From 5612cd9c7b03972631c46d117c595a34e71ecafd Mon Sep 17 00:00:00 2001
From: dartraiden <wowemuh@gmail.com>
Date: Sat, 17 Apr 2021 17:28:44 +0300
Subject: libcurl: update to 7.76.1
---
libs/libcurl/docs/CHANGES | 548 +++++++++++++++---------------
libs/libcurl/docs/THANKS | 10 +
libs/libcurl/include/curl/curlver.h | 8 +-
libs/libcurl/include/curl/typecheck-gcc.h | 12 +-
libs/libcurl/src/Makefile.netware | 5 +-
libs/libcurl/src/config-amigaos.h | 3 +-
libs/libcurl/src/config-dos.h | 3 +-
libs/libcurl/src/config-mac.h | 4 +-
libs/libcurl/src/config-os400.h | 3 -
libs/libcurl/src/config-plan9.h | 2 -
libs/libcurl/src/config-riscos.h | 3 -
libs/libcurl/src/config-tpf.h | 3 -
libs/libcurl/src/config-vxworks.h | 12 -
libs/libcurl/src/config-win32.h | 10 -
libs/libcurl/src/config-win32ce.h | 3 -
libs/libcurl/src/curl_config.h.cmake | 12 -
libs/libcurl/src/curl_config.h.in | 3 -
libs/libcurl/src/curl_ntlm_core.c | 69 +++-
libs/libcurl/src/curl_ntlm_core.h | 15 +-
libs/libcurl/src/curl_setup_once.h | 19 +-
libs/libcurl/src/file.c | 29 +-
libs/libcurl/src/hostip.c | 4 +-
libs/libcurl/src/http2.h | 2 +-
libs/libcurl/src/http_proxy.c | 3 +-
libs/libcurl/src/libcurl.plist | 6 +-
libs/libcurl/src/vauth/ntlm.c | 38 ++-
libs/libcurl/src/vquic/ngtcp2.c | 14 +-
libs/libcurl/src/vssh/libssh.c | 7 +-
libs/libcurl/src/vtls/bearssl.c | 2 +-
libs/libcurl/src/vtls/gtls.c | 2 +-
libs/libcurl/src/vtls/mbedtls.c | 2 +-
libs/libcurl/src/vtls/nss.c | 2 +-
libs/libcurl/src/vtls/openssl.c | 108 +++---
libs/libcurl/src/vtls/schannel.c | 2 +-
libs/libcurl/src/vtls/sectransp.c | 2 +-
libs/libcurl/src/vtls/wolfssl.c | 4 +-
36 files changed, 498 insertions(+), 476 deletions(-)
(limited to 'libs/libcurl')
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
index 762a865fe1..62dce2ee97 100644
--- a/libs/libcurl/docs/CHANGES
+++ b/libs/libcurl/docs/CHANGES
@@ -6,6 +6,288 @@
Changelog
+Version 7.76.1 (14 Apr 2021)
+
+Daniel Stenberg (14 Apr 2021)
+- RELEASE-NOTES: synced
+
+ curl 7.76.1 release
+
+- THANKS: add names from 7.76.1
+
+- misc: update copyright year ranges to match latest updates
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ ngtcp2: Use ALPN h3-29 for now
+
+ Fixes #6864
+ Cloes #6886
+
+Jay Satiro (11 Apr 2021)
+- TODO: remove 18.22 --fail-with-body
+
+ --fail-with-body was added in 8a964cb (precedes curl-7_76_0).
+
+Daniel Stenberg (10 Apr 2021)
+- [Jürgen Gmach brought this change]
+
+ src/tool_vms.c: remove duplicated word in comment
+
+ Closes #6881
+
+- configure: fix CURL_DARWIN_CFLAGS use
+
+ The macro name change was not completely done.
+
+ Follow-up to 5d2c384452543c
+ Bug: https://github.com/curl/curl/commit/5d2c384452543c7b6c9fb02eaa0afc84fd5ab941#commitcomment-49315187
+ Reported-by: Marcel Raad
+ Closes #6878
+
+- [Anthony Shaw brought this change]
+
+ github/workflow: add "security-extended" to codeql-analysis.yml
+
+ Extends the CodeQL code scan.
+
+ Closes #6815
+
+- [Jochem Broekhoff brought this change]
+
+ examples/hiperfifo.c: check event_initialized before delete
+
+ If event_del is called with the event struct (still) zeroed out, a
+ segmentation fault may occur. event_initialized checks whether the
+ event struct is nonzero.
+
+ Closes #6876
+
+- [Patrick Monnerat brought this change]
+
+ ntlm: fix negotiated flags usage
+
+ According to Microsoft document MS-NLMP, current flags usage is not
+ accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
+ extended security in an NTLM authentication message and NTLM version 2
+ cannot be negotiated within the protocol.
+
+ The solution implemented here is: if the extended security flag is set,
+ prefer using NTLM version 2 (as a server featuring extended security
+ should also support version 2). If version 2 has been disabled at
+ compile time, use extended security.
+
+ Tests involving NTLM are adjusted to this new behavior.
+
+ Fixes #6813
+ Closes #6849
+
+- [Patrick Monnerat brought this change]
+
+ ntlm: support version 2 on 32-bit platforms
+
+ Closes #6849
+
+- [Patrick Monnerat brought this change]
+
+ curl_ntlm_core.h: simplify conditionals for USE_NTLM2SESSION
+
+ ... as !defined(CURL_DISABLE_CRYPTO_AUTH) is a prerequisite for the
+ whole NTLM.
+
+ Closes #6849
+
+- lib: remove unused HAVE_INET_NTOA_R* defines
+
+ Closes #6867
+
+- [Michael Forney brought this change]
+
+ configure: include <time.h> unconditionally
+
+ In 2682e5f5, several instances of AC_HEADER_TIME were removed since
+ it is a deprecated autoconf macro. However, this was the macro that
+ defined TIME_WITH_SYS_TIME, which was used to indicate that <time.h>
+ can be included alongside <sys/time.h>. TIME_WITH_SYS_TIME is still
+ used in the configure test body and since it is no longer defined,
+ <time.h> is *not* included on systems that have <sys/time.h>.
+
+ In particular, at least on musl libc and glibc, <sys/time.h> does
+ not implicitly include <time.h> and does not declare clock_gettime,
+ gmtime_r, or localtime_r. This causes configure to fail to detect
+ those functions.
+
+ The AC_HEADER_TIME macro deprecation text says
+
+ > All current systems provide time.h; it need not be checked for.
+ > Not all systems provide sys/time.h, but those that do, all allow
+ > you to include it and time.h simultaneously.
+
+ So, to fix this issue, simply include <time.h> unconditionally when
+ testing for time-related functions and in libcurl, and don't bother
+ checking for it.
+
+ Closes #6859
+
+- [Michael Forney brought this change]
+
+ configure: remove use of RETSIGTYPE
+
+ This was previously defined by the obsolete AC_TYPE_SIGNAL macro,
+ which was removed in 2682e5f5. The deprecation text says
+
+ > Your code may safely assume C89 semantics that RETSIGTYPE is void.
+
+ So, remove it and just use void instead.
+
+ Closes #6861
+
+- [Muhammed Yavuz Nuzumlalı brought this change]
+
+ install: add instructions for Apple Darwin platforms
+
+ Closes #6860
+
+- [Muhammed Yavuz Nuzumlalı brought this change]
+
+ configure: disable min version set for Darwin
+
+ Fixes #6838
+ Closes #6860
+
+- [David Hu brought this change]
+
+ docs/HTTP3.md: update the build instruction using gnutls
+
+ In ngtcp2 the `with-gnutls` option is disabled by default, which will
+ cause `curl` unable to be `make` because of lacking the libraries
+ needed.
+
+ Closes #6857
+
+- RELEASE-NOTES: synced
+
+- typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointers
+
+ ... and not values.
+
+ Reported-by: locpyl-tidnyd on github
+ Fixes #6818
+ Closes #6819
+
+- ngtcp2+gnutls: clear credentials when freed
+
+ ... to avoid double-free.
+
+ Reported-by: Kenneth Davidson
+ Fixes #6824
+ Closes #6856
+
+Jay Satiro (5 Apr 2021)
+- [Cherish98 brought this change]
+
+ tool_progress: Fix progress meter in parallel mode
+
+ Make sure the total amount of DL/UL bytes are counted before the
+ transfer finalizes. Otherwise if a transfer finishes too quick, its
+ total numbers are not added, and results in a DL%/UL% that goes above
+ 100%.
+
+ Detail:
+
+ progress_meter() is called periodically, and it may not catch a
+ transfer's total bytes if the value was unknown during the last call,
+ and the transfer is finished and deleted (i.e., lost) during the next
+ call.
+
+ Closes https://github.com/curl/curl/pull/6840
+
+- [Emil Engler brought this change]
+
+ libssh: get rid of PATH_MAX
+
+ This removes the last occurrence of PATH_MAX inside our libssh
+ implementation by calculating the path length from the string length of
+ the two components.
+
+ Closes #6829
+
+Daniel Stenberg (5 Apr 2021)
+- http_proxy: only loop on 407 + close if we have credentials
+
+ ... to fix the retry-loop.
+
+ Add test 718 to verify.
+
+ Reported-by: Daniel Kurečka
+ Fixes #6828
+ Closes #6850
+
+- h2: allow 100 streams by default
+
+ instead of 13, before the server has told how many streams it
+ accepts. The server can always reject new streams anyway if we go above
+ what it accepts.
+
+ Ref: #6826
+ Closes #6852
+
+- [Luke Granger-Brown brought this change]
+
+ file: support GETing directories again
+
+ After 957bc1881e686f9714c4e6a01bf33535091f0e21, we no longer compute an
+ expected_size for directories. This has the upshot that when we compare
+ even an empty Range with the available size, we fail.
+
+ This brings back the previous behaviour, which was to succeed, but with
+ empty content. This also removes the "Accept-ranges: bytes" header,
+ which is nonsensical on directories.
+
+ Adds test 3016
+ Fixes #6845
+ Closes #6846
+
+- RELEASE-NOTES: synced
+
+ and bumped to 7.76.1
+
+- TLS: fix HTTP/2 selection
+
+ for GnuTLS, BearSSL, mbedTLS, NSS, SChannnel, Secure Transport and
+ wolfSSL...
+
+ Regression since 88dd1a8a115b1f5ece (shipped in 7.76.0)
+ Reported-by: Kenneth Davidson
+ Reported-by: romamik om github
+ Fixes #6825
+ Closes #6827
+
+Jay Satiro (2 Apr 2021)
+- hostip: Fix for builds that disable all asynchronous DNS
+
+ - Define Curl_resolver_error function only when USE_CURL_ASYNC.
+
+ Prior to this change building curl without an asynchronous resolver
+ backend (c-ares or threaded) and without DoH (DNS-over-HTTPS, which is
+ also asynchronous but independent of resolver backend) would cause a
+ build error since Curl_resolver_error is called by and evaluates
+ variables only available in asynchronous builds.
+
+ Reported-by: Benbuck Nason
+
+ Fixes https://github.com/curl/curl/issues/6831
+ Closes https://github.com/curl/curl/pull/6832
+
+Daniel Stenberg (31 Mar 2021)
+- [Gilles Vollant brought this change]
+
+ openssl: Fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY
+
+ Reported-by: Christian Schmitz
+ Fixes #6816
+ Closes #6820
+
Version 7.76.0 (31 Mar 2021)
Daniel Stenberg (31 Mar 2021)
@@ -7394,269 +7676,3 @@ Daniel Stenberg (28 Jul 2020)
Reviewed-by: Nicolas Sterchele
Closes #5732
-
-- transfer: fix data_pending for builds with both h2 and h3 enabled
-
- Closes #5734
-
-- curl_multi_setopt: fix compiler warning "result is always false"
-
- On systems with 32 bit long the expression is always false. Avoid
- the warning.
-
- Reported-by: Gisle Vanem
- Bug: https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
- Closes #5736
-
-- curl: improve the existing file check with -J
-
- Previously a file that isn't user-readable but is user-writable would
- not be properly avoided and would get overwritten.
-
- Reported-by: BrumBrum on hackerone
- Assisted-by: Jay Satiro
- Bug: https://hackerone.com/reports/926638
- Closes #5731
-
-- [Jonathan Nieder brought this change]
-
- multi: update comment to say easyp list is linear
-
- Since 09b9fc900 (multi: remove 'Curl_one_easy' struct, phase 1,
- 2013-08-02), the easy handle list is not circular but ends with
- ->next pointing to NULL.
-
- Reported-by: Masaya Suzuki <masayasuzuki@google.com>
- Closes #5737
-
-- CURLOPT_NOBODY.3: fix the syntax for referring to options
-
- As test 1140 fails otherwise!
-
- Follow-up to e1bac81cc815
-
-- ngtcp2: store address in sockaddr_storage
-
- Reported-by: Tatsuhiro Tsujikawa
- Closes #5733
-
-- CURLOPT_NOBODY.3: clarify what setting to 0 means
-
- ... and mention that HTTP with other methods than HEAD might get a body and
- there's no option available to stop that.
-
- Closes #5729
-
-- setopt: unset NOBODY switches to GET if still HEAD
-
- Unsetting CURLOPT_NOBODY with 0L when doing HTTP has no documented
- action but before 7.71.0 that used to switch back to GET and with this
- change (assuming the method is still set to HEAD) this behavior is
- brought back.
-
- Reported-by: causal-agent on github
- Fixes #5725
- Closes #5728
-
-- [Ehren Bendler brought this change]
-
- configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
-
- Also choose a different wolfSSL function to test for NTLM support.
-
- Fixes #5605
- Closes #5682
-
-- configure: show zstd "no" in summary when built without it
-
- Reported-by: Marc Hörsken
- Fixes #5720
- Closes #5730
-
-- quiche: handle calling disconnect twice
-
- Reported-by: lilongyan-huawei on github
- Fixes #5726
- Closes #5727
-
-- [Nicolas Sterchele brought this change]
-
- getinfo: reset retry-after value in initinfo
-
- - Avoid re-using retry_after value from preceding request
- - Add libtest 3010 to verify
-
- Reported-by: joey-l-us on github
- Fixes #5661
- Closes #5672
-
-Marcel Raad (27 Jul 2020)
-- WIN32: stop forcing narrow-character API
-
- Except where the results are only used for character output.
- getenv is not touched because it's part of the public API, and having
- it return UTF-8 instead of ANSI would be a breaking change.
-
- Fixes https://github.com/curl/curl/issues/5658
- Fixes https://github.com/curl/curl/issues/5712
- Closes https://github.com/curl/curl/pull/5718
-
-Jay Satiro (27 Jul 2020)
-- [Tobias Stoeckmann brought this change]
-
- mprintf: Fix stack overflows
-
- Stack overflows can occur with precisions for integers and floats.
-
- Proof of concepts:
- - curl_mprintf("%d, %.*1$d", 500, 1);
- - curl_mprintf("%d, %+0500.*1$f", 500, 1);
-
- Ideally, compile with -fsanitize=address which makes this undefined
- behavior a bit more defined for debug purposes.
-
- The format strings are valid. The overflows occur due to invalid
- arguments. If these arguments are variables with contents controlled
- by an attacker, the function's stack can be corrupted.
-
- Also see CVE-2016-9586 which partially fixed the float aspect.
-
- Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-
- Closes https://github.com/curl/curl/pull/5722
-
-- [Tobias Stoeckmann brought this change]
-
- mprintf: Fix dollar string handling
-
- Verify that specified parameters are in range. If parameters are too
- large, fail early on and avoid out of boundary accesses.
-
- Also do not read behind boundaries of illegal format strings.
-
- These are defensive measures since it is expected that format strings
- are well-formed. Format strings should not be modifiable by user
- input due to possible generic format string attacks.
-
- Closes https://github.com/curl/curl/pull/5722
-
-Daniel Stenberg (26 Jul 2020)
-- ntlm: free target_info before (re-)malloc
-
- OSS-Fuzz found a way this could get called again with the pointer still
- pointing to a malloc'ed memory, leading to a leak.
-
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379
-
- Closes #5724
-
-Marcel Raad (26 Jul 2020)
-- CI/macos: set minimum macOS version
-
- This enables some deprecation warnings.
- Previously, autotools defaulted to 10.8.
-
- Closes https://github.com/curl/curl/pull/5723
-
-Daniel Stenberg (26 Jul 2020)
-- RELEASE-NOTES: synced
-
-Marcel Raad (25 Jul 2020)
-- CI/macos: enable warnings as errors for CMake builds
-
- Closes https://github.com/curl/curl/pull/5716
-
-- CMake: fix test for warning suppressions
-
- GCC doesn't warn for unknown `-Wno-` options, except if there are other
- warnings or errors [0]. This was problematic with `CURL_WERROR` as that
- warning-as-error cannot be suppressed. Notably, this always happened
- with `-Wno-pedantic-ms-format` when not targeting Windows. So test for
- the positive form of the warning instead, which should always result in
- a diagnostic if unknown.
-
- [0] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
-
- Closes https://github.com/curl/curl/pull/5714
-
-Jay Satiro (23 Jul 2020)
-- curl.h: update CURLINFO_LASTONE
-
- CURLINFO_LASTONE should have been updated when
- CURLINFO_EFFECTIVE_METHOD was added.
-
- Reported-by: xwxbug@users.noreply.github.com
-
- Fixes https://github.com/curl/curl/issues/5711
-
-Marc Hoersken (22 Jul 2020)
-- CI/azure: unconditionally enable warnings-as-errors with autotools
-
- Reviewed-by: Marcel Raad
-
- Follow up to #5694
- Closes #5706
-
-Marcel Raad (21 Jul 2020)
-- doh: remove redundant cast
-
- Closes https://github.com/curl/curl/pull/5704
-
-- CI/macos: unconditionally enable warnings-as-errors with autotools
-
- Previously, warnings were only visible in the output for most jobs.
-
- Closes https://github.com/curl/curl/pull/5694
-
-- util: silence conversion warnings
-
- timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might
- be a 64-bit integer. This is the case when building for recent macOS
- versions, for example. Just treat tv_usec as an int, which should
- hopefully always be sufficient on systems with
- `HAVE_CLOCK_GETTIME_MONOTONIC`.
-
- Closes https://github.com/curl/curl/pull/5695
-
-- md(4|5): don't use deprecated macOS functions
-
- They are marked as deprecated for -mmacosx-version-min >= 10.15,
- which might result in warnings-as-errors.
-
- Closes https://github.com/curl/curl/pull/5695
-
-Daniel Stenberg (18 Jul 2020)
-- strdup: remove the odd strlen check
-
- It confuses code analyzers with its use of -1 for unsigned value. Also,
- a check that's not normally used in strdup() code - and not necessary.
-
- Closes #5697
-
-- [Alessandro Ghedini brought this change]
-
- travis: update quiche builds for new boringssl layout
-
- This is required after https://github.com/cloudflare/quiche/pull/593
- moved BoringSSL around slightly.
-
- This also means that Go is not needed to build BoringSSL anymore (the
- one provided by quiche anyway).
-
- Closes #5691
-
-Marcel Raad (17 Jul 2020)
-- configure: allow disabling warnings
-
- When using `--enable-warnings`, it was not possible to disable warnings
- via CFLAGS that got explicitly enabled. Now warnings are not enabled
- anymore if they are explicitly disabled (or enabled) in CFLAGS. This
- works for at least GCC, clang, and TCC as they have corresponding
- `-Wno-` options for every warning.
-
- Closes https://github.com/curl/curl/pull/5689
-
-Daniel Stenberg (16 Jul 2020)
-- ngtcp2: adjust to recent sockaddr updates
-
- Closes #5690
diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS
index 91a9f3c396..6f164a9adf 100644
--- a/libs/libcurl/docs/THANKS
+++ b/libs/libcurl/docs/THANKS
@@ -174,6 +174,7 @@ Anthony Avina
Anthony Bryan
Anthony G. Basile
Anthony Ramine
+Anthony Shaw
Antoine Aubert
Antoine Calando
Anton Bychkov
@@ -341,6 +342,7 @@ Catalin Patulea
causal-agent on github
cbartl on github
cclauss on github
+Cesar Eduardo Barros
Chad Monroe
Chandrakant Bagul
Charles Kerr
@@ -466,6 +468,7 @@ Daniel Jeliński
Daniel Johnson
Daniel Kahn Gillmor
Daniel Krügler
+Daniel Kurečka
Daniel Lee Hwang
Daniel Lublin
Daniel Marjamäki
@@ -1038,6 +1041,7 @@ Jiří Malák
jmdavitt on github
jnbr on github
Jocelyn Jaubert
+Jochem Broekhoff
Joe Halpin
Joe Malicki
Joe Mason
@@ -1164,6 +1168,7 @@ János Fekete
Jérémy Rocher
Jörg Mueller-Tolk
Jörn Hartroth
+Jürgen Gmach
K. R. Walker
ka7 on github
Kael1117 on github
@@ -1192,6 +1197,7 @@ Keith Mok
Ken Brown
Ken Hirsch
Ken Rastatter
+Kenneth Davidson
Kenny To
Kent Boortz
Keshav Krity
@@ -1297,6 +1303,7 @@ Liviu Chircu
Liza Alenchery
Lloyd Fournier
Lluís Batlle i Rossell
+locpyl-tidnyd on github
Loganaden Velvindron
Loic Dachary
Loren Kirkby
@@ -1316,6 +1323,7 @@ lukaszgn on github
Luke Amery
Luke Call
Luke Dashjr
+Luke Granger-Brown
Luo Jinghua
Luong Dinh Dung
Luz Paz
@@ -1554,6 +1562,7 @@ Moti Avrahami
MrdUkk on github
MrSorcus on github
Muhammad Herdiansyah
+Muhammed Yavuz Nuzumlalı
Murugan Balraj
Muz Dima
Myk Taylor
@@ -1914,6 +1923,7 @@ Rolland Dudemaine
Romain Coltel
Romain Fliedel
Romain Geissler
+romamik om github
Roman Koifman
Roman Mamedov
Romulo A. Ceccon
diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h
index ea137ef7ab..b74cdc1170 100644
--- a/libs/libcurl/include/curl/curlver.h
+++ b/libs/libcurl/include/curl/curlver.h
@@ -30,13 +30,13 @@
/* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "7.76.0"
+#define LIBCURL_VERSION "7.76.1"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
#define LIBCURL_VERSION_MINOR 76
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_PATCH 1
/* This is the numeric version of the libcurl version number, meant for easier
parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x074c00
+#define LIBCURL_VERSION_NUM 0x074c01
/*
* This is the date and time when the full source package was created. The
@@ -68,7 +68,7 @@
*
* "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "2021-03-31"
+#define LIBCURL_TIMESTAMP "2021-04-14"
#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
#define CURL_AT_LEAST_VERSION(x,y,z) \
diff --git a/libs/libcurl/include/curl/typecheck-gcc.h b/libs/libcurl/include/curl/typecheck-gcc.h
index 230f4c1067..34d0267ed9 100644
--- a/libs/libcurl/include/curl/typecheck-gcc.h
+++ b/libs/libcurl/include/curl/typecheck-gcc.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -667,11 +667,11 @@ typedef CURLcode (*_curl_ssl_ctx_callback4)(CURL *, const void *,
/* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX
* this will of course break if we're included before OpenSSL headers...
*/
-typedef CURLcode (*_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *);
-typedef CURLcode (*_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *);
-typedef CURLcode (*_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *);
-typedef CURLcode (*_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX,
- const void *);
+typedef CURLcode (*_curl_ssl_ctx_callback5)(CURL *, SSL_CTX *, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback6)(CURL *, SSL_CTX *, const void *);
+typedef CURLcode (*_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX *, void *);
+typedef CURLcode (*_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX *,
+ const void *);
#else
typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5;
typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback6;
diff --git a/libs/libcurl/src/Makefile.netware b/libs/libcurl/src/Makefile.netware
index 10b77f8ffb..863bde0224 100644
--- a/libs/libcurl/src/Makefile.netware
+++ b/libs/libcurl/src/Makefile.netware
@@ -5,8 +5,8 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
-# Copyright (C) 2004 - 2015, Guenter Knauf
-# Copyright (C) 2001 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2004 - 2015, 2021, Guenter Knauf
+# Copyright (C) 2001 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
@@ -599,7 +599,6 @@ endif
@echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
@echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
@echo $(DL)#define HAVE_WRITEV 1$(DL) >> $@
- @echo $(DL)#define RETSIGTYPE void$(DL) >> $@
@echo $(DL)#define SIZEOF_INT 4$(DL) >> $@
@echo $(DL)#define SIZEOF_SHORT 2$(DL) >> $@
@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
diff --git a/libs/libcurl/src/config-amigaos.h b/libs/libcurl/src/config-amigaos.h
index 3c9d76ef3d..381bf302c9 100644
--- a/libs/libcurl/src/config-amigaos.h
+++ b/libs/libcurl/src/config-amigaos.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -103,7 +103,6 @@
#define PACKAGE_VERSION "-"
#define CURL_CA_BUNDLE "s:curl-ca-bundle.crt"
-#define RETSIGTYPE void
#define SELECT_TYPE_ARG1 int
#define SELECT_TYPE_ARG234 (fd_set *)
#define SELECT_TYPE_ARG5 (struct timeval *)
diff --git a/libs/libcurl/src/config-dos.h b/libs/libcurl/src/config-dos.h
index 50816ac756..0fb98e385d 100644
--- a/libs/libcurl/src/config-dos.h
+++ b/libs/libcurl/src/config-dos.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -84,7 +84,6 @@
#define NEED_MALLOC_H 1
-#define RETSIGTYPE void
#define SIZEOF_INT 4
#define SIZEOF_LONG 4
#define SIZEOF_LONG_DOUBLE 16
diff --git a/libs/libcurl/src/config-mac.h b/libs/libcurl/src/config-mac.h
index 4e610562f6..163686ec94 100644
--- a/libs/libcurl/src/config-mac.h
+++ b/libs/libcurl/src/config-mac.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -81,8 +81,6 @@
#define HAVE_IOCTL 1
#define HAVE_IOCTL_FIONBIO 1
-#define RETSIGTYPE void
-
#define SIZEOF_INT 4
#define SIZEOF_SHORT 2
#define SIZEOF_SIZE_T 4
diff --git a/libs/libcurl/src/config-os400.h b/libs/libcurl/src/config-os400.h
index 67fbc41d8b..b5a9823fd1 100644
--- a/libs/libcurl/src/config-os400.h
+++ b/libs/libcurl/src/config-os400.h
@@ -376,9 +376,6 @@
/* Name of package */
#undef PACKAGE
-/* Define as the return type of signal handlers (`int' or `void'). */
-#define RETSIGTYPE void
-
/* The size of `int', as computed by sizeof. */
#define SIZEOF_INT 4
diff --git a/libs/libcurl/src/config-plan9.h b/libs/libcurl/src/config-plan9.h
index fc19c5f036..ecfc273722 100644
--- a/libs/libcurl/src/config-plan9.h
+++ b/libs/libcurl/src/config-plan9.h
@@ -40,8 +40,6 @@
#define RANDOM_FILE "/dev/random"
#define VERSION "0.0.0" /* TODO */
-#define RETSIGTYPE void
-
#define STDC_HEADERS 1
#ifdef _BITS64
diff --git a/libs/libcurl/src/config-riscos.h b/libs/libcurl/src/config-riscos.h
index 43b1deb6d2..2dc3c66311 100644
--- a/libs/libcurl/src/config-riscos.h
+++ b/libs/libcurl/src/config-riscos.h
@@ -353,9 +353,6 @@
/* Name of package */
#undef PACKAGE
-/* Define as the return type of signal handlers (`int' or `void'). */
-#define RETSIGTYPE void
-
/* The size of `int', as computed by sizeof. */
#define SIZEOF_INT 4
diff --git a/libs/libcurl/src/config-tpf.h b/libs/libcurl/src/config-tpf.h
index 4f8a07e9bc..3fdb8924c5 100644
--- a/libs/libcurl/src/config-tpf.h
+++ b/libs/libcurl/src/config-tpf.h
@@ -578,9 +578,6 @@
/* a suitable file to read random data from */
/* #undef RANDOM_FILE */
-/* Define as the return type of signal handlers (`int' or `void'). */
-#define RETSIGTYPE void
-
/* Define to the type of arg 1 for `select'. */
#define SELECT_TYPE_ARG1 int
diff --git a/libs/libcurl/src/config-vxworks.h b/libs/libcurl/src/config-vxworks.h
index f811952853..916d023383 100644
--- a/libs/libcurl/src/config-vxworks.h
+++ b/libs/libcurl/src/config-vxworks.h
@@ -272,15 +272,6 @@
/* Define to 1 if you have the `inet_addr' function. */
#define HAVE_INET_ADDR 1
-/* Define to 1 if you have the inet_ntoa_r function. */
-/* #undef HAVE_INET_NTOA_R */
-
-/* inet_ntoa_r() takes 2 args */
-/* #undef HAVE_INET_NTOA_R_2 */
-
-/* inet_ntoa_r() takes 3 args */
-/* #undef HAVE_INET_NTOA_R_3 */
-
/* Define to 1 if you have a IPv6 capable working inet_ntop function. */
/* #undef HAVE_INET_NTOP */
@@ -769,9 +760,6 @@
/* Define to the function return type for recv. */
#define RECV_TYPE_RETV int
-/* Define as the return type of signal handlers (`int' or `void'). */
-#define RETSIGTYPE void
-
/* Define to the type qualifier of arg 5 for select. */
#define SELECT_QUAL_ARG5
diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h
index 7836199947..2e060f95c7 100644
--- a/libs/libcurl/src/config-win32.h
+++ b/libs/libcurl/src/config-win32.h
@@ -246,10 +246,6 @@
/* Define if you have the socket function. */
#define HAVE_SOCKET 1
-/* Define if libSSH2 is in use */
-#define USE_LIBSSH2 1
-#define HAVE_LIBSSH2_H 1
-
/* Define if you have the strcasecmp function. */
#ifdef __MINGW32__
#define HAVE_STRCASECMP 1
@@ -366,9 +362,6 @@
/* Define if in_addr_t is not an available 'typedefed' type. */
#define in_addr_t unsigned long
-/* Define to the return type of signal handlers (int or void). */
-#define RETSIGTYPE void
-
/* Define if ssize_t is not an available 'typedefed' type. */
#ifndef _SSIZE_T_DEFINED
# if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || \
@@ -715,9 +708,6 @@ Vista
# define CURL_DISABLE_LDAP 1
#endif
-/* if SSL is enabled */
-#define USE_OPENSSL 1
-
/* Define to use the Windows crypto library. */
#if !defined(CURL_WINDOWS_APP)
#define USE_WIN32_CRYPTO
diff --git a/libs/libcurl/src/config-win32ce.h b/libs/libcurl/src/config-win32ce.h
index 7f59fd562b..fb29e088f6 100644
--- a/libs/libcurl/src/config-win32ce.h
+++ b/libs/libcurl/src/config-win32ce.h
@@ -307,9 +307,6 @@
/* Define this if in_addr_t is not an available 'typedefed' type */
#define in_addr_t unsigned long
-/* Define as the return type of signal handlers (int or void). */
-#define RETSIGTYPE void
-
/* Define ssize_t if it is not an available 'typedefed' type */
#if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || defined(__POCC__)
#elif defined(_WIN64)
diff --git a/libs/libcurl/src/curl_config.h.cmake b/libs/libcurl/src/curl_config.h.cmake
index fc1857ebb1..fbe17bc5b0 100644
--- a/libs/libcurl/src/curl_config.h.cmake
+++ b/libs/libcurl/src/curl_config.h.cmake
@@ -322,15 +322,6 @@
/* Define to 1 if you have the `inet_addr' function. */
#cmakedefine HAVE_INET_ADDR 1
-/* Define to 1 if you have the inet_ntoa_r function. */
-#cmakedefine HAVE_INET_NTOA_R 1
-
-/* inet_ntoa_r() takes 2 args */
-#cmakedefine HAVE_INET_NTOA_R_2 1
-
-/* inet_ntoa_r() takes 3 args */
-#cmakedefine HAVE_INET_NTOA_R_3 1
-
/* Define to 1 if you have a IPv6 capable working inet_ntop function. */
#cmakedefine HAVE_INET_NTOP 1
@@ -876,9 +867,6 @@
/* Define to the function return type for recv. */
#cmakedefine RECV_TYPE_RETV ${RECV_TYPE_RETV}
-/* Define as the return type of signal handlers (`int' or `void'). */
-#cmakedefine RETSIGTYPE ${RETSIGTYPE}
-
/* Define to the type qualifier of arg 5 for select. */
#cmakedefine SELECT_QUAL_ARG5 ${SELECT_QUAL_ARG5}
diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in
index 89a1d195a6..ae942fbfb8 100644
--- a/libs/libcurl/src/curl_config.h.in
+++ b/libs/libcurl/src/curl_config.h.in
@@ -762,9 +762,6 @@
/* Define to 1 if you have the <termio.h> header file. */
#undef HAVE_TERMIO_H
-/* Define to 1 if you have the <time.h> header file. */
-#undef HAVE_TIME_H
-
/* Define this if time_t is unsigned */
#undef HAVE_TIME_T_UNSIGNED
diff --git a/libs/libcurl/src/curl_ntlm_core.c b/libs/libcurl/src/curl_ntlm_core.c
index 66146a881c..89d4ec872e 100644
--- a/libs/libcurl/src/curl_ntlm_core.c
+++ b/libs/libcurl/src/curl_ntlm_core.c
@@ -513,6 +513,56 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
#if defined(USE_NTLM_V2) && !defined(USE_WINDOWS_SSPI)
+/* Timestamp in tenths of a microsecond since January 1, 1601 00:00:00 UTC. */
+struct ms_filetime {
+ unsigned int dwLowDateTime;
+ unsigned int dwHighDateTime;
+};
+
+/* Convert a time_t to an MS FILETIME (MS-DTYP section 2.3.3). */
+static void time2filetime(struct ms_filetime *ft, time_t t)
+{
+#if SIZEOF_TIME_T > 4
+ t = (t + CURL_OFF_T_C(11644473600)) * 10000000;
+ ft->dwLowDateTime = (unsigned int) (t & 0xFFFFFFFF);
+ ft->dwHighDateTime = (unsigned int) (t >> 32);
+#else
+ unsigned int r, s;
+ unsigned int i;
+
+ ft->dwLowDateTime = t & 0xFFFFFFFF;
+ ft->dwHighDateTime = 0;
+
+# ifndef HAVE_TIME_T_UNSIGNED
+ /* Extend sign if needed. */
+ if(ft->dwLowDateTime & 0x80000000)
+ ft->dwHighDateTime = ~0;
+# endif
+
+ /* Bias seconds to Jan 1, 1601.
+ 134774 days = 11644473600 seconds = 0x2B6109100 */
+ r = ft->dwLowDateTime;
+ ft->dwLowDateTime = (ft->dwLowDateTime + 0xB6109100U) & 0xFFFFFFFF;
+ ft->dwHighDateTime += ft->dwLowDateTime < r? 0x03: 0x02;
+
+ /* Convert to tenths of microseconds. */
+ ft->dwHighDateTime *= 10000000;
+ i = 32;
+ do {
+ i -= 8;
+ s = ((ft->dwLowDateTime >> i) & 0xFF) * (10000000 - 1);
+ r = (s << i) & 0xFFFFFFFF;
+ s >>= 1; /* Split shift to avoid width overflow. */
+ s >>= 31 - i;
+ ft->dwLowDateTime = (ft->dwLowDateTime + r) & 0xFFFFFFFF;
+ if(ft->dwLowDateTime < r)
+ s++;
+ ft->dwHighDateTime += s;
+ } while(i);
+ ft->dwHighDateTime &= 0xFFFFFFFF;
+#endif
+}
+
/* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
* (uppercase UserName + Domain) as the data
*/
@@ -586,22 +636,18 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
unsigned int len = 0;
unsigned char *ptr = NULL;
unsigned char hmac_output[HMAC_MD5_LENGTH];
- curl_off_t tw;
+ struct ms_filetime tw;
CURLcode result = CURLE_OK;
-#if SIZEOF_CURL_OFF_T < 8
-#error "this section needs 64bit support to work"
-#endif
-
/* Calculate the timestamp */
#ifdef DEBUGBUILD
char *force_timestamp = getenv("CURL_FORCETIME");
if(force_timestamp)
- tw = CURL_OFF_T_C(11644473600) * 10000000;
+ time2filetime(&tw, (time_t) 0);
else
#endif
- tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000;
+ time2filetime(&tw, time(NULL));
/* Calculate the response len */
len = HMAC_MD5_LENGTH + NTLMv2_BLOB_LEN;
@@ -613,13 +659,14 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
/* Create the BLOB structure */
msnprintf((char *)ptr + HMAC_MD5_LENGTH, NTLMv2_BLOB_LEN,
- "%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */
- "%c%c%c%c", /* Reserved = 0 */
+ "%c%c%c%c" /* NTLMv2_BLOB_SIGNATURE */
+ "%c%c%c%c" /* Reserved = 0 */
+ "%c%c%c%c%c%c%c%c", /* Timestamp */
NTLMv2_BLOB_SIGNATURE[0], NTLMv2_BLOB_SIGNATURE[1],
NTLMv2_BLOB_SIGNATURE[2], NTLMv2_BLOB_SIGNATURE[3],
- 0, 0, 0, 0);
+ 0, 0, 0, 0,
+ LONGQUARTET(tw.dwLowDateTime), LONGQUARTET(tw.dwHighDateTime));
- Curl_write64_le(tw, ptr + 24);
memcpy(ptr + 32, challenge_client, 8);
memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
diff --git a/libs/libcurl/src/curl_ntlm_core.h b/libs/libcurl/src/curl_ntlm_core.h
index 75fcdeb16e..02b39d4858 100644
--- a/libs/libcurl/src/curl_ntlm_core.h
+++ b/libs/libcurl/src/curl_ntlm_core.h
@@ -47,19 +47,22 @@
#define USE_NTRESPONSES
/* Define USE_NTLM2SESSION in order to make the type-3 message include the
- NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and
- MD5 support */
-#if defined(USE_NTRESPONSES) && !defined(CURL_DISABLE_CRYPTO_AUTH)
+ NTLM2Session response message, requires USE_NTRESPONSES defined to 1 */
+#if defined(USE_NTRESPONSES)
#define USE_NTLM2SESSION
#endif
/* Define USE_NTLM_V2 in order to allow the type-3 message to include the
- LMv2 and NTLMv2 response messages, requires USE_NTRESPONSES defined to 1
- and support for 64-bit integers. */
-#if defined(USE_NTRESPONSES) && (SIZEOF_CURL_OFF_T > 4)
+ LMv2 and NTLMv2 response messages, requires USE_NTRESPONSES defined to 1 */
+#if defined(USE_NTRESPONSES)
#define USE_NTLM_V2
#endif
+/* Helpers to generate function byte arguments in little endian order */
+#define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff))
+#define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \
+ ((int)(((x) >> 16) & 0xff)), ((int)(((x) >> 24) & 0xff))
+
void Curl_ntlm_core_lm_resp(const unsigned char *keys,
const unsigned char *plaintext,
unsigned char *results);
diff --git a/libs/libcurl/src/curl_setup_once.h b/libs/libcurl/src/curl_setup_once.h
index ef60bc7ae7..22d0a063ef 100644
--- a/libs/libcurl/src/curl_setup_once.h
+++ b/libs/libcurl/src/curl_setup_once.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -32,6 +32,7 @@
#include <string.h>
#include <stdarg.h>
#include <ctype.h>
+#include <time.h>
#ifdef HAVE_ERRNO_H
#include <errno.h>
@@ -55,13 +56,6 @@
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
-#ifdef TIME_WITH_SYS_TIME
-#include <time.h>
-#endif
-#else
-#ifdef HAVE_TIME_H
-#include <time.h>
-#endif
#endif
#ifdef WIN32
@@ -350,15 +344,6 @@ typedef int sig_atomic_t;
#endif
-/*
- * Default return type for signal handlers.
- */
-
-#ifndef RETSIGTYPE
-#define RETSIGTYPE void
-#endif
-
-
/*
* Macro used to include code only in debug builds.
*/
diff --git a/libs/libcurl/src/file.c b/libs/libcurl/src/file.c
index dd8a1fd12a..1d174e519e 100644
--- a/libs/libcurl/src/file.c
+++ b/libs/libcurl/src/file.c
@@ -417,12 +417,12 @@ static CURLcode file_do(struct Curl_easy *data, bool *done)
result = Curl_client_write(data, CLIENTWRITE_HEADER, header, 0);
if(result)
return result;
- }
- result = Curl_client_write(data, CLIENTWRITE_HEADER,
- (char *)"Accept-ranges: bytes\r\n", 0);
- if(result)
- return result;
+ result = Curl_client_write(data, CLIENTWRITE_HEADER,
+ (char *)"Accept-ranges: bytes\r\n", 0);
+ if(result != CURLE_OK)
+ return result;
+ }
filetime = (time_t)statbuf.st_mtime;
result = Curl_gmtime(filetime, &buffer);
@@ -464,18 +464,23 @@ static CURLcode file_do(struct Curl_easy *data, bool *done)
data->state.resume_from += (curl_off_t)statbuf.st_size;
}
- if(data->state.resume_from <= expected_size)
- expected_size -= data->state.resume_from;
- else {
- failf(data, "failed to resume file:// transfer");
- return CURLE_BAD_DOWNLOAD_RESUME;
+ if(data->state.resume_from > 0) {
+ /* We check explicitly if we have a start offset, because
+ * expected_size may be -1 if we don't know how large the file is,
+ * in which case we should not adjust it. */
+ if(data->state.resume_from <= expected_size)
+ expected_size -= data->state.resume_from;
+ else {
+ failf(data, "failed to resume file:// transfer");
+ return CURLE_BAD_DOWNLOAD_RESUME;
+ }
}
/* A high water mark has been specified so we obey... */
if(data->req.maxdownload > 0)
expected_size = data->req.maxdownload;
- if(!fstated || (expected_size == 0))
+ if(!fstated || (expected_size <= 0))
size_known = FALSE;
else
size_known = TRUE;
@@ -484,7 +489,7 @@ static CURLcode file_do(struct Curl_easy *data, bool *done)
this is both more efficient than the former call to download() and
it avoids problems with select() and recv() on file descriptors
in Winsock */
- if(fstated)
+ if(size_known)
Curl_pgrsSetDownloadSize(data, expected_size);
if(data->state.resume_from) {
diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c
index 750afe8a97..05c09f6835 100644
--- a/libs/libcurl/src/hostip.c
+++ b/libs/libcurl/src/hostip.c
@@ -631,7 +631,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
* within a signal handler which is nonportable and could lead to problems.
*/
static
-RETSIGTYPE alarmfunc(int sig)
+void alarmfunc(int sig)
{
/* this is for "-ansi -Wall -pedantic" to stop complaining! (rabe) */
(void)sig;
@@ -1130,6 +1130,7 @@ CURLcode Curl_once_resolved(struct Curl_easy *data, bool *protocol_done)
* resolve error
*/
+#ifdef USE_CURL_ASYNC
CURLcode Curl_resolver_error(struct Curl_easy *data)
{
const char *host_or_proxy;
@@ -1153,3 +1154,4 @@ CURLcode Curl_resolver_error(struct Curl_easy *data)
return result;
}
+#endif /* USE_CURL_ASYNC */
diff --git a/libs/libcurl/src/http2.h b/libs/libcurl/src/http2.h
index 150f7219f0..114b382718 100644
--- a/libs/libcurl/src/http2.h
+++ b/libs/libcurl/src/http2.h
@@ -29,7 +29,7 @@
/* value for MAX_CONCURRENT_STREAMS we use until we get an updated setting
from the peer */
-#define DEFAULT_MAX_CONCURRENT_STREAMS 13
+#define DEFAULT_MAX_CONCURRENT_STREAMS 100
/*
* Store nghttp2 version info in this buffer, Prefix with a space. Return
diff --git a/libs/libcurl/src/http_proxy.c b/libs/libcurl/src/http_proxy.c
index 732fea7e34..f403ffc0e0 100644
--- a/libs/libcurl/src/http_proxy.c
+++ b/libs/libcurl/src/http_proxy.c
@@ -358,7 +358,8 @@ static CURLcode CONNECT(struct Curl_easy *data,
break;
}
else if(gotbytes <= 0) {
- if(data->set.proxyauth && data->state.authproxy.avail) {
+ if(data->set.proxyauth && data->state.authproxy.avail &&
+ data->state.aptr.proxyuserpwd) {
/* proxy auth was requested and there was proxy auth available,
then deem this as "mere" proxy disconnect */
conn->bits.proxy_connect_closed = TRUE;
diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist
index 0b9abed3c0..f787761ced 100644
--- a/libs/libcurl/src/libcurl.plist
+++ b/libs/libcurl/src/libcurl.plist
@@ -15,7 +15,7 @@
<string>se.curl.libcurl</string>
<key>CFBundleVersion</key>
- <string>7.76.0</string>
+ <string>7.76.1</string>
<key>CFBundleName</key>
<string>libcurl</string>
@@ -27,9 +27,9 @@
<string>????</string>
<key>CFBundleShortVersionString</key>
- <string>libcurl 7.76.0</string>
+ <string>libcurl 7.76.1</string>
<key>CFBundleGetInfoString</key>
- <string>libcurl.plist 7.76.0</string>
+ <string>libcurl.plist 7.76.1</string>
</dict>
</plist>
diff --git a/libs/libcurl/src/vauth/ntlm.c b/libs/libcurl/src/vauth/ntlm.c
index a3117f3fee..4adf49704f 100644
--- a/libs/libcurl/src/vauth/ntlm.c
+++ b/libs/libcurl/src/vauth/ntlm.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -64,10 +64,6 @@
/* "NTLMSSP" signature is always in ASCII regardless of the platform */
#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
-#define SHORTPAIR(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff))
-#define LONGQUARTET(x) ((int)((x) & 0xff)), ((int)(((x) >> 8) & 0xff)), \
- ((int)(((x) >> 16) & 0xff)), ((int)(((x) >> 24) & 0xff))
-
#if DEBUG_ME
# define DEBUG_OUT(x) x
static void ntlm_print_flags(FILE *handle, unsigned long flags)
@@ -407,7 +403,8 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
/* Clean up any former leftovers and initialise to defaults */
Curl_auth_cleanup_ntlm(ntlm);
-#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
+#if defined(USE_NTRESPONSES) && \
+ (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2))
#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
#else
#define NTLM2FLAG 0
@@ -563,12 +560,20 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
hostlen = strlen(host);
}
-#if defined(USE_NTRESPONSES) && defined(USE_NTLM_V2)
+#if defined(USE_NTRESPONSES) && \
+ (defined(USE_NTLM2SESSION) || defined(USE_NTLM_V2))
+ /* We don't support NTLM2 or extended security if we don't have
+ USE_NTRESPONSES */
if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+# if defined(USE_NTLM_V2)
unsigned char ntbuffer[0x18];
unsigned char entropy[8];
unsigned char ntlmv2hash[0x18];
+ /* Full NTLM version 2
+ Although this cannot be negotiated, it is used here if available, as
+ servers featuring extended security are likely supporting also
+ NTLMv2. */
result = Curl_rand(data, entropy, 8);
if(result)
return result;
@@ -595,21 +600,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
return result;
ptr_ntresp = ntlmv2resp;
- }
- else
-#endif
-
-#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
-
-#define CURL_MD5_DIGEST_LENGTH 16 /* fixed size */
-
- /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
- if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) {
+# else /* defined(USE_NTLM_V2) */
unsigned char ntbuffer[0x18];
unsigned char tmp[0x18];
- unsigned char md5sum[CURL_MD5_DIGEST_LENGTH];
+ unsigned char md5sum[MD5_DIGEST_LEN];
unsigned char entropy[8];
+ /* NTLM version 1 with extended security. */
+
/* Need to create 8 bytes random data */
result = Curl_rand(data, entropy, 8);
if(result)
@@ -639,6 +637,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
/* NTLM v2 session security is a misnomer because it is not NTLM v2.
It is NTLM v1 using the extended session security that is also
in NTLM v2 */
+# endif /* defined(USE_NTLM_V2) */
}
else
#endif
@@ -649,6 +648,8 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
#endif
unsigned char lmbuffer[0x18];
+ /* NTLM version 1 */
+
#ifdef USE_NTRESPONSES
result = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
if(result)
@@ -662,6 +663,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
return result;
Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
+ ntlm->flags &= ~NTLMFLAG_NEGOTIATE_NTLM2_KEY;
/* A safer but less compatible alternative is:
* Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
diff --git a/libs/libcurl/src/vquic/ngtcp2.c b/libs/libcurl/src/vquic/ngtcp2.c
index 9569431ca2..3d64519987 100644
--- a/libs/libcurl/src/vquic/ngtcp2.c
+++ b/libs/libcurl/src/vquic/ngtcp2.c
@@ -57,6 +57,8 @@
#define H3BUGF(x) do { } while(0)
#endif
+#define H3_ALPN_H3_29 "\x5h3-29"
+
/*
* This holds outgoing HTTP/3 stream data that is used by nghttp3 until acked.
* It is used as a circular buffer. Add new bytes at the end until it reaches
@@ -351,8 +353,8 @@ static int quic_init_ssl(struct quicsocket *qs)
SSL_set_app_data(qs->ssl, qs);
SSL_set_connect_state(qs->ssl);
- alpn = (const uint8_t *)NGHTTP3_ALPN_H3;
- alpnlen = sizeof(NGHTTP3_ALPN_H3) - 1;
+ alpn = (const uint8_t *)H3_ALPN_H3_29;
+ alpnlen = sizeof(H3_ALPN_H3_29) - 1;
if(alpn)
SSL_set_alpn_protos(qs->ssl, alpn, (int)alpnlen);
@@ -529,8 +531,8 @@ static int quic_init_ssl(struct quicsocket *qs)
}
/* strip the first byte (the length) from NGHTTP3_ALPN_H3 */
- alpn.data = (unsigned char *)NGHTTP3_ALPN_H3 + 1;
- alpn.size = sizeof(NGHTTP3_ALPN_H3) - 2;
+ alpn.data = (unsigned char *)H3_ALPN_H3_29 + 1;
+ alpn.size = sizeof(H3_ALPN_H3_29) - 2;
if(alpn.data)
gnutls_alpn_set_protocols(qs->ssl, &alpn, 1, 0);
@@ -873,8 +875,10 @@ static void qs_disconnect(struct quicsocket *qs)
#endif
qs->ssl = NULL;
#ifdef USE_GNUTLS
- if(qs->cred)
+ if(qs->cred) {
gnutls_certificate_free_credentials(qs->cred);
+ qs->cred = NULL;
+ }
#endif
for(i = 0; i < 3; i++)
Curl_safefree(qs->crypto_data[i].buf);
diff --git a/libs/libcurl/src/vssh/libssh.c b/libs/libcurl/src/vssh/libssh.c
index 1bb644eedd..4644f4cb96 100644
--- a/libs/libcurl/src/vssh/libssh.c
+++ b/libs/libcurl/src/vssh/libssh.c
@@ -1453,16 +1453,15 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
if((sshc->readdir_attrs->flags & SSH_FILEXFER_ATTR_PERMISSIONS) &&
((sshc->readdir_attrs->permissions & S_IFMT) ==
S_IFLNK)) {
- sshc->readdir_linkPath = malloc(PATH_MAX + 1);
+ sshc->readdir_linkPath = aprintf("%s%s", protop->path,
+ sshc->readdir_filename);
+
if(sshc->readdir_linkPath == NULL) {
state(data, SSH_SFTP_CLOSE);
sshc->actualcode = CURLE_OUT_OF_MEMORY;
break;
}
- msnprintf(sshc->readdir_linkPath, PATH_MAX, "%s%s", protop->path,
- sshc->readdir_filename);
-
state(data, SSH_SFTP_READDIR_LINK);
break;
}
diff --git a/libs/libcurl/src/vtls/bearssl.c b/libs/libcurl/src/vtls/bearssl.c
index 39fc1a2920..a63056d4ef 100644
--- a/libs/libcurl/src/vtls/bearssl.c
+++ b/libs/libcurl/src/vtls/bearssl.c
@@ -391,7 +391,7 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
*/
#ifdef USE_NGHTTP2
- if(data->state.httpversion >= CURL_HTTP_VERSION_2
+ if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif
diff --git a/libs/libcurl/src/vtls/gtls.c b/libs/libcurl/src/vtls/gtls.c
index 3b0d940a60..e3fad7fe02 100644
--- a/libs/libcurl/src/vtls/gtls.c
+++ b/libs/libcurl/src/vtls/gtls.c
@@ -612,7 +612,7 @@ gtls_connect_step1(struct Curl_easy *data,
gnutls_datum_t protocols[2];
#ifdef USE_NGHTTP2
- if(data->state.httpversion >= CURL_HTTP_VERSION_2
+ if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif
diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c
index 93a7ac1fd8..4b36f2d20c 100644
--- a/libs/libcurl/src/vtls/mbedtls.c
+++ b/libs/libcurl/src/vtls/mbedtls.c
@@ -497,7 +497,7 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
if(conn->bits.tls_enable_alpn) {
const char **p = &backend->protocols[0];
#ifdef USE_NGHTTP2
- if(data->state.httpversion >= CURL_HTTP_VERSION_2)
+ if(data->state.httpwant >= CURL_HTTP_VERSION_2)
*p++ = NGHTTP2_PROTO_VERSION_ID;
#endif
*p++ = ALPN_HTTP_1_1;
diff --git a/libs/libcurl/src/vtls/nss.c b/libs/libcurl/src/vtls/nss.c
index bc6c3caeb9..a9f6959e3b 100644
--- a/libs/libcurl/src/vtls/nss.c
+++ b/libs/libcurl/src/vtls/nss.c
@@ -2080,7 +2080,7 @@ static CURLcode nss_setup_connect(struct Curl_easy *data,
unsigned char protocols[128];
#ifdef USE_NGHTTP2
- if(data->state.httpversion >= CURL_HTTP_VERSION_2
+ if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
#endif
diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c
index 68b98984b4..6583300b3c 100644
--- a/libs/libcurl/src/vtls/openssl.c
+++ b/libs/libcurl/src/vtls/openssl.c
@@ -600,11 +600,16 @@ static bool is_pkcs11_uri(const char *string)
static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine);
static int
-SSL_CTX_use_certificate_bio(SSL_CTX *ctx, BIO *in, int type,
- const char *key_passwd)
+SSL_CTX_use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob,
+ int type, const char *key_passwd)
{
int ret = 0;
X509 *x = NULL;
+ /* the typecast of blob->len is fine since it is guaranteed to never be
+ larger than CURL_MAX_INPUT_LENGTH */
+ BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
+ if(!in)
+ return CURLE_OUT_OF_MEMORY;
if(type == SSL_FILETYPE_ASN1) {
/* j = ERR_R_ASN1_LIB; */
@@ -628,15 +633,19 @@ SSL_CTX_use_certificate_bio(SSL_CTX *ctx, BIO *in, int type,
ret = SSL_CTX_use_certificate(ctx, x);
end:
X509_free(x);
+ BIO_free(in);
return ret;
}
static int
-SSL_CTX_use_PrivateKey_bio(SSL_CTX *ctx, BIO* in, int type,
- const char *key_passwd)
+SSL_CTX_use_PrivateKey_blob(SSL_CTX *ctx, const struct curl_blob *blob,
+ int type, const char *key_passwd)
{
int ret = 0;
EVP_PKEY *pkey = NULL;
+ BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
+ if(!in)
+ return CURLE_OUT_OF_MEMORY;
if(type == SSL_FILETYPE_PEM)
pkey = PEM_read_bio_PrivateKey(in, NULL, passwd_callback,
@@ -654,11 +663,12 @@ SSL_CTX_use_PrivateKey_bio(SSL_CTX *ctx, BIO* in, int type,
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
EVP_PKEY_free(pkey);
end:
+ BIO_free(in);
return ret;
}
static int
-SSL_CTX_use_certificate_chain_bio(SSL_CTX *ctx, BIO* in,
+SSL_CTX_use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
const char *key_passwd)
{
/* SSL_CTX_add1_chain_cert introduced in OpenSSL 1.0.2 */
@@ -668,6 +678,9 @@ SSL_CTX_use_certificate_chain_bio(SSL_CTX *ctx, BIO* in,
int ret = 0;
X509 *x = NULL;
void *passwd_callback_userdata = (void *)key_passwd;
+ BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
+ if(!in)
+ return CURLE_OUT_OF_MEMORY;
ERR_clear_error();
@@ -682,7 +695,7 @@ SSL_CTX_use_certificate_chain_bio(SSL_CTX *ctx, BIO* in,
ret = SSL_CTX_use_certificate(ctx, x);
if(ERR_peek_error() != 0)
- ret = 0;
+ ret = 0;
if(ret) {
X509 *ca;
@@ -714,6 +727,7 @@ SSL_CTX_use_certificate_chain_bio(SSL_CTX *ctx, BIO* in,
end:
X509_free(x);
+ BIO_free(in);
return ret;
#else
(void)ctx; /* unused */
@@ -727,10 +741,10 @@ static
int cert_stuff(struct Curl_easy *data,
SSL_CTX* ctx,
char *cert_file,
- BIO *cert_bio,
+ const struct curl_blob *cert_blob,
const char *cert_type,
char *key_file,
- BIO* key_bio,
+ const struct curl_blob *key_blob,
const char *key_type,
char *key_passwd)
{
@@ -739,7 +753,7 @@ int cert_stuff(struct Curl_easy *data,
int file_type = do_file_type(cert_type);
- if(cert_file || cert_bio || (file_type == SSL_FILETYPE_ENGINE)) {
+ if(cert_file || cert_blob || (file_type == SSL_FILETYPE_ENGINE)) {
SSL *ssl;
X509 *x509;
int cert_done = 0;
@@ -756,9 +770,9 @@ int cert_stuff(struct Curl_easy *data,
switch(file_type) {
case SSL_FILETYPE_PEM:
/* SSL_CTX_use_certificate_chain_file() only works on PEM files */
- cert_use_result = cert_bio ?
- SSL_CTX_use_certificate_chain_bio(ctx, cert_bio, key_passwd) :
- SSL_CTX_use_certificate_chain_file(ctx, cert_file);
+ cert_use_result = cert_blob ?
+ SSL_CTX_use_certificate_chain_blob(ctx, cert_blob, key_passwd) :
+ SSL_CTX_use_certificate_chain_file(ctx, cert_file);
if(cert_use_result != 1) {
failf(data,
"could not load PEM client certificate, " OSSL_PACKAGE
@@ -775,10 +789,10 @@ int cert_stuff(struct Curl_easy *data,
we use the case above for PEM so this can only be performed with
ASN1 files. */
- cert_use_result = cert_bio ?
- SSL_CTX_use_certificate_bio(ctx, cert_bio,
- file_type, key_passwd) :
- SSL_CTX_use_certificate_file(ctx, cert_file, file_type);
+ cert_use_result = cert_blob ?
+ SSL_CTX_use_certificate_blob(ctx, cert_blob,
+ file_type, key_passwd) :
+ SSL_CTX_use_certificate_file(ctx, cert_file, file_type);
if(cert_use_result != 1) {
failf(data,
"could not load ASN1 client certificate, " OSSL_PACKAGE
@@ -855,13 +869,24 @@ int cert_stuff(struct Curl_easy *data,
case SSL_FILETYPE_PKCS12:
{
- BIO *fp = NULL;
+ BIO *cert_bio = NULL;
PKCS12 *p12 = NULL;
EVP_PKEY *pri;
STACK_OF(X509) *ca = NULL;
- if(!cert_bio) {
- fp = BIO_new(BIO_s_file());
- if(fp == NULL) {
+ if(cert_blob) {
+ cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len));
+ if(cert_bio == NULL) {
+ failf(data,
+ "BIO_new_mem_buf NULL, " OSSL_PACKAGE
+ " error %s",
+ ossl_strerror(ERR_get_error(), error_buffer,
+ sizeof(error_buffer)) );
+ return 0;
+ }
+ }
+ else {
+ cert_bio = BIO_new(BIO_s_file());
+ if(cert_bio == NULL) {
failf(data,
"BIO_new return NULL, " OSSL_PACKAGE
" error %s",
@@ -870,20 +895,19 @@ int cert_stuff(struct Curl_easy *data,
return 0;
}
- if(BIO_read_filename(fp, cert_file) <= 0) {
+ if(BIO_read_filename(cert_bio, cert_file) <= 0) {
failf(data, "could not open PKCS12 file '%s'", cert_file);
- BIO_free(fp);
+ BIO_free(cert_bio);
return 0;
}
}
- p12 = d2i_PKCS12_bio(cert_bio ? cert_bio : fp, NULL);
- if(fp)
- BIO_free(fp);
+ p12 = d2i_PKCS12_bio(cert_bio, NULL);
+ BIO_free(cert_bio);
if(!p12) {
failf(data, "error reading PKCS12 file '%s'",
- cert_bio ? "(memory blob)" : cert_file);
+ cert_blob ? "(memory blob)" : cert_file);
return 0;
}
@@ -964,9 +988,9 @@ int cert_stuff(struct Curl_easy *data,
return 0;
}
- if((!key_file) && (!key_bio)) {
+ if((!key_file) && (!key_blob)) {
key_file = cert_file;
- key_bio = cert_bio;
+ key_blob = cert_blob;
}
else
file_type = do_file_type(key_type);
@@ -977,8 +1001,8 @@ int cert_stuff(struct Curl_easy *data,
break;
/* FALLTHROUGH */
case SSL_FILETYPE_ASN1:
- cert_use_result = key_bio ?
- SSL_CTX_use_PrivateKey_bio(ctx, key_bio, file_type, key_passwd) :
+ cert_use_result = key_blob ?
+ SSL_CTX_use_PrivateKey_blob(ctx, key_blob, file_type, key_passwd) :
SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type);
if(cert_use_result != 1) {
failf(data, "unable to set private key file: '%s' type %s",
@@ -2775,32 +2799,12 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
#endif
if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
- BIO *ssl_cert_bio = NULL;
- BIO *ssl_key_bio = NULL;
- if(ssl_cert_blob) {
- /* the typecast of blob->len is fine since it is guaranteed to never be
- larger than CURL_MAX_INPUT_LENGTH */
- ssl_cert_bio = BIO_new_mem_buf(ssl_cert_blob->data,
- (int)ssl_cert_blob->len);
- if(!ssl_cert_bio)
- result = CURLE_OUT_OF_MEMORY;
- }
- if(!result && SSL_SET_OPTION(key_blob)) {
- ssl_key_bio = BIO_new_mem_buf(SSL_SET_OPTION(key_blob)->data,
- (int)SSL_SET_OPTION(key_blob)->len);
- if(!ssl_key_bio)
- result = CURLE_OUT_OF_MEMORY;
- }
if(!result &&
!cert_stuff(data, backend->ctx,
- ssl_cert, ssl_cert_bio, ssl_cert_type,
- SSL_SET_OPTION(key), ssl_key_bio,
+ ssl_cert, ssl_cert_blob, ssl_cert_type,
+ SSL_SET_OPTION(key), SSL_SET_OPTION(key_blob),
SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd)))
result = CURLE_SSL_CERTPROBLEM;
- if(ssl_cert_bio)
- BIO_free(ssl_cert_bio);
- if(ssl_key_bio)
- BIO_free(ssl_key_bio);
if(result)
/* failf() is already done in cert_stuff() */
return result;
diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c
index 931bd853eb..961a71f6d5 100644
--- a/libs/libcurl/src/vtls/schannel.c
+++ b/libs/libcurl/src/vtls/schannel.c
@@ -862,7 +862,7 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
list_start_index = cur;
#ifdef USE_NGHTTP2
- if(data->state.httpversion >= CURL_HTTP_VERSION_2) {
+ if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
memcpy(&alpn_buffer[cur], NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN);
cur += NGHTTP2_PROTO_ALPN_LEN;
infof(data, "schannel: ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
diff --git a/libs/libcurl/src/vtls/sectransp.c b/libs/libcurl/src/vtls/sectransp.c
index e69b99b72c..9d637da2ec 100644
--- a/libs/libcurl/src/vtls/sectransp.c
+++ b/libs/libcurl/src/vtls/sectransp.c
@@ -1613,7 +1613,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
&kCFTypeArrayCallBacks);
#ifdef USE_NGHTTP2
- if(data->state.httpversion >= CURL_HTTP_VERSION_2
+ if(data->state.httpwant >= CURL_HTTP_VERSION_2
#ifndef CURL_DISABLE_PROXY
&& (!isproxy || !conn->bits.tunnel_proxy)
#endif
diff --git a/libs/libcurl/src/vtls/wolfssl.c b/libs/libcurl/src/vtls/wolfssl.c
index 8fb2ea7acf..c6f428034f 100644
--- a/libs/libcurl/src/vtls/wolfssl.c
+++ b/libs/libcurl/src/vtls/wolfssl.c
@@ -475,7 +475,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
protocols in descending order of preference, eg: "h2,http/1.1" */
#ifdef USE_NGHTTP2
- if(data->state.httpversion >= CURL_HTTP_VERSION_2) {
+ if(data->state.httpwant >= CURL_HTTP_VERSION_2) {
strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
}
@@ -726,7 +726,7 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
!memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
conn->negnpn = CURL_HTTP_VERSION_1_1;
#ifdef USE_NGHTTP2
- else if(data->state.httpversion >= CURL_HTTP_VERSION_2 &&
+ else if(data->state.httpwant >= CURL_HTTP_VERSION_2 &&
protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN &&
!memcmp(protocol, NGHTTP2_PROTO_VERSION_ID,
NGHTTP2_PROTO_VERSION_ID_LEN))
--
cgit v1.2.3