From 487f6abca26f6b70d545d02e296ae6ca7e197882 Mon Sep 17 00:00:00 2001 From: dartraiden Date: Thu, 19 Sep 2024 19:35:43 +0300 Subject: libcurl: update to 8.10.1 --- libs/libcurl/docs/RELEASE-NOTES | 588 ++++------------------------------- libs/libcurl/docs/THANKS | 7 + libs/libcurl/include/curl/curlver.h | 8 +- libs/libcurl/src/cf-https-connect.c | 3 - libs/libcurl/src/cf-socket.c | 4 + libs/libcurl/src/cfilters.c | 1 + libs/libcurl/src/config-win32.h | 7 - libs/libcurl/src/connect.c | 22 +- libs/libcurl/src/curl_memrchr.c | 4 + libs/libcurl/src/curl_memrchr.h | 4 + libs/libcurl/src/curl_setup.h | 10 + libs/libcurl/src/ftp.c | 27 +- libs/libcurl/src/http.c | 18 +- libs/libcurl/src/http2.c | 9 +- libs/libcurl/src/multi.c | 2 + libs/libcurl/src/rand.c | 6 +- libs/libcurl/src/rand.h | 5 - libs/libcurl/src/request.c | 40 ++- libs/libcurl/src/request.h | 1 + libs/libcurl/src/sendf.c | 18 +- libs/libcurl/src/setopt.c | 12 +- libs/libcurl/src/transfer.c | 34 +- libs/libcurl/src/url.c | 15 + libs/libcurl/src/urldata.h | 6 + libs/libcurl/src/vquic/curl_ngtcp2.c | 7 - libs/libcurl/src/vquic/curl_osslq.c | 7 - libs/libcurl/src/vquic/curl_quiche.c | 8 - libs/libcurl/src/vtls/rustls.c | 108 +++++-- libs/libcurl/src/vtls/vtls.h | 2 +- 29 files changed, 301 insertions(+), 682 deletions(-) diff --git a/libs/libcurl/docs/RELEASE-NOTES b/libs/libcurl/docs/RELEASE-NOTES index fddba01378..42f862ec2c 100644 --- a/libs/libcurl/docs/RELEASE-NOTES +++ b/libs/libcurl/docs/RELEASE-NOTES @@ -1,277 +1,40 @@ -curl and libcurl 8.10.0 +curl and libcurl 8.10.1 - Public curl releases: 260 + Public curl releases: 261 Command line options: 265 curl_easy_setopt() options: 306 Public functions in libcurl: 94 - Contributors: 3239 + Contributors: 3246 This release includes the following changes: - o autotools: add `--enable-windows-unicode` option [103] - o curl: --help [option] displays documentation for given cmdline option [19] - o curl: add --skip-existing [54] - o curl: for -O, use "default" as filename when the URL has none [34] - o curl: make --rate accept "number of units" [4] - o curl: make --show-headers the same as --include [6] - o curl: support --dump-header % to direct to stderr [31] - o curl: support embedding a CA bundle and --dump-ca-embed [20] - o curl: support repeated use of the verbose option; -vv etc [35] - o curl: use libuv for parallel transfers with --test-event [82] - o getinfo: add CURLINFO_POSTTRANSFER_TIME_T [87] - o mbedtls: add CURLOPT_TLS13_CIPHERS support [78] - o rustls: add support for setting TLS version and ciphers [113] - o vtls: stop offering alpn http/1.1 for http2-prior-knowledge [53] - o wolfssl: add CURLOPT_TLS13_CIPHERS support [76] - o wolfssl: add support for ssl cert blob / ssl key blob options [50] This release includes the following bugfixes: - o asyn-thread: stop using GetAddrInfoExW on Windows [241] - o autotools: fix MS-DOS builds [249] - o autotools: fix typo in tests/data target [30] - o aws_sigv4: fix canon order for headers with same prefix [74] - o bearssl: fix setting tls version [203] - o bearssl: improve shutdown handling [45] - o BINDINGS: add zig binding [100] - o build: add `iphlpapi` lib for libssh on Windows [166] - o build: add `poll()` detection for cross-builds [244] - o build: add options to disable SHA-512/256 hash algo [239] - o build: check OS-native IDN first, then libidn2 [223] - o build: delete unused `REQUIRE_LIB_DEPS` [226] - o build: drop unused `NROFF` reference [253] - o build: drop unused feature-detection code for Apple `poll()` [227] - o build: generate `buildinfo.txt` for test logs [256] - o build: improve compiler version detection portability - o build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0 [207] - o build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds [137] - o build: use -Wno-format-overflow [195] - o buildconf.bat: fix tool_hugehelp.c generation [173] - o cf-socket: fix pollset for listening [179] - o cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows [185] - o cfilters: send flush [13] - o CHANGES: rename to CHANGES.md, no longer generated [40] - o CI: enable parallel testing in CI builds [18] - o ci: Update actions/upload-artifact digest to 89ef406 [24] - o cmake: `Libs.private` improvements [215] - o cmake: add `CURL_USE_PKGCONFIG` option [138] - o cmake: add Linux CI job, fix pytest with cmake [71] - o cmake: add math library when using wolfssl and ngtcp2 [66] - o cmake: add missing `pkg-config` hints to Find modules [158] - o cmake: add missing version detection to Find modules [170] - o cmake: add rustls [116] - o cmake: add support for versioned symbols option [51] - o cmake: add wolfSSH support [117] - o cmake: allow `pkg-config` in more envs [147] - o cmake: cleanup header paths [59] - o cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP` [231] - o cmake: delete MSVC warning suppression for tests/server [101] - o cmake: detect `nghttp2` via `pkg-config`, enable by default [21] - o cmake: detect and show VCPKG in platform flags [84] - o cmake: distcheck for files in CMake subdir [9] - o cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs [27] - o cmake: drop libssh CONFIG-style detection [167] - o cmake: drop no-op `tests/data/CMakeLists.txt` [26] - o cmake: drop reference to undefined variable [25] - o cmake: drop unused `HAVE_IDNA_STRERROR` [62] - o cmake: drop unused internal variable [22] - o cmake: exclude tests/http/clients builds by default [110] - o cmake: fix `GSS_VERSION` for Heimdal found via pkg-config [77] - o cmake: fix `pkg-config`-based detection in `FindGSS.cmake` [94] - o cmake: fix and tidy up c-ares builds, enable in more CI jobs [156] - o cmake: fix find rustls [148] - o cmake: fixup linking libgsasl when detected via CMake-native - o cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE` [163] - o cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default [188] - o cmake: limit libidn2 `pkg-config` detection to `UNIX` [109] - o cmake: migrate dependency detections to Find modules [183] - o cmake: more small tidy-ups and fixes [80] - o cmake: rename wolfSSL and zstd config variables to uppercase [151] - o cmake: respect cflags/libdirs of native pkg-config detections [175] - o cmake: show CMake platform/compiler flags [63] - o cmake: show warning if libpsl is not found [154] - o cmake: sync code between test/example targets [234] - o cmake: sync up formatting in Find modules [129] - o cmake: TLS 1.3 warning only for bearssl and sectranp [118] - o cmake: update `curl-config.cmake.in` template var list - o cmake: update list of "advanced" variables [119] - o cmake: use numeric comparison for `HAVE_WIN32_WINNT` [69] - o cmdline-opts: language fix for expect100-timeout.md and max-time.md [192] - o configure: delete unused `CURL_DEFINE_UNQUOTED` function [224] - o configure: delete unused `HAVE_OPENSSL3` macro [225] - o configure: delete unused `m4/xc-translit.m4` [114] - o configure: detect AppleIDN [70] - o configure: fail if PSL is not disabled but not found [46] - o configure: fix WinIDN builds targeting old Windows [210] - o configure: remove USE_EXPLICIT_LIB_DEPS [199] - o configure: replace nonportable grep -o with awk [111] - o connect: always prefer ipv6 in IP eyeballing [209] - o connect: limit update IP info [191] - o cookie.md: try to articulate the two different uses this option has [92] - o curl: allow 500MB data URL encode strings [38] - o curl: find curlrc in XDG_CONFIG_HOME without leading dot [186] - o curl: fix --proxy-pinnedpubkey [91] - o curl: fix the -w urle.* variables [153] - o curl: make the progress bar detect terminal width changes [169] - o curl: warn on unsupported SSL options [106] - o Curl_rand_bytes to control env override [17] - o curl_sha512_256: fix symbol collisions with nettle library [131] - o CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument [216] - o CURLOPT_XFERINFOFUNCTION: clarify the callback return codes [141] - o dist: add missing `docs/examples/CMakeLists.txt` [58] - o dist: add missing `FindNettle.cmake` [11] - o dist: add missing `lib/optiontable.pl` [115] - o dist: add missing `test_*.py` scripts [102] - o dist: drop buildconf [65] - o dist: fix reproducible build from release tarball [36] - o dmaketgz: only run 'make distclean' if Makefile exists - o docs/SSLCERTS: rewrite [174] - o docs: add description of effect of --location-trusted on cookie [157] - o docs: document the (weak) random value situation in rustls builds [252] - o docs: fix some examples in man pages - o docs: improve cipher options documentation [159] - o docs: mention "@-" in more places [67] - o docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md [105] - o docs: update CIPHERS.md [140] - o doh-url.md: point out DOH server IP pinning [37] - o doh: remove redundant checks [242] - o easy: fix curl_easy_upkeep for shared connection caches [52] - o escape: allow curl_easy_escape to generate 3*input length output [39] - o FEATURES.md: fix typo [180] - o ftp: always offer line end conversions [219] - o ftp: flush pingpong before response [73] - o getinfo: return zero for unsupported options (when disabled) [189] - o GHA/windows: enable MulitSSL in an MSVC job [2] - o GHA: scan git repository and detect unvetted binary files [3] - o gnutls/wolfssl: improve error message when certificate fails [125] - o gnutls: send all data [230] - o gtls: fix OCSP stapling management [206] - o haproxy: send though next filter [222] - o hash: provide asserts to verify API use [96] - o http/2: simplify eos/blocked handling [90] - o http2+h3 filters: fix ctx init [142] - o http2: fix GOAWAY message sent to server [171] - o http2: improve rate limiting of downloads [33] - o http2: improved upload eos handling [41] - o http3.md: mention how the fallback can be h1 or h2 [194] - o hyper: call Curl_req_set_upload_done() [126] - o idn: more strictly check AppleIDN errors [98] - o idn: support non-UTF-8 input under AppleIDN [99] - o INSTALL.md: MultiSSL and QUIC are mutually exclusive [7] - o KNOWN_BUGS: "special characers" in URL works with aws-sigv4 [81] - o krb5: add Linux/macOS CI tests, fix cmake GSS detection [83] - o krb5: fix `-Wcast-align` [95] - o lib: add eos flag to send methods [14] - o lib: avoid macro collisions between wolfSSL and GnuTLS headers [133] - o lib: convert some debugf()s into traces [8] - o lib: delete stray undefs for `vsnprintf`, `vsprintf` [152] - o lib: fix AIX build issues [112] - o lib: fix building with wolfSSL without DES support [134] - o lib: make SSPI global symbols use Curl_ prefix [251] - o lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name [132] - o lib: remove the final strncpy() calls [240] - o lib: remove use of RANDOM_FILE [235] - o libcurl.def: move from / into lib [238] - o libcurl.pc: add `Cflags.private` [10] - o libcurl.pc: add reference to `libgsasl` [150] - o libcurl/docs: expand on redirect following and secrets to other hosts [85] - o llist: remove direct struct accesses, use only functions [72] - o Makefile.dist: fix `ca-firefox` target [254] - o Makefile.mk: fixup enabling libidn2 [61] - o Makefile: remove 'scripts' duplicate from DIST_SUBDIRS - o maketgz: accept option to include latest commit hash [5] - o maketgz: fix RELEASE-TOOLS.md for daily tarballs [243] - o maketgz: move from / into scripts [237] - o managen: fix superfluous leading blank line in quoted sections [211] - o managen: in man output, remove the leading space from examples [198] - o managen: wordwrap long example lines in ASCII output [143] - o manpage: ensure a maximum width for the text version [75] - o max-filesize.md: mention zero disables the limit [93] - o mbedtls: add more informative logging [162] - o mbedtls: fix setting tls version [200] - o mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL [181] - o mime: avoid inifite loop in client reader [155] - o mk-ca-bundle.pl: include a link to the caextract webpage [68] - o multi: make the "general" list of easy handles a Curl_llist [97] - o multi: on socket callback error, remove socket hash entry nonetheless [149] - o ngtcp2/osslq: remove NULL pointer dereferences [213] - o ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks [79] - o openssl quic: fix memory leak [229] - o openssl: certinfo errors now fail correctly [250] - o openssl: fix the data race when sharing an SSL session between threads [221] - o openssl: improve shutdown handling [44] - o pingpong: drain the input buffer when reading responses [193] - o POP3: fix multi-line responses [168] - o pop3: use the protocol handler ->write_resp [220] - o printf: fix mingw-w64 format checks [228] - o progress: ratelimit/progress tweaks [32] - o pytests: add tests for HEAD requests in all HTTP versions [42] - o rand: only provide weak random when needed [233] - o runtests: if DISABLED cannot be read, error out [56] - o runtests: log ignored but passed tests [130] - o runtests: remove "has_textaware" [217] - o rustls: fix setting tls version [202] - o rustls: make all tests pass [1] - o schannel: avoid malloc for CAinfo_blob_digest [247] - o scorecard: tweak request measurements [139] - o sectransp: fix setting tls version [204] - o SECURITY: mention OpenSSF best practices gold badge [161] - o setopt: allow CURLOPT_INTERFACE to be set to NULL [165] - o setopt: let CURLOPT_ECH set to NULL reset to default [187] - o setopt: make CURLOPT_TFTP_BLKSIZE accept bad values [184] - o sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL [135] - o share: don't reinitialize conncache [214] - o sigpipe: init the struct so that first apply ignores [49] - o smb: convert superflous assign into assert [246] - o smtp: add tracing feature [120] - o splay: use access functions, add asserts, use Curl_timediff [121] - o spnego_gssapi: implement TLS channel bindings for openssl [146] - o src: delete `curlx_m*printf()` aliases [197] - o src: fix potential macro confusion in cmake unity builds [208] - o src: namespace symbols clashing with lib [248] - o src: replace copy of printf mappings with an include [190] - o ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) [177] - o system_win32: fix typo - o test httpd: tweak cipher list [124] - o test1521: verify setting options to NULL better [182] - o test1707: output diff more for debugging differences in CI outputs - o test556: improve robustness [64] - o test579: improve robustness [60] - o test587: improve robustness [123] - o test649: improve robustness [122] - o test677: improve robustness [47] - o tests/runner: only allow [!A-Za-z0-9_-] in %if feature names [55] - o tests: constrain http pytest to tests/http directory [205] - o tests: don't mangle output if hostname or type unknown - o tests: ignore QUIT from FTP protocol comparisons [108] - o tests: provide docs as curldown, not nroff [12] - o tidy-up: misc build, tests, `lib/macos.c` [172] - o tidy-up: OS names [57] - o tool_operhlp: fix "potentially uninitialized local variable 'pc' used" [48] - o tool_paramhlp: bump maximum post data size in memory to 16GB [128] - o transfer: Curl_sendrecv() and event related improvements [164] - o transfer: remove comments, add asserts [218] - o transfer: skip EOS read when download done [196] - o url: dns_entry related improvements [16] - o url: fix connection reuse for HTTP/2 upgrades [236] - o urlapi: verify URL *decoded* hostname when set [160] - o urldata: introduce `data->mid`, a unique identifier inside a multi [127] - o urldata: remove 'scratch' from the UrlState struct [86] - o urldata: remove crlf_conversions counter [232] - o urldata: remove proxy_connect_closed bit [178] - o verify-release: shell script that verifies a release tarball [29] - o version: fix shadowing a `libssh.h` symbol [176] - o vtls: add SSLSUPP_CIPHER_LIST [107] - o vtls: fix MSVC 'cast truncates constant value' warning [23] - o vtls: fix static function name collisions between TLS backends [136] - o vtls: init ssl peer only once [15] - o websocket: introduce blocking sends [145] - o wolfssl: avoid taking cached x509 store ref if sslctx already using it [88] - o wolfssl: fix CURLOPT_SSLVERSION [144] - o wolfssl: fix setting tls version [201] - o wolfssl: improve shutdown handling [43] - o ws: flags to opcodes should ignore CURLWS_CONT flag [104] - o x509asn1: raise size limit for x509 certification information [28] + o autotools: fix `--with-ca-embed` build rule [3] + o cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync [8] + o cmake: fix MSH3 to appear on the feature list [20] + o connect: store connection info when really done [9] + o CURLMOPT_TIMERFUNCTION.md: emphasize that only a single timer should run [5] + o FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a [34] + o http2: when uploading data from stdin, fix eos forwarding [7] + o http: make max-filesize check not count ignored bodies [33] + o lib: fix AF_INET6 use outside of USE_IPV6 [13] + o libcurl-docs: CURLINFO_LOCAL_* work for QUIC as well as TCP [1] + o multi: check that the multi handle is valid in curl_multi_assign [14] + o QUIC: on connect, keep on trying on draining server [11] + o request: correctly reset the eos_sent flag [21] + o runtests: accecpt 'quictls' as OpenSSL compatible [2] + o rustls: fixed minor logic bug in default cipher selection [12] + o rustls: rustls-ffi 0.14.0 update [18] + o rustls: support strong CSRNG data [16] + o setopt: remove superfluous use of ternary expressions [4] + o singleuse: drop `Curl_memrchr()` for no-HTTP builds [24] + o test537: cap the rlimit max this test runs [10] + o tests: tweak lock file handling and timers [22] + o tool_cb_wrt: use "curl_response" if no file name in URL [19] + o transfer: fix sendrecv() without interim poll [15] + o vtls: fix `Curl_ssl_conn_config_match` doc param [6] This release includes the following known bugs: @@ -291,273 +54,36 @@ Planned upcoming removals include: This release would not have looked like this without help, code, reports and advice from friends like these: - Aki Sakurai, Alex Snast, Antoine du Hamel, Austin Moore, - Benjamin Riefenstahl Mecom, Bo Anderson, Chris Swan, Christoph Reiter, - Dan Fandrich, Daniel Stenberg, David Sardari, dependabot[bot], - Emanuele Torre, Eric Norris, feelingseas on github, Gruber Glass, - Hiroki Kurosawa, Ionuț-Francisc Oancea, janedenone on github, Jan Venekamp, - Jason Hood, Jiacai Liu, Joe Birr-Pixton, John Haugabook, Joshix-1 on github, - Justin Maggard, Kai Pastor, kit-ty-kate on github, lolbinarycat on github, - MasterInQuestion on github, Matt Jolly, Max Faxälv, Micah Snyder, - Moritz Buhl, Pete Cordell, ralfjunker on github, Rasmus Thomsen, Ray Satiro, - Razvan Pricope, renovate[bot], Ryan Carsten Schmidt, Sam Jessup, - Sergio Durigan Junior, Slaven Rezić, Stanislav Lange, Stefan Eissing, - Steffen Kieß, Tal Regev, Tim Yuer, Venkat Krishna R, Viktor Petersson, - Viktor Szakats, XYenon, Yedaya Katsman, Yoshimasa Ohno, наб, 罗朝辉 - (57 contributors) + Brian Inglis, Carlo Cabrera, Daniel McCarney, Daniel Stenberg, + dependabot[bot], finkjsc on github, Gabriel Marin, Harry Sintonen, + Jan Venekamp, Julian K., MasterInQuestion on github, Michael Osipov, + nekopsykose on github, Patrick Steinhardt, rampageX on github, + Stefan Eissing, Tal Regev, Victor Kislov, Viktor Szakats + (19 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=14317 - [2] = https://curl.se/bug/?i=14276 - [3] = https://curl.se/bug/?i=14333 - [4] = https://curl.se/bug/?i=14245 - [5] = https://curl.se/bug/?i=14363 - [6] = https://curl.se/bug/?i=13987 - [7] = https://curl.se/bug/?i=14308 - [8] = https://curl.se/bug/?i=14322 - [9] = https://curl.se/bug/?i=14323 - [10] = https://curl.se/bug/?i=14321 - [11] = https://curl.se/bug/?i=14285 - [12] = https://curl.se/bug/?i=14324 - [13] = https://curl.se/bug/?i=14271 - [14] = https://curl.se/bug/?i=14220 - [15] = https://curl.se/bug/?i=14152 - [16] = https://curl.se/bug/?i=14195 - [17] = https://curl.se/bug/?i=14264 - [18] = https://curl.se/bug/?i=11510 - [19] = https://curl.se/bug/?i=13997 - [20] = https://curl.se/bug/?i=14059 - [21] = https://curl.se/bug/?i=14136 - [22] = https://curl.se/bug/?i=14361 - [23] = https://curl.se/bug/?i=14341 - [24] = https://curl.se/bug/?i=14359 - [25] = https://curl.se/bug/?i=14358 - [26] = https://curl.se/bug/?i=14357 - [27] = https://curl.se/bug/?i=14356 - [28] = https://curl.se/bug/?i=14352 - [29] = https://curl.se/bug/?i=14350 - [30] = https://curl.se/bug/?i=14355 - [31] = https://curl.se/bug/?i=13992 - [32] = https://curl.se/bug/?i=14335 - [33] = https://curl.se/bug/?i=14326 - [34] = https://curl.se/bug/?i=13988 - [35] = https://curl.se/bug/?i=13977 - [36] = https://curl.se/bug/?i=14336 - [37] = https://curl.se/bug/?i=14377 - [38] = https://curl.se/bug/?i=14337 - [39] = https://curl.se/bug/?i=14339 - [40] = https://curl.se/bug/?i=14331 - [41] = https://curl.se/bug/?i=14253 - [42] = https://curl.se/bug/?i=14367 - [43] = https://curl.se/bug/?i=14376 - [44] = https://curl.se/bug/?i=14375 - [45] = https://curl.se/bug/?i=14374 - [46] = https://curl.se/bug/?i=14373 - [47] = https://curl.se/bug/?i=14455 - [48] = https://curl.se/bug/?i=14389 - [49] = https://curl.se/bug/?i=14344 - [50] = https://curl.se/bug/?i=14018 - [51] = https://curl.se/bug/?i=14349 - [52] = https://curl.se/bug/?i=12677 - [53] = https://curl.se/bug/?i=9963 - [54] = https://curl.se/bug/?i=13993 - [55] = https://curl.se/bug/?i=14403 - [56] = https://curl.se/bug/?i=14411 - [57] = https://curl.se/bug/?i=14360 - [58] = https://curl.se/bug/?i=14380 - [59] = https://curl.se/bug/?i=14416 - [60] = https://curl.se/bug/?i=14454 - [61] = https://curl.se/bug/?i=14421 - [62] = https://curl.se/bug/?i=14420 - [63] = https://curl.se/bug/?i=14417 - [64] = https://curl.se/bug/?i=14453 - [65] = https://curl.se/bug/?i=14412 - [66] = https://curl.se/bug/?i=14343 - [67] = https://curl.se/bug/?i=14402 - [68] = https://github.com/curl/curl-www/issues/374 - [69] = https://curl.se/bug/?i=14409 - [70] = https://curl.se/bug/?i=14401 - [71] = https://curl.se/bug/?i=14382 - [72] = https://curl.se/bug/?i=14485 - [73] = https://curl.se/bug/?i=14452 - [74] = https://curl.se/bug/?i=14370 - [75] = https://curl.se/bug/?i=14423 - [76] = https://curl.se/bug/?i=14385 - [77] = https://curl.se/bug/?i=14393 - [78] = https://curl.se/bug/?i=14384 - [79] = https://curl.se/bug/?i=14394 - [80] = https://curl.se/bug/?i=14450 - [81] = https://curl.se/bug/?i=13754 - [82] = https://curl.se/bug/?i=14298 - [83] = https://curl.se/bug/?i=14447 - [84] = https://curl.se/bug/?i=14451 - [85] = https://curl.se/bug/?i=14472 - [86] = https://curl.se/bug/?i=14500 - [87] = https://curl.se/bug/?i=14189 - [88] = https://curl.se/bug/?i=14442 - [89] = https://curl.se/bug/?i=14492 - [90] = https://curl.se/bug/?i=14435 - [91] = https://curl.se/bug/?i=14438 - [92] = https://curl.se/bug/?i=14491 - [93] = https://curl.se/bug/?i=14440 - [94] = https://curl.se/bug/?i=14430 - [95] = https://curl.se/bug/?i=14433 - [96] = https://curl.se/bug/?i=14503 - [97] = https://curl.se/bug/?i=14474 - [98] = https://curl.se/bug/?i=14431 - [99] = https://curl.se/bug/?i=14431 - [100] = https://curl.se/bug/?i=14437 - [101] = https://curl.se/bug/?i=14428 - [102] = https://curl.se/bug/?i=14427 - [103] = https://curl.se/bug/?i=7229 - [104] = https://curl.se/bug/?i=14397 - [105] = https://curl.se/bug/?i=14553 - [106] = https://curl.se/bug/?i=14406 - [107] = https://curl.se/bug/?i=14406 - [108] = https://curl.se/bug/?i=14404 - [109] = https://curl.se/bug/?i=14405 - [110] = https://curl.se/bug/?i=14477 - [111] = https://curl.se/bug/?i=14469 - [112] = https://curl.se/bug/?i=14464 - [113] = https://curl.se/bug/?i=14535 - [114] = https://curl.se/bug/?i=14459 - [115] = https://curl.se/bug/?i=14467 - [116] = https://curl.se/bug/?i=14534 - [117] = https://curl.se/bug/?i=14568 - [118] = https://curl.se/bug/?i=14566 - [119] = https://curl.se/bug/?i=14540 - [120] = https://curl.se/bug/?i=14531 - [121] = https://curl.se/bug/?i=14562 - [122] = https://curl.se/bug/?i=14526 - [123] = https://curl.se/bug/?i=14525 - [124] = https://curl.se/bug/?i=14502 - [125] = https://curl.se/bug/?i=14501 - [126] = https://curl.se/bug/?i=14539 - [127] = https://curl.se/bug/?i=14414 - [128] = https://curl.se/bug/?i=14521 - [129] = https://curl.se/bug/?i=14527 - [130] = https://curl.se/bug/?i=14457 - [131] = https://curl.se/bug/?i=14514 - [132] = https://curl.se/bug/?i=14513 - [133] = https://curl.se/bug/?i=14511 - [134] = https://curl.se/bug/?i=14512 - [135] = https://curl.se/bug/?i=14515 - [136] = https://curl.se/bug/?i=14516 - [137] = https://curl.se/bug/?i=14510 - [138] = https://curl.se/bug/?i=14504 - [139] = https://curl.se/bug/?i=14564 - [140] = https://curl.se/bug/?i=14460 - [141] = https://curl.se/bug/?i=14627 - [142] = https://curl.se/bug/?i=14505 - [143] = https://curl.se/bug/?i=14543 - [144] = https://curl.se/bug/?i=14480 - [145] = https://curl.se/bug/?i=14458 - [146] = https://curl.se/bug/?i=13098 - [147] = https://curl.se/bug/?i=14483 - [148] = https://curl.se/bug/?i=14567 - [149] = https://curl.se/bug/?i=14557 - [150] = https://curl.se/bug/?i=14556 - [151] = https://curl.se/bug/?i=14574 - [152] = https://curl.se/bug/?i=14631 - [153] = https://curl.se/bug/?i=14550 - [154] = https://curl.se/bug/?i=14533 - [155] = https://curl.se/bug/?i=14532 - [156] = https://curl.se/bug/?i=14541 - [157] = https://curl.se/bug/?i=14471 - [158] = https://curl.se/bug/?i=14545 - [159] = https://curl.se/bug/?i=14407 - [160] = https://curl.se/bug/?i=14656 - [161] = https://curl.se/bug/?i=14319 - [162] = https://curl.se/bug/?i=14444 - [163] = https://curl.se/bug/?i=14626 - [164] = https://curl.se/bug/?i=14561 - [165] = https://curl.se/bug/?i=14629 - [166] = https://curl.se/bug/?i=14618 - [167] = https://curl.se/bug/?i=14614 - [168] = https://curl.se/bug/?i=14677 - [169] = https://curl.se/bug/?i=14565 - [170] = https://curl.se/bug/?i=14548 - [171] = https://curl.se/bug/?i=14623 - [172] = https://curl.se/bug/?i=14558 - [173] = https://curl.se/bug/?i=14622 - [174] = https://curl.se/bug/?i=14616 - [175] = https://curl.se/bug/?i=14641 - [176] = https://curl.se/bug/?i=14617 - [177] = https://curl.se/bug/?i=14612 - [178] = https://curl.se/bug/?i=14708 - [179] = https://curl.se/mail/lib-2024-08/0023.html - [180] = https://curl.se/bug/?i=14653 - [181] = https://curl.se/bug/?i=14591 - [182] = https://curl.se/bug/?i=14634 - [183] = https://curl.se/bug/?i=14555 - [184] = https://curl.se/bug/?i=14634 - [185] = https://curl.se/bug/?i=14368 - [186] = https://curl.se/bug/?i=12129 - [187] = https://curl.se/bug/?i=14634 - [188] = https://curl.se/bug/?i=14575 - [189] = https://curl.se/bug/?i=14634 - [190] = https://curl.se/bug/?i=14648 - [191] = https://curl.se/bug/?i=14699 - [192] = https://curl.se/bug/?i=14737 - [193] = https://curl.se/bug/?i=14201 - [194] = https://curl.se/bug/?i=14736 - [195] = https://curl.se/bug/?i=14168 - [196] = https://curl.se/bug/?i=14670 - [197] = https://curl.se/bug/?i=14647 - [198] = https://curl.se/bug/?i=14735 - [199] = https://curl.se/bug/?i=14697 - [200] = https://curl.se/bug/?i=14588 - [201] = https://curl.se/bug/?i=14587 - [202] = https://curl.se/bug/?i=14586 - [203] = https://curl.se/bug/?i=14585 - [204] = https://curl.se/bug/?i=14621 - [205] = https://curl.se/bug/?i=14611 - [206] = https://curl.se/bug/?i=14642 - [207] = https://curl.se/bug/?i=14640 - [208] = https://curl.se/bug/?i=14626 - [209] = https://curl.se/bug/?i=14761 - [210] = https://curl.se/bug/?i=12606 - [211] = https://curl.se/bug/?i=14732 - [213] = https://curl.se/bug/?i=14701 - [214] = https://curl.se/bug/?i=14696 - [215] = https://curl.se/bug/?i=14668 - [216] = https://curl.se/bug/?i=14795 - [217] = https://curl.se/bug/?i=14717 - [218] = https://curl.se/bug/?i=14688 - [219] = https://curl.se/bug/?i=14717 - [220] = https://curl.se/bug/?i=14684 - [221] = https://curl.se/bug/?i=14751 - [222] = https://curl.se/bug/?i=14756 - [223] = https://curl.se/bug/?i=14674 - [224] = https://curl.se/bug/?i=14673 - [225] = https://curl.se/bug/?i=14672 - [226] = https://curl.se/bug/?i=14671 - [227] = https://curl.se/bug/?i=14718 - [228] = https://curl.se/bug/?i=14703 - [229] = https://curl.se/bug/?i=14720 - [230] = https://curl.se/bug/?i=14722 - [231] = https://curl.se/bug/?i=14758 - [232] = https://curl.se/bug/?i=14709 - [233] = https://curl.se/bug/?i=14749 - [234] = https://curl.se/bug/?i=14660 - [235] = https://curl.se/bug/?i=14749 - [236] = https://curl.se/bug/?i=14739 - [237] = https://curl.se/bug/?i=14797 - [238] = https://curl.se/bug/?i=14796 - [239] = https://curl.se/bug/?i=14753 - [240] = https://curl.se/bug/?i=14830 - [241] = https://curl.se/bug/?i=13509 - [242] = https://curl.se/bug/?i=14823 - [243] = https://curl.se/bug/?i=14820 - [244] = https://curl.se/bug/?i=14714 - [246] = https://curl.se/bug/?i=14784 - [247] = https://curl.se/bug/?i=14777 - [248] = https://curl.se/bug/?i=14785 - [249] = https://curl.se/bug/?i=14814 - [250] = https://curl.se/bug/?i=14780 - [251] = https://curl.se/bug/?i=14776 - [252] = https://curl.se/bug/?i=14770 - [253] = https://curl.se/bug/?i=14812 - [254] = https://curl.se/bug/?i=14804 - [256] = https://curl.se/bug/?i=14802 + [1] = https://curl.se/bug/?i=14852 + [2] = https://curl.se/bug/?i=14850 + [3] = https://curl.se/bug/?i=14879 + [4] = https://curl.se/bug/?i=14884 + [5] = https://curl.se/bug/?i=14886 + [6] = https://curl.se/bug/?i=14887 + [7] = https://curl.se/bug/?i=14870 + [8] = https://curl.se/bug/?i=14872 + [9] = https://curl.se/bug/?i=14897 + [10] = https://curl.se/bug/?i=14857 + [11] = https://curl.se/bug/?i=14863 + [12] = https://curl.se/bug/?i=14840 + [13] = https://curl.se/bug/?i=14858 + [14] = https://curl.se/bug/?i=14860 + [15] = https://curl.se/bug/?i=14898 + [16] = https://curl.se/bug/?i=14889 + [18] = https://curl.se/bug/?i=14889 + [19] = https://curl.se/bug/?i=14939 + [20] = https://curl.se/bug/?i=14927 + [21] = https://marc.info/?l=git&m=172620452502747&w=2 + [22] = https://curl.se/bug/?i=14835 + [24] = https://curl.se/bug/?i=14919 + [33] = https://curl.se/bug/?i=14899 + [34] = https://curl.se/bug/?i=14873 diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS index 89821c3944..5c14145af3 100644 --- a/libs/libcurl/docs/THANKS +++ b/libs/libcurl/docs/THANKS @@ -454,6 +454,7 @@ Captain Basil Carie Pointer Carl Zogheib Carlo Alberto +Carlo Cabrera Carlo Cannas Carlo Marcelo Arenas Belón Carlo Teubner @@ -1010,6 +1011,7 @@ fuzzard Gabe Gabriel Corona Gabriel Kuri +Gabriel Marin Gabriel Simmer Gabriel Sjoberg Gaelan Steele @@ -1533,6 +1535,7 @@ Judson Bishop Juergen Hoetzel Juergen Wilke Jukka Pihl +Julian K. Julian Montes Julian Noble Julian Ospald @@ -2135,6 +2138,7 @@ Neil Bowers Neil Dunbar Neil Kolban Neil Spring +nekopsykose on github neutric on github nevv on HackerOne/curl Niall McGee @@ -2271,6 +2275,7 @@ Patrick Rapin Patrick Schlangen Patrick Scott Patrick Smith +Patrick Steinhardt Patrick Watson Patrik Thunstrom Pau Garcia i Quiles @@ -2445,6 +2450,7 @@ Ralph Langendam Ralph Mitchell Ram Krushna Mishra Ramiro Garcia +rampageX on github ramsay-jones on github Ran Mozes RanBarLavie on github @@ -3064,6 +3070,7 @@ Venkat Akella Venkat Krishna R Venkataramana Mokkapati Vicente Garcia +Victor Kislov Victor Magierski Victor Snezhko Victor Vieux diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h index 8c81b42d15..68e26068a4 100644 --- a/libs/libcurl/include/curl/curlver.h +++ b/libs/libcurl/include/curl/curlver.h @@ -32,13 +32,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "8.10.0" +#define LIBCURL_VERSION "8.10.1" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 8 #define LIBCURL_VERSION_MINOR 10 -#define LIBCURL_VERSION_PATCH 0 +#define LIBCURL_VERSION_PATCH 1 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will @@ -59,7 +59,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x080a00 +#define LIBCURL_VERSION_NUM 0x080a01 /* * This is the date and time when the full source package was created. The @@ -70,7 +70,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2024-09-11" +#define LIBCURL_TIMESTAMP "2024-09-18" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/libs/libcurl/src/cf-https-connect.c b/libs/libcurl/src/cf-https-connect.c index 2597c0eee5..31a0ac65e8 100644 --- a/libs/libcurl/src/cf-https-connect.c +++ b/libs/libcurl/src/cf-https-connect.c @@ -189,7 +189,6 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, switch(cf->conn->alpn) { case CURL_HTTP_VERSION_3: - infof(data, "using HTTP/3"); break; case CURL_HTTP_VERSION_2: #ifdef USE_NGHTTP2 @@ -202,10 +201,8 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, return result; } #endif - infof(data, "using HTTP/2"); break; default: - infof(data, "using HTTP/1.x"); break; } ctx->state = CF_HC_SUCCESS; diff --git a/libs/libcurl/src/cf-socket.c b/libs/libcurl/src/cf-socket.c index 50b5b51865..97e13903c5 100644 --- a/libs/libcurl/src/cf-socket.c +++ b/libs/libcurl/src/cf-socket.c @@ -1749,7 +1749,11 @@ static CURLcode cf_socket_query(struct Curl_cfilter *cf, return CURLE_OK; } case CF_QUERY_IP_INFO: +#ifdef USE_IPV6 *pres1 = (ctx->addr.family == AF_INET6)? TRUE : FALSE; +#else + *pres1 = FALSE; +#endif *(struct ip_quadruple *)pres2 = ctx->ip; return CURLE_OK; default: diff --git a/libs/libcurl/src/cfilters.c b/libs/libcurl/src/cfilters.c index 7ec8f3a79f..b93362aacb 100644 --- a/libs/libcurl/src/cfilters.c +++ b/libs/libcurl/src/cfilters.c @@ -437,6 +437,7 @@ CURLcode Curl_conn_connect(struct Curl_easy *data, cf_cntrl_update_info(data, data->conn); conn_report_connect_stats(data, data->conn); data->conn->keepalive = Curl_now(); + Curl_verboseconnect(data, data->conn, sockindex); } else if(result) { conn_report_connect_stats(data, data->conn); diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h index 2e6261c745..17924e3dec 100644 --- a/libs/libcurl/src/config-win32.h +++ b/libs/libcurl/src/config-win32.h @@ -149,10 +149,6 @@ /* Define if you have the select function. */ #define HAVE_SELECT 1 -/* Define if libSSH2 is in use */ -#define USE_LIBSSH2 1 -#define HAVE_LIBSSH2_H 1 - /* Define if you have the setlocale function. */ #define HAVE_SETLOCALE 1 @@ -478,9 +474,6 @@ Vista #define USE_WIN32_LDAP 1 #endif -/* if SSL is enabled */ -#define USE_OPENSSL 1 - /* Define to use the Windows crypto library. */ #if !defined(CURL_WINDOWS_APP) #define USE_WIN32_CRYPTO diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c index 651b7ff467..ac8d271d35 100644 --- a/libs/libcurl/src/connect.c +++ b/libs/libcurl/src/connect.c @@ -547,9 +547,11 @@ static CURLcode baller_start_next(struct Curl_cfilter *cf, { if(cf->sockindex == FIRSTSOCKET) { baller_next_addr(baller); - /* If we get inconclusive answers from the server(s), we make - * a second iteration over the address list */ - if(!baller->addr && baller->inconclusive && !baller->rewinded) + /* If we get inconclusive answers from the server(s), we start + * again until this whole thing times out. This allows us to + * connect to servers that are gracefully restarting and the + * packet routing to the new instance has not happened yet (e.g. QUIC). */ + if(!baller->addr && baller->inconclusive) baller_rewind(baller); baller_start(cf, data, baller, timeoutms); } @@ -800,8 +802,10 @@ static CURLcode start_connect(struct Curl_cfilter *cf, } else { /* no user preference, we try ipv6 always first when available */ +#ifdef USE_IPV6 ai_family0 = AF_INET6; addr0 = addr_first_match(remotehost->addr, ai_family0); +#endif /* next candidate is ipv4 */ ai_family1 = AF_INET; addr1 = addr_first_match(remotehost->addr, ai_family1); @@ -965,7 +969,17 @@ static CURLcode cf_he_connect(struct Curl_cfilter *cf, if(cf->conn->handler->protocol & PROTO_FAMILY_SSH) Curl_pgrsTime(data, TIMER_APPCONNECT); /* we are connected already */ - Curl_verboseconnect(data, cf->conn, cf->sockindex); + if(Curl_trc_cf_is_verbose(cf, data)) { + struct ip_quadruple ipquad; + int is_ipv6; + if(!Curl_conn_cf_get_ip_info(cf->next, data, &is_ipv6, &ipquad)) { + const char *host, *disphost; + int port; + cf->next->cft->get_host(cf->next, data, &host, &disphost, &port); + CURL_TRC_CF(data, cf, "Connected to %s (%s) port %u", + disphost, ipquad.remote_ip, ipquad.remote_port); + } + } data->info.numconnects++; /* to track the # of connections made */ } break; diff --git a/libs/libcurl/src/curl_memrchr.c b/libs/libcurl/src/curl_memrchr.c index 4342b938b6..9b7ab8258b 100644 --- a/libs/libcurl/src/curl_memrchr.c +++ b/libs/libcurl/src/curl_memrchr.c @@ -33,6 +33,9 @@ #include "memdebug.h" #ifndef HAVE_MEMRCHR +#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \ + defined(USE_OPENSSL) || \ + defined(USE_SCHANNEL) /* * Curl_memrchr() @@ -61,4 +64,5 @@ Curl_memrchr(const void *s, int c, size_t n) return NULL; } +#endif #endif /* HAVE_MEMRCHR */ diff --git a/libs/libcurl/src/curl_memrchr.h b/libs/libcurl/src/curl_memrchr.h index 7e2de316b6..dbced53b38 100644 --- a/libs/libcurl/src/curl_memrchr.h +++ b/libs/libcurl/src/curl_memrchr.h @@ -34,11 +34,15 @@ #endif #else /* HAVE_MEMRCHR */ +#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)) || \ + defined(USE_OPENSSL) || \ + defined(USE_SCHANNEL) void *Curl_memrchr(const void *s, int c, size_t n); #define memrchr(x,y,z) Curl_memrchr((x),(y),(z)) +#endif #endif /* HAVE_MEMRCHR */ #endif /* HEADER_CURL_MEMRCHR_H */ diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h index 7f63658cee..dc56ee9d0b 100644 --- a/libs/libcurl/src/curl_setup.h +++ b/libs/libcurl/src/curl_setup.h @@ -102,6 +102,16 @@ # ifndef NOGDI # define NOGDI # endif +/* Detect Windows App environment which has a restricted access + * to the Win32 APIs. */ +# if (defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0602)) || \ + defined(WINAPI_FAMILY) +# include +# if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) && \ + !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) +# define CURL_WINDOWS_APP +# endif +# endif #endif /* Compatibility */ diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c index dd3180e592..dd90f54090 100644 --- a/libs/libcurl/src/ftp.c +++ b/libs/libcurl/src/ftp.c @@ -327,6 +327,7 @@ static void freedirs(struct ftp_conn *ftpc) Curl_safefree(ftpc->newhost); } +#ifdef CURL_PREFER_LF_LINEENDS /*********************************************************************** * * Lineend Conversions @@ -415,6 +416,7 @@ static const struct Curl_cwtype ftp_cw_lc = { sizeof(struct ftp_cw_lc_ctx) }; +#endif /* CURL_PREFER_LF_LINEENDS */ /*********************************************************************** * * AcceptServerConnect() @@ -4138,22 +4140,27 @@ static CURLcode ftp_do(struct Curl_easy *data, bool *done) CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct ftp_conn *ftpc = &conn->proto.ftpc; - /* FTP data may need conversion. */ - struct Curl_cwriter *ftp_lc_writer; *done = FALSE; /* default to false */ ftpc->wait_data_conn = FALSE; /* default to no such wait */ - result = Curl_cwriter_create(&ftp_lc_writer, data, &ftp_cw_lc, - CURL_CW_CONTENT_DECODE); - if(result) - return result; +#ifdef CURL_PREFER_LF_LINEENDS + { + /* FTP data may need conversion. */ + struct Curl_cwriter *ftp_lc_writer; - result = Curl_cwriter_add(data, ftp_lc_writer); - if(result) { - Curl_cwriter_free(data, ftp_lc_writer); - return result; + result = Curl_cwriter_create(&ftp_lc_writer, data, &ftp_cw_lc, + CURL_CW_CONTENT_DECODE); + if(result) + return result; + + result = Curl_cwriter_add(data, ftp_lc_writer); + if(result) { + Curl_cwriter_free(data, ftp_lc_writer); + return result; + } } +#endif /* CURL_PREFER_LF_LINEENDS */ if(data->state.wildcardmatch) { result = wc_statemach(data); diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c index cb585b4571..65189e9dee 100644 --- a/libs/libcurl/src/http.c +++ b/libs/libcurl/src/http.c @@ -3283,10 +3283,13 @@ CURLcode Curl_http_size(struct Curl_easy *data) } else if(k->size != -1) { if(data->set.max_filesize && - k->size > data->set.max_filesize) { + !k->ignorebody && + (k->size > data->set.max_filesize)) { failf(data, "Maximum file size exceeded"); return CURLE_FILESIZE_EXCEEDED; } + if(k->ignorebody) + infof(data, "setting size while ignoring"); Curl_pgrsSetDownloadSize(data, k->size); k->maxdownload = k->size; } @@ -3625,13 +3628,6 @@ static CURLcode http_on_response(struct Curl_easy *data, } - /* This is the last response that we will got for the current request. - * Check on the body size and determine if the response is complete. - */ - result = Curl_http_size(data); - if(result) - goto out; - /* If we requested a "no body", this is a good time to get * out and return home. */ @@ -3651,6 +3647,12 @@ static CURLcode http_on_response(struct Curl_easy *data, /* final response without error, prepare to receive the body */ result = Curl_http_firstwrite(data); + if(!result) + /* This is the last response that we get for the current request. + * Check on the body size and determine if the response is complete. + */ + result = Curl_http_size(data); + out: if(last_hd) { /* if not written yet, write it now */ diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c index 7ec8ad6fcb..cd83e564b1 100644 --- a/libs/libcurl/src/http2.c +++ b/libs/libcurl/src/http2.c @@ -1679,12 +1679,11 @@ static ssize_t req_body_read_callback(nghttp2_session *session, CURL_TRC_CF(data_s, cf, "[%d] req_body_read(len=%zu) eos=%d -> %zd, %d", stream_id, length, stream->body_eos, nread, result); - if(nread == 0) - return NGHTTP2_ERR_DEFERRED; - if(stream->body_eos && Curl_bufq_is_empty(&stream->sendbuf)) + if(stream->body_eos && Curl_bufq_is_empty(&stream->sendbuf)) { *data_flags = NGHTTP2_DATA_FLAG_EOF; - - return nread; + return nread; + } + return (nread == 0)? NGHTTP2_ERR_DEFERRED : nread; } #if !defined(CURL_DISABLE_VERBOSE_STRINGS) diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c index 051bbd7efa..7aed3f5fc9 100644 --- a/libs/libcurl/src/multi.c +++ b/libs/libcurl/src/multi.c @@ -3688,6 +3688,8 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, void *hashp) { struct Curl_sh_entry *there = NULL; + if(!GOOD_MULTI_HANDLE(multi)) + return CURLM_BAD_HANDLE; there = sh_getentry(&multi->sockhash, s); diff --git a/libs/libcurl/src/rand.c b/libs/libcurl/src/rand.c index 8cfd7d4a7e..d44bde4014 100644 --- a/libs/libcurl/src/rand.c +++ b/libs/libcurl/src/rand.c @@ -100,9 +100,9 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length) } #endif -#if !defined(USE_SSL) || defined(USE_RUSTLS) +#if !defined(USE_SSL) /* ---- possibly non-cryptographic version following ---- */ -CURLcode Curl_weak_random(struct Curl_easy *data, +static CURLcode weak_random(struct Curl_easy *data, unsigned char *entropy, size_t length) /* always 4, size of int */ { @@ -151,7 +151,7 @@ CURLcode Curl_weak_random(struct Curl_easy *data, #ifdef USE_SSL #define _random(x,y,z) Curl_ssl_random(x,y,z) #else -#define _random(x,y,z) Curl_weak_random(x,y,z) +#define _random(x,y,z) weak_random(x,y,z) #endif static CURLcode randit(struct Curl_easy *data, unsigned int *rnd, diff --git a/libs/libcurl/src/rand.h b/libs/libcurl/src/rand.h index 8a0c754d64..9d0442bcaa 100644 --- a/libs/libcurl/src/rand.h +++ b/libs/libcurl/src/rand.h @@ -36,11 +36,6 @@ CURLcode Curl_rand_bytes(struct Curl_easy *data, #define Curl_rand(a,b,c) Curl_rand_bytes((a), (b), (c)) #endif -/* ---- non-cryptographic version following ---- */ -CURLcode Curl_weak_random(struct Curl_easy *data, - unsigned char *rnd, - size_t length); - /* * Curl_rand_hex() fills the 'rnd' buffer with a given 'num' size with random * hexadecimal digits PLUS a null-terminating byte. It must be an odd number diff --git a/libs/libcurl/src/request.c b/libs/libcurl/src/request.c index 011e8233c4..978d690e58 100644 --- a/libs/libcurl/src/request.c +++ b/libs/libcurl/src/request.c @@ -52,7 +52,11 @@ CURLcode Curl_req_soft_reset(struct SingleRequest *req, req->done = FALSE; req->upload_done = FALSE; + req->upload_aborted = FALSE; req->download_done = FALSE; + req->eos_written = FALSE; + req->eos_read = FALSE; + req->eos_sent = FALSE; req->ignorebody = FALSE; req->shutdown = FALSE; req->bytecount = 0; @@ -146,6 +150,7 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) req->download_done = FALSE; req->eos_written = FALSE; req->eos_read = FALSE; + req->eos_sent = FALSE; req->upload_done = FALSE; req->upload_aborted = FALSE; req->ignorebody = FALSE; @@ -214,15 +219,19 @@ static CURLcode xfer_send(struct Curl_easy *data, eos = TRUE; } result = Curl_xfer_send(data, buf, blen, eos, pnwritten); - if(!result && *pnwritten) { - if(hds_len) - Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf, - CURLMIN(hds_len, *pnwritten)); - if(*pnwritten > hds_len) { - size_t body_len = *pnwritten - hds_len; - Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len); - data->req.writebytecount += body_len; - Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + if(!result) { + if(eos && (blen == *pnwritten)) + data->req.eos_sent = TRUE; + if(*pnwritten) { + if(hds_len) + Curl_debug(data, CURLINFO_HEADER_OUT, (char *)buf, + CURLMIN(hds_len, *pnwritten)); + if(*pnwritten > hds_len) { + size_t body_len = *pnwritten - hds_len; + Curl_debug(data, CURLINFO_DATA_OUT, (char *)buf + hds_len, body_len); + data->req.writebytecount += body_len; + Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + } } } return result; @@ -304,8 +313,17 @@ static CURLcode req_flush(struct Curl_easy *data) return Curl_xfer_flush(data); } - if(!data->req.upload_done && data->req.eos_read && - Curl_bufq_is_empty(&data->req.sendbuf)) { + if(data->req.eos_read && !data->req.eos_sent) { + char tmp; + size_t nwritten; + result = xfer_send(data, &tmp, 0, 0, &nwritten); + if(result) + return result; + DEBUGASSERT(data->req.eos_sent); + } + + if(!data->req.upload_done && data->req.eos_read && data->req.eos_sent) { + DEBUGASSERT(Curl_bufq_is_empty(&data->req.sendbuf)); if(data->req.shutdown) { bool done; result = Curl_xfer_send_shutdown(data, &done); diff --git a/libs/libcurl/src/request.h b/libs/libcurl/src/request.h index 4b40889f3c..ab695ecea0 100644 --- a/libs/libcurl/src/request.h +++ b/libs/libcurl/src/request.h @@ -130,6 +130,7 @@ struct SingleRequest { BIT(download_done); /* set to TRUE when download is complete */ BIT(eos_written); /* iff EOS has been written to client */ BIT(eos_read); /* iff EOS has been read from the client */ + BIT(eos_sent); /* iff EOS has been sent to the server */ BIT(rewind_read); /* iff reader needs rewind at next start */ BIT(upload_done); /* set to TRUE when all request data has been sent */ BIT(upload_aborted); /* set to TRUE when upload was aborted. Will also diff --git a/libs/libcurl/src/sendf.c b/libs/libcurl/src/sendf.c index 92b21dc7ea..bba9f5b499 100644 --- a/libs/libcurl/src/sendf.c +++ b/libs/libcurl/src/sendf.c @@ -336,7 +336,7 @@ static CURLcode cw_download_write(struct Curl_easy *data, connclose(data->conn, "excess found in a read"); } } - else if(nwrite < nbytes) { + else if((nwrite < nbytes) && !data->req.ignorebody) { failf(data, "Exceeded the maximum allowed file size " "(%" FMT_OFF_T ") with %" FMT_OFF_T " bytes", data->set.max_filesize, data->req.bytecount); @@ -949,6 +949,7 @@ struct cr_lc_ctx { struct bufq buf; BIT(read_eos); /* we read an EOS from the next reader */ BIT(eos); /* we have returned an EOS */ + BIT(prev_cr); /* the last byte was a CR */ }; static CURLcode cr_lc_init(struct Curl_easy *data, struct Curl_creader *reader) @@ -1005,10 +1006,15 @@ static CURLcode cr_lc_read(struct Curl_easy *data, goto out; } - /* at least one \n needs conversion to '\r\n', place into ctx->buf */ + /* at least one \n might need conversion to '\r\n', place into ctx->buf */ for(i = start = 0; i < nread; ++i) { - if(buf[i] != '\n') + /* if this byte is not an LF character, or if the preceding character is + a CR (meaning this already is a CRLF pair), go to next */ + if((buf[i] != '\n') || ctx->prev_cr) { + ctx->prev_cr = (buf[i] == '\r'); continue; + } + ctx->prev_cr = false; /* on a soft limit bufq, we do not need to check length */ result = Curl_bufq_cwrite(&ctx->buf, buf + start, i - start, &n); if(!result) @@ -1101,7 +1107,11 @@ static CURLcode do_init_reader_stack(struct Curl_easy *data, clen = r->crt->total_length(data, r); /* if we do not have 0 length init, and crlf conversion is wanted, * add the reader for it */ - if(clen && (data->set.crlf || data->state.prefer_ascii)) { + if(clen && (data->set.crlf +#ifdef CURL_PREFER_LF_LINEENDS + || data->state.prefer_ascii +#endif + )) { result = cr_lc_add(data); if(result) return result; diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c index 488266e9b5..f9902ad80a 100644 --- a/libs/libcurl/src/setopt.c +++ b/libs/libcurl/src/setopt.c @@ -1977,7 +1977,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Enable peer SSL verifying for proxy. */ data->set.proxy_ssl.primary.verifypeer = - (0 != va_arg(param, long))?TRUE:FALSE; + (0 != va_arg(param, long)); /* Update the current connection proxy_ssl_config. */ Curl_ssl_conn_config_update(data, TRUE); @@ -2016,7 +2016,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = va_arg(param, long); /* Treat both 1 and 2 as TRUE */ - data->set.proxy_ssl.primary.verifyhost = (bool)((arg & 3)?TRUE:FALSE); + data->set.proxy_ssl.primary.verifyhost = !!(arg & 3); /* Update the current connection proxy_ssl_config. */ Curl_ssl_conn_config_update(data, TRUE); break; @@ -2622,7 +2622,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_SSH_COMPRESSION: - data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE; + data->set.ssh_compression = (0 != va_arg(param, long)); break; #endif /* USE_SSH */ @@ -2986,7 +2986,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_TCP_FASTOPEN: #if defined(CONNECT_DATA_IDEMPOTENT) || defined(MSG_FASTOPEN) || \ defined(TCP_FASTOPEN_CONNECT) - data->set.tcp_fastopen = (0 != va_arg(param, long))?TRUE:FALSE; + data->set.tcp_fastopen = (0 != va_arg(param, long)); #else result = CURLE_NOT_BUILT_IN; #endif @@ -3038,7 +3038,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.connect_to = va_arg(param, struct curl_slist *); break; case CURLOPT_SUPPRESS_CONNECT_HEADERS: - data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE; + data->set.suppress_connect_headers = (0 != va_arg(param, long)); break; case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS: uarg = va_arg(param, unsigned long); @@ -3058,7 +3058,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_DOH_URL: result = Curl_setstropt(&data->set.str[STRING_DOH], va_arg(param, char *)); - data->set.doh = data->set.str[STRING_DOH]?TRUE:FALSE; + data->set.doh = !!(data->set.str[STRING_DOH]); break; #endif case CURLOPT_UPKEEP_INTERVAL_MS: diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c index 22e3151245..55f868a8ec 100644 --- a/libs/libcurl/src/transfer.c +++ b/libs/libcurl/src/transfer.c @@ -424,53 +424,37 @@ CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp) struct SingleRequest *k = &data->req; CURLcode result = CURLE_OK; int didwhat = 0; - int select_bits = 0; DEBUGASSERT(nowp); if(data->state.select_bits) { if(select_bits_paused(data, data->state.select_bits)) { /* leave the bits unchanged, so they'll tell us what to do when * this transfer gets unpaused. */ - /* DEBUGF(infof(data, "sendrecv, select_bits, early return on PAUSED")); - */ result = CURLE_OK; goto out; } data->state.select_bits = 0; - /* DEBUGF(infof(data, "sendrecv, select_bits %x, RUN", select_bits)); */ - select_bits = (CURL_CSELECT_OUT|CURL_CSELECT_IN); - } - else if(data->last_poll.num) { - /* The transfer wanted something polled. Let's run all available - * send/receives. Worst case we EAGAIN on some. */ - /* DEBUGF(infof(data, "sendrecv, had poll sockets, RUN")); */ - select_bits = (CURL_CSELECT_OUT|CURL_CSELECT_IN); - } - else if(data->req.keepon & KEEP_SEND_TIMED) { - /* DEBUGF(infof(data, "sendrecv, KEEP_SEND_TIMED, RUN ul")); */ - select_bits = CURL_CSELECT_OUT; } #ifdef USE_HYPER if(data->conn->datastream) { - result = data->conn->datastream(data, data->conn, &didwhat, select_bits); + result = data->conn->datastream(data, data->conn, &didwhat, + CURL_CSELECT_OUT|CURL_CSELECT_IN); if(result || data->req.done) goto out; } else { #endif - /* We go ahead and do a read if we have a readable socket or if - the stream was rewound (in which case we have data in a - buffer) */ - if((k->keepon & KEEP_RECV) && (select_bits & CURL_CSELECT_IN)) { + /* We go ahead and do a read if we have a readable socket or if the stream + was rewound (in which case we have data in a buffer) */ + if(k->keepon & KEEP_RECV) { result = sendrecv_dl(data, k, &didwhat); if(result || data->req.done) goto out; } /* If we still have writing to do, we check if we have a writable socket. */ - if((Curl_req_want_send(data) || (data->req.keepon & KEEP_SEND_TIMED)) && - (select_bits & CURL_CSELECT_OUT)) { + if(Curl_req_want_send(data) || (data->req.keepon & KEEP_SEND_TIMED)) { result = sendrecv_ul(data, &didwhat); if(result) goto out; @@ -479,7 +463,7 @@ CURLcode Curl_sendrecv(struct Curl_easy *data, struct curltime *nowp) } #endif - if(select_bits && !didwhat) { + if(!didwhat) { /* Transfer wanted to send/recv, but nothing was possible. */ result = Curl_conn_ev_data_idle(data); if(result) @@ -1253,8 +1237,8 @@ CURLcode Curl_xfer_send(struct Curl_easy *data, else if(!result && *pnwritten) data->info.request_size += *pnwritten; - DEBUGF(infof(data, "Curl_xfer_send(len=%zu) -> %d, %zu", - blen, result, *pnwritten)); + DEBUGF(infof(data, "Curl_xfer_send(len=%zu, eos=%d) -> %d, %zu", + blen, eos, result, *pnwritten)); return result; } diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c index 5977a41071..336afcdb7d 100644 --- a/libs/libcurl/src/url.c +++ b/libs/libcurl/src/url.c @@ -1274,6 +1274,21 @@ void Curl_verboseconnect(struct Curl_easy *data, infof(data, "Connected to %s (%s) port %u", CURL_CONN_HOST_DISPNAME(conn), conn->primary.remote_ip, conn->primary.remote_port); +#if !defined(CURL_DISABLE_HTTP) + if(conn->handler->protocol & PROTO_FAMILY_HTTP) { + switch(conn->alpn) { + case CURL_HTTP_VERSION_3: + infof(data, "using HTTP/3"); + break; + case CURL_HTTP_VERSION_2: + infof(data, "using HTTP/2"); + break; + default: + infof(data, "using HTTP/1.x"); + break; + } + } +#endif } #endif diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h index 009bbb6232..0ff53676b3 100644 --- a/libs/libcurl/src/urldata.h +++ b/libs/libcurl/src/urldata.h @@ -105,6 +105,12 @@ typedef unsigned int curl_prot_t; #define CURL_DEFAULT_USER "anonymous" #define CURL_DEFAULT_PASSWORD "ftp@example.com" +#if !defined(_WIN32) && !defined(MSDOS) && !defined(__EMX__) +/* do FTP line-end CRLF => LF conversions on platforms that prefer LF-only. It + also means: keep CRLF line endings on the CRLF platforms */ +#define CURL_PREFER_LF_LINEENDS +#endif + /* Convenience defines for checking protocols or their SSL based version. Each protocol handler should only ever have a single CURLPROTO_ in its protocol field. */ diff --git a/libs/libcurl/src/vquic/curl_ngtcp2.c b/libs/libcurl/src/vquic/curl_ngtcp2.c index 54f3ce6929..bee8689af6 100644 --- a/libs/libcurl/src/vquic/curl_ngtcp2.c +++ b/libs/libcurl/src/vquic/curl_ngtcp2.c @@ -129,7 +129,6 @@ struct cf_ngtcp2_ctx { nghttp3_settings h3settings; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ struct dynbuf scratch; /* temp buffer for header construction */ struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */ @@ -2311,12 +2310,6 @@ static CURLcode cf_ngtcp2_connect(struct Curl_cfilter *cf, CF_DATA_SAVE(save, cf, data); - if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->qconn) { ctx->started_at = now; result = cf_connect_start(cf, data, &pktx); diff --git a/libs/libcurl/src/vquic/curl_osslq.c b/libs/libcurl/src/vquic/curl_osslq.c index 1f83726e93..4ceceb5ad0 100644 --- a/libs/libcurl/src/vquic/curl_osslq.c +++ b/libs/libcurl/src/vquic/curl_osslq.c @@ -288,7 +288,6 @@ struct cf_osslq_ctx { struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ struct curltime first_byte_at; /* when first byte was recvd */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ struct Curl_hash streams; /* hash `data->mid` to `h3_stream_ctx` */ size_t max_stream_window; /* max flow window for one stream */ @@ -1686,12 +1685,6 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf, now = Curl_now(); CF_DATA_SAVE(save, cf, data); - if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->tls.ossl.ssl) { ctx->started_at = now; result = cf_osslq_ctx_start(cf, data); diff --git a/libs/libcurl/src/vquic/curl_quiche.c b/libs/libcurl/src/vquic/curl_quiche.c index 61b97e2119..fb84f9d709 100644 --- a/libs/libcurl/src/vquic/curl_quiche.c +++ b/libs/libcurl/src/vquic/curl_quiche.c @@ -96,7 +96,6 @@ struct cf_quiche_ctx { uint8_t scid[QUICHE_MAX_CONN_ID_LEN]; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ struct Curl_hash streams; /* hash `data->mid` to `stream_ctx` */ curl_off_t data_recvd; @@ -1406,13 +1405,6 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, *done = FALSE; vquic_ctx_update_time(&ctx->q); - if(ctx->reconnect_at.tv_sec && - Curl_timediff(ctx->q.last_op, ctx->reconnect_at) < 0) { - /* Not time yet to attempt the next connect */ - CURL_TRC_CF(data, cf, "waiting for reconnect time"); - goto out; - } - if(!ctx->qconn) { result = cf_quiche_ctx_open(cf, data); if(result) diff --git a/libs/libcurl/src/vtls/rustls.c b/libs/libcurl/src/vtls/rustls.c index 668c24dd43..18284eeffd 100644 --- a/libs/libcurl/src/vtls/rustls.c +++ b/libs/libcurl/src/vtls/rustls.c @@ -216,15 +216,15 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, } rresult = rustls_connection_read(rconn, - (uint8_t *)plainbuf + plain_bytes_copied, - plainlen - plain_bytes_copied, - &n); + (uint8_t *)plainbuf + plain_bytes_copied, + plainlen - plain_bytes_copied, + &n); if(rresult == RUSTLS_RESULT_PLAINTEXT_EMPTY) { backend->data_in_pending = FALSE; } else if(rresult == RUSTLS_RESULT_UNEXPECTED_EOF) { failf(data, "rustls: peer closed TCP connection " - "without first closing TLS connection"); + "without first closing TLS connection"); *err = CURLE_RECV_ERROR; nread = -1; goto out; @@ -436,7 +436,7 @@ cr_get_selected_ciphers(struct Curl_easy *data, size_t *selected_size) { size_t supported_len = *selected_size; - size_t default_len = rustls_default_ciphersuites_len(); + size_t default_len = rustls_default_crypto_provider_ciphersuites_len(); const struct rustls_supported_ciphersuite *entry; const char *ciphers = ciphers12; size_t count = 0, default13_count = 0, i, j; @@ -447,10 +447,9 @@ cr_get_selected_ciphers(struct Curl_easy *data, if(!ciphers13) { /* Add default TLSv1.3 ciphers to selection */ for(j = 0; j < default_len; j++) { - struct rustls_str s; - entry = rustls_default_ciphersuites_get_entry(j); - s = rustls_supported_ciphersuite_get_name(entry); - if(s.len < 5 || strncmp(s.data, "TLS13", 5) != 0) + entry = rustls_default_crypto_provider_ciphersuites_get(j); + if(rustls_supported_ciphersuite_protocol_version(entry) != + RUSTLS_TLS_VERSION_TLSV1_3) continue; selected[count++] = entry; @@ -471,7 +470,7 @@ add_ciphers: /* Check if cipher is supported */ if(id) { for(i = 0; i < supported_len; i++) { - entry = rustls_all_ciphersuites_get_entry(i); + entry = rustls_default_crypto_provider_ciphersuites_get(i); if(rustls_supported_ciphersuite_get_suite(entry) == id) break; } @@ -505,10 +504,9 @@ add_ciphers: if(!ciphers12) { /* Add default TLSv1.2 ciphers to selection */ for(j = 0; j < default_len; j++) { - struct rustls_str s; - entry = rustls_default_ciphersuites_get_entry(j); - s = rustls_supported_ciphersuite_get_name(entry); - if(s.len < 5 || strncmp(s.data, "TLS13", 5) == 0) + entry = rustls_default_crypto_provider_ciphersuites_get(j); + if(rustls_supported_ciphersuite_protocol_version(entry) == + RUSTLS_TLS_VERSION_TLSV1_3) continue; /* No duplicates allowed (so selected cannot overflow) */ @@ -529,6 +527,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, { struct ssl_connect_data *connssl = cf->ctx; struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct rustls_crypto_provider_builder *custom_provider_builder = NULL; + const struct rustls_crypto_provider *custom_provider = NULL; struct rustls_connection *rconn = NULL; struct rustls_client_config_builder *config_builder = NULL; const struct rustls_root_cert_store *roots = NULL; @@ -554,7 +554,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, }; size_t tls_versions_len = 2; const struct rustls_supported_ciphersuite **cipher_suites; - size_t cipher_suites_len = rustls_default_ciphersuites_len(); + size_t cipher_suites_len = + rustls_default_crypto_provider_ciphersuites_len(); switch(conn_config->version) { case CURL_SSLVERSION_DEFAULT: @@ -604,8 +605,35 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, return CURLE_SSL_CIPHER; } - result = rustls_client_config_builder_new_custom(cipher_suites, - cipher_suites_len, + result = rustls_crypto_provider_builder_new_from_default( + &custom_provider_builder); + if(result != RUSTLS_RESULT_OK) { + failf(data, + "rustls: failed to create crypto provider builder from default"); + return CURLE_SSL_ENGINE_INITFAILED; + } + + result = + rustls_crypto_provider_builder_set_cipher_suites( + custom_provider_builder, + cipher_suites, + cipher_suites_len); + if(result != RUSTLS_RESULT_OK) { + failf(data, + "rustls: failed to set ciphersuites for crypto provider builder"); + rustls_crypto_provider_builder_free(custom_provider_builder); + return CURLE_SSL_ENGINE_INITFAILED; + } + + result = rustls_crypto_provider_builder_build( + custom_provider_builder, &custom_provider); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to build custom crypto provider"); + rustls_crypto_provider_builder_free(custom_provider_builder); + return CURLE_SSL_ENGINE_INITFAILED; + } + + result = rustls_client_config_builder_new_custom(custom_provider, tls_versions, tls_versions_len, &config_builder); @@ -616,6 +644,9 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, } } + rustls_crypto_provider_builder_free(custom_provider_builder); + rustls_crypto_provider_free(custom_provider); + if(connssl->alpn) { struct alpn_proto_buf proto; rustls_slice_bytes alpn[ALPN_ENTRIES_MAX]; @@ -646,8 +677,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(result != RUSTLS_RESULT_OK) { failf(data, "rustls: failed to parse trusted certificates from blob"); rustls_root_cert_store_builder_free(roots_builder); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } } @@ -658,8 +688,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, if(result != RUSTLS_RESULT_OK) { failf(data, "rustls: failed to load trusted certificates"); rustls_root_cert_store_builder_free(roots_builder); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } } @@ -667,9 +696,8 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, result = rustls_root_cert_store_builder_build(roots_builder, &roots); rustls_root_cert_store_builder_free(roots_builder); if(result != RUSTLS_RESULT_OK) { - failf(data, "rustls: failed to load trusted certificates"); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + failf(data, "rustls: failed to build trusted root certificate store"); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } @@ -702,10 +730,9 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, verifier_builder, &server_cert_verifier); rustls_web_pki_server_cert_verifier_builder_free(verifier_builder); if(result != RUSTLS_RESULT_OK) { - failf(data, "rustls: failed to load trusted certificates"); + failf(data, "rustls: failed to build certificate verifier"); rustls_server_cert_verifier_free(server_cert_verifier); - rustls_client_config_free( - rustls_client_config_builder_build(config_builder)); + rustls_client_config_builder_free(config_builder); return CURLE_SSL_CACERT_BADFILE; } @@ -714,7 +741,15 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, rustls_server_cert_verifier_free(server_cert_verifier); } - backend->config = rustls_client_config_builder_build(config_builder); + result = rustls_client_config_builder_build( + config_builder, + &backend->config); + if(result != RUSTLS_RESULT_OK) { + failf(data, "rustls: failed to build client config"); + rustls_client_config_free(backend->config); + return CURLE_SSL_ENGINE_INITFAILED; + } + DEBUGASSERT(rconn == NULL); result = rustls_client_connection_new(backend->config, connssl->peer.hostname, &rconn); @@ -810,10 +845,7 @@ cr_connect_common(struct Curl_cfilter *cf, /* REALLY Done with the handshake. */ { uint16_t proto = rustls_connection_get_protocol_version(rconn); - const rustls_supported_ciphersuite *rcipher = - rustls_connection_get_negotiated_ciphersuite(rconn); - uint16_t cipher = rcipher ? - rustls_supported_ciphersuite_get_suite(rcipher) : 0; + uint16_t cipher = rustls_connection_get_negotiated_ciphersuite(rconn); char buf[64] = ""; const char *ver = "TLS version unknown"; if(proto == RUSTLS_TLS_VERSION_TLSV1_3) @@ -1024,6 +1056,16 @@ static size_t cr_version(char *buffer, size_t size) return msnprintf(buffer, size, "%.*s", (int)ver.len, ver.data); } +static CURLcode +cr_random(struct Curl_easy *data, unsigned char *entropy, size_t length) +{ + rustls_result rresult = 0; + (void)data; + rresult = + rustls_default_crypto_provider_random(entropy, length); + return map_error(rresult); +} + const struct Curl_ssl Curl_ssl_rustls = { { CURLSSLBACKEND_RUSTLS, "rustls" }, SSLSUPP_CAINFO_BLOB | /* supports */ @@ -1038,7 +1080,7 @@ const struct Curl_ssl Curl_ssl_rustls = { Curl_none_check_cxn, /* check_cxn */ cr_shutdown, /* shutdown */ cr_data_pending, /* data_pending */ - Curl_weak_random, /* random */ + cr_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ cr_connect_blocking, /* connect */ cr_connect_nonblocking, /* connect_nonblocking */ diff --git a/libs/libcurl/src/vtls/vtls.h b/libs/libcurl/src/vtls/vtls.h index 10c78c386e..c716b2c6f8 100644 --- a/libs/libcurl/src/vtls/vtls.h +++ b/libs/libcurl/src/vtls/vtls.h @@ -93,7 +93,7 @@ CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data, void Curl_ssl_conn_config_cleanup(struct connectdata *conn); /** - * Return TRUE iff SSL configuration from `conn` is functionally the + * Return TRUE iff SSL configuration from `data` is functionally the * same as the one on `candidate`. * @param proxy match the proxy SSL config or the main one */ -- cgit v1.2.3