sobufsize, sizeof(sobufsize)); curlx_nonblock(BACKEND->localfd, TRUE); curlx_nonblock(BACKEND->remotefd, TRUE); } @@ -830,8 +818,13 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data, /* Process SNI. Ignore if not supported (on OS400 < V7R1). */ if(sni) { + char *snihost = Curl_ssl_snihost(data, sni, NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } result = set_buffer(data, BACKEND->handle, - GSK_SSL_EXTN_SERVERNAME_REQUEST, sni, TRUE); + GSK_SSL_EXTN_SERVERNAME_REQUEST, snihost, TRUE); if(result == CURLE_UNSUPPORTED_PROTOCOL) result = CURLE_OK; } @@ -958,14 +951,16 @@ static CURLcode gskit_connect_step2(struct Curl_easy *data, CURLcode result; /* Poll or wait for end of SSL asynchronous handshake. */ + DEBUGASSERT(BACKEND); for(;;) { timediff_t timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE); + stmv.tv_sec = 0; + stmv.tv_usec = 0; if(timeout_ms < 0) timeout_ms = 0; - stmv.tv_sec = timeout_ms / 1000; - stmv.tv_usec = (timeout_ms - stmv.tv_sec * 1000) * 1000; - switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat, &stmv)) { + switch(QsoWaitForIOCompletion(BACKEND->iocport, &cstat, + curlx_mstotv(&stmv, timeout_ms))) { case 1: /* Operation complete. */ break; case -1: /* An error occurred: handshake still in progress. */ @@ -1014,6 +1009,7 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data, CURLcode result; /* SSL handshake done: gather certificate info and verify host. */ + DEBUGASSERT(BACKEND); if(gskit_status(data, gsk_attribute_get_cert_info(BACKEND->handle, GSK_PARTNER_CERT_INFO, @@ -1070,15 +1066,16 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data, /* Check pinned public key. */ ptr = SSL_PINNED_PUB_KEY(); if(!result && ptr) { - curl_X509certificate x509; - curl_asn1Element *p; + struct Curl_X509certificate x509; + struct Curl_asn1Element *p; + memset(&x509, 0, sizeof(x509)); if(Curl_parseX509(&x509, cert, certend)) return CURLE_SSL_PINNEDPUBKEYNOTMATCH; p = &x509.subjectPublicKeyInfo; result = Curl_pin_peer_pubkey(data, ptr, p->header, p->end - p->header); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } } @@ -1205,6 +1202,8 @@ static int gskit_shutdown(struct Curl_easy *data, char buf[120]; int loop = 10; /* don't get stuck */ + DEBUGASSERT(BACKEND); + if(!BACKEND->handle) return 0; @@ -1268,6 +1267,7 @@ static int gskit_check_cxn(struct connectdata *cxn) int errlen; /* The only thing that can be tested here is at the socket level. */ + DEBUGASSERT(BACKEND); if(!BACKEND->handle) return 0; /* connection has been closed */ @@ -1287,6 +1287,7 @@ static void *gskit_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { (void)info; + DEBUGASSERT(BACKEND); return BACKEND->handle; } @@ -1308,6 +1309,7 @@ const struct Curl_ssl Curl_ssl_gskit = { Curl_none_cert_status_request, /* cert_status_request */ gskit_connect, /* connect */ gskit_connect_nonblocking, /* connect_nonblocking */ + Curl_ssl_getsock, /* getsock */ gskit_get_internals, /* get_internals */ gskit_close, /* close_one */ Curl_none_close_all, /* close_all */ diff --git a/libs/libcurl/src/vtls/gtls.c b/libs/libcurl/src/vtls/gtls.c index 18864aa4b2..dd82755852 100644 --- a/libs/libcurl/src/vtls/gtls.c +++ b/libs/libcurl/src/vtls/gtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -55,6 +55,14 @@ /* The last #include file should be: */ #include "memdebug.h" +#ifdef HAVE_GNUTLS_SRP +/* the function exists */ +#ifdef USE_TLS_SRP +/* the functionality is not disabled */ +#define USE_GNUTLS_SRP +#endif +#endif + /* Enable GnuTLS debugging by defining GTLSDEBUG */ /*#define GTLSDEBUG */ @@ -75,7 +83,7 @@ static bool gtls_inited = FALSE; struct ssl_backend_data { gnutls_session_t session; gnutls_certificate_credentials_t cred; -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP gnutls_srp_client_credentials_t srp_client_cred; #endif }; @@ -202,9 +210,12 @@ static CURLcode handshake(struct Curl_easy *data, { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; - gnutls_session_t session = backend->session; + gnutls_session_t session; curl_socket_t sockfd = conn->sock[sockindex]; + DEBUGASSERT(backend); + session = backend->session; + for(;;) { timediff_t timeout_ms; int rc; @@ -406,6 +417,8 @@ gtls_connect_step1(struct Curl_easy *data, const char *tls13support; CURLcode result; + DEBUGASSERT(backend); + if(connssl->state == ssl_connection_complete) /* to make us tolerant against being called more than once for the same connection */ @@ -431,12 +444,13 @@ gtls_connect_step1(struct Curl_easy *data, return CURLE_SSL_CONNECT_ERROR; } -#ifdef HAVE_GNUTLS_SRP - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { - infof(data, "Using TLS-SRP username: %s", SSL_SET_OPTION(username)); +#ifdef USE_GNUTLS_SRP + if((SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) && + Curl_allow_auth_to_host(data)) { + infof(data, "Using TLS-SRP username: %s", + SSL_SET_OPTION(primary.username)); - rc = gnutls_srp_allocate_client_credentials( - &backend->srp_client_cred); + rc = gnutls_srp_allocate_client_credentials(&backend->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_allocate_client_cred() failed: %s", gnutls_strerror(rc)); @@ -444,8 +458,8 @@ gtls_connect_step1(struct Curl_easy *data, } rc = gnutls_srp_set_client_credentials(backend->srp_client_cred, - SSL_SET_OPTION(username), - SSL_SET_OPTION(password)); + SSL_SET_OPTION(primary.username), + SSL_SET_OPTION(primary.password)); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_srp_set_client_cred() failed: %s", gnutls_strerror(rc)); @@ -502,19 +516,19 @@ gtls_connect_step1(struct Curl_easy *data, } #endif - if(SSL_SET_OPTION(CRLfile)) { + if(SSL_SET_OPTION(primary.CRLfile)) { /* set the CRL list file */ rc = gnutls_certificate_set_x509_crl_file(backend->cred, - SSL_SET_OPTION(CRLfile), + SSL_SET_OPTION(primary.CRLfile), GNUTLS_X509_FMT_PEM); if(rc < 0) { failf(data, "error reading crl file %s (%s)", - SSL_SET_OPTION(CRLfile), gnutls_strerror(rc)); + SSL_SET_OPTION(primary.CRLfile), gnutls_strerror(rc)); return CURLE_SSL_CRL_BADFILE; } else infof(data, "found %d CRL in %s", - rc, SSL_SET_OPTION(CRLfile)); + rc, SSL_SET_OPTION(primary.CRLfile)); } /* Initialize TLS session as a client */ @@ -542,11 +556,15 @@ gtls_connect_step1(struct Curl_easy *data, #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && #endif - sni && - (gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, - strlen(hostname)) < 0)) - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension"); + sni) { + size_t snilen; + char *snihost = Curl_ssl_snihost(data, hostname, &snilen); + if(!snihost || gnutls_server_name_set(session, GNUTLS_NAME_DNS, snihost, + snilen) < 0) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + } /* Use default priorities */ rc = gnutls_set_default_priority(session); @@ -578,10 +596,10 @@ gtls_connect_step1(struct Curl_easy *data, if(result) return result; -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP /* Only add SRP to the cipher list if SRP is requested. Otherwise * GnuTLS will disable TLS 1.3 support. */ - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { + if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) { size_t len = strlen(prioritylist); char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1); @@ -600,7 +618,7 @@ gtls_connect_step1(struct Curl_easy *data, #endif infof(data, "GnuTLS ciphers: %s", prioritylist); rc = gnutls_priority_set_direct(session, prioritylist, &err); -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP } #endif @@ -623,14 +641,14 @@ gtls_connect_step1(struct Curl_easy *data, protocols[cur].data = (unsigned char *)ALPN_H2; protocols[cur].size = ALPN_H2_LENGTH; cur++; - infof(data, "ALPN, offering %.*s", ALPN_H2_LENGTH, ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1; protocols[cur].size = ALPN_HTTP_1_1_LENGTH; cur++; - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); if(gnutls_alpn_set_protocols(session, protocols, cur, 0)) { failf(data, "failed setting ALPN"); @@ -674,9 +692,9 @@ gtls_connect_step1(struct Curl_easy *data, } } -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP /* put the credentials to the current session */ - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { + if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP) { rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP, backend->srp_client_cred); if(rc != GNUTLS_E_SUCCESS) { @@ -697,7 +715,10 @@ gtls_connect_step1(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY if(conn->proxy_ssl[sockindex].use) { - transport_ptr = conn->proxy_ssl[sockindex].backend->session; + struct ssl_backend_data *proxy_backend; + proxy_backend = conn->proxy_ssl[sockindex].backend; + DEBUGASSERT(proxy_backend); + transport_ptr = proxy_backend->session; gnutls_transport_push = gtls_push_ssl; gnutls_transport_pull = gtls_pull_ssl; } @@ -854,9 +875,9 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(SSL_CONN_CONFIG(verifypeer) || SSL_CONN_CONFIG(verifyhost) || SSL_CONN_CONFIG(issuercert)) { -#ifdef HAVE_GNUTLS_SRP - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP - && SSL_SET_OPTION(username) != NULL +#ifdef USE_GNUTLS_SRP + if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP + && SSL_SET_OPTION(primary.username) && !SSL_CONN_CONFIG(verifypeer) && gnutls_cipher_get(session)) { /* no peer cert, but auth is ok if we have SRP user and cipher and no @@ -867,7 +888,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, failf(data, "failed to get server cert"); *certverifyresult = GNUTLS_E_NO_CERTIFICATE_FOUND; return CURLE_PEER_FAILED_VERIFICATION; -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP } #endif } @@ -914,7 +935,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data, failf(data, "server certificate verification failed. CAfile: %s " "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none", - SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none"); + SSL_SET_OPTION(primary.CRLfile) ? + SSL_SET_OPTION(primary.CRLfile) : "none"); return CURLE_PEER_FAILED_VERIFICATION; } else @@ -1186,7 +1208,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(ptr) { result = pkp_pin_peer_pubkey(data, x509_cert, ptr); if(result != CURLE_OK) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); gnutls_x509_crt_deinit(x509_cert); return result; } @@ -1243,8 +1265,8 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(conn->bits.tls_enable_alpn) { rc = gnutls_alpn_get_selected_protocol(session, &proto); if(rc == 0) { - infof(data, "ALPN, server accepted to use %.*s", proto.size, - proto.data); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, proto.size, + proto.data); #ifdef USE_HTTP2 if(proto.size == ALPN_H2_LENGTH && @@ -1260,7 +1282,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, } } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); @@ -1352,7 +1374,9 @@ gtls_connect_common(struct Curl_easy *data, /* Finish connecting once the handshake is done */ if(ssl_connect_1 == connssl->connecting_state) { struct ssl_backend_data *backend = connssl->backend; - gnutls_session_t session = backend->session; + gnutls_session_t session; + DEBUGASSERT(backend); + session = backend->session; rc = Curl_gtls_verifyserver(data, conn, session, sockindex); if(rc) return rc; @@ -1393,6 +1417,9 @@ static bool gtls_data_pending(const struct connectdata *conn, const struct ssl_connect_data *connssl = &conn->ssl[connindex]; bool res = FALSE; struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + if(backend->session && 0 != gnutls_record_check_pending(backend->session)) res = TRUE; @@ -1400,6 +1427,7 @@ static bool gtls_data_pending(const struct connectdata *conn, #ifndef CURL_DISABLE_PROXY connssl = &conn->proxy_ssl[connindex]; backend = connssl->backend; + DEBUGASSERT(backend); if(backend->session && 0 != gnutls_record_check_pending(backend->session)) res = TRUE; @@ -1417,7 +1445,10 @@ static ssize_t gtls_send(struct Curl_easy *data, struct connectdata *conn = data->conn; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; - ssize_t rc = gnutls_record_send(backend->session, mem, len); + ssize_t rc; + + DEBUGASSERT(backend); + rc = gnutls_record_send(backend->session, mem, len); if(rc < 0) { *curlcode = (rc == GNUTLS_E_AGAIN) @@ -1433,6 +1464,8 @@ static ssize_t gtls_send(struct Curl_easy *data, static void close_one(struct ssl_connect_data *connssl) { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(backend->session) { char buf[32]; /* Maybe the server has already sent a close notify alert. @@ -1446,7 +1479,7 @@ static void close_one(struct ssl_connect_data *connssl) gnutls_certificate_free_credentials(backend->cred); backend->cred = NULL; } -#ifdef HAVE_GNUTLS_SRP +#ifdef USE_GNUTLS_SRP if(backend->srp_client_cred) { gnutls_srp_free_client_credentials(backend->srp_client_cred); backend->srp_client_cred = NULL; @@ -1475,6 +1508,8 @@ static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; int retval = 0; + DEBUGASSERT(backend); + #ifndef CURL_DISABLE_FTP /* This has only been tested on the proftpd server, and the mod_tls code sends a close notify alert without waiting for a close notify alert in @@ -1530,9 +1565,9 @@ static int gtls_shutdown(struct Curl_easy *data, struct connectdata *conn, } gnutls_certificate_free_credentials(backend->cred); -#ifdef HAVE_GNUTLS_SRP - if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP - && SSL_SET_OPTION(username) != NULL) +#ifdef USE_GNUTLS_SRP + if(SSL_SET_OPTION(primary.authtype) == CURL_TLSAUTH_SRP + && SSL_SET_OPTION(primary.username) != NULL) gnutls_srp_free_client_credentials(backend->srp_client_cred); #endif @@ -1553,6 +1588,8 @@ static ssize_t gtls_recv(struct Curl_easy *data, /* connection data */ struct ssl_backend_data *backend = connssl->backend; ssize_t ret; + DEBUGASSERT(backend); + ret = gnutls_record_recv(backend->session, buf, buffersize); if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { *curlcode = CURLE_AGAIN; @@ -1624,6 +1661,7 @@ static void *gtls_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->session; } diff --git a/libs/libcurl/src/hostcheck.c b/libs/libcurl/src/vtls/hostcheck.c index cd45bd07ee..8dc97a27d0 100644 --- a/libs/libcurl/src/hostcheck.c +++ b/libs/libcurl/src/vtls/hostcheck.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -33,6 +33,7 @@ #ifdef HAVE_NETINET_IN6_H #include <netinet/in6.h> #endif +#include "curl_memrchr.h" #include "hostcheck.h" #include "strcase.h" @@ -42,13 +43,23 @@ /* The last #include file should be: */ #include "memdebug.h" +/* check the two input strings with given length, but do not + assume they end in nul-bytes */ +static bool pmatch(const char *hostname, size_t hostlen, + const char *pattern, size_t patternlen) +{ + if(hostlen != patternlen) + return FALSE; + return strncasecompare(hostname, pattern, hostlen); +} + /* * Match a hostname against a wildcard pattern. * E.g. * "foo.host.com" matches "*.host.com". * * We use the matching rule described in RFC6125, section 6.4.3. - * https://tools.ietf.org/html/rfc6125#section-6.4.3 + * https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3 * * In addition: ignore trailing dots in the host names and wildcards, so that * the names are used normalized. This is what the browsers do. @@ -58,85 +69,72 @@ * apparent distinction between a name and an IP. We need to detect the use of * an IP address and not wildcard match on such names. * - * NOTE: hostmatch() gets called with copied buffers so that it can modify the - * contents at will. + * Return TRUE on a match. FALSE if not. */ -static int hostmatch(char *hostname, char *pattern) +static bool hostmatch(const char *hostname, + size_t hostlen, + const char *pattern, + size_t patternlen) { - const char *pattern_label_end, *pattern_wildcard, *hostname_label_end; - int wildcard_enabled; + const char *pattern_label_end, *wildcard, *hostname_label_end; size_t prefixlen, suffixlen; /* normalize pattern and hostname by stripping off trailing dots */ - size_t len = strlen(hostname); - if(hostname[len-1]=='.') - hostname[len-1] = 0; - len = strlen(pattern); - if(pattern[len-1]=='.') - pattern[len-1] = 0; - - pattern_wildcard = strchr(pattern, '*'); - if(!pattern_wildcard) - return strcasecompare(pattern, hostname) ? - CURL_HOST_MATCH : CURL_HOST_NOMATCH; + DEBUGASSERT(patternlen); + if(hostname[hostlen-1]=='.') + hostlen--; + if(pattern[patternlen-1]=='.') + patternlen--; + + wildcard = memchr(pattern, '*', patternlen); + if(!wildcard) + return pmatch(hostname, hostlen, pattern, patternlen); /* detect IP address as hostname and fail the match if so */ if(Curl_host_is_ipnum(hostname)) - return CURL_HOST_NOMATCH; + return FALSE; - /* We require at least 2 dots in pattern to avoid too wide wildcard + /* We require at least 2 dots in the pattern to avoid too wide wildcard match. */ - wildcard_enabled = 1; - pattern_label_end = strchr(pattern, '.'); - if(!pattern_label_end || !strchr(pattern_label_end + 1, '.') || - pattern_wildcard > pattern_label_end || - strncasecompare(pattern, "xn--", 4)) { - wildcard_enabled = 0; + pattern_label_end = memchr(pattern, '.', patternlen); + if(!pattern_label_end || + (memrchr(pattern, '.', patternlen) == pattern_label_end) || + strncasecompare(pattern, "xn--", 4)) + return pmatch(hostname, hostlen, pattern, patternlen); + + hostname_label_end = memchr(hostname, '.', hostlen); + if(!hostname_label_end) + return FALSE; + else { + size_t skiphost = hostname_label_end - hostname; + size_t skiplen = pattern_label_end - pattern; + if(!pmatch(hostname_label_end, hostlen - skiphost, + pattern_label_end, patternlen - skiplen)) + return FALSE; } - if(!wildcard_enabled) - return strcasecompare(pattern, hostname) ? - CURL_HOST_MATCH : CURL_HOST_NOMATCH; - - hostname_label_end = strchr(hostname, '.'); - if(!hostname_label_end || - !strcasecompare(pattern_label_end, hostname_label_end)) - return CURL_HOST_NOMATCH; - /* The wildcard must match at least one character, so the left-most label of the hostname is at least as large as the left-most label of the pattern. */ if(hostname_label_end - hostname < pattern_label_end - pattern) - return CURL_HOST_NOMATCH; + return FALSE; - prefixlen = pattern_wildcard - pattern; - suffixlen = pattern_label_end - (pattern_wildcard + 1); + prefixlen = wildcard - pattern; + suffixlen = pattern_label_end - (wildcard + 1); return strncasecompare(pattern, hostname, prefixlen) && - strncasecompare(pattern_wildcard + 1, hostname_label_end - suffixlen, - suffixlen) ? - CURL_HOST_MATCH : CURL_HOST_NOMATCH; + strncasecompare(wildcard + 1, hostname_label_end - suffixlen, + suffixlen) ? TRUE : FALSE; } -int Curl_cert_hostcheck(const char *match_pattern, const char *hostname) +/* + * Curl_cert_hostcheck() returns TRUE if a match and FALSE if not. + */ +bool Curl_cert_hostcheck(const char *match, size_t matchlen, + const char *hostname, size_t hostlen) { - int res = 0; - if(!match_pattern || !*match_pattern || - !hostname || !*hostname) /* sanity check */ - ; - else { - char *matchp = strdup(match_pattern); - if(matchp) { - char *hostp = strdup(hostname); - if(hostp) { - if(hostmatch(hostp, matchp) == CURL_HOST_MATCH) - res = 1; - free(hostp); - } - free(matchp); - } - } - - return res; + if(match && *match && hostname && *hostname) + return hostmatch(hostname, hostlen, match, matchlen); + return FALSE; } #endif /* OPENSSL, GSKIT or schannel+wince */ diff --git a/libs/libcurl/src/hostcheck.h b/libs/libcurl/src/vtls/hostcheck.h index 52155f43b4..aa966403dd 100644 --- a/libs/libcurl/src/hostcheck.h +++ b/libs/libcurl/src/vtls/hostcheck.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,8 +24,8 @@ #include <curl/curl.h> -#define CURL_HOST_NOMATCH 0 -#define CURL_HOST_MATCH 1 -int Curl_cert_hostcheck(const char *match_pattern, const char *hostname); +/* returns TRUE if there's a match */ +bool Curl_cert_hostcheck(const char *match_pattern, size_t matchlen, + const char *hostname, size_t hostlen); #endif /* HEADER_CURL_HOSTCHECK_H */ diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c index 1d209b2732..b60b9cac50 100644 --- a/libs/libcurl/src/vtls/mbedtls.c +++ b/libs/libcurl/src/vtls/mbedtls.c @@ -41,9 +41,6 @@ #include <mbedtls/net.h> #endif #include <mbedtls/ssl.h> -#if MBEDTLS_VERSION_NUMBER < 0x03000000 -#include <mbedtls/certs.h> -#endif #include <mbedtls/x509.h> #include <mbedtls/error.h> @@ -73,17 +70,28 @@ #include "curl_memory.h" #include "memdebug.h" +/* ALPN for http2 */ +#ifdef USE_HTTP2 +# undef HAS_ALPN +# ifdef MBEDTLS_SSL_ALPN +# define HAS_ALPN +# endif +#endif + struct ssl_backend_data { mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_context entropy; mbedtls_ssl_context ssl; - int server_fd; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; +#ifdef MBEDTLS_X509_CRL_PARSE_C mbedtls_x509_crl crl; +#endif mbedtls_pk_context pk; mbedtls_ssl_config config; +#ifdef HAS_ALPN const char *protocols[3]; +#endif }; /* apply threading? */ @@ -145,15 +153,6 @@ static void mbed_debug(void *context, int level, const char *f_name, #else #endif -/* ALPN for http2? */ -#ifdef USE_NGHTTP2 -# undef HAS_ALPN -# ifdef MBEDTLS_SSL_ALPN -# define HAS_ALPN -# endif -#endif - - /* * profile */ @@ -231,6 +230,8 @@ set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn, long ssl_version_max = SSL_CONN_CONFIG(version_max); CURLcode result = CURLE_OK; + DEBUGASSERT(backend); + switch(ssl_version) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: @@ -278,7 +279,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, const char * const ssl_capath = SSL_CONN_CONFIG(CApath); char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); - const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile); + const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile); const char * const hostname = SSL_HOST_NAME(); #ifndef CURL_DISABLE_VERBOSE_STRINGS const long int port = SSL_HOST_PORT(); @@ -286,6 +287,8 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, int ret = -1; char errorbuf[128]; + DEBUGASSERT(backend); + if((SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) || (SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3)) { failf(data, "Not supported SSL version"); @@ -300,8 +303,9 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, &ts_entropy, NULL, 0); if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s", + failf(data, "mbedtls_ctr_drbg_seed returned (-0x%04X) %s", -ret, errorbuf); + return CURLE_FAILED_INIT; } #else mbedtls_entropy_init(&backend->entropy); @@ -311,8 +315,9 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, &backend->entropy, NULL, 0); if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "Failed - mbedTLS: ctr_drbg_init returned (-0x%04X) %s", + failf(data, "mbedtls_ctr_drbg_seed returned (-0x%04X) %s", -ret, errorbuf); + return CURLE_FAILED_INIT; } #endif /* THREADING_SUPPORT */ @@ -335,11 +340,12 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "Error importing ca cert blob - mbedTLS: (-0x%04X) %s", -ret, errorbuf); - return ret; + return CURLE_SSL_CERTPROBLEM; } } if(ssl_cafile && verifypeer) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_file(&backend->cacert, ssl_cafile); if(ret<0) { @@ -348,9 +354,14 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, ssl_cafile, -ret, errorbuf); return CURLE_SSL_CACERT_BADFILE; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } if(ssl_capath) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_path(&backend->cacert, ssl_capath); if(ret<0) { @@ -361,12 +372,17 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, if(verifypeer) return CURLE_SSL_CACERT_BADFILE; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } /* Load the client certificate */ mbedtls_x509_crt_init(&backend->clicert); if(ssl_cert) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crt_parse_file(&backend->clicert, ssl_cert); if(ret) { @@ -376,6 +392,10 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CERTPROBLEM; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } if(ssl_cert_blob) { @@ -388,7 +408,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, memcpy(newblob, ssl_cert_blob->data, ssl_cert_blob->len); newblob[ssl_cert_blob->len] = 0; /* null terminate */ ret = mbedtls_x509_crt_parse(&backend->clicert, newblob, - ssl_cert_blob->len); + ssl_cert_blob->len + 1); free(newblob); if(ret) { @@ -404,6 +424,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, if(SSL_SET_OPTION(key) || SSL_SET_OPTION(key_blob)) { if(SSL_SET_OPTION(key)) { +#ifdef MBEDTLS_FS_IO #if MBEDTLS_VERSION_NUMBER >= 0x03000000 ret = mbedtls_pk_parse_keyfile(&backend->pk, SSL_SET_OPTION(key), SSL_SET_OPTION(key_passwd), @@ -420,6 +441,10 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, SSL_SET_OPTION(key), -ret, errorbuf); return CURLE_SSL_CERTPROBLEM; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif } else { const struct curl_blob *ssl_key_blob = SSL_SET_OPTION(key_blob); @@ -452,9 +477,11 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, } /* Load the CRL */ +#ifdef MBEDTLS_X509_CRL_PARSE_C mbedtls_x509_crl_init(&backend->crl); if(ssl_crlfile) { +#ifdef MBEDTLS_FS_IO ret = mbedtls_x509_crl_parse_file(&backend->crl, ssl_crlfile); if(ret) { @@ -464,17 +491,21 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CRL_BADFILE; } +#else + failf(data, "mbedtls: functions that use the filesystem not built in"); + return CURLE_NOT_BUILT_IN; +#endif + } +#else + if(ssl_crlfile) { + failf(data, "mbedtls: crl support not built in"); + return CURLE_NOT_BUILT_IN; } +#endif infof(data, "mbedTLS: Connecting to %s:%ld", hostname, port); mbedtls_ssl_config_init(&backend->config); - - mbedtls_ssl_init(&backend->ssl); - if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) { - failf(data, "mbedTLS: ssl_init failed"); - return CURLE_SSL_CONNECT_ERROR; - } ret = mbedtls_ssl_config_defaults(&backend->config, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -484,6 +515,12 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } + mbedtls_ssl_init(&backend->ssl); + if(mbedtls_ssl_setup(&backend->ssl, &backend->config)) { + failf(data, "mbedTLS: ssl_init failed"); + return CURLE_SSL_CONNECT_ERROR; + } + /* new profile with RSA min key len = 1024 ... */ mbedtls_ssl_conf_cert_profile(&backend->config, &mbedtls_x509_crt_profile_fr); @@ -555,26 +592,33 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, mbedtls_ssl_conf_ca_chain(&backend->config, &backend->cacert, +#ifdef MBEDTLS_X509_CRL_PARSE_C &backend->crl); +#else + NULL); +#endif if(SSL_SET_OPTION(key) || SSL_SET_OPTION(key_blob)) { mbedtls_ssl_conf_own_cert(&backend->config, &backend->clicert, &backend->pk); } - if(mbedtls_ssl_set_hostname(&backend->ssl, hostname)) { - /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks *and* - the name to set in the SNI extension. So even if curl connects to a - host specified as an IP address, this function must be used. */ - failf(data, "couldn't set hostname in mbedTLS"); - return CURLE_SSL_CONNECT_ERROR; + { + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost || mbedtls_ssl_set_hostname(&backend->ssl, snihost)) { + /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and + the name to set in the SNI extension. So even if curl connects to a + host specified as an IP address, this function must be used. */ + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } } #ifdef HAS_ALPN if(conn->bits.tls_enable_alpn) { const char **p = &backend->protocols[0]; -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 if(data->state.httpwant >= CURL_HTTP_VERSION_2) - *p++ = NGHTTP2_PROTO_VERSION_ID; + *p++ = ALPN_H2; #endif *p++ = ALPN_HTTP_1_1; *p = NULL; @@ -586,7 +630,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } for(p = &backend->protocols[0]; *p; ++p) - infof(data, "ALPN, offering %s", *p); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, *p); } #endif @@ -627,6 +671,8 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, const mbedtls_x509_crt *peercert; const char * const pinnedpubkey = SSL_PINNED_PUB_KEY(); + DEBUGASSERT(backend); + conn->recv[sockindex] = mbed_recv; conn->send[sockindex] = mbed_send; @@ -769,11 +815,10 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&backend->ssl); if(next_protocol) { - infof(data, "ALPN, server accepted to use %s", next_protocol); -#ifdef USE_NGHTTP2 - if(!strncmp(next_protocol, NGHTTP2_PROTO_VERSION_ID, - NGHTTP2_PROTO_VERSION_ID_LEN) && - !next_protocol[NGHTTP2_PROTO_VERSION_ID_LEN]) { + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, next_protocol); +#ifdef USE_HTTP2 + if(!strncmp(next_protocol, ALPN_H2, ALPN_H2_LENGTH) && + !next_protocol[ALPN_H2_LENGTH]) { conn->negnpn = CURL_HTTP_VERSION_2; } else @@ -784,7 +829,7 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, } } else { - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); } Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); @@ -806,6 +851,7 @@ mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); if(SSL_SET_OPTION(primary.sessionid)) { int ret; @@ -862,6 +908,8 @@ static ssize_t mbed_send(struct Curl_easy *data, int sockindex, struct ssl_backend_data *backend = connssl->backend; int ret = -1; + DEBUGASSERT(backend); + ret = mbedtls_ssl_write(&backend->ssl, (unsigned char *)mem, len); if(ret < 0) { @@ -886,6 +934,8 @@ static void mbedtls_close(struct Curl_easy *data, char buf[32]; (void) data; + DEBUGASSERT(backend); + /* Maybe the server has already sent a close notify alert. Read it to avoid an RST on the TCP connection. */ (void)mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, sizeof(buf)); @@ -893,7 +943,9 @@ static void mbedtls_close(struct Curl_easy *data, mbedtls_pk_free(&backend->pk); mbedtls_x509_crt_free(&backend->clicert); mbedtls_x509_crt_free(&backend->cacert); +#ifdef MBEDTLS_X509_CRL_PARSE_C mbedtls_x509_crl_free(&backend->crl); +#endif mbedtls_ssl_config_free(&backend->config); mbedtls_ssl_free(&backend->ssl); mbedtls_ctr_drbg_free(&backend->ctr_drbg); @@ -912,6 +964,8 @@ static ssize_t mbed_recv(struct Curl_easy *data, int num, int ret = -1; ssize_t len = -1; + DEBUGASSERT(backend); + ret = mbedtls_ssl_read(&backend->ssl, (unsigned char *)buf, buffersize); @@ -963,7 +1017,7 @@ static CURLcode mbedtls_random(struct Curl_easy *data, if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "Failed - mbedTLS: ctr_drbg_seed returned (-0x%04X) %s", + failf(data, "mbedtls_ctr_drbg_seed returned (-0x%04X) %s", -ret, errorbuf); } else { @@ -971,7 +1025,7 @@ static CURLcode mbedtls_random(struct Curl_easy *data, if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); - failf(data, "mbedTLS: ctr_drbg_init returned (-0x%04X) %s", + failf(data, "mbedtls_ctr_drbg_random returned (-0x%04X) %s", -ret, errorbuf); } } @@ -1146,6 +1200,7 @@ static bool mbedtls_data_pending(const struct connectdata *conn, { const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return mbedtls_ssl_get_bytes_avail(&backend->ssl) != 0; } @@ -1175,6 +1230,7 @@ static void *mbedtls_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return &backend->ssl; } diff --git a/libs/libcurl/src/vtls/mesalink.c b/libs/libcurl/src/vtls/mesalink.c deleted file mode 100644 index 35a916586e..0000000000 --- a/libs/libcurl/src/vtls/mesalink.c +++ /dev/null @@ -1,679 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 2017 - 2018, Yiming Jing, <jingyiming@baidu.com> - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* - * Source file for all MesaLink-specific code for the TLS/SSL layer. No code - * but vtls.c should ever call or use these functions. - * - */ - -/* - * Based upon the CyaSSL implementation in cyassl.c and cyassl.h: - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. - * - * Thanks for code and inspiration! - */ - -#include "curl_setup.h" - -#ifdef USE_MESALINK - -#include <mesalink/options.h> -#include <mesalink/version.h> - -#include "urldata.h" -#include "sendf.h" -#include "inet_pton.h" -#include "vtls.h" -#include "parsedate.h" -#include "connect.h" /* for the connect timeout */ -#include "select.h" -#include "strcase.h" -#include "x509asn1.h" -#include "curl_printf.h" - -#include "mesalink.h" -#include <mesalink/openssl/ssl.h> -#include <mesalink/openssl/err.h> - -/* The last #include files should be: */ -#include "curl_memory.h" -#include "memdebug.h" - -#define MESALINK_MAX_ERROR_SZ 80 - -struct ssl_backend_data -{ - SSL_CTX *ctx; - SSL *handle; -}; - -static Curl_recv mesalink_recv; -static Curl_send mesalink_send; - -static int do_file_type(const char *type) -{ - if(!type || !type[0]) - return SSL_FILETYPE_PEM; - if(strcasecompare(type, "PEM")) - return SSL_FILETYPE_PEM; - if(strcasecompare(type, "DER")) - return SSL_FILETYPE_ASN1; - return -1; -} - -/* - * This function loads all the client/CA certificates and CRLs. Setup the TLS - * layer and do all necessary magic. - */ -static CURLcode -mesalink_connect_step1(struct Curl_easy *data, - struct connectdata *conn, int sockindex) -{ - char *ciphers; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct in_addr addr4; -#ifdef ENABLE_IPV6 - struct in6_addr addr6; -#endif - const char * const hostname = SSL_HOST_NAME(); - size_t hostname_len = strlen(hostname); - SSL_METHOD *req_method = NULL; - curl_socket_t sockfd = conn->sock[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - if(connssl->state == ssl_connection_complete) - return CURLE_OK; - - if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) { - failf(data, "MesaLink does not support to set maximum SSL/TLS version"); - return CURLE_SSL_CONNECT_ERROR; - } - - switch(SSL_CONN_CONFIG(version)) { - case CURL_SSLVERSION_SSLv3: - case CURL_SSLVERSION_TLSv1: - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - failf(data, "MesaLink does not support SSL 3.0, TLS 1.0, or TLS 1.1"); - return CURLE_NOT_BUILT_IN; - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1_2: - req_method = TLSv1_2_client_method(); - break; - case CURL_SSLVERSION_TLSv1_3: - req_method = TLSv1_3_client_method(); - break; - case CURL_SSLVERSION_SSLv2: - failf(data, "MesaLink does not support SSLv2"); - return CURLE_SSL_CONNECT_ERROR; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } - - if(!req_method) { - failf(data, "SSL: couldn't create a method!"); - return CURLE_OUT_OF_MEMORY; - } - - if(backend->ctx) - SSL_CTX_free(backend->ctx); - backend->ctx = SSL_CTX_new(req_method); - - if(!backend->ctx) { - failf(data, "SSL: couldn't create a context!"); - return CURLE_OUT_OF_MEMORY; - } - - SSL_CTX_set_verify( - backend->ctx, SSL_CONN_CONFIG(verifypeer) ? - SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); - - if(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath)) { - if(!SSL_CTX_load_verify_locations(backend->ctx, SSL_CONN_CONFIG(CAfile), - SSL_CONN_CONFIG(CApath))) { - if(SSL_CONN_CONFIG(verifypeer)) { - failf(data, - "error setting certificate verify locations: " - " CAfile: %s CApath: %s", - SSL_CONN_CONFIG(CAfile) ? - SSL_CONN_CONFIG(CAfile) : "none", - SSL_CONN_CONFIG(CApath) ? - SSL_CONN_CONFIG(CApath) : "none"); - return CURLE_SSL_CACERT_BADFILE; - } - infof(data, - "error setting certificate verify locations," - " continuing anyway:"); - } - else { - infof(data, "successfully set certificate verify locations:"); - } - infof(data, " CAfile: %s", - SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): "none"); - infof(data, " CApath: %s", - SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): "none"); - } - - if(SSL_SET_OPTION(primary.clientcert) && SSL_SET_OPTION(key)) { - int file_type = do_file_type(SSL_SET_OPTION(cert_type)); - - if(SSL_CTX_use_certificate_chain_file(backend->ctx, - SSL_SET_OPTION(primary.clientcert), - file_type) != 1) { - failf(data, "unable to use client certificate (no key or wrong pass" - " phrase?)"); - return CURLE_SSL_CONNECT_ERROR; - } - - file_type = do_file_type(SSL_SET_OPTION(key_type)); - if(SSL_CTX_use_PrivateKey_file(backend->ctx, SSL_SET_OPTION(key), - file_type) != 1) { - failf(data, "unable to set private key"); - return CURLE_SSL_CONNECT_ERROR; - } - infof(data, - "client cert: %s", - SSL_CONN_CONFIG(clientcert)? - SSL_CONN_CONFIG(clientcert): "none"); - } - - ciphers = SSL_CONN_CONFIG(cipher_list); - if(ciphers) { -#ifdef MESALINK_HAVE_CIPHER - if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) { - failf(data, "failed setting cipher list: %s", ciphers); - return CURLE_SSL_CIPHER; - } -#endif - infof(data, "Cipher selection: %s", ciphers); - } - - if(backend->handle) - SSL_free(backend->handle); - backend->handle = SSL_new(backend->ctx); - if(!backend->handle) { - failf(data, "SSL: couldn't create a context (handle)!"); - return CURLE_OUT_OF_MEMORY; - } - - if((hostname_len < USHRT_MAX) && - (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) -#ifdef ENABLE_IPV6 - && (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) -#endif - ) { - /* hostname is not a valid IP address */ - if(SSL_set_tlsext_host_name(backend->handle, hostname) != SSL_SUCCESS) { - failf(data, - "WARNING: failed to configure server name indication (SNI) " - "TLS extension\n"); - return CURLE_SSL_CONNECT_ERROR; - } - } - else { -#ifdef CURLDEBUG - /* Check if the hostname is 127.0.0.1 or [::1]; - * otherwise reject because MesaLink always wants a valid DNS Name - * specified in RFC 5280 Section 7.2 */ - if(strncmp(hostname, "127.0.0.1", 9) == 0 -#ifdef ENABLE_IPV6 - || strncmp(hostname, "[::1]", 5) == 0 -#endif - ) { - SSL_set_tlsext_host_name(backend->handle, "localhost"); - } - else -#endif - { - failf(data, - "ERROR: MesaLink does not accept an IP address as a hostname\n"); - return CURLE_SSL_CONNECT_ERROR; - } - } - -#ifdef MESALINK_HAVE_SESSION - if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(data, conn, - SSL_IS_PROXY() ? TRUE : FALSE, - &ssl_sessionid, NULL, sockindex)) { - /* we got a session id, use it! */ - if(!SSL_set_session(backend->handle, ssl_sessionid)) { - Curl_ssl_sessionid_unlock(data); - failf( - data, - "SSL: SSL_set_session failed: %s", - ERR_error_string(SSL_get_error(backend->handle, 0), error_buffer)); - return CURLE_SSL_CONNECT_ERROR; - } - /* Informational message */ - infof(data, "SSL re-using session ID"); - } - Curl_ssl_sessionid_unlock(data); - } -#endif /* MESALINK_HAVE_SESSION */ - - if(SSL_set_fd(backend->handle, (int)sockfd) != SSL_SUCCESS) { - failf(data, "SSL: SSL_set_fd failed"); - return CURLE_SSL_CONNECT_ERROR; - } - - connssl->connecting_state = ssl_connect_2; - return CURLE_OK; -} - -static CURLcode -mesalink_connect_step2(struct Curl_easy *data, - struct connectdata *conn, int sockindex) -{ - int ret = -1; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - conn->recv[sockindex] = mesalink_recv; - conn->send[sockindex] = mesalink_send; - - ret = SSL_connect(backend->handle); - if(ret != SSL_SUCCESS) { - int detail = SSL_get_error(backend->handle, ret); - - if(SSL_ERROR_WANT_CONNECT == detail || SSL_ERROR_WANT_READ == detail) { - connssl->connecting_state = ssl_connect_2_reading; - return CURLE_OK; - } - else { - char error_buffer[MESALINK_MAX_ERROR_SZ]; - failf(data, - "SSL_connect failed with error %d: %s", - detail, - ERR_error_string_n(detail, error_buffer, sizeof(error_buffer))); - ERR_print_errors_fp(stderr); - if(detail && SSL_CONN_CONFIG(verifypeer)) { - detail &= ~0xFF; - if(detail == TLS_ERROR_WEBPKI_ERRORS) { - failf(data, "Cert verify failed"); - return CURLE_PEER_FAILED_VERIFICATION; - } - } - return CURLE_SSL_CONNECT_ERROR; - } - } - - connssl->connecting_state = ssl_connect_3; - infof(data, - "SSL connection using %s / %s", - SSL_get_version(backend->handle), - SSL_get_cipher_name(backend->handle)); - - return CURLE_OK; -} - -static CURLcode -mesalink_connect_step3(struct connectdata *conn, int sockindex) -{ - CURLcode result = CURLE_OK; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - -#ifdef MESALINK_HAVE_SESSION - if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - SSL_SESSION *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; - bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE; - struct ssl_backend_data *backend = connssl->backend; - - our_ssl_sessionid = SSL_get_session(backend->handle); - - Curl_ssl_sessionid_lock(data); - incache = - !(Curl_ssl_getsessionid(data, conn, isproxy, &old_ssl_sessionid, NULL, - sockindex)); - if(incache) { - if(old_ssl_sessionid != our_ssl_sessionid) { - infof(data, "old SSL session ID is stale, removing"); - Curl_ssl_delsessionid(data, old_ssl_sessionid); - incache = FALSE; - } - } - - if(!incache) { - result = - Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid, 0, - sockindex, NULL); - if(result) { - Curl_ssl_sessionid_unlock(data); - failf(data, "failed to store ssl session"); - return result; - } - } - Curl_ssl_sessionid_unlock(data); - } -#endif /* MESALINK_HAVE_SESSION */ - - connssl->connecting_state = ssl_connect_done; - - return result; -} - -static ssize_t -mesalink_send(struct Curl_easy *data, int sockindex, const void *mem, - size_t len, CURLcode *curlcode) -{ - struct connectdata *conn = data->conn; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - char error_buffer[MESALINK_MAX_ERROR_SZ]; - int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; - int rc = SSL_write(backend->handle, mem, memlen); - - if(rc < 0) { - int err = SSL_get_error(backend->handle, rc); - switch(err) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_write() */ - *curlcode = CURLE_AGAIN; - return -1; - default: - failf(data, - "SSL write: %s, errno %d", - ERR_error_string_n(err, error_buffer, sizeof(error_buffer)), - SOCKERRNO); - *curlcode = CURLE_SEND_ERROR; - return -1; - } - } - return rc; -} - -static void -mesalink_close(struct Curl_easy *data, struct connectdata *conn, int sockindex) -{ - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - (void) data; - - if(backend->handle) { - (void)SSL_shutdown(backend->handle); - SSL_free(backend->handle); - backend->handle = NULL; - } - if(backend->ctx) { - SSL_CTX_free(backend->ctx); - backend->ctx = NULL; - } -} - -static ssize_t -mesalink_recv(struct Curl_easy *data, int num, char *buf, size_t buffersize, - CURLcode *curlcode) -{ - struct connectdata *conn = data->conn; - struct ssl_connect_data *connssl = &conn->ssl[num]; - struct ssl_backend_data *backend = connssl->backend; - char error_buffer[MESALINK_MAX_ERROR_SZ]; - int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - int nread = SSL_read(backend->handle, buf, buffsize); - - if(nread <= 0) { - int err = SSL_get_error(backend->handle, nread); - - switch(err) { - case SSL_ERROR_ZERO_RETURN: /* no more data */ - case IO_ERROR_CONNECTION_ABORTED: - break; - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_read() */ - *curlcode = CURLE_AGAIN; - return -1; - default: - failf(data, - "SSL read: %s, errno %d", - ERR_error_string_n(err, error_buffer, sizeof(error_buffer)), - SOCKERRNO); - *curlcode = CURLE_RECV_ERROR; - return -1; - } - } - return nread; -} - -static size_t -mesalink_version(char *buffer, size_t size) -{ - return msnprintf(buffer, size, "MesaLink/%s", MESALINK_VERSION_STRING); -} - -static int -mesalink_init(void) -{ - return (SSL_library_init() == SSL_SUCCESS); -} - -/* - * This function is called to shut down the SSL layer but keep the - * socket open (CCC - Clear Command Channel) - */ -static int -mesalink_shutdown(struct Curl_easy *data, - struct connectdata *conn, int sockindex) -{ - int retval = 0; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - struct ssl_backend_data *backend = connssl->backend; - - (void) data; - - if(backend->handle) { - SSL_free(backend->handle); - backend->handle = NULL; - } - return retval; -} - -static CURLcode -mesalink_connect_common(struct Curl_easy *data, struct connectdata *conn, - int sockindex, bool nonblocking, bool *done) -{ - CURLcode result; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - curl_socket_t sockfd = conn->sock[sockindex]; - timediff_t timeout_ms; - int what; - - /* check if the connection has already been established */ - if(ssl_connection_complete == connssl->state) { - *done = TRUE; - return CURLE_OK; - } - - if(ssl_connect_1 == connssl->connecting_state) { - /* Find out how much more time we're allowed */ - timeout_ms = Curl_timeleft(data, NULL, TRUE); - - if(timeout_ms < 0) { - /* no need to continue if time already is up */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - result = mesalink_connect_step1(data, conn, sockindex); - if(result) - return result; - } - - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { - - /* check allowed time left */ - timeout_ms = Curl_timeleft(data, NULL, TRUE); - - if(timeout_ms < 0) { - /* no need to continue if time already is up */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading || - connssl->connecting_state == ssl_connect_2_writing) { - - curl_socket_t writefd = - ssl_connect_2_writing == connssl->connecting_state ? sockfd - : CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == connssl->connecting_state - ? sockfd - : CURL_SOCKET_BAD; - - what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, - nonblocking ? 0 : timeout_ms); - if(what < 0) { - /* fatal error */ - failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); - return CURLE_SSL_CONNECT_ERROR; - } - else if(0 == what) { - if(nonblocking) { - *done = FALSE; - return CURLE_OK; - } - else { - /* timeout */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - } - /* socket is readable or writable */ - } - - /* Run transaction, and return to the caller if it failed or if - * this connection is part of a multi handle and this loop would - * execute again. This permits the owner of a multi handle to - * abort a connection attempt before step2 has completed while - * ensuring that a client using select() or epoll() will always - * have a valid fdset to wait on. - */ - result = mesalink_connect_step2(data, conn, sockindex); - - if(result || - (nonblocking && (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) { - return result; - } - } /* repeat step2 until all transactions are done. */ - - if(ssl_connect_3 == connssl->connecting_state) { - result = mesalink_connect_step3(conn, sockindex); - if(result) - return result; - } - - if(ssl_connect_done == connssl->connecting_state) { - connssl->state = ssl_connection_complete; - conn->recv[sockindex] = mesalink_recv; - conn->send[sockindex] = mesalink_send; - *done = TRUE; - } - else - *done = FALSE; - - /* Reset our connect state machine */ - connssl->connecting_state = ssl_connect_1; - - return CURLE_OK; -} - -static CURLcode -mesalink_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, - int sockindex, bool *done) -{ - return mesalink_connect_common(data, conn, sockindex, TRUE, done); -} - -static CURLcode -mesalink_connect(struct Curl_easy *data, struct connectdata *conn, - int sockindex) -{ - CURLcode result; - bool done = FALSE; - - result = mesalink_connect_common(data, conn, sockindex, FALSE, &done); - if(result) - return result; - - DEBUGASSERT(done); - - return CURLE_OK; -} - -static void * -mesalink_get_internals(struct ssl_connect_data *connssl, - CURLINFO info UNUSED_PARAM) -{ - struct ssl_backend_data *backend = connssl->backend; - (void)info; - return backend->handle; -} - -const struct Curl_ssl Curl_ssl_mesalink = { - { CURLSSLBACKEND_MESALINK, "MesaLink" }, /* info */ - - SSLSUPP_SSL_CTX, - - sizeof(struct ssl_backend_data), - - mesalink_init, /* init */ - Curl_none_cleanup, /* cleanup */ - mesalink_version, /* version */ - Curl_none_check_cxn, /* check_cxn */ - mesalink_shutdown, /* shutdown */ - Curl_none_data_pending, /* data_pending */ - Curl_none_random, /* random */ - Curl_none_cert_status_request, /* cert_status_request */ - mesalink_connect, /* connect */ - mesalink_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_getsock, /* getsock */ - mesalink_get_internals, /* get_internals */ - mesalink_close, /* close_one */ - Curl_none_close_all, /* close_all */ - Curl_none_session_free, /* session_free */ - Curl_none_set_engine, /* set_engine */ - Curl_none_set_engine_default, /* set_engine_default */ - Curl_none_engines_list, /* engines_list */ - Curl_none_false_start, /* false_start */ - NULL, /* sha256sum */ - NULL, /* associate_connection */ - NULL /* disassociate_connection */ -}; - -#endif diff --git a/libs/libcurl/src/vtls/nss.c b/libs/libcurl/src/vtls/nss.c index 2b44f05126..cb0509ff5b 100644 --- a/libs/libcurl/src/vtls/nss.c +++ b/libs/libcurl/src/vtls/nss.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -434,7 +434,7 @@ static char *dup_nickname(struct Curl_easy *data, const char *str) /* search the first slash; we require at least one slash in a file name */ n = strchr(str, '/'); if(!n) { - infof(data, "warning: certificate file name \"%s\" handled as nickname; " + infof(data, "WARNING: certificate file name \"%s\" handled as nickname; " "please use \"./%s\" to force file name", str, str); return strdup(str); } @@ -488,6 +488,9 @@ static CURLcode nss_create_object(struct ssl_connect_data *connssl, const int slot_id = (cacert) ? 0 : 1; char *slot_name = aprintf("PEM Token #%d", slot_id); struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + if(!slot_name) return CURLE_OUT_OF_MEMORY; @@ -859,11 +862,11 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) #endif case SSL_NEXT_PROTO_NO_SUPPORT: case SSL_NEXT_PROTO_NO_OVERLAP: - infof(data, "ALPN/NPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); return; #ifdef SSL_ENABLE_ALPN case SSL_NEXT_PROTO_SELECTED: - infof(data, "ALPN, server accepted to use %.*s", buflen, buf); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, buflen, buf); break; #endif case SSL_NEXT_PROTO_NEGOTIATED: @@ -871,7 +874,7 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) break; } -#ifdef USE_NGHTTP2 +#ifdef USE_HTTP2 if(buflen == ALPN_H2_LENGTH && !memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) { conn->negnpn = CURL_HTTP_VERSION_2; @@ -882,8 +885,14 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) { conn->negnpn = CURL_HTTP_VERSION_1_1; } - Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? - BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); + + /* This callback might get called when PR_Recv() is used within + * close_one() during a connection shutdown. At that point there might not + * be any "bundle" associated with the connection anymore. + */ + if(conn->bundle) + Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? + BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } } @@ -974,6 +983,9 @@ static void display_cert_info(struct Curl_easy *data, PR_Free(common_name); } +/* A number of certs that will never occur in a real server handshake */ +#define TOO_MANY_CERTS 300 + static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock) { CURLcode result = CURLE_OK; @@ -1009,6 +1021,11 @@ static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock) cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); while(cert2) { i++; + if(i >= TOO_MANY_CERTS) { + CERT_DestroyCertificate(cert2); + failf(data, "certificate loop"); + return CURLE_SSL_CERTPROBLEM; + } if(cert2->isRoot) { CERT_DestroyCertificate(cert2); break; @@ -1105,9 +1122,12 @@ static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl, { CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; struct ssl_backend_data *backend = connssl->backend; - struct Curl_easy *data = backend->data; + struct Curl_easy *data = NULL; CERTCertificate *cert; + DEBUGASSERT(backend); + data = backend->data; + if(!pinnedpubkey) /* no pinned public key specified */ return CURLE_OK; @@ -1134,7 +1154,7 @@ static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl, /* report the resulting status */ switch(result) { case CURLE_OK: - infof(data, "pinned public key verified successfully!"); + infof(data, "pinned public key verified successfully"); break; case CURLE_SSL_PINNEDPUBKEYNOTMATCH: failf(data, "failed to verify pinned public key"); @@ -1158,10 +1178,15 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, { struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg; struct ssl_backend_data *backend = connssl->backend; - struct Curl_easy *data = backend->data; - const char *nickname = backend->client_nickname; + struct Curl_easy *data = NULL; + const char *nickname = NULL; static const char pem_slotname[] = "PEM Token #1"; + DEBUGASSERT(backend); + + data = backend->data; + nickname = backend->client_nickname; + if(backend->obj_clicert) { /* use the cert/key provided by PEM reader */ SECItem cert_der = { 0, NULL, 0 }; @@ -1529,6 +1554,8 @@ static int nss_check_cxn(struct connectdata *conn) int rc; char buf; + DEBUGASSERT(backend); + rc = PR_Recv(backend->handle, (void *)&buf, 1, PR_MSG_PEEK, PR_SecondsToInterval(1)); @@ -1545,7 +1572,11 @@ static void close_one(struct ssl_connect_data *connssl) { /* before the cleanup, check whether we are using a client certificate */ struct ssl_backend_data *backend = connssl->backend; - const bool client_cert = (backend->client_nickname != NULL) + bool client_cert = true; + + DEBUGASSERT(backend); + + client_cert = (backend->client_nickname != NULL) || (backend->obj_clicert != NULL); if(backend->handle) { @@ -1587,8 +1618,13 @@ static void nss_close(struct Curl_easy *data, struct connectdata *conn, struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex]; #endif struct ssl_backend_data *backend = connssl->backend; - (void)data; + + DEBUGASSERT(backend); +#ifndef CURL_DISABLE_PROXY + DEBUGASSERT(connssl_proxy->backend != NULL); +#endif + if(backend->handle #ifndef CURL_DISABLE_PROXY || connssl_proxy->backend->handle @@ -1720,7 +1756,7 @@ static CURLcode nss_load_ca_certificates(struct Curl_easy *data, PR_CloseDir(dir); } else - infof(data, "warning: CURLOPT_CAPATH not a directory (%s)", capath); + infof(data, "WARNING: CURLOPT_CAPATH not a directory (%s)", capath); } return CURLE_OK; @@ -1816,6 +1852,8 @@ static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(is_nss_error(curlerr)) { /* read NSPR error code */ PRErrorCode err = PR_GetError(); @@ -1842,6 +1880,9 @@ static CURLcode nss_set_blocking(struct ssl_connect_data *connssl, { PRSocketOptionData sock_opt; struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + sock_opt.option = PR_SockOpt_Nonblocking; sock_opt.value.non_blocking = !blocking; @@ -1865,7 +1906,6 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, CURLcode result; bool second_layer = FALSE; SSLVersionRange sslver_supported; - SSLVersionRange sslver = { SSL_LIBRARY_VERSION_TLS_1_0, /* min */ #ifdef SSL_LIBRARY_VERSION_TLS_1_3 @@ -1878,6 +1918,13 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, SSL_LIBRARY_VERSION_TLS_1_0 #endif }; + char *snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + + DEBUGASSERT(backend); backend->data = data; @@ -1946,11 +1993,11 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, /* unless the user explicitly asks to allow the protocol vulnerability, we use the work-around */ if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess) - infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d", + infof(data, "WARNING: failed to set SSL_CBC_RANDOM_IV = %d", ssl_cbc_random_iv); #else if(ssl_cbc_random_iv) - infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in"); + infof(data, "WARNING: support for SSL_CBC_RANDOM_IV not compiled in"); #endif if(SSL_CONN_CONFIG(cipher_list)) { @@ -1961,7 +2008,7 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, } if(!SSL_CONN_CONFIG(verifypeer) && SSL_CONN_CONFIG(verifyhost)) - infof(data, "warning: ignoring value of ssl.verifyhost"); + infof(data, "WARNING: ignoring value of ssl.verifyhost"); /* bypass the default SSL_AuthCertificate() hook in case we do not want to * verify peer */ @@ -1981,20 +2028,20 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, const CURLcode rv = nss_load_ca_certificates(data, conn, sockindex); if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer)) /* not a fatal error because we are not going to verify the peer */ - infof(data, "warning: CA certificates failed to load"); + infof(data, "WARNING: CA certificates failed to load"); else if(rv) { result = rv; goto error; } } - if(SSL_SET_OPTION(CRLfile)) { - const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile)); + if(SSL_SET_OPTION(primary.CRLfile)) { + const CURLcode rv = nss_load_crl(SSL_SET_OPTION(primary.CRLfile)); if(rv) { result = rv; goto error; } - infof(data, " CRLfile: %s", SSL_SET_OPTION(CRLfile)); + infof(data, " CRLfile: %s", SSL_SET_OPTION(primary.CRLfile)); } if(SSL_SET_OPTION(primary.clientcert)) { @@ -2028,9 +2075,12 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, #ifndef CURL_DISABLE_PROXY if(conn->proxy_ssl[sockindex].use) { + struct ssl_backend_data *proxy_backend; + proxy_backend = conn->proxy_ssl[sockindex].backend; DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); - DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL); - nspr_io = conn->proxy_ssl[sockindex].backend->handle; + DEBUGASSERT(proxy_backend); + DEBUGASSERT(proxy_backend->handle); + nspr_io = proxy_backend->handle; second_layer = TRUE; } #endif @@ -2140,11 +2190,11 @@ static CURLcode nss_setup_connect(struct Curl_easy *data, goto error; /* propagate hostname to the TLS layer */ - if(SSL_SetURL(backend->handle, SSL_HOST_NAME()) != SECSuccess) + if(SSL_SetURL(backend->handle, snihost) != SECSuccess) goto error; /* prevent NSS from re-using the session for a different hostname */ - if(SSL_SetSockPeerID(backend->handle, SSL_HOST_NAME()) != SECSuccess) + if(SSL_SetSockPeerID(backend->handle, snihost) != SECSuccess) goto error; return CURLE_OK; @@ -2172,6 +2222,8 @@ static CURLcode nss_do_connect(struct Curl_easy *data, goto error; } + DEBUGASSERT(backend); + /* Force the handshake now */ timeout = PR_MillisecondsToInterval((PRUint32) time_left); if(SSL_ForceHandshakeWithTimeout(backend->handle, timeout) != SECSuccess) { @@ -2305,6 +2357,8 @@ static ssize_t nss_send(struct Curl_easy *data, /* transfer */ struct ssl_backend_data *backend = connssl->backend; ssize_t rc; + DEBUGASSERT(backend); + /* The SelectClientCert() hook uses this for infof() and failf() but the handle stored in nss_setup_connect() could have already been freed. */ backend->data = data; @@ -2344,6 +2398,8 @@ static ssize_t nss_recv(struct Curl_easy *data, /* transfer */ struct ssl_backend_data *backend = connssl->backend; ssize_t nread; + DEBUGASSERT(backend); + /* The SelectClientCert() hook uses this for infof() and failf() but the handle stored in nss_setup_connect() could have already been freed. */ backend->data = data; @@ -2442,6 +2498,7 @@ static void *nss_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->handle; } diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c index f836c63b07..635e9c15e7 100644 --- a/libs/libcurl/src/vtls/openssl.c +++ b/libs/libcurl/src/vtls/openssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -91,7 +91,6 @@ #endif #include "warnless.h" -#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */ /* The last #include files should be: */ #include "curl_memory.h" @@ -209,9 +208,17 @@ !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH -/* SET_EC_CURVES is available under the same preconditions: see - * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html +#endif + +/* + * Whether SSL_CTX_set1_curves_list is available. + * OpenSSL: supported since 1.0.2, see + * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + * BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30) + * LibreSSL: since 2.5.3 (April 12, 2017) */ +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) || \ + defined(OPENSSL_IS_BORINGSSL) #define HAVE_SSL_CTX_SET_EC_CURVES #endif @@ -266,7 +273,7 @@ struct ssl_backend_data { #endif }; -static void ossl_associate_connection(struct Curl_easy *data, +static bool ossl_associate_connection(struct Curl_easy *data, struct connectdata *conn, int sockindex); @@ -549,7 +556,7 @@ static CURLcode ossl_seed(struct Curl_easy *data) } } - infof(data, "libcurl is now using a weak random seed!"); + infof(data, "libcurl is now using a weak random seed"); return (rand_enough() ? CURLE_OK : CURLE_SSL_CONNECT_ERROR /* confusing error code */); #endif @@ -1159,6 +1166,22 @@ int cert_stuff(struct Curl_easy *data, return 1; } +CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, SSL_CTX *ctx, + char *cert_file, + const struct curl_blob *cert_blob, + const char *cert_type, char *key_file, + const struct curl_blob *key_blob, + const char *key_type, char *key_passwd) +{ + int rv = cert_stuff(data, ctx, cert_file, cert_blob, cert_type, key_file, + key_blob, key_type, key_passwd); + if(rv != 1) { + return CURLE_SSL_CERTPROBLEM; + } + + return CURLE_OK; +} + /* returns non-zero on failure */ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size) { @@ -1432,6 +1455,9 @@ static void ossl_closeone(struct Curl_easy *data, struct ssl_connect_data *connssl) { struct ssl_backend_data *backend = connssl->backend; + + DEBUGASSERT(backend); + if(backend->handle) { char buf[32]; set_logger(conn, data); @@ -1489,6 +1515,8 @@ static int ossl_shutdown(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; int loop = 10; + DEBUGASSERT(backend); + #ifndef CURL_DISABLE_FTP /* This has only been tested on the proftpd server, and the mod_tls code sends a close notify alert without waiting for a close notify alert in @@ -1610,54 +1638,26 @@ static void ossl_close_all(struct Curl_easy *data) /* ====================================================== */ /* - * Match subjectAltName against the host name. This requires a conversion - * in CURL_DOES_CONVERSIONS builds. + * Match subjectAltName against the host name. */ static bool subj_alt_hostcheck(struct Curl_easy *data, - const char *match_pattern, const char *hostname, + const char *match_pattern, + size_t matchlen, + const char *hostname, + size_t hostlen, const char *dispname) -#ifdef CURL_DOES_CONVERSIONS -{ - bool res = FALSE; - - /* Curl_cert_hostcheck uses host encoding, but we get ASCII from - OpenSSl. - */ - char *match_pattern2 = strdup(match_pattern); - - if(match_pattern2) { - if(Curl_convert_from_network(data, match_pattern2, - strlen(match_pattern2)) == CURLE_OK) { - if(Curl_cert_hostcheck(match_pattern2, hostname)) { - res = TRUE; - infof(data, - " subjectAltName: host \"%s\" matched cert's \"%s\"", - dispname, match_pattern2); - } - } - free(match_pattern2); - } - else { - failf(data, - "SSL: out of memory when allocating temporary for subjectAltName"); - } - return res; -} -#else { #ifdef CURL_DISABLE_VERBOSE_STRINGS (void)dispname; (void)data; #endif - if(Curl_cert_hostcheck(match_pattern, hostname)) { + if(Curl_cert_hostcheck(match_pattern, matchlen, hostname, hostlen)) { infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"", dispname, match_pattern); return TRUE; } return FALSE; } -#endif - /* Quote from RFC2818 section 3.1 "Server Identity" @@ -1698,6 +1698,7 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */ const char * const hostname = SSL_HOST_NAME(); const char * const dispname = SSL_HOST_DISPNAME(); + size_t hostlen = strlen(hostname); #ifdef ENABLE_IPV6 if(conn->bits.ipv6_ip && @@ -1760,7 +1761,9 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, if((altlen == strlen(altptr)) && /* if this isn't true, there was an embedded zero in the name string and we cannot match it. */ - subj_alt_hostcheck(data, altptr, hostname, dispname)) { + subj_alt_hostcheck(data, + altptr, + altlen, hostname, hostlen, dispname)) { dnsmatched = TRUE; } break; @@ -1796,17 +1799,17 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, else { /* we have to look to the last occurrence of a commonName in the distinguished one to get the most significant one. */ - int j, i = -1; + int i = -1; + unsigned char *peer_CN = NULL; + int peerlen = 0; /* The following is done because of a bug in 0.9.6b */ - - unsigned char *nulstr = (unsigned char *)""; - unsigned char *peer_CN = nulstr; - X509_NAME *name = X509_get_subject_name(server_cert); - if(name) + if(name) { + int j; while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0) i = j; + } /* we have the name entry and we will now convert this to a string that we can use for comparison. Doing this we support BMPstring, @@ -1822,19 +1825,21 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, conditional in the future when OpenSSL has been fixed. */ if(tmp) { if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { - j = ASN1_STRING_length(tmp); - if(j >= 0) { - peer_CN = OPENSSL_malloc(j + 1); + peerlen = ASN1_STRING_length(tmp); + if(peerlen >= 0) { + peer_CN = OPENSSL_malloc(peerlen + 1); if(peer_CN) { - memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j); - peer_CN[j] = '\0'; + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); + peer_CN[peerlen] = '\0'; } + else + result = CURLE_OUT_OF_MEMORY; } } else /* not a UTF8 name */ - j = ASN1_STRING_to_UTF8(&peer_CN, tmp); + peerlen = ASN1_STRING_to_UTF8(&peer_CN, tmp); - if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) { + if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != peerlen)) { /* there was a terminating zero before the end of string, this cannot match and we return failure! */ failf(data, "SSL: illegal cert name field"); @@ -1843,19 +1848,6 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, } } - if(peer_CN == nulstr) - peer_CN = NULL; - else { - /* convert peer_CN from UTF8 */ - CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN, - strlen((char *)peer_CN)); - /* Curl_convert_from_utf8 calls failf if unsuccessful */ - if(rc) { - OPENSSL_free(peer_CN); - return rc; - } - } - if(result) /* error already detected, pass through */ ; @@ -1864,7 +1856,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, "SSL: unable to obtain common name from peer certificate"); result = CURLE_PEER_FAILED_VERIFICATION; } - else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) { + else if(!Curl_cert_hostcheck((const char *)peer_CN, + peerlen, hostname, hostlen)) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, dispname); result = CURLE_PEER_FAILED_VERIFICATION; @@ -1898,8 +1891,11 @@ static CURLcode verifystatus(struct Curl_easy *data, int cert_status, crl_reason; ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; int ret; + long len; - long len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status); + DEBUGASSERT(backend); + + len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status); if(!status) { failf(data, "No OCSP response received"); @@ -1930,6 +1926,11 @@ static CURLcode verifystatus(struct Curl_easy *data, } ch = SSL_get_peer_cert_chain(backend->handle); + if(!ch) { + failf(data, "Could not get peer certificate chain"); + result = CURLE_SSL_INVALIDCERTSTATUS; + goto end; + } st = SSL_CTX_get_cert_store(backend->ctx); #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \ @@ -2158,7 +2159,10 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, struct connectdata *conn = userp; struct ssl_connect_data *connssl = &conn->ssl[0]; struct ssl_backend_data *backend = connssl->backend; - struct Curl_easy *data = backend->logger; + struct Curl_easy *data = NULL; + + DEBUGASSERT(backend); + data = backend->logger; if(!conn || !data || !data->set.fdebug || (direction != 0 && direction != 1)) @@ -2363,10 +2367,12 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) case CURL_SSLVERSION_TLSv1_2: ossl_ssl_version_min = TLS1_2_VERSION; break; -#ifdef TLS1_3_VERSION case CURL_SSLVERSION_TLSv1_3: +#ifdef TLS1_3_VERSION ossl_ssl_version_min = TLS1_3_VERSION; break; +#else + return CURLE_NOT_BUILT_IN; #endif } @@ -2422,6 +2428,8 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) #ifdef OPENSSL_IS_BORINGSSL typedef uint32_t ctx_option_t; +#elif OPENSSL_VERSION_NUMBER >= 0x30000000L +typedef uint64_t ctx_option_t; #else typedef long ctx_option_t; #endif @@ -2442,6 +2450,8 @@ set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, #ifdef TLS1_3_VERSION { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); SSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION); *ctx_options |= SSL_OP_NO_TLSv1_2; } @@ -2521,13 +2531,12 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) return 0; conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx); - if(!conn) - return 0; - data = (struct Curl_easy *) SSL_get_ex_data(ssl, data_idx); - /* The sockindex has been stored as a pointer to an array element */ sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx); + if(!conn || !data || !sockindex_ptr) + return 0; + sockindex = (int)(sockindex_ptr - conn->sock); isproxy = SSL_get_ex_data(ssl, proxy_idx) ? TRUE : FALSE; @@ -2653,7 +2662,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #endif const long int ssl_version = SSL_CONN_CONFIG(version); #ifdef USE_OPENSSL_SRP - const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype); + const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(primary.authtype); #endif char * const ssl_cert = SSL_SET_OPTION(primary.clientcert); const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); @@ -2664,12 +2673,13 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile)); const char * const ssl_capath = SSL_CONN_CONFIG(CApath); const bool verifypeer = SSL_CONN_CONFIG(verifypeer); - const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile); + const char * const ssl_crlfile = SSL_SET_OPTION(primary.CRLfile); char error_buffer[256]; struct ssl_backend_data *backend = connssl->backend; bool imported_native_ca = false; DEBUGASSERT(ssl_connect_1 == connssl->connecting_state); + DEBUGASSERT(backend); /* Make funny stuff to get random input */ result = ossl_seed(data); @@ -2736,8 +2746,8 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, implementations is desired." The "-no_ticket" option was introduced in OpenSSL 0.9.8j. It's a flag to - disable "rfc4507bis session ticket support". rfc4507bis was later turned - into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077 + disable "rfc4507bis session ticket support". rfc4507bis was later turned + into the proper RFC5077: https://datatracker.ietf.org/doc/html/rfc5077 The enabled extension concerns the session management. I wonder how often libcurl stops a connection and then resumes a TLS session. Also, sending @@ -2840,14 +2850,14 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH); cur += ALPN_H2_LENGTH; - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif protocols[cur++] = ALPN_HTTP_1_1_LENGTH; memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); cur += ALPN_HTTP_1_1_LENGTH; - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); /* expects length prefixed preference ordered list of protocols in wire * format @@ -2913,16 +2923,17 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #endif #ifdef USE_OPENSSL_SRP - if(ssl_authtype == CURL_TLSAUTH_SRP) { - char * const ssl_username = SSL_SET_OPTION(username); - + if((ssl_authtype == CURL_TLSAUTH_SRP) && + Curl_allow_auth_to_host(data)) { + char * const ssl_username = SSL_SET_OPTION(primary.username); + char * const ssl_password = SSL_SET_OPTION(primary.password); infof(data, "Using TLS-SRP username: %s", ssl_username); if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) { failf(data, "Unable to set SRP user name"); return CURLE_BAD_FUNCTION_ARGUMENT; } - if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) { + if(!SSL_CTX_set_srp_password(backend->ctx, ssl_password)) { failf(data, "failed setting SRP password"); return CURLE_BAD_FUNCTION_ARGUMENT; } @@ -2942,7 +2953,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, /* Import certificates from the Windows root certificate store if requested. https://stackoverflow.com/questions/9507184/ https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037 - https://tools.ietf.org/html/rfc5280 */ + https://datatracker.ietf.org/doc/html/rfc5280 */ if((SSL_CONN_CONFIG(verifypeer) || SSL_CONN_CONFIG(verifyhost)) && (SSL_SET_OPTION(native_ca_store))) { X509_STORE *store = SSL_CTX_get_cert_store(backend->ctx); @@ -3220,7 +3231,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, SSL_free(backend->handle); backend->handle = SSL_new(backend->ctx); if(!backend->handle) { - failf(data, "SSL: couldn't create a context (handle)!"); + failf(data, "SSL: couldn't create a context (handle)"); return CURLE_OUT_OF_MEMORY; } @@ -3243,44 +3254,48 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && #endif sni) { - size_t nlen = strlen(hostname); - if((long)nlen >= data->set.buffer_size) - /* this is seriously messed up */ + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost || !SSL_set_tlsext_host_name(backend->handle, snihost)) { + failf(data, "Failed set SNI"); return CURLE_SSL_CONNECT_ERROR; - - /* RFC 6066 section 3 says the SNI field is case insensitive, but browsers - send the data lowercase and subsequently there are now numerous servers - out there that don't work unless the name is lowercased */ - Curl_strntolower(data->state.buffer, hostname, nlen); - data->state.buffer[nlen] = 0; - if(!SSL_set_tlsext_host_name(backend->handle, data->state.buffer)) - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension"); + } } #endif - ossl_associate_connection(data, conn, sockindex); + if(!ossl_associate_connection(data, conn, sockindex)) { + /* Maybe the internal errors of SSL_get_ex_new_index or SSL_set_ex_data */ + failf(data, "SSL: ossl_associate_connection failed: %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer))); + return CURLE_SSL_CONNECT_ERROR; + } - Curl_ssl_sessionid_lock(data); - if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, - &ssl_sessionid, NULL, sockindex)) { - /* we got a session id, use it! */ - if(!SSL_set_session(backend->handle, ssl_sessionid)) { - Curl_ssl_sessionid_unlock(data); - failf(data, "SSL: SSL_set_session failed: %s", - ossl_strerror(ERR_get_error(), error_buffer, - sizeof(error_buffer))); - return CURLE_SSL_CONNECT_ERROR; + if(SSL_SET_OPTION(primary.sessionid)) { + Curl_ssl_sessionid_lock(data); + if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, + &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ + if(!SSL_set_session(backend->handle, ssl_sessionid)) { + Curl_ssl_sessionid_unlock(data); + failf(data, "SSL: SSL_set_session failed: %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer))); + return CURLE_SSL_CONNECT_ERROR; + } + /* Informational message */ + infof(data, "SSL re-using session ID"); } - /* Informational message */ - infof(data, "SSL re-using session ID"); + Curl_ssl_sessionid_unlock(data); } - Curl_ssl_sessionid_unlock(data); #ifndef CURL_DISABLE_PROXY if(conn->proxy_ssl[sockindex].use) { BIO *const bio = BIO_new(BIO_f_ssl()); - SSL *handle = conn->proxy_ssl[sockindex].backend->handle; + struct ssl_backend_data *proxy_backend; + SSL* handle = NULL; + proxy_backend = conn->proxy_ssl[sockindex].backend; + DEBUGASSERT(proxy_backend); + handle = proxy_backend->handle; DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); DEBUGASSERT(handle != NULL); DEBUGASSERT(bio != NULL); @@ -3310,6 +3325,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, DEBUGASSERT(ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state); + DEBUGASSERT(backend); ERR_clear_error(); @@ -3441,7 +3457,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, unsigned int len; SSL_get0_alpn_selected(backend->handle, &neg_protocol, &len); if(len) { - infof(data, "ALPN, server accepted to use %.*s", len, neg_protocol); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, len, neg_protocol); #ifdef USE_HTTP2 if(len == ALPN_H2_LENGTH && @@ -3456,7 +3472,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, } } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); @@ -3571,6 +3587,8 @@ static CURLcode get_cert_chain(struct Curl_easy *data, BIO *mem; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + sk = SSL_get_peer_cert_chain(backend->handle); if(!sk) { return CURLE_OUT_OF_MEMORY; @@ -3883,6 +3901,8 @@ static CURLcode servercert(struct Curl_easy *data, BIO *mem = BIO_new(BIO_s_mem()); struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(!mem) { failf(data, "BIO_new return NULL, " OSSL_PACKAGE @@ -3902,7 +3922,7 @@ static CURLcode servercert(struct Curl_easy *data, if(!strict) return CURLE_OK; - failf(data, "SSL: couldn't get peer certificate!"); + failf(data, "SSL: couldn't get peer certificate"); return CURLE_PEER_FAILED_VERIFICATION; } @@ -3942,7 +3962,7 @@ static CURLcode servercert(struct Curl_easy *data, buffer, sizeof(buffer)); if(rc) { if(strict) - failf(data, "SSL: couldn't get X509-issuer name!"); + failf(data, "SSL: couldn't get X509-issuer name"); result = CURLE_PEER_FAILED_VERIFICATION; } else { @@ -3953,9 +3973,20 @@ static CURLcode servercert(struct Curl_easy *data, /* e.g. match issuer name with provided issuer certificate */ if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) { - if(SSL_CONN_CONFIG(issuercert_blob)) + if(SSL_CONN_CONFIG(issuercert_blob)) { fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data, (int)SSL_CONN_CONFIG(issuercert_blob)->len); + if(!fp) { + failf(data, + "BIO_new_mem_buf NULL, " OSSL_PACKAGE + " error %s", + ossl_strerror(ERR_get_error(), error_buffer, + sizeof(error_buffer)) ); + X509_free(backend->server_cert); + backend->server_cert = NULL; + return CURLE_OUT_OF_MEMORY; + } + } else { fp = BIO_new(BIO_s_file()); if(!fp) { @@ -4049,7 +4080,7 @@ static CURLcode servercert(struct Curl_easy *data, if(!result && ptr) { result = pkp_pin_peer_pubkey(data, backend->server_cert, ptr); if(result) - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); } X509_free(backend->server_cert); @@ -4222,11 +4253,13 @@ static bool ossl_data_pending(const struct connectdata *conn, int connindex) { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; + DEBUGASSERT(connssl->backend); if(connssl->backend->handle && SSL_pending(connssl->backend->handle)) return TRUE; #ifndef CURL_DISABLE_PROXY { const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex]; + DEBUGASSERT(proxyssl->backend); if(proxyssl->backend->handle && SSL_pending(proxyssl->backend->handle)) return TRUE; } @@ -4253,6 +4286,8 @@ static ssize_t ossl_send(struct Curl_easy *data, struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + ERR_clear_error(); memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; @@ -4332,6 +4367,8 @@ static ssize_t ossl_recv(struct Curl_easy *data, /* transfer */ struct ssl_connect_data *connssl = &conn->ssl[num]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + ERR_clear_error(); buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; @@ -4531,20 +4568,22 @@ static void *ossl_get_internals(struct ssl_connect_data *connssl, { /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */ struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return info == CURLINFO_TLS_SESSION ? (void *)backend->ctx : (void *)backend->handle; } -static void ossl_associate_connection(struct Curl_easy *data, +static bool ossl_associate_connection(struct Curl_easy *data, struct connectdata *conn, int sockindex) { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); /* If we don't have SSL context, do nothing. */ if(!backend->handle) - return; + return FALSE; if(SSL_SET_OPTION(primary.sessionid)) { int data_idx = ossl_get_ssl_data_index(); @@ -4554,19 +4593,26 @@ static void ossl_associate_connection(struct Curl_easy *data, if(data_idx >= 0 && connectdata_idx >= 0 && sockindex_idx >= 0 && proxy_idx >= 0) { + int data_status, conn_status, sockindex_status, proxy_status; + /* Store the data needed for the "new session" callback. * The sockindex is stored as a pointer to an array element. */ - SSL_set_ex_data(backend->handle, data_idx, data); - SSL_set_ex_data(backend->handle, connectdata_idx, conn); - SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex); + data_status = SSL_set_ex_data(backend->handle, data_idx, data); + conn_status = SSL_set_ex_data(backend->handle, connectdata_idx, conn); + sockindex_status = SSL_set_ex_data(backend->handle, sockindex_idx, + conn->sock + sockindex); #ifndef CURL_DISABLE_PROXY - SSL_set_ex_data(backend->handle, proxy_idx, SSL_IS_PROXY() ? (void *) 1: - NULL); + proxy_status = SSL_set_ex_data(backend->handle, proxy_idx, + SSL_IS_PROXY() ? (void *) 1 : NULL); #else - SSL_set_ex_data(backend->handle, proxy_idx, NULL); + proxy_status = SSL_set_ex_data(backend->handle, proxy_idx, NULL); #endif + if(data_status && conn_status && sockindex_status && proxy_status) + return TRUE; } + return FALSE; } + return TRUE; } /* @@ -4583,6 +4629,7 @@ static void ossl_disassociate_connection(struct Curl_easy *data, struct connectdata *conn = data->conn; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); /* If we don't have SSL context, do nothing. */ if(!backend->handle) diff --git a/libs/libcurl/src/vtls/openssl.h b/libs/libcurl/src/vtls/openssl.h index 28058453c0..0a7536ea3e 100644 --- a/libs/libcurl/src/vtls/openssl.h +++ b/libs/libcurl/src/vtls/openssl.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -30,12 +30,26 @@ * and ngtcp2.c */ -#include <openssl/x509v3.h> #include "urldata.h" +/* + * In an effort to avoid using 'X509 *' here, we instead use the struct + * x509_st version of the type so that we can forward-declare it here without + * having to include <openssl/x509v3.h>. Including that header causes name + * conflicts when libcurl is built with both Schannel and OpenSSL support. + */ +struct x509_st; CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - X509 *server_cert); + struct x509_st *server_cert); extern const struct Curl_ssl Curl_ssl_openssl; +struct ssl_ctx_st; +CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, + struct ssl_ctx_st *ctx, char *cert_file, + const struct curl_blob *cert_blob, + const char *cert_type, char *key_file, + const struct curl_blob *key_blob, + const char *key_type, char *key_passwd); + #endif /* USE_OPENSSL */ #endif /* HEADER_CURL_SSLUSE_H */ diff --git a/libs/libcurl/src/vtls/rustls.c b/libs/libcurl/src/vtls/rustls.c index 6dbb1ef3cd..16970b7c36 100644 --- a/libs/libcurl/src/vtls/rustls.c +++ b/libs/libcurl/src/vtls/rustls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2020 - 2021, Jacob Hoffman-Andrews, + * Copyright (C) 2020 - 2022, Jacob Hoffman-Andrews, * <github@hoffman-andrews.com> * * This software is licensed as described in the file COPYING, which @@ -65,6 +65,7 @@ cr_data_pending(const struct connectdata *conn, int sockindex) { const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return backend->data_pending; } @@ -118,7 +119,8 @@ cr_recv(struct Curl_easy *data, int sockindex, struct connectdata *conn = data->conn; struct ssl_connect_data *const connssl = &conn->ssl[sockindex]; struct ssl_backend_data *const backend = connssl->backend; - struct rustls_connection *const rconn = backend->conn; + struct rustls_connection *rconn = NULL; + size_t n = 0; size_t tls_bytes_read = 0; size_t plain_bytes_copied = 0; @@ -126,6 +128,9 @@ cr_recv(struct Curl_easy *data, int sockindex, char errorbuf[255]; rustls_io_result io_error; + DEBUGASSERT(backend); + rconn = backend->conn; + io_error = rustls_connection_read_tls(rconn, read_cb, &conn->sock[sockindex], &tls_bytes_read); if(io_error == EAGAIN || io_error == EWOULDBLOCK) { @@ -215,13 +220,16 @@ cr_send(struct Curl_easy *data, int sockindex, struct connectdata *conn = data->conn; struct ssl_connect_data *const connssl = &conn->ssl[sockindex]; struct ssl_backend_data *const backend = connssl->backend; - struct rustls_connection *const rconn = backend->conn; + struct rustls_connection *rconn = NULL; size_t plainwritten = 0; size_t tlswritten = 0; size_t tlswritten_total = 0; rustls_result rresult; rustls_io_result io_error; + DEBUGASSERT(backend); + rconn = backend->conn; + infof(data, "cr_send %ld bytes of plaintext", plainlen); if(plainlen > 0) { @@ -295,9 +303,13 @@ static CURLcode cr_init_backend(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *const backend) { - struct rustls_connection *rconn = backend->conn; + struct rustls_connection *rconn = NULL; struct rustls_client_config_builder *config_builder = NULL; - const char *const ssl_cafile = SSL_CONN_CONFIG(CAfile); + struct rustls_root_cert_store *roots = NULL; + const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob); + const char * const ssl_cafile = + /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ + (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile)); const bool verifypeer = SSL_CONN_CONFIG(verifypeer); const char *hostname = conn->host.name; char errorbuf[256]; @@ -308,14 +320,17 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, { (const uint8_t *)ALPN_H2, ALPN_H2_LENGTH }, }; + DEBUGASSERT(backend); + rconn = backend->conn; + config_builder = rustls_client_config_builder_new(); #ifdef USE_HTTP2 - infof(data, "offering ALPN for HTTP/1.1 and HTTP/2"); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 2); #else - infof(data, "offering ALPN for HTTP/1.1 only"); rustls_client_config_builder_set_alpn_protocols(config_builder, alpn, 1); #endif + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); if(!verifypeer) { rustls_client_config_builder_dangerous_set_certificate_verifier( config_builder, cr_verify_none); @@ -328,6 +343,29 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, hostname = "example.invalid"; } } + else if(ca_info_blob) { + roots = rustls_root_cert_store_new(); + + /* Enable strict parsing only if verification isn't disabled. */ + result = rustls_root_cert_store_add_pem(roots, ca_info_blob->data, + ca_info_blob->len, verifypeer); + if(result != RUSTLS_RESULT_OK) { + failf(data, "failed to parse trusted certificates from blob"); + rustls_root_cert_store_free(roots); + rustls_client_config_free( + rustls_client_config_builder_build(config_builder)); + return CURLE_SSL_CACERT_BADFILE; + } + + result = rustls_client_config_builder_use_roots(config_builder, roots); + rustls_root_cert_store_free(roots); + if(result != RUSTLS_RESULT_OK) { + failf(data, "failed to load trusted certificates"); + rustls_client_config_free( + rustls_client_config_builder_build(config_builder)); + return CURLE_SSL_CACERT_BADFILE; + } + } else if(ssl_cafile) { result = rustls_client_config_builder_load_roots_from_file( config_builder, ssl_cafile); @@ -341,7 +379,14 @@ cr_init_backend(struct Curl_easy *data, struct connectdata *conn, backend->config = rustls_client_config_builder_build(config_builder); DEBUGASSERT(rconn == NULL); - result = rustls_client_connection_new(backend->config, hostname, &rconn); + { + char *snihost = Curl_ssl_snihost(data, hostname, NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + result = rustls_client_connection_new(backend->config, snihost, &rconn); + } if(result != RUSTLS_RESULT_OK) { rustls_error(result, errorbuf, sizeof(errorbuf), &errorlen); failf(data, "rustls_client_connection_new: %.*s", errorlen, errorbuf); @@ -361,20 +406,20 @@ cr_set_negotiated_alpn(struct Curl_easy *data, struct connectdata *conn, rustls_connection_get_alpn_protocol(rconn, &protocol, &len); if(!protocol) { - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); return; } #ifdef USE_HTTP2 if(len == ALPN_H2_LENGTH && 0 == memcmp(ALPN_H2, protocol, len)) { - infof(data, "ALPN, negotiated h2"); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_H2); conn->negnpn = CURL_HTTP_VERSION_2; } else #endif if(len == ALPN_HTTP_1_1_LENGTH && 0 == memcmp(ALPN_HTTP_1_1, protocol, len)) { - infof(data, "ALPN, negotiated http/1.1"); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, ALPN_HTTP_1_1); conn->negnpn = CURL_HTTP_VERSION_1_1; } else { @@ -401,6 +446,8 @@ cr_connect_nonblocking(struct Curl_easy *data, struct connectdata *conn, curl_socket_t writefd; curl_socket_t readfd; + DEBUGASSERT(backend); + if(ssl_connection_none == connssl->state) { result = cr_init_backend(data, conn, connssl->backend); if(result != CURLE_OK) { @@ -495,7 +542,10 @@ cr_getsock(struct connectdata *conn, curl_socket_t *socks) struct ssl_connect_data *const connssl = &conn->ssl[FIRSTSOCKET]; curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; struct ssl_backend_data *const backend = connssl->backend; - struct rustls_connection *rconn = backend->conn; + struct rustls_connection *rconn = NULL; + + DEBUGASSERT(backend); + rconn = backend->conn; if(rustls_connection_wants_write(rconn)) { socks[0] = sockfd; @@ -514,6 +564,7 @@ cr_get_internals(struct ssl_connect_data *connssl, CURLINFO info UNUSED_PARAM) { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); return &backend->conn; } @@ -526,6 +577,8 @@ cr_close(struct Curl_easy *data, struct connectdata *conn, CURLcode tmperr = CURLE_OK; ssize_t n = 0; + DEBUGASSERT(backend); + if(backend->conn) { rustls_connection_send_close_notify(backend->conn); n = cr_send(data, sockindex, NULL, 0, &tmperr); @@ -550,7 +603,8 @@ static size_t cr_version(char *buffer, size_t size) const struct Curl_ssl Curl_ssl_rustls = { { CURLSSLBACKEND_RUSTLS, "rustls" }, - SSLSUPP_TLS13_CIPHERSUITES, /* supports */ + SSLSUPP_CAINFO_BLOB | /* supports */ + SSLSUPP_TLS13_CIPHERSUITES, sizeof(struct ssl_backend_data), Curl_none_init, /* init */ diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c index 0a8e60610d..dfec66d51f 100644 --- a/libs/libcurl/src/vtls/schannel.c +++ b/libs/libcurl/src/vtls/schannel.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> * @@ -325,13 +325,15 @@ get_alg_id_by_name(char *name) return 0; } +#define NUM_CIPHERS 47 /* There are 47 options listed above */ + static CURLcode set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers, ALG_ID *algIds) { char *startCur = ciphers; int algCount = 0; - while(startCur && (0 != *startCur) && (algCount < NUMOF_CIPHERS)) { + while(startCur && (0 != *startCur) && (algCount < NUM_CIPHERS)) { long alg = strtol(startCur, 0, 0); if(!alg) alg = get_alg_id_by_name(startCur); @@ -418,11 +420,14 @@ schannel_acquire_credential_handle(struct Curl_easy *data, { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; SCHANNEL_CRED schannel_cred; + ALG_ID algIds[NUM_CIPHERS]; PCCERT_CONTEXT client_certs[1] = { NULL }; SECURITY_STATUS sspi_status = SEC_E_OK; CURLcode result; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + /* setup Schannel API options */ memset(&schannel_cred, 0, sizeof(schannel_cred)); schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; @@ -502,7 +507,7 @@ schannel_acquire_credential_handle(struct Curl_easy *data, if(SSL_CONN_CONFIG(cipher_list)) { result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list), - backend->algIds); + algIds); if(CURLE_OK != result) { failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG"); return result; @@ -765,11 +770,12 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, #ifdef ENABLE_IPV6 struct in6_addr addr6; #endif - TCHAR *host_name; CURLcode result; char * const hostname = SSL_HOST_NAME(); struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %hu (step 1/3)", hostname, conn->remote_port)); @@ -846,10 +852,21 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, } if(!backend->cred) { + char *snihost; result = schannel_acquire_credential_handle(data, conn, sockindex); if(result != CURLE_OK) { return result; } + /* A hostname associated with the credential is needed by + InitializeSecurityContext for SNI and other reasons. */ + snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + backend->cred->sni_hostname = curlx_convert_UTF8_to_tchar(snihost); + if(!backend->cred->sni_hostname) + return CURLE_OUT_OF_MEMORY; } /* Warn if SNI is disabled due to use of an IP address */ @@ -891,14 +908,14 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, alpn_buffer[cur++] = ALPN_H2_LENGTH; memcpy(&alpn_buffer[cur], ALPN_H2, ALPN_H2_LENGTH); cur += ALPN_H2_LENGTH; - infof(data, "schannel: ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH; memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); cur += ALPN_HTTP_1_1_LENGTH; - infof(data, "schannel: ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); *list_len = curlx_uitous(cur - list_start_index); *extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short); @@ -936,10 +953,6 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_OUT_OF_MEMORY; } - host_name = curlx_convert_UTF8_to_tchar(hostname); - if(!host_name) - return CURLE_OUT_OF_MEMORY; - /* Schannel InitializeSecurityContext: https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx @@ -948,13 +961,12 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn, us problems with inbuf regardless. https://github.com/curl/curl/issues/983 */ sspi_status = s_pSecFn->InitializeSecurityContext( - &backend->cred->cred_handle, NULL, host_name, backend->req_flags, 0, 0, + &backend->cred->cred_handle, NULL, backend->cred->sni_hostname, + backend->req_flags, 0, 0, (backend->use_alpn ? &inbuf_desc : NULL), 0, &backend->ctxt->ctxt_handle, &outbuf_desc, &backend->ret_flags, &backend->ctxt->time_stamp); - curlx_unicodefree(host_name); - if(sspi_status != SEC_I_CONTINUE_NEEDED) { char buffer[STRERROR_LEN]; Curl_safefree(backend->ctxt); @@ -1027,15 +1039,16 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, SECURITY_STATUS sspi_status = SEC_E_OK; CURLcode result; bool doread; - char * const hostname = SSL_HOST_NAME(); const char *pubkey_ptr; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE; DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)", - hostname, conn->remote_port)); + SSL_HOST_NAME(), conn->remote_port)); if(!backend->cred || !backend->ctxt) return CURLE_SSL_CONNECT_ERROR; @@ -1083,7 +1096,6 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, } for(;;) { - TCHAR *host_name; if(doread) { /* read encrypted handshake data from socket */ result = Curl_read_plain(conn->sock[sockindex], @@ -1136,17 +1148,12 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, memcpy(inbuf[0].pvBuffer, backend->encdata_buffer, backend->encdata_offset); - host_name = curlx_convert_UTF8_to_tchar(hostname); - if(!host_name) - return CURLE_OUT_OF_MEMORY; - sspi_status = s_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, - host_name, backend->req_flags, 0, 0, &inbuf_desc, 0, NULL, + backend->cred->sni_hostname, backend->req_flags, + 0, 0, &inbuf_desc, 0, NULL, &outbuf_desc, &backend->ret_flags, &backend->ctxt->time_stamp); - curlx_unicodefree(host_name); - /* free buffer for received handshake data */ Curl_safefree(inbuf[0].pvBuffer); @@ -1279,7 +1286,7 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(pubkey_ptr) { result = pkp_pin_peer_pubkey(data, conn, sockindex, pubkey_ptr); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } } @@ -1370,6 +1377,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)", @@ -1408,7 +1416,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, if(alpn_result.ProtoNegoStatus == SecApplicationProtocolNegotiationStatus_Success) { - infof(data, "schannel: ALPN, server accepted to use %.*s", + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, alpn_result.ProtocolIdSize, alpn_result.ProtocolId); #ifdef USE_HTTP2 @@ -1425,7 +1433,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, } } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } @@ -1610,6 +1618,7 @@ schannel_connect_common(struct Curl_easy *data, struct connectdata *conn, */ { struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); conn->sslContext = &backend->ctxt->ctxt_handle; } #endif @@ -1640,6 +1649,8 @@ schannel_send(struct Curl_easy *data, int sockindex, CURLcode result; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + /* check if the maximum stream sizes were queried */ if(backend->stream_sizes.cbMaximumMessage == 0) { sspi_status = s_pSecFn->QueryContextAttributes( @@ -1788,6 +1799,8 @@ schannel_recv(struct Curl_easy *data, int sockindex, size_t min_encdata_length = len + CURL_SCHANNEL_BUFFER_FREE_SIZE; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + /**************************************************************************** * Don't return or set backend->recv_unrecoverable_err unless in the cleanup. * The pattern for return error is set *err, optional infof, goto cleanup. @@ -2122,6 +2135,8 @@ static bool schannel_data_pending(const struct connectdata *conn, const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); + if(connssl->use) /* SSL/TLS is in use */ return (backend->decdata_offset > 0 || (backend->encdata_offset > 0 && !backend->encdata_is_incomplete)); @@ -2138,6 +2153,7 @@ static void schannel_session_free(void *ptr) cred->refcount--; if(cred->refcount == 0) { s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); + curlx_unicodefree(cred->sni_hostname); Curl_safefree(cred); } } @@ -2157,6 +2173,7 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(data); + DEBUGASSERT(backend); if(connssl->use) { infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu", @@ -2170,7 +2187,6 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, SecBuffer outbuf; SecBufferDesc outbuf_desc; CURLcode result; - TCHAR *host_name; DWORD dwshut = SCHANNEL_SHUTDOWN; InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut)); @@ -2185,10 +2201,6 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); } - host_name = curlx_convert_UTF8_to_tchar(hostname); - if(!host_name) - return CURLE_OUT_OF_MEMORY; - /* setup output buffer */ InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0); InitSecBufferDesc(&outbuf_desc, &outbuf, 1); @@ -2196,7 +2208,7 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, sspi_status = s_pSecFn->InitializeSecurityContext( &backend->cred->cred_handle, &backend->ctxt->ctxt_handle, - host_name, + backend->cred->sni_hostname, backend->req_flags, 0, 0, @@ -2207,8 +2219,6 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, &backend->ret_flags, &backend->ctxt->time_stamp); - curlx_unicodefree(host_name); - if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) { /* send close message which is in output buffer */ ssize_t written; @@ -2314,6 +2324,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, /* Result is returned to caller */ CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + DEBUGASSERT(backend); + /* if a path wasn't specified, don't pin */ if(!pinnedpubkey) return CURLE_OK; @@ -2359,7 +2371,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, (const unsigned char *)pubkey->header, (size_t)(pubkey->end - pubkey->header)); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); } } while(0); @@ -2434,6 +2446,7 @@ static void *schannel_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return &backend->ctxt->ctxt_handle; } diff --git a/libs/libcurl/src/vtls/schannel.h b/libs/libcurl/src/vtls/schannel.h index 77853aa30f..da60702771 100644 --- a/libs/libcurl/src/vtls/schannel.h +++ b/libs/libcurl/src/vtls/schannel.h @@ -8,7 +8,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al. - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -71,11 +71,10 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, #endif #endif -#define NUMOF_CIPHERS 45 /* There are 45 listed in the MS headers */ - struct Curl_schannel_cred { CredHandle cred_handle; TimeStamp time_stamp; + TCHAR *sni_hostname; int refcount; }; @@ -104,7 +103,6 @@ struct ssl_backend_data { #ifdef HAS_MANUAL_VERIFY_API bool use_manual_cred_validation; /* true if manual cred validation is used */ #endif - ALG_ID algIds[NUMOF_CIPHERS]; }; #endif /* EXPOSE_SCHANNEL_INTERNAL_STRUCTS */ diff --git a/libs/libcurl/src/vtls/schannel_verify.c b/libs/libcurl/src/vtls/schannel_verify.c index 4966cd4945..4dc2d14e56 100644 --- a/libs/libcurl/src/vtls/schannel_verify.c +++ b/libs/libcurl/src/vtls/schannel_verify.c @@ -7,7 +7,7 @@ * * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -286,7 +286,6 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, goto cleanup; } - result = CURLE_OK; while(total_bytes_read < ca_file_bufsize) { DWORD bytes_to_read = (DWORD)(ca_file_bufsize - total_bytes_read); DWORD bytes_read = 0; @@ -313,9 +312,6 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, /* Null terminate the buffer */ ca_file_buffer[ca_file_bufsize] = '\0'; - if(result != CURLE_OK) { - goto cleanup; - } result = add_certs_data_to_store(trust_store, ca_file_buffer, ca_file_bufsize, ca_file, @@ -465,6 +461,7 @@ static CURLcode verify_host(struct Curl_easy *data, CURLcode result = CURLE_PEER_FAILED_VERIFICATION; TCHAR *cert_hostname_buff = NULL; size_t cert_hostname_buff_index = 0; + size_t hostlen = strlen(conn_hostname); DWORD len = 0; DWORD actual_len = 0; @@ -520,10 +517,8 @@ static CURLcode verify_host(struct Curl_easy *data, result = CURLE_OUT_OF_MEMORY; } else { - int match_result; - - match_result = Curl_cert_hostcheck(cert_hostname, conn_hostname); - if(match_result == CURL_HOST_MATCH) { + if(Curl_cert_hostcheck(cert_hostname, strlen(cert_hostname), + conn_hostname, hostlen)) { infof(data, "schannel: connection hostname (%s) validated " "against certificate name (%s)", @@ -577,6 +572,8 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data, HCERTSTORE trust_store = NULL; const char * const conn_hostname = SSL_HOST_NAME(); + DEBUGASSERT(BACKEND); + sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, SECPKG_ATTR_REMOTE_CERT_CONTEXT, diff --git a/libs/libcurl/src/vtls/sectransp.c b/libs/libcurl/src/vtls/sectransp.c index f7a20b20b1..2e57d83785 100644 --- a/libs/libcurl/src/vtls/sectransp.c +++ b/libs/libcurl/src/vtls/sectransp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2012 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>. * * This software is licensed as described in the file COPYING, which @@ -603,7 +603,7 @@ const static struct st_cipher ciphertable[] = { CIPHER_WEAK_RC_ENCRYPTION), CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */ "ECDH-ECDSA-DES-CBC3-SHA", - CIPHER_STRONG_ENOUGH), + CIPHER_WEAK_3DES_ENCRYPTION), CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */ "ECDH-ECDSA-AES128-SHA", CIPHER_STRONG_ENOUGH), @@ -837,12 +837,14 @@ static OSStatus SocketRead(SSLConnectionRef connection, /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; struct ssl_backend_data *backend = connssl->backend; - int sock = backend->ssl_sockfd; + int sock; OSStatus rtn = noErr; size_t bytesRead; ssize_t rrtn; int theErr; + DEBUGASSERT(backend); + sock = backend->ssl_sockfd; *dataLength = 0; for(;;) { @@ -898,13 +900,15 @@ static OSStatus SocketWrite(SSLConnectionRef connection, /*int sock = *(int *)connection;*/ struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; struct ssl_backend_data *backend = connssl->backend; - int sock = backend->ssl_sockfd; + int sock; ssize_t length; size_t dataLen = *dataLength; const UInt8 *dataPtr = (UInt8 *)data; OSStatus ortn; int theErr; + DEBUGASSERT(backend); + sock = backend->ssl_sockfd; *dataLength = 0; do { @@ -934,9 +938,9 @@ static OSStatus SocketWrite(SSLConnectionRef connection, #ifndef CURL_DISABLE_VERBOSE_STRINGS CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) { - /* The first ciphers in the ciphertable are continuos. Here we do small + /* The first ciphers in the ciphertable are continuous. Here we do small optimization and instead of loop directly get SSL name by cipher number. - */ + */ if(cipher <= SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA) { return ciphertable[cipher].name; } @@ -1376,6 +1380,8 @@ set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn, long ssl_version_max = SSL_CONN_CONFIG(version_max); long max_supported_version_by_os; + DEBUGASSERT(backend); + /* macOS 10.5-10.7 supported TLS 1.0 only. macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2. macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */ @@ -1684,6 +1690,8 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, #if CURL_BUILD_MAC int darwinver_maj = 0, darwinver_min = 0; + DEBUGASSERT(backend); + GetDarwinVersionNumber(&darwinver_maj, &darwinver_min); #endif /* CURL_BUILD_MAC */ @@ -1693,7 +1701,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, CFRelease(backend->ssl_ctx); backend->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType); if(!backend->ssl_ctx) { - failf(data, "SSL: couldn't create a context!"); + failf(data, "SSL: couldn't create a context"); return CURLE_OUT_OF_MEMORY; } } @@ -1843,12 +1851,12 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, #endif ) { CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2)); - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1)); - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); /* expects length prefixed preference ordered list of protocols in wire * format @@ -2028,12 +2036,18 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, * Both hostname check and SNI require SSLSetPeerDomainName(). * Also: the verifyhost setting influences SNI usage */ if(conn->ssl_config.verifyhost) { - err = SSLSetPeerDomainName(backend->ssl_ctx, hostname, - strlen(hostname)); + size_t snilen; + char *snihost = Curl_ssl_snihost(data, hostname, &snilen); + if(!snihost) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } + err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen); if(err != noErr) { - infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d", + failf(data, "SSL: SSLSetPeerDomainName() failed: OSStatus %d", err); + return CURLE_SSL_CONNECT_ERROR; } if((Curl_inet_pton(AF_INET, hostname, &addr)) @@ -2542,6 +2556,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, DEBUGASSERT(ssl_connect_2 == connssl->connecting_state || ssl_connect_2_reading == connssl->connecting_state || ssl_connect_2_writing == connssl->connecting_state); + DEBUGASSERT(backend); /* Here goes nothing: */ err = SSLHandshake(backend->ssl_ctx); @@ -2774,7 +2789,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, pkp_pin_peer_pubkey(data, backend->ssl_ctx, data->set.str[STRING_SSL_PINNEDPUBLICKEY]); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } } @@ -2839,7 +2854,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, conn->negnpn = CURL_HTTP_VERSION_1_1; } else - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ? BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); @@ -2918,6 +2933,8 @@ collect_server_cert(struct Curl_easy *data, CFIndex i, count; SecTrustRef trust = NULL; + DEBUGASSERT(backend); + if(!show_verbose_server_cert && !data->set.ssl.certinfo) return CURLE_OK; @@ -3162,6 +3179,8 @@ static void sectransp_close(struct Curl_easy *data, struct connectdata *conn, (void) data; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { (void)SSLClose(backend->ssl_ctx); #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS @@ -3190,6 +3209,8 @@ static int sectransp_shutdown(struct Curl_easy *data, char buf[120]; int loop = 10; /* avoid getting stuck */ + DEBUGASSERT(backend); + if(!backend->ssl_ctx) return 0; @@ -3269,6 +3290,8 @@ static int sectransp_check_cxn(struct connectdata *conn) OSStatus err; SSLSessionState state; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { err = SSLGetSessionState(backend->ssl_ctx, &state); if(err == noErr) @@ -3286,6 +3309,8 @@ static bool sectransp_data_pending(const struct connectdata *conn, OSStatus err; size_t buffer; + DEBUGASSERT(backend); + if(backend->ssl_ctx) { /* SSL is in use */ err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer); if(err == noErr) @@ -3347,6 +3372,8 @@ static ssize_t sectransp_send(struct Curl_easy *data, size_t processed = 0UL; OSStatus err; + DEBUGASSERT(backend); + /* The SSLWrite() function works a little differently than expected. The fourth argument (processed) is currently documented in Apple's documentation as: "On return, the length, in bytes, of the data actually @@ -3414,6 +3441,8 @@ static ssize_t sectransp_recv(struct Curl_easy *data, size_t processed = 0UL; OSStatus err; + DEBUGASSERT(backend); + again: err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed); @@ -3463,6 +3492,7 @@ static void *sectransp_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->ssl_ctx; } diff --git a/libs/libcurl/src/vtls/vtls.c b/libs/libcurl/src/vtls/vtls.c index 6007bbba0f..e2d34388cc 100644 --- a/libs/libcurl/src/vtls/vtls.c +++ b/libs/libcurl/src/vtls/vtls.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -125,15 +125,6 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second) return !memcmp(first->data, second->data, first->len); /* same data */ } -static bool safecmp(char *a, char *b) -{ - if(a && b) - return !strcmp(a, b); - else if(!a && !b) - return TRUE; /* match */ - return FALSE; /* no match */ -} - bool Curl_ssl_config_matches(struct ssl_primary_config *data, @@ -141,21 +132,28 @@ Curl_ssl_config_matches(struct ssl_primary_config *data, { if((data->version == needle->version) && (data->version_max == needle->version_max) && + (data->ssl_options == needle->ssl_options) && (data->verifypeer == needle->verifypeer) && (data->verifyhost == needle->verifyhost) && (data->verifystatus == needle->verifystatus) && blobcmp(data->cert_blob, needle->cert_blob) && blobcmp(data->ca_info_blob, needle->ca_info_blob) && blobcmp(data->issuercert_blob, needle->issuercert_blob) && - safecmp(data->CApath, needle->CApath) && - safecmp(data->CAfile, needle->CAfile) && - safecmp(data->issuercert, needle->issuercert) && - safecmp(data->clientcert, needle->clientcert) && - safecmp(data->random_file, needle->random_file) && - safecmp(data->egdsocket, needle->egdsocket) && + Curl_safecmp(data->CApath, needle->CApath) && + Curl_safecmp(data->CAfile, needle->CAfile) && + Curl_safecmp(data->issuercert, needle->issuercert) && + Curl_safecmp(data->clientcert, needle->clientcert) && + Curl_safecmp(data->random_file, needle->random_file) && + Curl_safecmp(data->egdsocket, needle->egdsocket) && +#ifdef USE_TLS_SRP + Curl_safecmp(data->username, needle->username) && + Curl_safecmp(data->password, needle->password) && + (data->authtype == needle->authtype) && +#endif Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) && Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) && Curl_safe_strcasecompare(data->curves, needle->curves) && + Curl_safe_strcasecompare(data->CRLfile, needle->CRLfile) && Curl_safe_strcasecompare(data->pinned_key, needle->pinned_key)) return TRUE; @@ -172,6 +170,10 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, dest->verifyhost = source->verifyhost; dest->verifystatus = source->verifystatus; dest->sessionid = source->sessionid; + dest->ssl_options = source->ssl_options; +#ifdef USE_TLS_SRP + dest->authtype = source->authtype; +#endif CLONE_BLOB(cert_blob); CLONE_BLOB(ca_info_blob); @@ -186,6 +188,11 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, CLONE_STRING(cipher_list13); CLONE_STRING(pinned_key); CLONE_STRING(curves); + CLONE_STRING(CRLfile); +#ifdef USE_TLS_SRP + CLONE_STRING(username); + CLONE_STRING(password); +#endif return TRUE; } @@ -205,6 +212,11 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) Curl_safefree(sslc->ca_info_blob); Curl_safefree(sslc->issuercert_blob); Curl_safefree(sslc->curves); + Curl_safefree(sslc->CRLfile); +#ifdef USE_TLS_SRP + Curl_safefree(sslc->username); + Curl_safefree(sslc->password); +#endif } #ifdef USE_SSL @@ -300,6 +312,8 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex) pbdata = conn->proxy_ssl[sockindex].backend; conn->proxy_ssl[sockindex] = conn->ssl[sockindex]; + DEBUGASSERT(pbdata != NULL); + memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex])); memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data); @@ -628,7 +642,8 @@ void Curl_ssl_associate_conn(struct Curl_easy *data, { if(Curl_ssl->associate_connection) { Curl_ssl->associate_connection(data, conn, FIRSTSOCKET); - if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted) + if((conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) && + conn->bits.sock_accepted) Curl_ssl->associate_connection(data, conn, SECONDARYSOCKET); } } @@ -638,7 +653,8 @@ void Curl_ssl_detach_conn(struct Curl_easy *data, { if(Curl_ssl->disassociate_connection) { Curl_ssl->disassociate_connection(data, FIRSTSOCKET); - if(conn->sock[SECONDARYSOCKET] && conn->bits.sock_accepted) + if((conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD) && + conn->bits.sock_accepted) Curl_ssl->disassociate_connection(data, SECONDARYSOCKET); } } @@ -872,6 +888,32 @@ CURLcode Curl_ssl_random(struct Curl_easy *data, } /* + * Curl_ssl_snihost() converts the input host name to a suitable SNI name put + * in data->state.buffer. Returns a pointer to the name (or NULL if a problem) + * and stores the new length in 'olen'. + * + * SNI fields must not have any trailing dot and while RFC 6066 section 3 says + * the SNI field is case insensitive, browsers always send the data lowercase + * and subsequently there are numerous servers out there that don't work + * unless the name is lowercased. + */ + +char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen) +{ + size_t len = strlen(host); + if(len && (host[len-1] == '.')) + len--; + if((long)len >= data->set.buffer_size) + return NULL; + + Curl_strntolower(data->state.buffer, host, len); + data->state.buffer[len] = 0; + if(olen) + *olen = len; + return data->state.buffer; +} + +/* * Public key pem to der conversion */ @@ -969,7 +1011,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, if(encode != CURLE_OK) return encode; - encode = Curl_base64_encode(data, (char *)sha256sumdigest, + encode = Curl_base64_encode((char *)sha256sumdigest, CURL_SHA256_DIGEST_LENGTH, &encoded, &encodedlen); Curl_safefree(sha256sumdigest); @@ -1296,8 +1338,6 @@ const struct Curl_ssl *Curl_ssl = &Curl_ssl_openssl; #elif defined(USE_SCHANNEL) &Curl_ssl_schannel; -#elif defined(USE_MESALINK) - &Curl_ssl_mesalink; #elif defined(USE_BEARSSL) &Curl_ssl_bearssl; #else @@ -1329,9 +1369,6 @@ static const struct Curl_ssl *available_backends[] = { #if defined(USE_SCHANNEL) &Curl_ssl_schannel, #endif -#if defined(USE_MESALINK) - &Curl_ssl_mesalink, -#endif #if defined(USE_BEARSSL) &Curl_ssl_bearssl, #endif diff --git a/libs/libcurl/src/vtls/vtls.h b/libs/libcurl/src/vtls/vtls.h index c7bbba082d..6bd1e0dcd3 100644 --- a/libs/libcurl/src/vtls/vtls.h +++ b/libs/libcurl/src/vtls/vtls.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -34,6 +34,17 @@ struct ssl_connect_data; #define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */ #define SSLSUPP_CAINFO_BLOB (1<<6) +#define ALPN_ACCEPTED "ALPN: server accepted " + +#define VTLS_INFOF_NO_ALPN \ + "ALPN: server did not agree on a protocol. Uses default." +#define VTLS_INFOF_ALPN_OFFER_1STR \ + "ALPN: offers %s" +#define VTLS_INFOF_ALPN_ACCEPTED_1STR \ + ALPN_ACCEPTED "%s" +#define VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR \ + ALPN_ACCEPTED "%.*s" + struct Curl_ssl { /* * This *must* be the first entry to allow returning the list of available @@ -85,7 +96,7 @@ struct Curl_ssl { CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen, unsigned char *sha256sum, size_t sha256sumlen); - void (*associate_connection)(struct Curl_easy *data, + bool (*associate_connection)(struct Curl_easy *data, struct connectdata *conn, int sockindex); void (*disassociate_connection)(struct Curl_easy *data, int sockindex); @@ -120,7 +131,6 @@ bool Curl_ssl_tls13_ciphersuites(void); #include "schannel.h" /* Schannel SSPI version */ #include "sectransp.h" /* SecureTransport (Darwin) version */ #include "mbedtls.h" /* mbedTLS versions */ -#include "mesalink.h" /* MesaLink versions */ #include "bearssl.h" /* BearSSL versions */ #include "rustls.h" /* rustls versions */ @@ -173,6 +183,7 @@ bool Curl_ssl_tls13_ciphersuites(void); data->set.str[STRING_SSL_PINNEDPUBLICKEY] #endif +char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen); bool Curl_ssl_config_matches(struct ssl_primary_config *data, struct ssl_primary_config *needle); bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source, diff --git a/libs/libcurl/src/vtls/wolfssl.c b/libs/libcurl/src/vtls/wolfssl.c index 8c5b9157b8..da8cb82ce2 100644 --- a/libs/libcurl/src/vtls/wolfssl.c +++ b/libs/libcurl/src/vtls/wolfssl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -263,6 +263,8 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, #define use_sni(x) Curl_nop_stmt #endif + DEBUGASSERT(backend); + if(connssl->state == ssl_connection_complete) return CURLE_OK; @@ -322,7 +324,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, } if(!req_method) { - failf(data, "SSL: couldn't create a method!"); + failf(data, "SSL: couldn't create a method"); return CURLE_OUT_OF_MEMORY; } @@ -331,7 +333,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, backend->ctx = SSL_CTX_new(req_method); if(!backend->ctx) { - failf(data, "SSL: couldn't create a context!"); + failf(data, "SSL: couldn't create a context"); return CURLE_OUT_OF_MEMORY; } @@ -460,14 +462,19 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, const char * const hostname = SSL_HOST_NAME(); size_t hostname_len = strlen(hostname); if((hostname_len < USHRT_MAX) && - (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) && + !Curl_inet_pton(AF_INET, hostname, &addr4) #ifdef ENABLE_IPV6 - (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) && + && !Curl_inet_pton(AF_INET6, hostname, &addr6) #endif - (wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, hostname, - (unsigned short)hostname_len) != 1)) { - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension"); + ) { + size_t snilen; + char *snihost = Curl_ssl_snihost(data, hostname, &snilen); + if(!snihost || + wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, snihost, + (unsigned short)snilen) != 1) { + failf(data, "Failed to set SNI"); + return CURLE_SSL_CONNECT_ERROR; + } } } #endif @@ -496,7 +503,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, SSL_free(backend->handle); backend->handle = SSL_new(backend->ctx); if(!backend->handle) { - failf(data, "SSL: couldn't create a context (handle)!"); + failf(data, "SSL: couldn't create a context"); return CURLE_OUT_OF_MEMORY; } @@ -519,12 +526,12 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, #ifdef USE_HTTP2 if(data->state.httpwant >= CURL_HTTP_VERSION_2) { strcpy(protocols + strlen(protocols), ALPN_H2 ","); - infof(data, "ALPN, offering %s", ALPN_H2); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2); } #endif strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1); - infof(data, "ALPN, offering %s", ALPN_HTTP_1_1); + infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1); if(wolfSSL_UseALPN(backend->handle, protocols, (unsigned)strlen(protocols), @@ -590,10 +597,11 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, int ret = -1; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; - const char * const hostname = SSL_HOST_NAME(); const char * const dispname = SSL_HOST_DISPNAME(); const char * const pinnedpubkey = SSL_PINNED_PUB_KEY(); + DEBUGASSERT(backend); + ERR_clear_error(); conn->recv[sockindex] = wolfssl_recv; @@ -601,9 +609,10 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, /* Enable RFC2818 checks */ if(SSL_CONN_CONFIG(verifyhost)) { - ret = wolfSSL_check_domain_name(backend->handle, hostname); - if(ret == SSL_FAILURE) - return CURLE_OUT_OF_MEMORY; + char *snihost = Curl_ssl_snihost(data, SSL_HOST_NAME(), NULL); + if(!snihost || + (wolfSSL_check_domain_name(backend->handle, snihost) == SSL_FAILURE)) + return CURLE_SSL_CONNECT_ERROR; } ret = SSL_connect(backend->handle); @@ -730,7 +739,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, (const unsigned char *)pubkey->header, (size_t)(pubkey->end - pubkey->header)); if(result) { - failf(data, "SSL: public key does not match pinned public key!"); + failf(data, "SSL: public key does not match pinned public key"); return result; } #else @@ -748,8 +757,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, rc = wolfSSL_ALPN_GetProtocol(backend->handle, &protocol, &protocol_len); if(rc == SSL_SUCCESS) { - infof(data, "ALPN, server accepted to use %.*s", protocol_len, - protocol); + infof(data, VTLS_INFOF_ALPN_ACCEPTED_LEN_1STR, protocol_len, protocol); if(protocol_len == ALPN_HTTP_1_1_LENGTH && !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) @@ -767,7 +775,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); } else if(rc == SSL_ALPN_NOT_FOUND) - infof(data, "ALPN, server did not agree to a protocol"); + infof(data, VTLS_INFOF_NO_ALPN); else { failf(data, "ALPN, failure getting protocol, error %d", rc); return CURLE_SSL_CONNECT_ERROR; @@ -797,6 +805,7 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, struct ssl_backend_data *backend = connssl->backend; DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + DEBUGASSERT(backend); if(SSL_SET_OPTION(primary.sessionid)) { bool incache; @@ -848,6 +857,8 @@ static ssize_t wolfssl_send(struct Curl_easy *data, int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; int rc; + DEBUGASSERT(backend); + ERR_clear_error(); rc = SSL_write(backend->handle, mem, memlen); @@ -880,6 +891,8 @@ static void wolfssl_close(struct Curl_easy *data, struct connectdata *conn, (void) data; + DEBUGASSERT(backend); + if(backend->handle) { char buf[32]; /* Maybe the server has already sent a close notify alert. @@ -908,17 +921,22 @@ static ssize_t wolfssl_recv(struct Curl_easy *data, int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; int nread; + DEBUGASSERT(backend); + ERR_clear_error(); nread = SSL_read(backend->handle, buf, buffsize); - if(nread < 0) { + if(nread <= 0) { int err = SSL_get_error(backend->handle, nread); switch(err) { case SSL_ERROR_ZERO_RETURN: /* no more data */ break; + case SSL_ERROR_NONE: + /* FALLTHROUGH */ case SSL_ERROR_WANT_READ: + /* FALLTHROUGH */ case SSL_ERROR_WANT_WRITE: /* there's data pending, re-invoke SSL_read() */ *curlcode = CURLE_AGAIN; @@ -974,6 +992,7 @@ static bool wolfssl_data_pending(const struct connectdata *conn, { const struct ssl_connect_data *connssl = &conn->ssl[connindex]; struct ssl_backend_data *backend = connssl->backend; + DEBUGASSERT(backend); if(backend->handle) /* SSL is in use */ return (0 != SSL_pending(backend->handle)) ? TRUE : FALSE; else @@ -994,6 +1013,8 @@ static int wolfssl_shutdown(struct Curl_easy *data, struct connectdata *conn, (void) data; + DEBUGASSERT(backend); + if(backend->handle) { ERR_clear_error(); SSL_free(backend->handle); @@ -1173,6 +1194,7 @@ static void *wolfssl_get_internals(struct ssl_connect_data *connssl, { struct ssl_backend_data *backend = connssl->backend; (void)info; + DEBUGASSERT(backend); return backend->handle; } diff --git a/libs/libcurl/src/x509asn1.c b/libs/libcurl/src/vtls/x509asn1.c index 0341543a2b..dfb938621c 100644 --- a/libs/libcurl/src/x509asn1.c +++ b/libs/libcurl/src/vtls/x509asn1.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,8 +22,23 @@ #include "curl_setup.h" -#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ - defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) + +#if defined(USE_GSKIT) || defined(USE_WOLFSSL) || defined(USE_SCHANNEL) +#define WANT_PARSEX509 /* uses Curl_parseX509() */ +#endif + +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_SCHANNEL) || defined(USE_SECTRANSP) +#define WANT_EXTRACT_CERTINFO /* uses Curl_extract_certinfo() */ +#define WANT_PARSEX509 /* ... uses Curl_parseX509() */ +#endif + +#if defined(USE_GSKIT) +#define WANT_VERIFYHOST /* uses Curl_verifyhost () */ +#define WANT_PARSEX509 /* ... uses Curl_parseX509() */ +#endif #include <curl/curl.h> #include "urldata.h" @@ -41,6 +56,56 @@ #include "curl_memory.h" #include "memdebug.h" +/* + * Constants. + */ + +/* Largest supported ASN.1 structure. */ +#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */ + +/* ASN.1 classes. */ +#define CURL_ASN1_UNIVERSAL 0 +#define CURL_ASN1_APPLICATION 1 +#define CURL_ASN1_CONTEXT_SPECIFIC 2 +#define CURL_ASN1_PRIVATE 3 + +/* ASN.1 types. */ +#define CURL_ASN1_BOOLEAN 1 +#define CURL_ASN1_INTEGER 2 +#define CURL_ASN1_BIT_STRING 3 +#define CURL_ASN1_OCTET_STRING 4 +#define CURL_ASN1_NULL 5 +#define CURL_ASN1_OBJECT_IDENTIFIER 6 +#define CURL_ASN1_OBJECT_DESCRIPTOR 7 +#define CURL_ASN1_INSTANCE_OF 8 +#define CURL_ASN1_REAL 9 +#define CURL_ASN1_ENUMERATED 10 +#define CURL_ASN1_EMBEDDED 11 +#define CURL_ASN1_UTF8_STRING 12 +#define CURL_ASN1_RELATIVE_OID 13 +#define CURL_ASN1_SEQUENCE 16 +#define CURL_ASN1_SET 17 +#define CURL_ASN1_NUMERIC_STRING 18 +#define CURL_ASN1_PRINTABLE_STRING 19 +#define CURL_ASN1_TELETEX_STRING 20 +#define CURL_ASN1_VIDEOTEX_STRING 21 +#define CURL_ASN1_IA5_STRING 22 +#define CURL_ASN1_UTC_TIME 23 +#define CURL_ASN1_GENERALIZED_TIME 24 +#define CURL_ASN1_GRAPHIC_STRING 25 +#define CURL_ASN1_VISIBLE_STRING 26 +#define CURL_ASN1_GENERAL_STRING 27 +#define CURL_ASN1_UNIVERSAL_STRING 28 +#define CURL_ASN1_CHARACTER_STRING 29 +#define CURL_ASN1_BMP_STRING 30 + +#ifdef WANT_EXTRACT_CERTINFO +/* ASN.1 OID table entry. */ +struct Curl_OID { + const char *numoid; /* Dotted-numeric OID. */ + const char *textoid; /* OID name. */ +}; + /* ASN.1 OIDs. */ static const char cnOID[] = "2.5.4.3"; /* Common name. */ static const char sanOID[] = "2.5.29.17"; /* Subject alternative name. */ @@ -95,6 +160,8 @@ static const struct Curl_OID OIDtable[] = { { (const char *) NULL, (const char *) NULL } }; +#endif /* WANT_EXTRACT_CERTINFO */ + /* * Lightweight ASN.1 parser. * In particular, it does not check for syntactic/lexical errors. @@ -173,6 +240,8 @@ static const char *getASN1Element(struct Curl_asn1Element *elem, return elem->end; } +#ifdef WANT_EXTRACT_CERTINFO + /* * Search the null terminated OID or OID identifier in local table. * Return the table entry pointer or NULL if not found. @@ -683,28 +752,9 @@ static ssize_t encodeDN(char *buf, size_t buflen, struct Curl_asn1Element *dn) return l; } -/* - * Convert an ASN.1 distinguished name into a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. - */ -static const char *DNtostr(struct Curl_asn1Element *dn) -{ - char *buf = NULL; - ssize_t buflen = encodeDN(NULL, 0, dn); - - if(buflen >= 0) { - buf = malloc(buflen + 1); - if(buf) { - if(encodeDN(buf, buflen + 1, dn) == -1) { - free(buf); - return NULL; - } - buf[buflen] = '\0'; - } - } - return buf; -} +#endif /* WANT_EXTRACT_CERTINFO */ +#ifdef WANT_PARSEX509 /* * ASN.1 parse an X509 certificate into structure subfields. * Syntax is assumed to have already been checked by the SSL backend. @@ -824,6 +874,9 @@ int Curl_parseX509(struct Curl_X509certificate *cert, return 0; } +#endif /* WANT_PARSEX509 */ + +#ifdef WANT_EXTRACT_CERTINFO /* * Copy at most 64-characters, terminate with a newline and returns the @@ -892,6 +945,24 @@ static int do_pubkey(struct Curl_easy *data, int certnum, /* Generate all information records for the public key. */ + if(strcasecompare(algo, "ecPublicKey")) { + /* + * ECC public key is all the data, a value of type BIT STRING mapped to + * OCTET STRING and should not be parsed as an ASN.1 value. + */ + const unsigned long len = + (unsigned long)((pubkey->end - pubkey->beg - 2) * 4); + if(!certnum) + infof(data, " ECC Public Key (%lu bits)", len); + if(data->set.ssl.certinfo) { + char q[sizeof(len) * 8 / 3 + 1]; + msnprintf(q, sizeof(q), "%lu", len); + if(Curl_ssl_push_certinfo(data, certnum, "ECC Public Key", q)) + return 1; + } + return do_pubkey_field(data, certnum, "ecPublicKey", pubkey); + } + /* Get the public key (single element). */ if(!getASN1Element(&pk, pubkey->beg + 1, pubkey->end)) return 1; @@ -918,14 +989,10 @@ static int do_pubkey(struct Curl_easy *data, int certnum, if(!certnum) infof(data, " RSA Public Key (%lu bits)", len); if(data->set.ssl.certinfo) { - q = curl_maprintf("%lu", len); - if(q) { - CURLcode result = - Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", q); - free((char *) q); - if(result) - return 1; - } + char r[sizeof(len) * 8 / 3 + 1]; + msnprintf(r, sizeof(r), "%lu", len); + if(Curl_ssl_push_certinfo(data, certnum, "RSA Public Key", r)) + return 1; } /* Generate coefficients. */ if(do_pubkey_field(data, certnum, "rsa(n)", &elem)) @@ -969,6 +1036,28 @@ static int do_pubkey(struct Curl_easy *data, int certnum, return 0; } +/* + * Convert an ASN.1 distinguished name into a printable string. + * Return the dynamically allocated string, or NULL if an error occurs. + */ +static const char *DNtostr(struct Curl_asn1Element *dn) +{ + char *buf = NULL; + ssize_t buflen = encodeDN(NULL, 0, dn); + + if(buflen >= 0) { + buf = malloc(buflen + 1); + if(buf) { + if(encodeDN(buf, buflen + 1, dn) == -1) { + free(buf); + return NULL; + } + buf[buflen] = '\0'; + } + } + return buf; +} + CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, const char *beg, @@ -1119,7 +1208,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, return result; /* Generate PEM certificate. */ - result = Curl_base64_encode(data, cert.certificate.beg, + result = Curl_base64_encode(cert.certificate.beg, cert.certificate.end - cert.certificate.beg, &cp1, &cl1); if(result) @@ -1153,10 +1242,12 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, return result; } +#endif /* WANT_EXTRACT_CERTINFO */ + #endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL * or USE_SECTRANSP */ -#if defined(USE_GSKIT) +#ifdef WANT_VERIFYHOST static const char *checkOID(const char *beg, const char *end, const char *oid) @@ -1198,6 +1289,7 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, ssize_t len; const char * const hostname = SSL_HOST_NAME(); const char * const dispname = SSL_HOST_DISPNAME(); + size_t hostlen = strlen(hostname); #ifdef ENABLE_IPV6 struct in6_addr addr; #else @@ -1253,7 +1345,8 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING, name.beg, name.end); if(len > 0 && (size_t)len == strlen(dnsname)) - matched = Curl_cert_hostcheck(dnsname, hostname); + matched = Curl_cert_hostcheck(dnsname, + (size_t)len, hostname, hostlen); else matched = 0; free(dnsname); @@ -1312,7 +1405,8 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, } if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */ failf(data, "SSL: illegal cert name field"); - else if(Curl_cert_hostcheck((const char *) dnsname, hostname)) { + else if(Curl_cert_hostcheck((const char *) dnsname, + len, hostname, hostlen)) { infof(data, " common name: %s (matched)", dnsname); free(dnsname); return CURLE_OK; @@ -1326,4 +1420,4 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, return CURLE_PEER_FAILED_VERIFICATION; } -#endif /* USE_GSKIT */ +#endif /* WANT_VERIFYHOST */ diff --git a/libs/libcurl/src/x509asn1.h b/libs/libcurl/src/vtls/x509asn1.h index 3b51eeef8d..db7df0ef12 100644 --- a/libs/libcurl/src/x509asn1.h +++ b/libs/libcurl/src/vtls/x509asn1.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,50 +31,6 @@ #include "urldata.h" /* - * Constants. - */ - -/* Largest supported ASN.1 structure. */ -#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */ - -/* ASN.1 classes. */ -#define CURL_ASN1_UNIVERSAL 0 -#define CURL_ASN1_APPLICATION 1 -#define CURL_ASN1_CONTEXT_SPECIFIC 2 -#define CURL_ASN1_PRIVATE 3 - -/* ASN.1 types. */ -#define CURL_ASN1_BOOLEAN 1 -#define CURL_ASN1_INTEGER 2 -#define CURL_ASN1_BIT_STRING 3 -#define CURL_ASN1_OCTET_STRING 4 -#define CURL_ASN1_NULL 5 -#define CURL_ASN1_OBJECT_IDENTIFIER 6 -#define CURL_ASN1_OBJECT_DESCRIPTOR 7 -#define CURL_ASN1_INSTANCE_OF 8 -#define CURL_ASN1_REAL 9 -#define CURL_ASN1_ENUMERATED 10 -#define CURL_ASN1_EMBEDDED 11 -#define CURL_ASN1_UTF8_STRING 12 -#define CURL_ASN1_RELATIVE_OID 13 -#define CURL_ASN1_SEQUENCE 16 -#define CURL_ASN1_SET 17 -#define CURL_ASN1_NUMERIC_STRING 18 -#define CURL_ASN1_PRINTABLE_STRING 19 -#define CURL_ASN1_TELETEX_STRING 20 -#define CURL_ASN1_VIDEOTEX_STRING 21 -#define CURL_ASN1_IA5_STRING 22 -#define CURL_ASN1_UTC_TIME 23 -#define CURL_ASN1_GENERALIZED_TIME 24 -#define CURL_ASN1_GRAPHIC_STRING 25 -#define CURL_ASN1_VISIBLE_STRING 26 -#define CURL_ASN1_GENERAL_STRING 27 -#define CURL_ASN1_UNIVERSAL_STRING 28 -#define CURL_ASN1_CHARACTER_STRING 29 -#define CURL_ASN1_BMP_STRING 30 - - -/* * Types. */ @@ -88,14 +44,6 @@ struct Curl_asn1Element { bool constructed; /* Element is constructed. */ }; - -/* ASN.1 OID table entry. */ -struct Curl_OID { - const char *numoid; /* Dotted-numeric OID. */ - const char *textoid; /* OID name. */ -}; - - /* X509 certificate: RFC 5280. */ struct Curl_X509certificate { struct Curl_asn1Element certificate; @@ -119,10 +67,6 @@ struct Curl_X509certificate { * Prototypes. */ -const char *Curl_getASN1Element(struct Curl_asn1Element *elem, - const char *beg, const char *end); -const char *Curl_ASN1tostr(struct Curl_asn1Element *elem, int type); -const char *Curl_DNtostr(struct Curl_asn1Element *dn); int Curl_parseX509(struct Curl_X509certificate *cert, const char *beg, const char *end); CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, diff --git a/libs/libcurl/src/warnless.c b/libs/libcurl/src/warnless.c index 15c8156d1c..0336a41d80 100644 --- a/libs/libcurl/src/warnless.c +++ b/libs/libcurl/src/warnless.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -360,7 +360,7 @@ curl_socket_t curlx_sitosk(int i) #endif /* USE_WINSOCK */ -#if defined(WIN32) || defined(_WIN32) +#if defined(WIN32) ssize_t curlx_read(int fd, void *buf, size_t count) { @@ -372,7 +372,7 @@ ssize_t curlx_write(int fd, const void *buf, size_t count) return (ssize_t)write(fd, buf, curlx_uztoui(count)); } -#endif /* WIN32 || _WIN32 */ +#endif /* WIN32 */ #if defined(__INTEL_COMPILER) && defined(__unix__) diff --git a/libs/libcurl/src/warnless.h b/libs/libcurl/src/warnless.h index 2c619bf819..37ac5ba19f 100644 --- a/libs/libcurl/src/warnless.h +++ b/libs/libcurl/src/warnless.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,6 +22,8 @@ * ***************************************************************************/ +#include "curl_setup.h" + #ifdef USE_WINSOCK #include <curl/curl.h> /* for curl_socket_t */ #endif @@ -65,7 +67,7 @@ curl_socket_t curlx_sitosk(int i); #endif /* USE_WINSOCK */ -#if defined(WIN32) || defined(_WIN32) +#if defined(WIN32) ssize_t curlx_read(int fd, void *buf, size_t count); @@ -78,7 +80,7 @@ ssize_t curlx_write(int fd, const void *buf, size_t count); # define write(fd, buf, count) curlx_write(fd, buf, count) #endif -#endif /* WIN32 || _WIN32 */ +#endif /* WIN32 */ #if defined(__INTEL_COMPILER) && defined(__unix__) |